]>
Commit | Line | Data |
---|---|---|
f4aed85b AF |
1 | diff -druN linux-noipsec/Documentation/Configure.help linux/Documentation/Configure.help |
2 | --- linux-noipsec/Documentation/Configure.help Fri Dec 15 15:17:02 2000 | |
3 | +++ linux/Documentation/Configure.help Fri Dec 15 15:18:21 2000 | |
4 | @@ -3715,6 +3715,59 @@ | |
5 | This is a backward compatibility option, choose Y for now. | |
6 | This option will be removed soon. | |
7 | ||
8 | +IP Security Protocol (IPSEC) (EXPERIMENTAL) | |
9 | +CONFIG_IPSEC | |
10 | + This unit is experimental code. | |
11 | + Pick 'y' for static linking, 'm' for module support or 'n' for none. | |
12 | + This option adds support for network layer packet encryption and/or | |
13 | + authentication with participating hosts. The standards start with: | |
14 | + RFCs 2411, 2407 and 2401. Others are mentioned where they refer to | |
15 | + specific features below. There are more pending which can be found | |
16 | + at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-*. | |
17 | + A description of each document can also be found at: | |
18 | + http://ietf.org/ids.by.wg/ipsec.html. | |
19 | + Their charter can be found at: | |
20 | + http://www.ietf.org/html.charters/ipsec-charter.html | |
21 | + Snapshots and releases of the current work can be found at: | |
22 | + http://www.freeswan.org/ | |
23 | + | |
24 | +IPSEC: IP-in-IP encapsulation | |
25 | +CONFIG_IPSEC_IPIP | |
26 | + This option provides support for tunnel mode IPSEC. It is recommended | |
27 | + to enable this. | |
28 | + | |
29 | +IPSEC: Authentication Header | |
30 | +CONFIG_IPSEC_AH | |
31 | + This option provides support for the IPSEC Authentication Header | |
32 | + (IP protocol 51) which provides packet layer sender and content | |
33 | + authentication. It is recommended to enable this. RFC2402 | |
34 | + | |
35 | +HMAC-MD5 algorithm | |
36 | +CONFIG_IPSEC_AUTH_HMAC_MD5 | |
37 | + Provides support for authentication using the HMAC MD5 | |
38 | + algorithm with 96 bits of hash used as the authenticator. RFC2403 | |
39 | + | |
40 | +HMAC-SHA1 algorithm | |
41 | +CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
42 | + Provides support for Authentication Header using the HMAC SHA1 | |
43 | + algorithm with 96 bits of hash used as the authenticator. RFC2404 | |
44 | + | |
45 | +IPSEC: Encapsulating Security Payload | |
46 | +CONFIG_IPSEC_ESP | |
47 | + This option provides support for the IPSEC Encapsulation Security | |
48 | + Payload (IP protocol 50) which provides packet layer content | |
49 | + hiding. It is recommended to enable this. RFC2406 | |
50 | + | |
51 | +3DES algorithm | |
52 | +CONFIG_IPSEC_ENC_3DES | |
53 | + Provides support for Encapsulation Security Payload protocol, using | |
54 | + the triple DES encryption algorithm. RFC2451 | |
55 | + | |
56 | +IPSEC Debugging Option | |
57 | +CONFIG_IPSEC_DEBUG | |
58 | + Enables IPSEC kernel debugging. It is further controlled by the | |
59 | + user space utility 'klipsdebug'. | |
60 | + | |
61 | SCSI support? | |
62 | CONFIG_SCSI | |
63 | If you want to use a SCSI hard disk, SCSI tape drive, SCSI CDROM or | |
f4aed85b AF |
64 | diff -druN linux-noipsec/arch/i386/defconfig linux/arch/i386/defconfig |
65 | --- linux-noipsec/arch/i386/defconfig Fri Dec 15 15:16:54 2000 | |
66 | +++ linux/arch/i386/defconfig Fri Dec 15 15:18:22 2000 | |
67 | @@ -392,3 +392,96 @@ | |
68 | # Kernel hacking | |
69 | # | |
70 | # CONFIG_MAGIC_SYSRQ is not set | |
71 | +# | |
72 | +# RCSID $Id$ | |
73 | +# | |
74 | + | |
75 | +# | |
76 | +# FreeS/WAN IPSec implementation, KLIPS kernel config defaults | |
77 | +# | |
78 | + | |
79 | +# | |
80 | +# First, lets override stuff already set or not in the kernel config. | |
81 | +# | |
82 | +# We can't even think about leaving this off... | |
83 | +CONFIG_INET=y | |
84 | + | |
85 | +# | |
86 | +# This must be on for subnet protection. | |
87 | +CONFIG_IP_FORWARD=y | |
88 | + | |
89 | +# Shut off IPSEC masquerading if it has been enabled, since it will | |
90 | +# break the compile. IPPROTO_ESP and IPPROTO_AH were included in | |
91 | +# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h. | |
92 | +CONFIG_IP_MASQUERADE_IPSEC=n | |
93 | + | |
94 | +# | |
95 | +# Next, lets set the recommended FreeS/WAN configuration. | |
96 | +# | |
97 | + | |
98 | +# To config as static (preferred), 'y'. To config as module, 'm'. | |
99 | +CONFIG_IPSEC=y | |
100 | + | |
101 | +# To do tunnel mode IPSec, this must be enabled. | |
102 | +CONFIG_IPSEC_IPIP=y | |
103 | + | |
104 | +# To enable authentication, say 'y'. (Highly recommended) | |
105 | +CONFIG_IPSEC_AH=y | |
106 | + | |
107 | +# Authentication algorithm(s): | |
108 | +CONFIG_IPSEC_AUTH_HMAC_MD5=y | |
109 | +CONFIG_IPSEC_AUTH_HMAC_SHA1=y | |
110 | + | |
111 | +# To enable encryption, say 'y'. (Highly recommended) | |
112 | +CONFIG_IPSEC_ESP=y | |
113 | + | |
114 | +# Encryption algorithm(s): | |
115 | +CONFIG_IPSEC_ENC_3DES=y | |
116 | + | |
117 | +# IP Compression: new, probably still has minor bugs. | |
118 | +CONFIG_IPSEC_IPCOMP=y | |
119 | + | |
120 | +# To enable userspace-switchable KLIPS debugging, say 'y'. | |
121 | +CONFIG_IPSEC_DEBUG=y | |
122 | + | |
123 | +# | |
124 | +# | |
125 | +# $Log$ | |
126 | +# Revision 1.18 2000/11/30 17:26:56 rgb | |
127 | +# Cleaned out unused options and enabled ipcomp by default. | |
128 | +# | |
129 | +# Revision 1.17 2000/09/15 11:37:01 rgb | |
130 | +# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
131 | +# IPCOMP zlib deflate code. | |
132 | +# | |
133 | +# Revision 1.16 2000/09/08 19:12:55 rgb | |
134 | +# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
135 | +# | |
136 | +# Revision 1.15 2000/05/24 19:37:13 rgb | |
137 | +# *** empty log message *** | |
138 | +# | |
139 | +# Revision 1.14 2000/05/11 21:14:57 henry | |
140 | +# just commenting the FOOBAR=y lines out is not enough | |
141 | +# | |
142 | +# Revision 1.13 2000/05/10 20:17:58 rgb | |
143 | +# Comment out netlink defaults, which are no longer needed. | |
144 | +# | |
145 | +# Revision 1.12 2000/05/10 19:13:38 rgb | |
146 | +# Added configure option to shut off no eroute passthrough. | |
147 | +# | |
148 | +# Revision 1.11 2000/03/16 07:09:46 rgb | |
149 | +# Hardcode PF_KEYv2 support. | |
150 | +# Disable IPSEC_ICMP by default. | |
151 | +# Remove DES config option from defaults file. | |
152 | +# | |
153 | +# Revision 1.10 2000/01/11 03:09:42 rgb | |
154 | +# Added a default of 'y' to PF_KEYv2 keying I/F. | |
155 | +# | |
156 | +# Revision 1.9 1999/05/08 21:23:12 rgb | |
157 | +# Added support for 2.2.x kernels. | |
158 | +# | |
159 | +# Revision 1.8 1999/04/06 04:54:25 rgb | |
160 | +# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
161 | +# patch shell fixes. | |
162 | +# | |
163 | +# | |
164 | --- linux-noipsec/net/Config.in Fri Dec 15 15:15:48 2000 | |
165 | +++ linux/net/Config.in Fri Dec 15 15:18:21 2000 | |
166 | @@ -67,4 +67,8 @@ | |
167 | endmenu | |
168 | fi | |
169 | fi | |
170 | +tristate 'IP Security Protocol (FreeS/WAN IPSEC)' CONFIG_IPSEC | |
171 | +if [ "$CONFIG_IPSEC" != "n" ]; then | |
172 | + source net/ipsec/Config.in | |
173 | +fi | |
174 | endmenu | |
f4aed85b AF |
175 | diff -druN linux-noipsec/net/Makefile linux/net/Makefile |
176 | --- linux-noipsec/net/Makefile Fri Dec 15 15:15:46 2000 | |
177 | +++ linux/net/Makefile Fri Dec 15 15:18:21 2000 | |
178 | @@ -161,6 +161,16 @@ | |
179 | endif | |
180 | endif | |
181 | ||
182 | +ifeq ($(CONFIG_IPSEC),y) | |
183 | +ALL_SUB_DIRS += ipsec | |
184 | +SUB_DIRS += ipsec | |
185 | +else | |
186 | + ifeq ($(CONFIG_IPSEC),m) | |
187 | + ALL_SUB_DIRS += ipsec | |
188 | + MOD_SUB_DIRS += ipsec | |
189 | + endif | |
190 | +endif | |
191 | + | |
192 | # We must attach netsyms.o to socket.o, as otherwise there is nothing | |
193 | # to pull the object file from the archive. | |
194 | ||
3cb090dd JR |
195 | diff -druN linux-noipsec/net/ipsec/Config.in linux/net/ipsec/Config.in |
196 | --- linux-noipsec/net/ipsec/Config.in Thu Jan 1 01:00:00 1970 | |
197 | +++ linux/net/ipsec/Config.in Fri Sep 15 13:37:00 2000 | |
198 | @@ -0,0 +1,34 @@ | |
f4aed85b | 199 | +# |
3cb090dd JR |
200 | +# IPSEC configuration |
201 | +# Copyright (C) 1998, 1999 Richard Guy Briggs. | |
202 | +# | |
203 | +# This program is free software; you can redistribute it and/or modify it | |
204 | +# under the terms of the GNU General Public License as published by the | |
205 | +# Free Software Foundation; either version 2 of the License, or (at your | |
206 | +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
207 | +# | |
208 | +# This program is distributed in the hope that it will be useful, but | |
209 | +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
210 | +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
211 | +# for more details. | |
f4aed85b | 212 | +# |
3cb090dd | 213 | +# RCSID $Id$ |
f4aed85b | 214 | + |
3cb090dd | 215 | +comment 'IPSec options (FreeS/WAN)' |
f4aed85b | 216 | + |
3cb090dd | 217 | +bool ' IPSEC: IP-in-IP encapsulation (tunnel mode)' CONFIG_IPSEC_IPIP |
f4aed85b | 218 | + |
3cb090dd JR |
219 | +bool ' IPSEC: Authentication Header' CONFIG_IPSEC_AH |
220 | +if [ "$CONFIG_IPSEC_AH" = "y" -o "$CONFIG_IPSEC_ESP" = "y" ]; then | |
221 | + bool ' HMAC-MD5 authentication algorithm' CONFIG_IPSEC_AUTH_HMAC_MD5 | |
222 | + bool ' HMAC-SHA1 authentication algorithm' CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
223 | +fi | |
f4aed85b | 224 | + |
3cb090dd JR |
225 | +bool ' IPSEC: Encapsulating Security Payload' CONFIG_IPSEC_ESP |
226 | +if [ "$CONFIG_IPSEC_ESP" = "y" ]; then | |
227 | + bool ' 3DES encryption algorithm' CONFIG_IPSEC_ENC_3DES | |
228 | +fi | |
f4aed85b | 229 | + |
3cb090dd | 230 | +bool ' IPSEC: IP Compression' CONFIG_IPSEC_IPCOMP |
f4aed85b | 231 | + |
3cb090dd JR |
232 | +bool ' IPSEC Debugging Option' CONFIG_IPSEC_DEBUG |
233 | diff -druN linux-noipsec/net/ipsec/Makefile linux/net/ipsec/Makefile | |
234 | --- linux-noipsec/net/ipsec/Makefile Thu Jan 1 01:00:00 1970 | |
235 | +++ linux/net/ipsec/Makefile Fri Sep 29 21:51:57 2000 | |
236 | @@ -0,0 +1,242 @@ | |
237 | +# Makefile for KLIPS kernel code | |
238 | +# Copyright (C) 1998, 1999 Richard Guy Briggs. | |
239 | +# | |
240 | +# This program is free software; you can redistribute it and/or modify it | |
241 | +# under the terms of the GNU General Public License as published by the | |
242 | +# Free Software Foundation; either version 2 of the License, or (at your | |
243 | +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
244 | +# | |
245 | +# This program is distributed in the hope that it will be useful, but | |
246 | +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
247 | +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
248 | +# for more details. | |
249 | +# | |
250 | +# RCSID $Id$ | |
251 | +# | |
252 | +# Note! Dependencies are done automagically by 'make dep', which also | |
253 | +# removes any old dependencies. DON'T put your own dependencies here | |
254 | +# unless it's something special (ie not a .c file). | |
255 | +# | |
256 | +# Note 2! The CFLAGS definition is now in the main makefile... | |
f4aed85b | 257 | + |
3cb090dd JR |
258 | +ifndef TOPDIR |
259 | +TOPDIR := /usr/src/linux | |
f4aed85b AF |
260 | +endif |
261 | + | |
3cb090dd JR |
262 | +SUB_DIRS := |
263 | +ALL_SUB_DIRS := libfreeswan zlib | |
264 | +MOD_SUB_DIRS := | |
f4aed85b | 265 | + |
3cb090dd JR |
266 | +O_TARGET := ipsec.o |
267 | +O_OBJS := ipsec_init.o ipsec_xform.o ipsec_netlink.o ipsec_radij.o ipsec_tunnel.o ipsec_rcv.o sysctl_net_ipsec.o pfkey_v2.o pfkey_v2_parser.o | |
f4aed85b | 268 | + |
3cb090dd JR |
269 | +OX_OBJS := radij.o |
270 | +M_OBJS := $(O_TARGET) | |
f4aed85b | 271 | + |
3cb090dd | 272 | +override CFLAGS += -Ilibfreeswan |
f4aed85b | 273 | + |
3cb090dd JR |
274 | +ifeq ($(CONFIG_IPSEC_DEBUG),y) |
275 | +override CFLAGS += -g | |
f4aed85b AF |
276 | +endif |
277 | + | |
3cb090dd JR |
278 | +override CFLAGS += -Wall |
279 | +#override CFLAGS += -Wconversion | |
280 | +#override CFLAGS += -Wmissing-prototypes | |
281 | +override CFLAGS += -Wpointer-arith | |
282 | +#override CFLAGS += -Wcast-qual | |
283 | +#override CFLAGS += -Wmissing-declarations | |
284 | +override CFLAGS += -Wstrict-prototypes | |
285 | +#override CFLAGS += -pedantic | |
286 | +#override CFLAGS += -O3 | |
287 | +#override CFLAGS += -W | |
288 | +#override CFLAGS += -Wwrite-strings | |
289 | +override CFLAGS += -Wbad-function-cast | |
f4aed85b | 290 | + |
f4aed85b | 291 | + |
3cb090dd JR |
292 | +ifeq ($(CONFIG_IPSEC_ENC_DES),y) |
293 | +INCLUDE_DES = y | |
f4aed85b AF |
294 | +endif |
295 | + | |
3cb090dd JR |
296 | +ifeq ($(CONFIG_IPSEC_ENC_3DES),y) |
297 | +INCLUDE_DES = y | |
f4aed85b AF |
298 | +endif |
299 | + | |
3cb090dd JR |
300 | +ifeq ($(CONFIG_IPSEC_AUTH_HMAC_MD5),y) |
301 | +O_OBJS += ipsec_md5c.o | |
f4aed85b AF |
302 | +endif |
303 | + | |
3cb090dd JR |
304 | +ifeq ($(CONFIG_IPSEC_AUTH_HMAC_SHA1),y) |
305 | +O_OBJS += ipsec_sha1.o | |
f4aed85b AF |
306 | +endif |
307 | + | |
3cb090dd JR |
308 | +ifeq ($(CONFIG_IPSEC_IPCOMP),y) |
309 | + O_OBJS += ipcomp.o zlib/zlib.a | |
310 | + SUB_DIRS += zlib | |
311 | + MOD_SUB_DIRS += zlib | |
f4aed85b AF |
312 | +endif |
313 | + | |
3cb090dd JR |
314 | +ifeq ($(INCLUDE_DES),y) |
315 | +O_OBJS += libdes/libdes.a | |
f4aed85b AF |
316 | +endif |
317 | + | |
3cb090dd | 318 | +O_OBJS += libfreeswan/libkernel.a |
f4aed85b AF |
319 | + |
320 | +ifeq ($(CONFIG_IPSEC),y) | |
3cb090dd | 321 | +SUB_DIRS += libfreeswan |
f4aed85b AF |
322 | +else |
323 | + ifeq ($(CONFIG_IPSEC),m) | |
3cb090dd | 324 | + override MOD_SUB_DIRS += libfreeswan |
f4aed85b AF |
325 | + endif |
326 | +endif | |
327 | + | |
3cb090dd | 328 | +include $(TOPDIR)/Rules.make |
f4aed85b | 329 | + |
3cb090dd | 330 | +$(O_OBJS) $(OX_OBJS): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h |
f4aed85b | 331 | + |
3cb090dd JR |
332 | +libdes/libdes.a: |
333 | + ( cd libdes && \ | |
334 | + if test " `arch | sed 's/^i[3456]/x/'`" = " x86" ; \ | |
335 | + then $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' TESTING='' x86-elf ; \ | |
336 | + else $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' libdes.a ; \ | |
337 | + fi ) | |
f4aed85b | 338 | + |
3cb090dd JR |
339 | +libfreeswan/libkernel.a: |
340 | + $(MAKE) -C libfreeswan | |
f4aed85b | 341 | + |
3cb090dd JR |
342 | +zlib/zlib.a: |
343 | + $(MAKE) -C zlib | |
f4aed85b AF |
344 | + |
345 | +clean: | |
346 | + -rm -f *.o | |
347 | + | |
348 | +tags TAGS: *.c *.h libfreeswan/*.c libfreeswan/*.h | |
349 | + find . -name '*.[ch]' |xargs etags | |
350 | + find . -name '*.[ch]' |xargs ctags | |
351 | + | |
352 | +tar: | |
353 | + tar -cvf /dev/f1 . | |
354 | + | |
355 | +# | |
356 | +# $Log$ | |
357 | +# Revision 1.30 2000/09/29 19:51:57 rgb | |
358 | +# Moved klips/net/ipsec/ipcomp_* to zlib/* (Svenning). | |
359 | +# | |
360 | +# Revision 1.29 2000/09/15 11:37:01 rgb | |
361 | +# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
362 | +# IPCOMP zlib deflate code. | |
363 | +# | |
364 | +# Revision 1.28 2000/09/15 04:55:25 rgb | |
365 | +# Clean up pfkey object inclusion into the default object. | |
366 | +# | |
367 | +# Revision 1.27 2000/09/12 03:20:47 rgb | |
368 | +# Cleared out now unused pfkeyv2 switch. | |
369 | +# Enabled sysctl. | |
370 | +# | |
371 | +# Revision 1.26 2000/09/08 19:12:55 rgb | |
372 | +# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
373 | +# | |
374 | +# Revision 1.25 2000/06/16 03:09:16 rgb | |
375 | +# Shut up cast lost warning due to changes in 2.4.0-test1. | |
376 | +# | |
377 | +# Revision 1.24 2000/03/16 06:40:48 rgb | |
378 | +# Hardcode PF_KEYv2 support. | |
379 | +# | |
380 | +# Revision 1.23 2000/02/14 21:10:38 rgb | |
381 | +# Added gcc debug flag when KLIPS_DEBUG is swtiched on. | |
382 | +# | |
383 | +# Revision 1.22 2000/01/21 09:44:29 rgb | |
384 | +# Added compiler switches to be a lot more fussy. | |
385 | +# | |
386 | +# Revision 1.21 1999/11/25 23:35:20 rgb | |
387 | +# Removed quotes to fix Alpha compile issues. | |
388 | +# | |
389 | +# Revision 1.20 1999/11/17 15:49:34 rgb | |
390 | +# Changed all occurrences of ../../../lib in pathnames to libfreeswan, | |
391 | +# which refers to the /usr/src/linux/net/ipsec/lib directory setup by the | |
392 | +# klink target in the top-level Makefile; and libdeslite.o to | |
393 | +# libdes/libdes.a. | |
394 | +# Added SUB_DIRS := lib definition for the kernel libraries. | |
395 | +# | |
396 | +# Revision 1.19 1999/04/27 19:06:47 rgb | |
397 | +# dd libs and dependancies to tags generation. | |
398 | +# | |
399 | +# Revision 1.18 1999/04/16 16:28:12 rgb | |
400 | +# Minor bugfix to avoid including DES if only AH is used. | |
401 | +# | |
402 | +# Revision 1.17 1999/04/15 15:37:23 rgb | |
403 | +# Forward check changes from POST1_00 branch. | |
404 | +# | |
405 | +# Revision 1.14.2.1 1999/03/30 17:29:17 rgb | |
406 | +# Add support for pfkey. | |
407 | +# | |
408 | +# Revision 1.16 1999/04/11 00:28:56 henry | |
409 | +# GPL boilerplate | |
410 | +# | |
411 | +# Revision 1.15 1999/04/06 04:54:25 rgb | |
412 | +# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
413 | +# patch shell fixes. | |
414 | +# | |
415 | +# Revision 1.14 1999/02/18 16:50:45 henry | |
416 | +# update for new DES library | |
417 | +# | |
418 | +# Revision 1.13 1999/02/12 21:11:45 rgb | |
419 | +# Prepare for newer LIBDES (patch from P.Onion). | |
420 | +# | |
421 | +# Revision 1.12 1999/01/26 02:05:08 rgb | |
422 | +# Remove references to INET_GET_PROTOCOL. | |
423 | +# Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
424 | +# Change from transform switch to algorithm switch. | |
425 | +# | |
426 | +# Revision 1.11 1999/01/22 06:16:09 rgb | |
427 | +# Added algorithm switch code config option. | |
428 | +# | |
429 | +# Revision 1.10 1998/11/08 05:31:21 henry | |
430 | +# be a little fussier | |
431 | +# | |
432 | +# Revision 1.9 1998/11/08 05:29:41 henry | |
433 | +# revisions for new libdes handling | |
434 | +# | |
435 | +# Revision 1.8 1998/08/12 00:05:48 rgb | |
436 | +# Added new xforms to Makefile (moved des-cbc to des-old). | |
437 | +# | |
438 | +# Revision 1.7 1998/07/27 21:48:47 rgb | |
439 | +# Add libkernel. | |
440 | +# | |
441 | +# Revision 1.6 1998/07/14 15:50:47 rgb | |
442 | +# Add dependancies on linux config files. | |
443 | +# | |
444 | +# Revision 1.5 1998/07/09 17:44:06 rgb | |
445 | +# Added 'clean' and 'tags' targets. | |
446 | +# Added TOPDIR macro. | |
447 | +# Change module back from symbol exporting to not. | |
448 | +# | |
449 | +# Revision 1.3 1998/06/25 19:25:04 rgb | |
450 | +# Rearrange to support static linking and objects with exported symbol | |
451 | +# tables. | |
452 | +# | |
453 | +# Revision 1.1 1998/06/18 21:27:42 henry | |
454 | +# move sources from klips/src to klips/net/ipsec, to keep stupid | |
455 | +# kernel-build scripts happier in the presence of symlinks | |
456 | +# | |
457 | +# Revision 1.3 1998/04/15 23:18:43 rgb | |
458 | +# Unfixed the ../../libdes fix to avoid messing up Henry's script. | |
459 | +# | |
460 | +# Revision 1.2 1998/04/14 17:50:47 rgb | |
461 | +# Fixed to find the new location of libdes. | |
462 | +# | |
463 | +# Revision 1.1 1998/04/09 03:05:22 henry | |
464 | +# sources moved up from linux/net/ipsec | |
465 | +# modifications to centralize libdes code | |
466 | +# | |
467 | +# Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
468 | +# RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
469 | +# | |
470 | +# Revision 0.5 1997/06/03 04:24:48 ji | |
471 | +# Added ESP-3DES-MD5-96 | |
472 | +# | |
473 | +# Revision 0.4 1997/01/15 01:32:59 ji | |
474 | +# Added new transforms. | |
475 | +# | |
476 | +# Revision 0.3 1996/11/20 14:22:53 ji | |
477 | +# *** empty log message *** | |
478 | +# | |
479 | diff -druN linux-noipsec/net/ipsec/defconfig linux/net/ipsec/defconfig | |
480 | --- linux-noipsec/net/ipsec/defconfig Thu Jan 1 01:00:00 1970 | |
481 | +++ linux/net/ipsec/defconfig Thu Nov 30 18:26:56 2000 | |
482 | @@ -0,0 +1,93 @@ | |
483 | +# | |
484 | +# RCSID $Id$ | |
485 | +# | |
486 | + | |
487 | +# | |
488 | +# FreeS/WAN IPSec implementation, KLIPS kernel config defaults | |
489 | +# | |
490 | + | |
491 | +# | |
492 | +# First, lets override stuff already set or not in the kernel config. | |
493 | +# | |
494 | +# We can't even think about leaving this off... | |
495 | +CONFIG_INET=y | |
496 | + | |
497 | +# | |
498 | +# This must be on for subnet protection. | |
499 | +CONFIG_IP_FORWARD=y | |
500 | + | |
501 | +# Shut off IPSEC masquerading if it has been enabled, since it will | |
502 | +# break the compile. IPPROTO_ESP and IPPROTO_AH were included in | |
503 | +# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h. | |
504 | +CONFIG_IP_MASQUERADE_IPSEC=n | |
505 | + | |
506 | +# | |
507 | +# Next, lets set the recommended FreeS/WAN configuration. | |
508 | +# | |
509 | + | |
510 | +# To config as static (preferred), 'y'. To config as module, 'm'. | |
511 | +CONFIG_IPSEC=y | |
512 | + | |
513 | +# To do tunnel mode IPSec, this must be enabled. | |
514 | +CONFIG_IPSEC_IPIP=y | |
515 | + | |
516 | +# To enable authentication, say 'y'. (Highly recommended) | |
517 | +CONFIG_IPSEC_AH=y | |
518 | + | |
519 | +# Authentication algorithm(s): | |
520 | +CONFIG_IPSEC_AUTH_HMAC_MD5=y | |
521 | +CONFIG_IPSEC_AUTH_HMAC_SHA1=y | |
522 | + | |
523 | +# To enable encryption, say 'y'. (Highly recommended) | |
524 | +CONFIG_IPSEC_ESP=y | |
525 | + | |
526 | +# Encryption algorithm(s): | |
527 | +CONFIG_IPSEC_ENC_3DES=y | |
528 | + | |
529 | +# IP Compression: new, probably still has minor bugs. | |
530 | +CONFIG_IPSEC_IPCOMP=y | |
531 | + | |
532 | +# To enable userspace-switchable KLIPS debugging, say 'y'. | |
533 | +CONFIG_IPSEC_DEBUG=y | |
534 | + | |
535 | +# | |
536 | +# | |
537 | +# $Log$ | |
538 | +# Revision 1.18 2000/11/30 17:26:56 rgb | |
539 | +# Cleaned out unused options and enabled ipcomp by default. | |
540 | +# | |
541 | +# Revision 1.17 2000/09/15 11:37:01 rgb | |
542 | +# Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
543 | +# IPCOMP zlib deflate code. | |
544 | +# | |
545 | +# Revision 1.16 2000/09/08 19:12:55 rgb | |
546 | +# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
547 | +# | |
548 | +# Revision 1.15 2000/05/24 19:37:13 rgb | |
549 | +# *** empty log message *** | |
550 | +# | |
551 | +# Revision 1.14 2000/05/11 21:14:57 henry | |
552 | +# just commenting the FOOBAR=y lines out is not enough | |
553 | +# | |
554 | +# Revision 1.13 2000/05/10 20:17:58 rgb | |
555 | +# Comment out netlink defaults, which are no longer needed. | |
556 | +# | |
557 | +# Revision 1.12 2000/05/10 19:13:38 rgb | |
558 | +# Added configure option to shut off no eroute passthrough. | |
559 | +# | |
560 | +# Revision 1.11 2000/03/16 07:09:46 rgb | |
561 | +# Hardcode PF_KEYv2 support. | |
562 | +# Disable IPSEC_ICMP by default. | |
563 | +# Remove DES config option from defaults file. | |
564 | +# | |
565 | +# Revision 1.10 2000/01/11 03:09:42 rgb | |
566 | +# Added a default of 'y' to PF_KEYv2 keying I/F. | |
567 | +# | |
568 | +# Revision 1.9 1999/05/08 21:23:12 rgb | |
569 | +# Added support for 2.2.x kernels. | |
570 | +# | |
571 | +# Revision 1.8 1999/04/06 04:54:25 rgb | |
572 | +# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
573 | +# patch shell fixes. | |
574 | +# | |
575 | +# | |
576 | diff -druN linux-noipsec/net/ipsec/ipcomp.c linux/net/ipsec/ipcomp.c | |
577 | --- linux-noipsec/net/ipsec/ipcomp.c Thu Jan 1 01:00:00 1970 | |
578 | +++ linux/net/ipsec/ipcomp.c Sat Nov 25 04:48:49 2000 | |
579 | @@ -0,0 +1,725 @@ | |
580 | +/* | |
581 | + * IPCOMP zlib interface code. | |
582 | + * Copyright (C) 2000 Svenning Soerensen <svenning@post5.tele.dk> | |
583 | + * Copyright (C) 2000 Richard Guy Briggs <rgb@conscoop.ottawa.on.ca> | |
584 | + * | |
585 | + * This program is free software; you can redistribute it and/or modify it | |
586 | + * under the terms of the GNU General Public License as published by the | |
587 | + * Free Software Foundation; either version 2 of the License, or (at your | |
588 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
589 | + * | |
590 | + * This program is distributed in the hope that it will be useful, but | |
591 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
592 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
593 | + * for more details. | |
594 | + */ | |
595 | + | |
596 | +char ipcomp_c_version[] = "RCSID $Id$"; | |
597 | + | |
598 | +/* SSS */ | |
599 | + | |
600 | +#include <linux/config.h> | |
601 | +#include <linux/version.h> | |
602 | + | |
603 | +#define __NO_VERSION__ | |
604 | +#include <linux/module.h> | |
605 | + | |
606 | +#include <linux/kernel.h> /* printk() */ | |
607 | +#include <linux/malloc.h> | |
608 | +#include <linux/errno.h> /* error codes */ | |
609 | +#include <linux/types.h> | |
610 | +#include <linux/netdevice.h> | |
611 | +#include <linux/ip.h> | |
612 | +#include <linux/skbuff.h> | |
613 | + | |
614 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
615 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
616 | +#include <linux/ip.h> /* struct iphdr */ | |
617 | +#include <linux/skbuff.h> | |
618 | + | |
619 | +#include <freeswan.h> | |
620 | +#ifdef NET_21 | |
621 | +#include <net/dst.h> | |
622 | +#include <asm/uaccess.h> | |
623 | +#include <linux/in6.h> | |
624 | +#define proto_priv cb | |
625 | +#endif /* NET21 */ | |
626 | +#include <asm/checksum.h> | |
627 | +#include <net/ip.h> | |
628 | + | |
629 | +#include "radij.h" | |
630 | +#include "ipsec_encap.h" | |
631 | +#include "ipsec_netlink.h" | |
632 | +#include "ipsec_xform.h" | |
633 | +#include "ipsec_tunnel.h" | |
634 | +#include "ipsec_rcv.h" /* sysctl_ipsec_inbound_policy_check */ | |
635 | +#include "ipcomp.h" | |
636 | +#include "zlib/zlib.h" | |
637 | +#include "zlib/zutil.h" | |
638 | + | |
639 | +#include <pfkeyv2.h> /* SADB_X_CALG_DEFLATE */ | |
640 | + | |
641 | +#ifdef CONFIG_IPSEC_DEBUG | |
642 | +int sysctl_ipsec_debug_ipcomp = 0; | |
643 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
644 | + | |
645 | +static | |
646 | +struct sk_buff *skb_copy_ipcomp(struct sk_buff *skb, int data_growth, int gfp_mask); | |
647 | + | |
648 | +static | |
649 | +voidpf my_zcalloc(voidpf opaque, uInt items, uInt size) | |
650 | +{ | |
651 | + return (voidpf) kmalloc(items*size, GFP_ATOMIC); | |
652 | +} | |
653 | + | |
654 | +static | |
655 | +void my_zfree(voidpf opaque, voidpf address) | |
656 | +{ | |
657 | + kfree(address); | |
658 | +} | |
659 | + | |
660 | +struct sk_buff *skb_compress(struct sk_buff *skb, struct tdb *tdb, unsigned int *flags) | |
661 | +{ | |
662 | + struct iphdr *iph; | |
663 | + unsigned int iphlen, pyldsz, cpyldsz; | |
664 | + unsigned char *buffer; | |
665 | + z_stream zs; | |
666 | + int zresult; | |
667 | + | |
668 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
669 | + "klips_debug:skb_compress: .\n"); | |
670 | + | |
671 | + if(!skb) { | |
672 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
673 | + "klips_debug:skb_compress: " | |
674 | + "passed in NULL skb, returning ERROR.\n"); | |
675 | + if (flags) *flags |= IPCOMP_PARMERROR; | |
676 | + return skb; | |
677 | + } | |
678 | + | |
679 | + if(!tdb) { | |
680 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
681 | + "klips_debug:skb_compress: " | |
682 | + "passed in NULL tdb needed for cpi, returning ERROR.\n"); | |
683 | + if (flags) *flags |= IPCOMP_PARMERROR; | |
684 | + return skb; | |
685 | + } | |
686 | + | |
687 | + if (!flags) { | |
688 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
689 | + "klips_debug:skb_compress: " | |
690 | + "passed in NULL flags, returning ERROR.\n"); | |
691 | +#ifdef NET_21 | |
692 | + kfree_skb(skb); | |
693 | +#else /* NET_21 */ | |
694 | + dev_kfree_skb(skb, FREE_WRITE); | |
695 | +#endif /* NET_21 */ | |
696 | + return NULL; | |
697 | + } | |
698 | + | |
699 | +#ifdef NET_21 | |
700 | + iph = skb->nh.iph; | |
701 | +#else /* NET_21 */ | |
702 | + iph = skb->ip_hdr; | |
703 | +#endif /* NET_21 */ | |
704 | + | |
705 | + switch (iph->protocol) { | |
706 | + case IPPROTO_COMP: | |
707 | + case IPPROTO_AH: | |
708 | + case IPPROTO_ESP: | |
709 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
710 | + "klips_debug:skb_compress: " | |
711 | + "skipping compression of packet with ip protocol %d.\n", | |
712 | + iph->protocol); | |
713 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
714 | + return skb; | |
715 | + } | |
716 | + | |
717 | + /* Don't compress packets already fragmented */ | |
718 | + if (ntohs(iph->frag_off) & ~0x4000) { | |
719 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
720 | + "klips_debug:skb_compress: " | |
721 | + "skipping compression of fragmented packet.\n"); | |
722 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
723 | + return skb; | |
724 | + } | |
725 | + | |
726 | + iphlen = iph->ihl << 2; | |
727 | + pyldsz = ntohs(iph->tot_len) - iphlen; | |
728 | + | |
729 | + /* Don't compress less than 90 bytes (rfc 2394) */ | |
730 | + if (pyldsz < 90) { | |
731 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
732 | + "klips_debug:skb_compress: " | |
733 | + "skipping compression of tiny packet, len=%d.\n", | |
734 | + pyldsz); | |
735 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
736 | + return skb; | |
737 | + } | |
738 | + | |
739 | + /* Adaptive decision */ | |
740 | + if (tdb->tdb_comp_adapt_skip) { | |
741 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
742 | + "klips_debug:skb_compress: " | |
743 | + "skipping compression: tdb_comp_adapt_skip=%d.\n", | |
744 | + tdb->tdb_comp_adapt_skip); | |
745 | + tdb->tdb_comp_adapt_skip--; | |
746 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
747 | + return skb; | |
748 | + } | |
749 | + | |
750 | + zs.zalloc = my_zcalloc; | |
751 | + zs.zfree = my_zfree; | |
752 | + zs.opaque = 0; | |
753 | + | |
754 | + /* We want to use deflateInit2 because we don't want the adler | |
755 | + header. */ | |
756 | + zresult = deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED, -11, | |
757 | + DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY); | |
758 | + if (zresult != Z_OK) { | |
759 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
760 | + "klips_error:skb_compress: " | |
761 | + "deflateInit2() returned error %d (%s), " | |
762 | + "skipping compression.\n", | |
763 | + zresult, | |
764 | + zs.msg ? zs.msg : zError(zresult)); | |
765 | + *flags |= IPCOMP_COMPRESSIONERROR; | |
766 | + return skb; | |
767 | + } | |
768 | + | |
769 | + | |
770 | + /* Max output size. Result should be max this size. | |
771 | + * Implementation specific tweak: | |
772 | + * If it's not at least 32 bytes and 6.25% smaller than | |
773 | + * the original packet, it's probably not worth wasting | |
774 | + * the receiver's CPU cycles decompressing it. | |
775 | + * Your mileage may vary. | |
776 | + */ | |
777 | + cpyldsz = pyldsz - sizeof(struct ipcomphdr) - (pyldsz <= 512 ? 32 : pyldsz >> 4); | |
778 | + | |
779 | + buffer = kmalloc(cpyldsz, GFP_ATOMIC); | |
780 | + if (!buffer) { | |
781 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
782 | + "klips_error:skb_compress: " | |
783 | + "unable to kmalloc(%d, GFP_ATOMIC), " | |
784 | + "skipping compression.\n", | |
785 | + cpyldsz); | |
786 | + *flags |= IPCOMP_COMPRESSIONERROR; | |
787 | + deflateEnd(&zs); | |
788 | + return skb; | |
789 | + } | |
790 | + | |
791 | +#ifdef CONFIG_IPSEC_DEBUG | |
792 | + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { | |
793 | + __u8 *c; | |
794 | + int i; | |
795 | + | |
796 | + c = (__u8*)iph + iphlen; | |
797 | + for(i = 0; i < pyldsz; i++, c++) { | |
798 | + if(!(i % 16)) { | |
799 | + printk(KERN_INFO "skb_compress: before:"); | |
800 | + } | |
801 | + printk("%02x ", *c); | |
802 | + if(!((i + 1) % 16)) { | |
803 | + printk("\n"); | |
804 | + } | |
805 | + } | |
806 | + if(i % 16) { | |
807 | + printk("\n"); | |
808 | + } | |
809 | + } | |
810 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
811 | + | |
812 | + zs.next_in = (char *) iph + iphlen; /* start of payload */ | |
813 | + zs.avail_in = pyldsz; | |
814 | + zs.next_out = buffer; /* start of compressed payload */ | |
815 | + zs.avail_out = cpyldsz; | |
816 | + | |
817 | + /* Finish compression in one step */ | |
818 | + zresult = deflate(&zs, Z_FINISH); | |
819 | + | |
820 | + /* Free all dynamically allocated buffers */ | |
821 | + deflateEnd(&zs); | |
822 | + if (zresult != Z_STREAM_END) { | |
823 | + *flags |= IPCOMP_UNCOMPRESSABLE; | |
824 | + kfree(buffer); | |
825 | + | |
826 | + /* Adjust adaptive counters */ | |
827 | + if (++(tdb->tdb_comp_adapt_tries) == IPCOMP_ADAPT_INITIAL_TRIES) { | |
828 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
829 | + "klips_debug:skb_compress: " | |
830 | + "first %d packets didn't compress, " | |
831 | + "skipping next %d\n", | |
832 | + IPCOMP_ADAPT_INITIAL_TRIES, | |
833 | + IPCOMP_ADAPT_INITIAL_SKIP); | |
834 | + tdb->tdb_comp_adapt_skip = IPCOMP_ADAPT_INITIAL_SKIP; | |
835 | + } | |
836 | + else if (tdb->tdb_comp_adapt_tries == IPCOMP_ADAPT_INITIAL_TRIES + IPCOMP_ADAPT_SUBSEQ_TRIES) { | |
837 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
838 | + "klips_debug:skb_compress: " | |
839 | + "next %d packets didn't compress, " | |
840 | + "skipping next %d\n", | |
841 | + IPCOMP_ADAPT_SUBSEQ_TRIES, | |
842 | + IPCOMP_ADAPT_SUBSEQ_SKIP); | |
843 | + tdb->tdb_comp_adapt_skip = IPCOMP_ADAPT_SUBSEQ_SKIP; | |
844 | + tdb->tdb_comp_adapt_tries = IPCOMP_ADAPT_INITIAL_TRIES; | |
845 | + } | |
846 | + | |
847 | + return skb; | |
848 | + } | |
849 | + | |
850 | + /* resulting compressed size */ | |
851 | + cpyldsz -= zs.avail_out; | |
852 | + | |
853 | + /* Insert IPCOMP header */ | |
854 | + ((struct ipcomphdr*) ((char*) iph + iphlen))->ipcomp_nh = iph->protocol; | |
855 | + ((struct ipcomphdr*) ((char*) iph + iphlen))->ipcomp_flags = 0; | |
856 | + /* use the bottom 16 bits of the spi for the cpi. The top 16 bits are | |
857 | + for internal reference only. */ | |
858 | + ((struct ipcomphdr*) (((char*)iph) + iphlen))->ipcomp_cpi = htons((__u16)(ntohl(tdb->tdb_said.spi) & 0x0000ffff)); | |
859 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
860 | + "klips_debug:skb_compress: " | |
861 | + "spi=%08x, spi&0xffff=%04x, cpi=%04x, payload size: raw=%d, comp=%d.\n", | |
862 | + ntohl(tdb->tdb_said.spi), | |
863 | + ntohl(tdb->tdb_said.spi) & 0x0000ffff, | |
864 | + ntohs(((struct ipcomphdr*)(((char*)iph)+iphlen))->ipcomp_cpi), | |
865 | + pyldsz, | |
866 | + cpyldsz); | |
867 | + | |
868 | + /* Update IP header */ | |
869 | + iph->protocol = IPPROTO_COMP; | |
870 | + iph->tot_len = htons(iphlen + sizeof(struct ipcomphdr) + cpyldsz); | |
871 | +#if 1 /* XXX checksum is done by ipsec_tunnel ? */ | |
872 | + iph->check = 0; | |
873 | + iph->check = ip_fast_csum((char *) iph, iph->ihl); | |
874 | +#endif | |
875 | + | |
876 | + /* Copy compressed payload */ | |
877 | + memcpy((char *) iph + iphlen + sizeof(struct ipcomphdr), | |
878 | + buffer, | |
879 | + cpyldsz); | |
880 | + kfree(buffer); | |
881 | + | |
882 | + /* Update skb length/tail by "unputting" the shrinkage */ | |
883 | + skb_put(skb, | |
884 | + cpyldsz + sizeof(struct ipcomphdr) - pyldsz); | |
885 | + | |
886 | +#ifdef CONFIG_IPSEC_DEBUG | |
887 | + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { | |
888 | + __u8 *c; | |
889 | + int i; | |
890 | + | |
891 | + c = (__u8*)iph + iphlen + sizeof(struct ipcomphdr); | |
892 | + for(i = 0; i < cpyldsz; i++, c++) { | |
893 | + if(!(i % 16)) { | |
894 | + printk(KERN_INFO "skb_compress: result:"); | |
895 | + } | |
896 | + printk("%02x ", *c); | |
897 | + if(!((i + 1) % 16)) { | |
898 | + printk("\n"); | |
899 | + } | |
900 | + } | |
901 | + if(i % 16) { | |
902 | + printk("\n"); | |
903 | + } | |
904 | + } | |
905 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
906 | + | |
907 | + tdb->tdb_comp_adapt_skip = 0; | |
908 | + tdb->tdb_comp_adapt_tries = 0; | |
909 | + | |
910 | + return skb; | |
911 | +} | |
912 | + | |
913 | +struct sk_buff *skb_decompress(struct sk_buff *skb, struct tdb *tdb, unsigned int *flags) | |
914 | +{ | |
915 | + struct sk_buff *nskb = NULL; | |
916 | + | |
917 | + /* original ip header */ | |
918 | + struct iphdr *oiph, *iph; | |
919 | + unsigned int iphlen, pyldsz, cpyldsz; | |
920 | + z_stream zs; | |
921 | + int zresult; | |
922 | + | |
923 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
924 | + "klips_debug:skb_decompress: .\n"); | |
925 | + | |
926 | + if(!skb) { | |
927 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
928 | + "klips_error:skb_decompress: " | |
929 | + "passed in NULL skb, returning ERROR.\n"); | |
930 | + if (flags) *flags |= IPCOMP_PARMERROR; | |
931 | + return skb; | |
932 | + } | |
933 | + | |
934 | + if(!tdb && sysctl_ipsec_inbound_policy_check) { | |
935 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
936 | + "klips_error:skb_decompress: " | |
937 | + "passed in NULL tdb needed for comp alg, returning ERROR.\n"); | |
938 | + if (flags) *flags |= IPCOMP_PARMERROR; | |
939 | + return skb; | |
940 | + } | |
941 | + | |
942 | + if (!flags) { | |
943 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
944 | + "klips_error:skb_decompress: " | |
945 | + "passed in NULL flags, returning ERROR.\n"); | |
946 | +#ifdef NET_21 | |
947 | + kfree_skb(skb); | |
948 | +#else /* NET_21 */ | |
949 | + dev_kfree_skb(skb, FREE_WRITE); | |
950 | +#endif /* NET_21 */ | |
951 | + return NULL; | |
952 | + } | |
953 | + | |
954 | +#ifdef NET_21 | |
955 | + oiph = skb->nh.iph; | |
956 | +#else /* NET_21 */ | |
957 | + oiph = skb->ip_hdr; | |
958 | +#endif /* NET_21 */ | |
959 | + | |
960 | + iphlen = oiph->ihl << 2; | |
961 | + | |
962 | + if (oiph->protocol != IPPROTO_COMP) { | |
963 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
964 | + "klips_error:skb_decompress: " | |
965 | + "called with non-IPCOMP packet (protocol=%d)," | |
966 | + "skipping decompression.\n", | |
967 | + oiph->protocol); | |
968 | + *flags |= IPCOMP_PARMERROR; | |
969 | + return skb; | |
970 | + } | |
971 | + | |
972 | + if ( (((struct ipcomphdr*)((char*) oiph + iphlen))->ipcomp_flags != 0) | |
973 | + || ((((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_cpi | |
974 | + != htons(SADB_X_CALG_DEFLATE)) | |
975 | + && sysctl_ipsec_inbound_policy_check | |
976 | + && (!tdb || (tdb && (tdb->tdb_encalg != SADB_X_CALG_DEFLATE)))) ) { | |
977 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
978 | + "klips_error:skb_decompress: " | |
979 | + "called with incompatible IPCOMP packet (flags=%d, " | |
980 | + "cpi=%d), tdb-compalg=%d, skipping decompression.\n", | |
981 | + ntohs(((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_flags), | |
982 | + ntohs(((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_cpi), | |
983 | + tdb ? tdb->tdb_encalg : 0); | |
984 | + *flags |= IPCOMP_PARMERROR; | |
985 | + | |
986 | + return skb; | |
987 | + } | |
988 | + | |
989 | + if (ntohs(oiph->frag_off) & ~0x4000) { | |
990 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
991 | + "klips_error:skb_decompress: " | |
992 | + "called with fragmented IPCOMP packet, " | |
993 | + "skipping decompression.\n"); | |
994 | + *flags |= IPCOMP_PARMERROR; | |
995 | + return skb; | |
996 | + } | |
997 | + | |
998 | + /* original compressed payload size */ | |
999 | + cpyldsz = ntohs(oiph->tot_len) - iphlen - sizeof(struct ipcomphdr); | |
1000 | + | |
1001 | + zs.zalloc = my_zcalloc; | |
1002 | + zs.zfree = my_zfree; | |
1003 | + zs.opaque = 0; | |
1004 | + | |
1005 | + zs.next_in = (char *) oiph + iphlen + sizeof(struct ipcomphdr); | |
1006 | + zs.avail_in = cpyldsz; | |
1007 | + | |
1008 | + /* Maybe we should be a bit conservative about memory | |
1009 | + requirements and use inflateInit2 */ | |
1010 | + /* Beware, that this might make us unable to decompress packets | |
1011 | + from other implementations - HINT: check PGPnet source code */ | |
1012 | + /* We want to use inflateInit2 because we don't want the adler | |
1013 | + header. */ | |
1014 | + zresult = inflateInit2(&zs, -15); | |
1015 | + if (zresult != Z_OK) { | |
1016 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
1017 | + "klips_error:skb_decompress: " | |
1018 | + "inflateInit2() returned error %d (%s), " | |
1019 | + "skipping decompression.\n", | |
1020 | + zresult, | |
1021 | + zs.msg ? zs.msg : zError(zresult)); | |
1022 | + *flags |= IPCOMP_DECOMPRESSIONERROR; | |
1023 | + | |
1024 | + return skb; | |
1025 | + } | |
1026 | + | |
1027 | + /* We have no way of knowing the exact length of the resulting | |
1028 | + decompressed output before we have actually done the decompression. | |
1029 | + For now, we guess that the packet will not be bigger than the | |
1030 | + attached ipsec device's mtu or 16260, whichever is biggest. | |
1031 | + This may be wrong, since the sender's mtu may be bigger yet. | |
1032 | + XXX This must be dealt with later XXX | |
1033 | + */ | |
1034 | + | |
1035 | + /* max payload size */ | |
1036 | + pyldsz = skb->dev ? (skb->dev->mtu < 16260 ? 16260 : skb->dev->mtu) | |
1037 | + : (65520 - iphlen); | |
1038 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
1039 | + "klips_debug:skb_decompress: " | |
1040 | + "max payload size: %d\n", pyldsz); | |
1041 | + | |
1042 | + while (pyldsz > (cpyldsz + sizeof(struct ipcomphdr)) && | |
1043 | + (nskb = skb_copy_ipcomp(skb, | |
1044 | + pyldsz - cpyldsz - sizeof(struct ipcomphdr), | |
1045 | + GFP_ATOMIC)) == NULL) { | |
1046 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
1047 | + "klips_error:skb_decompress: " | |
1048 | + "unable to skb_copy_ipcomp(skb, %d, GFP_ATOMIC), " | |
1049 | + "trying with less payload size.\n", | |
1050 | + pyldsz - cpyldsz - sizeof(struct ipcomphdr)); | |
1051 | + pyldsz >>=1; | |
1052 | + } | |
1053 | + | |
1054 | + if (!nskb) { | |
1055 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
1056 | + "klips_error:skb_decompress: " | |
1057 | + "unable to allocate memory, dropping packet.\n"); | |
1058 | + *flags |= IPCOMP_DECOMPRESSIONERROR; | |
1059 | + inflateEnd(&zs); | |
1060 | + | |
1061 | + return skb; | |
1062 | + } | |
1063 | + | |
1064 | +#ifdef CONFIG_IPSEC_DEBUG | |
1065 | + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { | |
1066 | + __u8 *c; | |
1067 | + int i; | |
1068 | + | |
1069 | + c = (__u8*)oiph + iphlen + sizeof(struct ipcomphdr); | |
1070 | + for(i = 0; i < cpyldsz; i++, c++) { | |
1071 | + if(!(i % 16)) { | |
1072 | + printk(KERN_INFO "skb_decompress: before:"); | |
1073 | + } | |
1074 | + printk("%02x ", *c); | |
1075 | + if(!((i + 1) % 16)) { | |
1076 | + printk("\n"); | |
1077 | + } | |
1078 | + } | |
1079 | + if(i % 16) { | |
1080 | + printk("\n"); | |
1081 | + } | |
1082 | + } | |
1083 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1084 | + | |
1085 | +#ifdef NET_21 | |
1086 | + iph = nskb->nh.iph; | |
1087 | +#else /* NET_21 */ | |
1088 | + iph = nskb->ip_hdr; | |
1089 | +#endif /* NET_21 */ | |
1090 | + zs.next_out = (char *)iph + iphlen; | |
1091 | + zs.avail_out = pyldsz; | |
1092 | + | |
1093 | + zresult = inflate(&zs, Z_SYNC_FLUSH); | |
1094 | + | |
1095 | + /* work around a bug in zlib, which sometimes wants to taste an extra | |
1096 | + * byte when being used in the (undocumented) raw deflate mode. | |
1097 | + */ | |
1098 | + if (zresult == Z_OK && !zs.avail_in && zs.avail_out) { | |
1099 | + __u8 zerostuff = 0; | |
1100 | + | |
1101 | + zs.next_in = &zerostuff; | |
1102 | + zs.avail_in = 1; | |
1103 | + zresult = inflate(&zs, Z_FINISH); | |
1104 | + } | |
1105 | + | |
1106 | + inflateEnd(&zs); | |
1107 | + if (zresult != Z_STREAM_END) { | |
1108 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
1109 | + "klips_error:skb_decompress: " | |
1110 | + "inflate() returned error %d (%s), " | |
1111 | + "skipping decompression.\n", | |
1112 | + zresult, | |
1113 | + zs.msg ? zs.msg : zError(zresult)); | |
1114 | + *flags |= IPCOMP_DECOMPRESSIONERROR; | |
1115 | +#ifdef NET_21 | |
1116 | + kfree_skb(nskb); | |
1117 | +#else /* NET_21 */ | |
1118 | + dev_kfree_skb(nskb, FREE_WRITE); | |
1119 | +#endif /* NET_21 */ | |
1120 | + | |
1121 | + return skb; | |
1122 | + } | |
1123 | + | |
1124 | + /* Update IP header */ | |
1125 | + /* resulting decompressed size */ | |
1126 | + pyldsz -= zs.avail_out; | |
1127 | + iph->tot_len = htons(iphlen + pyldsz); | |
1128 | + iph->protocol = ((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_nh; | |
1129 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
1130 | + "klips_debug:skb_decompress: " | |
1131 | + "spi=%08x, spi&0xffff=%04x, cpi=%04x, payload size: comp=%d, raw=%d, nh=%d.\n", | |
1132 | + tdb ? ntohl(tdb->tdb_said.spi) : 0, | |
1133 | + tdb ? ntohl(tdb->tdb_said.spi) & 0x0000ffff : 0, | |
1134 | + ntohs(((struct ipcomphdr*)(((char*)oiph)+iphlen))->ipcomp_cpi), | |
1135 | + cpyldsz, | |
1136 | + pyldsz, | |
1137 | + iph->protocol); | |
1138 | + | |
1139 | +#if 1 /* XXX checksum is done by ipsec_rcv ? */ | |
1140 | + iph->check = 0; | |
1141 | + iph->check = ip_fast_csum((char*) iph, iph->ihl); | |
1142 | +#endif | |
1143 | + | |
1144 | + /* Update skb length/tail by "unputting" the unused data area */ | |
1145 | + skb_put(nskb, -zs.avail_out); | |
1146 | + | |
1147 | +#ifdef NET_21 | |
1148 | + kfree_skb(skb); | |
1149 | +#else /* NET_21 */ | |
1150 | + dev_kfree_skb(skb, FREE_WRITE); | |
1151 | +#endif /* NET_21 */ | |
1152 | + | |
1153 | + if (iph->protocol == IPPROTO_COMP) | |
1154 | + { | |
1155 | +#ifdef CONFIG_IPSEC_DEBUG | |
1156 | + if(sysctl_ipsec_debug_ipcomp) | |
1157 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
1158 | + "klips_debug:skb_decompress: " | |
1159 | + "Eh? inner packet is also compressed, dropping.\n"); | |
1160 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1161 | + | |
1162 | +#ifdef NET_21 | |
1163 | + kfree_skb(nskb); | |
1164 | +#else /* NET_21 */ | |
1165 | + dev_kfree_skb(nskb, FREE_WRITE); | |
1166 | +#endif /* NET_21 */ | |
1167 | + return NULL; | |
1168 | + } | |
1169 | + | |
1170 | +#ifdef CONFIG_IPSEC_DEBUG | |
1171 | + if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { | |
1172 | + __u8 *c; | |
1173 | + int i; | |
1174 | + | |
1175 | + c = (__u8*)iph + iphlen; | |
1176 | + for(i = 0; i < pyldsz; i++, c++) { | |
1177 | + if(!(i % 16)) { | |
1178 | + printk(KERN_INFO "skb_decompress: result:"); | |
1179 | + } | |
1180 | + printk("%02x ", *c); | |
1181 | + if(!((i + 1) % 16)) { | |
1182 | + printk("\n"); | |
1183 | + } | |
1184 | + } | |
1185 | + if(i % 16) { | |
1186 | + printk("\n"); | |
1187 | + } | |
1188 | + } | |
1189 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1190 | + | |
1191 | + return nskb; | |
1192 | +} | |
1193 | + | |
1194 | + | |
1195 | +/* this is derived from skb_copy() in linux 2.2.14 */ | |
1196 | +/* May be incompatible with other kernel versions!! */ | |
1197 | +static | |
1198 | +struct sk_buff *skb_copy_ipcomp(struct sk_buff *skb, int data_growth, int gfp_mask) | |
1199 | +{ | |
1200 | + struct sk_buff *n; | |
1201 | + struct iphdr *iph; | |
1202 | + unsigned long offset; | |
1203 | + unsigned int iphlen; | |
1204 | + | |
1205 | + if(!skb) { | |
1206 | + KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, | |
1207 | + "klips_debug:skb_copy_ipcomp: " | |
1208 | + "passed in NULL skb, returning NULL.\n"); | |
1209 | + return NULL; | |
1210 | + } | |
1211 | + | |
1212 | + /* | |
1213 | + * Allocate the copy buffer | |
1214 | + */ | |
1215 | + | |
1216 | +#ifdef NET_21 | |
1217 | + iph = skb->nh.iph; | |
1218 | +#else /* NET_21 */ | |
1219 | + iph = skb->ip_hdr; | |
1220 | +#endif /* NET_21 */ | |
1221 | + if (!iph) return NULL; | |
1222 | + iphlen = iph->ihl << 2; | |
1223 | + | |
1224 | + n=alloc_skb(skb->end - skb->head + data_growth, gfp_mask); | |
1225 | + if(n==NULL) | |
1226 | + return NULL; | |
1227 | + | |
1228 | + /* | |
1229 | + * Shift between the two data areas in bytes | |
1230 | + */ | |
1231 | + | |
1232 | + offset=n->head-skb->head; | |
1233 | + | |
1234 | + /* Set the data pointer */ | |
1235 | + skb_reserve(n,skb->data-skb->head); | |
1236 | + /* Set the tail pointer and length */ | |
1237 | + skb_put(n,skb->len+data_growth); | |
1238 | + /* Copy the bytes up to and including the ip header */ | |
1239 | + memcpy(n->head, | |
1240 | + skb->head, | |
1241 | + ((char *)iph - (char *)skb->head) + iphlen); | |
1242 | + n->list=NULL; | |
1243 | + n->next=NULL; | |
1244 | + n->prev=NULL; | |
1245 | + n->sk=NULL; | |
1246 | + n->dev=skb->dev; | |
1247 | + if (skb->h.raw) | |
1248 | + n->h.raw=skb->h.raw+offset; | |
1249 | + else | |
1250 | + n->h.raw=NULL; | |
1251 | + n->protocol=skb->protocol; | |
1252 | +#ifdef NET_21 | |
1253 | + n->csum = 0; | |
1254 | + n->priority=skb->priority; | |
1255 | + n->dst=dst_clone(skb->dst); | |
1256 | + n->nh.raw=skb->nh.raw+offset; | |
1257 | + n->is_clone=0; | |
1258 | + atomic_set(&n->users, 1); | |
1259 | + n->destructor = NULL; | |
1260 | + n->security=skb->security; | |
1261 | + memcpy(n->cb, skb->cb, sizeof(skb->cb)); | |
1262 | +#ifdef CONFIG_IP_FIREWALL | |
1263 | + n->fwmark = skb->fwmark; | |
1264 | +#endif | |
1265 | +#else /* NET_21 */ | |
1266 | + n->link3=NULL; | |
1267 | + n->when=skb->when; | |
1268 | + n->ip_hdr=(struct iphdr *)(((char *)skb->ip_hdr)+offset); | |
1269 | + n->saddr=skb->saddr; | |
1270 | + n->daddr=skb->daddr; | |
1271 | + n->raddr=skb->raddr; | |
1272 | + n->seq=skb->seq; | |
1273 | + n->end_seq=skb->end_seq; | |
1274 | + n->ack_seq=skb->ack_seq; | |
1275 | + n->acked=skb->acked; | |
1276 | + n->free=1; | |
1277 | + n->arp=skb->arp; | |
1278 | + n->tries=0; | |
1279 | + n->lock=0; | |
1280 | + n->users=0; | |
1281 | + memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv)); | |
1282 | +#endif /* NET_21 */ | |
1283 | + if (skb->mac.raw) | |
1284 | + n->mac.raw=skb->mac.raw+offset; | |
1285 | + else | |
1286 | + n->mac.raw=NULL; | |
1287 | + n->used=skb->used; | |
1288 | + n->pkt_type=skb->pkt_type; | |
1289 | + n->pkt_bridged=skb->pkt_bridged; | |
1290 | + n->ip_summed=0; | |
1291 | + n->stamp=skb->stamp; | |
1292 | +#if defined(CONFIG_SHAPER) || defined(CONFIG_SHAPER_MODULE) | |
1293 | + n->shapelatency=skb->shapelatency; /* Latency on frame */ | |
1294 | + n->shapeclock=skb->shapeclock; /* Time it should go out */ | |
1295 | + n->shapelen=skb->shapelen; /* Frame length in clocks */ | |
1296 | + n->shapestamp=skb->shapestamp; /* Stamp for shaper */ | |
1297 | + n->shapepend=skb->shapepend; /* Pending */ | |
1298 | +#endif | |
1299 | +#ifdef CONFIG_HIPPI | |
1300 | + n->private.ifield=skb->private.ifield; | |
1301 | +#endif | |
1302 | + | |
1303 | + return n; | |
1304 | +} | |
1305 | diff -druN linux-noipsec/net/ipsec/ipcomp.h linux/net/ipsec/ipcomp.h | |
1306 | --- linux-noipsec/net/ipsec/ipcomp.h Thu Jan 1 01:00:00 1970 | |
1307 | +++ linux/net/ipsec/ipcomp.h Mon Nov 6 05:30:40 2000 | |
1308 | @@ -0,0 +1,59 @@ | |
1309 | +/* | |
1310 | + * IPCOMP zlib interface code. | |
1311 | + * Copyright (C) 2000 Svenning Soerensen <svenning@post5.tele.dk> | |
1312 | + * Copyright (C) 2000 Richard Guy Briggs <rgb@conscoop.ottawa.on.ca> | |
1313 | + * | |
1314 | + * This program is free software; you can redistribute it and/or modify it | |
1315 | + * under the terms of the GNU General Public License as published by the | |
1316 | + * Free Software Foundation; either version 2 of the License, or (at your | |
1317 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
1318 | + * | |
1319 | + * This program is distributed in the hope that it will be useful, but | |
1320 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
1321 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
1322 | + * for more details. | |
1323 | + | |
1324 | + RCSID $Id$ | |
1325 | + | |
1326 | + */ | |
1327 | + | |
1328 | +/* SSS */ | |
1329 | + | |
1330 | +#ifndef _IPCOMP_H | |
1331 | +#define _IPCOMP_H | |
1332 | + | |
1333 | +/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */ | |
1334 | +#define IPCOMP_PREFIX | |
1335 | + | |
1336 | +#ifndef IPPROTO_COMP | |
1337 | +#define IPPROTO_COMP 108 | |
1338 | +#endif /* IPPROTO_COMP */ | |
1339 | + | |
1340 | +#ifdef CONFIG_IPSEC_DEBUG | |
1341 | +extern int sysctl_ipsec_debug_ipcomp; | |
1342 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1343 | + | |
1344 | +struct ipcomphdr { /* IPCOMP header */ | |
1345 | + __u8 ipcomp_nh; /* Next header (protocol) */ | |
1346 | + __u8 ipcomp_flags; /* Reserved, must be 0 */ | |
1347 | + __u16 ipcomp_cpi; /* Compression Parameter Index */ | |
1348 | +}; | |
1349 | + | |
1350 | +extern struct inet_protocol comp_protocol; | |
1351 | +extern int sysctl_ipsec_debug_ipcomp; | |
1352 | + | |
1353 | +#define IPCOMP_UNCOMPRESSABLE 0x000000001 | |
1354 | +#define IPCOMP_COMPRESSIONERROR 0x000000002 | |
1355 | +#define IPCOMP_PARMERROR 0x000000004 | |
1356 | +#define IPCOMP_DECOMPRESSIONERROR 0x000000008 | |
1357 | + | |
1358 | +#define IPCOMP_ADAPT_INITIAL_TRIES 8 | |
1359 | +#define IPCOMP_ADAPT_INITIAL_SKIP 4 | |
1360 | +#define IPCOMP_ADAPT_SUBSEQ_TRIES 2 | |
1361 | +#define IPCOMP_ADAPT_SUBSEQ_SKIP 8 | |
1362 | + | |
1363 | +/* Function prototypes */ | |
1364 | +struct sk_buff *skb_compress(struct sk_buff *skb, struct tdb *tdb, unsigned int *flags); | |
1365 | +struct sk_buff *skb_decompress(struct sk_buff *skb, struct tdb *tdb, unsigned int *flags); | |
1366 | + | |
1367 | +#endif /* _IPCOMP_H */ | |
1368 | diff -druN linux-noipsec/net/ipsec/ipsec_ah.h linux/net/ipsec/ipsec_ah.h | |
1369 | --- linux-noipsec/net/ipsec/ipsec_ah.h Thu Jan 1 01:00:00 1970 | |
1370 | +++ linux/net/ipsec/ipsec_ah.h Tue Sep 12 05:21:20 2000 | |
1371 | @@ -0,0 +1,232 @@ | |
1372 | +/* | |
1373 | + * Authentication Header declarations | |
1374 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
1375 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
1376 | + * | |
1377 | + * This program is free software; you can redistribute it and/or modify it | |
1378 | + * under the terms of the GNU General Public License as published by the | |
1379 | + * Free Software Foundation; either version 2 of the License, or (at your | |
1380 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
1381 | + * | |
1382 | + * This program is distributed in the hope that it will be useful, but | |
1383 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
1384 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
1385 | + * for more details. | |
1386 | + * | |
1387 | + * RCSID $Id$ | |
1388 | + */ | |
1389 | + | |
1390 | +#include "ipsec_md5h.h" | |
1391 | +#include "ipsec_sha1.h" | |
1392 | + | |
1393 | +#ifndef IPPROTO_AH | |
1394 | +#define IPPROTO_AH 51 | |
1395 | +#endif /* IPPROTO_AH */ | |
1396 | + | |
1397 | +#define AH_FLENGTH 12 /* size of fixed part */ | |
1398 | +#define AHMD5_KMAX 64 /* MD5 max 512 bits key */ | |
1399 | +#define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */ | |
1400 | + | |
1401 | +#define AHMD596_KLEN 16 /* MD5 128 bits key */ | |
1402 | +#define AHSHA196_KLEN 20 /* SHA1 160 bits key */ | |
1403 | + | |
1404 | +#define AHMD596_ALEN 16 /* MD5 128 bits authentication length */ | |
1405 | +#define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */ | |
1406 | + | |
1407 | +#define AHMD596_BLKLEN 64 /* MD5 block length */ | |
1408 | +#define AHSHA196_BLKLEN 64 /* SHA1 block length */ | |
1409 | + | |
1410 | +#define AH_AMAX AHSHA196_ALEN /* keep up to date! */ | |
1411 | +#define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */ | |
1412 | +#define AHHMAC_RPLLEN 4 /* 32 bit replay counter */ | |
1413 | + | |
1414 | +#define DB_AH_PKTRX 0x0001 | |
1415 | +#define DB_AH_PKTRX2 0x0002 | |
1416 | +#define DB_AH_DMP 0x0004 | |
1417 | +#define DB_AH_TDB 0x0010 | |
1418 | +#define DB_AH_XF 0x0020 | |
1419 | +#define DB_AH_INAU 0x0040 | |
1420 | +#define DB_AH_REPLAY 0x0100 | |
1421 | + | |
1422 | +struct ahmd5_xdata /* transform table data */ | |
1423 | +{ | |
1424 | + __u16 amx_klen; /* Key material length */ | |
1425 | + __u16 amx_alen; /* authenticator length */ | |
1426 | + __u8 amx_key[AHMD5_KMAX]; /* Key material */ | |
1427 | +}; | |
1428 | + | |
1429 | +struct ahhmacmd5_edata /* struct for netlink interface */ | |
1430 | +{ | |
1431 | + __u16 ame_klen; /* Key material length */ | |
1432 | + __u16 ame_alen; /* authenticator length */ | |
1433 | + __u8 ame_replayp; /* replay protection ? */ | |
1434 | + __u8 ame_ooowin; /* out-of-order window size */ | |
1435 | + __u16 ame_x0; /* filler */ | |
1436 | + __u8 ame_key[AHMD596_KLEN]; /* Key material */ | |
1437 | +}; | |
1438 | + | |
1439 | +struct ahhmacsha1_edata /* struct for netlink interface */ | |
1440 | +{ | |
1441 | + __u16 ame_klen; /* Key material length */ | |
1442 | + __u16 ame_alen; /* authenticator length */ | |
1443 | + __u8 ame_replayp; /* replay protection ? */ | |
1444 | + __u8 ame_ooowin; /* out-of-order window size */ | |
1445 | + __u16 ame_x0; /* filler */ | |
1446 | + __u8 ame_key[AHSHA196_KLEN]; /* Key material */ | |
1447 | +}; | |
1448 | + | |
1449 | +#ifdef __KERNEL__ | |
1450 | + | |
1451 | +/* General HMAC algorithm is described in RFC 2104 */ | |
1452 | + | |
1453 | +#define HMAC_IPAD 0x36 | |
1454 | +#define HMAC_OPAD 0x5C | |
1455 | + | |
1456 | +struct ahhmacmd5_xdata /* struct for xform table */ | |
1457 | +{ | |
1458 | + __u16 amx_alen; /* length of authenticator, octets */ | |
1459 | + __u8 amx_replayp; /* 1 if replay prevention active */ | |
1460 | + __u8 amx_ooowin; /* out-of-order window size */ | |
1461 | + __u64 amx_bitmap; /* this&next should be 8 bytes each */ | |
1462 | + __u32 amx_lastseq; /* or just seq if sending!! */ | |
1463 | + MD5_CTX amx_octx; /* context after H(K XOR opad) */ | |
1464 | + MD5_CTX amx_ictx; /* context after H(K XOR ipad) */ | |
1465 | +}; | |
1466 | + | |
1467 | +struct ahhmacsha1_xdata /* struct for xform table */ | |
1468 | +{ | |
1469 | + __u16 amx_alen; /* length of authenticator, octets */ | |
1470 | + __u8 amx_replayp; /* 1 if replay prevention active */ | |
1471 | + __u8 amx_ooowin; /* out-of-order window size */ | |
1472 | + __u64 amx_bitmap; /* this&next should be 8 bytes each */ | |
1473 | + __u32 amx_lastseq; /* or just seq if sending!! */ | |
1474 | + SHA1_CTX amx_octx; /* context after H(K XOR opad) */ | |
1475 | + SHA1_CTX amx_ictx; /* context after H(K XOR ipad) */ | |
1476 | +}; | |
1477 | + | |
1478 | +struct md5_ctx { | |
1479 | + MD5_CTX ictx; /* context after H(K XOR ipad) */ | |
1480 | + MD5_CTX octx; /* context after H(K XOR opad) */ | |
1481 | +}; | |
1482 | + | |
1483 | +struct sha1_ctx { | |
1484 | + SHA1_CTX ictx; /* context after H(K XOR ipad) */ | |
1485 | + SHA1_CTX octx; /* context after H(K XOR opad) */ | |
1486 | +}; | |
1487 | + | |
1488 | +extern struct inet_protocol ah_protocol; | |
1489 | + | |
1490 | +struct options; | |
1491 | + | |
1492 | +extern int | |
1493 | +ah_rcv(struct sk_buff *skb, | |
1494 | + struct device *dev, | |
1495 | + struct options *opt, | |
1496 | + __u32 daddr, | |
1497 | + unsigned short len, | |
1498 | + __u32 saddr, | |
1499 | + int redo, | |
1500 | + struct inet_protocol *protocol); | |
1501 | + | |
1502 | +struct ah /* Generic AH header */ | |
1503 | +{ | |
1504 | + __u8 ah_nh; /* Next header (protocol) */ | |
1505 | + __u8 ah_hl; /* AH length, in 32-bit words */ | |
1506 | + __u16 ah_rv; /* reserved, must be 0 */ | |
1507 | + __u32 ah_spi; /* Security Parameters Index */ | |
1508 | + __u32 ah_rpl; /* Replay prevention */ | |
1509 | + __u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */ | |
1510 | +}; | |
1511 | + | |
1512 | +#ifdef CONFIG_IPSEC_DEBUG | |
1513 | +extern int debug_ah; | |
1514 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1515 | +#endif /* __KERNEL__ */ | |
1516 | + | |
1517 | +#ifdef CONFIG_IPSEC_DEBUG | |
1518 | +#define AHPRINTKEYS_ | |
1519 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1520 | + | |
1521 | +/* | |
1522 | + * $Log$ | |
1523 | + * Revision 1.12 2000/09/12 03:21:20 rgb | |
1524 | + * Cleared out unused htonq. | |
1525 | + * | |
1526 | + * Revision 1.11 2000/09/08 19:12:55 rgb | |
1527 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
1528 | + * | |
1529 | + * Revision 1.10 2000/01/21 06:13:10 rgb | |
1530 | + * Tidied up spacing. | |
1531 | + * Added macros for HMAC padding magic numbers.(kravietz) | |
1532 | + * | |
1533 | + * Revision 1.9 1999/12/07 18:16:23 rgb | |
1534 | + * Fixed comments at end of #endif lines. | |
1535 | + * | |
1536 | + * Revision 1.8 1999/04/11 00:28:56 henry | |
1537 | + * GPL boilerplate | |
1538 | + * | |
1539 | + * Revision 1.7 1999/04/06 04:54:25 rgb | |
1540 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
1541 | + * patch shell fixes. | |
1542 | + * | |
1543 | + * Revision 1.6 1999/01/26 02:06:01 rgb | |
1544 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
1545 | + * | |
1546 | + * Revision 1.5 1999/01/22 06:17:49 rgb | |
1547 | + * Updated macro comments. | |
1548 | + * Added context types to support algorithm switch code. | |
1549 | + * 64-bit clean-up -- converting 'u long long' to __u64. | |
1550 | + * | |
1551 | + * Revision 1.4 1998/07/14 15:54:56 rgb | |
1552 | + * Add #ifdef __KERNEL__ to protect kernel-only structures. | |
1553 | + * | |
1554 | + * Revision 1.3 1998/06/30 18:05:16 rgb | |
1555 | + * Comment out references to htonq. | |
1556 | + * | |
1557 | + * Revision 1.2 1998/06/25 19:33:46 rgb | |
1558 | + * Add prototype for protocol receive function. | |
1559 | + * Rearrange for more logical layout. | |
1560 | + * | |
1561 | + * Revision 1.1 1998/06/18 21:27:43 henry | |
1562 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
1563 | + * kernel-build scripts happier in the presence of symlinks | |
1564 | + * | |
1565 | + * Revision 1.4 1998/05/18 22:28:43 rgb | |
1566 | + * Disable key printing facilities from /proc/net/ipsec_*. | |
1567 | + * | |
1568 | + * Revision 1.3 1998/04/21 21:29:07 rgb | |
1569 | + * Rearrange debug switches to change on the fly debug output from user | |
1570 | + * space. Only kernel changes checked in at this time. radij.c was also | |
1571 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
1572 | + * an OOPS and hence, netlink device open errors. | |
1573 | + * | |
1574 | + * Revision 1.2 1998/04/12 22:03:17 rgb | |
1575 | + * Updated ESP-3DES-HMAC-MD5-96, | |
1576 | + * ESP-DES-HMAC-MD5-96, | |
1577 | + * AH-HMAC-MD5-96, | |
1578 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
1579 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
1580 | + * | |
1581 | + * Fixed eroute references in /proc/net/ipsec*. | |
1582 | + * | |
1583 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
1584 | + * radij tree unloading. | |
1585 | + * | |
1586 | + * Revision 1.1 1998/04/09 03:05:55 henry | |
1587 | + * sources moved up from linux/net/ipsec | |
1588 | + * | |
1589 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
1590 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
1591 | + * | |
1592 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
1593 | + * Added definitions for new AH transforms. | |
1594 | + * | |
1595 | + * Revision 0.3 1996/11/20 14:35:48 ji | |
1596 | + * Minor Cleanup. | |
1597 | + * Rationalized debugging code. | |
1598 | + * | |
1599 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
1600 | + * First limited release. | |
1601 | + * | |
1602 | + * | |
1603 | + */ | |
1604 | diff -druN linux-noipsec/net/ipsec/ipsec_encap.h linux/net/ipsec/ipsec_encap.h | |
1605 | --- linux-noipsec/net/ipsec/ipsec_encap.h Thu Jan 1 01:00:00 1970 | |
1606 | +++ linux/net/ipsec/ipsec_encap.h Fri Sep 8 21:12:56 2000 | |
1607 | @@ -0,0 +1,168 @@ | |
1608 | +/* | |
1609 | + * declarations relevant to encapsulation-like operations | |
1610 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
1611 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
1612 | + * | |
1613 | + * This program is free software; you can redistribute it and/or modify it | |
1614 | + * under the terms of the GNU General Public License as published by the | |
1615 | + * Free Software Foundation; either version 2 of the License, or (at your | |
1616 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
1617 | + * | |
1618 | + * This program is distributed in the hope that it will be useful, but | |
1619 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
1620 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
1621 | + * for more details. | |
1622 | + * | |
1623 | + * RCSID $Id$ | |
1624 | + */ | |
1625 | + | |
1626 | +#define SENT_IP4 0x0008 /* data is two struct in_addr */ | |
1627 | + | |
1628 | +#define SEN_HDRLEN (2*sizeof(__u8)+sizeof(__u16)) | |
1629 | + | |
1630 | +#define SEN_IP4_SRCOFF (0) | |
1631 | +#define SEN_IP4_DSTOFF (sizeof (struct in_addr)) | |
1632 | +#define SEN_IP4_OPTOFF (2 * sizeof (struct in_addr)) | |
1633 | + | |
1634 | +#define SEN_IP4_LEN (SENT_HDRLEN + SENT_IP4_OPTOFF) | |
1635 | + | |
1636 | +#ifdef CONFIG_IPSEC_DEBUG | |
1637 | +#define DB_ER_PROCFS 0x0001 | |
1638 | +#define DB_SP_PROCFS 0x0001 | |
1639 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1640 | + | |
1641 | +struct sockaddr_encap | |
1642 | +{ | |
1643 | + __u8 sen_len; /* length */ | |
1644 | + __u8 sen_family; /* AF_ENCAP */ | |
1645 | + __u16 sen_type; /* see SENT_* */ | |
1646 | + union | |
1647 | + { | |
1648 | + struct /* SENT_IP4 */ | |
1649 | + { | |
1650 | + struct in_addr Src; | |
1651 | + struct in_addr Dst; | |
1652 | + } Sip4; | |
1653 | + } Sen; | |
1654 | +}; | |
1655 | + | |
1656 | +#define sen_ip_src Sen.Sip4.Src | |
1657 | +#define sen_ip_dst Sen.Sip4.Dst | |
1658 | + | |
1659 | +#ifndef AF_ENCAP | |
1660 | +#define AF_ENCAP 26 | |
1661 | +#endif /* AF_ENCAP */ | |
1662 | + | |
1663 | +/* | |
1664 | + * The "type" is really part of the address as far as the routing | |
1665 | + * system is concerned. By using only one bit in the type field | |
1666 | + * for each type, we sort-of make sure that different types of | |
1667 | + * encapsulation addresses won't be matched against the wrong type. | |
1668 | + */ | |
1669 | + | |
1670 | +#ifdef __KERNEL__ | |
1671 | +/* | |
1672 | + * An entry in the radix tree | |
1673 | + */ | |
1674 | + | |
1675 | +struct rjtentry | |
1676 | +{ | |
1677 | + struct radij_node rd_nodes[2]; /* tree glue, and other values */ | |
1678 | +#define rd_key(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_key)) | |
1679 | +#define rd_mask(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_mask)) | |
1680 | + short rd_flags; | |
1681 | + short rd_count; | |
1682 | +}; | |
1683 | + | |
1684 | +/* | |
1685 | + * An encapsulation route consists of a pointer to a | |
1686 | + * radix tree entry and a SAID (a destination_address/SPI/protocol triple). | |
1687 | + */ | |
1688 | + | |
1689 | +struct | |
1690 | +eroute | |
1691 | +{ | |
1692 | + struct rjtentry er_rjt; | |
1693 | + struct sa_id er_said; | |
1694 | + struct sockaddr_encap er_eaddr; | |
1695 | + struct sockaddr_encap er_emask; | |
1696 | +}; | |
1697 | + | |
1698 | +#define er_dst er_said.dst | |
1699 | +#define er_spi er_said.spi | |
1700 | +#define er_proto er_said.proto | |
1701 | +#ifdef CONFIG_IPSEC_DEBUG | |
1702 | +extern int debug_eroute; | |
1703 | +extern int debug_spi; | |
1704 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1705 | + | |
1706 | +#ifdef NETDEV_23 | |
1707 | +#define device net_device | |
1708 | +#define ipsec_dev_get __dev_get_by_name | |
1709 | +#else | |
1710 | +#define ipsec_dev_get dev_get | |
1711 | +#endif /* NETDEV_23 */ | |
1712 | +#endif /* __KERNEL__ */ | |
1713 | + | |
1714 | +/* | |
1715 | + * $Log$ | |
1716 | + * Revision 1.11 2000/09/08 19:12:56 rgb | |
1717 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
1718 | + * | |
1719 | + * Revision 1.10 2000/03/22 16:15:36 rgb | |
1720 | + * Fixed renaming of dev_get (MB). | |
1721 | + * | |
1722 | + * Revision 1.9 2000/01/21 06:13:26 rgb | |
1723 | + * Added a macro for AF_ENCAP | |
1724 | + * | |
1725 | + * Revision 1.8 1999/12/31 14:56:55 rgb | |
1726 | + * MB fix for 2.3 dev-use-count. | |
1727 | + * | |
1728 | + * Revision 1.7 1999/11/18 04:09:18 rgb | |
1729 | + * Replaced all kernel version macros to shorter, readable form. | |
1730 | + * | |
1731 | + * Revision 1.6 1999/09/24 00:34:13 rgb | |
1732 | + * Add Marc Boucher's support for 2.3.xx+. | |
1733 | + * | |
1734 | + * Revision 1.5 1999/04/11 00:28:57 henry | |
1735 | + * GPL boilerplate | |
1736 | + * | |
1737 | + * Revision 1.4 1999/04/06 04:54:25 rgb | |
1738 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
1739 | + * patch shell fixes. | |
1740 | + * | |
1741 | + * Revision 1.3 1998/10/19 14:44:28 rgb | |
1742 | + * Added inclusion of freeswan.h. | |
1743 | + * sa_id structure implemented and used: now includes protocol. | |
1744 | + * | |
1745 | + * Revision 1.2 1998/07/14 18:19:33 rgb | |
1746 | + * Added #ifdef __KERNEL__ directives to restrict scope of header. | |
1747 | + * | |
1748 | + * Revision 1.1 1998/06/18 21:27:44 henry | |
1749 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
1750 | + * kernel-build scripts happier in the presence of symlinks | |
1751 | + * | |
1752 | + * Revision 1.2 1998/04/21 21:29:10 rgb | |
1753 | + * Rearrange debug switches to change on the fly debug output from user | |
1754 | + * space. Only kernel changes checked in at this time. radij.c was also | |
1755 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
1756 | + * an OOPS and hence, netlink device open errors. | |
1757 | + * | |
1758 | + * Revision 1.1 1998/04/09 03:05:58 henry | |
1759 | + * sources moved up from linux/net/ipsec | |
1760 | + * | |
1761 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
1762 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
1763 | + * | |
1764 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
1765 | + * Minor cosmetic changes. | |
1766 | + * | |
1767 | + * Revision 0.3 1996/11/20 14:35:48 ji | |
1768 | + * Minor Cleanup. | |
1769 | + * Rationalized debugging code. | |
1770 | + * | |
1771 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
1772 | + * First limited release. | |
1773 | + * | |
1774 | + * | |
1775 | + */ | |
1776 | diff -druN linux-noipsec/net/ipsec/ipsec_esp.h linux/net/ipsec/ipsec_esp.h | |
1777 | --- linux-noipsec/net/ipsec/ipsec_esp.h Thu Jan 1 01:00:00 1970 | |
1778 | +++ linux/net/ipsec/ipsec_esp.h Fri Sep 8 21:12:56 2000 | |
1779 | @@ -0,0 +1,257 @@ | |
1780 | +/* | |
1781 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
1782 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
1783 | + * | |
1784 | + * This program is free software; you can redistribute it and/or modify it | |
1785 | + * under the terms of the GNU General Public License as published by the | |
1786 | + * Free Software Foundation; either version 2 of the License, or (at your | |
1787 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
1788 | + * | |
1789 | + * This program is distributed in the hope that it will be useful, but | |
1790 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
1791 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
1792 | + * for more details. | |
1793 | + * | |
1794 | + * RCSID $Id$ | |
1795 | + */ | |
1796 | + | |
1797 | +#include "ipsec_md5h.h" | |
1798 | +#include "ipsec_sha1.h" | |
1799 | + | |
1800 | +#ifndef IPPROTO_ESP | |
1801 | +#define IPPROTO_ESP 50 | |
1802 | +#endif /* IPPROTO_ESP */ | |
1803 | + | |
1804 | +#define EMT_ESPDESCBC_ULEN 20 /* coming from user mode */ | |
1805 | +#define EMT_ESPDES_KMAX 64 /* 512 bit secret key enough? */ | |
1806 | +#define EMT_ESPDES_KEY_SZ 8 /* 56 bit secret key with parity = 64 bits */ | |
1807 | +#define EMT_ESP3DES_KEY_SZ 24 /* 168 bit secret key with parity = 192 bits */ | |
1808 | +#define EMT_ESPDES_IV_SZ 8 /* IV size */ | |
1809 | +#define ESP_DESCBC_BLKLEN 8 /* DES-CBC block size */ | |
1810 | + | |
1811 | +#define DB_ES_PKTRX 0x0001 | |
1812 | +#define DB_ES_PKTRX2 0x0002 | |
1813 | +#define DB_ES_TDB 0x0010 | |
1814 | +#define DB_ES_XF 0x0020 | |
1815 | +#define DB_ES_IPAD 0x0040 | |
1816 | +#define DB_ES_INAU 0x0080 | |
1817 | +#define DB_ES_OINFO 0x0100 | |
1818 | +#define DB_ES_OINFO2 0x0200 | |
1819 | +#define DB_ES_OH 0x0400 | |
1820 | +#define DB_ES_REPLAY 0x0800 | |
1821 | + | |
1822 | +struct espblkrply_edata | |
1823 | +{ | |
1824 | + __u16 eme_klen; /* encryption key length */ | |
1825 | + __u16 ame_klen; /* authentication key length */ | |
1826 | + __u16 eme_flags; /* see below */ | |
1827 | + __u16 eme_ooowin; /* out-of-order window size */ | |
1828 | +#if 1 | |
1829 | + __u16 eme_ivlen; /* IV length */ | |
1830 | + __u16 filler; | |
1831 | + union | |
1832 | + { | |
1833 | + __u8 Iv[8]; /* that's enough space */ | |
1834 | + __u32 Ivl[2]; | |
1835 | + __u64 Ivq; | |
1836 | + }Iu; | |
1837 | +#define eme_iv Iu.Iv | |
1838 | +#define eme_ivl Iu.Ivl | |
1839 | +#define eme_ivq Iu.Ivq | |
1840 | +#endif | |
1841 | + __u8 eme_key[EMT_ESPDES_KMAX]; /* the encryption raw key */ | |
1842 | + __u8 ame_key[AH_AMAX]; /* the authentication raw key */ | |
1843 | +}; | |
1844 | + | |
1845 | +#ifdef __KERNEL__ | |
1846 | +struct esp3desmd5_xdata | |
1847 | +{ | |
1848 | + __u8 edmx_flags; /* same as before */ | |
1849 | + __u8 edmx_ooowin; /* out-of-order window size */ | |
1850 | + __u16 edmx_ivlen; /* IV length */ | |
1851 | + __u32 edmx_bitmap; /* this&next should be 4 bytes each */ | |
1852 | + __u32 edmx_lastseq; /* in host order */ | |
1853 | + __u32 edmx_eks1[16][2]; /* the first key schedule */ | |
1854 | + __u32 edmx_eks2[16][2]; /* the second key schedule */ | |
1855 | + __u32 edmx_eks3[16][2]; /* the third key schedule */ | |
1856 | + __u32 edmx_iv[2]; /* constant IV */ | |
1857 | + MD5_CTX edmx_ictx; /* derived from HMAC_key */ | |
1858 | + MD5_CTX edmx_octx; /* ditto */ | |
1859 | +}; | |
1860 | + | |
1861 | +struct espnullmd5_xdata | |
1862 | +{ | |
1863 | + __u8 edmx_flags; /* same as before */ | |
1864 | + __u8 edmx_ooowin; /* out-of-order window size */ | |
1865 | + __u32 edmx_bitmap; /* this&next should be 4 bytes each */ | |
1866 | + __u32 edmx_lastseq; /* in host order */ | |
1867 | + MD5_CTX edmx_ictx; /* derived from HMAC_key */ | |
1868 | + MD5_CTX edmx_octx; /* ditto */ | |
1869 | +}; | |
1870 | + | |
1871 | +struct esp3dessha1_xdata | |
1872 | +{ | |
1873 | + __u8 edmx_flags; /* same as before */ | |
1874 | + __u8 edmx_ooowin; /* out-of-order window size */ | |
1875 | + __u16 edmx_ivlen; /* IV length */ | |
1876 | + __u32 edmx_bitmap; /* this&next should be 4 bytes each */ | |
1877 | + __u32 edmx_lastseq; /* in host order */ | |
1878 | + __u32 edmx_eks1[16][2]; /* the first key schedule */ | |
1879 | + __u32 edmx_eks2[16][2]; /* the second key schedule */ | |
1880 | + __u32 edmx_eks3[16][2]; /* the third key schedule */ | |
1881 | + __u32 edmx_iv[2]; /* constant IV */ | |
1882 | + SHA1_CTX edmx_ictx; /* derived from HMAC_key */ | |
1883 | + SHA1_CTX edmx_octx; /* ditto */ | |
1884 | +}; | |
1885 | + | |
1886 | +struct espnullsha1_xdata | |
1887 | +{ | |
1888 | + __u8 edmx_flags; /* same as before */ | |
1889 | + __u8 edmx_ooowin; /* out-of-order window size */ | |
1890 | + __u32 edmx_bitmap; /* this&next should be 4 bytes each */ | |
1891 | + __u32 edmx_lastseq; /* in host order */ | |
1892 | + SHA1_CTX edmx_ictx; /* derived from HMAC_key */ | |
1893 | + SHA1_CTX edmx_octx; /* ditto */ | |
1894 | +}; | |
1895 | + | |
1896 | +struct esp3des_xdata | |
1897 | +{ | |
1898 | + __u8 edmx_flags; /* same as before */ | |
1899 | + __u8 edmx_ooowin; /* out-of-order window size */ | |
1900 | + __u16 edmx_ivlen; /* IV length */ | |
1901 | + __u32 edmx_bitmap; /* this&next should be 4 bytes each */ | |
1902 | + __u32 edmx_lastseq; /* in host order */ | |
1903 | + __u32 edmx_eks1[16][2]; /* the first key schedule */ | |
1904 | + __u32 edmx_eks2[16][2]; /* the second key schedule */ | |
1905 | + __u32 edmx_eks3[16][2]; /* the third key schedule */ | |
1906 | + __u32 edmx_iv[2]; /* constant IV */ | |
1907 | +}; | |
1908 | + | |
1909 | +struct des_eks { | |
1910 | + __u32 eks[16][2]; /* the key schedule */ | |
1911 | +}; | |
1912 | + | |
1913 | +extern struct inet_protocol esp_protocol; | |
1914 | + | |
1915 | +struct options; | |
1916 | + | |
1917 | +extern int | |
1918 | +esp_rcv(struct sk_buff *skb, | |
1919 | + struct device *dev, | |
1920 | + struct options *opt, | |
1921 | + __u32 daddr, | |
1922 | + unsigned short len, | |
1923 | + __u32 saddr, | |
1924 | + int redo, | |
1925 | + struct inet_protocol *protocol); | |
1926 | + | |
1927 | +struct esp | |
1928 | +{ | |
1929 | + __u32 esp_spi; /* Security Parameters Index */ | |
1930 | + __u32 esp_rpl; /* Replay counter */ | |
1931 | + __u8 esp_iv[8]; /* iv */ | |
1932 | +}; | |
1933 | + | |
1934 | +#ifdef CONFIG_IPSEC_DEBUG | |
1935 | +extern int debug_esp; | |
1936 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1937 | +#endif /* __KERNEL__ */ | |
1938 | + | |
1939 | +#ifdef CONFIG_IPSEC_DEBUG | |
1940 | +#define ESPPRINTKEYS_ | |
1941 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
1942 | + | |
1943 | +/* | |
1944 | + * $Log$ | |
1945 | + * Revision 1.13 2000/09/08 19:12:56 rgb | |
1946 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
1947 | + * | |
1948 | + * Revision 1.12 2000/08/01 14:51:50 rgb | |
1949 | + * Removed _all_ remaining traces of DES. | |
1950 | + * | |
1951 | + * Revision 1.11 2000/01/10 16:36:20 rgb | |
1952 | + * Ditch last of EME option flags, including initiator. | |
1953 | + * | |
1954 | + * Revision 1.10 1999/12/07 18:16:22 rgb | |
1955 | + * Fixed comments at end of #endif lines. | |
1956 | + * | |
1957 | + * Revision 1.9 1999/04/11 00:28:57 henry | |
1958 | + * GPL boilerplate | |
1959 | + * | |
1960 | + * Revision 1.8 1999/04/06 04:54:25 rgb | |
1961 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
1962 | + * patch shell fixes. | |
1963 | + * | |
1964 | + * Revision 1.7 1999/01/26 02:06:00 rgb | |
1965 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
1966 | + * | |
1967 | + * Revision 1.6 1999/01/22 15:22:05 rgb | |
1968 | + * Re-enable IV in the espblkrply_edata structure to avoid breaking pluto | |
1969 | + * until pluto can be fixed properly. | |
1970 | + * | |
1971 | + * Revision 1.5 1999/01/22 06:18:16 rgb | |
1972 | + * Updated macro comments. | |
1973 | + * Added key schedule types to support algorithm switch code. | |
1974 | + * | |
1975 | + * Revision 1.4 1998/08/12 00:07:32 rgb | |
1976 | + * Added data structures for new xforms: null, {,3}dessha1. | |
1977 | + * | |
1978 | + * Revision 1.3 1998/07/14 15:57:01 rgb | |
1979 | + * Add #ifdef __KERNEL__ to protect kernel-only structures. | |
1980 | + * | |
1981 | + * Revision 1.2 1998/06/25 19:33:46 rgb | |
1982 | + * Add prototype for protocol receive function. | |
1983 | + * Rearrange for more logical layout. | |
1984 | + * | |
1985 | + * Revision 1.1 1998/06/18 21:27:45 henry | |
1986 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
1987 | + * kernel-build scripts happier in the presence of symlinks | |
1988 | + * | |
1989 | + * Revision 1.6 1998/06/05 02:28:08 rgb | |
1990 | + * Minor comment fix. | |
1991 | + * | |
1992 | + * Revision 1.5 1998/05/27 22:34:00 rgb | |
1993 | + * Changed structures to accomodate key separation. | |
1994 | + * | |
1995 | + * Revision 1.4 1998/05/18 22:28:43 rgb | |
1996 | + * Disable key printing facilities from /proc/net/ipsec_*. | |
1997 | + * | |
1998 | + * Revision 1.3 1998/04/21 21:29:07 rgb | |
1999 | + * Rearrange debug switches to change on the fly debug output from user | |
2000 | + * space. Only kernel changes checked in at this time. radij.c was also | |
2001 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
2002 | + * an OOPS and hence, netlink device open errors. | |
2003 | + * | |
2004 | + * Revision 1.2 1998/04/12 22:03:20 rgb | |
2005 | + * Updated ESP-3DES-HMAC-MD5-96, | |
2006 | + * ESP-DES-HMAC-MD5-96, | |
2007 | + * AH-HMAC-MD5-96, | |
2008 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
2009 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
2010 | + * | |
2011 | + * Fixed eroute references in /proc/net/ipsec*. | |
2012 | + * | |
2013 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
2014 | + * radij tree unloading. | |
2015 | + * | |
2016 | + * Revision 1.1 1998/04/09 03:06:00 henry | |
2017 | + * sources moved up from linux/net/ipsec | |
2018 | + * | |
2019 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
2020 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
2021 | + * | |
2022 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
2023 | + * Added ESP-3DES-MD5-96 transform. | |
2024 | + * | |
2025 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
2026 | + * Added definitions for new ESP transforms. | |
2027 | + * | |
2028 | + * Revision 0.3 1996/11/20 14:35:48 ji | |
2029 | + * Minor Cleanup. | |
2030 | + * Rationalized debugging code. | |
2031 | + * | |
2032 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
2033 | + * First limited release. | |
2034 | + * | |
2035 | + * | |
2036 | + */ | |
2037 | diff -druN linux-noipsec/net/ipsec/ipsec_init.c linux/net/ipsec/ipsec_init.c | |
2038 | --- linux-noipsec/net/ipsec/ipsec_init.c Thu Jan 1 01:00:00 1970 | |
2039 | +++ linux/net/ipsec/ipsec_init.c Wed Nov 29 21:14:06 2000 | |
2040 | @@ -0,0 +1,1149 @@ | |
2041 | +/* | |
2042 | + * Initialization code, and /proc file system interface code. | |
2043 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
2044 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
2045 | + * | |
2046 | + * This program is free software; you can redistribute it and/or modify it | |
2047 | + * under the terms of the GNU General Public License as published by the | |
2048 | + * Free Software Foundation; either version 2 of the License, or (at your | |
2049 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
2050 | + * | |
2051 | + * This program is distributed in the hope that it will be useful, but | |
2052 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
2053 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
2054 | + * for more details. | |
2055 | + */ | |
2056 | + | |
2057 | +char ipsec_init_c_version[] = "RCSID $Id$"; | |
2058 | + | |
2059 | +#include <linux/config.h> | |
2060 | +#include <linux/version.h> | |
2061 | + | |
2062 | +#include <linux/module.h> | |
2063 | +#include <linux/kernel.h> /* printk() */ | |
2064 | +#include <linux/malloc.h> /* kmalloc() */ | |
2065 | +#include <linux/errno.h> /* error codes */ | |
2066 | +#include <linux/types.h> /* size_t */ | |
2067 | +#include <linux/interrupt.h> /* mark_bh */ | |
2068 | + | |
2069 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
2070 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
2071 | +#include <linux/ip.h> /* struct iphdr */ | |
2072 | +#include <linux/in.h> /* struct sockaddr_in */ | |
2073 | +#include <linux/skbuff.h> | |
2074 | +#include <freeswan.h> | |
2075 | +#ifdef SPINLOCK | |
2076 | +#ifdef SPINLOCK_23 | |
2077 | +#include <linux/spinlock.h> /* *lock* */ | |
2078 | +#else /* SPINLOCK_23 */ | |
2079 | +#include <asm/spinlock.h> /* *lock* */ | |
2080 | +#endif /* SPINLOCK_23 */ | |
2081 | +#endif /* SPINLOCK */ | |
2082 | +#ifdef NET_21 | |
2083 | +#include <asm/uaccess.h> | |
2084 | +#include <linux/in6.h> | |
2085 | +#endif /* NET_21 */ | |
2086 | +#include <asm/checksum.h> | |
2087 | +#include <net/ip.h> | |
2088 | +#ifdef CONFIG_PROC_FS | |
2089 | +#include <linux/proc_fs.h> | |
2090 | +#endif /* CONFIG_PROC_FS */ | |
2091 | +#ifdef NETLINK_SOCK | |
2092 | +#include <linux/netlink.h> | |
2093 | +#else | |
2094 | +#include <net/netlink.h> | |
2095 | +#endif | |
2096 | + | |
2097 | +#include "radij.h" | |
2098 | +#include "ipsec_encap.h" | |
2099 | +#include "ipsec_radij.h" | |
2100 | +#include "ipsec_netlink.h" | |
2101 | +#include "ipsec_xform.h" | |
2102 | +#include "ipsec_tunnel.h" | |
2103 | + | |
2104 | +#include "version.c" | |
2105 | + | |
2106 | +#include "ipsec_rcv.h" | |
2107 | +#include "ipsec_ah.h" | |
2108 | +#include "ipsec_esp.h" | |
2109 | + | |
2110 | +#ifdef CONFIG_IPSEC_IPCOMP | |
2111 | +#include "ipcomp.h" | |
2112 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
2113 | + | |
2114 | +#include <pfkeyv2.h> | |
2115 | +#include <pfkey.h> | |
2116 | + | |
2117 | +extern char *radij_c_version; | |
2118 | + | |
2119 | +#ifdef CONFIG_IPSEC_DEBUG | |
2120 | +int debug_eroute = 0; | |
2121 | +int debug_spi = 0; | |
2122 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
2123 | + | |
2124 | +#ifdef CONFIG_PROC_FS | |
2125 | +#ifndef PROC_FS_2325 | |
2126 | +DEBUG_NO_STATIC | |
2127 | +#endif /* PROC_FS_2325 */ | |
2128 | +int | |
2129 | +ipsec_eroute_get_info(char *buffer, char **start, off_t offset, int length | |
2130 | +#ifndef PROC_NO_DUMMY | |
2131 | +, int dummy | |
2132 | +#endif /* !PROC_NO_DUMMY */ | |
2133 | +) | |
2134 | +{ | |
2135 | + struct wsbuf w = {buffer, length, offset, 0, 0, 0, 0}; | |
2136 | + | |
2137 | +#ifdef CONFIG_IPSEC_DEBUG | |
2138 | + if (debug_radij & DB_RJ_DUMPTREES) | |
2139 | + rj_dumptrees(); /* XXXXXXXXX */ | |
2140 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
2141 | + | |
2142 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2143 | + "klips_debug:ipsec_eroute_get_info: buffer=0x%p," | |
2144 | + " *start=0x%x, offset=%d, length=%d\n", | |
2145 | + buffer, (u_int)*start, (int)offset, length); | |
2146 | + | |
2147 | + spin_lock_bh(&eroute_lock); | |
2148 | + | |
2149 | + rj_walktree(rnh, ipsec_rj_walker_procprint, &w); | |
2150 | +/* rj_walktree(mask_rjhead, ipsec_rj_walker_procprint, &w); */ | |
2151 | + | |
2152 | + spin_unlock_bh(&eroute_lock); | |
2153 | + | |
2154 | + *start = buffer + (offset - w.begin); /* Start of wanted data */ | |
2155 | + w.len -= (offset - w.begin); /* Start slop */ | |
2156 | + if (w.len > length) | |
2157 | + w.len = length; | |
2158 | + return w.len; | |
2159 | +} | |
2160 | + | |
2161 | +#ifndef PROC_FS_2325 | |
2162 | +DEBUG_NO_STATIC | |
2163 | +#endif /* PROC_FS_2325 */ | |
2164 | +int | |
2165 | +ipsec_spi_get_info(char *buffer, char **start, off_t offset, int length | |
2166 | +#ifndef PROC_NO_DUMMY | |
2167 | +, int dummy | |
2168 | +#endif /* !PROC_NO_DUMMY */ | |
2169 | +) | |
2170 | +{ | |
2171 | + int len = 0; | |
2172 | + off_t pos = 0, begin = 0; | |
2173 | + int i; | |
2174 | + struct tdb *tdbp; | |
2175 | + char sa[SATOA_BUF]; | |
2176 | + char buf_s[ADDRTOA_BUF]; | |
2177 | +#if 0 | |
2178 | + char buf_d[ADDRTOA_BUF]; | |
2179 | +#endif | |
2180 | + size_t sa_len; | |
2181 | + | |
2182 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2183 | + "klips_debug:ipsec_spi_get_info: buffer=0x%p," | |
2184 | + "*start=0x%x, offset=%d, length=%d\n", | |
2185 | + buffer, (u_int)*start, (int)offset, length); | |
2186 | + | |
2187 | + spin_lock_bh(&tdb_lock); | |
2188 | + | |
2189 | + for (i = 0; i < TDB_HASHMOD; i++) { | |
2190 | + for (tdbp = tdbh[i]; tdbp; tdbp = tdbp->tdb_hnext) { | |
2191 | + sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
2192 | + len += sprintf(buffer + len, "%s ", sa); | |
2193 | + len += sprintf(buffer + len, "%s%s%s", TDB_XFORM_NAME(tdbp)); | |
2194 | + len += sprintf(buffer + len, ": dir=%s", | |
2195 | + (tdbp->tdb_flags & EMT_INBOUND) ? | |
2196 | + "in " : "out"); | |
2197 | +#if 0 | |
2198 | + if((tdbp->tdb_said.proto == IPPROTO_IPIP) && tdbp->tdb_addr_s && tdbp->tdb_addr_d) { | |
2199 | + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr, | |
2200 | + 0, buf_s, sizeof(buf_s)); | |
2201 | + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr, | |
2202 | + 0, buf_d, sizeof(buf_d)); | |
2203 | + len += sprintf(buffer + len, " %s -> %s", | |
2204 | + buf_s, buf_d); | |
2205 | + } | |
2206 | +#else | |
2207 | + if(tdbp->tdb_addr_s) { | |
2208 | + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr, | |
2209 | + 0, buf_s, sizeof(buf_s)); | |
2210 | + len += sprintf(buffer + len, " src=%s", | |
2211 | + buf_s); | |
2212 | + } | |
2213 | +#endif | |
2214 | + | |
2215 | + if(tdbp->tdb_iv_bits) { | |
2216 | + int j; | |
2217 | + len += sprintf(buffer + len, " iv_bits=%dbits iv=0x", | |
2218 | + tdbp->tdb_iv_bits); | |
2219 | + for(j = 0; j < tdbp->tdb_iv_bits / 8; j++) { | |
2220 | + len += sprintf(buffer + len, "%02x", | |
2221 | + (__u32)((__u8*)(tdbp->tdb_iv))[j]); | |
2222 | + } | |
2223 | + } | |
2224 | + if(tdbp->tdb_encalg || tdbp->tdb_authalg) { | |
2225 | + if(tdbp->tdb_replaywin) { | |
2226 | + len += sprintf(buffer + len, " ooowin=%d", | |
2227 | + tdbp->tdb_replaywin); | |
2228 | + } | |
2229 | + if(tdbp->tdb_replaywin_errs) { | |
2230 | + len += sprintf(buffer + len, " ooo_errs=%d", | |
2231 | + tdbp->tdb_replaywin_errs); | |
2232 | + } | |
2233 | + if(tdbp->tdb_replaywin_lastseq) { | |
2234 | + len += sprintf(buffer + len, " seq=%d", | |
2235 | + tdbp->tdb_replaywin_lastseq); | |
2236 | + } | |
2237 | + if(tdbp->tdb_replaywin_bitmap) { | |
2238 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
2239 | + len += sprintf(buffer + len, " bit=0x%Lx", | |
2240 | + tdbp->tdb_replaywin_bitmap); | |
2241 | +#else | |
2242 | + len += sprintf(buffer + len, " bit=0x%x%08x", | |
2243 | + (__u32)(tdbp->tdb_replaywin_bitmap >> 32), | |
2244 | + (__u32)tdbp->tdb_replaywin_bitmap); | |
2245 | +#endif | |
2246 | + } | |
2247 | + if(tdbp->tdb_replaywin_maxdiff) { | |
2248 | + len += sprintf(buffer + len, " max_seq_diff=%d", | |
2249 | + tdbp->tdb_replaywin_maxdiff); | |
2250 | + } | |
2251 | + } | |
2252 | + if(tdbp->tdb_flags & ~EMT_INBOUND) { | |
2253 | + len += sprintf(buffer + len, " flags=0x%x", | |
2254 | + tdbp->tdb_flags & ~EMT_INBOUND); | |
2255 | + len += sprintf(buffer + len, "<"); | |
2256 | + /* flag printing goes here */ | |
2257 | + len += sprintf(buffer + len, ">"); | |
2258 | + } | |
2259 | + if(tdbp->tdb_auth_bits) { | |
2260 | + len += sprintf(buffer + len, " alen=%d", | |
2261 | + tdbp->tdb_auth_bits); | |
2262 | + } | |
2263 | + if(tdbp->tdb_key_bits_a) { | |
2264 | + len += sprintf(buffer + len, " aklen=%d", | |
2265 | + tdbp->tdb_key_bits_a); | |
2266 | + } | |
2267 | + if(tdbp->tdb_auth_errs) { | |
2268 | + len += sprintf(buffer + len, " auth_errs=%d", | |
2269 | + tdbp->tdb_auth_errs); | |
2270 | + } | |
2271 | + if(tdbp->tdb_key_bits_e) { | |
2272 | + len += sprintf(buffer + len, " eklen=%d", | |
2273 | + tdbp->tdb_key_bits_e); | |
2274 | + } | |
2275 | + if(tdbp->tdb_encsize_errs) { | |
2276 | + len += sprintf(buffer + len, " encr_size_errs=%d", | |
2277 | + tdbp->tdb_encsize_errs); | |
2278 | + } | |
2279 | + if(tdbp->tdb_encpad_errs) { | |
2280 | + len += sprintf(buffer + len, " encr_pad_errs=%d", | |
2281 | + tdbp->tdb_encpad_errs); | |
2282 | + } | |
2283 | + | |
2284 | + len += sprintf(buffer + len, " life(c,s,h)="); | |
2285 | + if(tdbp->tdb_lifetime_allocations_c > 1 || | |
2286 | + tdbp->tdb_lifetime_allocations_s || | |
2287 | + tdbp->tdb_lifetime_allocations_h) { | |
2288 | + len += sprintf(buffer + len, "alloc(%d,%d,%d)", | |
2289 | + (int)(jiffies - tdbp->tdb_lifetime_allocations_c), | |
2290 | + tdbp->tdb_lifetime_allocations_s, | |
2291 | + (int)tdbp->tdb_lifetime_allocations_h); | |
2292 | + } | |
2293 | + if(tdbp->tdb_lifetime_bytes_c || | |
2294 | + tdbp->tdb_lifetime_bytes_s || | |
2295 | + tdbp->tdb_lifetime_bytes_h) { | |
2296 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
2297 | + len += sprintf(buffer + len, "bytes(%Ld,%Ld,%Ld)", | |
2298 | + tdbp->tdb_lifetime_bytes_c, | |
2299 | + tdbp->tdb_lifetime_bytes_s, | |
2300 | + tdbp->tdb_lifetime_bytes_h); | |
2301 | +#else /* XXX high 32 bits are not displayed */ | |
2302 | + len += sprintf(buffer + len, "bytes(%lu,%lu,%lu)", | |
2303 | + (unsigned long)tdbp->tdb_lifetime_bytes_c, | |
2304 | + (unsigned long)tdbp->tdb_lifetime_bytes_s, | |
2305 | + (unsigned long)tdbp->tdb_lifetime_bytes_h); | |
2306 | +#endif | |
2307 | + | |
2308 | + } | |
2309 | + if(tdbp->tdb_lifetime_addtime_c || | |
2310 | + tdbp->tdb_lifetime_addtime_s || | |
2311 | + tdbp->tdb_lifetime_addtime_h) { | |
2312 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
2313 | + len += sprintf(buffer + len, "add(%Ld,%Ld,%Ld)", | |
2314 | + jiffies / HZ - tdbp->tdb_lifetime_addtime_c, | |
2315 | + tdbp->tdb_lifetime_addtime_s, | |
2316 | + tdbp->tdb_lifetime_addtime_h); | |
2317 | +#else | |
2318 | + len += sprintf(buffer + len, "add(%lu,%lu,%lu)", | |
2319 | + jiffies / HZ - (unsigned long)tdbp->tdb_lifetime_addtime_c, | |
2320 | + (unsigned long)tdbp->tdb_lifetime_addtime_s, | |
2321 | + (unsigned long)tdbp->tdb_lifetime_addtime_h); | |
2322 | +#endif | |
2323 | + } | |
2324 | + if(tdbp->tdb_lifetime_usetime_c || | |
2325 | + tdbp->tdb_lifetime_usetime_s || | |
2326 | + tdbp->tdb_lifetime_usetime_h) { | |
2327 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
2328 | + len += sprintf(buffer + len, "use(%Ld,%Ld,%Ld)", | |
2329 | + tdbp->tdb_lifetime_usetime_c ? | |
2330 | + jiffies / HZ - tdbp->tdb_lifetime_usetime_c : 0, | |
2331 | + tdbp->tdb_lifetime_usetime_s, | |
2332 | + tdbp->tdb_lifetime_usetime_h); | |
2333 | +#else | |
2334 | + len += sprintf(buffer + len, "use(%lu,%lu,%lu)", | |
2335 | + tdbp->tdb_lifetime_usetime_c ? | |
2336 | + jiffies / HZ - (unsigned long)tdbp->tdb_lifetime_usetime_c : 0, | |
2337 | + (unsigned long)tdbp->tdb_lifetime_usetime_s, | |
2338 | + (unsigned long)tdbp->tdb_lifetime_usetime_h); | |
2339 | +#endif | |
2340 | + } | |
2341 | + if(tdbp->tdb_lifetime_packets_c || | |
2342 | + tdbp->tdb_lifetime_packets_s || | |
2343 | + tdbp->tdb_lifetime_packets_h) { | |
2344 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
2345 | + len += sprintf(buffer + len, "packets(%Ld,%Ld,%Ld)", | |
2346 | + tdbp->tdb_lifetime_packets_c, | |
2347 | + tdbp->tdb_lifetime_packets_s, | |
2348 | + tdbp->tdb_lifetime_packets_h); | |
2349 | +#else | |
2350 | + len += sprintf(buffer + len, "packets(%lu,%lu,%lu)", | |
2351 | + (unsigned long)tdbp->tdb_lifetime_packets_c, | |
2352 | + (unsigned long)tdbp->tdb_lifetime_packets_s, | |
2353 | + (unsigned long)tdbp->tdb_lifetime_packets_h); | |
2354 | +#endif | |
2355 | + } | |
2356 | + | |
2357 | + if(tdbp->tdb_lifetime_usetime_c) { | |
2358 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
2359 | + len += sprintf(buffer + len, " idle=%Ld", | |
2360 | + jiffies / HZ - tdbp->tdb_lifetime_usetime_l); | |
2361 | +#else | |
2362 | + len += sprintf(buffer + len, " idle=%lu", | |
2363 | + jiffies / HZ - (unsigned long)tdbp->tdb_lifetime_usetime_l); | |
2364 | +#endif | |
2365 | + } | |
2366 | + | |
2367 | +#ifdef CONFIG_IPSEC_IPCOMP | |
2368 | + if(tdbp->tdb_said.proto == IPPROTO_COMP && | |
2369 | + (tdbp->tdb_comp_ratio_dbytes || | |
2370 | + tdbp->tdb_comp_ratio_cbytes)) { | |
2371 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
2372 | + len += sprintf(buffer + len, " ratio=%Ld:%Ld", | |
2373 | + tdbp->tdb_comp_ratio_dbytes, | |
2374 | + tdbp->tdb_comp_ratio_cbytes); | |
2375 | +#else | |
2376 | + len += sprintf(buffer + len, " ratio=%lu:%lu", | |
2377 | + (unsigned long)tdbp->tdb_comp_ratio_dbytes, | |
2378 | + (unsigned long)tdbp->tdb_comp_ratio_cbytes); | |
2379 | +#endif | |
2380 | + } | |
2381 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
2382 | + | |
2383 | + len += sprintf(buffer + len, "\n"); | |
2384 | + | |
2385 | + pos = begin + len; | |
2386 | + if(pos < offset) { | |
2387 | + len = 0; | |
2388 | + begin = pos; | |
2389 | + } | |
2390 | + if (pos > offset + length) { | |
2391 | + goto done_spi_i; | |
2392 | + } | |
2393 | + } | |
2394 | + } | |
2395 | + | |
2396 | + done_spi_i: | |
2397 | + spin_unlock_bh(&tdb_lock); | |
2398 | + | |
2399 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
2400 | + len -= (offset - begin); /* Start slop */ | |
2401 | + if (len > length) | |
2402 | + len = length; | |
2403 | + return len; | |
2404 | +} | |
2405 | + | |
2406 | +#ifndef PROC_FS_2325 | |
2407 | +DEBUG_NO_STATIC | |
2408 | +#endif /* PROC_FS_2325 */ | |
2409 | +int | |
2410 | +ipsec_spigrp_get_info(char *buffer, char **start, off_t offset, int length | |
2411 | +#ifndef PROC_NO_DUMMY | |
2412 | +, int dummy | |
2413 | +#endif /* !PROC_NO_DUMMY */ | |
2414 | +) | |
2415 | +{ | |
2416 | + int len = 0; | |
2417 | + off_t pos = 0, begin = 0; | |
2418 | + int i; | |
2419 | + struct tdb *tdbp, *tdbp2; | |
2420 | + char sa[SATOA_BUF]; | |
2421 | + size_t sa_len; | |
2422 | + | |
2423 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2424 | + "klips_debug:ipsec_spigrp_get_info: buffer=0x%p," | |
2425 | + " *start=0x%x, offset=%d, length=%d\n", | |
2426 | + buffer, (u_int)*start, (int)offset, length); | |
2427 | + | |
2428 | + spin_lock_bh(&tdb_lock); | |
2429 | + | |
2430 | + for (i = 0; i < TDB_HASHMOD; i++) { | |
2431 | + for (tdbp = tdbh[i]; tdbp; tdbp = tdbp->tdb_hnext) | |
2432 | + { | |
2433 | + if(!tdbp->tdb_inext) | |
2434 | + { | |
2435 | + tdbp2 = tdbp; | |
2436 | + while(tdbp2) { | |
2437 | + sa_len = satoa(tdbp2->tdb_said, 0, sa, SATOA_BUF); | |
2438 | + len += sprintf(buffer + len, "%s ", | |
2439 | + sa); | |
2440 | + tdbp2 = tdbp2->tdb_onext; | |
2441 | + } | |
2442 | + len += sprintf(buffer + len, "\n"); | |
2443 | + pos = begin + len; | |
2444 | + if(pos < offset) { | |
2445 | + len = 0; | |
2446 | + begin = pos; | |
2447 | + } | |
2448 | + if (pos > offset + length) { | |
2449 | + goto done_spigrp_i; | |
2450 | + } | |
2451 | + } | |
2452 | + } | |
2453 | + } | |
2454 | + | |
2455 | + done_spigrp_i: | |
2456 | + spin_unlock_bh(&tdb_lock); | |
2457 | + | |
2458 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
2459 | + len -= (offset - begin); /* Start slop */ | |
2460 | + if (len > length) | |
2461 | + len = length; | |
2462 | + return len; | |
2463 | +} | |
2464 | + | |
2465 | +#ifndef PROC_FS_2325 | |
2466 | +DEBUG_NO_STATIC | |
2467 | +#endif /* PROC_FS_2325 */ | |
2468 | +int | |
2469 | +ipsec_tncfg_get_info(char *buffer, char **start, off_t offset, int length | |
2470 | +#ifndef PROC_NO_DUMMY | |
2471 | +, int dummy | |
2472 | +#endif /* !PROC_NO_DUMMY */ | |
2473 | +) | |
2474 | +{ | |
2475 | + int len = 0; | |
2476 | + off_t pos = 0, begin = 0; | |
2477 | + int i; | |
2478 | + char name[9]; | |
2479 | + struct device *dev, *privdev; | |
2480 | + struct ipsecpriv *priv; | |
2481 | + | |
2482 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2483 | + "klips_debug:ipsec_tncfg_get_info: buffer=0x%p," | |
2484 | + "*start=0x%x, offset=%d, length=%d\n", | |
2485 | + buffer, (u_int)*start, (int)offset, length); | |
2486 | + | |
2487 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
2488 | + sprintf(name, "ipsec%d", i); | |
2489 | + dev = ipsec_dev_get(name); | |
2490 | + if(dev) { | |
2491 | + priv = (struct ipsecpriv *)(dev->priv); | |
2492 | + len += sprintf(buffer + len, "%s", | |
2493 | + dev->name); | |
2494 | + if(priv) { | |
2495 | + privdev = (struct device *)(priv->dev); | |
2496 | + len += sprintf(buffer + len, " -> %s", | |
2497 | + privdev ? privdev->name : "NULL"); | |
2498 | + len += sprintf(buffer + len, " mtu=%d -> %d", | |
2499 | + /* priv */ dev->mtu, privdev ? privdev->mtu : 0); | |
2500 | + } else { | |
2501 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2502 | + "klips_debug:ipsec_tncfg_get_info: device '%s' has no private data space!\n", | |
2503 | + dev->name); | |
2504 | + } | |
2505 | + len += sprintf(buffer + len, "\n"); | |
2506 | + | |
2507 | + pos = begin + len; | |
2508 | + if(pos < offset) { | |
2509 | + len = 0; | |
2510 | + begin = pos; | |
2511 | + } | |
2512 | + else if (pos > offset + length) { | |
2513 | + break; | |
2514 | + } | |
2515 | + } | |
2516 | + } | |
2517 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
2518 | + len -= (offset - begin); /* Start slop */ | |
2519 | + if (len > length) | |
2520 | + len = length; | |
2521 | + return len; | |
2522 | +} | |
2523 | + | |
2524 | +#ifndef PROC_FS_2325 | |
2525 | +DEBUG_NO_STATIC | |
2526 | +#endif /* PROC_FS_2325 */ | |
2527 | +int | |
2528 | +ipsec_version_get_info(char *buffer, char **start, off_t offset, int length | |
2529 | +#ifndef PROC_NO_DUMMY | |
2530 | +, int dummy | |
2531 | +#endif /* !PROC_NO_DUMMY */ | |
2532 | +) | |
2533 | +{ | |
2534 | + int len = 0; | |
2535 | + off_t begin = 0; | |
2536 | + | |
2537 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2538 | + "klips_debug:ipsec_version_get_info: " | |
2539 | + "buffer=0x%p, *start=0x%x, offset=%d, length=%d\n", | |
2540 | + buffer, (u_int)*start, (int)offset, length); | |
2541 | + | |
2542 | + len += sprintf(buffer + len, "FreeS/WAN version: %s\n", freeswan_version); | |
2543 | +#if 0 | |
2544 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2545 | + "klips_debug:ipsec_version_get_info: " | |
2546 | + "ipsec_init version: %s\n", | |
2547 | + ipsec_init_c_version); | |
2548 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2549 | + "klips_debug:ipsec_version_get_info: " | |
2550 | + "ipsec_tunnel version: %s\n", | |
2551 | + ipsec_tunnel_c_version); | |
2552 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2553 | + "klips_debug:ipsec_version_get_info: " | |
2554 | + "ipsec_netlink version: %s\n", | |
2555 | + ipsec_netlink_c_version); | |
2556 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2557 | + "klips_debug:ipsec_version_get_info: " | |
2558 | + "radij_c_version: %s\n", | |
2559 | + radij_c_version); | |
2560 | +#endif | |
2561 | + | |
2562 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
2563 | + len -= (offset - begin); /* Start slop */ | |
2564 | + if (len > length) | |
2565 | + len = length; | |
2566 | + return len; | |
2567 | +} | |
2568 | + | |
2569 | +#ifdef CONFIG_IPSEC_DEBUG | |
2570 | +#ifndef PROC_FS_2325 | |
2571 | +DEBUG_NO_STATIC | |
2572 | +#endif /* PROC_FS_2325 */ | |
2573 | +int | |
2574 | +ipsec_klipsdebug_get_info(char *buffer, char **start, off_t offset, int length | |
2575 | +#ifndef PROC_NO_DUMMY | |
2576 | +, int dummy | |
2577 | +#endif /* !PROC_NO_DUMMY */ | |
2578 | +) | |
2579 | +{ | |
2580 | + int len = 0; | |
2581 | + off_t begin = 0; | |
2582 | + | |
2583 | + KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, | |
2584 | + "klips_debug:ipsec_klipsdebug_get_info: buffer=0x%p," | |
2585 | + "*start=0x%x, offset=%d, length=%d\n", | |
2586 | + buffer, (u_int)*start, (int)offset, length); | |
2587 | + | |
2588 | + len += sprintf(buffer + len, "debug_tunnel=%08x.\n", debug_tunnel); | |
2589 | + len += sprintf(buffer + len, "debug_netlink=%08x.\n", debug_netlink); | |
2590 | + len += sprintf(buffer + len, "debug_xform=%08x.\n", debug_xform); | |
2591 | + len += sprintf(buffer + len, "debug_eroute=%08x.\n", debug_eroute); | |
2592 | + len += sprintf(buffer + len, "debug_spi=%08x.\n", debug_spi); | |
2593 | + len += sprintf(buffer + len, "debug_radij=%08x.\n", debug_radij); | |
2594 | + len += sprintf(buffer + len, "debug_esp=%08x.\n", debug_esp); | |
2595 | + len += sprintf(buffer + len, "debug_ah=%08x.\n", debug_ah); | |
2596 | + len += sprintf(buffer + len, "debug_rcv=%08x.\n", debug_rcv); | |
2597 | + len += sprintf(buffer + len, "debug_pfkey=%08x.\n", debug_pfkey); | |
2598 | + | |
2599 | + *start = buffer + (offset - begin); /* Start of wanted data */ | |
2600 | + len -= (offset - begin); /* Start slop */ | |
2601 | + if (len > length) | |
2602 | + len = length; | |
2603 | + return len; | |
2604 | +} | |
2605 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
2606 | + | |
2607 | +#ifndef PROC_FS_2325 | |
2608 | +struct proc_dir_entry ipsec_eroute = | |
2609 | +{ | |
2610 | + 0, | |
2611 | + 12, "ipsec_eroute", | |
2612 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
2613 | + &proc_net_inode_operations, | |
2614 | + ipsec_eroute_get_info, | |
2615 | + NULL, NULL, NULL, NULL, NULL | |
2616 | +}; | |
2617 | + | |
2618 | +struct proc_dir_entry ipsec_spi = | |
2619 | +{ | |
2620 | + 0, | |
2621 | + 9, "ipsec_spi", | |
2622 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
2623 | + &proc_net_inode_operations, | |
2624 | + ipsec_spi_get_info, | |
2625 | + NULL, NULL, NULL, NULL, NULL | |
2626 | +}; | |
2627 | + | |
2628 | +struct proc_dir_entry ipsec_spigrp = | |
2629 | +{ | |
2630 | + 0, | |
2631 | + 12, "ipsec_spigrp", | |
2632 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
2633 | + &proc_net_inode_operations, | |
2634 | + ipsec_spigrp_get_info, | |
2635 | + NULL, NULL, NULL, NULL, NULL | |
2636 | +}; | |
2637 | + | |
2638 | +struct proc_dir_entry ipsec_tncfg = | |
2639 | +{ | |
2640 | + 0, | |
2641 | + 11, "ipsec_tncfg", | |
2642 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
2643 | + &proc_net_inode_operations, | |
2644 | + ipsec_tncfg_get_info, | |
2645 | + NULL, NULL, NULL, NULL, NULL | |
2646 | +}; | |
2647 | + | |
2648 | +struct proc_dir_entry ipsec_version = | |
2649 | +{ | |
2650 | + 0, | |
2651 | + 13, "ipsec_version", | |
2652 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
2653 | + &proc_net_inode_operations, | |
2654 | + ipsec_version_get_info, | |
2655 | + NULL, NULL, NULL, NULL, NULL | |
2656 | +}; | |
2657 | + | |
2658 | +#ifdef CONFIG_IPSEC_DEBUG | |
2659 | +struct proc_dir_entry ipsec_klipsdebug = | |
2660 | +{ | |
2661 | + 0, | |
2662 | + 16, "ipsec_klipsdebug", | |
2663 | + S_IFREG | S_IRUGO, 1, 0, 0, 0, | |
2664 | + &proc_net_inode_operations, | |
2665 | + ipsec_klipsdebug_get_info, | |
2666 | + NULL, NULL, NULL, NULL, NULL | |
2667 | +}; | |
2668 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
2669 | +#endif /* !PROC_FS_2325 */ | |
2670 | +#endif /* CONFIG_PROC_FS */ | |
2671 | + | |
2672 | +int ipsec_device_event(struct notifier_block *dnot, unsigned long event, void *ptr); | |
2673 | +/* | |
2674 | + * the following structure is required so that we receive | |
2675 | + * event notifications when network devices are enabled and | |
2676 | + * disabled (ifconfig up and down). | |
2677 | + */ | |
2678 | +static struct notifier_block ipsec_dev_notifier={ | |
2679 | + ipsec_device_event, | |
2680 | + NULL, | |
2681 | + 0 | |
2682 | +}; | |
2683 | + | |
2684 | +#ifdef CONFIG_SYSCTL | |
2685 | +extern int ipsec_sysctl_register(void); | |
2686 | +extern void ipsec_sysctl_unregister(void); | |
2687 | +#endif | |
2688 | + | |
2689 | +/* void */ | |
2690 | +int | |
2691 | +ipsec_init(void) | |
2692 | +{ | |
2693 | + int error = 0; | |
2694 | + | |
2695 | +#ifdef CONFIG_PROC_FS | |
2696 | +# ifndef PROC_FS_2325 | |
2697 | +# ifdef PROC_FS_21 | |
2698 | + proc_register(proc_net, &ipsec_eroute); | |
2699 | + proc_register(proc_net, &ipsec_spi); | |
2700 | + proc_register(proc_net, &ipsec_spigrp); | |
2701 | + proc_register(proc_net, &ipsec_tncfg); | |
2702 | + proc_register(proc_net, &ipsec_version); | |
2703 | +# ifdef CONFIG_IPSEC_DEBUG | |
2704 | + proc_register(proc_net, &ipsec_klipsdebug); | |
2705 | +# endif /* CONFIG_IPSEC_DEBUG */ | |
2706 | +# else /* PROC_FS_21 */ | |
2707 | + proc_register_dynamic(&proc_net, &ipsec_eroute); | |
2708 | + proc_register_dynamic(&proc_net, &ipsec_spi); | |
2709 | + proc_register_dynamic(&proc_net, &ipsec_spigrp); | |
2710 | + proc_register_dynamic(&proc_net, &ipsec_tncfg); | |
2711 | + proc_register_dynamic(&proc_net, &ipsec_version); | |
2712 | +# ifdef CONFIG_IPSEC_DEBUG | |
2713 | + proc_register_dynamic(&proc_net, &ipsec_klipsdebug); | |
2714 | +# endif /* CONFIG_IPSEC_DEBUG */ | |
2715 | +# endif /* PROC_FS_21 */ | |
2716 | +# else /* !PROC_FS_2325 */ | |
2717 | + proc_net_create ("ipsec_eroute", 0, ipsec_eroute_get_info); | |
2718 | + proc_net_create ("ipsec_spi", 0, ipsec_spi_get_info); | |
2719 | + proc_net_create ("ipsec_spigrp", 0, ipsec_spigrp_get_info); | |
2720 | + proc_net_create ("ipsec_tncfg", 0, ipsec_tncfg_get_info); | |
2721 | + proc_net_create ("ipsec_version", 0, ipsec_version_get_info); | |
2722 | +# ifdef CONFIG_IPSEC_DEBUG | |
2723 | + proc_net_create ("ipsec_klipsdebug", 0, ipsec_klipsdebug_get_info); | |
2724 | +# endif /* CONFIG_IPSEC_DEBUG */ | |
2725 | +# endif /* !PROC_FS_2325 */ | |
2726 | +#endif /* CONFIG_PROC_FS */ | |
2727 | + | |
2728 | + printk("klips_debug:ipsec_init: ipsec module loading. freeswan version: %s\n", | |
2729 | + freeswan_version); | |
2730 | + | |
2731 | +#ifndef SPINLOCK | |
2732 | + tdb_lock.lock = 0; | |
2733 | + eroute_lock.lock = 0; | |
2734 | +#endif /* !SPINLOCK */ | |
2735 | + | |
2736 | + error |= ipsec_tdbinit(); | |
2737 | + error |= ipsec_radijinit(); | |
2738 | + | |
2739 | + error |= pfkey_init(); | |
2740 | + | |
2741 | + register_netdevice_notifier(&ipsec_dev_notifier); | |
2742 | + | |
2743 | +#ifdef CONFIG_IPSEC_ESP | |
2744 | + inet_add_protocol(&esp_protocol); | |
2745 | +#endif /* CONFIG_IPSEC_ESP */ | |
2746 | + | |
2747 | +#ifdef CONFIG_IPSEC_AH | |
2748 | + inet_add_protocol(&ah_protocol); | |
2749 | +#endif /* CONFIG_IPSEC_AH */ | |
2750 | + | |
2751 | +#if 0 | |
2752 | +#ifdef CONFIG_IPSEC_IPCOMP | |
2753 | + inet_add_protocol(&comp_protocol); | |
2754 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
2755 | +#endif | |
2756 | + | |
2757 | + error |= ipsec_tunnel_init_devices(); | |
2758 | + | |
2759 | +#ifdef CONFIG_SYSCTL | |
2760 | + error |= ipsec_sysctl_register(); | |
2761 | +#endif | |
2762 | + return error; | |
2763 | +} | |
2764 | + | |
2765 | + | |
2766 | +/* void */ | |
2767 | +int | |
2768 | +ipsec_cleanup(void) | |
2769 | +{ | |
2770 | + int error = 0; | |
2771 | + | |
2772 | +#ifdef CONFIG_SYSCTL | |
2773 | + ipsec_sysctl_unregister(); | |
2774 | +#endif | |
2775 | + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ | |
2776 | + "klips_debug:ipsec_cleanup: calling ipsec_tunnel_cleanup_devices.\n"); | |
2777 | + error |= ipsec_tunnel_cleanup_devices(); | |
2778 | + | |
2779 | +#if 0 | |
2780 | +#ifdef CONFIG_IPSEC_IPCOMP | |
2781 | + if (inet_del_protocol(&comp_protocol) < 0) | |
2782 | + printk(KERN_INFO "klips_debug:ipsec_cleanup:comp close: can't remove protocol\n"); | |
2783 | +#endif | |
2784 | +#endif | |
2785 | +#ifdef CONFIG_IPSEC_AH | |
2786 | + if ( inet_del_protocol(&ah_protocol) < 0 ) | |
2787 | + printk(KERN_INFO "klips_debug:ipsec_cleanup:ah close: can't remove protocol\n"); | |
2788 | +#endif /* CONFIG_IPSEC_AH */ | |
2789 | +#ifdef CONFIG_IPSEC_ESP | |
2790 | + if ( inet_del_protocol(&esp_protocol) < 0 ) | |
2791 | + printk(KERN_INFO "klips_debug:ipsec_cleanup:esp close: can't remove protocol\n"); | |
2792 | +#endif /* CONFIG_IPSEC_ESP */ | |
2793 | + | |
2794 | + unregister_netdevice_notifier(&ipsec_dev_notifier); | |
2795 | + | |
2796 | + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ | |
2797 | + "klips_debug:ipsec_cleanup: calling ipsec_tdbcleanup.\n"); | |
2798 | + error |= ipsec_tdbcleanup(0); | |
2799 | + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ | |
2800 | + "klips_debug:ipsec_cleanup: calling ipsec_radijcleanup.\n"); | |
2801 | + error |= ipsec_radijcleanup(); | |
2802 | + | |
2803 | + KLIPS_PRINT(debug_pfkey, /* debug_tunnel & DB_TN_INIT, */ | |
2804 | + "klips_debug:ipsec_cleanup: calling pfkey_cleanup.\n"); | |
2805 | + error |= pfkey_cleanup(); | |
2806 | + | |
2807 | +#ifdef CONFIG_PROC_FS | |
2808 | +# ifndef PROC_FS_2325 | |
2809 | +# ifdef CONFIG_IPSEC_DEBUG | |
2810 | + if (proc_net_unregister(ipsec_klipsdebug.low_ino) != 0) | |
2811 | + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_klipsdebug\n"); | |
2812 | +# endif /* CONFIG_IPSEC_DEBUG */ | |
2813 | + if (proc_net_unregister(ipsec_version.low_ino) != 0) | |
2814 | + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_version\n"); | |
2815 | + if (proc_net_unregister(ipsec_eroute.low_ino) != 0) | |
2816 | + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_eroute\n"); | |
2817 | + if (proc_net_unregister(ipsec_spi.low_ino) != 0) | |
2818 | + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_spi\n"); | |
2819 | + if (proc_net_unregister(ipsec_spigrp.low_ino) != 0) | |
2820 | + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_spigrp\n"); | |
2821 | + if (proc_net_unregister(ipsec_tncfg.low_ino) != 0) | |
2822 | + printk("klips_debug:ipsec_cleanup: cannot unregister /proc/net/ipsec_tncfg\n"); | |
2823 | +# else /* !PROC_FS_2325 */ | |
2824 | +# ifdef CONFIG_IPSEC_DEBUG | |
2825 | + proc_net_remove ("ipsec_klipsdebug"); | |
2826 | +# endif /* CONFIG_IPSEC_DEBUG */ | |
2827 | + proc_net_remove ("ipsec_eroute"); | |
2828 | + proc_net_remove ("ipsec_spi"); | |
2829 | + proc_net_remove ("ipsec_spigrp"); | |
2830 | + proc_net_remove ("ipsec_tncfg"); | |
2831 | + proc_net_remove ("ipsec_version"); | |
2832 | +# endif /* !PROC_FS_2325 */ | |
2833 | +#endif /* CONFIG_PROC_FS */ | |
2834 | + | |
2835 | + return error; | |
2836 | +} | |
2837 | + | |
2838 | +#ifdef MODULE | |
2839 | +int | |
2840 | +init_module(void) | |
2841 | +{ | |
2842 | + int error = 0; | |
2843 | + | |
2844 | + error |= ipsec_init(); | |
2845 | + | |
2846 | + return error; | |
2847 | +} | |
2848 | + | |
2849 | +int | |
2850 | +cleanup_module(void) | |
2851 | +{ | |
2852 | + int error = 0; | |
2853 | + | |
2854 | + KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ | |
2855 | + "klips_debug:cleanup_module: calling ipsec_cleanup.\n"); | |
2856 | + | |
2857 | + error |= ipsec_cleanup(); | |
2858 | + | |
2859 | + KLIPS_PRINT(1, "klips_debug:cleanup_module: ipsec module unloaded.\n"); | |
2860 | + | |
2861 | + return error; | |
2862 | +} | |
2863 | +#endif /* MODULE */ | |
2864 | + | |
2865 | +/* | |
2866 | + * $Log$ | |
2867 | + * Revision 1.63 2000/11/29 20:14:06 rgb | |
2868 | + * Add src= to the output of /proc/net/ipsec_spi and delete dst from IPIP. | |
2869 | + * | |
2870 | + * Revision 1.62 2000/11/06 04:31:24 rgb | |
2871 | + * Ditched spin_lock_irqsave in favour of spin_lock_bh. | |
2872 | + * Fixed longlong for pre-2.4 kernels (Svenning). | |
2873 | + * Add Svenning's adaptive content compression. | |
2874 | + * Disabled registration of ipcomp handler. | |
2875 | + * | |
2876 | + * Revision 1.61 2000/10/11 13:37:54 rgb | |
2877 | + * #ifdef out debug print that causes proc/net/ipsec_version to oops. | |
2878 | + * | |
2879 | + * Revision 1.60 2000/09/20 03:59:01 rgb | |
2880 | + * Change static info functions to DEBUG_NO_STATIC to reveal function names | |
2881 | + * in oopsen. | |
2882 | + * | |
2883 | + * Revision 1.59 2000/09/16 01:06:26 rgb | |
2884 | + * Added cast of var to silence compiler warning about long fed to int | |
2885 | + * format. | |
2886 | + * | |
2887 | + * Revision 1.58 2000/09/15 11:37:01 rgb | |
2888 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
2889 | + * IPCOMP zlib deflate code. | |
2890 | + * | |
2891 | + * Revision 1.57 2000/09/12 03:21:50 rgb | |
2892 | + * Moved radij_c_version printing to ipsec_version_get_info(). | |
2893 | + * Reformatted ipsec_version_get_info(). | |
2894 | + * Added sysctl_{,un}register() calls. | |
2895 | + * | |
2896 | + * Revision 1.56 2000/09/08 19:16:50 rgb | |
2897 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
2898 | + * Removed all references to CONFIG_IPSEC_PFKEYv2. | |
2899 | + * | |
2900 | + * Revision 1.55 2000/08/30 05:19:03 rgb | |
2901 | + * Cleaned up no longer used spi_next, netlink register/unregister, other | |
2902 | + * minor cleanup. | |
2903 | + * Removed cruft replaced by TDB_XFORM_NAME. | |
2904 | + * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst. | |
2905 | + * Moved debug version strings to printk when /proc/net/ipsec_version is | |
2906 | + * called. | |
2907 | + * | |
2908 | + * Revision 1.54 2000/08/20 18:31:05 rgb | |
2909 | + * Changed cosmetic alignment in spi_info. | |
2910 | + * Changed addtime and usetime to use actual value which is relative | |
2911 | + * anyways, as intended. (Momchil) | |
2912 | + * | |
2913 | + * Revision 1.53 2000/08/18 17:37:03 rgb | |
2914 | + * Added an (int) cast to shut up the compiler... | |
2915 | + * | |
2916 | + * Revision 1.52 2000/08/01 14:51:50 rgb | |
2917 | + * Removed _all_ remaining traces of DES. | |
2918 | + * | |
2919 | + * Revision 1.51 2000/07/25 20:41:22 rgb | |
2920 | + * Removed duplicate parameter in spi_getinfo. | |
2921 | + * | |
2922 | + * Revision 1.50 2000/07/17 03:21:45 rgb | |
2923 | + * Removed /proc/net/ipsec_spinew. | |
2924 | + * | |
2925 | + * Revision 1.49 2000/06/28 05:46:51 rgb | |
2926 | + * Renamed ivlen to iv_bits for consistency. | |
2927 | + * Changed output of add and use times to be relative to now. | |
2928 | + * | |
2929 | + * Revision 1.48 2000/05/11 18:26:10 rgb | |
2930 | + * Commented out calls to netlink_attach/detach to avoid activating netlink | |
2931 | + * in the kenrel config. | |
2932 | + * | |
2933 | + * Revision 1.47 2000/05/10 22:35:26 rgb | |
2934 | + * Comment out most of the startup version information. | |
2935 | + * | |
2936 | + * Revision 1.46 2000/03/22 16:15:36 rgb | |
2937 | + * Fixed renaming of dev_get (MB). | |
2938 | + * | |
2939 | + * Revision 1.45 2000/03/16 06:40:48 rgb | |
2940 | + * Hardcode PF_KEYv2 support. | |
2941 | + * | |
2942 | + * Revision 1.44 2000/01/22 23:19:20 rgb | |
2943 | + * Simplified code to use existing macro TDB_XFORM_NAME(). | |
2944 | + * | |
2945 | + * Revision 1.43 2000/01/21 06:14:04 rgb | |
2946 | + * Print individual stats only if non-zero. | |
2947 | + * Removed 'bits' from each keylength for brevity. | |
2948 | + * Shortened lifetimes legend for brevity. | |
2949 | + * Changed wording from 'last_used' to the clearer 'idle'. | |
2950 | + * | |
2951 | + * Revision 1.42 1999/12/31 14:57:19 rgb | |
2952 | + * MB fix for new dummy-less proc_get_info in 2.3.35. | |
2953 | + * | |
2954 | + * Revision 1.41 1999/11/23 23:04:03 rgb | |
2955 | + * Use provided macro ADDRTOA_BUF instead of hardcoded value. | |
2956 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
2957 | + * | |
2958 | + * Revision 1.40 1999/11/18 18:47:01 rgb | |
2959 | + * Added dynamic proc registration for 2.3.25+. | |
2960 | + * Changed all device registrations for static linking to | |
2961 | + * dynamic to reduce the number and size of patches. | |
2962 | + * Changed all protocol registrations for static linking to | |
2963 | + * dynamic to reduce the number and size of patches. | |
2964 | + * | |
2965 | + * Revision 1.39 1999/11/18 04:12:07 rgb | |
2966 | + * Replaced all kernel version macros to shorter, readable form. | |
2967 | + * Added Marc Boucher's 2.3.25 proc patches. | |
2968 | + * Converted all PROC_FS entries to dynamic to reduce kernel patching. | |
2969 | + * Added CONFIG_PROC_FS compiler directives in case it is shut off. | |
2970 | + * | |
2971 | + * Revision 1.38 1999/11/17 15:53:38 rgb | |
2972 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
2973 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
2974 | + * klips/net/ipsec/Makefile. | |
2975 | + * | |
2976 | + * Revision 1.37 1999/10/16 04:23:06 rgb | |
2977 | + * Add stats for replaywin_errs, replaywin_max_sequence_difference, | |
2978 | + * authentication errors, encryption size errors, encryption padding | |
2979 | + * errors, and time since last packet. | |
2980 | + * | |
2981 | + * Revision 1.36 1999/10/16 00:30:47 rgb | |
2982 | + * Added SA lifetime counting. | |
2983 | + * | |
2984 | + * Revision 1.35 1999/10/15 22:14:00 rgb | |
2985 | + * Clean out cruft. | |
2986 | + * | |
2987 | + * Revision 1.34 1999/10/03 18:46:28 rgb | |
2988 | + * Spinlock fixes for 2.0.xx and 2.3.xx. | |
2989 | + * | |
2990 | + * Revision 1.33 1999/10/01 17:08:10 rgb | |
2991 | + * Disable spinlock init. | |
2992 | + * | |
2993 | + * Revision 1.32 1999/10/01 16:22:24 rgb | |
2994 | + * Switch from assignment init. to functional init. of spinlocks. | |
2995 | + * | |
2996 | + * Revision 1.31 1999/10/01 15:44:52 rgb | |
2997 | + * Move spinlock header include to 2.1> scope. | |
2998 | + * | |
2999 | + * Revision 1.30 1999/10/01 00:00:16 rgb | |
3000 | + * Added eroute structure locking. | |
3001 | + * Added tdb structure locking. | |
3002 | + * Minor formatting changes. | |
3003 | + * Add call to initialize tdb hash table. | |
3004 | + * | |
3005 | + * Revision 1.29 1999/09/23 20:22:40 rgb | |
3006 | + * Enable, tidy and fix network notifier code. | |
3007 | + * | |
3008 | + * Revision 1.28 1999/09/18 11:39:56 rgb | |
3009 | + * Start to add (disabled) netdevice notifier code. | |
3010 | + * | |
3011 | + * Revision 1.27 1999/08/28 08:24:47 rgb | |
3012 | + * Add compiler directives to compile cleanly without debugging. | |
3013 | + * | |
3014 | + * Revision 1.26 1999/08/06 16:03:22 rgb | |
3015 | + * Correct error messages on failure to unload /proc entries. | |
3016 | + * | |
3017 | + * Revision 1.25 1999/08/03 17:07:25 rgb | |
3018 | + * Report device MTU, not private MTU. | |
3019 | + * | |
3020 | + * Revision 1.24 1999/05/25 22:24:37 rgb | |
3021 | + * /PROC/NET/ipsec* init problem fix. | |
3022 | + * | |
3023 | + * Revision 1.23 1999/05/25 02:16:38 rgb | |
3024 | + * Make modular proc_fs entries dynamic and fix for 2.2.x. | |
3025 | + * | |
3026 | + * Revision 1.22 1999/05/09 03:25:35 rgb | |
3027 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
3028 | + * | |
3029 | + * Revision 1.21 1999/05/05 22:02:30 rgb | |
3030 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
3031 | + * | |
3032 | + * Revision 1.20 1999/04/29 15:15:50 rgb | |
3033 | + * Fix undetected iv_len reporting bug. | |
3034 | + * Add sanity checking for null pointer to private data space. | |
3035 | + * Add return values to init and cleanup functions. | |
3036 | + * | |
3037 | + * Revision 1.19 1999/04/27 19:24:44 rgb | |
3038 | + * Added /proc/net/ipsec_klipsdebug support for reading the current debug | |
3039 | + * settings. | |
3040 | + * Instrument module load/init/unload. | |
3041 | + * | |
3042 | + * Revision 1.18 1999/04/15 15:37:24 rgb | |
3043 | + * Forward check changes from POST1_00 branch. | |
3044 | + * | |
3045 | + * Revision 1.15.2.3 1999/04/13 20:29:19 rgb | |
3046 | + * /proc/net/ipsec_* cleanup. | |
3047 | + * | |
3048 | + * Revision 1.15.2.2 1999/04/02 04:28:23 rgb | |
3049 | + * /proc/net/ipsec_* formatting enhancements. | |
3050 | + * | |
3051 | + * Revision 1.15.2.1 1999/03/30 17:08:33 rgb | |
3052 | + * Add pfkey initialisation. | |
3053 | + * | |
3054 | + * Revision 1.17 1999/04/11 00:28:57 henry | |
3055 | + * GPL boilerplate | |
3056 | + * | |
3057 | + * Revision 1.16 1999/04/06 04:54:25 rgb | |
3058 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
3059 | + * patch shell fixes. | |
3060 | + * | |
3061 | + * Revision 1.15 1999/02/24 20:15:07 rgb | |
3062 | + * Update output format. | |
3063 | + * | |
3064 | + * Revision 1.14 1999/02/17 16:49:39 rgb | |
3065 | + * Convert DEBUG_IPSEC to KLIPS_PRINT | |
3066 | + * Ditch NET_IPIP dependancy. | |
3067 | + * | |
3068 | + * Revision 1.13 1999/01/26 02:06:37 rgb | |
3069 | + * Remove ah/esp switching on include files. | |
3070 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
3071 | + * Removed dead code. | |
3072 | + * Remove references to INET_GET_PROTOCOL. | |
3073 | + * | |
3074 | + * Revision 1.12 1999/01/22 06:19:18 rgb | |
3075 | + * Cruft clean-out. | |
3076 | + * 64-bit clean-up. | |
3077 | + * Added algorithm switch code. | |
3078 | + * | |
3079 | + * Revision 1.11 1998/12/01 05:54:53 rgb | |
3080 | + * Cleanup and order debug version output. | |
3081 | + * | |
3082 | + * Revision 1.10 1998/11/30 13:22:54 rgb | |
3083 | + * Rationalised all the klips kernel file headers. They are much shorter | |
3084 | + * now and won't conflict under RH5.2. | |
3085 | + * | |
3086 | + * Revision 1.9 1998/11/10 05:35:13 rgb | |
3087 | + * Print direction in/out flag from /proc/net/ipsec_spi. | |
3088 | + * | |
3089 | + * Revision 1.8 1998/10/27 13:48:10 rgb | |
3090 | + * Cleaned up /proc/net/ipsec_* filesystem for easy parsing by scripts. | |
3091 | + * Fixed less(1) truncated output bug. | |
3092 | + * Code clean-up. | |
3093 | + * | |
3094 | + * Revision 1.7 1998/10/22 06:43:16 rgb | |
3095 | + * Convert to use satoa for printk. | |
3096 | + * | |
3097 | + * Revision 1.6 1998/10/19 14:24:35 rgb | |
3098 | + * Added inclusion of freeswan.h. | |
3099 | + * | |
3100 | + * Revision 1.5 1998/10/09 04:43:35 rgb | |
3101 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
3102 | + * | |
3103 | + * Revision 1.4 1998/07/27 21:50:22 rgb | |
3104 | + * Not necessary to traverse mask tree for /proc/net/ipsec_eroute. | |
3105 | + * | |
3106 | + * Revision 1.3 1998/06/25 19:51:20 rgb | |
3107 | + * Clean up #endif comments. | |
3108 | + * Shift debugging comment control for procfs to debug_tunnel. | |
3109 | + * Make proc_dir_entries visible to rest of kernel for static link. | |
3110 | + * Replace hardwired fileperms with macros. | |
3111 | + * Use macros for procfs inode numbers. | |
3112 | + * Rearrange initialisations between ipsec_init and module_init as appropriate | |
3113 | + * for static loading. | |
3114 | + * | |
3115 | + * Revision 1.2 1998/06/23 02:55:43 rgb | |
3116 | + * Slightly quieted init-time messages. | |
3117 | + * Re-introduced inet_add_protocol after it mysteriously disappeared... | |
3118 | + * Check for and warn of absence of IPIP protocol on install of module. | |
3119 | + * Move tdbcleanup to ipsec_xform.c. | |
3120 | + * | |
3121 | + * Revision 1.10 1998/06/18 21:29:04 henry | |
3122 | + * move sources from klips/src to klips/net/ipsec, to keep stupid kernel | |
3123 | + * build scripts happier in presence of symbolic links | |
3124 | + * | |
3125 | + * Revision 1.9 1998/06/14 23:49:40 rgb | |
3126 | + * Clarify version reporting on module loading. | |
3127 | + * | |
3128 | + * Revision 1.8 1998/06/11 05:54:23 rgb | |
3129 | + * Added /proc/net/ipsec_version to report freeswan and transform versions. | |
3130 | + * Added /proc/net/ipsec_spinew to generate new and unique spi's.. | |
3131 | + * Fixed /proc/net/ipsec_tncfg bug. | |
3132 | + * | |
3133 | + * Revision 1.7 1998/05/25 20:23:13 rgb | |
3134 | + * proc_register changed to dynamic registration to avoid arbitrary inode | |
3135 | + * numbers. | |
3136 | + * | |
3137 | + * Implement memory recovery from tdb and eroute tables. | |
3138 | + * | |
3139 | + * Revision 1.6 1998/05/21 13:08:58 rgb | |
3140 | + * Rewrote procinfo subroutines to avoid *bad things* when more that 3k of | |
3141 | + * information is available for printout. | |
3142 | + * | |
3143 | + * Revision 1.5 1998/05/18 21:29:48 rgb | |
3144 | + * Cleaned up /proc/net/ipsec_* output, including a title line, algorithm | |
3145 | + * names instead of numbers, standard format for numerical output base, | |
3146 | + * whitespace for legibility, and the names themselves for consistency. | |
3147 | + * | |
3148 | + * Added /proc/net/ipsec_spigrp and /proc/net/ipsec_tncfg. | |
3149 | + * | |
3150 | + * Revision 1.4 1998/04/30 15:42:24 rgb | |
3151 | + * Silencing attach for normal operations with #ifdef IPSEC_DEBUG. | |
3152 | + * | |
3153 | + * Revision 1.3 1998/04/21 21:28:58 rgb | |
3154 | + * Rearrange debug switches to change on the fly debug output from user | |
3155 | + * space. Only kernel changes checked in at this time. radij.c was also | |
3156 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
3157 | + * an OOPS and hence, netlink device open errors. | |
3158 | + * | |
3159 | + * Revision 1.2 1998/04/12 22:03:22 rgb | |
3160 | + * Updated ESP-3DES-HMAC-MD5-96, | |
3161 | + * ESP-DES-HMAC-MD5-96, | |
3162 | + * AH-HMAC-MD5-96, | |
3163 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
3164 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
3165 | + * | |
3166 | + * Fixed eroute references in /proc/net/ipsec*. | |
3167 | + * | |
3168 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
3169 | + * radij tree unloading. | |
3170 | + * | |
3171 | + * Revision 1.1 1998/04/09 03:06:05 henry | |
3172 | + * sources moved up from linux/net/ipsec | |
3173 | + * | |
3174 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
3175 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
3176 | + * | |
3177 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
3178 | + * No changes. | |
3179 | + * | |
3180 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
3181 | + * Fixed problem with node names of /proc/net entries. | |
3182 | + * Other minor cleanups. | |
3183 | + * Rationalized debugging code. | |
3184 | + * | |
3185 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
3186 | + * First limited release. | |
3187 | + * | |
3188 | + * | |
3189 | + */ | |
3190 | diff -druN linux-noipsec/net/ipsec/ipsec_ipe4.h linux/net/ipsec/ipsec_ipe4.h | |
3191 | --- linux-noipsec/net/ipsec/ipsec_ipe4.h Thu Jan 1 01:00:00 1970 | |
3192 | +++ linux/net/ipsec/ipsec_ipe4.h Sun Apr 11 02:28:57 1999 | |
3193 | @@ -0,0 +1,59 @@ | |
3194 | +/* | |
3195 | + * IP-in-IP Header declarations | |
3196 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
3197 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
3198 | + * | |
3199 | + * This program is free software; you can redistribute it and/or modify it | |
3200 | + * under the terms of the GNU General Public License as published by the | |
3201 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3202 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3203 | + * | |
3204 | + * This program is distributed in the hope that it will be useful, but | |
3205 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3206 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3207 | + * for more details. | |
3208 | + * | |
3209 | + * RCSID $Id$ | |
3210 | + */ | |
3211 | + | |
3212 | +/* The packet header is an IP header! */ | |
3213 | + | |
3214 | +struct ipe4_xdata /* transform table data */ | |
3215 | +{ | |
3216 | + struct in_addr i4_src; | |
3217 | + struct in_addr i4_dst; | |
3218 | +}; | |
3219 | + | |
3220 | +#define EMT_IPE4_ULEN 8 /* coming from user mode */ | |
3221 | + | |
3222 | + | |
3223 | +/* | |
3224 | + * $Log$ | |
3225 | + * Revision 1.3 1999/04/11 00:28:57 henry | |
3226 | + * GPL boilerplate | |
3227 | + * | |
3228 | + * Revision 1.2 1999/04/06 04:54:25 rgb | |
3229 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
3230 | + * patch shell fixes. | |
3231 | + * | |
3232 | + * Revision 1.1 1998/06/18 21:27:47 henry | |
3233 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
3234 | + * kernel-build scripts happier in the presence of symlinks | |
3235 | + * | |
3236 | + * Revision 1.1 1998/04/09 03:06:07 henry | |
3237 | + * sources moved up from linux/net/ipsec | |
3238 | + * | |
3239 | + * Revision 1.1.1.1 1998/04/08 05:35:03 henry | |
3240 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
3241 | + * | |
3242 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
3243 | + * No changes. | |
3244 | + * | |
3245 | + * Revision 0.3 1996/11/20 14:48:53 ji | |
3246 | + * Release update only. | |
3247 | + * | |
3248 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
3249 | + * First limited release. | |
3250 | + * | |
3251 | + * | |
3252 | + */ | |
3253 | diff -druN linux-noipsec/net/ipsec/ipsec_md5c.c linux/net/ipsec/ipsec_md5c.c | |
3254 | --- linux-noipsec/net/ipsec/ipsec_md5c.c Thu Jan 1 01:00:00 1970 | |
3255 | +++ linux/net/ipsec/ipsec_md5c.c Mon Dec 13 14:59:12 1999 | |
3256 | @@ -0,0 +1,430 @@ | |
3257 | +/* | |
3258 | + * RCSID $Id$ | |
3259 | + */ | |
3260 | + | |
3261 | +/* | |
3262 | + * The rest of the code is derived from MD5C.C by RSADSI. Minor cosmetic | |
3263 | + * changes to accomodate it in the kernel by ji. | |
3264 | + */ | |
3265 | + | |
3266 | +#include <asm/byteorder.h> | |
3267 | +#include <linux/string.h> | |
3268 | + | |
3269 | +#include "ipsec_md5h.h" | |
3270 | + | |
3271 | +/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm | |
3272 | + */ | |
3273 | + | |
3274 | +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All | |
3275 | +rights reserved. | |
3276 | + | |
3277 | +License to copy and use this software is granted provided that it | |
3278 | +is identified as the "RSA Data Security, Inc. MD5 Message-Digest | |
3279 | +Algorithm" in all material mentioning or referencing this software | |
3280 | +or this function. | |
3281 | + | |
3282 | +License is also granted to make and use derivative works provided | |
3283 | +that such works are identified as "derived from the RSA Data | |
3284 | +Security, Inc. MD5 Message-Digest Algorithm" in all material | |
3285 | +mentioning or referencing the derived work. | |
3286 | + | |
3287 | +RSA Data Security, Inc. makes no representations concerning either | |
3288 | +the merchantability of this software or the suitability of this | |
3289 | +software for any particular purpose. It is provided "as is" | |
3290 | +without express or implied warranty of any kind. | |
3291 | + | |
3292 | +These notices must be retained in any copies of any part of this | |
3293 | +documentation and/or software. | |
3294 | + */ | |
3295 | + | |
3296 | +/* | |
3297 | + * Additions by JI | |
3298 | + * | |
3299 | + * HAVEMEMCOPY is defined if mem* routines are available | |
3300 | + * | |
3301 | + * HAVEHTON is defined if htons() and htonl() can be used | |
3302 | + * for big/little endian conversions | |
3303 | + * | |
3304 | + */ | |
3305 | + | |
3306 | +#define HAVEMEMCOPY | |
3307 | +#ifdef __LITTLE_ENDIAN | |
3308 | +#define LITTLENDIAN | |
3309 | +#endif | |
3310 | +#ifdef __BIG_ENDIAN | |
3311 | +#define BIGENDIAN | |
3312 | +#endif | |
3313 | + | |
3314 | +/* Constants for MD5Transform routine. | |
3315 | + */ | |
3316 | + | |
3317 | +#define S11 7 | |
3318 | +#define S12 12 | |
3319 | +#define S13 17 | |
3320 | +#define S14 22 | |
3321 | +#define S21 5 | |
3322 | +#define S22 9 | |
3323 | +#define S23 14 | |
3324 | +#define S24 20 | |
3325 | +#define S31 4 | |
3326 | +#define S32 11 | |
3327 | +#define S33 16 | |
3328 | +#define S34 23 | |
3329 | +#define S41 6 | |
3330 | +#define S42 10 | |
3331 | +#define S43 15 | |
3332 | +#define S44 21 | |
3333 | + | |
3334 | +static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64])); | |
3335 | + | |
3336 | +#ifdef LITTLEENDIAN | |
3337 | +#define Encode MD5_memcpy | |
3338 | +#define Decode MD5_memcpy | |
3339 | +#else | |
3340 | +static void Encode PROTO_LIST | |
3341 | + ((unsigned char *, UINT4 *, unsigned int)); | |
3342 | +static void Decode PROTO_LIST | |
3343 | + ((UINT4 *, unsigned char *, unsigned int)); | |
3344 | +#endif | |
3345 | + | |
3346 | +#ifdef HAVEMEMCOPY | |
3347 | +/* no need to include <memory.h> here; <linux/string.h> defines these */ | |
3348 | +#define MD5_memcpy memcpy | |
3349 | +#define MD5_memset memset | |
3350 | +#else | |
3351 | +#ifdef HAVEBCOPY | |
3352 | +#define MD5_memcpy(_a,_b,_c) bcopy((_b),(_a),(_c)) | |
3353 | +#define MD5_memset(_a,_b,_c) bzero((_a),(_c)) | |
3354 | +#else | |
3355 | +static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); | |
3356 | +static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); | |
3357 | +#endif | |
3358 | +#endif | |
3359 | +static unsigned char PADDING[64] = { | |
3360 | + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
3361 | + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
3362 | + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 | |
3363 | +}; | |
3364 | + | |
3365 | +/* F, G, H and I are basic MD5 functions. | |
3366 | + */ | |
3367 | +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) | |
3368 | +#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) | |
3369 | +#define H(x, y, z) ((x) ^ (y) ^ (z)) | |
3370 | +#define I(x, y, z) ((y) ^ ((x) | (~z))) | |
3371 | + | |
3372 | +/* ROTATE_LEFT rotates x left n bits. | |
3373 | + */ | |
3374 | +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) | |
3375 | + | |
3376 | +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. | |
3377 | +Rotation is separate from addition to prevent recomputation. | |
3378 | + */ | |
3379 | +#define FF(a, b, c, d, x, s, ac) { \ | |
3380 | + (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ | |
3381 | + (a) = ROTATE_LEFT ((a), (s)); \ | |
3382 | + (a) += (b); \ | |
3383 | + } | |
3384 | +#define GG(a, b, c, d, x, s, ac) { \ | |
3385 | + (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ | |
3386 | + (a) = ROTATE_LEFT ((a), (s)); \ | |
3387 | + (a) += (b); \ | |
3388 | + } | |
3389 | +#define HH(a, b, c, d, x, s, ac) { \ | |
3390 | + (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ | |
3391 | + (a) = ROTATE_LEFT ((a), (s)); \ | |
3392 | + (a) += (b); \ | |
3393 | + } | |
3394 | +#define II(a, b, c, d, x, s, ac) { \ | |
3395 | + (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ | |
3396 | + (a) = ROTATE_LEFT ((a), (s)); \ | |
3397 | + (a) += (b); \ | |
3398 | + } | |
3399 | + | |
3400 | +/* MD5 initialization. Begins an MD5 operation, writing a new context. | |
3401 | + */ | |
3402 | +void MD5Init (context) | |
3403 | +MD5_CTX *context; /* context */ | |
3404 | +{ | |
3405 | + context->count[0] = context->count[1] = 0; | |
3406 | + /* Load magic initialization constants. | |
3407 | +*/ | |
3408 | + context->state[0] = 0x67452301; | |
3409 | + context->state[1] = 0xefcdab89; | |
3410 | + context->state[2] = 0x98badcfe; | |
3411 | + context->state[3] = 0x10325476; | |
3412 | +} | |
3413 | + | |
3414 | +/* MD5 block update operation. Continues an MD5 message-digest | |
3415 | + operation, processing another message block, and updating the | |
3416 | + context. | |
3417 | + */ | |
3418 | +void MD5Update (context, input, inputLen) | |
3419 | +MD5_CTX *context; /* context */ | |
3420 | +unsigned char *input; /* input block */ | |
3421 | +__u32 inputLen; /* length of input block */ | |
3422 | +{ | |
3423 | + __u32 i; | |
3424 | + unsigned int index, partLen; | |
3425 | + | |
3426 | + /* Compute number of bytes mod 64 */ | |
3427 | + index = (unsigned int)((context->count[0] >> 3) & 0x3F); | |
3428 | + | |
3429 | + /* Update number of bits */ | |
3430 | + if ((context->count[0] += ((UINT4)inputLen << 3)) | |
3431 | + < ((UINT4)inputLen << 3)) | |
3432 | + context->count[1]++; | |
3433 | + context->count[1] += ((UINT4)inputLen >> 29); | |
3434 | + | |
3435 | + partLen = 64 - index; | |
3436 | + | |
3437 | + /* Transform as many times as possible. | |
3438 | +*/ | |
3439 | + if (inputLen >= partLen) { | |
3440 | + MD5_memcpy | |
3441 | + ((POINTER)&context->buffer[index], (POINTER)input, partLen); | |
3442 | + MD5Transform (context->state, context->buffer); | |
3443 | + | |
3444 | + for (i = partLen; i + 63 < inputLen; i += 64) | |
3445 | + MD5Transform (context->state, &input[i]); | |
3446 | + | |
3447 | + index = 0; | |
3448 | + } | |
3449 | + else | |
3450 | + i = 0; | |
3451 | + | |
3452 | + /* Buffer remaining input */ | |
3453 | + MD5_memcpy | |
3454 | + ((POINTER)&context->buffer[index], (POINTER)&input[i], | |
3455 | + inputLen-i); | |
3456 | +} | |
3457 | + | |
3458 | +/* MD5 finalization. Ends an MD5 message-digest operation, writing the | |
3459 | + the message digest and zeroizing the context. | |
3460 | + */ | |
3461 | +void MD5Final (digest, context) | |
3462 | +unsigned char digest[16]; /* message digest */ | |
3463 | +MD5_CTX *context; /* context */ | |
3464 | +{ | |
3465 | + unsigned char bits[8]; | |
3466 | + unsigned int index, padLen; | |
3467 | + | |
3468 | + /* Save number of bits */ | |
3469 | + Encode (bits, context->count, 8); | |
3470 | + | |
3471 | + /* Pad out to 56 mod 64. | |
3472 | +*/ | |
3473 | + index = (unsigned int)((context->count[0] >> 3) & 0x3f); | |
3474 | + padLen = (index < 56) ? (56 - index) : (120 - index); | |
3475 | + MD5Update (context, PADDING, padLen); | |
3476 | + | |
3477 | + /* Append length (before padding) */ | |
3478 | + MD5Update (context, bits, 8); | |
3479 | + | |
3480 | + if (digest != NULL) /* Bill Simpson's padding */ | |
3481 | + { | |
3482 | + /* store state in digest */ | |
3483 | + Encode (digest, context->state, 16); | |
3484 | + | |
3485 | + /* Zeroize sensitive information. | |
3486 | + */ | |
3487 | + MD5_memset ((POINTER)context, 0, sizeof (*context)); | |
3488 | + } | |
3489 | +} | |
3490 | + | |
3491 | +/* MD5 basic transformation. Transforms state based on block. | |
3492 | + */ | |
3493 | +static void MD5Transform (state, block) | |
3494 | +UINT4 state[4]; | |
3495 | +unsigned char block[64]; | |
3496 | +{ | |
3497 | + UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; | |
3498 | + | |
3499 | + Decode (x, block, 64); | |
3500 | + | |
3501 | + /* Round 1 */ | |
3502 | + FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ | |
3503 | + FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ | |
3504 | + FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ | |
3505 | + FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ | |
3506 | + FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ | |
3507 | + FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ | |
3508 | + FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ | |
3509 | + FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ | |
3510 | + FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ | |
3511 | + FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ | |
3512 | + FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ | |
3513 | + FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ | |
3514 | + FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ | |
3515 | + FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ | |
3516 | + FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ | |
3517 | + FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ | |
3518 | + | |
3519 | + /* Round 2 */ | |
3520 | + GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ | |
3521 | + GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ | |
3522 | + GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ | |
3523 | + GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ | |
3524 | + GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ | |
3525 | + GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ | |
3526 | + GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ | |
3527 | + GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ | |
3528 | + GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ | |
3529 | + GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ | |
3530 | + GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ | |
3531 | + GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ | |
3532 | + GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ | |
3533 | + GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ | |
3534 | + GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ | |
3535 | + GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ | |
3536 | + | |
3537 | + /* Round 3 */ | |
3538 | + HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ | |
3539 | + HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ | |
3540 | + HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ | |
3541 | + HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ | |
3542 | + HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ | |
3543 | + HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ | |
3544 | + HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ | |
3545 | + HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ | |
3546 | + HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ | |
3547 | + HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ | |
3548 | + HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ | |
3549 | + HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ | |
3550 | + HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ | |
3551 | + HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ | |
3552 | + HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ | |
3553 | + HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ | |
3554 | + | |
3555 | + /* Round 4 */ | |
3556 | + II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ | |
3557 | + II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ | |
3558 | + II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ | |
3559 | + II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ | |
3560 | + II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ | |
3561 | + II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ | |
3562 | + II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ | |
3563 | + II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ | |
3564 | + II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ | |
3565 | + II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ | |
3566 | + II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ | |
3567 | + II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ | |
3568 | + II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ | |
3569 | + II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ | |
3570 | + II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ | |
3571 | + II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ | |
3572 | + | |
3573 | + state[0] += a; | |
3574 | + state[1] += b; | |
3575 | + state[2] += c; | |
3576 | + state[3] += d; | |
3577 | + | |
3578 | + /* Zeroize sensitive information. | |
3579 | +*/ | |
3580 | + MD5_memset ((POINTER)x, 0, sizeof (x)); | |
3581 | +} | |
3582 | + | |
3583 | +#ifndef LITTLEENDIAN | |
3584 | + | |
3585 | +/* Encodes input (UINT4) into output (unsigned char). Assumes len is | |
3586 | + a multiple of 4. | |
3587 | + */ | |
3588 | +static void Encode (output, input, len) | |
3589 | +unsigned char *output; | |
3590 | +UINT4 *input; | |
3591 | +unsigned int len; | |
3592 | +{ | |
3593 | + unsigned int i, j; | |
3594 | + | |
3595 | + for (i = 0, j = 0; j < len; i++, j += 4) { | |
3596 | + output[j] = (unsigned char)(input[i] & 0xff); | |
3597 | + output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); | |
3598 | + output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); | |
3599 | + output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); | |
3600 | + } | |
3601 | +} | |
3602 | + | |
3603 | +/* Decodes input (unsigned char) into output (UINT4). Assumes len is | |
3604 | + a multiple of 4. | |
3605 | + */ | |
3606 | +static void Decode (output, input, len) | |
3607 | +UINT4 *output; | |
3608 | +unsigned char *input; | |
3609 | +unsigned int len; | |
3610 | +{ | |
3611 | + unsigned int i, j; | |
3612 | + | |
3613 | + for (i = 0, j = 0; j < len; i++, j += 4) | |
3614 | + output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | | |
3615 | + (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); | |
3616 | +} | |
3617 | + | |
3618 | +#endif | |
3619 | + | |
3620 | +#ifndef HAVEMEMCOPY | |
3621 | +#ifndef HAVEBCOPY | |
3622 | +/* Note: Replace "for loop" with standard memcpy if possible. | |
3623 | + */ | |
3624 | + | |
3625 | +static void MD5_memcpy (output, input, len) | |
3626 | +POINTER output; | |
3627 | +POINTER input; | |
3628 | +unsigned int len; | |
3629 | +{ | |
3630 | + unsigned int i; | |
3631 | + | |
3632 | + for (i = 0; i < len; i++) | |
3633 | + | |
3634 | + output[i] = input[i]; | |
3635 | +} | |
3636 | + | |
3637 | +/* Note: Replace "for loop" with standard memset if possible. | |
3638 | + */ | |
3639 | + | |
3640 | +static void MD5_memset (output, value, len) | |
3641 | +POINTER output; | |
3642 | +int value; | |
3643 | +unsigned int len; | |
3644 | +{ | |
3645 | + unsigned int i; | |
3646 | + | |
3647 | + for (i = 0; i < len; i++) | |
3648 | + ((char *)output)[i] = (char)value; | |
3649 | +} | |
3650 | +#endif | |
3651 | +#endif | |
3652 | + | |
3653 | +/* | |
3654 | + * $Log$ | |
3655 | + * Revision 1.4 1999/12/13 13:59:12 rgb | |
3656 | + * Quick fix to argument size to Update bugs. | |
3657 | + * | |
3658 | + * Revision 1.3 1999/05/21 18:09:28 henry | |
3659 | + * unnecessary <memory.h> include causes trouble in 2.2 | |
3660 | + * | |
3661 | + * Revision 1.2 1999/04/06 04:54:26 rgb | |
3662 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
3663 | + * patch shell fixes. | |
3664 | + * | |
3665 | + * Revision 1.1 1998/06/18 21:27:48 henry | |
3666 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
3667 | + * kernel-build scripts happier in the presence of symlinks | |
3668 | + * | |
3669 | + * Revision 1.2 1998/04/23 20:54:02 rgb | |
3670 | + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when | |
3671 | + * verified. | |
3672 | + * | |
3673 | + * Revision 1.1 1998/04/09 03:06:08 henry | |
3674 | + * sources moved up from linux/net/ipsec | |
3675 | + * | |
3676 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
3677 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
3678 | + * | |
3679 | + * Revision 0.3 1996/11/20 14:48:53 ji | |
3680 | + * Release update only. | |
3681 | + * | |
3682 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
3683 | + * First limited release. | |
3684 | + * | |
3685 | + * | |
3686 | + */ | |
3687 | diff -druN linux-noipsec/net/ipsec/ipsec_md5h.h linux/net/ipsec/ipsec_md5h.h | |
3688 | --- linux-noipsec/net/ipsec/ipsec_md5h.h Thu Jan 1 01:00:00 1970 | |
3689 | +++ linux/net/ipsec/ipsec_md5h.h Mon Dec 13 14:59:13 1999 | |
3690 | @@ -0,0 +1,129 @@ | |
3691 | +/* | |
3692 | + * RCSID $Id$ | |
3693 | + */ | |
3694 | + | |
3695 | +/* | |
3696 | + * The rest of this file is Copyright RSA DSI. See the following comments | |
3697 | + * for the full Copyright notice. | |
3698 | + */ | |
3699 | + | |
3700 | +#ifndef _IPSEC_MD5H_H_ | |
3701 | +#define _IPSEC_MD5H_H_ | |
3702 | + | |
3703 | +/* GLOBAL.H - RSAREF types and constants | |
3704 | + */ | |
3705 | + | |
3706 | +/* PROTOTYPES should be set to one if and only if the compiler supports | |
3707 | + function argument prototyping. | |
3708 | + The following makes PROTOTYPES default to 0 if it has not already | |
3709 | + been defined with C compiler flags. | |
3710 | + */ | |
3711 | +#ifndef PROTOTYPES | |
3712 | +#define PROTOTYPES 1 | |
3713 | +#endif /* !PROTOTYPES */ | |
3714 | + | |
3715 | +/* POINTER defines a generic pointer type */ | |
3716 | +typedef __u8 *POINTER; | |
3717 | + | |
3718 | +/* UINT2 defines a two byte word */ | |
3719 | +typedef __u16 UINT2; | |
3720 | + | |
3721 | +/* UINT4 defines a four byte word */ | |
3722 | +typedef __u32 UINT4; | |
3723 | + | |
3724 | +/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. | |
3725 | + If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it | |
3726 | + returns an empty list. | |
3727 | + */ | |
3728 | + | |
3729 | +#if PROTOTYPES | |
3730 | +#define PROTO_LIST(list) list | |
3731 | +#else /* PROTOTYPES */ | |
3732 | +#define PROTO_LIST(list) () | |
3733 | +#endif /* PROTOTYPES */ | |
3734 | + | |
3735 | + | |
3736 | +/* MD5.H - header file for MD5C.C | |
3737 | + */ | |
3738 | + | |
3739 | +/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All | |
3740 | +rights reserved. | |
3741 | + | |
3742 | +License to copy and use this software is granted provided that it | |
3743 | +is identified as the "RSA Data Security, Inc. MD5 Message-Digest | |
3744 | +Algorithm" in all material mentioning or referencing this software | |
3745 | +or this function. | |
3746 | + | |
3747 | +License is also granted to make and use derivative works provided | |
3748 | +that such works are identified as "derived from the RSA Data | |
3749 | +Security, Inc. MD5 Message-Digest Algorithm" in all material | |
3750 | +mentioning or referencing the derived work. | |
3751 | + | |
3752 | +RSA Data Security, Inc. makes no representations concerning either | |
3753 | +the merchantability of this software or the suitability of this | |
3754 | +software for any particular purpose. It is provided "as is" | |
3755 | +without express or implied warranty of any kind. | |
3756 | + | |
3757 | +These notices must be retained in any copies of any part of this | |
3758 | +documentation and/or software. | |
3759 | + */ | |
3760 | + | |
3761 | +/* MD5 context. */ | |
3762 | +typedef struct { | |
3763 | + UINT4 state[4]; /* state (ABCD) */ | |
3764 | + UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ | |
3765 | + unsigned char buffer[64]; /* input buffer */ | |
3766 | +} MD5_CTX; | |
3767 | + | |
3768 | +void MD5Init PROTO_LIST ((MD5_CTX *)); | |
3769 | +void MD5Update PROTO_LIST | |
3770 | + ((MD5_CTX *, unsigned char *, __u32)); | |
3771 | +void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); | |
3772 | + | |
3773 | +#endif /* _IPSEC_MD5H_H_ */ | |
3774 | + | |
3775 | +/* | |
3776 | + * $Log$ | |
3777 | + * Revision 1.6 1999/12/13 13:59:13 rgb | |
3778 | + * Quick fix to argument size to Update bugs. | |
3779 | + * | |
3780 | + * Revision 1.5 1999/12/07 18:16:23 rgb | |
3781 | + * Fixed comments at end of #endif lines. | |
3782 | + * | |
3783 | + * Revision 1.4 1999/04/06 04:54:26 rgb | |
3784 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
3785 | + * patch shell fixes. | |
3786 | + * | |
3787 | + * Revision 1.3 1999/01/22 06:19:58 rgb | |
3788 | + * 64-bit clean-up. | |
3789 | + * | |
3790 | + * Revision 1.2 1998/11/30 13:22:54 rgb | |
3791 | + * Rationalised all the klips kernel file headers. They are much shorter | |
3792 | + * now and won't conflict under RH5.2. | |
3793 | + * | |
3794 | + * Revision 1.1 1998/06/18 21:27:48 henry | |
3795 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
3796 | + * kernel-build scripts happier in the presence of symlinks | |
3797 | + * | |
3798 | + * Revision 1.2 1998/04/23 20:54:03 rgb | |
3799 | + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when | |
3800 | + * verified. | |
3801 | + * | |
3802 | + * Revision 1.1 1998/04/09 03:04:21 henry | |
3803 | + * sources moved up from linux/net/ipsec | |
3804 | + * these two include files modified not to include others except in kernel | |
3805 | + * | |
3806 | + * Revision 1.1.1.1 1998/04/08 05:35:03 henry | |
3807 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
3808 | + * | |
3809 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
3810 | + * No changes. | |
3811 | + * | |
3812 | + * Revision 0.3 1996/11/20 14:48:53 ji | |
3813 | + * Release update only. | |
3814 | + * | |
3815 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
3816 | + * First limited release. | |
3817 | + * | |
3818 | + * | |
3819 | + */ | |
3820 | diff -druN linux-noipsec/net/ipsec/ipsec_netlink.c linux/net/ipsec/ipsec_netlink.c | |
3821 | --- linux-noipsec/net/ipsec/ipsec_netlink.c Thu Jan 1 01:00:00 1970 | |
3822 | +++ linux/net/ipsec/ipsec_netlink.c Mon Nov 6 05:32:08 2000 | |
3823 | @@ -0,0 +1,635 @@ | |
3824 | +/* | |
3825 | + * IPSEC <> netlink interface | |
3826 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
3827 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
3828 | + * | |
3829 | + * This program is free software; you can redistribute it and/or modify it | |
3830 | + * under the terms of the GNU General Public License as published by the | |
3831 | + * Free Software Foundation; either version 2 of the License, or (at your | |
3832 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
3833 | + * | |
3834 | + * This program is distributed in the hope that it will be useful, but | |
3835 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
3836 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
3837 | + * for more details. | |
3838 | + */ | |
3839 | + | |
3840 | +char ipsec_netlink_c_version[] = "RCSID $Id$"; | |
3841 | + | |
3842 | +#include <linux/config.h> | |
3843 | +#include <linux/version.h> | |
3844 | + | |
3845 | +#include <linux/kernel.h> /* printk() */ | |
3846 | +#include <linux/malloc.h> /* kmalloc() */ | |
3847 | +#include <linux/errno.h> /* error codes */ | |
3848 | +#include <linux/types.h> /* size_t */ | |
3849 | +#include <linux/interrupt.h> /* mark_bh */ | |
3850 | + | |
3851 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
3852 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
3853 | +#include <linux/ip.h> /* struct iphdr */ | |
3854 | +#include <linux/skbuff.h> | |
3855 | +#include <freeswan.h> | |
3856 | +#ifdef SPINLOCK | |
3857 | + #ifdef SPINLOCK_23 | |
3858 | + #include <linux/spinlock.h> /* *lock* */ | |
3859 | + #else /* 23_SPINLOCK */ | |
3860 | + #include <asm/spinlock.h> /* *lock* */ | |
3861 | + #endif /* 23_SPINLOCK */ | |
3862 | +#endif /* SPINLOCK */ | |
3863 | +#ifdef NET_21 | |
3864 | + #include <asm/uaccess.h> | |
3865 | + #include <linux/in6.h> | |
3866 | + #define ip_chk_addr inet_addr_type | |
3867 | + #define IS_MYADDR RTN_LOCAL | |
3868 | +#endif | |
3869 | +#include <asm/checksum.h> | |
3870 | +#include <net/ip.h> | |
3871 | +#ifdef NETLINK_SOCK | |
3872 | + #include <linux/netlink.h> | |
3873 | +#else | |
3874 | + #include <net/netlink.h> | |
3875 | +#endif | |
3876 | + | |
3877 | +#include "radij.h" | |
3878 | +#include "ipsec_encap.h" | |
3879 | +#include "ipsec_radij.h" | |
3880 | +#include "ipsec_netlink.h" | |
3881 | +#include "ipsec_xform.h" | |
3882 | + | |
3883 | +#include "ipsec_rcv.h" | |
3884 | +#include "ipsec_ah.h" | |
3885 | +#include "ipsec_esp.h" | |
3886 | + | |
3887 | +#ifdef CONFIG_IPSEC_DEBUG | |
3888 | + #include "ipsec_tunnel.h" | |
3889 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
3890 | + | |
3891 | +#include <pfkeyv2.h> | |
3892 | +#include <pfkey.h> | |
3893 | + | |
3894 | +#ifdef CONFIG_IPSEC_DEBUG | |
3895 | + int debug_netlink = 0; | |
3896 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
3897 | + | |
3898 | +#define SENDERR(_x) do { len = -(_x); goto errlab; } while (0) | |
3899 | + | |
3900 | +#if 0 | |
3901 | +int | |
3902 | +#ifdef NETLINK_SOCK | |
3903 | +ipsec_callback(int proto, struct sk_buff *skb) | |
3904 | +#else /* NETLINK_SOCK */ | |
3905 | +ipsec_callback(struct sk_buff *skb) | |
3906 | +#endif /* NETLINK_SOCK */ | |
3907 | +{ | |
3908 | + /* | |
3909 | + * this happens when we write to /dev/ipsec (c 36 10) | |
3910 | + */ | |
3911 | + int len = skb->len; | |
3912 | + u_char *dat = (u_char *)skb->data; | |
3913 | + struct encap_msghdr *em = (struct encap_msghdr *)dat; | |
3914 | + struct tdb *tdbp, *tprev; | |
3915 | + int i, nspis, error = 0; | |
3916 | +#ifdef CONFIG_IPSEC_DEBUG | |
3917 | + struct eroute *eret; | |
3918 | + char sa[SATOA_BUF]; | |
3919 | + | |
3920 | + | |
3921 | + satoa(em->em_said, 0, sa, SATOA_BUF); | |
3922 | + | |
3923 | + if(debug_netlink) { | |
3924 | + printk("klips_debug:ipsec_callback: skb=0x%p skblen=%ld em_magic=%d em_type=%d\n", | |
3925 | + skb, (unsigned long int)skb->len, em->em_magic, em->em_type); | |
3926 | + switch(em->em_type) { | |
3927 | + case EMT_SETDEBUG: | |
3928 | + printk("klips_debug:ipsec_callback: set ipsec_debug level\n"); | |
3929 | + break; | |
3930 | + case EMT_DELEROUTE: | |
3931 | + case EMT_CLREROUTE: | |
3932 | + case EMT_CLRSPIS: | |
3933 | + break; | |
3934 | + default: | |
3935 | + printk("klips_debug:ipsec_callback: called for SA:%s\n", sa); | |
3936 | + } | |
3937 | + } | |
3938 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
3939 | + | |
3940 | + /* XXXX Temporarily disable netlink I/F code until it gets permanantly | |
3941 | + ripped out in favour of PF_KEYv2 I/F. */ | |
3942 | + SENDERR(EPROTONOSUPPORT); | |
3943 | + | |
3944 | + /* em = (struct encap_msghdr *)dat; */ | |
3945 | + if (em->em_magic != EM_MAGIC) { | |
3946 | + printk("klips_debug:ipsec_callback: bad magic=%d failed, should be %d\n", | |
3947 | + em->em_magic, | |
3948 | + EM_MAGIC); | |
3949 | + SENDERR(EINVAL); | |
3950 | + } | |
3951 | + switch (em->em_type) { | |
3952 | + case EMT_SETDEBUG: | |
3953 | +#ifdef CONFIG_IPSEC_DEBUG | |
3954 | + if(em->em_db_nl >> (sizeof(em->em_db_nl) * 8 - 1)) { | |
3955 | + em->em_db_nl &= ~(1 << (sizeof(em->em_db_nl) * 8 -1)); | |
3956 | + debug_tunnel |= em->em_db_tn; | |
3957 | + debug_netlink |= em->em_db_nl; | |
3958 | + debug_xform |= em->em_db_xf; | |
3959 | + debug_eroute |= em->em_db_er; | |
3960 | + debug_spi |= em->em_db_sp; | |
3961 | + debug_radij |= em->em_db_rj; | |
3962 | + debug_esp |= em->em_db_es; | |
3963 | + debug_ah |= em->em_db_ah; | |
3964 | + debug_rcv |= em->em_db_rx; | |
3965 | + debug_pfkey |= em->em_db_ky; | |
3966 | + if(debug_netlink) | |
3967 | + printk("klips_debug:ipsec_callback: set\n"); | |
3968 | + } else { | |
3969 | + if(debug_netlink) | |
3970 | + printk("klips_debug:ipsec_callback: unset\n"); | |
3971 | + debug_tunnel &= em->em_db_tn; | |
3972 | + debug_netlink &= em->em_db_nl; | |
3973 | + debug_xform &= em->em_db_xf; | |
3974 | + debug_eroute &= em->em_db_er; | |
3975 | + debug_spi &= em->em_db_sp; | |
3976 | + debug_radij &= em->em_db_rj; | |
3977 | + debug_esp &= em->em_db_es; | |
3978 | + debug_ah &= em->em_db_ah; | |
3979 | + debug_rcv &= em->em_db_rx; | |
3980 | + debug_pfkey &= em->em_db_ky; | |
3981 | + } | |
3982 | +#else /* CONFIG_IPSEC_DEBUG */ | |
3983 | + printk("klips_debug:ipsec_callback: debugging not enabled\n"); | |
3984 | + SENDERR(EINVAL); | |
3985 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
3986 | + break; | |
3987 | + | |
3988 | + case EMT_SETEROUTE: | |
3989 | + if ((error = ipsec_makeroute(&(em->em_eaddr), &(em->em_emask), em->em_ersaid))) | |
3990 | + SENDERR(-error); | |
3991 | + break; | |
3992 | + | |
3993 | + case EMT_RPLACEROUTE: | |
3994 | + if ((error = ipsec_breakroute(&(em->em_eaddr), &(em->em_emask))) == EINVAL) { | |
3995 | + SENDERR(-error); | |
3996 | + } | |
3997 | + if ((error = ipsec_makeroute(&(em->em_eaddr), &(em->em_emask), em->em_ersaid))) | |
3998 | + SENDERR(-error); | |
3999 | + break; | |
4000 | + | |
4001 | + case EMT_DELEROUTE: | |
4002 | + if ((error = ipsec_breakroute(&(em->em_eaddr), &(em->em_emask)))) | |
4003 | + SENDERR(-error); | |
4004 | + break; | |
4005 | + | |
4006 | + case EMT_CLREROUTE: | |
4007 | + if ((error = ipsec_cleareroutes())) | |
4008 | + SENDERR(-error); | |
4009 | + break; | |
4010 | + | |
4011 | + case EMT_SETSPI: | |
4012 | + if (em->em_if >= 5) /* XXX -- why 5? */ | |
4013 | + SENDERR(ENODEV); | |
4014 | + | |
4015 | + tdbp = gettdb(&(em->em_said)); | |
4016 | + if (tdbp == NULL) { | |
4017 | + tdbp = (struct tdb *)kmalloc(sizeof (*tdbp), GFP_ATOMIC); | |
4018 | + | |
4019 | + if (tdbp == NULL) | |
4020 | + SENDERR(ENOBUFS); | |
4021 | + | |
4022 | + memset((caddr_t)tdbp, 0, sizeof(*tdbp)); | |
4023 | + | |
4024 | + tdbp->tdb_said = em->em_said; | |
4025 | + tdbp->tdb_flags = em->em_flags; | |
4026 | + | |
4027 | + if(ip_chk_addr((unsigned long)em->em_said.dst.s_addr) == IS_MYADDR) { | |
4028 | + tdbp->tdb_flags |= EMT_INBOUND; | |
4029 | + } | |
4030 | + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB, | |
4031 | + "klips_debug:ipsec_callback: existing Tunnel Descriptor Block not found (this\n" | |
4032 | + "klips_debug: is good) for SA: %s, %s-bound, allocating.\n", | |
4033 | + sa, (tdbp->tdb_flags & EMT_INBOUND) ? "in" : "out"); | |
4034 | + | |
4035 | +/* XXX tdbp->tdb_rcvif = &(enc_softc[em->em_if].enc_if);*/ | |
4036 | + tdbp->tdb_rcvif = NULL; | |
4037 | + } else { | |
4038 | + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB, | |
4039 | + "klips_debug:ipsec_callback: EMT_SETSPI found an old Tunnel Descriptor Block\n" | |
4040 | + "klips_debug: for SA: %s, delete it first.\n", sa); | |
4041 | + SENDERR(EEXIST); | |
4042 | + } | |
4043 | + | |
4044 | + if ((error = tdb_init(tdbp, em))) { | |
4045 | + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB, | |
4046 | + "klips_debug:ipsec_callback: EMT_SETSPI not successful for SA: %s, deleting.\n", sa); | |
4047 | + ipsec_tdbwipe(tdbp); | |
4048 | + | |
4049 | + SENDERR(-error); | |
4050 | + } | |
4051 | + | |
4052 | + tdbp->tdb_lifetime_addtime_c = jiffies/HZ; | |
4053 | + tdbp->tdb_state = 1; | |
4054 | + if(!tdbp->tdb_lifetime_allocations_c) { | |
4055 | + tdbp->tdb_lifetime_allocations_c += 1; | |
4056 | + } | |
4057 | + | |
4058 | + puttdb(tdbp); | |
4059 | + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB, | |
4060 | + "klips_debug:ipsec_callback: EMT_SETSPI successful for SA: %s\n", sa); | |
4061 | + break; | |
4062 | + | |
4063 | + case EMT_DELSPI: | |
4064 | + if (em->em_if >= 5) /* XXX -- why 5? */ | |
4065 | + SENDERR(ENODEV); | |
4066 | + | |
4067 | + spin_lock_bh(&tdb_lock); | |
4068 | + | |
4069 | + tdbp = gettdb(&(em->em_said)); | |
4070 | + if (tdbp == NULL) { | |
4071 | + KLIPS_PRINT(debug_netlink & DB_NL_TDBCB, | |
4072 | + "klips_debug:ipsec_callback: " | |
4073 | + "EMT_DELSPI Tunnel Descriptor Block not found for SA:\n" | |
4074 | + "klips_debug: %s, could not delete.\n", sa); | |
4075 | + spin_unlock_bh(&tdb_lock); | |
4076 | + SENDERR(ENXIO); /* XXX -- wrong error message... */ | |
4077 | + } else { | |
4078 | + if((error = deltdbchain(tdbp))) { | |
4079 | + spin_unlock_bh(&tdb_lock); | |
4080 | + SENDERR(-error); | |
4081 | + } | |
4082 | + } | |
4083 | + spin_unlock_bh(&tdb_lock); | |
4084 | + | |
4085 | + break; | |
4086 | + | |
4087 | + case EMT_GRPSPIS: | |
4088 | + nspis = (len - EMT_GRPSPIS_FLEN) / sizeof(em->em_rel[0]); | |
4089 | + if ((nspis * (sizeof(em->em_rel[0]))) != (len - EMT_GRPSPIS_FLEN)) { | |
4090 | + printk("klips_debug:ipsec_callback: EMT_GRPSPI message size incorrect, expected nspis(%d)*%d, got %d.\n", | |
4091 | + nspis, | |
4092 | + sizeof(em->em_rel[0]), | |
4093 | + (len - EMT_GRPSPIS_FLEN)); | |
4094 | + SENDERR(EINVAL); | |
4095 | + break; | |
4096 | + } | |
4097 | + | |
4098 | + spin_lock_bh(&tdb_lock); | |
4099 | + | |
4100 | + for (i = 0; i < nspis; i++) { | |
4101 | + KLIPS_PRINT(debug_netlink, | |
4102 | + "klips_debug:ipsec_callback: EMT_GRPSPI for SA(%d)\n" | |
4103 | + "klips_debug: %s,\n", i, sa); | |
4104 | + if ((tdbp = gettdb(&(em->em_rel[i].emr_said))) == NULL) { | |
4105 | + KLIPS_PRINT(debug_netlink, | |
4106 | + "klips_debug:ipsec_callback: " | |
4107 | + "EMT_GRPSPI Tunnel Descriptor Block not found for SA:\n" | |
4108 | + "klips_debug: %s, could not group.\n", sa); | |
4109 | + spin_unlock_bh(&tdb_lock); | |
4110 | + SENDERR(ENXIO); | |
4111 | + } else { | |
4112 | + if(tdbp->tdb_inext || tdbp->tdb_onext) { | |
4113 | + KLIPS_PRINT(debug_netlink, | |
4114 | + "klips_debug:ipsec_callback: " | |
4115 | + "EMT_GRPSPI Tunnel Descriptor Block already grouped\n" | |
4116 | + "klips_debug: for SA: %s, can't regroup.\n", sa); | |
4117 | + spin_unlock_bh(&tdb_lock); | |
4118 | + SENDERR(EBUSY); | |
4119 | + } | |
4120 | + em->em_rel[i].emr_tdb = tdbp; | |
4121 | + } | |
4122 | + } | |
4123 | + tprev = em->em_rel[0].emr_tdb; | |
4124 | + tprev->tdb_inext = NULL; | |
4125 | + for (i = 1; i < nspis; i++) { | |
4126 | + tdbp = em->em_rel[i].emr_tdb; | |
4127 | + tprev->tdb_onext = tdbp; | |
4128 | + tdbp->tdb_inext = tprev; | |
4129 | + tprev = tdbp; | |
4130 | + } | |
4131 | + tprev->tdb_onext = NULL; | |
4132 | + | |
4133 | + spin_unlock_bh(&tdb_lock); | |
4134 | + | |
4135 | + error = 0; | |
4136 | + break; | |
4137 | + | |
4138 | + case EMT_UNGRPSPIS: | |
4139 | + if (len != (8 + (sizeof(struct sa_id) + sizeof(struct tdb *)) /* 12 */) ) { | |
4140 | + printk("klips_debug:ipsec_callback: " | |
4141 | + "EMT_UNGRPSPIS message size incorrect, expected %d, got %d.\n", | |
4142 | + 8 + (sizeof(struct sa_id) + sizeof(struct tdb *)), | |
4143 | + len); | |
4144 | + SENDERR(EINVAL); | |
4145 | + break; | |
4146 | + } | |
4147 | + | |
4148 | + spin_lock_bh(&tdb_lock); | |
4149 | + | |
4150 | + if ((tdbp = gettdb(&(em->em_rel[0].emr_said))) == NULL) { | |
4151 | + KLIPS_PRINT(debug_netlink, | |
4152 | + "klips_debug:ipsec_callback: " | |
4153 | + "EMT_UGRPSPI Tunnel Descriptor Block not found for SA:\n" | |
4154 | + "klips_debug: %s, could not ungroup.\n", sa); | |
4155 | + spin_unlock_bh(&tdb_lock); | |
4156 | + SENDERR(ENXIO); | |
4157 | + } | |
4158 | + while(tdbp->tdb_onext) { | |
4159 | + tdbp = tdbp->tdb_onext; | |
4160 | + } | |
4161 | + while(tdbp->tdb_inext) { | |
4162 | + tprev = tdbp; | |
4163 | + tdbp = tdbp->tdb_inext; | |
4164 | + tprev->tdb_inext = NULL; | |
4165 | + tdbp->tdb_onext = NULL; | |
4166 | + } | |
4167 | + | |
4168 | + spin_unlock_bh(&tdb_lock); | |
4169 | + | |
4170 | + break; | |
4171 | + | |
4172 | + case EMT_CLRSPIS: | |
4173 | + KLIPS_PRINT(debug_netlink, | |
4174 | + "klips_debug:ipsec_callback: spi clear called.\n"); | |
4175 | + if (em->em_if >= 5) /* XXX -- why 5? */ | |
4176 | + SENDERR(ENODEV); | |
4177 | + ipsec_tdbcleanup(0); | |
4178 | + break; | |
4179 | + default: | |
4180 | + KLIPS_PRINT(debug_netlink, | |
4181 | + "klips_debug:ipsec_callback: unknown message type\n"); | |
4182 | + SENDERR(EINVAL); | |
4183 | + } | |
4184 | + errlab: | |
4185 | +#ifdef NET_21 | |
4186 | + kfree_skb(skb); | |
4187 | +#else /* NET_21 */ | |
4188 | + kfree_skb(skb, FREE_WRITE); | |
4189 | +#endif /* NET_21 */ | |
4190 | + return len; | |
4191 | +} | |
4192 | +#endif | |
4193 | + | |
4194 | +/* | |
4195 | + * $Log$ | |
4196 | + * Revision 1.47 2000/11/06 04:32:08 rgb | |
4197 | + * Ditched spin_lock_irqsave in favour of spin_lock_bh. | |
4198 | + * | |
4199 | + * Revision 1.46 2000/09/08 19:16:50 rgb | |
4200 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
4201 | + * Removed all references to CONFIG_IPSEC_PFKEYv2. | |
4202 | + * | |
4203 | + * Revision 1.45 2000/08/30 05:23:55 rgb | |
4204 | + * Compiler-define out ipsec_callback() function of ipsec_netlink.c. | |
4205 | + * Nothing should be using it anyways. | |
4206 | + * | |
4207 | + * Revision 1.44 2000/03/16 14:01:26 rgb | |
4208 | + * Indented headers for readability. | |
4209 | + * | |
4210 | + * Revision 1.43 2000/03/16 07:13:04 rgb | |
4211 | + * Hardcode PF_KEYv2 support. | |
4212 | + * Disable NET_LINK support. | |
4213 | + * | |
4214 | + * Revision 1.42 2000/01/21 06:14:27 rgb | |
4215 | + * Moved debug message for expected output on set or clear. | |
4216 | + * | |
4217 | + * Revision 1.41 1999/12/01 22:14:37 rgb | |
4218 | + * Added debugging message for bad netlink magic. | |
4219 | + * Initialise tdb_sastate to MATURE (1). | |
4220 | + * Added UNGRPSPIS bad length debugging message. | |
4221 | + * | |
4222 | + * Revision 1.40 1999/11/23 23:06:25 rgb | |
4223 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
4224 | + * | |
4225 | + * Revision 1.39 1999/11/18 04:09:18 rgb | |
4226 | + * Replaced all kernel version macros to shorter, readable form. | |
4227 | + * | |
4228 | + * Revision 1.38 1999/11/17 15:53:39 rgb | |
4229 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
4230 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
4231 | + * klips/net/ipsec/Makefile. | |
4232 | + * | |
4233 | + * Revision 1.37 1999/10/26 13:58:32 rgb | |
4234 | + * Put spinlock flags variable declaration outside the debug compiler | |
4235 | + * directive to enable compilation with debug shut off. | |
4236 | + * | |
4237 | + * Revision 1.36 1999/10/16 18:24:22 rgb | |
4238 | + * Initialize lifetime_addtime_c and lifetime_allocations_c. | |
4239 | + * Clean-up unused cruft. | |
4240 | + * | |
4241 | + * Revision 1.35 1999/10/08 18:37:34 rgb | |
4242 | + * Fix end-of-line spacing to sate whining PHMs. | |
4243 | + * | |
4244 | + * Revision 1.34 1999/10/03 18:49:11 rgb | |
4245 | + * Spinlock fixes for 2.0.xx and 2.3.xx. | |
4246 | + * | |
4247 | + * Revision 1.33 1999/10/01 15:44:53 rgb | |
4248 | + * Move spinlock header include to 2.1> scope. | |
4249 | + * | |
4250 | + * Revision 1.32 1999/10/01 00:00:53 rgb | |
4251 | + * Fix for proper netlink debugging operation. | |
4252 | + * Added tdb structure locking. | |
4253 | + * Minor formatting changes. | |
4254 | + * | |
4255 | + * Revision 1.31 1999/05/25 21:21:43 rgb | |
4256 | + * Fix deltdbchain() error return code checking. | |
4257 | + * | |
4258 | + * Revision 1.30 1999/05/09 03:25:36 rgb | |
4259 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
4260 | + * | |
4261 | + * Revision 1.29 1999/05/08 21:23:27 rgb | |
4262 | + * Simplify satoa() calling. | |
4263 | + * Fix error return reporting. | |
4264 | + * Add casting to silence the 2.2.x compile. | |
4265 | + * | |
4266 | + * Revision 1.28 1999/05/05 22:02:31 rgb | |
4267 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
4268 | + * | |
4269 | + * Revision 1.27 1999/04/29 15:16:24 rgb | |
4270 | + * Add pfkey support to debugging. | |
4271 | + * Change gettdb parameter to a pointer to reduce stack loading and | |
4272 | + * facilitate | |
4273 | + * parameter sanity checking. | |
4274 | + * Add IS_MYADDR support obviating the necessity of doing this in user | |
4275 | + * space. | |
4276 | + * Fix undetected bug by moving puttdb in SETSPI until after initialisation | |
4277 | + * to | |
4278 | + * prevent tdb usage before it is ready and to save work if it does not | |
4279 | + * initialise. | |
4280 | + * Clean up deltdb/wipe code. | |
4281 | + * Fix undetected bug of returning error as positive value. | |
4282 | + * Add a parameter to tdbcleanup to be able to delete a class of SAs. | |
4283 | + * | |
4284 | + * Revision 1.26 1999/04/16 15:39:35 rgb | |
4285 | + * Fix already fixed unbalanced #endif. | |
4286 | + * | |
4287 | + * Revision 1.25 1999/04/15 15:37:24 rgb | |
4288 | + * Forward check changes from POST1_00 branch. | |
4289 | + * | |
4290 | + * Revision 1.21.2.1 1999/04/13 20:30:26 rgb | |
4291 | + * Add experimental 'getdebug'. | |
4292 | + * | |
4293 | + * Revision 1.24 1999/04/11 00:28:58 henry | |
4294 | + * GPL boilerplate | |
4295 | + * | |
4296 | + * Revision 1.23 1999/04/07 17:44:21 rgb | |
4297 | + * Fix ipsec_callback memory leak, skb not freed after use. | |
4298 | + * | |
4299 | + * Revision 1.22 1999/04/06 04:54:26 rgb | |
4300 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
4301 | + * patch shell fixes. | |
4302 | + * | |
4303 | + * Revision 1.21 1999/02/17 16:50:11 rgb | |
4304 | + * Consolidate satoa()s for space and speed efficiency. | |
4305 | + * Convert DEBUG_IPSEC to KLIPS_PRINT | |
4306 | + * Clean out unused cruft. | |
4307 | + * | |
4308 | + * Revision 1.20 1999/01/28 23:20:49 rgb | |
4309 | + * Replace hard-coded numbers in macros and code with meaningful values | |
4310 | + * automatically generated from sizeof() and offsetof() to further the | |
4311 | + * goal of platform independance. | |
4312 | + * | |
4313 | + * Revision 1.19 1999/01/26 02:07:07 rgb | |
4314 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
4315 | + * Remove ah/esp switching on include files. | |
4316 | + * Removed dead code. | |
4317 | + * | |
4318 | + * Revision 1.18 1999/01/22 06:20:36 rgb | |
4319 | + * Cruft clean-out. | |
4320 | + * 64-bit clean-up. | |
4321 | + * Added algorithm switch code. | |
4322 | + * | |
4323 | + * Revision 1.17 1998/12/02 03:09:39 rgb | |
4324 | + * Clean up debug printing conditionals to compile with debugging off. | |
4325 | + * | |
4326 | + * Revision 1.16 1998/12/01 05:56:57 rgb | |
4327 | + * Add support for debug printing of version info. | |
4328 | + * Fail on unknown error for breakroute in replace command. | |
4329 | + * | |
4330 | + * Revision 1.15 1998/11/30 13:22:54 rgb | |
4331 | + * Rationalised all the klips kernel file headers. They are much shorter | |
4332 | + * now and won't conflict under RH5.2. | |
4333 | + * | |
4334 | + * Revision 1.14 1998/11/10 05:36:14 rgb | |
4335 | + * Clean up debug output. | |
4336 | + * Add direction to spi setup debug code. | |
4337 | + * Add support for SA direction flag. | |
4338 | + * | |
4339 | + * Revision 1.13 1998/10/31 06:51:56 rgb | |
4340 | + * Get zeroize to return something useful. | |
4341 | + * Clean up code to isolate 'spi --add/del' memory leak. | |
4342 | + * Fixed up comments in #endif directives. | |
4343 | + * | |
4344 | + * Revision 1.12 1998/10/27 00:35:02 rgb | |
4345 | + * Supressed debug output during normal operation. | |
4346 | + * | |
4347 | + * Revision 1.11 1998/10/25 02:40:21 rgb | |
4348 | + * Selective debug printing, depending upon called service. | |
4349 | + * Institute more precise error return codes from eroute commands. | |
4350 | + * Fix bug in size of stucture passed in from user space for grpspi command. | |
4351 | + * | |
4352 | + * Revision 1.10 1998/10/22 06:44:58 rgb | |
4353 | + * Convert to use satoa for printk. | |
4354 | + * Moved break; in 'set debug level code to avoid undetected bug. | |
4355 | + * Fixed run-on error message to fit 80 columns. | |
4356 | + * | |
4357 | + * Revision 1.9 1998/10/19 14:44:28 rgb | |
4358 | + * Added inclusion of freeswan.h. | |
4359 | + * sa_id structure implemented and used: now includes protocol. | |
4360 | + * | |
4361 | + * Revision 1.8 1998/10/09 04:29:51 rgb | |
4362 | + * Added support for '-replace' option to eroute. | |
4363 | + * Fixed spiungroup bug. | |
4364 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
4365 | + * | |
4366 | + * Revision 1.7 1998/08/12 00:10:06 rgb | |
4367 | + * Fixed minor error return code syntax. | |
4368 | + * | |
4369 | + * Revision 1.6 1998/07/29 20:22:57 rgb | |
4370 | + * Cosmetic cleanup. | |
4371 | + * | |
4372 | + * Revision 1.5 1998/07/27 21:53:11 rgb | |
4373 | + * Check for proper return code from eroute clear command. | |
4374 | + * Use appropriate error return codes from kernel. | |
4375 | + * Add an option to clear the SA table. | |
4376 | + * | |
4377 | + * Revision 1.4 1998/07/14 18:02:40 rgb | |
4378 | + * Add a command to clear the eroute table. | |
4379 | + * Clean up some error codes. | |
4380 | + * | |
4381 | + * Revision 1.3 1998/06/25 19:52:33 rgb | |
4382 | + * Code cosmetic changes only. | |
4383 | + * | |
4384 | + * Revision 1.2 1998/06/23 02:57:58 rgb | |
4385 | + * Clean up after an error condition in setspi. | |
4386 | + * | |
4387 | + * Revision 1.9 1998/06/18 21:29:06 henry | |
4388 | + * move sources from klips/src to klips/net/ipsec, to keep stupid kernel | |
4389 | + * build scripts happier in presence of symbolic links | |
4390 | + * | |
4391 | + * Revision 1.8 1998/06/08 17:57:15 rgb | |
4392 | + * Very minor spacing change. | |
4393 | + * | |
4394 | + * Revision 1.7 1998/05/18 21:46:45 rgb | |
4395 | + * Clean up for numerical consistency of output. | |
4396 | + * | |
4397 | + * Added debugging switch output. | |
4398 | + * | |
4399 | + * SETSPI will refuse to overwrite a previous SA. This is to make it | |
4400 | + * consistent with the eroute command. | |
4401 | + * | |
4402 | + * spidel now deletes entire chain of spi's. | |
4403 | + * | |
4404 | + * spigrp can now ungroup a set of spi's. | |
4405 | + * | |
4406 | + * spigrp will not regroup a previously grouped spi. | |
4407 | + * | |
4408 | + * Key data is properly cleaned up, ie. zeroed. | |
4409 | + * | |
4410 | + * Revision 1.6 1998/05/07 20:36:27 rgb | |
4411 | + * Fixed case where debugging not enabled that caused ipsec_netlink.c to | |
4412 | + * not compile. | |
4413 | + * | |
4414 | + * Revision 1.5 1998/05/06 03:34:21 rgb | |
4415 | + * Updated debugging output statements. | |
4416 | + * | |
4417 | + * Revision 1.4 1998/04/23 21:03:59 rgb | |
4418 | + * Completed kernel development for userspace access to klips kernel debugging | |
4419 | + * switches. | |
4420 | + * Added detail to the kernel error message when trying to group non-existant | |
4421 | + * spi's. | |
4422 | + * | |
4423 | + * Revision 1.3 1998/04/21 21:29:06 rgb | |
4424 | + * Rearrange debug switches to change on the fly debug output from user | |
4425 | + * space. Only kernel changes checked in at this time. radij.c was also | |
4426 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
4427 | + * an OOPS and hence, netlink device open errors. | |
4428 | + * | |
4429 | + * Revision 1.2 1998/04/12 22:03:23 rgb | |
4430 | + * Updated ESP-3DES-HMAC-MD5-96, | |
4431 | + * ESP-DES-HMAC-MD5-96, | |
4432 | + * AH-HMAC-MD5-96, | |
4433 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
4434 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
4435 | + * | |
4436 | + * Fixed eroute references in /proc/net/ipsec*. | |
4437 | + * | |
4438 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
4439 | + * radij tree unloading. | |
4440 | + * | |
4441 | + * Revision 1.1 1998/04/09 03:06:08 henry | |
4442 | + * sources moved up from linux/net/ipsec | |
4443 | + * | |
4444 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
4445 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
4446 | + * | |
4447 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
4448 | + * No changes. | |
4449 | + * | |
4450 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
4451 | + * Minor cleanups. | |
4452 | + * Rationalized debugging code. | |
4453 | + * | |
4454 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
4455 | + * First limited release. | |
4456 | + * | |
4457 | + * | |
4458 | + */ | |
4459 | diff -druN linux-noipsec/net/ipsec/ipsec_netlink.h linux/net/ipsec/ipsec_netlink.h | |
4460 | --- linux-noipsec/net/ipsec/ipsec_netlink.h Thu Jan 1 01:00:00 1970 | |
4461 | +++ linux/net/ipsec/ipsec_netlink.h Tue Oct 10 22:10:18 2000 | |
4462 | @@ -0,0 +1,330 @@ | |
4463 | +/* | |
4464 | + * IPSEC <> netlink interface | |
4465 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
4466 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
4467 | + * | |
4468 | + * This program is free software; you can redistribute it and/or modify it | |
4469 | + * under the terms of the GNU General Public License as published by the | |
4470 | + * Free Software Foundation; either version 2 of the License, or (at your | |
4471 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
4472 | + * | |
4473 | + * This program is distributed in the hope that it will be useful, but | |
4474 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
4475 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
4476 | + * for more details. | |
4477 | + * | |
4478 | + * RCSID $Id$ | |
4479 | + */ | |
4480 | + | |
4481 | +#include <linux/stddef.h> | |
4482 | + | |
4483 | +#ifndef NETLINK_IPSEC | |
4484 | +#define NETLINK_IPSEC 10 /* IPSEC */ | |
4485 | +#endif /* !NETLINK_IPSEC */ | |
4486 | + | |
4487 | +#define EM_MAXRELSPIS 4 /* at most five chained xforms */ | |
4488 | +#define EM_MAGIC 0x5377616e /* "Swan" */ | |
4489 | + | |
4490 | +#define EMT_IFADDR 1 /* set enc if addr */ | |
4491 | +#define EMT_SETSPI 2 /* Set SPI properties */ | |
4492 | +#define EMT_DELSPI 3 /* Delete an SPI */ | |
4493 | +#define EMT_GRPSPIS 4 /* Group SPIs (output order) */ | |
4494 | +#define EMT_SETEROUTE 5 /* set an extended route */ | |
4495 | +#define EMT_DELEROUTE 6 /* del an extended route */ | |
4496 | +#define EMT_TESTROUTE 7 /* try to find route, print to console */ | |
4497 | +#define EMT_SETDEBUG 8 /* set debug level if active */ | |
4498 | +#define EMT_UNGRPSPIS 9 /* UnGroup SPIs (output order) */ | |
4499 | +#define EMT_CLREROUTE 10 /* clear the extended route table */ | |
4500 | +#define EMT_CLRSPIS 11 /* clear the spi table */ | |
4501 | +#define EMT_RPLACEROUTE 12 /* set an extended route */ | |
4502 | +#define EMT_GETDEBUG 13 /* get debug level if active */ | |
4503 | + | |
4504 | +#ifdef CONFIG_IPSEC_DEBUG | |
4505 | +#define DB_NL_TDBCB 0x0001 | |
4506 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
4507 | + | |
4508 | +/* em_flags constants */ | |
4509 | +/* be mindful that this flag conflicts with SADB_SAFLAGS_PFS in pfkeyv2 */ | |
4510 | +/* perhaps it should be moved... */ | |
4511 | +#define EMT_INBOUND 0x01 /* SA direction, 1=inbound */ | |
4512 | + | |
4513 | +struct encap_msghdr | |
4514 | +{ | |
4515 | + __u32 em_magic; /* EM_MAGIC */ | |
4516 | +#if 0 | |
4517 | + __u16 em_msglen; /* message length */ | |
4518 | +#endif | |
4519 | + __u8 em_msglen; /* message length */ | |
4520 | + __u8 em_flags; /* message flags */ | |
4521 | + __u8 em_version; /* for future expansion */ | |
4522 | + __u8 em_type; /* message type */ | |
4523 | + union | |
4524 | + { | |
4525 | + __u8 C; /* Free-text */ | |
4526 | + | |
4527 | + struct | |
4528 | + { | |
4529 | + struct sa_id Said; /* SA ID */ | |
4530 | + struct sockaddr_encap Eaddr; | |
4531 | + struct sockaddr_encap Emask; | |
4532 | + } Ert; | |
4533 | + | |
4534 | + struct | |
4535 | + { | |
4536 | + struct in_addr Ia; | |
4537 | + __u8 Ifn; | |
4538 | + __u8 xxx[3]; /* makes life a lot easier */ | |
4539 | + } Ifa; | |
4540 | + | |
4541 | + struct | |
4542 | + { | |
4543 | + struct sa_id Said; /* SA ID */ | |
4544 | + int If; /* enc i/f for input */ | |
4545 | + int Alg; /* Algorithm to use */ | |
4546 | + | |
4547 | + /* The following union is a surrogate for | |
4548 | + * algorithm-specific data. To insure | |
4549 | + * proper alignment, worst-case fields | |
4550 | + * should be included. It would be even | |
4551 | + * better to include the types that will | |
4552 | + * actually be used, but they may not be | |
4553 | + * defined for each use of this header. | |
4554 | + * The actual length is expected to be longer | |
4555 | + * than is declared here. References are normally | |
4556 | + * made using the em_dat macro, as if it were a | |
4557 | + * field name. | |
4558 | + */ | |
4559 | + union { /* Data */ | |
4560 | + __u8 Dat[1]; | |
4561 | + __u64 Datq[1]; /* maximal alignment (?) */ | |
4562 | + } u; | |
4563 | + } Xfm; | |
4564 | + | |
4565 | + struct | |
4566 | + { | |
4567 | + struct sa_id emr_said; /* SA ID */ | |
4568 | + struct tdb * emr_tdb; /* used internally! */ | |
4569 | + | |
4570 | + } Rel[EM_MAXRELSPIS]; | |
4571 | + | |
4572 | +#ifdef CONFIG_IPSEC_DEBUG | |
4573 | + struct | |
4574 | + { | |
4575 | + int debug_tunnel; | |
4576 | + int debug_netlink; | |
4577 | + int debug_xform; | |
4578 | + int debug_eroute; | |
4579 | + int debug_spi; | |
4580 | + int debug_radij; | |
4581 | + int debug_esp; | |
4582 | + int debug_ah; | |
4583 | + int debug_rcv; | |
4584 | + int debug_pfkey; | |
4585 | + int debug_ipcomp; | |
4586 | + int debug_verbose; | |
4587 | + } Dbg; | |
4588 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
4589 | + } Eu; | |
4590 | +}; | |
4591 | + | |
4592 | +#define EM_MINLEN offsetof(struct encap_msghdr, Eu) | |
4593 | +#define EMT_SETSPI_FLEN offsetof(struct encap_msghdr, em_dat) | |
4594 | +#define EMT_GRPSPIS_FLEN offsetof(struct encap_msghdr, Eu.Rel) | |
4595 | +#define EMT_SETDEBUG_FLEN (offsetof(struct encap_msghdr, Eu.Dbg + \ | |
4596 | + sizeof(((struct encap_msghdr*)0)->Eu.Dbg))) | |
4597 | + | |
4598 | +#define em_c Eu.C | |
4599 | +#define em_eaddr Eu.Ert.Eaddr | |
4600 | +#define em_emask Eu.Ert.Emask | |
4601 | +#define em_ersaid Eu.Ert.Said | |
4602 | +#define em_erdst Eu.Ert.Said.dst | |
4603 | +#define em_erspi Eu.Ert.Said.spi | |
4604 | +#define em_erproto Eu.Ert.Said.proto | |
4605 | + | |
4606 | +#define em_ifa Eu.Ifa.Ia | |
4607 | +#define em_ifn Eu.Ifa.Ifn | |
4608 | + | |
4609 | +#define em_said Eu.Xfm.Said | |
4610 | +#define em_spi Eu.Xfm.Said.spi | |
4611 | +#define em_dst Eu.Xfm.Said.dst | |
4612 | +#define em_proto Eu.Xfm.Said.proto | |
4613 | +#define em_if Eu.Xfm.If | |
4614 | +#define em_alg Eu.Xfm.Alg | |
4615 | +#define em_dat Eu.Xfm.u.Dat | |
4616 | + | |
4617 | +#define em_rel Eu.Rel | |
4618 | +#define emr_dst emr_said.dst | |
4619 | +#define emr_spi emr_said.spi | |
4620 | +#define emr_proto emr_said.proto | |
4621 | + | |
4622 | +#ifdef CONFIG_IPSEC_DEBUG | |
4623 | +#define em_db_tn Eu.Dbg.debug_tunnel | |
4624 | +#define em_db_nl Eu.Dbg.debug_netlink | |
4625 | +#define em_db_xf Eu.Dbg.debug_xform | |
4626 | +#define em_db_er Eu.Dbg.debug_eroute | |
4627 | +#define em_db_sp Eu.Dbg.debug_spi | |
4628 | +#define em_db_rj Eu.Dbg.debug_radij | |
4629 | +#define em_db_es Eu.Dbg.debug_esp | |
4630 | +#define em_db_ah Eu.Dbg.debug_ah | |
4631 | +#define em_db_rx Eu.Dbg.debug_rcv | |
4632 | +#define em_db_ky Eu.Dbg.debug_pfkey | |
4633 | +#define em_db_gz Eu.Dbg.debug_ipcomp | |
4634 | +#define em_db_vb Eu.Dbg.debug_verbose | |
4635 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
4636 | + | |
4637 | +#ifdef __KERNEL__ | |
4638 | +extern char ipsec_netlink_c_version[]; | |
4639 | +#ifndef KERNEL_VERSION | |
4640 | +# include <linux/version.h> | |
4641 | +#endif | |
4642 | +#ifdef NETLINK_SOCK | |
4643 | +extern int ipsec_callback(int proto, struct sk_buff *skb); | |
4644 | +#else /* NETLINK_SOCK */ | |
4645 | +extern int ipsec_callback(struct sk_buff *skb); | |
4646 | +#endif /* NETLINK_SOCK */ | |
4647 | +extern void ipsec_print_ip(struct iphdr *ip); | |
4648 | + | |
4649 | +#ifdef CONFIG_IPSEC_DEBUG | |
4650 | + #define KLIPS_PRINT(flag, format, args...) \ | |
4651 | + ((flag) ? printk(KERN_INFO format , ## args) : 0) | |
4652 | + #define KLIPS_PRINTMORE(flag, format, args...) \ | |
4653 | + ((flag) ? printk(format , ## args) : 0) | |
4654 | + #define KLIPS_IP_PRINT(flag, ip) \ | |
4655 | + ((flag) ? ipsec_print_ip(ip) : 0) | |
4656 | +#else /* CONFIG_IPSEC_DEBUG */ | |
4657 | + #define KLIPS_PRINT(flag, format, args...) do ; while(0) | |
4658 | + #define KLIPS_PRINTMORE(flag, format, args...) do ; while(0) | |
4659 | + #define KLIPS_IP_PRINT(flag, ip) do ; while(0) | |
4660 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
4661 | + | |
4662 | +#ifdef CONFIG_IPSEC_DEBUG | |
4663 | +extern int debug_netlink; | |
4664 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
4665 | +#endif /* __KERNEL__ */ | |
4666 | + | |
4667 | +/* | |
4668 | + * $Log$ | |
4669 | + * Revision 1.28 2000/10/10 20:10:18 rgb | |
4670 | + * Added support for debug_ipcomp and debug_verbose to klipsdebug. | |
4671 | + * | |
4672 | + * Revision 1.27 2000/09/12 03:20:28 rgb | |
4673 | + * Cleared out now unused pfkeyv2 switch. | |
4674 | + * | |
4675 | + * Revision 1.26 2000/09/08 19:16:50 rgb | |
4676 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
4677 | + * Removed all references to CONFIG_IPSEC_PFKEYv2. | |
4678 | + * | |
4679 | + * Revision 1.25 2000/08/24 16:51:59 rgb | |
4680 | + * Added KLIPS_PRINTMORE macro to continue lines without KERN_INFO level | |
4681 | + * info. | |
4682 | + * | |
4683 | + * Revision 1.24 2000/08/09 20:43:34 rgb | |
4684 | + * Fixed bitmask value for SADB_X_SAFLAGS_CLEAREROUTE. | |
4685 | + * | |
4686 | + * Revision 1.23 2000/03/16 14:01:48 rgb | |
4687 | + * Hardwired CONFIG_IPSEC_PFKEYv2 on. | |
4688 | + * | |
4689 | + * Revision 1.22 1999/12/08 20:31:32 rgb | |
4690 | + * Moved IPPROTO_COMP to lib/freeswan.h to simplify userspace includes. | |
4691 | + * | |
4692 | + * Revision 1.21 1999/11/18 18:47:41 rgb | |
4693 | + * Added "#define NETLINK_IPSEC" in case kernel was not compiled with it. | |
4694 | + * | |
4695 | + * Revision 1.20 1999/11/18 04:09:18 rgb | |
4696 | + * Replaced all kernel version macros to shorter, readable form. | |
4697 | + * | |
4698 | + * Revision 1.19 1999/08/28 08:27:05 rgb | |
4699 | + * Add a temporary kludge for 2.0.37-38 to compile even if one patch failed. | |
4700 | + * | |
4701 | + * Revision 1.18 1999/08/03 17:09:33 rgb | |
4702 | + * Tidy up debug output, use KERN_INFO macro in printk's. | |
4703 | + * | |
4704 | + * Revision 1.17 1999/05/25 01:45:37 rgb | |
4705 | + * Fix version macros for 2.0.x as a module. | |
4706 | + * | |
4707 | + * Revision 1.16 1999/05/05 22:02:31 rgb | |
4708 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
4709 | + * | |
4710 | + * Revision 1.15 1999/04/29 15:16:55 rgb | |
4711 | + * Add pfkey support to debugging. | |
4712 | + * | |
4713 | + * Revision 1.14 1999/04/15 15:37:24 rgb | |
4714 | + * Forward check changes from POST1_00 branch. | |
4715 | + * | |
4716 | + * Revision 1.13 1999/04/11 00:28:58 henry | |
4717 | + * GPL boilerplate | |
4718 | + * | |
4719 | + * Revision 1.12 1999/04/06 04:54:26 rgb | |
4720 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
4721 | + * patch shell fixes. | |
4722 | + * | |
4723 | + * Revision 1.11 1999/02/12 21:13:17 rgb | |
4724 | + * Moved KLIPS_PRINT into a more accessible place. | |
4725 | + * | |
4726 | + * Revision 1.10 1999/01/28 23:20:49 rgb | |
4727 | + * Replace hard-coded numbers in macros and code with meaningful values | |
4728 | + * automatically generated from sizeof() and offsetof() to further the | |
4729 | + * goal of platform independance. | |
4730 | + * | |
4731 | + * Revision 1.9 1999/01/22 06:21:23 rgb | |
4732 | + * Added algorithm switch code. | |
4733 | + * Cruft clean-out. | |
4734 | + * 64-bit clean-up. | |
4735 | + * | |
4736 | + * Revision 1.8 1998/12/01 05:57:42 rgb | |
4737 | + * Add support for printing debug version info. | |
4738 | + * | |
4739 | + * Revision 1.7 1998/11/10 05:37:35 rgb | |
4740 | + * Add support for SA direction flag. | |
4741 | + * | |
4742 | + * Revision 1.6 1998/10/25 02:40:45 rgb | |
4743 | + * Fix bug in size of stucture passed in from user space for grpspi command. | |
4744 | + * | |
4745 | + * Revision 1.5 1998/10/19 14:44:29 rgb | |
4746 | + * Added inclusion of freeswan.h. | |
4747 | + * sa_id structure implemented and used: now includes protocol. | |
4748 | + * | |
4749 | + * Revision 1.4 1998/10/09 04:30:11 rgb | |
4750 | + * Added support for '-replace' option to eroute. | |
4751 | + * | |
4752 | + * Revision 1.3 1998/07/27 21:54:22 rgb | |
4753 | + * Rearrange structures for consistent alignment within a union. | |
4754 | + * Add an option for clearing SA table. | |
4755 | + * | |
4756 | + * Revision 1.2 1998/07/14 18:05:51 rgb | |
4757 | + * Added #ifdef __KERNEL__ directives to restrict scope of header. | |
4758 | + * | |
4759 | + * Revision 1.1 1998/06/18 21:27:49 henry | |
4760 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
4761 | + * kernel-build scripts happier in the presence of symlinks | |
4762 | + * | |
4763 | + * Revision 1.4 1998/05/18 21:48:24 rgb | |
4764 | + * Added switch for ungrouping spi's. | |
4765 | + * | |
4766 | + * Revision 1.3 1998/04/23 21:01:50 rgb | |
4767 | + * Added a macro for userspace access to klips kernel debugging switches. | |
4768 | + * | |
4769 | + * Revision 1.2 1998/04/21 21:29:09 rgb | |
4770 | + * Rearrange debug switches to change on the fly debug output from user | |
4771 | + * space. Only kernel changes checked in at this time. radij.c was also | |
4772 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
4773 | + * an OOPS and hence, netlink device open errors. | |
4774 | + * | |
4775 | + * Revision 1.1 1998/04/09 03:06:09 henry | |
4776 | + * sources moved up from linux/net/ipsec | |
4777 | + * | |
4778 | + * Revision 1.1.1.1 1998/04/08 05:35:03 henry | |
4779 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
4780 | + * | |
4781 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
4782 | + * No changes. | |
4783 | + * | |
4784 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
4785 | + * Minor cleanups. | |
4786 | + * Rationalized debugging code. | |
4787 | + * | |
4788 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
4789 | + * First limited release. | |
4790 | + * | |
4791 | + * | |
4792 | + */ | |
4793 | diff -druN linux-noipsec/net/ipsec/ipsec_radij.c linux/net/ipsec/ipsec_radij.c | |
4794 | --- linux-noipsec/net/ipsec/ipsec_radij.c Thu Jan 1 01:00:00 1970 | |
4795 | +++ linux/net/ipsec/ipsec_radij.c Mon Nov 6 05:32:08 2000 | |
4796 | @@ -0,0 +1,510 @@ | |
4797 | +/* | |
4798 | + * Interface between the IPSEC code and the radix (radij) tree code | |
4799 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
4800 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
4801 | + * | |
4802 | + * This program is free software; you can redistribute it and/or modify it | |
4803 | + * under the terms of the GNU General Public License as published by the | |
4804 | + * Free Software Foundation; either version 2 of the License, or (at your | |
4805 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
4806 | + * | |
4807 | + * This program is distributed in the hope that it will be useful, but | |
4808 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
4809 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
4810 | + * for more details. | |
4811 | + * | |
4812 | + * RCSID $Id$ | |
4813 | + */ | |
4814 | + | |
4815 | +#include <linux/config.h> | |
4816 | +#include <linux/version.h> | |
4817 | + | |
4818 | +#include <linux/kernel.h> /* printk() */ | |
4819 | +#include <linux/malloc.h> /* kmalloc() */ | |
4820 | +#include <linux/errno.h> /* error codes */ | |
4821 | +#include <linux/types.h> /* size_t */ | |
4822 | +#include <linux/interrupt.h> /* mark_bh */ | |
4823 | + | |
4824 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
4825 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
4826 | +#include <linux/ip.h> /* struct iphdr */ | |
4827 | +#include <linux/skbuff.h> | |
4828 | +#include <freeswan.h> | |
4829 | +#ifdef SPINLOCK | |
4830 | +#ifdef SPINLOCK_23 | |
4831 | +#include <linux/spinlock.h> /* *lock* */ | |
4832 | +#else /* 23_SPINLOCK */ | |
4833 | +#include <asm/spinlock.h> /* *lock* */ | |
4834 | +#endif /* 23_SPINLOCK */ | |
4835 | +#endif /* SPINLOCK */ | |
4836 | +#ifdef NET_21 | |
4837 | +#include <asm/uaccess.h> | |
4838 | +#include <linux/in6.h> | |
4839 | +#endif | |
4840 | +#include <asm/checksum.h> | |
4841 | +#include <net/ip.h> | |
4842 | + | |
4843 | +#include "radij.h" | |
4844 | +#include "ipsec_encap.h" | |
4845 | +#include "ipsec_radij.h" | |
4846 | +#include "ipsec_netlink.h" | |
4847 | +#include "ipsec_xform.h" | |
4848 | + | |
4849 | +#ifdef CONFIG_IPSEC_DEBUG | |
4850 | +int debug_radij = 0; | |
4851 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
4852 | + | |
4853 | +struct radij_node_head *rnh = 0; | |
4854 | +#ifdef SPINLOCK | |
4855 | +spinlock_t eroute_lock = SPIN_LOCK_UNLOCKED; | |
4856 | +#else /* SPINLOCK */ | |
4857 | +spinlock_t eroute_lock; | |
4858 | +#endif /* SPINLOCK */ | |
4859 | + | |
4860 | +int | |
4861 | +ipsec_radijinit(void) | |
4862 | +{ | |
4863 | + maj_keylen = sizeof (struct sockaddr_encap); | |
4864 | + | |
4865 | + rj_init(); | |
4866 | + | |
4867 | + if (rj_inithead((void **)&rnh, 16) == 0) /* 16 is bit offset of sen_type */ | |
4868 | + return -1; | |
4869 | + return 0; | |
4870 | +} | |
4871 | + | |
4872 | +int | |
4873 | +ipsec_radijcleanup(void) | |
4874 | +{ | |
4875 | + int error; | |
4876 | + | |
4877 | + spin_lock_bh(&eroute_lock); | |
4878 | + | |
4879 | + error = radijcleanup(); | |
4880 | + | |
4881 | + spin_unlock_bh(&eroute_lock); | |
4882 | + | |
4883 | + return error; | |
4884 | +} | |
4885 | + | |
4886 | +int | |
4887 | +ipsec_cleareroutes(void) | |
4888 | +{ | |
4889 | + int error; | |
4890 | + | |
4891 | + spin_lock_bh(&eroute_lock); | |
4892 | + | |
4893 | + error = radijcleartree(); | |
4894 | + | |
4895 | + spin_unlock_bh(&eroute_lock); | |
4896 | + | |
4897 | + return error; | |
4898 | +} | |
4899 | + | |
4900 | +int | |
4901 | +ipsec_breakroute(struct sockaddr_encap *eaddr, struct sockaddr_encap *emask) | |
4902 | +{ | |
4903 | + struct radij_node *rn; | |
4904 | + int error; | |
4905 | +#ifdef CONFIG_IPSEC_DEBUG | |
4906 | + char buf1[64], buf2[64]; | |
4907 | + | |
4908 | + if (debug_eroute) { | |
4909 | + subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1)); | |
4910 | + subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
4911 | + printk("klips_debug:ipsec_breakroute: attempting to delete eroute for %s->%s\n", | |
4912 | + buf1, buf2); | |
4913 | + } | |
4914 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
4915 | + | |
4916 | + spin_lock_bh(&eroute_lock); | |
4917 | + | |
4918 | + if ((error = rj_delete(eaddr, emask, rnh, &rn)) != 0) { | |
4919 | + spin_unlock_bh(&eroute_lock); | |
4920 | + KLIPS_PRINT(debug_eroute, "klips_debug:ipsec_breakroute: " | |
4921 | + "node not found, eroute delete failed.\n"); | |
4922 | + return error; | |
4923 | + } | |
4924 | + | |
4925 | + spin_unlock_bh(&eroute_lock); | |
4926 | + | |
4927 | + if (rn->rj_flags & (RJF_ACTIVE | RJF_ROOT)) | |
4928 | + panic ("ipsec_breakroute RMT_DELEROUTE root or active node\n"); | |
4929 | + | |
4930 | + memset((caddr_t)rn, 0, sizeof (struct eroute)); | |
4931 | + kfree(rn); | |
4932 | + | |
4933 | + return 0; | |
4934 | +} | |
4935 | + | |
4936 | +int | |
4937 | +ipsec_makeroute(struct sockaddr_encap *eaddr, struct sockaddr_encap *emask, struct sa_id said) | |
4938 | +{ | |
4939 | + struct eroute *retrt; | |
4940 | + int error; | |
4941 | + char sa[SATOA_BUF]; | |
4942 | + size_t sa_len; | |
4943 | +#ifdef CONFIG_IPSEC_DEBUG | |
4944 | + char buf1[64], buf2[64]; | |
4945 | + | |
4946 | + if (debug_eroute) { | |
4947 | + subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1)); | |
4948 | + subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
4949 | + sa_len = satoa(said, 0, sa, SATOA_BUF); | |
4950 | + printk("klips_debug:ipsec_makeroute: attempting to insert eroute for %s->%s, SA: %s\n", | |
4951 | + buf1, buf2, sa); | |
4952 | + } | |
4953 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
4954 | + | |
4955 | + retrt = (struct eroute *)kmalloc(sizeof (struct eroute), GFP_ATOMIC); | |
4956 | + if (retrt == NULL) { | |
4957 | + printk("klips_error:ipsec_makeroute: not able to allocate kernel memory"); | |
4958 | + return ENOMEM; | |
4959 | + } | |
4960 | + memset((caddr_t)retrt, 0, sizeof (struct eroute)); | |
4961 | + | |
4962 | + retrt->er_eaddr = *eaddr; | |
4963 | + retrt->er_emask = *emask; | |
4964 | + retrt->er_said = said; | |
4965 | + rd_key((&(retrt->er_rjt))) = &(retrt->er_eaddr); | |
4966 | + | |
4967 | + spin_lock_bh(&eroute_lock); | |
4968 | + | |
4969 | + error = rj_addroute(&(retrt->er_eaddr), &(retrt->er_emask), | |
4970 | + rnh, retrt->er_rjt.rd_nodes); | |
4971 | + | |
4972 | + spin_unlock_bh(&eroute_lock); | |
4973 | + | |
4974 | + if(error) { | |
4975 | + sa_len = satoa(said, 0, sa, SATOA_BUF); | |
4976 | + printk("klips_debug:ipsec_makeroute: rj_addroute not able to insert eroute for SA:%s\n", sa); | |
4977 | + kfree(retrt); /* XXX -- should we? */ | |
4978 | + return error; | |
4979 | + } | |
4980 | + KLIPS_PRINT(debug_eroute, | |
4981 | + "klips_debug:ipsec_makeroute: succeeded, I think...\n"); | |
4982 | + return 0; | |
4983 | +} | |
4984 | + | |
4985 | +struct eroute * | |
4986 | +ipsec_findroute(struct sockaddr_encap *eaddr) | |
4987 | +{ | |
4988 | + struct radij_node *rn; | |
4989 | +#ifdef CONFIG_IPSEC_DEBUG | |
4990 | + char buf1[ADDRTOA_BUF], buf2[ADDRTOA_BUF]; | |
4991 | + | |
4992 | + if (debug_radij & DB_RJ_FINDROUTE) { | |
4993 | + addrtoa(eaddr->sen_ip_src, 0, buf1, sizeof(buf1)); | |
4994 | + addrtoa(eaddr->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
4995 | + printk("klips_debug:ipsec_findroute: %s->%s\n", | |
4996 | + buf1, buf2); | |
4997 | + } | |
4998 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
4999 | + rn = rj_match((caddr_t)eaddr, rnh); | |
5000 | + return (struct eroute *)rn; | |
5001 | +} | |
5002 | + | |
5003 | +#ifdef CONFIG_PROC_FS | |
5004 | +int | |
5005 | +ipsec_rj_walker_procprint(struct radij_node *rn, void *w0) | |
5006 | +{ | |
5007 | + struct eroute *ro = (struct eroute *)rn; | |
5008 | + struct rjtentry *rd = (struct rjtentry *)rn; | |
5009 | + struct wsbuf *w = (struct wsbuf *)w0; | |
5010 | + char buf1[64], buf2[64]; | |
5011 | + char sa[SATOA_BUF]; | |
5012 | + size_t sa_len; | |
5013 | + struct sockaddr_encap *key, *mask; | |
5014 | + | |
5015 | + KLIPS_PRINT(debug_radij, | |
5016 | + "klips_debug:ipsec_rj_walker_procprint: rn=%p, w0=%p\n", | |
5017 | + rn, w0); | |
5018 | + if (rn == NULL) { | |
5019 | + return 120; | |
5020 | + } | |
5021 | + | |
5022 | + if (rn->rj_b >= 0) { | |
5023 | + return 0; | |
5024 | + } | |
5025 | + | |
5026 | + key = rd_key(rd); | |
5027 | + mask = rd_mask(rd); | |
5028 | + | |
5029 | + if ((key == 0) || (mask == 0)) { | |
5030 | + return 0; | |
5031 | + } | |
5032 | + | |
5033 | + subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1)); | |
5034 | + subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
5035 | + sa_len = satoa(ro->er_said, 0, sa, SATOA_BUF); | |
5036 | + w->len += sprintf(w->buffer + w->len, | |
5037 | + "%-18s -> %-18s => %s\n", | |
5038 | + buf1, buf2, sa); | |
5039 | + | |
5040 | + w->pos = w->begin + w->len; | |
5041 | + if(w->pos < w->offset) { | |
5042 | + w->len = 0; | |
5043 | + w->begin = w->pos; | |
5044 | + } | |
5045 | + if (w->pos > w->offset + w->length) { | |
5046 | + return -ENOBUFS; | |
5047 | + } | |
5048 | + return 0; | |
5049 | +} | |
5050 | +#endif /* CONFIG_PROC_FS */ | |
5051 | + | |
5052 | +int | |
5053 | +ipsec_rj_walker_delete(struct radij_node *rn, void *w0) | |
5054 | +{ | |
5055 | + struct rjtentry *rd = (struct rjtentry *)rn; | |
5056 | + struct radij_node *rn2; | |
5057 | + int error; | |
5058 | + struct sockaddr_encap *key, *mask; | |
5059 | +#ifdef CONFIG_IPSEC_DEBUG | |
5060 | + char buf1[64] = { 0 }, buf2[64] = { 0 }; | |
5061 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
5062 | + | |
5063 | + if (rn == NULL) { | |
5064 | + return 120; | |
5065 | + } | |
5066 | + | |
5067 | + key = rd_key(rd); | |
5068 | + mask = rd_mask(rd); | |
5069 | + | |
5070 | + if(!key || !mask) { | |
5071 | + return -1; | |
5072 | + } | |
5073 | +#ifdef CONFIG_IPSEC_DEBUG | |
5074 | + if(debug_radij) { | |
5075 | + subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1)); | |
5076 | + subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2)); | |
5077 | + printk("klips_debug:ipsec_rj_walker_delete: deleting: %s -> %s\n", | |
5078 | + buf1, buf2); | |
5079 | + } | |
5080 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
5081 | + | |
5082 | + if((error = rj_delete(key, mask, rnh, &rn2))) { | |
5083 | + KLIPS_PRINT(debug_radij, | |
5084 | + "klips_debug:ipsec_rj_walker_delete: " | |
5085 | + "rj_delete failed with error=%d.\n", error); | |
5086 | + return error; | |
5087 | + } | |
5088 | + | |
5089 | + if(rn2 != rn) { | |
5090 | + printk("klips_debug:ipsec_rj_walker_delete: tried to delete a different node?!?" | |
5091 | + "This should never happen!\n"); | |
5092 | + } | |
5093 | + memset((caddr_t)rn, 0, sizeof (struct eroute)); | |
5094 | + kfree(rn); | |
5095 | + | |
5096 | + return 0; | |
5097 | +} | |
5098 | + | |
5099 | +/* | |
5100 | + * $Log$ | |
5101 | + * Revision 1.41 2000/11/06 04:32:08 rgb | |
5102 | + * Ditched spin_lock_irqsave in favour of spin_lock_bh. | |
5103 | + * | |
5104 | + * Revision 1.40 2000/09/08 19:12:56 rgb | |
5105 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
5106 | + * | |
5107 | + * Revision 1.39 2000/08/30 05:25:20 rgb | |
5108 | + * Correct debug text in ipsec_breakroute() from incorrect | |
5109 | + * "ipsec_callback". | |
5110 | + * | |
5111 | + * Revision 1.38 2000/07/28 14:58:31 rgb | |
5112 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
5113 | + * | |
5114 | + * Revision 1.37 2000/03/16 14:02:50 rgb | |
5115 | + * Fixed debug scope to enable compilation with debug off. | |
5116 | + * | |
5117 | + * Revision 1.36 2000/01/21 06:14:46 rgb | |
5118 | + * Added debugging text to ipsec_rj_walker_delete(). | |
5119 | + * Set return code to negative for consistency. | |
5120 | + * | |
5121 | + * Revision 1.35 1999/11/23 23:05:24 rgb | |
5122 | + * Use provided macro ADDRTOA_BUF instead of hardcoded value. | |
5123 | + * | |
5124 | + * Revision 1.34 1999/11/18 04:13:56 rgb | |
5125 | + * Replaced all kernel version macros to shorter, readable form. | |
5126 | + * Added CONFIG_PROC_FS compiler directives in case it is shut off. | |
5127 | + * | |
5128 | + * Revision 1.33 1999/11/17 15:53:39 rgb | |
5129 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
5130 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
5131 | + * klips/net/ipsec/Makefile. | |
5132 | + * | |
5133 | + * Revision 1.32 1999/10/26 13:58:33 rgb | |
5134 | + * Put spinlock flags variable declaration outside the debug compiler | |
5135 | + * directive to enable compilation with debug shut off. | |
5136 | + * | |
5137 | + * Revision 1.31 1999/10/15 22:13:29 rgb | |
5138 | + * Clean out cruft. | |
5139 | + * Align /proc/net/ipsec_eroute output for easier readability. | |
5140 | + * Fix double linefeed in radij debug output. | |
5141 | + * Fix double locking bug that locks up 2.0.36 but not 2.0.38. | |
5142 | + * | |
5143 | + * Revision 1.30 1999/10/08 18:37:33 rgb | |
5144 | + * Fix end-of-line spacing to sate whining PHMs. | |
5145 | + * | |
5146 | + * Revision 1.29 1999/10/03 18:52:45 rgb | |
5147 | + * Spinlock support for 2.0.xx. | |
5148 | + * Dumb return code spin_unlock fix. | |
5149 | + * | |
5150 | + * Revision 1.28 1999/10/01 16:22:24 rgb | |
5151 | + * Switch from assignment init. to functional init. of spinlocks. | |
5152 | + * | |
5153 | + * Revision 1.27 1999/10/01 15:44:53 rgb | |
5154 | + * Move spinlock header include to 2.1> scope. | |
5155 | + * | |
5156 | + * Revision 1.26 1999/10/01 00:01:23 rgb | |
5157 | + * Added eroute structure locking. | |
5158 | + * | |
5159 | + * Revision 1.25 1999/06/10 16:07:30 rgb | |
5160 | + * Silence delete eroute on no debug. | |
5161 | + * | |
5162 | + * Revision 1.24 1999/05/09 03:25:36 rgb | |
5163 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
5164 | + * | |
5165 | + * Revision 1.23 1999/05/05 22:02:31 rgb | |
5166 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
5167 | + * | |
5168 | + * Revision 1.22 1999/04/29 15:17:23 rgb | |
5169 | + * Add return values to init and cleanup functions. | |
5170 | + * Add sanity checking for null pointer arguments. | |
5171 | + * | |
5172 | + * Revision 1.21 1999/04/11 00:28:58 henry | |
5173 | + * GPL boilerplate | |
5174 | + * | |
5175 | + * Revision 1.20 1999/04/06 04:54:26 rgb | |
5176 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
5177 | + * patch shell fixes. | |
5178 | + * | |
5179 | + * Revision 1.19 1999/02/17 16:50:35 rgb | |
5180 | + * Clean out unused cruft. | |
5181 | + * Consolidate for space and speed efficiency. | |
5182 | + * Convert DEBUG_IPSEC to KLIPS_PRINT | |
5183 | + * | |
5184 | + * Revision 1.18 1999/01/22 06:22:06 rgb | |
5185 | + * Cruft clean-out. | |
5186 | + * 64-bit clean-up. | |
5187 | + * | |
5188 | + * Revision 1.17 1998/12/02 03:09:39 rgb | |
5189 | + * Clean up debug printing conditionals to compile with debugging off. | |
5190 | + * | |
5191 | + * Revision 1.16 1998/12/01 13:49:39 rgb | |
5192 | + * Wrap version info printing in debug switches. | |
5193 | + * | |
5194 | + * Revision 1.15 1998/11/30 13:22:54 rgb | |
5195 | + * Rationalised all the klips kernel file headers. They are much shorter | |
5196 | + * now and won't conflict under RH5.2. | |
5197 | + * | |
5198 | + * Revision 1.14 1998/10/31 06:48:17 rgb | |
5199 | + * Fixed up comments in #endif directives. | |
5200 | + * | |
5201 | + * Revision 1.13 1998/10/27 13:48:09 rgb | |
5202 | + * Cleaned up /proc/net/ipsec_* filesystem for easy parsing by scripts. | |
5203 | + * Fixed less(1) truncated output bug. | |
5204 | + * Code clean-up. | |
5205 | + * | |
5206 | + * Revision 1.12 1998/10/25 02:41:36 rgb | |
5207 | + * Change return type on ipsec_breakroute and ipsec_makeroute and add an | |
5208 | + * argument to be able to transmit more infomation about errors. | |
5209 | + * Fix cut-and-paste debug statement identifier. | |
5210 | + * | |
5211 | + * Revision 1.11 1998/10/22 06:45:39 rgb | |
5212 | + * Cleaned up cruft. | |
5213 | + * Convert to use satoa for printk. | |
5214 | + * | |
5215 | + * Revision 1.10 1998/10/19 14:44:28 rgb | |
5216 | + * Added inclusion of freeswan.h. | |
5217 | + * sa_id structure implemented and used: now includes protocol. | |
5218 | + * | |
5219 | + * Revision 1.9 1998/10/09 04:30:52 rgb | |
5220 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
5221 | + * Deleted old commented out cruft. | |
5222 | + * | |
5223 | + * Revision 1.8 1998/08/06 17:24:23 rgb | |
5224 | + * Fix addrtoa return code bug from stale manpage advice preventing packets | |
5225 | + * from being erouted. | |
5226 | + * | |
5227 | + * Revision 1.7 1998/08/06 07:44:59 rgb | |
5228 | + * Fixed /proc/net/ipsec_eroute subnettoa and addrtoa return value bug that | |
5229 | + * ended up in nothing being printed. | |
5230 | + * | |
5231 | + * Revision 1.6 1998/08/05 22:16:41 rgb | |
5232 | + * Cleanup to prevent cosmetic errors (ie. debug output) from being fatal. | |
5233 | + * | |
5234 | + * Revision 1.5 1998/07/29 20:38:44 rgb | |
5235 | + * Debug and fix subnettoa and addrtoa output. | |
5236 | + * | |
5237 | + * Revision 1.4 1998/07/28 00:02:39 rgb | |
5238 | + * Converting to exclusive use of addrtoa. | |
5239 | + * Fix eroute delete. | |
5240 | + * | |
5241 | + * Revision 1.3 1998/07/14 18:21:26 rgb | |
5242 | + * Add function to clear the eroute table. | |
5243 | + * | |
5244 | + * Revision 1.2 1998/06/23 02:59:14 rgb | |
5245 | + * Added debugging output to eroute add/delete routines. | |
5246 | + * | |
5247 | + * Revision 1.9 1998/06/18 21:29:06 henry | |
5248 | + * move sources from klips/src to klips/net/ipsec, to keep stupid kernel | |
5249 | + * build scripts happier in presence of symbolic links | |
5250 | + * | |
5251 | + * Revision 1.8 1998/06/05 02:32:26 rgb | |
5252 | + * Fix spi ntoh kernel debug output. | |
5253 | + * | |
5254 | + * Revision 1.7 1998/05/25 20:30:37 rgb | |
5255 | + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. | |
5256 | + * | |
5257 | + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and | |
5258 | + * add ipsec_rj_walker_delete. | |
5259 | + * | |
5260 | + * Revision 1.6 1998/05/21 13:08:57 rgb | |
5261 | + * Rewrote procinfo subroutines to avoid *bad things* when more that 3k of | |
5262 | + * information is available for printout. | |
5263 | + * | |
5264 | + * Revision 1.5 1998/05/18 21:35:55 rgb | |
5265 | + * Clean up output for numerical consistency and readability. Zero freed | |
5266 | + * eroute memory. | |
5267 | + * | |
5268 | + * Revision 1.4 1998/04/21 21:28:58 rgb | |
5269 | + * Rearrange debug switches to change on the fly debug output from user | |
5270 | + * space. Only kernel changes checked in at this time. radij.c was also | |
5271 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
5272 | + * an OOPS and hence, netlink device open errors. | |
5273 | + * | |
5274 | + * Revision 1.3 1998/04/14 17:30:39 rgb | |
5275 | + * Fix up compiling errors for radij tree memory reclamation. | |
5276 | + * | |
5277 | + * Revision 1.2 1998/04/12 22:03:23 rgb | |
5278 | + * Updated ESP-3DES-HMAC-MD5-96, | |
5279 | + * ESP-DES-HMAC-MD5-96, | |
5280 | + * AH-HMAC-MD5-96, | |
5281 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
5282 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
5283 | + * | |
5284 | + * Fixed eroute references in /proc/net/ipsec*. | |
5285 | + * | |
5286 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
5287 | + * radij tree unloading. | |
5288 | + * | |
5289 | + * Revision 1.1 1998/04/09 03:06:10 henry | |
5290 | + * sources moved up from linux/net/ipsec | |
5291 | + * | |
5292 | + * Revision 1.1.1.1 1998/04/08 05:35:03 henry | |
5293 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
5294 | + * | |
5295 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
5296 | + * No changes. | |
5297 | + * | |
5298 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
5299 | + * Minor cleanups. | |
5300 | + * Rationalized debugging code. | |
5301 | + * | |
5302 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
5303 | + * First limited release. | |
5304 | + * | |
5305 | + * | |
5306 | + */ | |
5307 | diff -druN linux-noipsec/net/ipsec/ipsec_radij.h linux/net/ipsec/ipsec_radij.h | |
5308 | --- linux-noipsec/net/ipsec/ipsec_radij.h Thu Jan 1 01:00:00 1970 | |
5309 | +++ linux/net/ipsec/ipsec_radij.h Fri Sep 8 21:12:56 2000 | |
5310 | @@ -0,0 +1,146 @@ | |
5311 | +/* | |
5312 | + * Definitions relevant to the IPSEC <> radij tree interfacing | |
5313 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
5314 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
5315 | + * | |
5316 | + * This program is free software; you can redistribute it and/or modify it | |
5317 | + * under the terms of the GNU General Public License as published by the | |
5318 | + * Free Software Foundation; either version 2 of the License, or (at your | |
5319 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
5320 | + * | |
5321 | + * This program is distributed in the hope that it will be useful, but | |
5322 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
5323 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
5324 | + * for more details. | |
5325 | + * | |
5326 | + * RCSID $Id$ | |
5327 | + */ | |
5328 | + | |
5329 | +#include <freeswan.h> | |
5330 | + | |
5331 | +int ipsec_walk(char *); | |
5332 | + | |
5333 | +int ipsec_rj_walker_procprint(struct radij_node *, void *); | |
5334 | +int ipsec_rj_walker_delete(struct radij_node *, void *); | |
5335 | + | |
5336 | +struct wsbuf | |
5337 | +{ | |
5338 | + char *buffer; | |
5339 | + int length; | |
5340 | + off_t offset; | |
5341 | + int len; | |
5342 | + int prev_len; | |
5343 | + off_t begin; | |
5344 | + off_t pos; | |
5345 | +}; | |
5346 | + | |
5347 | +#if 0 | |
5348 | +struct eroute * ipsec_makeroute(struct sockaddr_encap *ea, struct sockaddr_encap *em, struct sa_id); | |
5349 | +#endif | |
5350 | +int ipsec_makeroute(struct sockaddr_encap *ea, struct sockaddr_encap *em, struct sa_id); | |
5351 | + | |
5352 | +#if 0 | |
5353 | +struct eroute * ipsec_breakroute(struct sockaddr_encap *ea, struct sockaddr_encap *em); | |
5354 | +#endif | |
5355 | +int ipsec_breakroute(struct sockaddr_encap *ea, struct sockaddr_encap *em); | |
5356 | + | |
5357 | +int ipsec_radijinit(void); | |
5358 | +int ipsec_cleareroutes(void); | |
5359 | +int ipsec_radijcleanup(void); | |
5360 | + | |
5361 | +extern struct radij_node_head *rnh; | |
5362 | +extern spinlock_t eroute_lock; | |
5363 | + | |
5364 | +struct eroute * ipsec_findroute(struct sockaddr_encap *); | |
5365 | + | |
5366 | +#define O1(x) (int)(((x)>>24)&0xff) | |
5367 | +#define O2(x) (int)(((x)>>16)&0xff) | |
5368 | +#define O3(x) (int)(((x)>>8)&0xff) | |
5369 | +#define O4(x) (int)(((x))&0xff) | |
5370 | + | |
5371 | +#ifdef CONFIG_IPSEC_DEBUG | |
5372 | +extern int debug_radij; | |
5373 | +void rj_dumptrees(void); | |
5374 | + | |
5375 | +#define DB_RJ_DUMPTREES 0x0001 | |
5376 | +#define DB_RJ_FINDROUTE 0x0002 | |
5377 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
5378 | + | |
5379 | +/* | |
5380 | + * $Log$ | |
5381 | + * Revision 1.11 2000/09/08 19:12:56 rgb | |
5382 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
5383 | + * | |
5384 | + * Revision 1.10 1999/11/17 15:53:39 rgb | |
5385 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
5386 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
5387 | + * klips/net/ipsec/Makefile. | |
5388 | + * | |
5389 | + * Revision 1.9 1999/10/01 00:01:23 rgb | |
5390 | + * Added eroute structure locking. | |
5391 | + * | |
5392 | + * Revision 1.8 1999/04/11 00:28:59 henry | |
5393 | + * GPL boilerplate | |
5394 | + * | |
5395 | + * Revision 1.7 1999/04/06 04:54:26 rgb | |
5396 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
5397 | + * patch shell fixes. | |
5398 | + * | |
5399 | + * Revision 1.6 1999/01/22 06:23:26 rgb | |
5400 | + * Cruft clean-out. | |
5401 | + * | |
5402 | + * Revision 1.5 1998/10/25 02:42:08 rgb | |
5403 | + * Change return type on ipsec_breakroute and ipsec_makeroute and add an | |
5404 | + * argument to be able to transmit more infomation about errors. | |
5405 | + * | |
5406 | + * Revision 1.4 1998/10/19 14:44:29 rgb | |
5407 | + * Added inclusion of freeswan.h. | |
5408 | + * sa_id structure implemented and used: now includes protocol. | |
5409 | + * | |
5410 | + * Revision 1.3 1998/07/28 00:03:31 rgb | |
5411 | + * Comment out temporary inet_nto4u() kluge. | |
5412 | + * | |
5413 | + * Revision 1.2 1998/07/14 18:22:00 rgb | |
5414 | + * Add function to clear the eroute table. | |
5415 | + * | |
5416 | + * Revision 1.1 1998/06/18 21:27:49 henry | |
5417 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
5418 | + * kernel-build scripts happier in the presence of symlinks | |
5419 | + * | |
5420 | + * Revision 1.5 1998/05/25 20:30:38 rgb | |
5421 | + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. | |
5422 | + * | |
5423 | + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and | |
5424 | + * add ipsec_rj_walker_delete. | |
5425 | + * | |
5426 | + * Revision 1.4 1998/05/21 13:02:56 rgb | |
5427 | + * Imported definitions from ipsec_radij.c and radij.c to support /proc 3k | |
5428 | + * limit fix. | |
5429 | + * | |
5430 | + * Revision 1.3 1998/04/21 21:29:09 rgb | |
5431 | + * Rearrange debug switches to change on the fly debug output from user | |
5432 | + * space. Only kernel changes checked in at this time. radij.c was also | |
5433 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
5434 | + * an OOPS and hence, netlink device open errors. | |
5435 | + * | |
5436 | + * Revision 1.2 1998/04/14 17:30:39 rgb | |
5437 | + * Fix up compiling errors for radij tree memory reclamation. | |
5438 | + * | |
5439 | + * Revision 1.1 1998/04/09 03:06:10 henry | |
5440 | + * sources moved up from linux/net/ipsec | |
5441 | + * | |
5442 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
5443 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
5444 | + * | |
5445 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
5446 | + * No changes. | |
5447 | + * | |
5448 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
5449 | + * Minor cleanups. | |
5450 | + * Rationalized debugging code. | |
5451 | + * | |
5452 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
5453 | + * First limited release. | |
5454 | + * | |
5455 | + * | |
5456 | + */ | |
5457 | diff -druN linux-noipsec/net/ipsec/ipsec_rcv.c linux/net/ipsec/ipsec_rcv.c | |
5458 | --- linux-noipsec/net/ipsec/ipsec_rcv.c Thu Jan 1 01:00:00 1970 | |
5459 | +++ linux/net/ipsec/ipsec_rcv.c Sat Nov 25 04:50:36 2000 | |
5460 | @@ -0,0 +1,1973 @@ | |
5461 | +/* | |
5462 | + * receive code | |
5463 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
5464 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
5465 | + * | |
5466 | + * This program is free software; you can redistribute it and/or modify it | |
5467 | + * under the terms of the GNU General Public License as published by the | |
5468 | + * Free Software Foundation; either version 2 of the License, or (at your | |
5469 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
5470 | + * | |
5471 | + * This program is distributed in the hope that it will be useful, but | |
5472 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
5473 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
5474 | + * for more details. | |
5475 | + */ | |
5476 | + | |
5477 | +char ipsec_rcv_c_version[] = "RCSID $Id$"; | |
5478 | + | |
5479 | +#include <linux/config.h> | |
5480 | +#include <linux/version.h> | |
5481 | + | |
5482 | +#define __NO_VERSION__ | |
5483 | +#include <linux/module.h> | |
5484 | + | |
5485 | +#include <linux/kernel.h> /* printk() */ | |
5486 | +#include <linux/malloc.h> /* kmalloc() */ | |
5487 | +#include <linux/errno.h> /* error codes */ | |
5488 | +#include <linux/types.h> /* size_t */ | |
5489 | +#include <linux/interrupt.h> /* mark_bh */ | |
5490 | + | |
5491 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
5492 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
5493 | +#include <linux/ip.h> /* struct iphdr */ | |
5494 | +#include <linux/skbuff.h> | |
5495 | +#include <freeswan.h> | |
5496 | +#ifdef SPINLOCK | |
5497 | +#ifdef SPINLOCK_23 | |
5498 | +#include <linux/spinlock.h> /* *lock* */ | |
5499 | +#else /* SPINLOCK_23 */ | |
5500 | +#include <asm/spinlock.h> /* *lock* */ | |
5501 | +#endif /* SPINLOCK_23 */ | |
5502 | +#endif /* SPINLOCK */ | |
5503 | +#ifdef NET_21 | |
5504 | +#include <asm/uaccess.h> | |
5505 | +#include <linux/in6.h> | |
5506 | +#define proto_priv cb | |
5507 | +#endif /* NET21 */ | |
5508 | +#include <asm/checksum.h> | |
5509 | +#include <net/ip.h> | |
5510 | + | |
5511 | +#include "radij.h" | |
5512 | +#include "ipsec_encap.h" | |
5513 | +#include "ipsec_radij.h" | |
5514 | +#include "ipsec_netlink.h" | |
5515 | +#include "ipsec_xform.h" | |
5516 | +#include "ipsec_tunnel.h" | |
5517 | +#include "ipsec_rcv.h" | |
5518 | +#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) | |
5519 | +#include "ipsec_ah.h" | |
5520 | +#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */ | |
5521 | +#ifdef CONFIG_IPSEC_ESP | |
5522 | +#include "ipsec_esp.h" | |
5523 | +#endif /* !CONFIG_IPSEC_ESP */ | |
5524 | +#ifdef CONFIG_IPSEC_IPCOMP | |
5525 | +#include "ipcomp.h" | |
5526 | +#endif /* CONFIG_IPSEC_COMP */ | |
5527 | + | |
5528 | +#include <pfkeyv2.h> | |
5529 | +#include <pfkey.h> | |
5530 | + | |
5531 | +#ifdef CONFIG_IPSEC_DEBUG | |
5532 | +int debug_ah = 0; | |
5533 | +int debug_esp = 0; | |
5534 | +int debug_rcv = 0; | |
5535 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
5536 | + | |
5537 | +int sysctl_ipsec_inbound_policy_check = 1; | |
5538 | + | |
5539 | +#ifdef CONFIG_IPSEC_ESP | |
5540 | +extern void des_ede3_cbc_encrypt(caddr_t, caddr_t, int, caddr_t, caddr_t, caddr_t, caddr_t, int); | |
5541 | +#endif /* !CONFIG_IPSEC_ESP */ | |
5542 | +#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) | |
5543 | +__u32 zeroes[AH_AMAX]; | |
5544 | +#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */ | |
5545 | + | |
5546 | +/* | |
5547 | + * Check-replay-window routine, adapted from the original | |
5548 | + * by J. Hughes, from draft-ietf-ipsec-esp-des-md5-03.txt | |
5549 | + * | |
5550 | + * This is a routine that implements a 64 packet window. This is intend- | |
5551 | + * ed on being an implementation sample. | |
5552 | + */ | |
5553 | + | |
5554 | +DEBUG_NO_STATIC int | |
5555 | +ipsec_checkreplaywindow(struct tdb*tdbp, __u32 seq) | |
5556 | +{ | |
5557 | + __u32 diff; | |
5558 | + | |
5559 | + if (tdbp->tdb_replaywin == 0) /* replay shut off */ | |
5560 | + return 1; | |
5561 | + if (seq == 0) | |
5562 | + return 0; /* first == 0 or wrapped */ | |
5563 | + | |
5564 | + /* new larger sequence number */ | |
5565 | + if (seq > tdbp->tdb_replaywin_lastseq) { | |
5566 | + return 1; /* larger is good */ | |
5567 | + } | |
5568 | + diff = tdbp->tdb_replaywin_lastseq - seq; | |
5569 | + | |
5570 | + /* too old or wrapped */ /* if wrapped, kill off SA? */ | |
5571 | + if (diff >= tdbp->tdb_replaywin) { | |
5572 | + return 0; | |
5573 | + } | |
5574 | + /* this packet already seen */ | |
5575 | + if (tdbp->tdb_replaywin_bitmap & (1 << diff)) | |
5576 | + return 0; | |
5577 | + return 1; /* out of order but good */ | |
5578 | +} | |
5579 | + | |
5580 | +DEBUG_NO_STATIC int | |
5581 | +ipsec_updatereplaywindow(struct tdb*tdbp, __u32 seq) | |
5582 | +{ | |
5583 | + __u32 diff; | |
5584 | + | |
5585 | + if (tdbp->tdb_replaywin == 0) /* replay shut off */ | |
5586 | + return 1; | |
5587 | + if (seq == 0) | |
5588 | + return 0; /* first == 0 or wrapped */ | |
5589 | + | |
5590 | + /* new larger sequence number */ | |
5591 | + if (seq > tdbp->tdb_replaywin_lastseq) { | |
5592 | + diff = seq - tdbp->tdb_replaywin_lastseq; | |
5593 | + | |
5594 | + /* In win, set bit for this pkt */ | |
5595 | + if (diff < tdbp->tdb_replaywin) | |
5596 | + tdbp->tdb_replaywin_bitmap = | |
5597 | + (tdbp->tdb_replaywin_bitmap << diff) | 1; | |
5598 | + else | |
5599 | + /* This packet has way larger seq num */ | |
5600 | + tdbp->tdb_replaywin_bitmap = 1; | |
5601 | + | |
5602 | + if(seq - tdbp->tdb_replaywin_lastseq - 1 > tdbp->tdb_replaywin_maxdiff) { | |
5603 | + tdbp->tdb_replaywin_maxdiff = seq - tdbp->tdb_replaywin_lastseq - 1; | |
5604 | + } | |
5605 | + tdbp->tdb_replaywin_lastseq = seq; | |
5606 | + return 1; /* larger is good */ | |
5607 | + } | |
5608 | + diff = tdbp->tdb_replaywin_lastseq - seq; | |
5609 | + | |
5610 | + /* too old or wrapped */ /* if wrapped, kill off SA? */ | |
5611 | + if (diff >= tdbp->tdb_replaywin) { | |
5612 | +/* | |
5613 | + if(seq < 0.25*max && tdbp->tdb_replaywin_lastseq > 0.75*max) { | |
5614 | + deltdbchain(tdbp); | |
5615 | + } | |
5616 | +*/ | |
5617 | + return 0; | |
5618 | + } | |
5619 | + /* this packet already seen */ | |
5620 | + if (tdbp->tdb_replaywin_bitmap & (1 << diff)) | |
5621 | + return 0; | |
5622 | + tdbp->tdb_replaywin_bitmap |= (1 << diff); /* mark as seen */ | |
5623 | + return 1; /* out of order but good */ | |
5624 | +} | |
5625 | + | |
5626 | +int | |
5627 | +#ifdef NET_21 | |
5628 | +ipsec_rcv(struct sk_buff *skb, unsigned short xlen) | |
5629 | +#else /* NET_21 */ | |
5630 | +ipsec_rcv(struct sk_buff *skb, struct device *dev, struct options *opt, | |
5631 | + __u32 daddr, unsigned short xlen, __u32 saddr, | |
5632 | + int redo, struct inet_protocol *protocol) | |
5633 | +#endif /* NET_21 */ | |
5634 | +{ | |
5635 | +#ifdef NET_21 | |
5636 | +#ifdef CONFIG_IPSEC_DEBUG | |
5637 | + struct device *dev = skb->dev; | |
5638 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
5639 | +#endif /* NET_21 */ | |
5640 | + unsigned char protoc; | |
5641 | + struct iphdr *ipp; | |
5642 | + int authlen = 0; | |
5643 | +#ifdef CONFIG_IPSEC_ESP | |
5644 | + struct esp *espp = NULL; | |
5645 | + int esphlen = 0; | |
5646 | + __u32 iv[2]; | |
5647 | +#endif /* !CONFIG_IPSEC_ESP */ | |
5648 | +#ifdef CONFIG_IPSEC_AH | |
5649 | + struct ah *ahp = NULL; | |
5650 | + int ahhlen = 0; | |
5651 | + struct iphdr ipo; | |
5652 | +#endif /* CONFIG_IPSEC_AH */ | |
5653 | + unsigned char *authenticator = NULL; | |
5654 | + union { | |
5655 | + MD5_CTX md5; | |
5656 | + SHA1_CTX sha1; | |
5657 | + } tctx; | |
5658 | + __u8 hash[AH_AMAX]; | |
5659 | +#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) | |
5660 | +#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */ | |
5661 | +#ifdef CONFIG_IPSEC_IPCOMP | |
5662 | + struct ipcomphdr*compp = NULL; | |
5663 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
5664 | + | |
5665 | + int hard_header_len; | |
5666 | + int iphlen; | |
5667 | + unsigned char *dat; | |
5668 | + struct tdb *tdbp = NULL; | |
5669 | + struct sa_id said; | |
5670 | + struct net_device_stats *stats = NULL; /* This device's statistics */ | |
5671 | + struct device *ipsecdev = NULL, *prvdev; | |
5672 | + struct ipsecpriv *prv; | |
5673 | + char name[9]; | |
5674 | + char sa[SATOA_BUF]; | |
5675 | + size_t sa_len; | |
5676 | + char ipaddr_txt[ADDRTOA_BUF]; | |
5677 | + int i; | |
5678 | + struct in_addr ipaddr; | |
5679 | + __u8 next_header = 0; | |
5680 | + __u8 proto; | |
5681 | + | |
5682 | +#ifdef CONFIG_IPSEC_ESP | |
5683 | + int pad = 0, padlen; | |
5684 | +#endif /* CONFIG_IPSEC_ESP */ | |
5685 | + int ilen, len, replay = 0; | |
5686 | + __u8 *idat; | |
5687 | + struct tdb* tdbprev = NULL; | |
5688 | + struct tdb* tdbnext = NULL; | |
5689 | +#ifdef INBOUND_POLICY_CHECK_eroute | |
5690 | + struct sockaddr_encap matcher; /* eroute search key */ | |
5691 | + struct eroute *er; | |
5692 | + struct tdb* policy_tdb = NULL; | |
5693 | + struct sa_id policy_said; | |
5694 | + struct sockaddr_encap policy_eaddr; | |
5695 | + struct sockaddr_encap policy_emask; | |
5696 | +#endif /* INBOUND_POLICY_CHECK_eroute */ | |
5697 | + | |
5698 | + /* Don't unlink in the middle of a turnaround */ | |
5699 | + MOD_INC_USE_COUNT; | |
5700 | + | |
5701 | + if (skb == NULL) { | |
5702 | + KLIPS_PRINT(debug_rcv, | |
5703 | + "klips_debug:ipsec_rcv: " | |
5704 | + "NULL skb passed in.\n"); | |
5705 | + goto rcvleave; | |
5706 | + } | |
5707 | + | |
5708 | + if (skb->data == NULL) { | |
5709 | + KLIPS_PRINT(debug_rcv, | |
5710 | + "klips_debug:ipsec_rcv: " | |
5711 | + "NULL skb->data passed in, packet is bogus, dropping.\n"); | |
5712 | + goto rcvleave; | |
5713 | + } | |
5714 | + | |
5715 | + ipp = (struct iphdr *)skb->data; | |
5716 | + iphlen = ipp->ihl << 2; | |
5717 | + /* dev->hard_header_len is unreliable and should not be used */ | |
5718 | + hard_header_len = skb->mac.raw ? (skb->data - skb->mac.raw) : 0; | |
5719 | + if((hard_header_len < 0) || (hard_header_len > skb_headroom(skb))) | |
5720 | + hard_header_len = 0; | |
5721 | + | |
5722 | +#ifdef NET_21 | |
5723 | + /* if skb was cloned (most likely due to a packet sniffer such as | |
5724 | + tcpdump being momentarily attached to the interface), make | |
5725 | + a copy of our own to modify */ | |
5726 | + if(skb_cloned(skb)) { | |
5727 | + /* include any mac header while copying.. */ | |
5728 | + if(skb_headroom(skb) < hard_header_len) { | |
5729 | + printk(KERN_WARNING "klips_error:ipsec_rcv: " | |
5730 | + "tried to skb_push hhlen=%d, %d available. " | |
5731 | + "This should never happen, please report.\n", | |
5732 | + hard_header_len, skb_headroom(skb)); | |
5733 | + goto rcvleave; | |
5734 | + } | |
5735 | + skb_push(skb, hard_header_len); | |
5736 | + if ((skb = skb_cow(skb, skb_headroom(skb))) == NULL) { | |
5737 | + goto rcvleave; | |
5738 | + } | |
5739 | + if(skb->len < hard_header_len) { | |
5740 | + printk(KERN_WARNING "klips_error:ipsec_rcv: " | |
5741 | + "tried to skb_pull hhlen=%d, %d available. " | |
5742 | + "This should never happen, please report.\n", | |
5743 | + hard_header_len, skb->len); | |
5744 | + goto rcvleave; | |
5745 | + } | |
5746 | + skb_pull(skb, hard_header_len); | |
5747 | + } | |
5748 | + | |
5749 | +#endif /* NET_21 */ | |
5750 | + | |
5751 | + KLIPS_PRINT(debug_rcv, | |
5752 | + "klips_debug:ipsec_rcv: <<< Info -- "); | |
5753 | + KLIPS_PRINTMORE(debug_rcv && skb->dev, "skb->dev=%s ", | |
5754 | + skb->dev->name ? skb->dev->name : "NULL"); | |
5755 | + KLIPS_PRINTMORE(debug_rcv && dev, "dev=%s ", | |
5756 | + dev->name ? dev->name : "NULL"); | |
5757 | + KLIPS_PRINTMORE(debug_rcv, "\n"); | |
5758 | + | |
5759 | + KLIPS_PRINT(debug_rcv && !(skb->dev && dev && (skb->dev == dev)), | |
5760 | + "klips_debug:ipsec_rcv: Informational -- " | |
5761 | + "**if this happens, find out why** " | |
5762 | + "skb->dev:%s is not equal to dev:%s\n", | |
5763 | + skb->dev ? (skb->dev->name ? skb->dev->name : "NULL") : "NULL", | |
5764 | + dev ? (dev->name ? dev->name : "NULL") : "NULL"); | |
5765 | + | |
5766 | + protoc = ipp->protocol; | |
5767 | +#ifndef NET_21 | |
5768 | + if((!protocol) || (protocol->protocol != protoc)) { | |
5769 | + KLIPS_PRINT(debug_rcv & DB_RX_TDB, | |
5770 | + "klips_debug:ipsec_rcv: " | |
5771 | + "protocol arg is NULL or unequal to the packet contents, this is odd, using value in packet.\n"); | |
5772 | + } | |
5773 | +#endif /* !NET_21 */ | |
5774 | + | |
5775 | + if( (protoc != IPPROTO_AH) && | |
5776 | +#ifdef CONFIG_IPSEC_IPCOMP | |
5777 | + (protoc != IPPROTO_COMP) && | |
5778 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
5779 | + (protoc != IPPROTO_ESP) ) { | |
5780 | + KLIPS_PRINT(debug_rcv & DB_RX_TDB, | |
5781 | + "klips_debug:ipsec_rcv: Why the hell is someone " | |
5782 | + "passing me a non-ipsec packet? -- dropped.\n"); | |
5783 | + goto rcvleave; | |
5784 | + } | |
5785 | + | |
5786 | + if(skb->dev) { | |
5787 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
5788 | + sprintf(name, "ipsec%d", i); | |
5789 | + if(!strcmp(name, skb->dev->name)) { | |
5790 | + prv = (struct ipsecpriv *)(skb->dev->priv); | |
5791 | + if(prv) { | |
5792 | + stats = (struct net_device_stats *) &(prv->mystats); | |
5793 | + } | |
5794 | + ipsecdev = skb->dev; | |
5795 | + KLIPS_PRINT(debug_rcv, | |
5796 | + "klips_debug:ipsec_rcv: Info -- pkt " | |
5797 | + "already proc'ed a group of ipsec headers, " | |
5798 | + "processing next group of ipsec headers.\n"); | |
5799 | + break; | |
5800 | + } | |
5801 | + if((ipsecdev = ipsec_dev_get(name)) == NULL) { | |
5802 | + KLIPS_PRINT(debug_rcv, | |
5803 | + "klips_error:ipsec_rcv: device %s does " | |
5804 | + "not exist\n", name); | |
5805 | + } | |
5806 | + prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) : NULL; | |
5807 | + prvdev = prv ? (struct device *)(prv->dev) : NULL; | |
5808 | + | |
5809 | + KLIPS_PRINT(debug_rcv && prvdev, | |
5810 | + "klips_debug:ipsec_rcv: physical device" | |
5811 | + " for device %s is %s\n", | |
5812 | + name, prvdev->name); | |
5813 | + if(prvdev && skb->dev && | |
5814 | + !strcmp(prvdev->name, skb->dev->name)) { | |
5815 | + stats = prv ? ((struct net_device_stats *) &(prv->mystats)) : NULL; | |
5816 | + skb->dev = ipsecdev; | |
5817 | + if(stats) { | |
5818 | + stats->rx_packets++; | |
5819 | + } | |
5820 | + break; | |
5821 | + } | |
5822 | + } | |
5823 | + } else { | |
5824 | + KLIPS_PRINT(debug_rcv, | |
5825 | + "klips_debug:ipsec_rcv: device supplied" | |
5826 | + " with skb is NULL\n"); | |
5827 | + } | |
5828 | + | |
5829 | + if(!stats) { | |
5830 | + ipsecdev = NULL; | |
5831 | + } | |
5832 | + KLIPS_PRINT((debug_rcv && !stats), | |
5833 | + "klips_error:ipsec_rcv: packet received from physical " | |
5834 | + "I/F (%s) not connected to ipsec I/F. Cannot record " | |
5835 | + "stats.\n" | |
5836 | + "klips_error May not have SA for decoding. " | |
5837 | + "Is IPSEC traffic expected on this I/F? " | |
5838 | + "Check routing.\n", | |
5839 | + skb->dev ? (skb->dev->name ? skb->dev->name : "NULL") : "NULL"); | |
5840 | + | |
5841 | + KLIPS_IP_PRINT(debug_rcv, ipp); | |
5842 | + | |
5843 | + /* begin decapsulating loop here */ | |
5844 | + do { | |
5845 | + authlen = 0; | |
5846 | +#ifdef CONFIG_IPSEC_ESP | |
5847 | + espp = NULL; | |
5848 | + esphlen = 0; | |
5849 | +#endif /* !CONFIG_IPSEC_ESP */ | |
5850 | +#ifdef CONFIG_IPSEC_AH | |
5851 | + ahp = NULL; | |
5852 | + ahhlen = 0; | |
5853 | +#endif /* CONFIG_IPSEC_AH */ | |
5854 | +#ifdef CONFIG_IPSEC_IPCOMP | |
5855 | + compp = NULL; | |
5856 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
5857 | + | |
5858 | + len = skb->len; | |
5859 | + dat = skb->data; | |
5860 | + ipp = (struct iphdr *)skb->data; | |
5861 | + proto = ipp->protocol; | |
5862 | + ipaddr.s_addr = ipp->saddr; | |
5863 | + addrtoa(ipaddr, 0, ipaddr_txt, sizeof(ipaddr_txt)); | |
5864 | + | |
5865 | + iphlen = ipp->ihl << 2; | |
5866 | + ipp->check = 0; /* we know the sum is good */ | |
5867 | + | |
5868 | +#ifdef CONFIG_IPSEC_ESP | |
5869 | + /* XXX this will need to be 8 for IPv6 */ | |
5870 | + if ((proto == IPPROTO_ESP) && ((len - iphlen) % 4)) { | |
5871 | + printk("klips_error:ipsec_rcv: " | |
5872 | + "got packet with content length = %d from %s " | |
5873 | + "-- should be on 4 octet boundary, packet dropped\n", | |
5874 | + len - iphlen, ipaddr_txt); | |
5875 | + if(stats) { | |
5876 | + stats->rx_errors++; | |
5877 | + } | |
5878 | + goto rcvleave; | |
5879 | + } | |
5880 | +#endif /* !CONFIG_IPSEC_ESP */ | |
5881 | + | |
5882 | + /* | |
5883 | + * Find tunnel control block and (indirectly) call the | |
5884 | + * appropriate tranform routine. The resulting sk_buf | |
5885 | + * is a valid IP packet ready to go through input processing. | |
5886 | + */ | |
5887 | + | |
5888 | + said.dst.s_addr = ipp->daddr; | |
5889 | + switch(proto) { | |
5890 | +#ifdef CONFIG_IPSEC_ESP | |
5891 | + case IPPROTO_ESP: | |
5892 | + espp = (struct esp *)(skb->data + iphlen); | |
5893 | + said.spi = espp->esp_spi; | |
5894 | + break; | |
5895 | +#endif /* !CONFIG_IPSEC_ESP */ | |
5896 | +#ifdef CONFIG_IPSEC_AH | |
5897 | + case IPPROTO_AH: | |
5898 | + ahp = (struct ah *)(skb->data + iphlen); | |
5899 | + said.spi = ahp->ah_spi; | |
5900 | + break; | |
5901 | +#endif /* CONFIG_IPSEC_AH */ | |
5902 | +#ifdef CONFIG_IPSEC_IPCOMP | |
5903 | + case IPPROTO_COMP: | |
5904 | + compp = (struct ipcomphdr *)(skb->data + iphlen); | |
5905 | + said.spi = htonl((__u32)ntohs(compp->ipcomp_cpi)); | |
5906 | + break; | |
5907 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
5908 | + default: | |
5909 | + if(stats) { | |
5910 | + stats->rx_errors++; | |
5911 | + } | |
5912 | + goto rcvleave; | |
5913 | + } | |
5914 | + said.proto = proto; | |
5915 | + sa_len = satoa(said, 0, sa, SATOA_BUF); | |
5916 | + | |
5917 | +#ifdef CONFIG_IPSEC_AH | |
5918 | + if(proto == IPPROTO_AH) { | |
5919 | + ahhlen = (ahp->ah_hl << 2) + | |
5920 | + ((caddr_t)&(ahp->ah_rpl) - (caddr_t)ahp); | |
5921 | + next_header = ahp->ah_nh; | |
5922 | + if (ahhlen != sizeof(struct ah)) { | |
5923 | + KLIPS_PRINT(debug_rcv & DB_RX_INAU, | |
5924 | + "klips_debug:ipsec_rcv: bad " | |
5925 | + "authenticator length %d, expected " | |
5926 | + "%d from %s\n", | |
5927 | + ahhlen - ((caddr_t)(ahp->ah_data) - | |
5928 | + (caddr_t)ahp), | |
5929 | + AHHMAC_HASHLEN, | |
5930 | + ipaddr_txt); | |
5931 | + if(stats) { | |
5932 | + stats->rx_errors++; | |
5933 | + } | |
5934 | + goto rcvleave; | |
5935 | + } | |
5936 | + | |
5937 | + } | |
5938 | +#endif /* CONFIG_IPSEC_AH */ | |
5939 | + | |
5940 | + /* | |
5941 | + * The spinlock is to prevent any other process from | |
5942 | + * accessing or deleting the structure while we are | |
5943 | + * using and updating it. | |
5944 | + */ | |
5945 | + spin_lock(&tdb_lock); | |
5946 | + | |
5947 | +#ifdef CONFIG_IPSEC_IPCOMP | |
5948 | + if (proto == IPPROTO_COMP) { | |
5949 | + unsigned int flags = 0; | |
5950 | + if (tdbp == NULL) { | |
5951 | + KLIPS_PRINT(debug_rcv, | |
5952 | + "klips_debug:ipsec_rcv: " | |
5953 | + "Incoming packet with outer IPCOMP " | |
5954 | + "header SA:%s: not yet supported " | |
5955 | + "by KLIPS, dropped\n", sa); | |
5956 | + if(stats) { | |
5957 | + stats->rx_dropped++; | |
5958 | + } | |
5959 | + | |
5960 | + spin_unlock(&tdb_lock); | |
5961 | + goto rcvleave; | |
5962 | + } | |
5963 | + | |
5964 | + tdbprev = tdbp; | |
5965 | + tdbp = tdbnext; | |
5966 | + | |
5967 | + if(sysctl_ipsec_inbound_policy_check | |
5968 | + && ((tdbp == NULL) | |
5969 | + || ((tdbp != NULL) | |
5970 | + && ((ntohl(tdbp->tdb_said.spi) & 0x0000ffff) | |
5971 | + != ntohl(said.spi))))) { | |
5972 | + char sa2[SATOA_BUF]; | |
5973 | + | |
5974 | + if(tdbp) { | |
5975 | + sa_len = satoa(tdbp->tdb_said, 0, sa2, SATOA_BUF); | |
5976 | + } | |
5977 | + KLIPS_PRINT(debug_rcv, | |
5978 | + "klips_debug:ipsec_rcv: " | |
5979 | + "Incoming packet with SA(IPCA):%s " | |
5980 | + "does not match policy SA(IPCA):%s " | |
5981 | + "cpi=%04x cpi->spi=%08x spi=%08x, spi->cpi=%04x for " | |
5982 | + "SA grouping, dropped.\n", | |
5983 | + sa, | |
5984 | + tdbp ? sa2 : "NULL", | |
5985 | + ntohs(compp->ipcomp_cpi), | |
5986 | + (__u32)ntohl(said.spi), | |
5987 | + tdbp ? (__u32)ntohl((tdbp->tdb_said.spi)) : 0, | |
5988 | + tdbp ? (__u16)(ntohl(tdbp->tdb_said.spi) & 0x0000ffff) : 0); | |
5989 | + if(stats) { | |
5990 | + stats->rx_dropped++; | |
5991 | + } | |
5992 | + | |
5993 | + spin_unlock(&tdb_lock); | |
5994 | + goto rcvleave; | |
5995 | + } | |
5996 | + | |
5997 | + if (tdbp) { | |
5998 | + tdbp->tdb_comp_ratio_cbytes += ntohs(ipp->tot_len); | |
5999 | + tdbnext = tdbp->tdb_inext; | |
6000 | + } | |
6001 | + next_header = compp->ipcomp_nh; | |
6002 | + | |
6003 | + skb = skb_decompress(skb, tdbp, &flags); | |
6004 | + if (!skb || flags) { | |
6005 | + KLIPS_PRINT(debug_rcv, | |
6006 | + "klips_debug:ipsec_rcv: " | |
6007 | + "skb_decompress() returned " | |
6008 | + "error flags=%x, dropped.\n", | |
6009 | + flags); | |
6010 | + if (stats) { | |
6011 | + if (flags) | |
6012 | + stats->rx_errors++; | |
6013 | + else | |
6014 | + stats->rx_dropped++; | |
6015 | + } | |
6016 | + | |
6017 | + spin_unlock(&tdb_lock); | |
6018 | + goto rcvleave; | |
6019 | + } | |
6020 | +#ifdef NET_21 | |
6021 | + ipp = skb->nh.iph; | |
6022 | +#else /* NET_21 */ | |
6023 | + ipp = skb->ip_hdr; | |
6024 | +#endif /* NET_21 */ | |
6025 | + | |
6026 | + if (tdbp) { | |
6027 | + tdbp->tdb_comp_ratio_dbytes += ntohs(ipp->tot_len); | |
6028 | + } | |
6029 | + | |
6030 | + KLIPS_PRINT(debug_rcv, | |
6031 | + "klips_debug:ipsec_rcv: " | |
6032 | + "packet decompressed SA(IPCA):%s " | |
6033 | + "cpi->spi=%08x spi=%08x, spi->cpi=%04x, nh=%d.\n", | |
6034 | + sa, | |
6035 | + (__u32)ntohl(said.spi), | |
6036 | + tdbp ? (__u32)ntohl((tdbp->tdb_said.spi)) : 0, | |
6037 | + tdbp ? (__u16)(ntohl(tdbp->tdb_said.spi) & 0x0000ffff) : 0, | |
6038 | + next_header); | |
6039 | + KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp); | |
6040 | + | |
6041 | + continue; | |
6042 | + /* Skip rest of stuff and decapsulate next inner | |
6043 | + packet, if any */ | |
6044 | + } | |
6045 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
6046 | + | |
6047 | + tdbp = gettdb(&said); | |
6048 | + if (tdbp == NULL) { | |
6049 | + spin_unlock(&tdb_lock); | |
6050 | + KLIPS_PRINT(debug_rcv, | |
6051 | + "klips_debug:ipsec_rcv: no Tunnel Descriptor " | |
6052 | + "Block for SA:%s: incoming packet with no SA " | |
6053 | + "dropped\n", sa); | |
6054 | + if(stats) { | |
6055 | + stats->rx_dropped++; | |
6056 | + } | |
6057 | + goto rcvleave; | |
6058 | + } | |
6059 | + | |
6060 | + if(sysctl_ipsec_inbound_policy_check) { | |
6061 | + if(ipp->saddr != ((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr.s_addr) { | |
6062 | + spin_unlock(&tdb_lock); | |
6063 | + ipaddr.s_addr = ipp->saddr; | |
6064 | + addrtoa(ipaddr, 0, ipaddr_txt, sizeof(ipaddr_txt)); | |
6065 | + KLIPS_PRINT(debug_rcv, | |
6066 | + "klips_debug:ipsec_rcv: " | |
6067 | + "SA:%s, src=%s of pkt does not agree with expected SA source address policy.\n", | |
6068 | + sa, ipaddr_txt); | |
6069 | + if(stats) { | |
6070 | + stats->rx_dropped++; | |
6071 | + } | |
6072 | + goto rcvleave; | |
6073 | + } | |
6074 | + { | |
6075 | + ipaddr.s_addr = ipp->saddr; | |
6076 | + addrtoa(ipaddr, 0, ipaddr_txt, sizeof(ipaddr_txt)); | |
6077 | + KLIPS_PRINT(debug_rcv, | |
6078 | + "klips_debug:ipsec_rcv: " | |
6079 | + "SA:%s, src=%s of pkt agrees with expected SA source address policy.\n", | |
6080 | + sa, ipaddr_txt); | |
6081 | + } | |
6082 | + if(tdbnext) { | |
6083 | + if(tdbnext != tdbp) { | |
6084 | + spin_unlock(&tdb_lock); | |
6085 | + KLIPS_PRINT(debug_rcv, | |
6086 | + "klips_debug:ipsec_rcv: " | |
6087 | + "unexpected SA:%s: does not agree with tdb->inext policy, dropped\n", | |
6088 | + sa); | |
6089 | + if(stats) { | |
6090 | + stats->rx_dropped++; | |
6091 | + } | |
6092 | + goto rcvleave; | |
6093 | + } | |
6094 | + KLIPS_PRINT(debug_rcv, | |
6095 | + "klips_debug:ipsec_rcv: " | |
6096 | + "SA:%s grouping from previous SA is OK.\n", | |
6097 | + sa); | |
6098 | + } else { | |
6099 | + KLIPS_PRINT(debug_rcv, | |
6100 | + "klips_debug:ipsec_rcv: " | |
6101 | + "SA:%s First SA in group.\n", | |
6102 | + sa); | |
6103 | + } | |
6104 | + | |
6105 | +#if 1 | |
6106 | + if(tdbp->tdb_onext) { | |
6107 | + if(tdbprev != tdbp->tdb_onext) { | |
6108 | + spin_unlock(&tdb_lock); | |
6109 | + KLIPS_PRINT(debug_rcv, | |
6110 | + "klips_debug:ipsec_rcv: " | |
6111 | + "unexpected SA:%s: does not agree with tdb->onext policy, dropped.\n", | |
6112 | + sa); | |
6113 | + if(stats) { | |
6114 | + stats->rx_dropped++; | |
6115 | + } | |
6116 | + goto rcvleave; | |
6117 | + } else { | |
6118 | + KLIPS_PRINT(debug_rcv, | |
6119 | + "klips_debug:ipsec_rcv: " | |
6120 | + "SA:%s grouping to previous SA is OK.\n", | |
6121 | + sa); | |
6122 | + } | |
6123 | + } else { | |
6124 | + KLIPS_PRINT(debug_rcv, | |
6125 | + "klips_debug:ipsec_rcv: " | |
6126 | + "SA:%s No previous backlink in group.\n", | |
6127 | + sa); | |
6128 | + } | |
6129 | +#endif | |
6130 | + } | |
6131 | + | |
6132 | + /* If it is in larval state, drop the packet, we cannot process yet. */ | |
6133 | + if(tdbp->tdb_state == SADB_SASTATE_LARVAL) { | |
6134 | + spin_unlock(&tdb_lock); | |
6135 | + KLIPS_PRINT(debug_rcv, | |
6136 | + "klips_debug:ipsec_rcv: " | |
6137 | + "TDB in larval state, cannot be used yet, " | |
6138 | + "dropping packet.\n"); | |
6139 | + if(stats) { | |
6140 | + stats->rx_dropped++; | |
6141 | + } | |
6142 | + goto rcvleave; | |
6143 | + } | |
6144 | + | |
6145 | + if(tdbp->tdb_state == SADB_SASTATE_DEAD) { | |
6146 | + spin_unlock(&tdb_lock); | |
6147 | + KLIPS_PRINT(debug_rcv, | |
6148 | + "klips_debug:ipsec_rcv: " | |
6149 | + "TDB in dead state, cannot be used any more, " | |
6150 | + "dropping packet.\n"); | |
6151 | + if(stats) { | |
6152 | + stats->rx_dropped++; | |
6153 | + } | |
6154 | + goto rcvleave; | |
6155 | + } | |
6156 | + | |
6157 | + if(tdbp->tdb_lifetime_bytes_h && | |
6158 | + (tdbp->tdb_lifetime_bytes_c > tdbp->tdb_lifetime_bytes_h)) { | |
6159 | + pfkey_expire(tdbp, 1); | |
6160 | + deltdbchain(tdbp); | |
6161 | + spin_unlock(&tdb_lock); | |
6162 | + KLIPS_PRINT(debug_rcv, | |
6163 | + "klips_debug:ipsec_rcv: " | |
6164 | + "hard bytes lifetime of SA:%s has been reached, " | |
6165 | + "SA expired, incoming packet dropped.\n", sa); | |
6166 | + if(stats) { | |
6167 | + stats->rx_dropped++; | |
6168 | + } | |
6169 | + goto rcvleave; | |
6170 | + } | |
6171 | + if(tdbp->tdb_lifetime_bytes_s && | |
6172 | + (tdbp->tdb_lifetime_bytes_c > tdbp->tdb_lifetime_bytes_s)) { | |
6173 | + tdbp->tdb_state = SADB_SASTATE_DYING; | |
6174 | + KLIPS_PRINT(debug_rcv, | |
6175 | + "klips_debug:ipsec_rcv: " | |
6176 | + "soft bytes lifetime of SA:%s has been reached, " | |
6177 | + "SA expiring, soft expire message sent up, " | |
6178 | + "incoming packet still processed.\n", sa); | |
6179 | + pfkey_expire(tdbp, 0); | |
6180 | + } | |
6181 | + | |
6182 | + if(tdbp->tdb_lifetime_addtime_h && | |
6183 | + ((jiffies / HZ) - tdbp->tdb_lifetime_addtime_c > | |
6184 | + tdbp->tdb_lifetime_addtime_h)) { | |
6185 | + pfkey_expire(tdbp, 1); | |
6186 | + deltdbchain(tdbp); | |
6187 | + spin_unlock(&tdb_lock); | |
6188 | + KLIPS_PRINT(debug_rcv, | |
6189 | + "klips_debug:ipsec_rcv: " | |
6190 | + "hard addtime lifetime of SA:%s has been reached, " | |
6191 | + "SA expired, incoming packet dropped.\n", sa); | |
6192 | + if(stats) { | |
6193 | + stats->rx_dropped++; | |
6194 | + } | |
6195 | + goto rcvleave; | |
6196 | + } | |
6197 | + if(tdbp->tdb_lifetime_addtime_s && | |
6198 | + ((jiffies / HZ) - tdbp->tdb_lifetime_addtime_c > | |
6199 | + tdbp->tdb_lifetime_addtime_s)) { | |
6200 | + tdbp->tdb_state = SADB_SASTATE_DYING; | |
6201 | + KLIPS_PRINT(debug_rcv, | |
6202 | + "klips_debug:ipsec_rcv: " | |
6203 | + "soft addtime lifetime of SA:%s has been reached, " | |
6204 | + "SA expiring, soft expire message sent up, " | |
6205 | + "incoming packet still processed.\n", sa); | |
6206 | + pfkey_expire(tdbp, 0); | |
6207 | + } | |
6208 | + | |
6209 | + if(tdbp->tdb_lifetime_usetime_c) { | |
6210 | + if(tdbp->tdb_lifetime_usetime_h && | |
6211 | + ((jiffies / HZ) - tdbp->tdb_lifetime_usetime_c > | |
6212 | + tdbp->tdb_lifetime_usetime_h)) { | |
6213 | + pfkey_expire(tdbp, 1); | |
6214 | + deltdbchain(tdbp); | |
6215 | + spin_unlock(&tdb_lock); | |
6216 | + KLIPS_PRINT(debug_rcv, | |
6217 | + "klips_debug:ipsec_rcv: " | |
6218 | + "hard usetime lifetime of SA:%s has been reached, " | |
6219 | + "SA expired, incoming packet dropped.\n", sa); | |
6220 | + if(stats) { | |
6221 | + stats->rx_dropped++; | |
6222 | + } | |
6223 | + goto rcvleave; | |
6224 | + } | |
6225 | + if(tdbp->tdb_lifetime_usetime_s && | |
6226 | + ((jiffies / HZ) - tdbp->tdb_lifetime_usetime_c > | |
6227 | + tdbp->tdb_lifetime_usetime_s)) { | |
6228 | + tdbp->tdb_state = SADB_SASTATE_DYING; | |
6229 | + KLIPS_PRINT(debug_rcv, | |
6230 | + "klips_debug:ipsec_rcv: " | |
6231 | + "soft usetime lifetime of SA:%s has been reached, " | |
6232 | + "SA expiring, soft expire message sent up, " | |
6233 | + "incoming packet still processed.\n", sa); | |
6234 | + pfkey_expire(tdbp, 0); | |
6235 | + } | |
6236 | + } | |
6237 | + | |
6238 | + if(tdbp->tdb_lifetime_packets_h && | |
6239 | + (tdbp->tdb_lifetime_packets_c > tdbp->tdb_lifetime_packets_h)) { | |
6240 | + pfkey_expire(tdbp, 1); | |
6241 | + deltdbchain(tdbp); | |
6242 | + spin_unlock(&tdb_lock); | |
6243 | + KLIPS_PRINT(debug_rcv, | |
6244 | + "klips_debug:ipsec_rcv: " | |
6245 | + "hard packets lifetime of SA:%s has been reached, " | |
6246 | + "SA expired, incoming packet dropped.\n", sa); | |
6247 | + if(stats) { | |
6248 | + stats->rx_dropped++; | |
6249 | + } | |
6250 | + goto rcvleave; | |
6251 | + } | |
6252 | + if(tdbp->tdb_lifetime_packets_s && | |
6253 | + (tdbp->tdb_lifetime_packets_c > tdbp->tdb_lifetime_packets_s)) { | |
6254 | + tdbp->tdb_state = SADB_SASTATE_DYING; | |
6255 | + KLIPS_PRINT(debug_rcv, | |
6256 | + "klips_debug:ipsec_rcv: " | |
6257 | + "soft packets lifetime of SA:%s has been reached, " | |
6258 | + "SA expiring, soft expire message sent up, " | |
6259 | + "incoming packet still processed.\n", sa); | |
6260 | + pfkey_expire(tdbp, 0); | |
6261 | + } | |
6262 | + | |
6263 | + /* authenticate, if required */ | |
6264 | + idat = dat + iphlen; | |
6265 | + switch(tdbp->tdb_authalg) { | |
6266 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
6267 | + case AH_MD5: | |
6268 | + authlen = AHHMAC_HASHLEN; | |
6269 | + break; | |
6270 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
6271 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
6272 | + case AH_SHA: | |
6273 | + authlen = AHHMAC_HASHLEN; | |
6274 | + break; | |
6275 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
6276 | + case AH_NONE: | |
6277 | + authlen = 0; | |
6278 | + break; | |
6279 | + default: | |
6280 | + if(stats) { | |
6281 | + stats->rx_errors++; | |
6282 | + } | |
6283 | + tdbp->tdb_alg_errs += 1; | |
6284 | + spin_unlock(&tdb_lock); | |
6285 | + goto rcvleave; | |
6286 | + } | |
6287 | + ilen = len - iphlen - authlen; | |
6288 | + | |
6289 | +#ifdef CONFIG_IPSEC_ESP | |
6290 | + KLIPS_PRINT(proto == IPPROTO_ESP && debug_rcv, | |
6291 | + "klips_debug:ipsec_rcv: packet from %s received with" | |
6292 | + " seq=%d (iv)=0x%08x%08x iplen=%d esplen=%d sa=%s\n", | |
6293 | + ipaddr_txt, | |
6294 | + (__u32)ntohl(espp->esp_rpl), | |
6295 | + (__u32)ntohl(*((__u32 *)(espp->esp_iv) )), | |
6296 | + (__u32)ntohl(*((__u32 *)(espp->esp_iv) + 1)), | |
6297 | + len, ilen, sa); | |
6298 | +#endif /* !CONFIG_IPSEC_ESP */ | |
6299 | + | |
6300 | + switch(proto) { | |
6301 | +#ifdef CONFIG_IPSEC_ESP | |
6302 | + case IPPROTO_ESP: | |
6303 | + replay = ntohl(espp->esp_rpl); | |
6304 | + authenticator = &(dat[len - authlen]); | |
6305 | + break; | |
6306 | +#endif /* !CONFIG_IPSEC_ESP */ | |
6307 | +#ifdef CONFIG_IPSEC_AH | |
6308 | + case IPPROTO_AH: | |
6309 | + replay = ntohl(ahp->ah_rpl); | |
6310 | + authenticator = ahp->ah_data; | |
6311 | + break; | |
6312 | +#endif /* CONFIG_IPSEC_AH */ | |
6313 | + } | |
6314 | + | |
6315 | + /* If the sequence number == 0, expire SA, it had rolled */ | |
6316 | + if(tdbp->tdb_replaywin && !replay /* !tdbp->tdb_replaywin_lastseq */) { | |
6317 | + deltdbchain(tdbp); | |
6318 | + spin_unlock(&tdb_lock); | |
6319 | + KLIPS_PRINT(debug_rcv, | |
6320 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
6321 | + "replay window counter rolled, expiring SA.\n"); | |
6322 | + if(stats) { | |
6323 | + stats->rx_dropped++; | |
6324 | + } | |
6325 | + goto rcvleave; | |
6326 | + } | |
6327 | + | |
6328 | + if (!ipsec_checkreplaywindow(tdbp, replay)) { | |
6329 | + KLIPS_PRINT(debug_rcv & DB_RX_REPLAY, | |
6330 | + "klips_debug:ipsec_rcv: duplicate frame from %s," | |
6331 | + " packet dropped\n", | |
6332 | + ipaddr_txt); | |
6333 | + if(stats) { | |
6334 | + stats->rx_dropped++; | |
6335 | + } | |
6336 | + tdbp->tdb_replaywin_errs += 1; | |
6337 | + spin_unlock(&tdb_lock); | |
6338 | + goto rcvleave; | |
6339 | + } | |
6340 | + | |
6341 | + /* | |
6342 | + * verify authenticator | |
6343 | + */ | |
6344 | + | |
6345 | + KLIPS_PRINT(debug_rcv, | |
6346 | + "klips_debug:ipsec_rcv: encalg = %d, authalg = %d.\n", | |
6347 | + tdbp->tdb_encalg, tdbp->tdb_authalg); | |
6348 | + | |
6349 | + if(tdbp->tdb_authalg) { | |
6350 | + switch(tdbp->tdb_authalg) { | |
6351 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
6352 | + case AH_MD5: | |
6353 | + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->ictx; | |
6354 | + if(proto == IPPROTO_ESP) { | |
6355 | + MD5Update(&tctx.md5, (caddr_t)espp, ilen); | |
6356 | +#ifdef CONFIG_IPSEC_AH | |
6357 | + } else { | |
6358 | + ipo = *ipp; | |
6359 | + ipo.tos = 0; /* mutable RFC 2402 3.3.3.1.1.1 */ | |
6360 | + ipo.frag_off = 0; | |
6361 | + ipo.ttl = 0; | |
6362 | + ipo.check = 0; | |
6363 | + | |
6364 | + MD5Update(&tctx.md5, (caddr_t)&ipo, | |
6365 | + sizeof(struct iphdr)); | |
6366 | + MD5Update(&tctx.md5, (caddr_t)ahp, | |
6367 | + ahhlen - AHHMAC_HASHLEN); | |
6368 | + MD5Update(&tctx.md5, (caddr_t)zeroes, | |
6369 | + AHHMAC_HASHLEN); | |
6370 | + MD5Update(&tctx.md5, | |
6371 | + (caddr_t)dat + iphlen + ahhlen, | |
6372 | + len - iphlen - ahhlen); | |
6373 | +#endif /* CONFIG_IPSEC_AH */ | |
6374 | + } | |
6375 | + MD5Final(hash, &tctx.md5); | |
6376 | + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->octx; | |
6377 | + MD5Update(&tctx.md5, hash, AHMD596_ALEN); | |
6378 | + MD5Final(hash, &tctx.md5); | |
6379 | + break; | |
6380 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
6381 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
6382 | + case AH_SHA: | |
6383 | + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx; | |
6384 | + if(proto == IPPROTO_ESP) { | |
6385 | + SHA1Update(&tctx.sha1, (caddr_t)espp, ilen); | |
6386 | +#ifdef CONFIG_IPSEC_AH | |
6387 | + } else { | |
6388 | + ipo = *ipp; | |
6389 | + ipo.tos = 0; | |
6390 | + ipo.frag_off = 0; | |
6391 | + ipo.ttl = 0; | |
6392 | + ipo.check = 0; | |
6393 | + | |
6394 | + SHA1Update(&tctx.sha1, (caddr_t)&ipo, | |
6395 | + sizeof(struct iphdr)); | |
6396 | + SHA1Update(&tctx.sha1, (caddr_t)ahp, | |
6397 | + ahhlen - AHHMAC_HASHLEN); | |
6398 | + SHA1Update(&tctx.sha1, (caddr_t)zeroes, | |
6399 | + AHHMAC_HASHLEN); | |
6400 | + SHA1Update(&tctx.sha1, | |
6401 | + (caddr_t)dat + iphlen + ahhlen, | |
6402 | + len - iphlen - ahhlen); | |
6403 | +#endif /* CONFIG_IPSEC_AH */ | |
6404 | + } | |
6405 | + SHA1Final(hash, &tctx.sha1); | |
6406 | + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->octx; | |
6407 | + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN); | |
6408 | + SHA1Final(hash, &tctx.sha1); | |
6409 | + break; | |
6410 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
6411 | + case AH_NONE: | |
6412 | + break; | |
6413 | + } | |
6414 | + | |
6415 | + if(!authenticator) { | |
6416 | + if(stats) { | |
6417 | + stats->rx_dropped++; | |
6418 | + } | |
6419 | + tdbp->tdb_auth_errs += 1; | |
6420 | + spin_unlock(&tdb_lock); | |
6421 | + goto rcvleave; | |
6422 | + } | |
6423 | + | |
6424 | + if (memcmp(hash, authenticator, authlen)) { | |
6425 | + KLIPS_PRINT(debug_rcv & DB_RX_INAU, | |
6426 | + "klips_debug:ipsec_rcv: auth failed on incoming " | |
6427 | + "packet from %s: hash=%08x%08x%08x " | |
6428 | + "auth=%08x%08x%08x, dropped\n", ipaddr_txt, | |
6429 | + *(__u32*)&hash[0], | |
6430 | + *(__u32*)&hash[4], | |
6431 | + *(__u32*)&hash[8], | |
6432 | + *(__u32*)authenticator, | |
6433 | + *((__u32*)authenticator + 1), | |
6434 | + *((__u32*)authenticator + 2)); | |
6435 | + if(stats) { | |
6436 | + stats->rx_dropped++; | |
6437 | + } | |
6438 | + tdbp->tdb_auth_errs += 1; | |
6439 | + spin_unlock(&tdb_lock); | |
6440 | + goto rcvleave; | |
6441 | + } else { | |
6442 | + KLIPS_PRINT(debug_rcv, | |
6443 | + "klips_debug:ipsec_rcv: authentication successful.\n"); | |
6444 | + } | |
6445 | + | |
6446 | + memset((caddr_t)&tctx, 0, sizeof(tctx)); | |
6447 | + memset(hash, 0, sizeof(hash)); | |
6448 | + } | |
6449 | + | |
6450 | + if (!ipsec_updatereplaywindow(tdbp, replay)) { | |
6451 | + KLIPS_PRINT(debug_rcv & DB_RX_REPLAY, | |
6452 | + "klips_debug:ipsec_rcv: duplicate frame from %s," | |
6453 | + " packet dropped\n", | |
6454 | + ipaddr_txt); | |
6455 | + if(stats) { | |
6456 | + stats->rx_dropped++; | |
6457 | + } | |
6458 | + tdbp->tdb_replaywin_errs += 1; | |
6459 | + spin_unlock(&tdb_lock); | |
6460 | + goto rcvleave; | |
6461 | + } | |
6462 | + | |
6463 | + switch(proto) { | |
6464 | +#ifdef CONFIG_IPSEC_ESP | |
6465 | + case IPPROTO_ESP: | |
6466 | + switch(tdbp->tdb_encalg) { | |
6467 | + case ESP_3DES: | |
6468 | + iv[0] = *((__u32 *)(espp->esp_iv) ); | |
6469 | + iv[1] = *((__u32 *)(espp->esp_iv) + 1); | |
6470 | + esphlen = sizeof(struct esp); | |
6471 | + break; | |
6472 | + case ESP_NULL: | |
6473 | + esphlen = offsetof(struct esp, esp_iv); | |
6474 | + break; | |
6475 | + default: | |
6476 | + if(stats) { | |
6477 | + stats->rx_errors++; | |
6478 | + } | |
6479 | + tdbp->tdb_alg_errs += 1; | |
6480 | + spin_unlock(&tdb_lock); | |
6481 | + goto rcvleave; | |
6482 | + } | |
6483 | + idat += esphlen; | |
6484 | + ilen -= esphlen; | |
6485 | + | |
6486 | + switch(tdbp->tdb_encalg) { | |
6487 | + case ESP_3DES: | |
6488 | + if ((ilen) % 8) { | |
6489 | + printk("klips_error:ipsec_rcv: " | |
6490 | + "got packet with esplen = %d from %s " | |
6491 | + "-- should be on 8 octet boundary, packet dropped\n", | |
6492 | + ilen, ipaddr_txt); | |
6493 | + if(stats) { | |
6494 | + stats->rx_errors++; | |
6495 | + } | |
6496 | + tdbp->tdb_encsize_errs += 1; | |
6497 | + spin_unlock(&tdb_lock); | |
6498 | + goto rcvleave; | |
6499 | + } | |
6500 | + des_ede3_cbc_encrypt(idat, idat, ilen, | |
6501 | + tdbp->tdb_key_e, | |
6502 | + tdbp->tdb_key_e + sizeof(struct des_eks), | |
6503 | + tdbp->tdb_key_e + 2 * sizeof(struct des_eks), | |
6504 | + (caddr_t)iv, 0); | |
6505 | + break; | |
6506 | + case ESP_NULL: | |
6507 | + break; | |
6508 | + } | |
6509 | + next_header = idat[ilen - 1]; | |
6510 | + padlen = idat[ilen - 2]; | |
6511 | + pad = padlen + 2 + authlen; | |
6512 | + { | |
6513 | + int badpad = 0; | |
6514 | + | |
6515 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
6516 | + "klips_debug:ipsec_rcv: " | |
6517 | + "padlen=%d, contents: 0x<offset>: 0x<value> 0x<value> ...\n", | |
6518 | + padlen); | |
6519 | + | |
6520 | + for (i = 1; i <= padlen; i++) { | |
6521 | + if((i % 16) == 1) { | |
6522 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
6523 | + "klips_debug: %02x:", | |
6524 | + i - 1); | |
6525 | + } | |
6526 | + KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD, | |
6527 | + " %02x", | |
6528 | + idat[ilen - 2 - padlen + i - 1]); | |
6529 | + if(i != idat[ilen - 2 - padlen + i - 1]) { | |
6530 | + badpad = 1; | |
6531 | + } | |
6532 | + if((i % 16) == 0) { | |
6533 | + KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD, | |
6534 | + "\n"); | |
6535 | + } | |
6536 | + } | |
6537 | + if((i % 16) != 1) { | |
6538 | + KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD, | |
6539 | + "\n"); | |
6540 | + } | |
6541 | + if(badpad) { | |
6542 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
6543 | + "klips_debug:ipsec_rcv: " | |
6544 | + "warning, decrypted packet from %s has bad padding\n", | |
6545 | + ipaddr_txt); | |
6546 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
6547 | + "klips_debug:ipsec_rcv: " | |
6548 | + "...may be bad decryption -- not dropped\n"); | |
6549 | + tdbp->tdb_encpad_errs += 1; | |
6550 | + } | |
6551 | + | |
6552 | + KLIPS_PRINT(debug_rcv & DB_RX_IPAD, | |
6553 | + "klips_debug:ipsec_rcv: " | |
6554 | + "packet decrypted from %s: next_header = %d, padding = %d\n", | |
6555 | + ipaddr_txt, | |
6556 | + next_header, | |
6557 | + pad - 2 - authlen); | |
6558 | + } | |
6559 | +#endif /* !CONFIG_IPSEC_ESP */ | |
6560 | +#ifdef CONFIG_IPSEC_AH | |
6561 | + case IPPROTO_AH: | |
6562 | + break; | |
6563 | +#endif /* CONFIG_IPSEC_AH */ | |
6564 | + } | |
6565 | + | |
6566 | + /* | |
6567 | + * Discard the original IP header | |
6568 | + */ | |
6569 | + | |
6570 | + ipp->protocol = next_header; | |
6571 | + | |
6572 | + switch(proto) { | |
6573 | +#ifdef CONFIG_IPSEC_ESP | |
6574 | + case IPPROTO_ESP: | |
6575 | + ipp->tot_len = htons(ntohs(ipp->tot_len) - (esphlen + pad)); | |
6576 | + memmove((void *)(skb->data + esphlen), | |
6577 | + (void *)(skb->data), iphlen); | |
6578 | + if(skb->len < esphlen) { | |
6579 | + spin_unlock(&tdb_lock); | |
6580 | + printk(KERN_WARNING "klips_error:ipsec_rcv: " | |
6581 | + "tried to skb_pull esphlen=%d, %d available. " | |
6582 | + "This should never happen, please report.\n", | |
6583 | + esphlen, (int)(skb->len)); | |
6584 | + goto rcvleave; | |
6585 | + } | |
6586 | + skb_pull(skb, esphlen); | |
6587 | + | |
6588 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
6589 | + "klips_debug:ipsec_rcv: trimming to %d.\n", | |
6590 | + len - esphlen - pad); | |
6591 | + if(pad + esphlen <= len) { | |
6592 | + skb_trim(skb, len - esphlen - pad); | |
6593 | + } else { | |
6594 | + spin_unlock(&tdb_lock); | |
6595 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
6596 | + "klips_debug:ipsec_rcv: bogus packet, size is zero or negative, dropping.\n"); | |
6597 | + goto rcvleave; | |
6598 | + } | |
6599 | + break; | |
6600 | +#endif /* !CONFIG_IPSEC_ESP */ | |
6601 | +#ifdef CONFIG_IPSEC_AH | |
6602 | + case IPPROTO_AH: | |
6603 | + ipp->tot_len = htons(ntohs(ipp->tot_len) - ahhlen); | |
6604 | + memmove((void *)(skb->data + ahhlen), | |
6605 | + (void *)(skb->data), iphlen); | |
6606 | + if(skb->len < ahhlen) { | |
6607 | + spin_unlock(&tdb_lock); | |
6608 | + printk(KERN_WARNING "klips_error:ipsec_rcv: " | |
6609 | + "tried to skb_pull ahhlen=%d, %d available. " | |
6610 | + "This should never happen, please report.\n", | |
6611 | + ahhlen, (int)(skb->len)); | |
6612 | + goto rcvleave; | |
6613 | + } | |
6614 | + skb_pull(skb, ahhlen); | |
6615 | + break; | |
6616 | +#endif /* CONFIG_IPSEC_AH */ | |
6617 | + } | |
6618 | + | |
6619 | + | |
6620 | + /* | |
6621 | + * Adjust pointers | |
6622 | + */ | |
6623 | + | |
6624 | + len = skb->len; | |
6625 | + dat = skb->data; | |
6626 | + | |
6627 | +#ifdef NET_21 | |
6628 | +/* skb->h.ipiph=(struct iphdr *)skb->data; */ | |
6629 | + skb->nh.raw = skb->data; | |
6630 | + skb->h.raw = skb->nh.raw + (skb->nh.iph->ihl << 2); | |
6631 | + | |
6632 | + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); | |
6633 | +#else /* NET_21 */ | |
6634 | + skb->h.iph=(struct iphdr *)skb->data; | |
6635 | + skb->ip_hdr=(struct iphdr *)skb->data; | |
6636 | + memset(skb->proto_priv, 0, sizeof(struct options)); | |
6637 | +#endif /* NET_21 */ | |
6638 | + | |
6639 | + ipp = (struct iphdr *)dat; | |
6640 | + ipp->check = 0; | |
6641 | + ipp->check = ip_fast_csum((unsigned char *)dat, iphlen >> 2); | |
6642 | + | |
6643 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
6644 | + "klips_debug:ipsec_rcv: after <%s%s%s>, SA:%s:\n", | |
6645 | + TDB_XFORM_NAME(tdbp), sa); | |
6646 | + KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp); | |
6647 | + | |
6648 | + skb->protocol = htons(ETH_P_IP); | |
6649 | + skb->ip_summed = 0; | |
6650 | + | |
6651 | + tdbprev = tdbp; | |
6652 | + tdbnext = tdbp->tdb_inext; | |
6653 | + if(sysctl_ipsec_inbound_policy_check) { | |
6654 | + if(tdbnext) { | |
6655 | + if(tdbnext->tdb_onext != tdbp) { | |
6656 | + spin_unlock(&tdb_lock); | |
6657 | + KLIPS_PRINT(debug_rcv, | |
6658 | + "klips_debug:ipsec_rcv: " | |
6659 | + "SA:%s, backpolicy does not agree with fwdpolicy.\n", | |
6660 | + sa); | |
6661 | + if(stats) { | |
6662 | + stats->rx_dropped++; | |
6663 | + } | |
6664 | + goto rcvleave; | |
6665 | + } | |
6666 | + KLIPS_PRINT(debug_rcv, | |
6667 | + "klips_debug:ipsec_rcv: " | |
6668 | + "SA:%s, backpolicy agrees with fwdpolicy.\n", | |
6669 | + sa); | |
6670 | + if(!( (ipp->protocol == IPPROTO_AH ) | |
6671 | + || (ipp->protocol == IPPROTO_ESP ) | |
6672 | + || (ipp->protocol == IPPROTO_IPIP) | |
6673 | +#ifdef CONFIG_IPSEC_IPCOMP | |
6674 | + || (ipp->protocol == IPPROTO_COMP) | |
6675 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
6676 | + )) { | |
6677 | + spin_unlock(&tdb_lock); | |
6678 | + KLIPS_PRINT(debug_rcv, | |
6679 | + "klips_debug:ipsec_rcv: " | |
6680 | + "packet with incomplete policy dropped, last successful SA:%s.\n", | |
6681 | + sa); | |
6682 | + if(stats) { | |
6683 | + stats->rx_dropped++; | |
6684 | + } | |
6685 | + goto rcvleave; | |
6686 | + } | |
6687 | + KLIPS_PRINT(debug_rcv, | |
6688 | + "klips_debug:ipsec_rcv: " | |
6689 | + "SA:%s, Another IPSEC header to process.\n", | |
6690 | + sa); | |
6691 | + } else { | |
6692 | + KLIPS_PRINT(debug_rcv, | |
6693 | + "klips_debug:ipsec_rcv: " | |
6694 | + "No tdb_inext from this SA:%s.\n", | |
6695 | + sa); | |
6696 | + } | |
6697 | + } | |
6698 | + | |
6699 | +#ifdef CONFIG_IPSEC_IPCOMP | |
6700 | + /* update ipcomp ratio counters, even if no ipcomp packet is present */ | |
6701 | + if (tdbnext | |
6702 | + && tdbnext->tdb_said.proto == IPPROTO_COMP | |
6703 | + && ipp->protocol != IPPROTO_COMP) { | |
6704 | + tdbnext->tdb_comp_ratio_cbytes += ntohs(ipp->tot_len); | |
6705 | + tdbnext->tdb_comp_ratio_dbytes += ntohs(ipp->tot_len); | |
6706 | + } | |
6707 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
6708 | + | |
6709 | + tdbp->tdb_lifetime_bytes_c += len; | |
6710 | + if(!tdbp->tdb_lifetime_usetime_c) { | |
6711 | + tdbp->tdb_lifetime_usetime_c = jiffies / HZ; | |
6712 | + } | |
6713 | + tdbp->tdb_lifetime_usetime_l = jiffies / HZ; | |
6714 | + tdbp->tdb_lifetime_packets_c += 1; | |
6715 | + | |
6716 | + /* end decapsulation loop here */ | |
6717 | + } while( (ipp->protocol == IPPROTO_ESP ) | |
6718 | + || (ipp->protocol == IPPROTO_AH ) | |
6719 | +#ifdef CONFIG_IPSEC_IPCOMP | |
6720 | + || (ipp->protocol == IPPROTO_COMP) | |
6721 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
6722 | + ); | |
6723 | + | |
6724 | +#ifdef CONFIG_IPSEC_IPCOMP | |
6725 | + if(tdbnext && tdbnext->tdb_said.proto == IPPROTO_COMP) { | |
6726 | + tdbprev = tdbp; | |
6727 | + tdbp = tdbnext; | |
6728 | + tdbnext = tdbp->tdb_inext; | |
6729 | + } | |
6730 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
6731 | + | |
6732 | + /* | |
6733 | + * XXX this needs to be locked from when it was first looked | |
6734 | + * up in the decapsulation loop. Perhaps it is better to put | |
6735 | + * the IPIP decap inside the loop. | |
6736 | + */ | |
6737 | + if(tdbnext) { | |
6738 | + tdbp = tdbnext; | |
6739 | + sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
6740 | + if(ipp->protocol != IPPROTO_IPIP) { | |
6741 | + spin_unlock(&tdb_lock); | |
6742 | + KLIPS_PRINT(debug_rcv, | |
6743 | + "klips_debug:ipsec_rcv: " | |
6744 | + "SA:%s, Hey! How did this get through? Dropped.\n", | |
6745 | + sa); | |
6746 | + if(stats) { | |
6747 | + stats->rx_dropped++; | |
6748 | + } | |
6749 | + goto rcvleave; | |
6750 | + } | |
6751 | + if(sysctl_ipsec_inbound_policy_check && (tdbnext = tdbp->tdb_inext)) { | |
6752 | + char sa2[SATOA_BUF]; | |
6753 | + sa_len = satoa(tdbnext->tdb_said, 0, sa2, SATOA_BUF); | |
6754 | + spin_unlock(&tdb_lock); | |
6755 | + KLIPS_PRINT(debug_rcv, | |
6756 | + "klips_debug:ipsec_rcv: " | |
6757 | + "unexpected SA:%s after IPIP SA:%s\n", | |
6758 | + sa2, sa); | |
6759 | + if(stats) { | |
6760 | + stats->rx_dropped++; | |
6761 | + } | |
6762 | + goto rcvleave; | |
6763 | + } | |
6764 | + } | |
6765 | + | |
6766 | +#ifdef INBOUND_POLICY_CHECK_eroute | |
6767 | + /* | |
6768 | + Do *not* enable this without thoroughly checking spinlock issues | |
6769 | + first. In particular, nesting an eroute spinlock within a tdb | |
6770 | + spinlock could result in a deadlock. (Well, only on a SMP machine | |
6771 | + under 2.4?) | |
6772 | + */ | |
6773 | + | |
6774 | + /* | |
6775 | + * First things first -- look us up in the erouting tables. | |
6776 | + */ | |
6777 | + matcher.sen_len = sizeof (struct sockaddr_encap); | |
6778 | + matcher.sen_family = AF_ENCAP; | |
6779 | + matcher.sen_type = SENT_IP4; | |
6780 | + if(ipp->protocol == IPPROTO_IPIP) { | |
6781 | + struct iphdr *ipp2; | |
6782 | + | |
6783 | + ipp2 = (struct iphdr*) (((char*)ipp) + (ipp->ihl << 2)); | |
6784 | + matcher.sen_ip_src.s_addr = ipp2->saddr; | |
6785 | + matcher.sen_ip_dst.s_addr = ipp2->daddr; | |
6786 | + } else { | |
6787 | + matcher.sen_ip_src.s_addr = ipp->saddr; | |
6788 | + matcher.sen_ip_dst.s_addr = ipp->daddr; | |
6789 | + } | |
6790 | + | |
6791 | + /* | |
6792 | + * The spinlock is to prevent any other process from accessing or | |
6793 | + * deleting the eroute while we are using and updating it. | |
6794 | + */ | |
6795 | + spin_lock(&eroute_lock); | |
6796 | + | |
6797 | + er = ipsec_findroute(&matcher); | |
6798 | + if(er) { | |
6799 | + policy_said = er->er_said; | |
6800 | + policy_eaddr = er->er_eaddr; | |
6801 | + policy_emask = er->er_emask; | |
6802 | + } | |
6803 | + | |
6804 | + spin_unlock(&eroute_lock); | |
6805 | + | |
6806 | + if(er) { | |
6807 | + /* | |
6808 | + * The spinlock is to prevent any other process from | |
6809 | + * accessing or deleting the tdb while we are using and | |
6810 | + * updating it. | |
6811 | + */ | |
6812 | + /* spin_lock(&tdb_lock); */ | |
6813 | + | |
6814 | + policy_tdb = gettdb(&policy_said); | |
6815 | + if (policy_tdb == NULL) { | |
6816 | + /* spin_unlock(&tdb_lock); */ | |
6817 | + KLIPS_PRINT(debug_rcv, | |
6818 | + "klips_debug:ipsec_rcv: " | |
6819 | + "no Tunnel Descriptor Block for SA%s: " | |
6820 | + "incoming packet with no policy SA, dropped.\n", sa); | |
6821 | + goto rcvleave; | |
6822 | + } | |
6823 | + | |
6824 | + sa_len = satoa(policy_said, 0, sa, SATOA_BUF); | |
6825 | + | |
6826 | + KLIPS_PRINT(debug_rcv, | |
6827 | + "klips_debug:ipsec_rcv: " | |
6828 | + "found policy Tunnel Descriptor Block -- SA:%s\n", sa); | |
6829 | + while(1) { | |
6830 | + if(policy_tdb->tdb_inext) { | |
6831 | + policy_tdb = policy_tdb->tdb_inext; | |
6832 | + } else { | |
6833 | + break; | |
6834 | + } | |
6835 | + } | |
6836 | + if(policy_tdb != tdbp) { | |
6837 | + /* spin_unlock(&tdb_lock); */ | |
6838 | + KLIPS_PRINT(debug_rcv, | |
6839 | + "klips_debug:ipsec_rcv: " | |
6840 | + " Tunnel Descriptor Block for SA%s: " | |
6841 | + "incoming packet with different policy SA, dropped.\n", sa); | |
6842 | + goto rcvleave; | |
6843 | + } | |
6844 | + | |
6845 | + /* spin_unlock(&tdb_lock); */ | |
6846 | + } | |
6847 | +#endif /* INBOUND_POLICY_CHECK_eroute */ | |
6848 | + | |
6849 | + if(ipp->protocol == IPPROTO_IPIP) { | |
6850 | + /* | |
6851 | + * XXX this needs to be locked from when it was first looked | |
6852 | + * up in the decapsulation loop. Perhaps it is better to put | |
6853 | + * the IPIP decap inside the loop. | |
6854 | + */ | |
6855 | + if(tdbp) { | |
6856 | + tdbp->tdb_lifetime_bytes_c += len; | |
6857 | + if(!tdbp->tdb_lifetime_usetime_c) { | |
6858 | + tdbp->tdb_lifetime_usetime_c = jiffies / HZ; | |
6859 | + } | |
6860 | + tdbp->tdb_lifetime_usetime_l = jiffies / HZ; | |
6861 | + tdbp->tdb_lifetime_packets_c += 1; | |
6862 | + } | |
6863 | + | |
6864 | + if(skb->len < iphlen) { | |
6865 | + printk(KERN_WARNING "klips_debug:ipsec_rcv: " | |
6866 | + "tried to skb_pull iphlen=%d, %d available. " | |
6867 | + "This should never happen, please report.\n", | |
6868 | + iphlen, (int)(skb->len)); | |
6869 | + | |
6870 | + spin_unlock(&tdb_lock); | |
6871 | + goto rcvleave; | |
6872 | + } | |
6873 | + skb_pull(skb, iphlen); | |
6874 | + | |
6875 | +#ifdef NET_21 | |
6876 | + ipp = (struct iphdr *)skb->nh.raw = skb->data; | |
6877 | + skb->h.raw = skb->nh.raw + (skb->nh.iph->ihl << 2); | |
6878 | + | |
6879 | + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); | |
6880 | +#else /* NET_21 */ | |
6881 | + ipp = skb->ip_hdr = skb->h.iph = (struct iphdr *)skb->data; | |
6882 | + | |
6883 | + memset(skb->proto_priv, 0, sizeof(struct options)); | |
6884 | +#endif /* NET_21 */ | |
6885 | + | |
6886 | + skb->protocol = htons(ETH_P_IP); | |
6887 | + skb->ip_summed = 0; | |
6888 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
6889 | + "klips_debug:ipsec_rcv: IPIP tunnel stripped.\n"); | |
6890 | + KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp); | |
6891 | + } | |
6892 | + | |
6893 | + spin_unlock(&tdb_lock); | |
6894 | + | |
6895 | +#ifdef NET_21 | |
6896 | + if(stats) { | |
6897 | + stats->rx_bytes += skb->len; | |
6898 | + } | |
6899 | + if(skb->dst) { | |
6900 | + dst_release(skb->dst); | |
6901 | + skb->dst = NULL; | |
6902 | + } | |
6903 | + skb->pkt_type = PACKET_HOST; | |
6904 | + if(hard_header_len && | |
6905 | + (skb->mac.raw != (skb->data - hard_header_len)) && | |
6906 | + (hard_header_len <= skb_headroom(skb))) { | |
6907 | + /* copy back original MAC header */ | |
6908 | + memmove(skb->data - hard_header_len, skb->mac.raw, hard_header_len); | |
6909 | + skb->mac.raw = skb->data - hard_header_len; | |
6910 | + } | |
6911 | +#endif /* NET_21 */ | |
6912 | + | |
6913 | +#ifdef CONFIG_IPSEC_IPCOMP | |
6914 | + if(ipp->protocol == IPPROTO_COMP) { | |
6915 | + unsigned int flags = 0; | |
6916 | + | |
6917 | + if(sysctl_ipsec_inbound_policy_check) { | |
6918 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
6919 | + "klips_debug:ipsec_rcv: " | |
6920 | + "inbound policy checking enabled, IPCOMP follows IPIP, dropped.\n"); | |
6921 | + if (stats) { | |
6922 | + stats->rx_errors++; | |
6923 | + } | |
6924 | + goto rcvleave; | |
6925 | + } | |
6926 | + /* XXX need a tdb for updating ratio counters XXX */ | |
6927 | + skb = skb_decompress(skb, NULL, &flags); | |
6928 | + if (!skb || flags) { | |
6929 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
6930 | + "klips_debug:ipsec_rcv: " | |
6931 | + "skb_decompress() returned error flags: %d, dropped.\n", | |
6932 | + flags); | |
6933 | + if (stats) { | |
6934 | + stats->rx_errors++; | |
6935 | + } | |
6936 | + goto rcvleave; | |
6937 | + } | |
6938 | +#ifdef NET_21 | |
6939 | + ipp = skb->nh.iph; | |
6940 | +#else /* NET_21 */ | |
6941 | + ipp = skb->ip_hdr; | |
6942 | +#endif /* NET_21 */ | |
6943 | + } | |
6944 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
6945 | + | |
6946 | +#ifdef SKB_RESET_NFCT | |
6947 | + nf_conntrack_put(skb->nfct); | |
6948 | + skb->nfct = NULL; | |
6949 | +#ifdef CONFIG_NETFILTER_DEBUG | |
6950 | + skb->nf_debug = 0; | |
6951 | +#endif /* CONFIG_NETFILTER_DEBUG */ | |
6952 | +#endif /* SKB_RESET_NFCT */ | |
6953 | + KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, | |
6954 | + "klips_debug:ipsec_rcv: netif_rx() called.\n"); | |
6955 | + netif_rx(skb); | |
6956 | + | |
6957 | + MOD_DEC_USE_COUNT; | |
6958 | + return(0); | |
6959 | + | |
6960 | + rcvleave: | |
6961 | + if(skb) { | |
6962 | +#ifdef NET_21 | |
6963 | + kfree_skb(skb); | |
6964 | +#else /* NET_21 */ | |
6965 | + kfree_skb(skb, FREE_WRITE); | |
6966 | +#endif /* NET_21 */ | |
6967 | + } | |
6968 | + | |
6969 | + MOD_DEC_USE_COUNT; | |
6970 | + return(0); | |
6971 | +} | |
6972 | + | |
6973 | +struct inet_protocol ah_protocol = | |
6974 | +{ | |
6975 | + ipsec_rcv, /* AH handler */ | |
6976 | + NULL, /* TUNNEL error control */ | |
6977 | + 0, /* next */ | |
6978 | + IPPROTO_AH, /* protocol ID */ | |
6979 | + 0, /* copy */ | |
6980 | + NULL, /* data */ | |
6981 | + "AH" /* name */ | |
6982 | +}; | |
6983 | + | |
6984 | +struct inet_protocol esp_protocol = | |
6985 | +{ | |
6986 | + ipsec_rcv, /* ESP handler */ | |
6987 | + NULL, /* TUNNEL error control */ | |
6988 | + 0, /* next */ | |
6989 | + IPPROTO_ESP, /* protocol ID */ | |
6990 | + 0, /* copy */ | |
6991 | + NULL, /* data */ | |
6992 | + "ESP" /* name */ | |
6993 | +}; | |
6994 | + | |
6995 | +#if 0 | |
6996 | +/* We probably don't want to install a pure IPCOMP protocol handler, but | |
6997 | + only want to handle IPCOMP if it is encapsulated inside an ESP payload | |
6998 | + (which is already handled) */ | |
6999 | +#ifdef CONFIG_IPSEC_IPCOMP | |
7000 | +struct inet_protocol comp_protocol = | |
7001 | +{ | |
7002 | + ipsec_rcv, /* COMP handler */ | |
7003 | + NULL, /* COMP error control */ | |
7004 | + 0, /* next */ | |
7005 | + IPPROTO_COMP, /* protocol ID */ | |
7006 | + 0, /* copy */ | |
7007 | + NULL, /* data */ | |
7008 | + "COMP" /* name */ | |
7009 | +}; | |
7010 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
7011 | +#endif | |
7012 | + | |
7013 | +/* | |
7014 | + * $Log$ | |
7015 | + * Revision 1.74 2000/11/25 03:50:36 rgb | |
7016 | + * Oops fix by minor re-arrangement of code to avoid accessing a freed tdb. | |
7017 | + * | |
7018 | + * Revision 1.73 2000/11/09 20:52:15 rgb | |
7019 | + * More spinlock shuffling, locking earlier and unlocking later in rcv to | |
7020 | + * include ipcomp and prevent races, renaming some tdb variables that got | |
7021 | + * forgotten, moving some unlocks to include tdbs and adding a missing | |
7022 | + * unlock. Thanks to Svenning for some of these. | |
7023 | + * | |
7024 | + * Revision 1.72 2000/11/09 20:11:22 rgb | |
7025 | + * Minor shuffles to fix non-standard kernel config option selection. | |
7026 | + * | |
7027 | + * Revision 1.71 2000/11/06 04:36:18 rgb | |
7028 | + * Ditched spin_lock_irqsave in favour of spin_lock. | |
7029 | + * Minor initial protocol check rewrite. | |
7030 | + * Clean up debug printing. | |
7031 | + * Clean up tdb handling on ipcomp. | |
7032 | + * Fixed transport mode null pointer de-reference without ipcomp. | |
7033 | + * Add Svenning's adaptive content compression. | |
7034 | + * Disabled registration of ipcomp handler. | |
7035 | + * | |
7036 | + * Revision 1.70 2000/10/30 23:41:43 henry | |
7037 | + * Hans-Joerg Hoexer's null-pointer fix | |
7038 | + * | |
7039 | + * Revision 1.69 2000/10/10 18:54:16 rgb | |
7040 | + * Added a fix for incoming policy check with ipcomp enabled but | |
7041 | + * uncompressible. | |
7042 | + * | |
7043 | + * Revision 1.68 2000/09/22 17:53:12 rgb | |
7044 | + * Fixed ipcomp tdb pointers update for policy checking. | |
7045 | + * | |
7046 | + * Revision 1.67 2000/09/21 03:40:58 rgb | |
7047 | + * Added more debugging to try and track down the cpi outward copy problem. | |
7048 | + * | |
7049 | + * Revision 1.66 2000/09/20 04:00:10 rgb | |
7050 | + * Changed static functions to DEBUG_NO_STATIC to reveal function names for | |
7051 | + * debugging oopsen. | |
7052 | + * | |
7053 | + * Revision 1.65 2000/09/19 07:07:16 rgb | |
7054 | + * Added debugging to inbound policy check for ipcomp. | |
7055 | + * Added missing spin_unlocks (thanks Svenning!). | |
7056 | + * Fixed misplaced tdbnext pointers causing mismatched ipip policy check. | |
7057 | + * Protect ipcomp policy check following ipip decap with sysctl switch. | |
7058 | + * | |
7059 | + * Revision 1.64 2000/09/18 21:27:29 rgb | |
7060 | + * 2.0 fixes. | |
7061 | + * | |
7062 | + * Revision 1.63 2000/09/18 02:35:50 rgb | |
7063 | + * Added policy checking to ipcomp and re-enabled policy checking by | |
7064 | + * default. | |
7065 | + * Optimised satoa calls. | |
7066 | + * | |
7067 | + * Revision 1.62 2000/09/17 21:02:32 rgb | |
7068 | + * Clean up debugging, removing slow timestamp debug code. | |
7069 | + * | |
7070 | + * Revision 1.61 2000/09/16 01:07:55 rgb | |
7071 | + * Fixed erroneous ref from struct ipcomp to struct ipcomphdr. | |
7072 | + * | |
7073 | + * Revision 1.60 2000/09/15 11:37:01 rgb | |
7074 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
7075 | + * IPCOMP zlib deflate code. | |
7076 | + * | |
7077 | + * Revision 1.59 2000/09/15 04:56:20 rgb | |
7078 | + * Remove redundant satoa() call, reformat comment. | |
7079 | + * | |
7080 | + * Revision 1.58 2000/09/13 08:00:52 rgb | |
7081 | + * Flick on inbound policy checking. | |
7082 | + * | |
7083 | + * Revision 1.57 2000/09/12 03:22:19 rgb | |
7084 | + * Converted inbound_policy_check to sysctl. | |
7085 | + * Re-enabled policy backcheck. | |
7086 | + * Moved policy checks to top and within tdb lock. | |
7087 | + * | |
7088 | + * Revision 1.56 2000/09/08 19:12:56 rgb | |
7089 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
7090 | + * | |
7091 | + * Revision 1.55 2000/08/28 18:15:46 rgb | |
7092 | + * Added MB's nf-debug reset patch. | |
7093 | + * | |
7094 | + * Revision 1.54 2000/08/27 01:41:26 rgb | |
7095 | + * More minor tweaks to the bad padding debug code. | |
7096 | + * | |
7097 | + * Revision 1.53 2000/08/24 16:54:16 rgb | |
7098 | + * Added KLIPS_PRINTMORE macro to continue lines without KERN_INFO level | |
7099 | + * info. | |
7100 | + * Tidied up device reporting at the start of ipsec_rcv. | |
7101 | + * Tidied up bad padding debugging and processing. | |
7102 | + * | |
7103 | + * Revision 1.52 2000/08/20 21:36:03 rgb | |
7104 | + * Activated pfkey_expire() calls. | |
7105 | + * Added a hard/soft expiry parameter to pfkey_expire(). | |
7106 | + * Added sanity checking to avoid propagating zero or smaller-length skbs | |
7107 | + * from a bogus decryption. | |
7108 | + * Re-arranged the order of soft and hard expiry to conform to RFC2367. | |
7109 | + * Clean up references to CONFIG_IPSEC_PFKEYv2. | |
7110 | + * | |
7111 | + * Revision 1.51 2000/08/18 21:23:30 rgb | |
7112 | + * Improve bad padding warning so that the printk buffer doesn't get | |
7113 | + * trampled. | |
7114 | + * | |
7115 | + * Revision 1.50 2000/08/01 14:51:51 rgb | |
7116 | + * Removed _all_ remaining traces of DES. | |
7117 | + * | |
7118 | + * Revision 1.49 2000/07/28 13:50:53 rgb | |
7119 | + * Changed enet_statistics to net_device_stats and added back compatibility | |
7120 | + * for pre-2.1.19. | |
7121 | + * | |
7122 | + * Revision 1.48 2000/05/10 19:14:40 rgb | |
7123 | + * Only check usetime against soft and hard limits if the tdb has been | |
7124 | + * used. | |
7125 | + * Cast output of ntohl so that the broken prototype doesn't make our | |
7126 | + * compile noisy. | |
7127 | + * | |
7128 | + * Revision 1.47 2000/05/09 17:45:43 rgb | |
7129 | + * Fix replay bitmap corruption bug upon receipt of bogus packet | |
7130 | + * with correct SPI. This was a DoS. | |
7131 | + * | |
7132 | + * Revision 1.46 2000/03/27 02:31:58 rgb | |
7133 | + * Fixed authentication failure printout bug. | |
7134 | + * | |
7135 | + * Revision 1.45 2000/03/22 16:15:37 rgb | |
7136 | + * Fixed renaming of dev_get (MB). | |
7137 | + * | |
7138 | + * Revision 1.44 2000/03/16 08:17:24 rgb | |
7139 | + * Hardcode PF_KEYv2 support. | |
7140 | + * Fixed minor bug checking AH header length. | |
7141 | + * | |
7142 | + * Revision 1.43 2000/03/14 12:26:59 rgb | |
7143 | + * Added skb->nfct support for clearing netfilter conntrack bits (MB). | |
7144 | + * | |
7145 | + * Revision 1.42 2000/01/26 10:04:04 rgb | |
7146 | + * Fixed inbound policy checking on transport mode bug. | |
7147 | + * Fixed noisy 2.0 printk arguments. | |
7148 | + * | |
7149 | + * Revision 1.41 2000/01/24 20:58:02 rgb | |
7150 | + * Improve debugging/reporting support for (disabled) inbound | |
7151 | + * policy checking. | |
7152 | + * | |
7153 | + * Revision 1.40 2000/01/22 23:20:10 rgb | |
7154 | + * Fixed up inboud policy checking code. | |
7155 | + * Cleaned out unused crud. | |
7156 | + * | |
7157 | + * Revision 1.39 2000/01/21 06:15:29 rgb | |
7158 | + * Added sanity checks on skb_push(), skb_pull() to prevent panics. | |
7159 | + * Fixed cut-and-paste debug_tunnel to debug_rcv. | |
7160 | + * Added inbound policy checking code, disabled. | |
7161 | + * Simplified output code by updating ipp to post-IPIP decapsulation. | |
7162 | + * | |
7163 | + * Revision 1.38 1999/12/22 05:08:36 rgb | |
7164 | + * Checked for null skb, skb->dev, skb->data, skb->dev->name, dev->name, | |
7165 | + * protocol and take appropriate action for sanity. | |
7166 | + * Set ipsecdev to NULL if device could not be determined. | |
7167 | + * Fixed NULL stats access bug if device could not be determined. | |
7168 | + * | |
7169 | + * Revision 1.37 1999/12/14 20:07:59 rgb | |
7170 | + * Added a default switch case to catch bogus encalg values. | |
7171 | + * | |
7172 | + * Revision 1.36 1999/12/07 18:57:57 rgb | |
7173 | + * Fix PFKEY symbol compile error (SADB_*) without pfkey enabled. | |
7174 | + * | |
7175 | + * Revision 1.35 1999/12/01 22:15:35 rgb | |
7176 | + * Add checks for LARVAL and DEAD SAs. | |
7177 | + * Change state of SA from MATURE to DYING when a soft lifetime is | |
7178 | + * reached and print debug warning. | |
7179 | + * | |
7180 | + * Revision 1.34 1999/11/23 23:04:03 rgb | |
7181 | + * Use provided macro ADDRTOA_BUF instead of hardcoded value. | |
7182 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
7183 | + * | |
7184 | + * Revision 1.33 1999/11/19 01:10:06 rgb | |
7185 | + * Enable protocol handler structures for static linking. | |
7186 | + * | |
7187 | + * Revision 1.32 1999/11/18 04:09:19 rgb | |
7188 | + * Replaced all kernel version macros to shorter, readable form. | |
7189 | + * | |
7190 | + * Revision 1.31 1999/11/17 15:53:39 rgb | |
7191 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
7192 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
7193 | + * klips/net/ipsec/Makefile. | |
7194 | + * | |
7195 | + * Revision 1.30 1999/10/26 15:09:07 rgb | |
7196 | + * Used debug compiler directives to shut up compiler for decl/assign | |
7197 | + * statement. | |
7198 | + * | |
7199 | + * Revision 1.29 1999/10/16 18:25:37 rgb | |
7200 | + * Moved SA lifetime expiry checks before packet processing. | |
7201 | + * Expire SA on replay counter rollover. | |
7202 | + * | |
7203 | + * Revision 1.28 1999/10/16 04:23:07 rgb | |
7204 | + * Add stats for replaywin_errs, replaywin_max_sequence_difference, | |
7205 | + * authentication errors, encryption size errors, encryption padding | |
7206 | + * errors, and time since last packet. | |
7207 | + * | |
7208 | + * Revision 1.27 1999/10/16 00:30:47 rgb | |
7209 | + * Added SA lifetime counting. | |
7210 | + * | |
7211 | + * Revision 1.26 1999/10/15 22:14:37 rgb | |
7212 | + * Add debugging. | |
7213 | + * | |
7214 | + * Revision 1.25 1999/10/08 18:37:34 rgb | |
7215 | + * Fix end-of-line spacing to sate whining PHMs. | |
7216 | + * | |
7217 | + * Revision 1.24 1999/10/03 18:54:51 rgb | |
7218 | + * Spinlock support for 2.3.xx. | |
7219 | + * Don't forget to undo spinlocks on error! | |
7220 | + * | |
7221 | + * Revision 1.23 1999/10/01 15:44:53 rgb | |
7222 | + * Move spinlock header include to 2.1> scope. | |
7223 | + * | |
7224 | + * Revision 1.22 1999/10/01 00:01:54 rgb | |
7225 | + * Added tdb structure locking. | |
7226 | + * | |
7227 | + * Revision 1.21 1999/09/18 11:42:12 rgb | |
7228 | + * Add Marc Boucher's tcpdump cloned packet fix. | |
7229 | + * | |
7230 | + * Revision 1.20 1999/09/17 23:50:25 rgb | |
7231 | + * Add Marc Boucher's hard_header_len patches. | |
7232 | + * | |
7233 | + * Revision 1.19 1999/09/10 05:31:36 henry | |
7234 | + * tentative fix for 2.0.38-crash bug (move chunk of new code into 2.2 #ifdef) | |
7235 | + * | |
7236 | + * Revision 1.18 1999/08/28 08:28:06 rgb | |
7237 | + * Delete redundant sanity check. | |
7238 | + * | |
7239 | + * Revision 1.17 1999/08/28 02:00:58 rgb | |
7240 | + * Add an extra sanity check for null skbs. | |
7241 | + * | |
7242 | + * Revision 1.16 1999/08/27 05:21:38 rgb | |
7243 | + * Clean up skb->data/raw/nh/h manipulation. | |
7244 | + * Add Marc Boucher's mods to aid tcpdump. | |
7245 | + * | |
7246 | + * Revision 1.15 1999/08/25 14:22:40 rgb | |
7247 | + * Require 4-octet boundary check only for ESP. | |
7248 | + * | |
7249 | + * Revision 1.14 1999/08/11 08:36:44 rgb | |
7250 | + * Add compiler directives to allow configuring out AH, ESP or transforms. | |
7251 | + * | |
7252 | + * Revision 1.13 1999/08/03 17:10:49 rgb | |
7253 | + * Cosmetic fixes and clarification to debug output. | |
7254 | + * | |
7255 | + * Revision 1.12 1999/05/09 03:25:36 rgb | |
7256 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
7257 | + * | |
7258 | + * Revision 1.11 1999/05/08 21:23:57 rgb | |
7259 | + * Add casting to silence the 2.2.x compile. | |
7260 | + * | |
7261 | + * Revision 1.10 1999/05/05 22:02:31 rgb | |
7262 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
7263 | + * | |
7264 | + * Revision 1.9 1999/04/29 15:18:01 rgb | |
7265 | + * hange debugging to respond only to debug_rcv. | |
7266 | + * Change gettdb parameter to a pointer to reduce stack loading and | |
7267 | + * facilitate parameter sanity checking. | |
7268 | + * | |
7269 | + * Revision 1.8 1999/04/15 15:37:24 rgb | |
7270 | + * Forward check changes from POST1_00 branch. | |
7271 | + * | |
7272 | + * Revision 1.4.2.2 1999/04/13 20:32:45 rgb | |
7273 | + * Move null skb sanity check. | |
7274 | + * Silence debug a bit more when off. | |
7275 | + * Use stats more effectively. | |
7276 | + * | |
7277 | + * Revision 1.4.2.1 1999/03/30 17:10:32 rgb | |
7278 | + * Update AH+ESP bugfix. | |
7279 | + * | |
7280 | + * Revision 1.7 1999/04/11 00:28:59 henry | |
7281 | + * GPL boilerplate | |
7282 | + * | |
7283 | + * Revision 1.6 1999/04/06 04:54:27 rgb | |
7284 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
7285 | + * patch shell fixes. | |
7286 | + * | |
7287 | + * Revision 1.5 1999/03/17 15:39:23 rgb | |
7288 | + * Code clean-up. | |
7289 | + * Bundling bug fix. | |
7290 | + * ESP_NULL esphlen and IV bug fix. | |
7291 | + * | |
7292 | + * Revision 1.4 1999/02/17 16:51:02 rgb | |
7293 | + * Ditch NET_IPIP dependancy. | |
7294 | + * Decapsulate recursively for an entire bundle. | |
7295 | + * | |
7296 | + * Revision 1.3 1999/02/12 21:22:47 rgb | |
7297 | + * Convert debugging printks to KLIPS_PRINT macro. | |
7298 | + * Clean-up cruft. | |
7299 | + * Process IPIP tunnels internally. | |
7300 | + * | |
7301 | + * Revision 1.2 1999/01/26 02:07:36 rgb | |
7302 | + * Clean up debug code when switched off. | |
7303 | + * Remove references to INET_GET_PROTOCOL. | |
7304 | + * | |
7305 | + * Revision 1.1 1999/01/21 20:29:11 rgb | |
7306 | + * Converted from transform switching to algorithm switching. | |
7307 | + * | |
7308 | + * | |
7309 | + * Id: ipsec_esp.c,v 1.16 1998/12/02 03:08:11 rgb Exp $ | |
7310 | + * | |
7311 | + * Log: ipsec_esp.c,v $ | |
7312 | + * Revision 1.16 1998/12/02 03:08:11 rgb | |
7313 | + * Fix incoming I/F bug in AH and clean up inconsistencies in the I/F | |
7314 | + * discovery routine in both AH and ESP. | |
7315 | + * | |
7316 | + * Revision 1.15 1998/11/30 13:22:51 rgb | |
7317 | + * Rationalised all the klips kernel file headers. They are much shorter | |
7318 | + * now and won't conflict under RH5.2. | |
7319 | + * | |
7320 | + * Revision 1.14 1998/11/10 05:55:37 rgb | |
7321 | + * Add even more detail to 'wrong I/F' debug statement. | |
7322 | + * | |
7323 | + * Revision 1.13 1998/11/10 05:01:30 rgb | |
7324 | + * Clean up debug output to be quiet when disabled. | |
7325 | + * Add more detail to 'wrong I/F' debug statement. | |
7326 | + * | |
7327 | + * Revision 1.12 1998/10/31 06:39:32 rgb | |
7328 | + * Fixed up comments in #endif directives. | |
7329 | + * Tidied up debug printk output. | |
7330 | + * Convert to addrtoa and satoa where possible. | |
7331 | + * | |
7332 | + * Revision 1.11 1998/10/27 00:49:30 rgb | |
7333 | + * AH+ESP bundling bug has been squished. | |
7334 | + * Cosmetic brace fixing in code. | |
7335 | + * Newlines added before calls to ipsec_print_ip. | |
7336 | + * Fix debug output function ID's. | |
7337 | + * | |
7338 | + * Revision 1.10 1998/10/22 06:37:22 rgb | |
7339 | + * Fixed run-on error message to fit 80 columns. | |
7340 | + * | |
7341 | + * Revision 1.9 1998/10/20 02:41:04 rgb | |
7342 | + * Fixed a replay window size sanity test bug. | |
7343 | + * | |
7344 | + * Revision 1.8 1998/10/19 18:55:27 rgb | |
7345 | + * Added inclusion of freeswan.h. | |
7346 | + * sa_id structure implemented and used: now includes protocol. | |
7347 | + * \n bugfix to printk debug message. | |
7348 | + * | |
7349 | + * Revision 1.7 1998/10/09 04:23:03 rgb | |
7350 | + * Fixed possible DoS caused by invalid transform called from an ESP | |
7351 | + * packet. This should not be a problem when protocol is added to the SA. | |
7352 | + * Sanity check added for null xf_input routine. Sanity check added for null | |
7353 | + * socket buffer returned from xf_input routine. | |
7354 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
7355 | + * | |
7356 | + * Revision 1.6 1998/07/14 15:56:04 rgb | |
7357 | + * Set sdb->dev to virtual ipsec I/F. | |
7358 | + * | |
7359 | + * Revision 1.5 1998/06/30 18:07:46 rgb | |
7360 | + * Change for ah/esp_protocol stuct visible only if module. | |
7361 | + * | |
7362 | + * Revision 1.4 1998/06/30 00:12:46 rgb | |
7363 | + * Clean up a module compile error. | |
7364 | + * | |
7365 | + * Revision 1.3 1998/06/25 19:28:06 rgb | |
7366 | + * Readjust premature unloading of module on packet receipt. | |
7367 | + * Make protocol structure abailable to rest of kernel. | |
7368 | + * Use macro for protocol number. | |
7369 | + * | |
7370 | + * Revision 1.2 1998/06/23 02:49:34 rgb | |
7371 | + * Fix minor #include bug that prevented compiling without debugging. | |
7372 | + * Added code to check for presence of IPIP protocol if an incoming packet | |
7373 | + * is IPIP encapped. | |
7374 | + * | |
7375 | + * Revision 1.1 1998/06/18 21:27:44 henry | |
7376 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
7377 | + * kernel-build scripts happier in the presence of symlinks | |
7378 | + * | |
7379 | + * Revision 1.9 1998/06/14 23:48:42 rgb | |
7380 | + * Fix I/F name comparison oops bug. | |
7381 | + * | |
7382 | + * Revision 1.8 1998/06/11 07:20:04 rgb | |
7383 | + * Stats fixed for rx_packets. | |
7384 | + * | |
7385 | + * Revision 1.7 1998/06/11 05:53:34 rgb | |
7386 | + * Added stats for rx error and good packet reporting. | |
7387 | + * | |
7388 | + * Revision 1.6 1998/06/05 02:27:28 rgb | |
7389 | + * Add rx_errors stats. | |
7390 | + * Fix DoS bug: skb's not being freed on dropped packets. | |
7391 | + * | |
7392 | + * Revision 1.5 1998/05/27 21:21:29 rgb | |
7393 | + * Fix DoS potential bug. skb was not being freed if the packet was bad. | |
7394 | + * | |
7395 | + * Revision 1.4 1998/05/18 22:31:37 rgb | |
7396 | + * Minor change in debug output and comments. | |
7397 | + * | |
7398 | + * Revision 1.3 1998/04/21 21:29:02 rgb | |
7399 | + * Rearrange debug switches to change on the fly debug output from user | |
7400 | + * space. Only kernel changes checked in at this time. radij.c was also | |
7401 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
7402 | + * an OOPS and hence, netlink device open errors. | |
7403 | + * | |
7404 | + * Revision 1.2 1998/04/12 22:03:19 rgb | |
7405 | + * Updated ESP-3DES-HMAC-MD5-96, | |
7406 | + * ESP-DES-HMAC-MD5-96, | |
7407 | + * AH-HMAC-MD5-96, | |
7408 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
7409 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
7410 | + * | |
7411 | + * Fixed eroute references in /proc/net/ipsec*. | |
7412 | + * | |
7413 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
7414 | + * radij tree unloading. | |
7415 | + * | |
7416 | + * Revision 1.1 1998/04/09 03:05:59 henry | |
7417 | + * sources moved up from linux/net/ipsec | |
7418 | + * | |
7419 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
7420 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
7421 | + * | |
7422 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
7423 | + * Minor cosmetic changes. | |
7424 | + * | |
7425 | + * Revision 0.3 1996/11/20 14:35:48 ji | |
7426 | + * Minor Cleanup. | |
7427 | + * Rationalized debugging code. | |
7428 | + * | |
7429 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
7430 | + * First limited release. | |
7431 | + * | |
7432 | + * | |
7433 | + */ | |
7434 | diff -druN linux-noipsec/net/ipsec/ipsec_rcv.h linux/net/ipsec/ipsec_rcv.h | |
7435 | --- linux-noipsec/net/ipsec/ipsec_rcv.h Thu Jan 1 01:00:00 1970 | |
7436 | +++ linux/net/ipsec/ipsec_rcv.h Thu Sep 21 06:34:21 2000 | |
7437 | @@ -0,0 +1,161 @@ | |
7438 | +/* | |
7439 | + * | |
7440 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
7441 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
7442 | + * | |
7443 | + * This program is free software; you can redistribute it and/or modify it | |
7444 | + * under the terms of the GNU General Public License as published by the | |
7445 | + * Free Software Foundation; either version 2 of the License, or (at your | |
7446 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
7447 | + * | |
7448 | + * This program is distributed in the hope that it will be useful, but | |
7449 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
7450 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
7451 | + * for more details. | |
7452 | + * | |
7453 | + * RCSID $Id$ | |
7454 | + */ | |
7455 | + | |
7456 | +#define DB_RX_PKTRX 0x0001 | |
7457 | +#define DB_RX_PKTRX2 0x0002 | |
7458 | +#define DB_RX_DMP 0x0004 | |
7459 | +#define DB_RX_TDB 0x0010 | |
7460 | +#define DB_RX_XF 0x0020 | |
7461 | +#define DB_RX_IPAD 0x0040 | |
7462 | +#define DB_RX_INAU 0x0080 | |
7463 | +#define DB_RX_OINFO 0x0100 | |
7464 | +#define DB_RX_OINFO2 0x0200 | |
7465 | +#define DB_RX_OH 0x0400 | |
7466 | +#define DB_RX_REPLAY 0x0800 | |
7467 | + | |
7468 | +#ifdef __KERNEL__ | |
7469 | +/* struct options; */ | |
7470 | + | |
7471 | +#define __NO_VERSION__ | |
7472 | +#include <linux/module.h> | |
7473 | +#include <linux/config.h> /* for CONFIG_IP_FORWARD */ | |
7474 | +#include <linux/version.h> | |
7475 | +#include <freeswan.h> | |
7476 | + | |
7477 | +extern int | |
7478 | +ipsec_rcv(struct sk_buff *skb, | |
7479 | +#ifdef NET_21 | |
7480 | + unsigned short xlen); | |
7481 | +#else /* NET_21 */ | |
7482 | + struct device *dev, | |
7483 | + struct options *opt, | |
7484 | + __u32 daddr, | |
7485 | + unsigned short len, | |
7486 | + __u32 saddr, | |
7487 | + int redo, | |
7488 | + struct inet_protocol *protocol); | |
7489 | +#endif /* NET_21 */ | |
7490 | + | |
7491 | +#ifdef CONFIG_IPSEC_DEBUG | |
7492 | +extern int debug_rcv; | |
7493 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
7494 | +extern int sysctl_ipsec_inbound_policy_check; | |
7495 | +#endif __KERNEL__ | |
7496 | + | |
7497 | +/* | |
7498 | + * $Log$ | |
7499 | + * Revision 1.11 2000/09/21 04:34:21 rgb | |
7500 | + * Moved declaration of sysctl_ipsec_inbound_policy_check outside | |
7501 | + * CONFIG_IPSEC_DEBUG. (MB) | |
7502 | + * | |
7503 | + * Revision 1.10 2000/09/18 02:36:10 rgb | |
7504 | + * Exported sysctl_ipsec_inbound_policy_check for skb_decompress(). | |
7505 | + * | |
7506 | + * Revision 1.9 2000/09/08 19:12:56 rgb | |
7507 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
7508 | + * | |
7509 | + * Revision 1.8 1999/11/18 04:09:19 rgb | |
7510 | + * Replaced all kernel version macros to shorter, readable form. | |
7511 | + * | |
7512 | + * Revision 1.7 1999/05/25 01:45:37 rgb | |
7513 | + * Fix version macros for 2.0.x as a module. | |
7514 | + * | |
7515 | + * Revision 1.6 1999/05/08 21:24:27 rgb | |
7516 | + * Add includes for 2.2.x include into net/ipv4/protocol.c | |
7517 | + * | |
7518 | + * Revision 1.5 1999/05/05 22:02:32 rgb | |
7519 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
7520 | + * | |
7521 | + * Revision 1.4 1999/04/11 00:28:59 henry | |
7522 | + * GPL boilerplate | |
7523 | + * | |
7524 | + * Revision 1.3 1999/04/06 04:54:27 rgb | |
7525 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
7526 | + * patch shell fixes. | |
7527 | + * | |
7528 | + * Revision 1.2 1999/01/22 20:06:59 rgb | |
7529 | + * Fixed cut-and-paste error from ipsec_esp.h. | |
7530 | + * | |
7531 | + * Revision 1.1 1999/01/21 20:29:12 rgb | |
7532 | + * Converted from transform switching to algorithm switching. | |
7533 | + * | |
7534 | + * Log: ipsec_esp.h,v | |
7535 | + * Revision 1.4 1998/08/12 00:07:32 rgb | |
7536 | + * Added data structures for new xforms: null, {,3}dessha1. | |
7537 | + * | |
7538 | + * Revision 1.3 1998/07/14 15:57:01 rgb | |
7539 | + * Add #ifdef __KERNEL__ to protect kernel-only structures. | |
7540 | + * | |
7541 | + * Revision 1.2 1998/06/25 19:33:46 rgb | |
7542 | + * Add prototype for protocol receive function. | |
7543 | + * Rearrange for more logical layout. | |
7544 | + * | |
7545 | + * Revision 1.1 1998/06/18 21:27:45 henry | |
7546 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
7547 | + * kernel-build scripts happier in the presence of symlinks | |
7548 | + * | |
7549 | + * Revision 1.6 1998/06/05 02:28:08 rgb | |
7550 | + * Minor comment fix. | |
7551 | + * | |
7552 | + * Revision 1.5 1998/05/27 22:34:00 rgb | |
7553 | + * Changed structures to accomodate key separation. | |
7554 | + * | |
7555 | + * Revision 1.4 1998/05/18 22:28:43 rgb | |
7556 | + * Disable key printing facilities from /proc/net/ipsec_*. | |
7557 | + * | |
7558 | + * Revision 1.3 1998/04/21 21:29:07 rgb | |
7559 | + * Rearrange debug switches to change on the fly debug output from user | |
7560 | + * space. Only kernel changes checked in at this time. radij.c was also | |
7561 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
7562 | + * an OOPS and hence, netlink device open errors. | |
7563 | + * | |
7564 | + * Revision 1.2 1998/04/12 22:03:20 rgb | |
7565 | + * Updated ESP-3DES-HMAC-MD5-96, | |
7566 | + * ESP-DES-HMAC-MD5-96, | |
7567 | + * AH-HMAC-MD5-96, | |
7568 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
7569 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
7570 | + * | |
7571 | + * Fixed eroute references in /proc/net/ipsec*. | |
7572 | + * | |
7573 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
7574 | + * radij tree unloading. | |
7575 | + * | |
7576 | + * Revision 1.1 1998/04/09 03:06:00 henry | |
7577 | + * sources moved up from linux/net/ipsec | |
7578 | + * | |
7579 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
7580 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
7581 | + * | |
7582 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
7583 | + * Added ESP-3DES-MD5-96 transform. | |
7584 | + * | |
7585 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
7586 | + * Added definitions for new ESP transforms. | |
7587 | + * | |
7588 | + * Revision 0.3 1996/11/20 14:35:48 ji | |
7589 | + * Minor Cleanup. | |
7590 | + * Rationalized debugging code. | |
7591 | + * | |
7592 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
7593 | + * First limited release. | |
7594 | + * | |
7595 | + * | |
7596 | + */ | |
7597 | + | |
7598 | + | |
7599 | diff -druN linux-noipsec/net/ipsec/ipsec_sha1.c linux/net/ipsec/ipsec_sha1.c | |
7600 | --- linux-noipsec/net/ipsec/ipsec_sha1.c Thu Jan 1 01:00:00 1970 | |
7601 | +++ linux/net/ipsec/ipsec_sha1.c Mon Dec 13 14:59:13 1999 | |
7602 | @@ -0,0 +1,201 @@ | |
7603 | +/* | |
7604 | + * RCSID $Id$ | |
7605 | + */ | |
7606 | + | |
7607 | +/* | |
7608 | + * The rest of the code is derived from sha1.c by Steve Reid, which is | |
7609 | + * public domain. | |
7610 | + * Minor cosmetic changes to accomodate it in the Linux kernel by ji. | |
7611 | + */ | |
7612 | + | |
7613 | +#include <asm/byteorder.h> | |
7614 | +#include <linux/string.h> | |
7615 | + | |
7616 | +#include "ipsec_sha1.h" | |
7617 | + | |
7618 | +#if defined(rol) | |
7619 | +#undef rol | |
7620 | +#endif | |
7621 | + | |
7622 | +#define SHA1HANDSOFF | |
7623 | + | |
7624 | +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) | |
7625 | + | |
7626 | +/* blk0() and blk() perform the initial expand. */ | |
7627 | +/* I got the idea of expanding during the round function from SSLeay */ | |
7628 | +#ifdef __LITTLE_ENDIAN | |
7629 | +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ | |
7630 | + |(rol(block->l[i],8)&0x00FF00FF)) | |
7631 | +#else | |
7632 | +#define blk0(i) block->l[i] | |
7633 | +#endif | |
7634 | +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ | |
7635 | + ^block->l[(i+2)&15]^block->l[i&15],1)) | |
7636 | + | |
7637 | +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ | |
7638 | +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); | |
7639 | +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); | |
7640 | +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); | |
7641 | +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); | |
7642 | +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); | |
7643 | + | |
7644 | + | |
7645 | +/* Hash a single 512-bit block. This is the core of the algorithm. */ | |
7646 | + | |
7647 | +void SHA1Transform(__u32 state[5], __u8 buffer[64]) | |
7648 | +{ | |
7649 | +__u32 a, b, c, d, e; | |
7650 | +typedef union { | |
7651 | + unsigned char c[64]; | |
7652 | + __u32 l[16]; | |
7653 | +} CHAR64LONG16; | |
7654 | +CHAR64LONG16* block; | |
7655 | +#ifdef SHA1HANDSOFF | |
7656 | +static unsigned char workspace[64]; | |
7657 | + block = (CHAR64LONG16*)workspace; | |
7658 | + memcpy(block, buffer, 64); | |
7659 | +#else | |
7660 | + block = (CHAR64LONG16*)buffer; | |
7661 | +#endif | |
7662 | + /* Copy context->state[] to working vars */ | |
7663 | + a = state[0]; | |
7664 | + b = state[1]; | |
7665 | + c = state[2]; | |
7666 | + d = state[3]; | |
7667 | + e = state[4]; | |
7668 | + /* 4 rounds of 20 operations each. Loop unrolled. */ | |
7669 | + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); | |
7670 | + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); | |
7671 | + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); | |
7672 | + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); | |
7673 | + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); | |
7674 | + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); | |
7675 | + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); | |
7676 | + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); | |
7677 | + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); | |
7678 | + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); | |
7679 | + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); | |
7680 | + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); | |
7681 | + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); | |
7682 | + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); | |
7683 | + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); | |
7684 | + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); | |
7685 | + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); | |
7686 | + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); | |
7687 | + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); | |
7688 | + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); | |
7689 | + /* Add the working vars back into context.state[] */ | |
7690 | + state[0] += a; | |
7691 | + state[1] += b; | |
7692 | + state[2] += c; | |
7693 | + state[3] += d; | |
7694 | + state[4] += e; | |
7695 | + /* Wipe variables */ | |
7696 | + a = b = c = d = e = 0; | |
7697 | +} | |
7698 | + | |
7699 | + | |
7700 | +/* SHA1Init - Initialize new context */ | |
7701 | + | |
7702 | +void SHA1Init(SHA1_CTX* context) | |
7703 | +{ | |
7704 | + /* SHA1 initialization constants */ | |
7705 | + context->state[0] = 0x67452301; | |
7706 | + context->state[1] = 0xEFCDAB89; | |
7707 | + context->state[2] = 0x98BADCFE; | |
7708 | + context->state[3] = 0x10325476; | |
7709 | + context->state[4] = 0xC3D2E1F0; | |
7710 | + context->count[0] = context->count[1] = 0; | |
7711 | +} | |
7712 | + | |
7713 | + | |
7714 | +/* Run your data through this. */ | |
7715 | + | |
7716 | +void SHA1Update(SHA1_CTX* context, unsigned char* data, __u32 len) | |
7717 | +{ | |
7718 | +__u32 i, j; | |
7719 | + | |
7720 | + j = context->count[0]; | |
7721 | + if ((context->count[0] += len << 3) < j) | |
7722 | + context->count[1]++; | |
7723 | + context->count[1] += (len>>29); | |
7724 | + j = (j >> 3) & 63; | |
7725 | + if ((j + len) > 63) { | |
7726 | + memcpy(&context->buffer[j], data, (i = 64-j)); | |
7727 | + SHA1Transform(context->state, context->buffer); | |
7728 | + for ( ; i + 63 < len; i += 64) { | |
7729 | + SHA1Transform(context->state, &data[i]); | |
7730 | + } | |
7731 | + j = 0; | |
7732 | + } | |
7733 | + else i = 0; | |
7734 | + memcpy(&context->buffer[j], &data[i], len - i); | |
7735 | +} | |
7736 | + | |
7737 | + | |
7738 | +/* Add padding and return the message digest. */ | |
7739 | + | |
7740 | +void SHA1Final(unsigned char digest[20], SHA1_CTX* context) | |
7741 | +{ | |
7742 | +__u32 i, j; | |
7743 | +unsigned char finalcount[8]; | |
7744 | + | |
7745 | + for (i = 0; i < 8; i++) { | |
7746 | + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] | |
7747 | + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ | |
7748 | + } | |
7749 | + SHA1Update(context, (unsigned char *)"\200", 1); | |
7750 | + while ((context->count[0] & 504) != 448) { | |
7751 | + SHA1Update(context, (unsigned char *)"\0", 1); | |
7752 | + } | |
7753 | + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ | |
7754 | + for (i = 0; i < 20; i++) { | |
7755 | + digest[i] = (unsigned char) | |
7756 | + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); | |
7757 | + } | |
7758 | + /* Wipe variables */ | |
7759 | + i = j = 0; | |
7760 | + memset(context->buffer, 0, 64); | |
7761 | + memset(context->state, 0, 20); | |
7762 | + memset(context->count, 0, 8); | |
7763 | + memset(&finalcount, 0, 8); | |
7764 | +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */ | |
7765 | + SHA1Transform(context->state, context->buffer); | |
7766 | +#endif | |
7767 | +} | |
7768 | + | |
7769 | + | |
7770 | +/* | |
7771 | + * $Log$ | |
7772 | + * Revision 1.5 1999/12/13 13:59:13 rgb | |
7773 | + * Quick fix to argument size to Update bugs. | |
7774 | + * | |
7775 | + * Revision 1.4 1999/04/11 00:29:00 henry | |
7776 | + * GPL boilerplate | |
7777 | + * | |
7778 | + * Revision 1.3 1999/04/06 04:54:27 rgb | |
7779 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
7780 | + * patch shell fixes. | |
7781 | + * | |
7782 | + * Revision 1.2 1999/01/22 06:55:50 rgb | |
7783 | + * 64-bit clean-up. | |
7784 | + * | |
7785 | + * Revision 1.1 1998/06/18 21:27:50 henry | |
7786 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
7787 | + * kernel-build scripts happier in the presence of symlinks | |
7788 | + * | |
7789 | + * Revision 1.2 1998/04/23 20:54:04 rgb | |
7790 | + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when | |
7791 | + * verified. | |
7792 | + * | |
7793 | + * Revision 1.1 1998/04/09 03:06:11 henry | |
7794 | + * sources moved up from linux/net/ipsec | |
7795 | + * | |
7796 | + * Revision 1.1.1.1 1998/04/08 05:35:05 henry | |
7797 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
7798 | + * | |
7799 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
7800 | + * New transform | |
7801 | + * | |
7802 | + * | |
7803 | + */ | |
7804 | diff -druN linux-noipsec/net/ipsec/ipsec_sha1.h linux/net/ipsec/ipsec_sha1.h | |
7805 | --- linux-noipsec/net/ipsec/ipsec_sha1.h Thu Jan 1 01:00:00 1970 | |
7806 | +++ linux/net/ipsec/ipsec_sha1.h Mon Dec 13 14:59:13 1999 | |
7807 | @@ -0,0 +1,68 @@ | |
7808 | +/* | |
7809 | + * RCSID $Id$ | |
7810 | + */ | |
7811 | + | |
7812 | +/* | |
7813 | + * Here is the original comment from the distribution: | |
7814 | + | |
7815 | +SHA-1 in C | |
7816 | +By Steve Reid <steve@edmweb.com> | |
7817 | +100% Public Domain | |
7818 | + | |
7819 | + * Adapted for use by the IPSEC code by John Ioannidis | |
7820 | + */ | |
7821 | + | |
7822 | + | |
7823 | +#ifndef _IPSEC_SHA1_H_ | |
7824 | +#define _IPSEC_SHA1_H_ | |
7825 | + | |
7826 | +typedef struct | |
7827 | +{ | |
7828 | + __u32 state[5]; | |
7829 | + __u32 count[2]; | |
7830 | + __u8 buffer[64]; | |
7831 | +} SHA1_CTX; | |
7832 | + | |
7833 | +void SHA1Transform(__u32 state[5], __u8 buffer[64]); | |
7834 | +void SHA1Init(SHA1_CTX *context); | |
7835 | +void SHA1Update(SHA1_CTX *context, unsigned char *data, __u32 len); | |
7836 | +void SHA1Final(unsigned char digest[20], SHA1_CTX *context); | |
7837 | + | |
7838 | + | |
7839 | +#endif /* _IPSEC_SHA1_H_ */ | |
7840 | + | |
7841 | +/* | |
7842 | + * $Log$ | |
7843 | + * Revision 1.5 1999/12/13 13:59:13 rgb | |
7844 | + * Quick fix to argument size to Update bugs. | |
7845 | + * | |
7846 | + * Revision 1.4 1999/12/07 18:16:23 rgb | |
7847 | + * Fixed comments at end of #endif lines. | |
7848 | + * | |
7849 | + * Revision 1.3 1999/04/06 04:54:27 rgb | |
7850 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
7851 | + * patch shell fixes. | |
7852 | + * | |
7853 | + * Revision 1.2 1998/11/30 13:22:54 rgb | |
7854 | + * Rationalised all the klips kernel file headers. They are much shorter | |
7855 | + * now and won't conflict under RH5.2. | |
7856 | + * | |
7857 | + * Revision 1.1 1998/06/18 21:27:50 henry | |
7858 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
7859 | + * kernel-build scripts happier in the presence of symlinks | |
7860 | + * | |
7861 | + * Revision 1.2 1998/04/23 20:54:05 rgb | |
7862 | + * Fixed md5 and sha1 include file nesting issues, to be cleaned up when | |
7863 | + * verified. | |
7864 | + * | |
7865 | + * Revision 1.1 1998/04/09 03:04:21 henry | |
7866 | + * sources moved up from linux/net/ipsec | |
7867 | + * these two include files modified not to include others except in kernel | |
7868 | + * | |
7869 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
7870 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
7871 | + * | |
7872 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
7873 | + * New transform | |
7874 | + * | |
7875 | + */ | |
7876 | diff -druN linux-noipsec/net/ipsec/ipsec_tunnel.c linux/net/ipsec/ipsec_tunnel.c | |
7877 | --- linux-noipsec/net/ipsec/ipsec_tunnel.c Thu Jan 1 01:00:00 1970 | |
7878 | +++ linux/net/ipsec/ipsec_tunnel.c Thu Nov 9 21:52:15 2000 | |
7879 | @@ -0,0 +1,3065 @@ | |
7880 | +/* | |
7881 | + * IPSEC Tunneling code. Heavily based on drivers/net/new_tunnel.c | |
7882 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
7883 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
7884 | + * | |
7885 | + * This program is free software; you can redistribute it and/or modify it | |
7886 | + * under the terms of the GNU General Public License as published by the | |
7887 | + * Free Software Foundation; either version 2 of the License, or (at your | |
7888 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
7889 | + * | |
7890 | + * This program is distributed in the hope that it will be useful, but | |
7891 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
7892 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
7893 | + * for more details. | |
7894 | + */ | |
7895 | + | |
7896 | +char ipsec_tunnel_c_version[] = "RCSID $Id$"; | |
7897 | + | |
7898 | +#define __NO_VERSION__ | |
7899 | +#include <linux/module.h> | |
7900 | +#include <linux/config.h> /* for CONFIG_IP_FORWARD */ | |
7901 | +#include <linux/version.h> | |
7902 | + | |
7903 | +#include <linux/kernel.h> /* printk() */ | |
7904 | +#include <linux/malloc.h> /* kmalloc() */ | |
7905 | +#include <linux/errno.h> /* error codes */ | |
7906 | +#include <linux/types.h> /* size_t */ | |
7907 | +#include <linux/interrupt.h> /* mark_bh */ | |
7908 | + | |
7909 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
7910 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
7911 | +#include <linux/ip.h> /* struct iphdr */ | |
7912 | +#include <linux/tcp.h> /* struct tcphdr */ | |
7913 | +#include <linux/udp.h> /* struct udphdr */ | |
7914 | +#include <linux/skbuff.h> | |
7915 | +#include <freeswan.h> | |
7916 | +#ifdef SPINLOCK | |
7917 | + #ifdef SPINLOCK_23 | |
7918 | + #include <linux/spinlock.h> /* *lock* */ | |
7919 | + #else /* SPINLOCK_23 */ | |
7920 | + #include <asm/spinlock.h> /* *lock* */ | |
7921 | + #endif /* SPINLOCK_23 */ | |
7922 | +#endif /* SPINLOCK */ | |
7923 | +#ifdef NET_21 | |
7924 | + #define MSS_HACK_ /* experimental */ | |
7925 | + #include <asm/uaccess.h> | |
7926 | + #include <linux/in6.h> | |
7927 | + #define ip_chk_addr inet_addr_type | |
7928 | + #define IS_MYADDR RTN_LOCAL | |
7929 | + #include <net/dst.h> | |
7930 | + #undef dev_kfree_skb | |
7931 | + #define dev_kfree_skb(a,b) kfree_skb(a) | |
7932 | + #define proto_priv cb | |
7933 | + #define PHYSDEV_TYPE | |
7934 | + #define DEV_QUEUE_XMIT(skb, device, pri) {\ | |
7935 | + skb->dev = device; \ | |
7936 | + neigh_compat_output(skb); \ | |
7937 | + /* skb->dst->output(skb); */ \ | |
7938 | + } | |
7939 | + #define ICMP_SEND(skb_in, type, code, info, dev) \ | |
7940 | + icmp_send(skb_in, type, code, htonl(info)) | |
7941 | + #define IP_SEND(skb, dev) \ | |
7942 | + ip_send(skb); | |
7943 | +#else /* NET_21 */ | |
7944 | + #define DEV_QUEUE_XMIT(skb, device, pri) {\ | |
7945 | + dev_queue_xmit(skb, device, pri); \ | |
7946 | + } | |
7947 | + #define ICMP_SEND(skb_in, type, code, info, dev) \ | |
7948 | + icmp_send(skb_in, type, code, info, dev) | |
7949 | + #define IP_SEND(skb, dev) \ | |
7950 | + if(ntohs(iph->tot_len) > physmtu) { \ | |
7951 | + ip_fragment(NULL, skb, dev, 0); \ | |
7952 | + dev_kfree_skb(skb, FREE_WRITE); \ | |
7953 | + } else { \ | |
7954 | + dev_queue_xmit(skb, dev, SOPRI_NORMAL); \ | |
7955 | + } | |
7956 | +#endif /* NET_21 */ | |
7957 | +#include <asm/checksum.h> | |
7958 | +#include <net/icmp.h> /* icmp_send() */ | |
7959 | +#include <net/ip.h> | |
7960 | +#ifdef NETDEV_23 | |
7961 | +#include <linux/netfilter_ipv4.h> | |
7962 | +#endif | |
7963 | + | |
7964 | +#include "radij.h" | |
7965 | +#include "ipsec_encap.h" | |
7966 | +#include "ipsec_radij.h" | |
7967 | +#include "ipsec_netlink.h" | |
7968 | +#include "ipsec_xform.h" | |
7969 | +#include "ipsec_tunnel.h" | |
7970 | +#include "ipsec_ipe4.h" | |
7971 | +#include "ipsec_ah.h" | |
7972 | +#include "ipsec_esp.h" | |
7973 | + | |
7974 | +#ifdef CONFIG_IPSEC_IPCOMP | |
7975 | +#include "ipcomp.h" | |
7976 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
7977 | + | |
7978 | +#include <pfkeyv2.h> | |
7979 | +#include <pfkey.h> | |
7980 | + | |
7981 | +#include <net/ip.h> | |
7982 | +#include <linux/if_arp.h> | |
7983 | +#ifdef MSS_HACK | |
7984 | +#include <net/tcp.h> /* TCP options */ | |
7985 | +#endif /* MSS_HACK */ | |
7986 | +extern void des_ede3_cbc_encrypt(caddr_t, caddr_t, int, caddr_t, caddr_t, caddr_t, caddr_t, int); | |
7987 | +static __u32 zeroes[64]; | |
7988 | + | |
7989 | +#ifdef CONFIG_IPSEC_DEBUG | |
7990 | +int debug_tunnel = 0; | |
7991 | +int sysctl_ipsec_debug_verbose = 0; | |
7992 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
7993 | + | |
7994 | +int sysctl_ipsec_icmp = 0; | |
7995 | +int sysctl_ipsec_no_eroute_pass = 0; | |
7996 | +int sysctl_ipsec_opportunistic = 0; | |
7997 | +int sysctl_ipsec_tos = 0; | |
7998 | + | |
7999 | +#ifdef CONFIG_IPSEC_DEBUG_ | |
8000 | +DEBUG_NO_STATIC void | |
8001 | +dmp(char *s, caddr_t bb, int len) | |
8002 | +{ | |
8003 | + int i; | |
8004 | + unsigned char *b = bb; | |
8005 | + | |
8006 | + if (debug_tunnel) { | |
8007 | + printk(KERN_INFO "klips_debug:ipsec_tunnel_:at %s, len=%d:", s, len); | |
8008 | + for (i=0; i < len; i++) { | |
8009 | + if(!(i%16)){ | |
8010 | + printk("\nklips_debug: "); | |
8011 | + } | |
8012 | + printk(" %02x", *b++); | |
8013 | + } | |
8014 | + printk("\n"); | |
8015 | + } | |
8016 | +} | |
8017 | +#else /* CONFIG_IPSEC_DEBUG */ | |
8018 | +#define dmp(_x, _y, _z) | |
8019 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
8020 | + | |
8021 | +#ifndef SKB_COPY_EXPAND | |
8022 | +/* | |
8023 | + * This is mostly skbuff.c:skb_copy(). | |
8024 | + */ | |
8025 | +struct sk_buff * | |
8026 | +skb_copy_expand(struct sk_buff *skb, int headroom, int tailroom, int priority) | |
8027 | +{ | |
8028 | + struct sk_buff *n; | |
8029 | + unsigned long offset; | |
8030 | + | |
8031 | + /* | |
8032 | + * Do sanity checking | |
8033 | + */ | |
8034 | + if((headroom < 0) || (tailroom < 0) || ((headroom+tailroom) < 0)) { | |
8035 | + printk(KERN_WARNING "klips_error:skb_copy_expand: " | |
8036 | + "Illegal negative head,tailroom %d,%d\n", | |
8037 | + headroom, tailroom); | |
8038 | + return NULL; | |
8039 | + } | |
8040 | + /* | |
8041 | + * Allocate the copy buffer | |
8042 | + */ | |
8043 | + | |
8044 | +#ifndef NET_21 | |
8045 | + IS_SKB(skb); | |
8046 | +#endif /* !NET_21 */ | |
8047 | + | |
8048 | + | |
8049 | + n=alloc_skb(skb->end - skb->head + headroom + tailroom, priority); | |
8050 | + | |
8051 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8052 | + "klips_debug:skb_copy_expand: " | |
8053 | + "head=%p data=%p tail=%p end=%p end-head=%d tail-data=%d\n", | |
8054 | + skb->head, | |
8055 | + skb->data, | |
8056 | + skb->tail, | |
8057 | + skb->end, | |
8058 | + skb->end - skb->head, | |
8059 | + skb->tail - skb->data); | |
8060 | + | |
8061 | + if(n==NULL) | |
8062 | + return NULL; | |
8063 | + | |
8064 | + /* | |
8065 | + * Shift between the two data areas in bytes | |
8066 | + */ | |
8067 | + | |
8068 | + /* offset=n->head-skb->head; */ /* moved down a few lines */ | |
8069 | + | |
8070 | + /* Set the data pointer */ | |
8071 | + skb_reserve(n,skb->data-skb->head+headroom); | |
8072 | + /* Set the tail pointer and length */ | |
8073 | + if(skb_tailroom(n) < skb->len) { | |
8074 | + printk(KERN_WARNING "klips_error:skb_copy_expand: " | |
8075 | + "tried to skb_put %ld, %d available. " | |
8076 | + "This should never happen, please report.\n", | |
8077 | + (unsigned long int)skb->len, skb_tailroom(n)); | |
8078 | + dev_kfree_skb(n, FREE_WRITE); | |
8079 | + return NULL; | |
8080 | + } | |
8081 | + skb_put(n,skb->len); | |
8082 | + | |
8083 | + offset=n->head + headroom - skb->head; | |
8084 | + | |
8085 | + /* Copy the bytes */ | |
8086 | + memcpy(n->head + headroom, skb->head,skb->end-skb->head); | |
8087 | +#ifdef NET_21 | |
8088 | + n->csum=skb->csum; | |
8089 | + n->priority=skb->priority; | |
8090 | + n->dst=dst_clone(skb->dst); | |
8091 | + if(skb->nh.raw) | |
8092 | + n->nh.raw=skb->nh.raw+offset; | |
8093 | + n->is_clone=0; | |
8094 | + atomic_set(&n->users, 1); | |
8095 | + n->destructor = NULL; | |
8096 | + n->security=skb->security; | |
8097 | +#else /* NET_21 */ | |
8098 | + n->link3=NULL; | |
8099 | + n->when=skb->when; | |
8100 | + if(skb->ip_hdr) | |
8101 | + n->ip_hdr=(struct iphdr *)(((char *)skb->ip_hdr)+offset); | |
8102 | + n->saddr=skb->saddr; | |
8103 | + n->daddr=skb->daddr; | |
8104 | + n->raddr=skb->raddr; | |
8105 | + n->seq=skb->seq; | |
8106 | + n->end_seq=skb->end_seq; | |
8107 | + n->ack_seq=skb->ack_seq; | |
8108 | + n->acked=skb->acked; | |
8109 | + n->free=1; | |
8110 | + n->arp=skb->arp; | |
8111 | + n->tries=0; | |
8112 | + n->lock=0; | |
8113 | + n->users=0; | |
8114 | +#endif /* NET_21 */ | |
8115 | + n->protocol=skb->protocol; | |
8116 | + n->list=NULL; | |
8117 | + n->sk=NULL; | |
8118 | + n->dev=skb->dev; | |
8119 | + if(skb->h.raw) | |
8120 | + n->h.raw=skb->h.raw+offset; | |
8121 | + if(skb->mac.raw) | |
8122 | + n->mac.raw=skb->mac.raw+offset; | |
8123 | + memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv)); | |
8124 | + n->used=skb->used; | |
8125 | + n->pkt_type=skb->pkt_type; | |
8126 | + n->stamp=skb->stamp; | |
8127 | + | |
8128 | +#ifndef NET_21 | |
8129 | + IS_SKB(n); | |
8130 | +#endif /* !NET_21 */ | |
8131 | + return n; | |
8132 | +} | |
8133 | +#endif /* !SKB_COPY_EXPAND */ | |
8134 | + | |
8135 | +#ifdef CONFIG_IPSEC_DEBUG | |
8136 | +void | |
8137 | +ipsec_print_ip(struct iphdr *ip) | |
8138 | +{ | |
8139 | + char buf[ADDRTOA_BUF]; | |
8140 | + | |
8141 | + printk(KERN_INFO "klips_debug: IP:"); | |
8142 | + printk(" ihl:%d", ip->ihl*4); | |
8143 | + printk(" ver:%d", ip->version); | |
8144 | + printk(" tos:%d", ip->tos); | |
8145 | + printk(" tlen:%d", ntohs(ip->tot_len)); | |
8146 | + printk(" id:%d", ip->id); | |
8147 | + printk(" frag_off:%d", ip->frag_off); | |
8148 | + printk(" ttl:%d", ip->ttl); | |
8149 | + printk(" proto:%d", ip->protocol); | |
8150 | + printk(" chk:%d", ip->check); | |
8151 | + addrtoa(*((struct in_addr*)(&ip->saddr)), 0, buf, sizeof(buf)); | |
8152 | + printk(" saddr:%s", buf); | |
8153 | + addrtoa(*((struct in_addr*)(&ip->daddr)), 0, buf, sizeof(buf)); | |
8154 | + printk(" daddr:%s", buf); | |
8155 | + printk("\n"); | |
8156 | + | |
8157 | + if(sysctl_ipsec_debug_verbose) { | |
8158 | + __u8 *c; | |
8159 | + int i; | |
8160 | + | |
8161 | + c = ((__u8*)ip) + ip->ihl*4; | |
8162 | + for(i = 0; i < ntohs(ip->tot_len) - ip->ihl*4; i++ /*, c++*/) { | |
8163 | + if(!(i % 16)) { | |
8164 | + printk(KERN_INFO "klips_debug: @%03x:", | |
8165 | + i); | |
8166 | + } | |
8167 | + printk(" %02x", /***/c[i]); | |
8168 | + if(!((i + 1) % 16)) { | |
8169 | + printk("\n"); | |
8170 | + } | |
8171 | + } | |
8172 | + if(i % 16) { | |
8173 | + printk("\n"); | |
8174 | + } | |
8175 | + } | |
8176 | +} | |
8177 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
8178 | + | |
8179 | +#ifdef REAL_LOCKING_P | |
8180 | +/* | |
8181 | + * Locking | |
8182 | + */ | |
8183 | + | |
8184 | +DEBUG_NO_STATIC int | |
8185 | +ipsec_tunnel_lock(struct ipsecpriv *prv) | |
8186 | +{ | |
8187 | + unsigned long flags; | |
8188 | + save_flags(flags); | |
8189 | + cli(); | |
8190 | + /* | |
8191 | + * Lock in an interrupt may fail | |
8192 | + */ | |
8193 | + if(prv->locked && in_interrupt()) { | |
8194 | + restore_flags(flags); | |
8195 | + return 0; | |
8196 | + } | |
8197 | + while(prv->locked) | |
8198 | + sleep_on(&prv->wait_queue); | |
8199 | + prv->locked=1; | |
8200 | + restore_flags(flags); | |
8201 | + return 1; | |
8202 | +} | |
8203 | + | |
8204 | +DEBUG_NO_STATIC void | |
8205 | +ipsec_tunnel_unlock(struct ipsecpriv *prv) | |
8206 | +{ | |
8207 | + prv->locked=0; | |
8208 | + wake_up(&prv->wait_queue); | |
8209 | +} | |
8210 | +#endif /* REAL_LOCKING_P */ | |
8211 | + | |
8212 | +DEBUG_NO_STATIC int | |
8213 | +ipsec_tunnel_open(struct device *dev) | |
8214 | +{ | |
8215 | + struct ipsecpriv *prv = dev->priv; | |
8216 | + | |
8217 | + /* | |
8218 | + * Can't open until attached. | |
8219 | + */ | |
8220 | + | |
8221 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
8222 | + "klips_debug:ipsec_tunnel_open: " | |
8223 | + "dev = %s, prv->dev = %s\n", | |
8224 | + dev->name, prv->dev?prv->dev->name:"NONE"); | |
8225 | + | |
8226 | + if (prv->dev == NULL) | |
8227 | + return -ENODEV; | |
8228 | + | |
8229 | + MOD_INC_USE_COUNT; | |
8230 | + return 0; | |
8231 | +} | |
8232 | + | |
8233 | +DEBUG_NO_STATIC int | |
8234 | +ipsec_tunnel_close(struct device *dev) | |
8235 | +{ | |
8236 | + MOD_DEC_USE_COUNT; | |
8237 | + return 0; | |
8238 | +} | |
8239 | + | |
8240 | +#ifdef MSS_HACK | |
8241 | +/* | |
8242 | + * Issues: | |
8243 | + * 1) Fragments arriving in the tunnel should probably be rejected. | |
8244 | + * 2) How does this affect syncookies, mss_cache, dst cache ? | |
8245 | + * 3) Path MTU discovery handling needs to be reviewed. For example, | |
8246 | + * if we receive an ICMP 'packet too big' message from an intermediate | |
8247 | + * router specifying it's next hop MTU, our stack may process this and | |
8248 | + * adjust the MSS without taking our AH/ESP overheads into account. | |
8249 | + */ | |
8250 | + | |
8251 | + | |
8252 | +/* | |
8253 | + * Recaclulate checksum using differences between changed datum, | |
8254 | + * borrowed from netfilter. | |
8255 | + */ | |
8256 | +DEBUG_NO_STATIC u_int16_t | |
8257 | +ipsec_fast_csum(u_int32_t oldvalinv, u_int32_t newval, u_int16_t oldcheck) | |
8258 | +{ | |
8259 | + u_int32_t diffs[] = { oldvalinv, newval }; | |
8260 | + return csum_fold(csum_partial((char *)diffs, sizeof(diffs), | |
8261 | + oldcheck^0xFFFF)); | |
8262 | +} | |
8263 | + | |
8264 | +/* | |
8265 | + * Determine effective MSS. | |
8266 | + * | |
8267 | + * Note that we assume that there is always an MSS option for our own | |
8268 | + * SYN segments, which is mentioned in tcp_syn_build_options(), kernel 2.2.x. | |
8269 | + * This could change, and we should probably parse TCP options instead. | |
8270 | + * | |
8271 | + */ | |
8272 | +DEBUG_NO_STATIC u_int8_t | |
8273 | +ipsec_adjust_mss(struct sk_buff *skb, struct tcphdr *tcph, u_int16_t mtu) | |
8274 | +{ | |
8275 | + u_int16_t oldmss, newmss; | |
8276 | + u_int32_t *mssp; | |
8277 | + struct sock *sk = skb->sk; | |
8278 | + | |
8279 | + newmss = tcp_sync_mss(sk, mtu); | |
8280 | + printk(KERN_INFO "klips: setting mss to %u\n", newmss); | |
8281 | + mssp = (u_int32_t *)tcph + sizeof(struct tcphdr) / sizeof(u_int32_t); | |
8282 | + oldmss = ntohl(*mssp) & 0x0000FFFF; | |
8283 | + *mssp = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | newmss); | |
8284 | + tcph->check = ipsec_fast_csum(htons(~oldmss), | |
8285 | + htons(newmss), tcph->check); | |
8286 | + return 1; | |
8287 | +} | |
8288 | +#endif /* MSS_HACK */ | |
8289 | + | |
8290 | +#ifdef NETDEV_23 | |
8291 | +static inline int ipsec_tunnel_xmit2(struct sk_buff *skb) | |
8292 | +{ | |
8293 | + return ip_send(skb); | |
8294 | +} | |
8295 | +#endif | |
8296 | + | |
8297 | +/* | |
8298 | + * This function assumes it is being called from dev_queue_xmit() | |
8299 | + * and that skb is filled properly by that function. | |
8300 | + */ | |
8301 | + | |
8302 | +int | |
8303 | +ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev) | |
8304 | +{ | |
8305 | + struct ipsecpriv *prv; /* Our device' private space */ | |
8306 | + struct sk_buff *oskb = NULL; /* Original skb pointer */ | |
8307 | + struct net_device_stats *stats; /* This device's statistics */ | |
8308 | + struct iphdr *iph; /* Our new IP header */ | |
8309 | + __u32 newdst; /* The other SG's IP address */ | |
8310 | + __u32 orgdst; /* Original IP destination address */ | |
8311 | + __u32 orgedst; /* 1st SG's IP address */ | |
8312 | + __u32 newsrc; /* The new source SG's IP address */ | |
8313 | + __u32 orgsrc; /* Original IP source address */ | |
8314 | + __u32 innersrc; /* Innermost IP source address */ | |
8315 | + int iphlen; /* IP header length */ | |
8316 | + int pyldsz; /* upper protocol payload size */ | |
8317 | + int headroom; | |
8318 | + int tailroom; | |
8319 | + int max_headroom = 0; /* The extra header space needed */ | |
8320 | + int max_tailroom = 0; /* The extra stuffing needed */ | |
8321 | + int ll_headroom; /* The extra link layer hard_header space needed */ | |
8322 | + int tot_headroom = 0; /* The total header space needed */ | |
8323 | + int tot_tailroom = 0; /* The totalstuffing needed */ | |
8324 | + __u8 *saved_header = NULL; /* saved copy of the hard header */ | |
8325 | + int i; | |
8326 | + | |
8327 | + struct sockaddr_encap matcher; /* eroute search key */ | |
8328 | + struct eroute *er; | |
8329 | + struct tdb *tdbp, *tdbq; /* Tunnel Descriptor Block pointers */ | |
8330 | + char sa[SATOA_BUF]; | |
8331 | + size_t sa_len; | |
8332 | + int hard_header_stripped = 0; /* has the hard header been removed yet? */ | |
8333 | + int hard_header_len = 0; | |
8334 | + struct device *physdev; | |
8335 | +/* struct device *virtdev; */ | |
8336 | + short physmtu; | |
8337 | + short mtudiff; | |
8338 | +#ifdef NET_21 | |
8339 | + struct rtable *rt = NULL; | |
8340 | +#endif /* NET_21 */ | |
8341 | + struct sa_id outgoing_said; | |
8342 | + | |
8343 | + /* | |
8344 | + * Return if there is nothing to do. (Does this ever happen?) XXX | |
8345 | + */ | |
8346 | + if (skb == NULL) { | |
8347 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8348 | + "klips_error:ipsec_tunnel_start_xmit: " | |
8349 | + "Nothing to do!\n" ); | |
8350 | + goto cleanup; | |
8351 | + } | |
8352 | + if (dev == NULL) { | |
8353 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8354 | + "klips_error:ipsec_tunnel_start_xmit: " | |
8355 | + "No device associated with skb!\n" ); | |
8356 | + goto cleanup; | |
8357 | + } | |
8358 | + | |
8359 | + prv = dev->priv; | |
8360 | + if (prv == NULL) { | |
8361 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8362 | + "klips_error:ipsec_tunnel_start_xmit: " | |
8363 | + "Device has no private structure!\n" ); | |
8364 | + goto cleanup; | |
8365 | + } | |
8366 | + | |
8367 | + physdev = prv->dev; | |
8368 | + if (physdev == NULL) { | |
8369 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8370 | + "klips_error:ipsec_tunnel_start_xmit: " | |
8371 | + "Device is not attached to physical device!\n" ); | |
8372 | + goto cleanup; | |
8373 | + } | |
8374 | + | |
8375 | + physmtu = physdev->mtu; | |
8376 | + | |
8377 | + stats = (struct net_device_stats *) &(prv->mystats); | |
8378 | + | |
8379 | +#ifdef NET_21 | |
8380 | + /* if skb was cloned (most likely due to a packet sniffer such as | |
8381 | + tcpdump being momentarily attached to the interface), make | |
8382 | + a copy of our own to modify */ | |
8383 | + if(skb_cloned(skb)) { | |
8384 | + if ((skb = skb_cow(skb, skb_headroom(skb))) == NULL) { | |
8385 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8386 | + "klips_error:ipsec_tunnel_start_xmit: " | |
8387 | + "skb_cow failed to allocate buffer, dropping.\n" ); | |
8388 | + goto cleanup; | |
8389 | + } | |
8390 | + } | |
8391 | +#endif /* NET_21 */ | |
8392 | + | |
8393 | +#ifdef NET_21 | |
8394 | + iph = skb->nh.iph; | |
8395 | +#else /* NET_21 */ | |
8396 | + iph = skb->ip_hdr; | |
8397 | +#endif /* NET_21 */ | |
8398 | + | |
8399 | + /* physdev->hard_header_len is unreliable and should not be used */ | |
8400 | + hard_header_len = (unsigned char *)iph - skb->data; | |
8401 | + | |
8402 | + if(hard_header_len < 0) { | |
8403 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8404 | + "klips_error:ipsec_tunnel_start_xmit: " | |
8405 | + "Negative hard_header_len (%d)?!\n", hard_header_len); | |
8406 | + stats->tx_dropped++; | |
8407 | + goto cleanup; | |
8408 | + } | |
8409 | + | |
8410 | + if(hard_header_len == 0) { /* no hard header present */ | |
8411 | + hard_header_stripped = 1; | |
8412 | + } | |
8413 | + | |
8414 | +#ifdef CONFIG_IPSEC_DEBUG | |
8415 | + if (debug_tunnel & DB_TN_XMIT) { | |
8416 | + int i; | |
8417 | + char c; | |
8418 | + | |
8419 | + printk(KERN_INFO "klips_debug:ipsec_tunnel_start_xmit: " | |
8420 | + ">>> skb->len=%ld hard_header_len:%d", | |
8421 | + (unsigned long int)skb->len, hard_header_len); | |
8422 | + c = ' '; | |
8423 | + for (i=0; i < hard_header_len; i++) { | |
8424 | + printk("%c%02x", c, skb->data[i]); | |
8425 | + c = ':'; | |
8426 | + } | |
8427 | + printk(" \n"); | |
8428 | + } | |
8429 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
8430 | + | |
8431 | + KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, iph); | |
8432 | + | |
8433 | + /* | |
8434 | + * Sanity checks | |
8435 | + */ | |
8436 | + | |
8437 | + if ((iph->ihl << 2) != sizeof (struct iphdr)) { | |
8438 | + KLIPS_PRINT(debug_tunnel, | |
8439 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8440 | + "cannot process IP header options yet. " | |
8441 | + "May be mal-formed packet.\n"); /* XXX */ | |
8442 | + stats->tx_dropped++; | |
8443 | + goto cleanup; | |
8444 | + } | |
8445 | + | |
8446 | +#ifndef NET_21 | |
8447 | + /* TTL decrement code (on the way out!) borrowed from ip_forward.c */ | |
8448 | + if(0) { | |
8449 | + unsigned long checksum = iph->check; | |
8450 | + iph->ttl--; | |
8451 | + /* | |
8452 | + * Re-compute the IP header checksum. | |
8453 | + * This is efficient. We know what has happened to the header | |
8454 | + * and can thus adjust the checksum as Phil Karn does in KA9Q | |
8455 | + * except we do this in "network byte order". | |
8456 | + */ | |
8457 | + checksum += htons(0x0100); | |
8458 | + /* carry overflow? */ | |
8459 | + checksum += checksum >> 16; | |
8460 | + iph->check = checksum; | |
8461 | + } | |
8462 | + if (iph->ttl <= 0) { | |
8463 | + /* Tell the sender its packet died... */ | |
8464 | + ICMP_SEND(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0, physdev); | |
8465 | + | |
8466 | + KLIPS_PRINT(debug_tunnel, "klips_debug:ipsec_tunnel_start_xmit: " | |
8467 | + "TTL=0, too many hops!\n"); | |
8468 | + stats->tx_dropped++; | |
8469 | + goto cleanup; | |
8470 | + } | |
8471 | +#endif /* !NET_21 */ | |
8472 | + | |
8473 | + /* | |
8474 | + * First things first -- look us up in the erouting tables. | |
8475 | + */ | |
8476 | + matcher.sen_len = sizeof (struct sockaddr_encap); | |
8477 | + matcher.sen_family = AF_ENCAP; | |
8478 | + matcher.sen_type = SENT_IP4; | |
8479 | + matcher.sen_ip_src.s_addr = iph->saddr; | |
8480 | + matcher.sen_ip_dst.s_addr = iph->daddr; | |
8481 | + | |
8482 | + /* | |
8483 | + * The spinlock is to prevent any other process from accessing or deleting | |
8484 | + * the eroute while we are using and updating it. | |
8485 | + */ | |
8486 | + spin_lock(&eroute_lock); | |
8487 | + | |
8488 | + er = ipsec_findroute(&matcher); | |
8489 | + if(er) { | |
8490 | + outgoing_said = er->er_said; | |
8491 | + } | |
8492 | + | |
8493 | + spin_unlock(&eroute_lock); | |
8494 | + | |
8495 | + /* | |
8496 | + * Quick cheat for now...are we udp/500? If so, let it through | |
8497 | + * without interference since it is most likely an IKE packet. | |
8498 | + */ | |
8499 | + if((ip_chk_addr((unsigned long)iph->saddr) == IS_MYADDR) | |
8500 | + && ((!er) || (iph->daddr == outgoing_said.dst.s_addr))) { | |
8501 | + if(iph->protocol == IPPROTO_UDP) { | |
8502 | + struct udphdr *udph = (struct udphdr*)((caddr_t)iph + (iph->ihl << 2)); | |
8503 | + if(ntohs(udph->dest) == 500) { | |
8504 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8505 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8506 | + "udp/500 IKE packet, sending unprocessed, " | |
8507 | + "calling dev_queue_xmit\n"); | |
8508 | +#if 1 | |
8509 | + goto bypass; | |
8510 | +#else | |
8511 | + DEV_QUEUE_XMIT(skb, physdev, SOPRI_NORMAL); | |
8512 | + /* IP_SEND(skb, physdev); */ | |
8513 | + skb = NULL; | |
8514 | + goto cleanup; | |
8515 | +#endif | |
8516 | + } | |
8517 | + } | |
8518 | + } | |
8519 | + | |
8520 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8521 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8522 | + "Original head,tailroom: %d,%d\n", | |
8523 | + skb_headroom(skb), skb_tailroom(skb)); | |
8524 | + | |
8525 | + innersrc = iph->saddr; | |
8526 | + /* start encapsulation loop here XXX */ | |
8527 | + do { | |
8528 | + newdst = orgdst = iph->daddr; | |
8529 | + newsrc = orgsrc = iph->saddr; | |
8530 | + orgedst = outgoing_said.dst.s_addr; | |
8531 | + iphlen = iph->ihl << 2; | |
8532 | + pyldsz = ntohs(iph->tot_len) - iphlen; | |
8533 | + max_headroom = max_tailroom = 0; | |
8534 | + | |
8535 | + if (er == NULL) { | |
8536 | + if(sysctl_ipsec_no_eroute_pass) { | |
8537 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8538 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8539 | + "no eroute!: calling dev_queue_xmit\n"); | |
8540 | +#if 1 | |
8541 | + goto bypass; | |
8542 | +#else | |
8543 | + DEV_QUEUE_XMIT(skb, physdev, SOPRI_NORMAL); | |
8544 | + /* IP_SEND(skb, physdev); */ | |
8545 | + skb = NULL; | |
8546 | +#endif | |
8547 | + } else { | |
8548 | + if(sysctl_ipsec_opportunistic && !er) { | |
8549 | + struct tdb tdb; | |
8550 | + struct sockaddr_in src, dst; | |
8551 | +#ifdef CONFIG_IPSEC_DEBUG | |
8552 | + char buf[ADDRTOA_BUF]; | |
8553 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
8554 | + | |
8555 | + tdb.tdb_said.proto = iph->protocol; | |
8556 | + src.sin_family = AF_INET; | |
8557 | + dst.sin_family = AF_INET; | |
8558 | + src.sin_addr.s_addr = iph->saddr; | |
8559 | + dst.sin_addr.s_addr = iph->daddr; | |
8560 | + src.sin_port = | |
8561 | + (iph->protocol == IPPROTO_UDP | |
8562 | + ? ((struct udphdr*) (((caddr_t)iph) + (iph->ihl << 2)))->source | |
8563 | + : (iph->protocol == IPPROTO_TCP | |
8564 | + ? ((struct tcphdr*)((caddr_t)iph + (iph->ihl << 2)))->source | |
8565 | + : 0)); | |
8566 | + dst.sin_port = | |
8567 | + (iph->protocol == IPPROTO_UDP | |
8568 | + ? ((struct udphdr*) (((caddr_t)iph) + (iph->ihl << 2)))->dest | |
8569 | + : (iph->protocol == IPPROTO_TCP | |
8570 | + ? ((struct tcphdr*)((caddr_t)iph + (iph->ihl << 2)))->dest | |
8571 | + : 0)); | |
8572 | + for(i = 0; | |
8573 | + i < sizeof(struct sockaddr_in) | |
8574 | + - offsetof(struct sockaddr_in, sin_zero); | |
8575 | + i++) { | |
8576 | + src.sin_zero[i] = 0; | |
8577 | + dst.sin_zero[i] = 0; | |
8578 | + } | |
8579 | + | |
8580 | + tdb.tdb_addr_s = (struct sockaddr*)(&src); | |
8581 | + tdb.tdb_addr_d = (struct sockaddr*)(&dst); | |
8582 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8583 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8584 | + "SADB_ACQUIRE sent with src=%s:%d, dst=%s:%d, proto=%d.\n", | |
8585 | + addrtoa(((struct sockaddr_in*)(tdb.tdb_addr_s))->sin_addr, 0, buf, sizeof(buf)) <= ADDRTOA_BUF ? buf : "BAD_ADDR", | |
8586 | + ((struct sockaddr_in*)(tdb.tdb_addr_s))->sin_port, | |
8587 | + addrtoa(((struct sockaddr_in*)(tdb.tdb_addr_d))->sin_addr, 0, buf, sizeof(buf)) <= ADDRTOA_BUF ? buf : "BAD_ADDR", | |
8588 | + ((struct sockaddr_in*)(tdb.tdb_addr_d))->sin_port, | |
8589 | + tdb.tdb_said.proto); | |
8590 | + pfkey_acquire(&tdb); | |
8591 | + } else { | |
8592 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8593 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8594 | + "no eroute!: dropping.\n"); | |
8595 | + stats->tx_dropped++; | |
8596 | + } | |
8597 | + } | |
8598 | + goto cleanup; | |
8599 | + } | |
8600 | + | |
8601 | + /* | |
8602 | + If the packet matches an eroute with an SA.proto of IP | |
8603 | + tunnelling and | |
8604 | + an SA.spi of '0', then forward the packet unprotected. | |
8605 | + XXX -- This should eventually go into an SPD. | |
8606 | + */ | |
8607 | + if((outgoing_said.proto == IPPROTO_IPIP) && (outgoing_said.spi == 0)) { | |
8608 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8609 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8610 | + "passthrough eroute, packet sent.\n"); | |
8611 | +#if 1 | |
8612 | + goto bypass; | |
8613 | +#else | |
8614 | + DEV_QUEUE_XMIT(skb, physdev, SOPRI_NORMAL); | |
8615 | + /* IP_SEND(skb, physdev); */ | |
8616 | + skb = NULL; | |
8617 | + goto cleanup; | |
8618 | +#endif | |
8619 | + } | |
8620 | + | |
8621 | + /* | |
8622 | + * The spinlock is to prevent any other process from accessing or deleting | |
8623 | + * the tdb while we are using and updating it. | |
8624 | + */ | |
8625 | + spin_lock(&tdb_lock); | |
8626 | + | |
8627 | + tdbp = gettdb(&outgoing_said); | |
8628 | + sa_len = satoa(outgoing_said, 0, sa, SATOA_BUF); | |
8629 | + | |
8630 | + if (tdbp == NULL) { | |
8631 | + spin_unlock(&tdb_lock); | |
8632 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8633 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8634 | + "no Tunnel Descriptor Block for SA%s: " | |
8635 | + "outgoing packet with no SA, dropped.\n", sa); | |
8636 | + stats->tx_dropped++; | |
8637 | + goto cleanup; | |
8638 | + } | |
8639 | + | |
8640 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8641 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8642 | + "found Tunnel Descriptor Block -- SA:<%s%s%s> %s\n", | |
8643 | + TDB_XFORM_NAME(tdbp), sa); | |
8644 | + | |
8645 | + /* | |
8646 | + * How much headroom do we need to be able to apply | |
8647 | + * all the grouped transforms? | |
8648 | + */ | |
8649 | + tdbq = tdbp; /* save the head of the tdb chain */ | |
8650 | + while (tdbp) { | |
8651 | + sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
8652 | + | |
8653 | + /* If it is in larval state, drop the packet, we cannot process yet. */ | |
8654 | + if(tdbp->tdb_state == SADB_SASTATE_LARVAL) { | |
8655 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8656 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8657 | + "TDB in larval state for SA:<%s%s%s> %s, " | |
8658 | + "cannot be used yet, dropping packet.\n", | |
8659 | + TDB_XFORM_NAME(tdbp), sa); | |
8660 | + spin_unlock(&tdb_lock); | |
8661 | + stats->tx_errors++; | |
8662 | + goto cleanup; | |
8663 | + } | |
8664 | + | |
8665 | + if(tdbp->tdb_state == SADB_SASTATE_DEAD) { | |
8666 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8667 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8668 | + "TDB in dead state for SA:<%s%s%s> %s, " | |
8669 | + "can no longer be used, dropping packet.\n", | |
8670 | + TDB_XFORM_NAME(tdbp), sa); | |
8671 | + spin_unlock(&tdb_lock); | |
8672 | + stats->tx_errors++; | |
8673 | + goto cleanup; | |
8674 | + } | |
8675 | + | |
8676 | + /* If the replay window counter == -1, expire SA, it will roll */ | |
8677 | + if(tdbp->tdb_replaywin && tdbp->tdb_replaywin_lastseq == -1) { | |
8678 | + pfkey_expire(tdbp, 1); | |
8679 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8680 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8681 | + "replay window counter rolled for SA:<%s%s%s> %s, " | |
8682 | + "packet dropped, expiring SA.\n", | |
8683 | + TDB_XFORM_NAME(tdbp), sa); | |
8684 | + deltdbchain(tdbp); | |
8685 | + spin_unlock(&tdb_lock); | |
8686 | + stats->tx_errors++; | |
8687 | + goto cleanup; | |
8688 | + } | |
8689 | + | |
8690 | + /* If any of the lifetime counters have overflowed, expire the SA(s). */ | |
8691 | + if(tdbp->tdb_lifetime_bytes_h && | |
8692 | + (tdbp->tdb_lifetime_bytes_c > tdbp->tdb_lifetime_bytes_h)) { | |
8693 | + pfkey_expire(tdbp, 1); | |
8694 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8695 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8696 | + "hard bytes lifetime of SA:<%s%s%s> %s has been reached, " | |
8697 | + "SA expired, outgoing packet dropped.\n", | |
8698 | + TDB_XFORM_NAME(tdbp), sa); | |
8699 | + deltdbchain(tdbp); | |
8700 | + spin_unlock(&tdb_lock); | |
8701 | + stats->tx_errors++; | |
8702 | + goto cleanup; | |
8703 | + } | |
8704 | + if(tdbp->tdb_lifetime_bytes_s && | |
8705 | + (tdbp->tdb_lifetime_bytes_c > tdbp->tdb_lifetime_bytes_s)) { | |
8706 | + pfkey_expire(tdbp, 0); | |
8707 | + tdbp->tdb_state = SADB_SASTATE_DYING; | |
8708 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8709 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8710 | + "soft bytes lifetime of SA:<%s%s%s> %s has been reached, " | |
8711 | + "SA expiring, soft expire message sent up, " | |
8712 | + "outgoing packet still processed.\n", | |
8713 | + TDB_XFORM_NAME(tdbp), sa); | |
8714 | + } | |
8715 | + | |
8716 | + if(tdbp->tdb_lifetime_addtime_h && | |
8717 | + ((jiffies / HZ) - tdbp->tdb_lifetime_addtime_c > | |
8718 | + tdbp->tdb_lifetime_addtime_h)) { | |
8719 | + pfkey_expire(tdbp, 1); | |
8720 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8721 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8722 | + "hard addtime lifetime of SA:<%s%s%s> %s has been reached, " | |
8723 | + "SA expired, outgoing packet dropped.\n", | |
8724 | + TDB_XFORM_NAME(tdbp), sa); | |
8725 | + deltdbchain(tdbp); | |
8726 | + spin_unlock(&tdb_lock); | |
8727 | + stats->tx_errors++; | |
8728 | + goto cleanup; | |
8729 | + } | |
8730 | + if(tdbp->tdb_lifetime_addtime_s && | |
8731 | + ((jiffies / HZ) - tdbp->tdb_lifetime_addtime_c > | |
8732 | + tdbp->tdb_lifetime_addtime_s)) { | |
8733 | + pfkey_expire(tdbp, 0); | |
8734 | + tdbp->tdb_state = SADB_SASTATE_DYING; | |
8735 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8736 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8737 | + "soft addtime lifetime of SA:<%s%s%s> %s has been reached, " | |
8738 | + "SA expiring, soft expire message sent up, " | |
8739 | + "outgoing packet still processed.\n", | |
8740 | + TDB_XFORM_NAME(tdbp), sa); | |
8741 | + } | |
8742 | + | |
8743 | + if(tdbp->tdb_lifetime_usetime_c) { | |
8744 | + if(tdbp->tdb_lifetime_usetime_h && | |
8745 | + ((jiffies / HZ) - tdbp->tdb_lifetime_usetime_c > | |
8746 | + tdbp->tdb_lifetime_usetime_h)) { | |
8747 | + pfkey_expire(tdbp, 1); | |
8748 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8749 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8750 | + "hard usetime lifetime of SA:<%s%s%s> %s has been reached, " | |
8751 | + "SA expired, outgoing packet dropped.\n", | |
8752 | + TDB_XFORM_NAME(tdbp), sa); | |
8753 | + deltdbchain(tdbp); | |
8754 | + spin_unlock(&tdb_lock); | |
8755 | + stats->tx_errors++; | |
8756 | + goto cleanup; | |
8757 | + } | |
8758 | + if(tdbp->tdb_lifetime_usetime_s && | |
8759 | + ((jiffies / HZ) - tdbp->tdb_lifetime_usetime_c > | |
8760 | + tdbp->tdb_lifetime_usetime_s)) { | |
8761 | + pfkey_expire(tdbp, 0); | |
8762 | + tdbp->tdb_state = SADB_SASTATE_DYING; | |
8763 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8764 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8765 | + "soft usetime lifetime of SA:<%s%s%s> %s has been reached, " | |
8766 | + "SA expiring, soft expire message sent up, " | |
8767 | + "outgoing packet still processed.\n", | |
8768 | + TDB_XFORM_NAME(tdbp), sa); | |
8769 | + } | |
8770 | + } | |
8771 | + | |
8772 | + if(tdbp->tdb_lifetime_packets_h && | |
8773 | + (tdbp->tdb_lifetime_packets_c > tdbp->tdb_lifetime_packets_h)) { | |
8774 | + pfkey_expire(tdbp, 1); | |
8775 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8776 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8777 | + "hard packets lifetime of SA:<%s%s%s> %s has been reached, " | |
8778 | + "SA expired, outgoing packet dropped.\n", | |
8779 | + TDB_XFORM_NAME(tdbp), sa); | |
8780 | + deltdbchain(tdbp); | |
8781 | + spin_unlock(&tdb_lock); | |
8782 | + stats->tx_errors++; | |
8783 | + goto cleanup; | |
8784 | + } | |
8785 | + if(tdbp->tdb_lifetime_packets_s && | |
8786 | + (tdbp->tdb_lifetime_packets_c > tdbp->tdb_lifetime_packets_s)) { | |
8787 | + pfkey_expire(tdbp, 0); | |
8788 | + tdbp->tdb_state = SADB_SASTATE_DYING; | |
8789 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
8790 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8791 | + "soft packets lifetime of SA:<%s%s%s> %s has been reached, " | |
8792 | + "SA expiring, soft expire message sent up, " | |
8793 | + "outgoing packet still processed.\n", | |
8794 | + TDB_XFORM_NAME(tdbp), sa); | |
8795 | + } | |
8796 | + | |
8797 | + headroom = tailroom = 0; | |
8798 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8799 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8800 | + "calling room for <%s%s%s>, SA:%s\n", | |
8801 | + TDB_XFORM_NAME(tdbp), sa); | |
8802 | + switch(tdbp->tdb_said.proto) { | |
8803 | +#ifdef CONFIG_IPSEC_AH | |
8804 | + case IPPROTO_AH: | |
8805 | + headroom += sizeof(struct ah); | |
8806 | + break; | |
8807 | +#endif /* CONFIG_IPSEC_AH */ | |
8808 | +#ifdef CONFIG_IPSEC_ESP | |
8809 | + case IPPROTO_ESP: | |
8810 | + switch(tdbp->tdb_encalg) { | |
8811 | +#ifdef CONFIG_IPSEC_ENC_3DES | |
8812 | + case ESP_3DES: | |
8813 | + headroom += sizeof(struct esp); | |
8814 | + break; | |
8815 | +#endif /* CONFIG_IPSEC_ENC_3DES */ | |
8816 | +#ifdef CONFIG_IPSEC_ENC_NULL | |
8817 | + case ESP_NULL: | |
8818 | + headroom += offsetof(struct esp, esp_iv); | |
8819 | + break; | |
8820 | +#endif /* CONFIG_IPSEC_ENC_NULL */ | |
8821 | + default: | |
8822 | + spin_unlock(&tdb_lock); | |
8823 | + stats->tx_errors++; | |
8824 | + goto cleanup; | |
8825 | + } | |
8826 | + switch(tdbp->tdb_authalg) { | |
8827 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
8828 | + case AH_MD5: | |
8829 | + tailroom += AHHMAC_HASHLEN; | |
8830 | + break; | |
8831 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
8832 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
8833 | + case AH_SHA: | |
8834 | + tailroom += AHHMAC_HASHLEN; | |
8835 | + break; | |
8836 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
8837 | + case AH_NONE: | |
8838 | + break; | |
8839 | + default: | |
8840 | + spin_unlock(&tdb_lock); | |
8841 | + stats->tx_errors++; | |
8842 | + goto cleanup; | |
8843 | + } | |
8844 | + tailroom += ((8 - ((pyldsz + 2 * sizeof(unsigned char)) % 8)) % 8) + 2; | |
8845 | + break; | |
8846 | +#endif /* !CONFIG_IPSEC_ESP */ | |
8847 | +#ifdef CONFIG_IPSEC_IPIP | |
8848 | + case IPPROTO_IPIP: | |
8849 | + headroom += sizeof(struct iphdr); | |
8850 | + break; | |
8851 | +#endif /* !CONFIG_IPSEC_IPIP */ | |
8852 | + case IPPROTO_COMP: | |
8853 | +#ifdef CONFIG_IPSEC_IPCOMP | |
8854 | + /* | |
8855 | + We can't predict how much the packet will | |
8856 | + shrink without doing the actual compression. | |
8857 | + We could do it here, if we were the first | |
8858 | + encapsulation in the chain. That might save | |
8859 | + us a skb_copy_expand, since we might fit | |
8860 | + into the existing skb then. However, this | |
8861 | + would be a bit unclean (and this hack has | |
8862 | + bit us once), so we better not do it. After | |
8863 | + all, the skb_copy_expand is cheap in | |
8864 | + comparison to the actual compression. | |
8865 | + At least we know the packet will not grow. | |
8866 | + */ | |
8867 | + break; | |
8868 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
8869 | + default: | |
8870 | + spin_unlock(&tdb_lock); | |
8871 | + stats->tx_errors++; | |
8872 | + goto cleanup; | |
8873 | + } | |
8874 | + tdbp = tdbp->tdb_onext; | |
8875 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8876 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8877 | + "Required head,tailroom: %d,%d\n", | |
8878 | + headroom, tailroom); | |
8879 | + max_headroom += headroom; | |
8880 | + max_tailroom += tailroom; | |
8881 | + pyldsz += (headroom + tailroom); | |
8882 | + } | |
8883 | + tdbp = tdbq; /* restore the head of the tdb chain */ | |
8884 | + | |
8885 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8886 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8887 | + "existing head,tailroom: %d,%d " | |
8888 | + "before applying xforms with head,tailroom: %d,%d .\n", | |
8889 | + skb_headroom(skb), skb_tailroom(skb), | |
8890 | + max_headroom, max_tailroom); | |
8891 | + | |
8892 | + tot_headroom += max_headroom; | |
8893 | + tot_tailroom += max_tailroom; | |
8894 | + | |
8895 | + mtudiff = prv->mtu + tot_headroom + tot_tailroom - physmtu; | |
8896 | + | |
8897 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8898 | + "klips_debug:ipsec_tunnel_start_xmit: mtu:%d physmtu:%d " | |
8899 | + "tothr:%d tottr:%d mtudiff:%d ippkttotlen:%d\n", | |
8900 | + prv->mtu, physmtu, | |
8901 | + tot_headroom, tot_tailroom, mtudiff, ntohs(iph->tot_len)); | |
8902 | + if(mtudiff > 0) { | |
8903 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8904 | + "klips_info:ipsec_tunnel_start_xmit: " | |
8905 | + "dev %s mtu of %d decreased by %d\n", | |
8906 | + dev->name, | |
8907 | + prv->mtu, | |
8908 | + prv->mtu - (physmtu - tot_headroom - tot_tailroom)); | |
8909 | + prv->mtu = physmtu - (tot_headroom + tot_tailroom + 7); /* add some slop? */ | |
8910 | +#ifdef NET_21 | |
8911 | +#if 0 | |
8912 | + skb->dst->pmtu = prv->mtu; /* RGB */ | |
8913 | +#endif /* 0 */ | |
8914 | +#else /* NET_21 */ | |
8915 | +#if 0 | |
8916 | + dev->mtu = prv->mtu; /* RGB */ | |
8917 | +#endif /* 0 */ | |
8918 | +#endif /* NET_21 */ | |
8919 | + } | |
8920 | + | |
8921 | +#ifdef MSS_HACK | |
8922 | + /* | |
8923 | + * If this is a transport mode TCP packet with | |
8924 | + * SYN set, determine an effective MSS based on | |
8925 | + * AH/ESP overheads determined above. | |
8926 | + */ | |
8927 | + if (iph->protocol == IPPROTO_TCP | |
8928 | + && outgoing_said.proto != IPPROTO_IPIP) { | |
8929 | + struct tcphdr *tcph = skb->h.th; | |
8930 | + if (tcph->syn && !tcph->ack) { | |
8931 | + if(!ipsec_adjust_mss(skb, tcph, prv->mtu)) { | |
8932 | + spin_unlock(&tdb_lock); | |
8933 | + printk(KERN_WARNING "klips: " | |
8934 | + "ipsec_adjust_mss() failed\n"); | |
8935 | + stats->tx_errors++; | |
8936 | + goto cleanup; | |
8937 | + } | |
8938 | + } | |
8939 | + } | |
8940 | +#endif /* MSS_HACK */ | |
8941 | + | |
8942 | + if(!hard_header_stripped) { | |
8943 | + if((saved_header = kmalloc(hard_header_len, GFP_ATOMIC)) == NULL) { | |
8944 | + spin_unlock(&tdb_lock); | |
8945 | + printk(KERN_WARNING "klips_debug:ipsec_tunnel_start_xmit: Failed, " | |
8946 | + "tried to allocate %d bytes for temp hard_header.\n", | |
8947 | + hard_header_len); | |
8948 | + stats->tx_errors++; | |
8949 | + goto cleanup; | |
8950 | + } | |
8951 | + for (i = 0; i < hard_header_len; i++) { | |
8952 | + saved_header[i] = skb->data[i]; | |
8953 | + } | |
8954 | + if(skb->len < hard_header_len) { | |
8955 | + spin_unlock(&tdb_lock); | |
8956 | + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: " | |
8957 | + "tried to skb_pull hhlen=%d, %d available. " | |
8958 | + "This should never happen, please report.\n", | |
8959 | + hard_header_len, (int)(skb->len)); | |
8960 | + stats->tx_errors++; | |
8961 | + goto cleanup; | |
8962 | + } | |
8963 | + skb_pull(skb, hard_header_len); | |
8964 | + hard_header_stripped = 1; | |
8965 | + | |
8966 | +/* iph = (struct iphdr *) (skb->data); */ | |
8967 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8968 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8969 | + "head,tailroom: %d,%d after hard_header stripped.\n", | |
8970 | + skb_headroom(skb), skb_tailroom(skb)); | |
8971 | + KLIPS_IP_PRINT(debug_tunnel & DB_TN_CROUT, iph); | |
8972 | + } else { | |
8973 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8974 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8975 | + "hard header already stripped.\n"); | |
8976 | + } | |
8977 | + | |
8978 | + ll_headroom = (hard_header_len + 15) & ~15; | |
8979 | + | |
8980 | + if ((skb_headroom(skb) >= max_headroom + 2 * ll_headroom) && | |
8981 | + (skb_tailroom(skb) >= max_tailroom) | |
8982 | +#ifndef NET_21 | |
8983 | + && skb->free | |
8984 | +#endif /* !NET_21 */ | |
8985 | + ) { | |
8986 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
8987 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
8988 | + "data fits in existing skb\n"); | |
8989 | + } else { | |
8990 | + struct sk_buff* tskb = skb; | |
8991 | + | |
8992 | + if(!oskb) { | |
8993 | + oskb = skb; | |
8994 | + } | |
8995 | + | |
8996 | + tskb = skb_copy_expand(skb, | |
8997 | + /* The reason for 2 * link layer length here still baffles me...RGB */ | |
8998 | + max_headroom + 2 * ll_headroom, | |
8999 | + max_tailroom, | |
9000 | + GFP_ATOMIC); | |
9001 | +#ifdef NET_21 | |
9002 | + if(tskb && skb->sk) { | |
9003 | + skb_set_owner_w(tskb, skb->sk); | |
9004 | + } | |
9005 | +#endif /* NET_21 */ | |
9006 | + if(!(skb == oskb) ) { | |
9007 | + dev_kfree_skb(skb, FREE_WRITE); | |
9008 | + } | |
9009 | + skb = tskb; | |
9010 | + if (!skb) { | |
9011 | + spin_unlock(&tdb_lock); | |
9012 | + printk(KERN_WARNING "klips_debug:ipsec_tunnel_start_xmit: Failed, " | |
9013 | + "tried to allocate %d head and %d tailroom\n", | |
9014 | + max_headroom, max_tailroom); | |
9015 | + stats->tx_errors++; | |
9016 | + goto cleanup; | |
9017 | + } | |
9018 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
9019 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9020 | + "head,tailroom: %d,%d after allocation\n", | |
9021 | + skb_headroom(skb), skb_tailroom(skb)); | |
9022 | + } | |
9023 | + | |
9024 | + /* | |
9025 | + * Apply grouped transforms to packet | |
9026 | + */ | |
9027 | + while (tdbp) { | |
9028 | +#ifdef CONFIG_IPSEC_ESP | |
9029 | + struct esp *espp; | |
9030 | + __u32 iv[2]; | |
9031 | + unsigned char *idat, *pad; | |
9032 | + int authlen = 0, padlen = 0, i; | |
9033 | +#endif /* !CONFIG_IPSEC_ESP */ | |
9034 | +#ifdef CONFIG_IPSEC_AH | |
9035 | + struct iphdr ipo; | |
9036 | + struct ah *ahp; | |
9037 | +#endif /* CONFIG_IPSEC_AH */ | |
9038 | +#if defined(CONFIG_IPSEC_AUTH_HMAC_MD5) || defined(CONFIG_IPSEC_AUTH_HMAC_SHA1) | |
9039 | + union { | |
9040 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
9041 | + MD5_CTX md5; | |
9042 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
9043 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
9044 | + SHA1_CTX sha1; | |
9045 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
9046 | + } tctx; | |
9047 | + __u8 hash[AH_AMAX]; | |
9048 | +#endif /* defined(CONFIG_IPSEC_AUTH_HMAC_MD5) || defined(CONFIG_IPSEC_AUTH_HMAC_SHA1) */ | |
9049 | + int headroom = 0, tailroom = 0, ilen = 0, len = 0; | |
9050 | + unsigned char *dat; | |
9051 | + | |
9052 | + iphlen = iph->ihl << 2; | |
9053 | + pyldsz = ntohs(iph->tot_len) - iphlen; | |
9054 | + sa_len = satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
9055 | + KLIPS_PRINT(debug_tunnel & DB_TN_OXFS, | |
9056 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9057 | + "calling output for <%s%s%s>, SA:%s\n", | |
9058 | + TDB_XFORM_NAME(tdbp), sa); | |
9059 | + | |
9060 | + switch(tdbp->tdb_said.proto) { | |
9061 | +#ifdef CONFIG_IPSEC_AH | |
9062 | + case IPPROTO_AH: | |
9063 | + headroom += sizeof(struct ah); | |
9064 | + break; | |
9065 | +#endif /* CONFIG_IPSEC_AH */ | |
9066 | +#ifdef CONFIG_IPSEC_ESP | |
9067 | + case IPPROTO_ESP: | |
9068 | + switch(tdbp->tdb_encalg) { | |
9069 | +#ifdef CONFIG_IPSEC_ENC_3DES | |
9070 | + case ESP_3DES: | |
9071 | + headroom += sizeof(struct esp); | |
9072 | + break; | |
9073 | +#endif /* CONFIG_IPSEC_ENC_3DES */ | |
9074 | +#ifdef CONFIG_IPSEC_ENC_NULL | |
9075 | + case ESP_NULL: | |
9076 | + headroom += offsetof(struct esp, esp_iv); | |
9077 | + break; | |
9078 | +#endif /* CONFIG_IPSEC_ENC_NULL */ | |
9079 | + default: | |
9080 | + spin_unlock(&tdb_lock); | |
9081 | + stats->tx_errors++; | |
9082 | + goto cleanup; | |
9083 | + } | |
9084 | + switch(tdbp->tdb_authalg) { | |
9085 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
9086 | + case AH_MD5: | |
9087 | + authlen = AHHMAC_HASHLEN; | |
9088 | + break; | |
9089 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
9090 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
9091 | + case AH_SHA: | |
9092 | + authlen = AHHMAC_HASHLEN; | |
9093 | + break; | |
9094 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
9095 | + case AH_NONE: | |
9096 | + break; | |
9097 | + default: | |
9098 | + spin_unlock(&tdb_lock); | |
9099 | + stats->tx_errors++; | |
9100 | + goto cleanup; | |
9101 | + } | |
9102 | + tailroom += ((8 - ((pyldsz + 2 * sizeof(unsigned char)) % 8)) % 8) + 2; | |
9103 | + tailroom += authlen; | |
9104 | + break; | |
9105 | +#endif /* !CONFIG_IPSEC_ESP */ | |
9106 | +#ifdef CONFIG_IPSEC_IPIP | |
9107 | + case IPPROTO_IPIP: | |
9108 | + headroom += sizeof(struct iphdr); | |
9109 | + break; | |
9110 | +#endif /* !CONFIG_IPSEC_IPIP */ | |
9111 | +#ifdef CONFIG_IPSEC_IPCOMP | |
9112 | + case IPPROTO_COMP: | |
9113 | + break; | |
9114 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
9115 | + default: | |
9116 | + spin_unlock(&tdb_lock); | |
9117 | + stats->tx_errors++; | |
9118 | + goto cleanup; | |
9119 | + } | |
9120 | + | |
9121 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
9122 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9123 | + "pushing %d bytes, putting %d, proto %d.\n", | |
9124 | + headroom, tailroom, tdbp->tdb_said.proto); | |
9125 | + if(skb_headroom(skb) < headroom) { | |
9126 | + spin_unlock(&tdb_lock); | |
9127 | + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: " | |
9128 | + "tried to skb_push headroom=%d, %d available. " | |
9129 | + "This should never happen, please report.\n", | |
9130 | + headroom, skb_headroom(skb)); | |
9131 | + stats->tx_errors++; | |
9132 | + goto cleanup; | |
9133 | + } | |
9134 | + dat = skb_push(skb, headroom); | |
9135 | + ilen = skb->len - tailroom; | |
9136 | + if(skb_tailroom(skb) < tailroom) { | |
9137 | + spin_unlock(&tdb_lock); | |
9138 | + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: " | |
9139 | + "tried to skb_put %d, %d available. " | |
9140 | + "This should never happen, please report.\n", | |
9141 | + tailroom, skb_tailroom(skb)); | |
9142 | + stats->tx_errors++; | |
9143 | + goto cleanup; | |
9144 | + } | |
9145 | + skb_put(skb, tailroom); | |
9146 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
9147 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9148 | + "head,tailroom: %d,%d before xform.\n", | |
9149 | + skb_headroom(skb), skb_tailroom(skb)); | |
9150 | + len = skb->len; | |
9151 | + if(len > 0xfff0) { | |
9152 | + spin_unlock(&tdb_lock); | |
9153 | + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: " | |
9154 | + "tot_len (%d) > 65520. " | |
9155 | + "This should never happen, please report.\n", | |
9156 | + len); | |
9157 | + stats->tx_errors++; | |
9158 | + goto cleanup; | |
9159 | + } | |
9160 | + memmove((void *)dat, (void *)(dat + headroom), iphlen); | |
9161 | + iph = (struct iphdr *)dat; | |
9162 | + iph->tot_len = htons(skb->len); | |
9163 | + | |
9164 | + switch(tdbp->tdb_said.proto) { | |
9165 | +#ifdef CONFIG_IPSEC_ESP | |
9166 | + case IPPROTO_ESP: | |
9167 | + espp = (struct esp *)(dat + iphlen); | |
9168 | + espp->esp_spi = tdbp->tdb_said.spi; | |
9169 | + espp->esp_rpl = htonl(++(tdbp->tdb_replaywin_lastseq)); | |
9170 | + | |
9171 | + switch(tdbp->tdb_encalg) { | |
9172 | +#if defined(CONFIG_IPSEC_ENC_3DES) | |
9173 | +#ifdef CONFIG_IPSEC_ENC_3DES | |
9174 | + case ESP_3DES: | |
9175 | +#endif /* CONFIG_IPSEC_ENC_3DES */ | |
9176 | + iv[0] = *((__u32*)&(espp->esp_iv) ) = | |
9177 | + ((__u32*)(tdbp->tdb_iv))[0]; | |
9178 | + iv[1] = *((__u32*)&(espp->esp_iv) + 1) = | |
9179 | + ((__u32*)(tdbp->tdb_iv))[1]; | |
9180 | + break; | |
9181 | +#endif /* defined(CONFIG_IPSEC_ENC_3DES) */ | |
9182 | +#ifdef CONFIG_IPSEC_ENC_NULL | |
9183 | + case ESP_NULL: | |
9184 | + break; | |
9185 | +#endif /* CONFIG_IPSEC_ENC_NULL */ | |
9186 | + default: | |
9187 | + spin_unlock(&tdb_lock); | |
9188 | + stats->tx_errors++; | |
9189 | + goto cleanup; | |
9190 | + } | |
9191 | + | |
9192 | + idat = dat + iphlen + headroom; | |
9193 | + ilen = len - (iphlen + headroom + authlen); | |
9194 | + | |
9195 | + /* Self-describing padding */ | |
9196 | + pad = &dat[len - tailroom]; | |
9197 | + padlen = tailroom - 2 - authlen; | |
9198 | + for (i = 0; i < padlen; i++) { | |
9199 | + pad[i] = i + 1; | |
9200 | + } | |
9201 | + dat[len - authlen - 2] = padlen; | |
9202 | + | |
9203 | + dat[len - authlen - 1] = iph->protocol; | |
9204 | + iph->protocol = IPPROTO_ESP; | |
9205 | + | |
9206 | + switch(tdbp->tdb_encalg) { | |
9207 | +#ifdef CONFIG_IPSEC_ENC_3DES | |
9208 | + case ESP_3DES: | |
9209 | + des_ede3_cbc_encrypt(idat, idat, ilen, | |
9210 | + (caddr_t)(&((struct des_eks*)(tdbp->tdb_key_e))[0]), | |
9211 | + (caddr_t)(&((struct des_eks*)(tdbp->tdb_key_e))[1]), | |
9212 | + (caddr_t)(&((struct des_eks*)(tdbp->tdb_key_e))[2]), | |
9213 | + (caddr_t)iv, 1); | |
9214 | + break; | |
9215 | +#endif /* CONFIG_IPSEC_ENC_3DES */ | |
9216 | +#ifdef CONFIG_IPSEC_ENC_NULL | |
9217 | + case ESP_NULL: | |
9218 | + break; | |
9219 | +#endif /* CONFIG_IPSEC_ENC_NULL */ | |
9220 | + default: | |
9221 | + spin_unlock(&tdb_lock); | |
9222 | + stats->tx_errors++; | |
9223 | + goto cleanup; | |
9224 | + } | |
9225 | + | |
9226 | + switch(tdbp->tdb_encalg) { | |
9227 | +#if defined(CONFIG_IPSEC_ENC_3DES) | |
9228 | +#ifdef CONFIG_IPSEC_ENC_3DES | |
9229 | + case ESP_3DES: | |
9230 | +#endif /* CONFIG_IPSEC_ENC_3DES */ | |
9231 | + /* XXX update IV with the last 8 octets of the encryption */ | |
9232 | + ((__u32*)(tdbp->tdb_iv))[0] = | |
9233 | + ((__u32 *)(idat))[(ilen >> 2) - 2]; | |
9234 | + ((__u32*)(tdbp->tdb_iv))[1] = | |
9235 | + ((__u32 *)(idat))[(ilen >> 2) - 1]; | |
9236 | + break; | |
9237 | +#endif /* defined(CONFIG_IPSEC_ENC_3DES) */ | |
9238 | +#ifdef CONFIG_IPSEC_ENC_NULL | |
9239 | + case ESP_NULL: | |
9240 | + break; | |
9241 | +#endif /* CONFIG_IPSEC_ENC_NULL */ | |
9242 | + default: | |
9243 | + spin_unlock(&tdb_lock); | |
9244 | + stats->tx_errors++; | |
9245 | + goto cleanup; | |
9246 | + } | |
9247 | + | |
9248 | + switch(tdbp->tdb_authalg) { | |
9249 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
9250 | + case AH_MD5: | |
9251 | + dmp("espp", (char*)espp, len - iphlen - authlen); | |
9252 | + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->ictx; | |
9253 | + dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9254 | + MD5Update(&tctx.md5, (caddr_t)espp, len - iphlen - authlen); | |
9255 | + dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9256 | + MD5Final(hash, &tctx.md5); | |
9257 | + dmp("ictx hash", (char*)&hash, sizeof(hash)); | |
9258 | + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->octx; | |
9259 | + dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9260 | + MD5Update(&tctx.md5, hash, AHMD596_ALEN); | |
9261 | + dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9262 | + MD5Final(hash, &tctx.md5); | |
9263 | + dmp("octx hash", (char*)&hash, sizeof(hash)); | |
9264 | + memcpy(&(dat[len - authlen]), hash, authlen); | |
9265 | + | |
9266 | + /* paranoid */ | |
9267 | + memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5)); | |
9268 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
9269 | + break; | |
9270 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
9271 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
9272 | + case AH_SHA: | |
9273 | + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx; | |
9274 | + SHA1Update(&tctx.sha1, (caddr_t)espp, len - iphlen - authlen); | |
9275 | + SHA1Final(hash, &tctx.sha1); | |
9276 | + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->octx; | |
9277 | + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN); | |
9278 | + SHA1Final(hash, &tctx.sha1); | |
9279 | + memcpy(&(dat[len - authlen]), hash, authlen); | |
9280 | + | |
9281 | + /* paranoid */ | |
9282 | + memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1)); | |
9283 | + memset((caddr_t)hash, 0, sizeof(*hash)); | |
9284 | + break; | |
9285 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
9286 | + case AH_NONE: | |
9287 | + break; | |
9288 | + default: | |
9289 | + spin_unlock(&tdb_lock); | |
9290 | + stats->tx_errors++; | |
9291 | + goto cleanup; | |
9292 | + } | |
9293 | +#ifdef NET_21 | |
9294 | + skb->h.raw = (unsigned char*)espp; | |
9295 | +#endif /* NET_21 */ | |
9296 | + break; | |
9297 | +#endif /* !CONFIG_IPSEC_ESP */ | |
9298 | +#ifdef CONFIG_IPSEC_AH | |
9299 | + case IPPROTO_AH: | |
9300 | + ahp = (struct ah *)(dat + iphlen); | |
9301 | + ahp->ah_spi = tdbp->tdb_said.spi; | |
9302 | + ahp->ah_rpl = htonl(++(tdbp->tdb_replaywin_lastseq)); | |
9303 | + ahp->ah_rv = 0; | |
9304 | + ahp->ah_nh = iph->protocol; | |
9305 | + ahp->ah_hl = (headroom >> 2) - sizeof(__u64)/sizeof(__u32); | |
9306 | + iph->protocol = IPPROTO_AH; | |
9307 | + dmp("ahp", (char*)ahp, sizeof(*ahp)); | |
9308 | + | |
9309 | + ipo = *iph; | |
9310 | + ipo.tos = 0; | |
9311 | + ipo.frag_off = 0; | |
9312 | + ipo.ttl = 0; | |
9313 | + ipo.check = 0; | |
9314 | + dmp("ipo", (char*)&ipo, sizeof(ipo)); | |
9315 | + | |
9316 | + switch(tdbp->tdb_authalg) { | |
9317 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
9318 | + case AH_MD5: | |
9319 | + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->ictx; | |
9320 | + dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9321 | + MD5Update(&tctx.md5, (unsigned char *)&ipo, sizeof (struct iphdr)); | |
9322 | + dmp("ictx+ipo", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9323 | + MD5Update(&tctx.md5, (unsigned char *)ahp, headroom - sizeof(ahp->ah_data)); | |
9324 | + dmp("ictx+ahp", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9325 | + MD5Update(&tctx.md5, (unsigned char *)zeroes, AHHMAC_HASHLEN); | |
9326 | + dmp("ictx+zeroes", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9327 | + MD5Update(&tctx.md5, dat + iphlen + headroom, len - iphlen - headroom); | |
9328 | + dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9329 | + MD5Final(hash, &tctx.md5); | |
9330 | + dmp("ictx hash", (char*)&hash, sizeof(hash)); | |
9331 | + tctx.md5 = ((struct md5_ctx*)(tdbp->tdb_key_a))->octx; | |
9332 | + dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9333 | + MD5Update(&tctx.md5, hash, AHMD596_ALEN); | |
9334 | + dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5)); | |
9335 | + MD5Final(hash, &tctx.md5); | |
9336 | + dmp("octx hash", (char*)&hash, sizeof(hash)); | |
9337 | + | |
9338 | + memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN); | |
9339 | + | |
9340 | + /* paranoid */ | |
9341 | + memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5)); | |
9342 | + memset((caddr_t)hash, 0, sizeof(hash)); | |
9343 | + break; | |
9344 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
9345 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
9346 | + case AH_SHA: | |
9347 | + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx; | |
9348 | + SHA1Update(&tctx.sha1, (unsigned char *)&ipo, sizeof (struct iphdr)); | |
9349 | + SHA1Update(&tctx.sha1, (unsigned char *)ahp, headroom - sizeof(ahp->ah_data)); | |
9350 | + SHA1Update(&tctx.sha1, (unsigned char *)zeroes, AHHMAC_HASHLEN); | |
9351 | + SHA1Update(&tctx.sha1, dat + iphlen + headroom, len - iphlen - headroom); | |
9352 | + SHA1Final(hash, &tctx.sha1); | |
9353 | + tctx.sha1 = ((struct sha1_ctx*)(tdbp->tdb_key_a))->octx; | |
9354 | + SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN); | |
9355 | + SHA1Final(hash, &tctx.sha1); | |
9356 | + | |
9357 | + memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN); | |
9358 | + | |
9359 | + /* paranoid */ | |
9360 | + memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1)); | |
9361 | + memset((caddr_t)hash, 0, sizeof(hash)); | |
9362 | + break; | |
9363 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
9364 | + default: | |
9365 | + spin_unlock(&tdb_lock); | |
9366 | + stats->tx_errors++; | |
9367 | + goto cleanup; | |
9368 | + } | |
9369 | +#ifdef NET_21 | |
9370 | + skb->h.raw = (unsigned char*)ahp; | |
9371 | +#endif /* NET_21 */ | |
9372 | + break; | |
9373 | +#endif /* CONFIG_IPSEC_AH */ | |
9374 | +#ifdef CONFIG_IPSEC_IPIP | |
9375 | + case IPPROTO_IPIP: | |
9376 | + iph->version = 4; | |
9377 | + switch(sysctl_ipsec_tos) { | |
9378 | + case 0: | |
9379 | +#ifdef NET_21 | |
9380 | + iph->tos = skb->nh.iph->tos; | |
9381 | +#else /* NET_21 */ | |
9382 | + iph->tos = skb->ip_hdr->tos; | |
9383 | +#endif /* NET_21 */ | |
9384 | + break; | |
9385 | + case 1: | |
9386 | + iph->tos = 0; | |
9387 | + break; | |
9388 | + default: | |
9389 | + } | |
9390 | +#ifdef NET_21 | |
9391 | + iph->ttl = ip_statistics.IpDefaultTTL; | |
9392 | +#else /* NET_21 */ | |
9393 | + iph->ttl = 64; /* ip_statistics.IpDefaultTTL; */ | |
9394 | +#endif /* NET_21 */ | |
9395 | + iph->frag_off = 0; | |
9396 | + iph->saddr = ((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr.s_addr; | |
9397 | + iph->daddr = ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr.s_addr; | |
9398 | + iph->protocol = IPPROTO_IPIP; | |
9399 | + iph->ihl = sizeof(struct iphdr) >> 2 /* 5 */; | |
9400 | +#ifdef IP_SELECT_IDENT | |
9401 | + /* XXX use of skb->dst below is a questionable | |
9402 | + substitute for &rt->u.dst which is only | |
9403 | + available later-on */ | |
9404 | + ip_select_ident(iph, skb->dst); | |
9405 | +#else | |
9406 | + iph->id = htons(ip_id_count++); /* Race condition here? */ | |
9407 | +#endif | |
9408 | + | |
9409 | + newdst = (__u32)iph->daddr; | |
9410 | + newsrc = (__u32)iph->saddr; | |
9411 | + | |
9412 | +#ifdef NET_21 | |
9413 | + skb->h.ipiph = skb->nh.iph; | |
9414 | +#endif /* NET_21 */ | |
9415 | + break; | |
9416 | +#endif /* !CONFIG_IPSEC_IPIP */ | |
9417 | +#ifdef CONFIG_IPSEC_IPCOMP | |
9418 | + case IPPROTO_COMP: | |
9419 | + { | |
9420 | + unsigned int flags = 0; | |
9421 | +#ifdef CONFIG_IPSEC_DEBUG | |
9422 | + unsigned int old_tot_len = ntohs(iph->tot_len); | |
9423 | +#endif | |
9424 | + tdbp->tdb_comp_ratio_dbytes += ntohs(iph->tot_len); | |
9425 | + | |
9426 | + skb = skb_compress(skb, tdbp, &flags); | |
9427 | + | |
9428 | +#ifdef NET_21 | |
9429 | + iph = skb->nh.iph; | |
9430 | +#else /* NET_21 */ | |
9431 | + iph = skb->ip_hdr; | |
9432 | +#endif /* NET_21 */ | |
9433 | + | |
9434 | + tdbp->tdb_comp_ratio_cbytes += ntohs(iph->tot_len); | |
9435 | + | |
9436 | +#ifdef CONFIG_IPSEC_DEBUG | |
9437 | + if (debug_tunnel & DB_TN_CROUT) | |
9438 | + { | |
9439 | + if (old_tot_len > ntohs(iph->tot_len)) | |
9440 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
9441 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9442 | + "packet shrunk from %d to %d bytes after compression, cpi=%04x (should be from spi=%08x, spi&0xffff=%04x.\n", | |
9443 | + old_tot_len, ntohs(iph->tot_len), | |
9444 | + ntohs(((struct ipcomphdr*)(((char*)iph) + ((iph->ihl) << 2)))->ipcomp_cpi), | |
9445 | + ntohl(tdbp->tdb_said.spi), | |
9446 | + (__u16)(ntohl(tdbp->tdb_said.spi) & 0x0000ffff)); | |
9447 | + else | |
9448 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
9449 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9450 | + "packet did not compress (flags = %d).\n", | |
9451 | + flags); | |
9452 | + } | |
9453 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
9454 | + } | |
9455 | + break; | |
9456 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
9457 | + default: | |
9458 | + spin_unlock(&tdb_lock); | |
9459 | + stats->tx_errors++; | |
9460 | + goto cleanup; | |
9461 | + } | |
9462 | + | |
9463 | +#ifdef NET_21 | |
9464 | + skb->nh.raw = skb->data; | |
9465 | +#else /* NET_21 */ | |
9466 | + skb->ip_hdr = skb->h.iph = (struct iphdr *) skb->data; | |
9467 | +#endif /* NET_21 */ | |
9468 | + iph->check = 0; | |
9469 | + iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); | |
9470 | + | |
9471 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
9472 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9473 | + "after <%s%s%s>, SA:%s:\n", | |
9474 | + TDB_XFORM_NAME(tdbp), sa); | |
9475 | + KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, iph); | |
9476 | + | |
9477 | + tdbp->tdb_lifetime_bytes_c += len; | |
9478 | + if(!tdbp->tdb_lifetime_usetime_c) { | |
9479 | + tdbp->tdb_lifetime_usetime_c = jiffies / HZ; | |
9480 | + } | |
9481 | + tdbp->tdb_lifetime_usetime_l = jiffies / HZ; | |
9482 | + tdbp->tdb_lifetime_packets_c += 1; | |
9483 | + | |
9484 | + tdbp = tdbp->tdb_onext; | |
9485 | + | |
9486 | + } | |
9487 | + /* end encapsulation loop here XXX */ | |
9488 | + | |
9489 | + spin_unlock(&tdb_lock); | |
9490 | + | |
9491 | + matcher.sen_ip_src.s_addr = iph->saddr; | |
9492 | + matcher.sen_ip_dst.s_addr = iph->daddr; | |
9493 | + spin_lock(&eroute_lock); | |
9494 | + er = ipsec_findroute(&matcher); | |
9495 | + if(er) { | |
9496 | + outgoing_said = er->er_said; | |
9497 | + } | |
9498 | + spin_unlock(&eroute_lock); | |
9499 | + KLIPS_PRINT(/* ((orgdst != newdst) || (orgsrc != newsrc)) */ | |
9500 | + (orgedst != outgoing_said.dst.s_addr) && | |
9501 | + outgoing_said.dst.s_addr && | |
9502 | + er && | |
9503 | + (debug_tunnel & DB_TN_XMIT), | |
9504 | + "klips_debug:ipsec_tunnel_start_xmit: We are recursing here.\n"); | |
9505 | + } while(/*((orgdst != newdst) || (orgsrc != newsrc))*/ | |
9506 | + (orgedst != outgoing_said.dst.s_addr) && | |
9507 | + outgoing_said.dst.s_addr && | |
9508 | + er); | |
9509 | + | |
9510 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
9511 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9512 | + "After recursive xforms -- head,tailroom: %d,%d\n", | |
9513 | + skb_headroom(skb), skb_tailroom(skb)); | |
9514 | + | |
9515 | + if(sysctl_ipsec_icmp && (innersrc != newsrc) && (ntohs(iph->tot_len) > physmtu)) { | |
9516 | + ICMP_SEND(oskb ? oskb : skb, | |
9517 | + ICMP_DEST_UNREACH, | |
9518 | + ICMP_FRAG_NEEDED, | |
9519 | + prv->mtu, | |
9520 | + physdev); | |
9521 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
9522 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9523 | + "IPSEC tunnel mode packet is larger than MTU, ICMP sent.\n"); | |
9524 | + } | |
9525 | + | |
9526 | + if(saved_header) { | |
9527 | + if(skb_headroom(skb) < hard_header_len) { | |
9528 | + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: " | |
9529 | + "tried to skb_push hhlen=%d, %d available. " | |
9530 | + "This should never happen, please report.\n", | |
9531 | + hard_header_len, skb_headroom(skb)); | |
9532 | + stats->tx_errors++; | |
9533 | + goto cleanup; | |
9534 | + } | |
9535 | + skb_push(skb, hard_header_len); | |
9536 | + for (i = 0; i < hard_header_len; i++) { | |
9537 | + skb->data[i] = saved_header[i]; | |
9538 | + } | |
9539 | + } | |
9540 | + bypass: | |
9541 | + KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, | |
9542 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9543 | + "With hard_header, final head,tailroom: %d,%d\n", | |
9544 | + skb_headroom(skb), skb_tailroom(skb)); | |
9545 | + | |
9546 | +#ifdef NET_21 | |
9547 | + /* new route/dst cache code from James Morris */ | |
9548 | + skb->dev = physdev; | |
9549 | + /*skb_orphan(skb);*/ | |
9550 | + if(ip_route_output(&rt, | |
9551 | + skb->nh.iph->daddr, | |
9552 | + skb->nh.iph->saddr, | |
9553 | + RT_TOS(skb->nh.iph->tos), | |
9554 | + physdev->iflink)) { | |
9555 | + stats->tx_errors++; | |
9556 | + goto cleanup; | |
9557 | + } | |
9558 | + if(dev == rt->u.dst.dev) { | |
9559 | + ip_rt_put(rt); | |
9560 | + /* This is recursion, drop it. */ | |
9561 | + stats->tx_errors++; | |
9562 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
9563 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9564 | + "suspect recursion, dev=rt->u.dst.dev=%s, dropped\n", dev->name); | |
9565 | + goto cleanup; | |
9566 | + } | |
9567 | + dst_release(skb->dst); | |
9568 | + skb->dst = &rt->u.dst; | |
9569 | + stats->tx_bytes += skb->len; | |
9570 | + if(skb->len < skb->nh.raw - skb->data) { | |
9571 | + printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: " | |
9572 | + "tried to __skb_pull nh-data=%d, %d available. " | |
9573 | + "This should never happen, please report.\n", | |
9574 | + skb->nh.raw - skb->data, skb->len); | |
9575 | + stats->tx_errors++; | |
9576 | + goto cleanup; | |
9577 | + } | |
9578 | + __skb_pull(skb, skb->nh.raw - skb->data); | |
9579 | +#ifdef SKB_RESET_NFCT | |
9580 | + nf_conntrack_put(skb->nfct); | |
9581 | + skb->nfct = NULL; | |
9582 | +#ifdef CONFIG_NETFILTER_DEBUG | |
9583 | + skb->nf_debug = 0; | |
9584 | +#endif /* CONFIG_NETFILTER_DEBUG */ | |
9585 | +#endif /* SKB_RESET_NFCT */ | |
9586 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
9587 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9588 | + "...done, calling ip_send()\n"); | |
9589 | +#ifdef NETDEV_23 | |
9590 | + { | |
9591 | + int err; | |
9592 | + | |
9593 | + err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, | |
9594 | + ipsec_tunnel_xmit2); | |
9595 | + if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) { | |
9596 | + if(net_ratelimit()) | |
9597 | + printk(KERN_ERR | |
9598 | + "ipsec_tunnel_start_xmit: ip_send() failed, err=%d\n", | |
9599 | + -err); | |
9600 | + stats->tx_errors++; | |
9601 | + stats->tx_aborted_errors++; | |
9602 | + skb = NULL; | |
9603 | + goto cleanup; | |
9604 | + } | |
9605 | + } | |
9606 | +#else | |
9607 | + ip_send(skb); | |
9608 | +#endif | |
9609 | +#else /* NET_21 */ | |
9610 | + skb->arp = 1; | |
9611 | + /* ISDN/ASYNC PPP from Matjaz Godec. */ | |
9612 | + /* skb->protocol = htons(ETH_P_IP); */ | |
9613 | + KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, | |
9614 | + "klips_debug:ipsec_tunnel_start_xmit: " | |
9615 | + "...done, calling dev_queue_xmit() or ip_fragment().\n"); | |
9616 | + IP_SEND(skb, physdev); | |
9617 | +#endif /* NET_21 */ | |
9618 | + stats->tx_packets++; | |
9619 | + | |
9620 | + skb = NULL; | |
9621 | + cleanup: | |
9622 | +#if defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) | |
9623 | + netif_wake_queue(dev); | |
9624 | +#else | |
9625 | + dev->tbusy = 0; | |
9626 | +#endif | |
9627 | + if(saved_header) | |
9628 | + kfree(saved_header); | |
9629 | + if(skb) { | |
9630 | + dev_kfree_skb(skb, FREE_WRITE); | |
9631 | + } | |
9632 | + if(oskb) | |
9633 | + dev_kfree_skb(oskb, FREE_WRITE); | |
9634 | + return 0; | |
9635 | +} | |
9636 | + | |
9637 | +DEBUG_NO_STATIC struct net_device_stats * | |
9638 | +ipsec_tunnel_get_stats(struct device *dev) | |
9639 | +{ | |
9640 | + return &(((struct ipsecpriv *)(dev->priv))->mystats); | |
9641 | +} | |
9642 | + | |
9643 | +/* | |
9644 | + * Revectored calls. | |
9645 | + * For each of these calls, a field exists in our private structure. | |
9646 | + */ | |
9647 | + | |
9648 | +DEBUG_NO_STATIC int | |
9649 | +ipsec_tunnel_hard_header(struct sk_buff *skb, struct device *dev, | |
9650 | + unsigned short type, void *daddr, void *saddr, unsigned len) | |
9651 | +{ | |
9652 | + struct ipsecpriv *prv = dev->priv; | |
9653 | + struct device *tmp; | |
9654 | + int ret; | |
9655 | + | |
9656 | + if(!prv->hard_header) { | |
9657 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9658 | + "klips_debug:ipsec_tunnel_hard_header: " | |
9659 | + "physical device has been detached, packet dropped " | |
9660 | + "0x%p->0x%p len=%d type=%d dev=%s->NULL ", | |
9661 | + saddr, daddr, len, type, dev->name); | |
9662 | +#ifdef NET_21 | |
9663 | + KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, | |
9664 | + "ip=%08x->%08x\n", | |
9665 | + (__u32)ntohl(skb->nh.iph->saddr), | |
9666 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
9667 | +#else /* NET_21 */ | |
9668 | + KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, | |
9669 | + "ip=%08x->%08x\n", | |
9670 | + (__u32)ntohl(skb->ip_hdr->saddr), | |
9671 | + (__u32)ntohl(skb->ip_hdr->daddr) ); | |
9672 | +#endif /* NET_21 */ | |
9673 | + return -ENODEV; | |
9674 | + } | |
9675 | + | |
9676 | +#define da ((struct device *)(prv->dev))->dev_addr | |
9677 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9678 | + "klips_debug:ipsec_tunnel_hard_header: " | |
9679 | + "Revectored 0x%p->0x%p len=%d type=%d dev=%s->%s " | |
9680 | + "dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ", | |
9681 | + saddr, daddr, len, type, dev->name, prv->dev->name, | |
9682 | + da[0], da[1], da[2], da[3], da[4], da[5]); | |
9683 | +#ifdef NET_21 | |
9684 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9685 | + "ip=%08x->%08x\n", | |
9686 | + (__u32)ntohl(skb->nh.iph->saddr), | |
9687 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
9688 | +#else /* NET_21 */ | |
9689 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9690 | + "ip=%08x->%08x\n", | |
9691 | + (__u32)ntohl(skb->ip_hdr->saddr), | |
9692 | + (__u32)ntohl(skb->ip_hdr->daddr) ); | |
9693 | +#endif /* NET_21 */ | |
9694 | + tmp = skb->dev; | |
9695 | + skb->dev = prv->dev; | |
9696 | + ret = prv->hard_header(skb, prv->dev, type, (void *)daddr, (void *)saddr, len); | |
9697 | + skb->dev = tmp; | |
9698 | + return ret; | |
9699 | +} | |
9700 | + | |
9701 | +DEBUG_NO_STATIC int | |
9702 | +#ifdef NET_21 | |
9703 | +ipsec_tunnel_rebuild_header(struct sk_buff *skb) | |
9704 | +#else /* NET_21 */ | |
9705 | +ipsec_tunnel_rebuild_header(void *buff, struct device *dev, | |
9706 | + unsigned long raddr, struct sk_buff *skb) | |
9707 | +#endif /* NET_21 */ | |
9708 | +{ | |
9709 | + struct ipsecpriv *prv = skb->dev->priv; | |
9710 | + struct device *tmp; | |
9711 | + int ret; | |
9712 | + | |
9713 | + if(!prv->rebuild_header) { | |
9714 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9715 | + "klips_debug:ipsec_tunnel_rebuild_header: " | |
9716 | + "physical device has been detached, packet dropped " | |
9717 | + "skb->dev=%s->NULL ", | |
9718 | + skb->dev->name); | |
9719 | +#ifdef NET_21 | |
9720 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9721 | + "ip=%08x->%08x\n", | |
9722 | + (__u32)ntohl(skb->nh.iph->saddr), | |
9723 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
9724 | +#else /* NET_21 */ | |
9725 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9726 | + "ip=%08x->%08x\n", | |
9727 | + (__u32)ntohl(skb->ip_hdr->saddr), | |
9728 | + (__u32)ntohl(skb->ip_hdr->daddr) ); | |
9729 | +#endif /* NET_21 */ | |
9730 | + return -ENODEV; | |
9731 | + } | |
9732 | + | |
9733 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9734 | + "klips_debug:ipsec_tunnel: " | |
9735 | + "Revectored rebuild_header dev=%s->%s ", | |
9736 | + skb->dev->name, prv->dev->name); | |
9737 | +#ifdef NET_21 | |
9738 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9739 | + "ip=%08x->%08x\n", | |
9740 | + (__u32)ntohl(skb->nh.iph->saddr), | |
9741 | + (__u32)ntohl(skb->nh.iph->daddr) ); | |
9742 | +#else /* NET_21 */ | |
9743 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9744 | + "ip=%08x->%08x\n", | |
9745 | + (__u32)ntohl(skb->ip_hdr->saddr), | |
9746 | + (__u32)ntohl(skb->ip_hdr->daddr) ); | |
9747 | +#endif /* NET_21 */ | |
9748 | + tmp = skb->dev; | |
9749 | + skb->dev = prv->dev; | |
9750 | + | |
9751 | +#ifdef NET_21 | |
9752 | + ret = prv->rebuild_header(skb); | |
9753 | +#else /* NET_21 */ | |
9754 | + ret = prv->rebuild_header(buff, prv->dev, raddr, skb); | |
9755 | +#endif /* NET_21 */ | |
9756 | + skb->dev = tmp; | |
9757 | + return ret; | |
9758 | +} | |
9759 | + | |
9760 | +DEBUG_NO_STATIC int | |
9761 | +ipsec_tunnel_set_mac_address(struct device *dev, void *addr) | |
9762 | +{ | |
9763 | + struct ipsecpriv *prv = dev->priv; | |
9764 | + | |
9765 | + if(!prv->set_mac_address) { | |
9766 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9767 | + "klips_debug:ipsec_tunnel_set_mac_address: " | |
9768 | + "physical device has been detached, cannot set - " | |
9769 | + "skb->dev=%s->NULL\n", | |
9770 | + dev->name); | |
9771 | + return -ENODEV; | |
9772 | + } | |
9773 | + | |
9774 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9775 | + "klips_debug:ipsec_tunnel_set_mac_address: " | |
9776 | + "Revectored dev=%s->%s addr=%p\n", | |
9777 | + dev->name, prv->dev->name, addr); | |
9778 | + return prv->set_mac_address(prv->dev, addr); | |
9779 | + | |
9780 | +} | |
9781 | + | |
9782 | +#ifndef NET_21 | |
9783 | +DEBUG_NO_STATIC void | |
9784 | +ipsec_tunnel_cache_bind(struct hh_cache **hhp, struct device *dev, | |
9785 | + unsigned short htype, __u32 daddr) | |
9786 | +{ | |
9787 | + struct ipsecpriv *prv = dev->priv; | |
9788 | + | |
9789 | + if(!prv->header_cache_bind) { | |
9790 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9791 | + "klips_debug:ipsec_tunnel_cache_bind: " | |
9792 | + "physical device has been detached, cannot set - " | |
9793 | + "skb->dev=%s->NULL\n", | |
9794 | + dev->name); | |
9795 | + return; | |
9796 | + } | |
9797 | + | |
9798 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9799 | + "klips_debug:ipsec_tunnel_cache_bind: " | |
9800 | + "Revectored \n"); | |
9801 | + prv->header_cache_bind(hhp, prv->dev, htype, daddr); | |
9802 | + return; | |
9803 | +} | |
9804 | +#endif /* !NET_21 */ | |
9805 | + | |
9806 | + | |
9807 | +DEBUG_NO_STATIC void | |
9808 | +ipsec_tunnel_cache_update(struct hh_cache *hh, struct device *dev, unsigned char * haddr) | |
9809 | +{ | |
9810 | + struct ipsecpriv *prv = dev->priv; | |
9811 | + | |
9812 | + if(!prv->header_cache_update) { | |
9813 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9814 | + "klips_debug:ipsec_tunnel_cache_update: " | |
9815 | + "physical device has been detached, cannot set - " | |
9816 | + "skb->dev=%s->NULL\n", | |
9817 | + dev->name); | |
9818 | + return; | |
9819 | + } | |
9820 | + | |
9821 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9822 | + "klips_debug:ipsec_tunnel: " | |
9823 | + "Revectored cache_update\n"); | |
9824 | + prv->header_cache_update(hh, prv->dev, haddr); | |
9825 | + return; | |
9826 | +} | |
9827 | + | |
9828 | +#ifdef NET_21 | |
9829 | +DEBUG_NO_STATIC int | |
9830 | +ipsec_tunnel_neigh_setup(struct neighbour *n) | |
9831 | +{ | |
9832 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9833 | + "klips_debug:ipsec_tunnel: " | |
9834 | + "ipsec_tunnel_neigh_setup\n"); | |
9835 | + | |
9836 | + if (n->nud_state == NUD_NONE) { | |
9837 | + n->ops = &arp_broken_ops; | |
9838 | + n->output = n->ops->output; | |
9839 | + } | |
9840 | + return 0; | |
9841 | +} | |
9842 | + | |
9843 | +DEBUG_NO_STATIC int | |
9844 | +ipsec_tunnel_neigh_setup_dev(struct device *dev, struct neigh_parms *p) | |
9845 | +{ | |
9846 | + KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, | |
9847 | + "klips_debug:ipsec_tunnel: " | |
9848 | + "ipsec_tunnel_neigh_setup_dev\n"); | |
9849 | + | |
9850 | + if (p->tbl->family == AF_INET) { | |
9851 | + p->neigh_setup = ipsec_tunnel_neigh_setup; | |
9852 | + p->ucast_probes = 0; | |
9853 | + p->mcast_probes = 0; | |
9854 | + } | |
9855 | + return 0; | |
9856 | +} | |
9857 | +#endif /* NET_21 */ | |
9858 | + | |
9859 | +/* | |
9860 | + * We call the attach routine to attach another device. | |
9861 | + */ | |
9862 | + | |
9863 | +DEBUG_NO_STATIC int | |
9864 | +ipsec_tunnel_attach(struct device *tndev, struct ipsecpriv *prv, struct device *dev) | |
9865 | +{ | |
9866 | + int i; | |
9867 | + | |
9868 | + prv->dev = dev; | |
9869 | + prv->hard_start_xmit = dev->hard_start_xmit; | |
9870 | + prv->get_stats = dev->get_stats; | |
9871 | + | |
9872 | + if (dev->hard_header) { | |
9873 | + prv->hard_header = dev->hard_header; | |
9874 | + tndev->hard_header = ipsec_tunnel_hard_header; | |
9875 | + } else | |
9876 | + tndev->hard_header = NULL; | |
9877 | + | |
9878 | + if (dev->rebuild_header) { | |
9879 | + prv->rebuild_header = dev->rebuild_header; | |
9880 | + tndev->rebuild_header = ipsec_tunnel_rebuild_header; | |
9881 | + } else | |
9882 | + tndev->rebuild_header = NULL; | |
9883 | + | |
9884 | + if (dev->set_mac_address) { | |
9885 | + prv->set_mac_address = dev->set_mac_address; | |
9886 | + tndev->set_mac_address = ipsec_tunnel_set_mac_address; | |
9887 | + } else | |
9888 | + tndev->set_mac_address = NULL; | |
9889 | + | |
9890 | +#ifndef NET_21 | |
9891 | + if (dev->header_cache_bind) { | |
9892 | + prv->header_cache_bind = dev->header_cache_bind; | |
9893 | + tndev->header_cache_bind = ipsec_tunnel_cache_bind; | |
9894 | + } else | |
9895 | + tndev->header_cache_bind = NULL; | |
9896 | +#endif /* !NET_21 */ | |
9897 | + | |
9898 | + if (dev->header_cache_update) { | |
9899 | + prv->header_cache_update = dev->header_cache_update; | |
9900 | + tndev->header_cache_update = ipsec_tunnel_cache_update; | |
9901 | + } else | |
9902 | + tndev->header_cache_update = NULL; | |
9903 | + | |
9904 | + tndev->hard_header_len = dev->hard_header_len; | |
9905 | + | |
9906 | +#ifdef NET_21 | |
9907 | +/* prv->neigh_setup = dev->neigh_setup; */ | |
9908 | + dev->neigh_setup = ipsec_tunnel_neigh_setup_dev; | |
9909 | +#endif /* NET_21 */ | |
9910 | + tndev->mtu = 16260; /* 0xfff0; */ /* dev->mtu; */ | |
9911 | + prv->mtu = dev->mtu; | |
9912 | + | |
9913 | +#ifdef PHYSDEV_TYPE | |
9914 | + tndev->type = dev->type /* ARPHRD_TUNNEL */; /* initially */ | |
9915 | +#endif /* PHYSDEV_TYPE */ | |
9916 | + | |
9917 | + tndev->addr_len = dev->addr_len; | |
9918 | + for (i=0; i<tndev->addr_len; i++) { | |
9919 | + tndev->dev_addr[i] = dev->dev_addr[i]; | |
9920 | + } | |
9921 | +#ifdef CONFIG_IPSEC_DEBUG | |
9922 | + if(debug_tunnel & DB_TN_INIT) { | |
9923 | + printk(KERN_INFO "klips_debug:ipsec_tunnel_attach: " | |
9924 | + "physical device %s being attached has HW address: %2x", | |
9925 | + dev->name, dev->dev_addr[0]); | |
9926 | + for (i=1; i < dev->addr_len; i++) { | |
9927 | + printk(":%02x", dev->dev_addr[i]); | |
9928 | + } | |
9929 | + printk("\n"); | |
9930 | + } | |
9931 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
9932 | + | |
9933 | + return 0; | |
9934 | +} | |
9935 | + | |
9936 | +/* | |
9937 | + * We call the detach routine to detach the ipsec tunnel from another device. | |
9938 | + */ | |
9939 | + | |
9940 | +DEBUG_NO_STATIC int | |
9941 | +ipsec_tunnel_detach(struct device *dev, struct ipsecpriv *prv) | |
9942 | +{ | |
9943 | + int i; | |
9944 | + | |
9945 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
9946 | + "klips_debug:ipsec_tunnel_detach: " | |
9947 | + "physical device %s being detached from virtual device %s\n", | |
9948 | + prv->dev->name, dev->name); | |
9949 | + | |
9950 | + prv->dev = NULL; | |
9951 | + prv->hard_start_xmit = NULL; | |
9952 | + prv->get_stats = NULL; | |
9953 | + | |
9954 | + prv->hard_header = NULL; | |
9955 | + dev->hard_header = NULL; | |
9956 | + | |
9957 | + prv->rebuild_header = NULL; | |
9958 | + dev->rebuild_header = NULL; | |
9959 | + | |
9960 | + prv->set_mac_address = NULL; | |
9961 | + dev->set_mac_address = NULL; | |
9962 | + | |
9963 | +#ifndef NET_21 | |
9964 | + prv->header_cache_bind = NULL; | |
9965 | + dev->header_cache_bind = NULL; | |
9966 | +#endif /* !NET_21 */ | |
9967 | + | |
9968 | + prv->header_cache_update = NULL; | |
9969 | + dev->header_cache_update = NULL; | |
9970 | + | |
9971 | +#ifdef NET_21 | |
9972 | +/* prv->neigh_setup = NULL; */ | |
9973 | + dev->neigh_setup = NULL; | |
9974 | +#endif /* NET_21 */ | |
9975 | + dev->hard_header_len = 0; | |
9976 | + dev->mtu = 0; | |
9977 | + prv->mtu = 0; | |
9978 | + for (i=0; i<MAX_ADDR_LEN; i++) { | |
9979 | + dev->dev_addr[i] = 0; | |
9980 | + } | |
9981 | + dev->addr_len = 0; | |
9982 | +#ifdef PHYSDEV_TYPE | |
9983 | + dev->type = 0; | |
9984 | +#endif /* PHYSDEV_TYPE */ | |
9985 | + | |
9986 | + return 0; | |
9987 | +} | |
9988 | + | |
9989 | +/* | |
9990 | + * We call the clear routine to detach all ipsec tunnels from other devices. | |
9991 | + */ | |
9992 | +DEBUG_NO_STATIC int | |
9993 | +ipsec_tunnel_clear(void) | |
9994 | +{ | |
9995 | + int i; | |
9996 | + struct device *ipsecdev = NULL, *prvdev; | |
9997 | + struct ipsecpriv *prv; | |
9998 | + char name[9]; | |
9999 | + int ret; | |
10000 | + | |
10001 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10002 | + "klips_debug:ipsec_tunnel_clear: called.\n"); | |
10003 | + | |
10004 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
10005 | + sprintf(name, "ipsec%d", i); | |
10006 | + if((ipsecdev = ipsec_dev_get(name)) != NULL) { | |
10007 | + if((prv = (struct ipsecpriv *)(ipsecdev->priv))) { | |
10008 | + prvdev = (struct device *)(prv->dev); | |
10009 | + if(prvdev) { | |
10010 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10011 | + "klips_debug:ipsec_tunnel_clear: " | |
10012 | + "physical device for device %s is %s\n", | |
10013 | + name, prvdev->name); | |
10014 | + if((ret = ipsec_tunnel_detach(ipsecdev, prv))) { | |
10015 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10016 | + "klips_debug:ipsec_tunnel_clear: " | |
10017 | + "error %d detatching device %s from device %s.\n", | |
10018 | + ret, name, prvdev->name); | |
10019 | + return ret; | |
10020 | + } | |
10021 | + } | |
10022 | + } | |
10023 | + } | |
10024 | + } | |
10025 | + return 0; | |
10026 | +} | |
10027 | + | |
10028 | +DEBUG_NO_STATIC int | |
10029 | +ipsec_tunnel_ioctl(struct device *dev, struct ifreq *ifr, int cmd) | |
10030 | +{ | |
10031 | + struct ipsectunnelconf *cf = (struct ipsectunnelconf *)&ifr->ifr_data; | |
10032 | + struct ipsecpriv *prv = dev->priv; | |
10033 | + struct device *them; /* physical device */ | |
10034 | +#ifdef CONFIG_IP_ALIAS | |
10035 | + char *colon; | |
10036 | + char realphysname[IFNAMSIZ]; | |
10037 | +#endif /* CONFIG_IP_ALIAS */ | |
10038 | + | |
10039 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10040 | + "klips_debug:ipsec_tunnel_ioctl: " | |
10041 | + "tncfg service call #%d\n", cmd); | |
10042 | + switch (cmd) { | |
10043 | + /* attach a virtual ipsec? device to a physical device */ | |
10044 | + case IPSEC_SET_DEV: | |
10045 | +#ifdef CONFIG_IP_ALIAS | |
10046 | + /* If this is an IP alias interface, get its real physical name */ | |
10047 | + strncpy(realphysname, cf->cf_name, IFNAMSIZ); | |
10048 | + realphysname[IFNAMSIZ-1] = 0; | |
10049 | + colon = strchr(realphysname, ':'); | |
10050 | + if (colon) *colon = 0; | |
10051 | + them = ipsec_dev_get(realphysname); | |
10052 | +#else /* CONFIG_IP_ALIAS */ | |
10053 | + them = ipsec_dev_get(cf->cf_name); | |
10054 | +#endif /* CONFIG_IP_ALIAS */ | |
10055 | + | |
10056 | + if (them == NULL) { | |
10057 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10058 | + "klips_debug:ipsec_tunnel_ioctl: " | |
10059 | + "physical device requested is null\n"); | |
10060 | + | |
10061 | + return -ENXIO; | |
10062 | + } | |
10063 | + | |
10064 | + if (prv->dev) | |
10065 | + return -EBUSY; | |
10066 | + return ipsec_tunnel_attach(dev, dev->priv, them); | |
10067 | + | |
10068 | + case IPSEC_DEL_DEV: | |
10069 | + if (! prv->dev) | |
10070 | + return -ENODEV; | |
10071 | + return ipsec_tunnel_detach(dev, dev->priv); | |
10072 | + | |
10073 | + case IPSEC_CLR_DEV: | |
10074 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10075 | + "klips_debug:ipsec_tunnel_ioctl: " | |
10076 | + "calling ipsec_tunnel_clear.\n"); | |
10077 | + return ipsec_tunnel_clear(); | |
10078 | + | |
10079 | + default: | |
10080 | + return -EOPNOTSUPP; | |
10081 | + } | |
10082 | +} | |
10083 | + | |
10084 | +int | |
10085 | +ipsec_device_event(struct notifier_block *unused, unsigned long event, void *ptr) | |
10086 | +{ | |
10087 | + struct device *dev = ptr; | |
10088 | + struct device *ipsec_dev; | |
10089 | + struct ipsecpriv *priv; | |
10090 | + char name[9]; | |
10091 | + int i; | |
10092 | + | |
10093 | + /* check for loopback devices */ | |
10094 | + if (dev->flags & IFF_LOOPBACK) | |
10095 | + return(NOTIFY_DONE); | |
10096 | + | |
10097 | + switch (event) | |
10098 | + { | |
10099 | + case NETDEV_DOWN: | |
10100 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10101 | + "ipsec_device_event: NETDEV_DOWN...\n"); | |
10102 | + /* find the attached physical device and detach it. */ | |
10103 | + for(i = 0; i < IPSEC_NUM_IF; i++) { | |
10104 | + sprintf(name, "ipsec%d", i); | |
10105 | + ipsec_dev = ipsec_dev_get(name); | |
10106 | + if(ipsec_dev) { | |
10107 | + priv = (struct ipsecpriv *)(ipsec_dev->priv); | |
10108 | + if(priv) { | |
10109 | + ; | |
10110 | + if(((struct device *)(priv->dev)) == dev) { | |
10111 | + dev_close(ipsec_dev); | |
10112 | + /* return */ ipsec_tunnel_detach(ipsec_dev, priv); | |
10113 | + return NOTIFY_DONE; | |
10114 | + break; | |
10115 | + } | |
10116 | + } else { | |
10117 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10118 | + "klips_debug:ipsec_device_event: device '%s' has no private data space!\n", | |
10119 | + ipsec_dev->name); | |
10120 | + } | |
10121 | + } | |
10122 | + } | |
10123 | + | |
10124 | + break; | |
10125 | + case NETDEV_UP: | |
10126 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10127 | + "ipsec_device_event: NETDEV_UP...\n"); | |
10128 | + /* Only handle ethernet ports */ | |
10129 | + if(dev->type!=ARPHRD_ETHER && dev->type!=ARPHRD_LOOPBACK) | |
10130 | + return NOTIFY_DONE; | |
10131 | + | |
10132 | + break; | |
10133 | +#ifdef NET_21 | |
10134 | + case NETDEV_UNREGISTER: | |
10135 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10136 | + "ipsec_device_event: NETDEV_UNREGISTER...\n"); | |
10137 | + | |
10138 | + break; | |
10139 | +#endif /* NET_21 */ | |
10140 | + } | |
10141 | + return NOTIFY_DONE; | |
10142 | +} | |
10143 | + | |
10144 | +/* | |
10145 | + * Called when an ipsec tunnel device is initialized. | |
10146 | + * The ipsec tunnel device structure is passed to us. | |
10147 | + */ | |
10148 | + | |
10149 | +int | |
10150 | +ipsec_tunnel_init(struct device *dev) | |
10151 | +{ | |
10152 | + int i; | |
10153 | + | |
10154 | + printk(KERN_INFO "klips_debug:ipsec_tunnel_init: " | |
10155 | + "initialisation of device: %s\n", | |
10156 | + dev->name ? dev->name : "NULL"); | |
10157 | + | |
10158 | + /* Add our tunnel functions to the device */ | |
10159 | + dev->open = ipsec_tunnel_open; | |
10160 | + dev->stop = ipsec_tunnel_close; | |
10161 | + dev->hard_start_xmit = ipsec_tunnel_start_xmit; | |
10162 | + dev->get_stats = ipsec_tunnel_get_stats; | |
10163 | + | |
10164 | + dev->priv = kmalloc(sizeof(struct ipsecpriv), GFP_KERNEL); | |
10165 | + if (dev->priv == NULL) | |
10166 | + return -ENOMEM; | |
10167 | + memset(dev->priv, 0, sizeof(struct ipsecpriv)); | |
10168 | + | |
10169 | + for(i = 0; i < sizeof(zeroes); i++) { | |
10170 | + ((__u8*)(zeroes))[i] = 0; | |
10171 | + } | |
10172 | + | |
10173 | +#ifndef NET_21 | |
10174 | + /* Initialize the tunnel device structure */ | |
10175 | + for (i = 0; i < DEV_NUMBUFFS; i++) | |
10176 | + skb_queue_head_init(&dev->buffs[i]); | |
10177 | +#endif /* !NET_21 */ | |
10178 | + | |
10179 | + dev->set_multicast_list = NULL; | |
10180 | + dev->do_ioctl = ipsec_tunnel_ioctl; | |
10181 | + dev->hard_header = NULL; | |
10182 | + dev->rebuild_header = NULL; | |
10183 | + dev->set_mac_address = NULL; | |
10184 | +#ifndef NET_21 | |
10185 | + dev->header_cache_bind = NULL; | |
10186 | +#endif /* !NET_21 */ | |
10187 | + dev->header_cache_update= NULL; | |
10188 | + | |
10189 | +#ifdef NET_21 | |
10190 | +/* prv->neigh_setup = NULL; */ | |
10191 | + dev->neigh_setup = ipsec_tunnel_neigh_setup_dev; | |
10192 | +#endif /* NET_21 */ | |
10193 | + dev->hard_header_len = 0; | |
10194 | + dev->mtu = 0; | |
10195 | + dev->addr_len = 0; | |
10196 | + dev->type = ARPHRD_TUNNEL; /* 0 */ /* ARPHRD_ETHER; */ /* initially */ | |
10197 | + dev->tx_queue_len = 10; /* Small queue */ | |
10198 | + memset(dev->broadcast,0xFF, ETH_ALEN); /* what if this is not attached to ethernet? */ | |
10199 | + | |
10200 | + /* New-style flags. */ | |
10201 | + dev->flags = IFF_NOARP /* 0 */ /* Petr Novak */; | |
10202 | +#ifdef NET_21 | |
10203 | + dev_init_buffers(dev); | |
10204 | +#else /* NET_21 */ | |
10205 | + dev->family = AF_INET; | |
10206 | + dev->pa_addr = 0; | |
10207 | + dev->pa_brdaddr = 0; | |
10208 | + dev->pa_mask = 0; | |
10209 | + dev->pa_alen = 4; | |
10210 | +#endif /* NET_21 */ | |
10211 | + | |
10212 | + /* We're done. Have I forgotten anything? */ | |
10213 | + return 0; | |
10214 | +} | |
10215 | + | |
10216 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | |
10217 | +/* Module specific interface (but it links with the rest of IPSEC */ | |
10218 | +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ | |
10219 | + | |
10220 | +int | |
10221 | +ipsec_tunnel_probe(struct device *dev) | |
10222 | +{ | |
10223 | + ipsec_tunnel_init(dev); | |
10224 | + return 0; | |
10225 | +} | |
10226 | + | |
10227 | +static struct device dev_ipsec3 = | |
10228 | +{ | |
10229 | + "ipsec3\0 ", /* name */ | |
10230 | + 0, /* recv memory end */ | |
10231 | + 0, /* recv memory start */ | |
10232 | + 0, /* memory end */ | |
10233 | + 0, /* memory start */ | |
10234 | + 0x0, /* base I/O address */ | |
10235 | + 0, /* IRQ */ | |
10236 | + 0, 0, 0, /* flags */ | |
10237 | + NULL, /* next device */ | |
10238 | + ipsec_tunnel_probe /* setup */ | |
10239 | +}; | |
10240 | + | |
10241 | +static struct device dev_ipsec2 = | |
10242 | +{ | |
10243 | + "ipsec2\0 ", /* name */ | |
10244 | + 0, /* recv memory end */ | |
10245 | + 0, /* recv memory start */ | |
10246 | + 0, /* memory end */ | |
10247 | + 0, /* memory start */ | |
10248 | + 0x0, /* base I/O address */ | |
10249 | + 0, /* IRQ */ | |
10250 | + 0, 0, 0, /* flags */ | |
10251 | + NULL, /* next device */ | |
10252 | + ipsec_tunnel_probe /* setup */ | |
10253 | +}; | |
10254 | + | |
10255 | +static struct device dev_ipsec1 = | |
10256 | +{ | |
10257 | + "ipsec1\0 ", /* name */ | |
10258 | + 0, /* recv memory end */ | |
10259 | + 0, /* recv memory start */ | |
10260 | + 0, /* memory end */ | |
10261 | + 0, /* memory start */ | |
10262 | + 0x0, /* base I/O address */ | |
10263 | + 0, /* IRQ */ | |
10264 | + 0, 0, 0, /* flags */ | |
10265 | + NULL, /* next device */ | |
10266 | + ipsec_tunnel_probe /* setup */ | |
10267 | +}; | |
10268 | + | |
10269 | +static struct device dev_ipsec0 = | |
10270 | +{ | |
10271 | + "ipsec0\0 ", /* name */ | |
10272 | + 0, /* recv memory end */ | |
10273 | + 0, /* recv memory start */ | |
10274 | + 0, /* memory end */ | |
10275 | + 0, /* memory start */ | |
10276 | + 0x0, /* base I/O address */ | |
10277 | + 0, /* IRQ */ | |
10278 | + 0, 0, 0, /* flags */ | |
10279 | + NULL, /* next device */ | |
10280 | + ipsec_tunnel_probe /* setup */ | |
10281 | +}; | |
10282 | + | |
10283 | +int | |
10284 | +ipsec_tunnel_init_devices(void) | |
10285 | +{ | |
10286 | +#if 0 | |
10287 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10288 | + "klips_debug:ipsec_tunnel_init_devices: " | |
10289 | + "registering device %s\n", | |
10290 | + dev_ipsec0.name); | |
10291 | +#endif | |
10292 | + if (register_netdev(&dev_ipsec0) != 0) | |
10293 | + return -EIO; | |
10294 | +#if 0 | |
10295 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10296 | + "klips_debug:ipsec_tunnel_init_devices: " | |
10297 | + "registering device %s\n", | |
10298 | + dev_ipsec1.name); | |
10299 | +#endif | |
10300 | + if (register_netdev(&dev_ipsec1) != 0) | |
10301 | + return -EIO; | |
10302 | +#if 0 | |
10303 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10304 | + "klips_debug:ipsec_tunnel_init_devices: " | |
10305 | + "registering device %s\n", | |
10306 | + dev_ipsec2.name); | |
10307 | +#endif | |
10308 | + if (register_netdev(&dev_ipsec2) != 0) | |
10309 | + return -EIO; | |
10310 | +#if 0 | |
10311 | + KLIPS_PRINT(debug_tunnel & DB_TN_INIT, | |
10312 | + "klips_debug:ipsec_tunnel_init_devices: " | |
10313 | + "registering device %s\n", | |
10314 | + dev_ipsec3.name); | |
10315 | +#endif | |
10316 | + if (register_netdev(&dev_ipsec3) != 0) | |
10317 | + return -EIO; | |
10318 | + return 0; | |
10319 | +} | |
10320 | + | |
10321 | +/* void */ | |
10322 | +int | |
10323 | +ipsec_tunnel_cleanup_devices(void) | |
10324 | +{ | |
10325 | + int error = 0; | |
10326 | + | |
10327 | + unregister_netdev(&dev_ipsec0); | |
10328 | + unregister_netdev(&dev_ipsec1); | |
10329 | + unregister_netdev(&dev_ipsec2); | |
10330 | + unregister_netdev(&dev_ipsec3); | |
10331 | + kfree(dev_ipsec0.priv); | |
10332 | + kfree(dev_ipsec1.priv); | |
10333 | + kfree(dev_ipsec2.priv); | |
10334 | + kfree(dev_ipsec3.priv); | |
10335 | + dev_ipsec0.priv=NULL; | |
10336 | + dev_ipsec1.priv=NULL; | |
10337 | + dev_ipsec2.priv=NULL; | |
10338 | + dev_ipsec3.priv=NULL; | |
10339 | + | |
10340 | + return error; | |
10341 | +} | |
10342 | + | |
10343 | +/* | |
10344 | + * $Log$ | |
10345 | + * Revision 1.131 2000/11/09 20:52:15 rgb | |
10346 | + * More spinlock shuffling, locking earlier and unlocking later in rcv to | |
10347 | + * include ipcomp and prevent races, renaming some tdb variables that got | |
10348 | + * forgotten, moving some unlocks to include tdbs and adding a missing | |
10349 | + * unlock. Thanks to Svenning for some of these. | |
10350 | + * | |
10351 | + * Revision 1.130 2000/11/09 20:11:22 rgb | |
10352 | + * Minor shuffles to fix non-standard kernel config option selection. | |
10353 | + * | |
10354 | + * Revision 1.129 2000/11/06 04:32:49 rgb | |
10355 | + * Clean up debug printing. | |
10356 | + * Copy skb->protocol for all kernel versions. | |
10357 | + * Ditched spin_lock_irqsave in favour of spin_lock. | |
10358 | + * Disabled TTL decrement, done in ip_forward. | |
10359 | + * Added debug printing before pfkey_acquire(). | |
10360 | + * Fixed printk-deltdbchain-spin_lock races (Svenning). | |
10361 | + * Use defaultTTL for 2.1+ kernels. | |
10362 | + * Add Svenning's adaptive content compression. | |
10363 | + * Fix up debug display arguments. | |
10364 | + * | |
10365 | + * Revision 1.128 2000/09/28 00:58:57 rgb | |
10366 | + * Moved the IKE passthrough check after the eroute lookup so we can pass | |
10367 | + * IKE through intermediate tunnels. | |
10368 | + * | |
10369 | + * Revision 1.127 2000/09/22 17:52:11 rgb | |
10370 | + * Fixed misleading ipcomp debug output. | |
10371 | + * | |
10372 | + * Revision 1.126 2000/09/22 04:22:56 rgb | |
10373 | + * Fixed dumb spi->cpi conversion error. | |
10374 | + * | |
10375 | + * Revision 1.125 2000/09/21 04:34:48 rgb | |
10376 | + * A few debug-specific things should be hidden under | |
10377 | + * CONFIG_IPSEC_DEBUG.(MB) | |
10378 | + * Improved ip_send() error handling.(MB) | |
10379 | + * | |
10380 | + * Revision 1.124 2000/09/21 03:40:58 rgb | |
10381 | + * Added more debugging to try and track down the cpi outward copy problem. | |
10382 | + * | |
10383 | + * Revision 1.123 2000/09/19 07:08:49 rgb | |
10384 | + * Added debugging to outgoing compression report. | |
10385 | + * | |
10386 | + * Revision 1.122 2000/09/18 19:21:26 henry | |
10387 | + * RGB-supplied fix for RH5.2 problem | |
10388 | + * | |
10389 | + * Revision 1.121 2000/09/17 21:05:09 rgb | |
10390 | + * Added tdb to skb_compress call to write in cpi. | |
10391 | + * | |
10392 | + * Revision 1.120 2000/09/17 16:57:16 rgb | |
10393 | + * Added Svenning's patch to remove restriction of ipcomp to innermost | |
10394 | + * transform. | |
10395 | + * | |
10396 | + * Revision 1.119 2000/09/15 11:37:01 rgb | |
10397 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
10398 | + * IPCOMP zlib deflate code. | |
10399 | + * | |
10400 | + * Revision 1.118 2000/09/15 04:57:16 rgb | |
10401 | + * Moved debug output after sanity check. | |
10402 | + * Added tos copy sysctl. | |
10403 | + * | |
10404 | + * Revision 1.117 2000/09/12 03:22:51 rgb | |
10405 | + * Converted ipsec_icmp, no_eroute_pass, opportunistic and #if0 debugs to | |
10406 | + * sysctl. | |
10407 | + * | |
10408 | + * Revision 1.116 2000/09/08 19:18:19 rgb | |
10409 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
10410 | + * Added outgoing opportunistic hook, ifdef'ed out. | |
10411 | + * | |
10412 | + * Revision 1.115 2000/08/30 05:27:29 rgb | |
10413 | + * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst. | |
10414 | + * Kill remainder of tdb_xform, tdb_xdata, xformsw. | |
10415 | + * | |
10416 | + * Revision 1.114 2000/08/28 18:15:46 rgb | |
10417 | + * Added MB's nf-debug reset patch. | |
10418 | + * | |
10419 | + * Revision 1.113 2000/08/27 02:26:40 rgb | |
10420 | + * Send all no-eroute-bypass, pluto-bypass and passthrough packets through | |
10421 | + * fragmentation machinery for 2.0, 2.2 and 2.4 kernels. | |
10422 | + * | |
10423 | + * Revision 1.112 2000/08/20 21:37:33 rgb | |
10424 | + * Activated pfkey_expire() calls. | |
10425 | + * Added a hard/soft expiry parameter to pfkey_expire(). (Momchil) | |
10426 | + * Re-arranged the order of soft and hard expiry to conform to RFC2367. | |
10427 | + * Clean up references to CONFIG_IPSEC_PFKEYv2. | |
10428 | + * | |
10429 | + * Revision 1.111 2000/08/01 14:51:51 rgb | |
10430 | + * Removed _all_ remaining traces of DES. | |
10431 | + * | |
10432 | + * Revision 1.110 2000/07/28 14:58:31 rgb | |
10433 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
10434 | + * | |
10435 | + * Revision 1.109 2000/07/28 13:50:54 rgb | |
10436 | + * Changed enet_statistics to net_device_stats and added back compatibility | |
10437 | + * for pre-2.1.19. | |
10438 | + * | |
10439 | + * Revision 1.108 2000/05/16 03:03:11 rgb | |
10440 | + * Updates for 2.3.99pre8 from MB. | |
10441 | + * | |
10442 | + * Revision 1.107 2000/05/10 23:08:21 rgb | |
10443 | + * Print a debug warning about bogus packets received by the outgoing | |
10444 | + * processing machinery only when klipsdebug is not set to none. | |
10445 | + * Comment out the device initialisation informational messages. | |
10446 | + * | |
10447 | + * Revision 1.106 2000/05/10 19:17:14 rgb | |
10448 | + * Define an IP_SEND macro, intending to have all packet passthroughs | |
10449 | + * use fragmentation. This didn't quite work, but is a step in the | |
10450 | + * right direction. | |
10451 | + * Added buffer allocation debugging statements. | |
10452 | + * Added configure option to shut off no eroute passthrough. | |
10453 | + * Only check usetime against soft and hard limits if the tdb has been | |
10454 | + * used. | |
10455 | + * Cast output of ntohl so that the broken prototype doesn't make our | |
10456 | + * compile noisy. | |
10457 | + * | |
10458 | + * Revision 1.105 2000/03/22 16:15:37 rgb | |
10459 | + * Fixed renaming of dev_get (MB). | |
10460 | + * | |
10461 | + * Revision 1.104 2000/03/16 14:04:15 rgb | |
10462 | + * Indented headers for readability. | |
10463 | + * Fixed debug scope to enable compilation with debug off. | |
10464 | + * Added macros for ip_chk_addr and IS_MYADDR for identifying self. | |
10465 | + * | |
10466 | + * Revision 1.103 2000/03/16 07:11:07 rgb | |
10467 | + * Hardcode PF_KEYv2 support. | |
10468 | + * Fixed bug which allowed UDP/500 packet from another machine | |
10469 | + * through in the clear. | |
10470 | + * Added disabled skb->protocol fix for ISDN/ASYNC PPP from Matjaz Godec. | |
10471 | + * | |
10472 | + * Revision 1.102 2000/03/14 12:26:59 rgb | |
10473 | + * Added skb->nfct support for clearing netfilter conntrack bits (MB). | |
10474 | + * | |
10475 | + * Revision 1.101 2000/02/14 21:05:22 rgb | |
10476 | + * Added MB's netif_queue fix for kernels 2.3.43+. | |
10477 | + * | |
10478 | + * Revision 1.100 2000/01/26 10:04:57 rgb | |
10479 | + * Fixed noisy 2.0 printk arguments. | |
10480 | + * | |
10481 | + * Revision 1.99 2000/01/21 06:16:25 rgb | |
10482 | + * Added sanity checks on skb_push(), skb_pull() to prevent panics. | |
10483 | + * Switched to AF_ENCAP macro. | |
10484 | + * Shortened debug output per packet and re-arranging debug_tunnel | |
10485 | + * bitmap flags, while retaining necessary information to avoid | |
10486 | + * trampling the kernel print ring buffer. | |
10487 | + * Reformatted recursion switch code. | |
10488 | + * Changed all references to tdb_proto to tdb_said.proto for clarity. | |
10489 | + * | |
10490 | + * Revision 1.98 2000/01/13 08:09:31 rgb | |
10491 | + * Shuffled debug_tunnel switches to focus output. | |
10492 | + * Fixed outgoing recursion bug, limiting to recursing only if the remote | |
10493 | + * SG changes and if it is valid, ie. not passthrough. | |
10494 | + * Clarified a number of debug messages. | |
10495 | + * | |
10496 | + * Revision 1.97 2000/01/10 16:37:16 rgb | |
10497 | + * MB support for new ip_select_ident() upon disappearance of | |
10498 | + * ip_id_count in 2.3.36+. | |
10499 | + * | |
10500 | + * Revision 1.96 1999/12/31 14:59:08 rgb | |
10501 | + * MB fix to use new skb_copy_expand in kernel 2.3.35. | |
10502 | + * | |
10503 | + * Revision 1.95 1999/12/29 21:15:44 rgb | |
10504 | + * Fix tncfg to aliased device bug. | |
10505 | + * | |
10506 | + * Revision 1.94 1999/12/22 04:26:06 rgb | |
10507 | + * Converted all 'static' functions to 'DEBUG_NO_STATIC' to enable | |
10508 | + * debugging by providing external labels to all functions with debugging | |
10509 | + * turned on. | |
10510 | + * | |
10511 | + * Revision 1.93 1999/12/13 13:30:14 rgb | |
10512 | + * Changed MTU reports and HW address reporting back to debug only. | |
10513 | + * | |
10514 | + * Revision 1.92 1999/12/07 18:57:56 rgb | |
10515 | + * Fix PFKEY symbol compile error (SADB_*) without pfkey enabled. | |
10516 | + * | |
10517 | + * Revision 1.91 1999/12/01 22:15:36 rgb | |
10518 | + * Add checks for LARVAL and DEAD SAs. | |
10519 | + * Change state of SA from MATURE to DYING when a soft lifetime is | |
10520 | + * reached and print debug warning. | |
10521 | + * | |
10522 | + * Revision 1.90 1999/11/23 23:04:04 rgb | |
10523 | + * Use provided macro ADDRTOA_BUF instead of hardcoded value. | |
10524 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
10525 | + * | |
10526 | + * Revision 1.89 1999/11/18 18:50:59 rgb | |
10527 | + * Changed all device registrations for static linking to | |
10528 | + * dynamic to reduce the number and size of patches. | |
10529 | + * | |
10530 | + * Revision 1.88 1999/11/18 04:09:19 rgb | |
10531 | + * Replaced all kernel version macros to shorter, readable form. | |
10532 | + * | |
10533 | + * Revision 1.87 1999/11/17 15:53:40 rgb | |
10534 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
10535 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
10536 | + * klips/net/ipsec/Makefile. | |
10537 | + * | |
10538 | + * Revision 1.86 1999/10/16 18:25:37 rgb | |
10539 | + * Moved SA lifetime expiry checks before packet processing. | |
10540 | + * Expire SA on replay counter rollover. | |
10541 | + * | |
10542 | + * Revision 1.85 1999/10/16 04:24:31 rgb | |
10543 | + * Add stats for time since last packet. | |
10544 | + * | |
10545 | + * Revision 1.84 1999/10/16 00:30:47 rgb | |
10546 | + * Added SA lifetime counting. | |
10547 | + * | |
10548 | + * Revision 1.83 1999/10/15 22:15:57 rgb | |
10549 | + * Clean out cruft. | |
10550 | + * Add debugging. | |
10551 | + * | |
10552 | + * Revision 1.82 1999/10/08 18:26:19 rgb | |
10553 | + * Fix 2.0.3x outgoing fragmented packet memory leak. | |
10554 | + * | |
10555 | + * Revision 1.81 1999/10/05 02:38:54 rgb | |
10556 | + * Lower the default mtu of virtual devices to 16260. | |
10557 | + * | |
10558 | + * Revision 1.80 1999/10/03 18:56:41 rgb | |
10559 | + * Spinlock support for 2.3.xx. | |
10560 | + * Don't forget to undo spinlocks on error! | |
10561 | + * Check for valid eroute before copying the structure. | |
10562 | + * | |
10563 | + * Revision 1.79 1999/10/01 15:44:53 rgb | |
10564 | + * Move spinlock header include to 2.1> scope. | |
10565 | + * | |
10566 | + * Revision 1.78 1999/10/01 00:02:43 rgb | |
10567 | + * Added tdb structure locking. | |
10568 | + * Added eroute structure locking. | |
10569 | + * | |
10570 | + * Revision 1.77 1999/09/30 02:52:29 rgb | |
10571 | + * Add Marc Boucher's Copy-On-Write code (same as ipsec_rcv.c). | |
10572 | + * | |
10573 | + * Revision 1.76 1999/09/25 19:31:27 rgb | |
10574 | + * Refine MSS hack to affect SYN, but not SYN+ACK packets. | |
10575 | + * | |
10576 | + * Revision 1.75 1999/09/24 22:52:38 rgb | |
10577 | + * Fix two things broken in 2.0.38 by trying to fix network notifiers. | |
10578 | + * | |
10579 | + * Revision 1.74 1999/09/24 00:30:37 rgb | |
10580 | + * Add test for changed source as well as destination to check for | |
10581 | + * recursion. | |
10582 | + * | |
10583 | + * Revision 1.73 1999/09/23 20:52:24 rgb | |
10584 | + * Add James Morris' MSS hack patch, disabled. | |
10585 | + * | |
10586 | + * Revision 1.72 1999/09/23 20:22:40 rgb | |
10587 | + * Enable, tidy and fix network notifier code. | |
10588 | + * | |
10589 | + * Revision 1.71 1999/09/23 18:09:05 rgb | |
10590 | + * Clean up 2.2.x fragmenting traces. | |
10591 | + * Disable dev->type switching, forcing ARPHRD_TUNNEL. | |
10592 | + * | |
10593 | + * Revision 1.70 1999/09/22 14:14:24 rgb | |
10594 | + * Add sanity checks for revectored calls to prevent calling a downed I/F. | |
10595 | + * | |
10596 | + * Revision 1.69 1999/09/21 15:00:57 rgb | |
10597 | + * Add Marc Boucher's packet size check. | |
10598 | + * Flesh out network device notifier code. | |
10599 | + * | |
10600 | + * Revision 1.68 1999/09/18 11:39:57 rgb | |
10601 | + * Start to add (disabled) netdevice notifier code. | |
10602 | + * | |
10603 | + * Revision 1.67 1999/09/17 23:44:40 rgb | |
10604 | + * Add a comment warning potential code hackers to stay away from mac.raw. | |
10605 | + * | |
10606 | + * Revision 1.66 1999/09/17 18:04:02 rgb | |
10607 | + * Add fix for unpredictable hard_header_len for ISDN folks (thanks MB). | |
10608 | + * Ditch TTL decrement in 2.2 (MB). | |
10609 | + * | |
10610 | + * Revision 1.65 1999/09/15 23:15:35 henry | |
10611 | + * Marc Boucher's PPP fixes | |
10612 | + * | |
10613 | + * Revision 1.64 1999/09/07 13:40:53 rgb | |
10614 | + * Ditch unreliable references to skb->mac.raw. | |
10615 | + * | |
10616 | + * Revision 1.63 1999/08/28 11:33:09 rgb | |
10617 | + * Check for null skb->mac pointer. | |
10618 | + * | |
10619 | + * Revision 1.62 1999/08/28 02:02:30 rgb | |
10620 | + * Add Marc Boucher's fix for properly dealing with skb->sk. | |
10621 | + * | |
10622 | + * Revision 1.61 1999/08/27 05:23:05 rgb | |
10623 | + * Clean up skb->data/raw/nh/h manipulation. | |
10624 | + * Add Marc Boucher's mods to aid tcpdump. | |
10625 | + * Add sanity checks to skb->raw/nh/h pointer copies in skb_copy_expand. | |
10626 | + * Re-order hard_header stripping -- might be able to remove it... | |
10627 | + * | |
10628 | + * Revision 1.60 1999/08/26 20:01:02 rgb | |
10629 | + * Tidy up compiler directives and macros. | |
10630 | + * Re-enable ICMP for tunnels where inner_dst != outer_dst. | |
10631 | + * Remove unnecessary skb->dev = physdev assignment affecting 2.2.x. | |
10632 | + * | |
10633 | + * Revision 1.59 1999/08/25 15:44:41 rgb | |
10634 | + * Clean up from 2.2.x instrumenting for compilation under 2.0.36. | |
10635 | + * | |
10636 | + * Revision 1.58 1999/08/25 15:00:54 rgb | |
10637 | + * Add dst cache code for 2.2.xx. | |
10638 | + * Add sanity check for skb packet header pointers. | |
10639 | + * Add/modify debugging instrumentation to *_start_xmit, *_hard_header and | |
10640 | + * *_rebuild_header. | |
10641 | + * Add neigh_* cache code. | |
10642 | + * Change dev->type back to ARPHRD_TUNNEL. | |
10643 | + * | |
10644 | + * Revision 1.57 1999/08/17 21:50:23 rgb | |
10645 | + * Fixed minor debug output bugs. | |
10646 | + * Regrouped error recovery exit code. | |
10647 | + * Added compiler directives to remove unwanted code and symbols. | |
10648 | + * Shut off ICMP messages: to be refined to only send ICMP to remote systems. | |
10649 | + * Add debugging code for output function addresses. | |
10650 | + * Fix minor bug in (possibly unused) header_cache_bind function. | |
10651 | + * Add device neighbour caching code. | |
10652 | + * Change dev->type from ARPHRD_TUNNEL to physdev->type. | |
10653 | + * | |
10654 | + * Revision 1.56 1999/08/03 17:22:56 rgb | |
10655 | + * Debug output clarification using KERN_* macros. Other inactive changes | |
10656 | + * added. | |
10657 | + * | |
10658 | + * Revision 1.55 1999/08/03 16:58:46 rgb | |
10659 | + * Fix skb_copy_expand size bug. Was getting incorrect size. | |
10660 | + * | |
10661 | + * Revision 1.54 1999/07/14 19:32:38 rgb | |
10662 | + * Fix oversize packet crash and ssh stalling in 2.2.x kernels. | |
10663 | + * | |
10664 | + * Revision 1.53 1999/06/10 15:44:02 rgb | |
10665 | + * Minor reformatting and clean-up. | |
10666 | + * | |
10667 | + * Revision 1.52 1999/05/09 03:25:36 rgb | |
10668 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
10669 | + * | |
10670 | + * Revision 1.51 1999/05/08 21:24:59 rgb | |
10671 | + * Add casting to silence the 2.2.x compile. | |
10672 | + * | |
10673 | + * Revision 1.50 1999/05/05 22:02:32 rgb | |
10674 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
10675 | + * | |
10676 | + * Revision 1.49 1999/04/29 15:18:52 rgb | |
10677 | + * Change gettdb parameter to a pointer to reduce stack loading and | |
10678 | + * facilitate parameter sanity checking. | |
10679 | + * Fix undetected bug that might have tried to access a null pointer. | |
10680 | + * Eliminate unnessessary usage of tdb_xform member to further switch | |
10681 | + * away from the transform switch to the algorithm switch. | |
10682 | + * Add return values to init and cleanup functions. | |
10683 | + * | |
10684 | + * Revision 1.48 1999/04/16 15:38:00 rgb | |
10685 | + * Minor rearrangement of freeing code to avoid memory leaks with impossible or | |
10686 | + * rare situations. | |
10687 | + * | |
10688 | + * Revision 1.47 1999/04/15 15:37:25 rgb | |
10689 | + * Forward check changes from POST1_00 branch. | |
10690 | + * | |
10691 | + * Revision 1.32.2.4 1999/04/13 21:00:18 rgb | |
10692 | + * Ditch 'things I wish I had known before...'. | |
10693 | + * | |
10694 | + * Revision 1.32.2.3 1999/04/13 20:34:38 rgb | |
10695 | + * Free skb after fragmentation. | |
10696 | + * Use stats more effectively. | |
10697 | + * Add I/F to mtu notch-down reporting. | |
10698 | + * | |
10699 | + * Revision 1.32.2.2 1999/04/02 04:26:14 rgb | |
10700 | + * Backcheck from HEAD, pre1.0. | |
10701 | + * | |
10702 | + * Revision 1.46 1999/04/11 00:29:00 henry | |
10703 | + * GPL boilerplate | |
10704 | + * | |
10705 | + * Revision 1.45 1999/04/07 15:42:01 rgb | |
10706 | + * Fix mtu/ping bug AGAIN! | |
10707 | + * | |
10708 | + * Revision 1.44 1999/04/06 04:54:27 rgb | |
10709 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
10710 | + * patch shell fixes. | |
10711 | + * | |
10712 | + * Revision 1.43 1999/04/04 03:57:07 rgb | |
10713 | + * ip_fragment() doesn't free the supplied skb. Freed. | |
10714 | + * | |
10715 | + * Revision 1.42 1999/04/01 23:27:15 rgb | |
10716 | + * Preload size of virtual mtu. | |
10717 | + * | |
10718 | + * Revision 1.41 1999/04/01 09:31:23 rgb | |
10719 | + * Invert meaning of ICMP PMTUD config option and clarify. | |
10720 | + * Code clean-up. | |
10721 | + * | |
10722 | + * Revision 1.40 1999/04/01 04:37:17 rgb | |
10723 | + * SSH stalling bug fix. | |
10724 | + * | |
10725 | + * Revision 1.39 1999/03/31 23:44:28 rgb | |
10726 | + * Don't send ICMP on DF and frag_off. | |
10727 | + * | |
10728 | + * Revision 1.38 1999/03/31 15:20:10 rgb | |
10729 | + * Quiet down debugging. | |
10730 | + * | |
10731 | + * Revision 1.37 1999/03/31 08:30:31 rgb | |
10732 | + * Add switch to shut off ICMP PMTUD packets. | |
10733 | + * | |
10734 | + * Revision 1.36 1999/03/31 05:44:47 rgb | |
10735 | + * Keep PMTU reduction private. | |
10736 | + * | |
10737 | + * Revision 1.35 1999/03/27 15:13:02 rgb | |
10738 | + * PMTU/fragmentation bug fix. | |
10739 | + * | |
10740 | + * Revision 1.34 1999/03/17 21:19:26 rgb | |
10741 | + * Fix kmalloc nonatomic bug. | |
10742 | + * | |
10743 | + * Revision 1.33 1999/03/17 15:38:42 rgb | |
10744 | + * Code clean-up. | |
10745 | + * ESP_NULL IV bug fix. | |
10746 | + * | |
10747 | + * Revision 1.32 1999/03/01 20:44:25 rgb | |
10748 | + * Code clean-up. | |
10749 | + * Memory leak bug fix. | |
10750 | + * | |
10751 | + * Revision 1.31 1999/02/27 00:02:09 rgb | |
10752 | + * Tune to report the MTU reduction once, rather than after every recursion | |
10753 | + * through the encapsulating code, preventing tcp stream stalling. | |
10754 | + * | |
10755 | + * Revision 1.30 1999/02/24 20:21:01 rgb | |
10756 | + * Reformat debug printk's. | |
10757 | + * Fix recursive encapsulation, dynamic MTU bugs and add debugging code. | |
10758 | + * Clean-up. | |
10759 | + * | |
10760 | + * Revision 1.29 1999/02/22 17:08:14 rgb | |
10761 | + * Fix recursive encapsulation code. | |
10762 | + * | |
10763 | + * Revision 1.28 1999/02/19 18:27:02 rgb | |
10764 | + * Improve DF, fragmentation and PMTU behaviour and add dynamic MTU discovery. | |
10765 | + * | |
10766 | + * Revision 1.27 1999/02/17 16:51:37 rgb | |
10767 | + * Clean out unused cruft. | |
10768 | + * Temporarily tone down volume of debug output. | |
10769 | + * Temporarily shut off fragment rejection. | |
10770 | + * Disabled temporary failed recursive encapsulation loop. | |
10771 | + * | |
10772 | + * Revision 1.26 1999/02/12 21:21:26 rgb | |
10773 | + * Move KLIPS_PRINT to ipsec_netlink.h for accessibility. | |
10774 | + * | |
10775 | + * Revision 1.25 1999/02/11 19:38:27 rgb | |
10776 | + * More clean-up. | |
10777 | + * Add sanity checking for skb_copy_expand() to prevent kernel panics on | |
10778 | + * skb_put() values out of range. | |
10779 | + * Fix head/tailroom calculation causing skb_put() out-of-range values. | |
10780 | + * Fix return values to prevent 'nonatomic alloc_skb' warnings. | |
10781 | + * Allocate new skb iff needed. | |
10782 | + * Added more debug statements. | |
10783 | + * Make headroom depend on structure, not hard-coded values. | |
10784 | + * | |
10785 | + * Revision 1.24 1999/02/10 23:20:33 rgb | |
10786 | + * Shut up annoying 'statement has no effect' compiler warnings with | |
10787 | + * debugging compiled out. | |
10788 | + * | |
10789 | + * Revision 1.23 1999/02/10 22:36:30 rgb | |
10790 | + * Clean-up obsolete, unused and messy code. | |
10791 | + * Converted most IPSEC_DEBUG statements to KLIPS_PRINT macros. | |
10792 | + * Rename ipsec_tunnel_do_xmit to ipsec_tunnel_start_xmit and eliminated | |
10793 | + * original ipsec_tunnel_start_xmit. | |
10794 | + * Send all packet with different inner and outer destinations directly to | |
10795 | + * the attached physical device, rather than back through ip_forward, | |
10796 | + * preventing disappearing routes problems. | |
10797 | + * Do sanity checking before investing too much CPU in allocating new | |
10798 | + * structures. | |
10799 | + * Fail on IP header options: We cannot process them yet. | |
10800 | + * Add some helpful comments. | |
10801 | + * Use virtual device for parameters instead of physical device. | |
10802 | + * | |
10803 | + * Revision 1.22 1999/02/10 03:03:02 rgb | |
10804 | + * Duh. Fixed the TTL bug: forgot to update the checksum. | |
10805 | + * | |
10806 | + * Revision 1.21 1999/02/09 23:17:53 rgb | |
10807 | + * Add structure members to ipsec_print_ip debug function. | |
10808 | + * Temporarily fix TTL bug preventing tunnel mode from functioning. | |
10809 | + * | |
10810 | + * Revision 1.20 1999/02/09 00:14:25 rgb | |
10811 | + * Add KLIPSPRINT macro. (Not used yet, though.) | |
10812 | + * Delete old ip_tunnel code (BADCODE). | |
10813 | + * Decrement TTL in outgoing packet. | |
10814 | + * Set TTL on new IPIP_TUNNEL to default, not existing packet TTL. | |
10815 | + * Delete ethernet only feature and fix hard-coded hard_header_len. | |
10816 | + * | |
10817 | + * Revision 1.19 1999/01/29 17:56:22 rgb | |
10818 | + * 64-bit re-fix submitted by Peter Onion. | |
10819 | + * | |
10820 | + * Revision 1.18 1999/01/28 22:43:24 rgb | |
10821 | + * Fixed bug in ipsec_print_ip that caused an OOPS, found by P.Onion. | |
10822 | + * | |
10823 | + * Revision 1.17 1999/01/26 02:08:16 rgb | |
10824 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
10825 | + * Removed dead code. | |
10826 | + * | |
10827 | + * Revision 1.16 1999/01/22 06:25:26 rgb | |
10828 | + * Cruft clean-out. | |
10829 | + * Added algorithm switch code. | |
10830 | + * 64-bit clean-up. | |
10831 | + * Passthrough on IPIP protocol, spi 0x0 fix. | |
10832 | + * Enhanced debugging. | |
10833 | + * | |
10834 | + * Revision 1.15 1998/12/01 13:22:04 rgb | |
10835 | + * Added support for debug printing of version info. | |
10836 | + * | |
10837 | + * Revision 1.14 1998/11/30 13:22:55 rgb | |
10838 | + * Rationalised all the klips kernel file headers. They are much shorter | |
10839 | + * now and won't conflict under RH5.2. | |
10840 | + * | |
10841 | + * Revision 1.13 1998/11/17 21:13:52 rgb | |
10842 | + * Put IKE port bypass debug output in user-switched debug statements. | |
10843 | + * | |
10844 | + * Revision 1.12 1998/11/13 13:20:25 rgb | |
10845 | + * Fixed ntohs bug in udp/500 hole for IKE. | |
10846 | + * | |
10847 | + * Revision 1.11 1998/11/10 08:01:19 rgb | |
10848 | + * Kill tcp/500 hole, keep udp/500 hole. | |
10849 | + * | |
10850 | + * Revision 1.10 1998/11/09 21:29:26 rgb | |
10851 | + * If no eroute is found, discard packet and incr. tx_error. | |
10852 | + * | |
10853 | + * Revision 1.9 1998/10/31 06:50:00 rgb | |
10854 | + * Add tcp/udp/500 bypass. | |
10855 | + * Fixed up comments in #endif directives. | |
10856 | + * | |
10857 | + * Revision 1.8 1998/10/27 00:34:31 rgb | |
10858 | + * Reformat debug output of IP headers. | |
10859 | + * Newlines added before calls to ipsec_print_ip. | |
10860 | + * | |
10861 | + * Revision 1.7 1998/10/19 14:44:28 rgb | |
10862 | + * Added inclusion of freeswan.h. | |
10863 | + * sa_id structure implemented and used: now includes protocol. | |
10864 | + * | |
10865 | + * Revision 1.6 1998/10/09 04:31:35 rgb | |
10866 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
10867 | + * | |
10868 | + * Revision 1.5 1998/08/28 03:09:51 rgb | |
10869 | + * Prevent kernel log spam with default route through ipsec. | |
10870 | + * | |
10871 | + * Revision 1.4 1998/08/05 22:23:09 rgb | |
10872 | + * Change setdev return code to ENXIO for a non-existant physical device. | |
10873 | + * | |
10874 | + * Revision 1.3 1998/07/29 20:41:11 rgb | |
10875 | + * Add ipsec_tunnel_clear to clear all tunnel attachments. | |
10876 | + * | |
10877 | + * Revision 1.2 1998/06/25 20:00:33 rgb | |
10878 | + * Clean up #endif comments. | |
10879 | + * Rename dev_ipsec to dev_ipsec0 for consistency. | |
10880 | + * Document ipsec device fields. | |
10881 | + * Make ipsec_tunnel_probe visible from rest of kernel for static linking. | |
10882 | + * Get debugging report for *every* ipsec device initialisation. | |
10883 | + * Comment out redundant code. | |
10884 | + * | |
10885 | + * Revision 1.1 1998/06/18 21:27:50 henry | |
10886 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
10887 | + * kernel-build scripts happier in the presence of symlinks | |
10888 | + * | |
10889 | + * Revision 1.8 1998/06/14 23:49:40 rgb | |
10890 | + * Clarify version reporting on module loading. | |
10891 | + * | |
10892 | + * Revision 1.7 1998/05/27 23:19:20 rgb | |
10893 | + * Added version reporting. | |
10894 | + * | |
10895 | + * Revision 1.6 1998/05/18 21:56:23 rgb | |
10896 | + * Clean up for numerical consistency of output and cleaning up debug code. | |
10897 | + * | |
10898 | + * Revision 1.5 1998/05/12 02:44:23 rgb | |
10899 | + * Clarifying 'no e-route to host' message. | |
10900 | + * | |
10901 | + * Revision 1.4 1998/04/30 15:34:35 rgb | |
10902 | + * Enclosed most remaining debugging statements in #ifdef's to make it quieter. | |
10903 | + * | |
10904 | + * Revision 1.3 1998/04/21 21:28:54 rgb | |
10905 | + * Rearrange debug switches to change on the fly debug output from user | |
10906 | + * space. Only kernel changes checked in at this time. radij.c was also | |
10907 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
10908 | + * an OOPS and hence, netlink device open errors. | |
10909 | + * | |
10910 | + * Revision 1.2 1998/04/12 22:03:24 rgb | |
10911 | + * Updated ESP-3DES-HMAC-MD5-96, | |
10912 | + * ESP-DES-HMAC-MD5-96, | |
10913 | + * AH-HMAC-MD5-96, | |
10914 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
10915 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
10916 | + * | |
10917 | + * Fixed eroute references in /proc/net/ipsec*. | |
10918 | + * | |
10919 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
10920 | + * radij tree unloading. | |
10921 | + * | |
10922 | + * Revision 1.1 1998/04/09 03:06:12 henry | |
10923 | + * sources moved up from linux/net/ipsec | |
10924 | + * | |
10925 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
10926 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
10927 | + * | |
10928 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
10929 | + * Added transport mode. | |
10930 | + * Changed the way routing is done. | |
10931 | + * Lots of bug fixes. | |
10932 | + * | |
10933 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
10934 | + * No changes. | |
10935 | + * | |
10936 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
10937 | + * Minor cleanups. | |
10938 | + * Rationalized debugging code. | |
10939 | + * | |
10940 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
10941 | + * First limited release. | |
10942 | + * | |
10943 | + * | |
10944 | + */ | |
10945 | diff -druN linux-noipsec/net/ipsec/ipsec_tunnel.h linux/net/ipsec/ipsec_tunnel.h | |
10946 | --- linux-noipsec/net/ipsec/ipsec_tunnel.h Thu Jan 1 01:00:00 1970 | |
10947 | +++ linux/net/ipsec/ipsec_tunnel.h Fri Sep 15 13:37:02 2000 | |
10948 | @@ -0,0 +1,206 @@ | |
10949 | +/* | |
10950 | + * IPSEC tunneling code | |
10951 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
10952 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
10953 | + * | |
10954 | + * This program is free software; you can redistribute it and/or modify it | |
10955 | + * under the terms of the GNU General Public License as published by the | |
10956 | + * Free Software Foundation; either version 2 of the License, or (at your | |
10957 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
10958 | + * | |
10959 | + * This program is distributed in the hope that it will be useful, but | |
10960 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
10961 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
10962 | + * for more details. | |
10963 | + * | |
10964 | + * RCSID $Id$ | |
10965 | + */ | |
10966 | + | |
10967 | +/* | |
10968 | + * Heavily based on drivers/net/new_tunnel.c. Lots | |
10969 | + * of ideas also taken from the 2.1.x version of drivers/net/shaper.c | |
10970 | + */ | |
10971 | + | |
10972 | +struct ipsectunnelconf | |
10973 | +{ | |
10974 | + __u32 cf_cmd; | |
10975 | + union | |
10976 | + { | |
10977 | + char cfu_name[12]; | |
10978 | + } cf_u; | |
10979 | +#define cf_name cf_u.cfu_name | |
10980 | +}; | |
10981 | + | |
10982 | +#define IPSEC_SET_DEV (SIOCDEVPRIVATE) | |
10983 | +#define IPSEC_DEL_DEV (SIOCDEVPRIVATE + 1) | |
10984 | +#define IPSEC_CLR_DEV (SIOCDEVPRIVATE + 2) | |
10985 | + | |
10986 | +#ifdef __KERNEL__ | |
10987 | +#include <linux/version.h> | |
10988 | +#ifndef KERNEL_VERSION | |
10989 | +# define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) | |
10990 | +#endif | |
10991 | +struct ipsecpriv | |
10992 | +{ | |
10993 | + struct sk_buff_head sendq; | |
10994 | + struct device *dev; | |
10995 | + struct wait_queue *wait_queue; | |
10996 | + char locked; | |
10997 | + int (*hard_start_xmit) (struct sk_buff *skb, | |
10998 | + struct device *dev); | |
10999 | + int (*hard_header) (struct sk_buff *skb, | |
11000 | + struct device *dev, | |
11001 | + unsigned short type, | |
11002 | + void *daddr, | |
11003 | + void *saddr, | |
11004 | + unsigned len); | |
11005 | +#ifdef NET_21 | |
11006 | + int (*rebuild_header)(struct sk_buff *skb); | |
11007 | +#else /* NET_21 */ | |
11008 | + int (*rebuild_header)(void *buff, struct device *dev, | |
11009 | + unsigned long raddr, struct sk_buff *skb); | |
11010 | +#endif /* NET_21 */ | |
11011 | + int (*set_mac_address)(struct device *dev, void *addr); | |
11012 | +#ifndef NET_21 | |
11013 | + void (*header_cache_bind)(struct hh_cache **hhp, struct device *dev, | |
11014 | + unsigned short htype, __u32 daddr); | |
11015 | +#endif /* !NET_21 */ | |
11016 | + void (*header_cache_update)(struct hh_cache *hh, struct device *dev, unsigned char * haddr); | |
11017 | + struct net_device_stats *(*get_stats)(struct device *dev); | |
11018 | + struct net_device_stats mystats; | |
11019 | + int mtu; /* What is the desired MTU? */ | |
11020 | +}; | |
11021 | + | |
11022 | +#define IPSEC_NUM_IF 4 | |
11023 | + | |
11024 | +extern char ipsec_tunnel_c_version[]; | |
11025 | + | |
11026 | +int ipsec_tunnel_init_devices(void); | |
11027 | + | |
11028 | +/* void */ int ipsec_tunnel_cleanup_devices(void); | |
11029 | + | |
11030 | +extern /* void */ int ipsec_init(void); | |
11031 | + | |
11032 | +#ifdef CONFIG_IPSEC_DEBUG | |
11033 | +extern int debug_tunnel; | |
11034 | +extern int sysctl_ipsec_debug_verbose; | |
11035 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
11036 | +#endif /* __KERNEL__ */ | |
11037 | + | |
11038 | +#ifdef CONFIG_IPSEC_DEBUG | |
11039 | +#define DB_TN_INIT 0x0001 | |
11040 | +#define DB_TN_PROCFS 0x0002 | |
11041 | +#define DB_TN_XMIT 0x0010 | |
11042 | +#define DB_TN_OHDR 0x0020 | |
11043 | +#define DB_TN_CROUT 0x0040 | |
11044 | +#define DB_TN_OXFS 0x0080 | |
11045 | +#define DB_TN_REVEC 0x0100 | |
11046 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
11047 | + | |
11048 | +/* | |
11049 | + * $Log$ | |
11050 | + * Revision 1.20 2000/09/15 11:37:02 rgb | |
11051 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
11052 | + * IPCOMP zlib deflate code. | |
11053 | + * | |
11054 | + * Revision 1.19 2000/09/08 19:12:56 rgb | |
11055 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
11056 | + * | |
11057 | + * Revision 1.18 2000/07/28 13:50:54 rgb | |
11058 | + * Changed enet_statistics to net_device_stats and added back compatibility | |
11059 | + * for pre-2.1.19. | |
11060 | + * | |
11061 | + * Revision 1.17 1999/11/19 01:12:15 rgb | |
11062 | + * Purge unneeded proc_info prototypes, now that static linking uses | |
11063 | + * dynamic proc_info registration. | |
11064 | + * | |
11065 | + * Revision 1.16 1999/11/18 18:51:00 rgb | |
11066 | + * Changed all device registrations for static linking to | |
11067 | + * dynamic to reduce the number and size of patches. | |
11068 | + * | |
11069 | + * Revision 1.15 1999/11/18 04:14:21 rgb | |
11070 | + * Replaced all kernel version macros to shorter, readable form. | |
11071 | + * Added CONFIG_PROC_FS compiler directives in case it is shut off. | |
11072 | + * Added Marc Boucher's 2.3.25 proc patches. | |
11073 | + * | |
11074 | + * Revision 1.14 1999/05/25 02:50:10 rgb | |
11075 | + * Fix kernel version macros for 2.0.x static linking. | |
11076 | + * | |
11077 | + * Revision 1.13 1999/05/25 02:41:06 rgb | |
11078 | + * Add ipsec_klipsdebug support for static linking. | |
11079 | + * | |
11080 | + * Revision 1.12 1999/05/05 22:02:32 rgb | |
11081 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
11082 | + * | |
11083 | + * Revision 1.11 1999/04/29 15:19:50 rgb | |
11084 | + * Add return values to init and cleanup functions. | |
11085 | + * | |
11086 | + * Revision 1.10 1999/04/16 16:02:39 rgb | |
11087 | + * Bump up macro to 4 ipsec I/Fs. | |
11088 | + * | |
11089 | + * Revision 1.9 1999/04/15 15:37:25 rgb | |
11090 | + * Forward check changes from POST1_00 branch. | |
11091 | + * | |
11092 | + * Revision 1.5.2.1 1999/04/02 04:26:14 rgb | |
11093 | + * Backcheck from HEAD, pre1.0. | |
11094 | + * | |
11095 | + * Revision 1.8 1999/04/11 00:29:01 henry | |
11096 | + * GPL boilerplate | |
11097 | + * | |
11098 | + * Revision 1.7 1999/04/06 04:54:28 rgb | |
11099 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
11100 | + * patch shell fixes. | |
11101 | + * | |
11102 | + * Revision 1.6 1999/03/31 05:44:48 rgb | |
11103 | + * Keep PMTU reduction private. | |
11104 | + * | |
11105 | + * Revision 1.5 1999/02/10 22:31:20 rgb | |
11106 | + * Change rebuild_header member to reflect generality of link layer. | |
11107 | + * | |
11108 | + * Revision 1.4 1998/12/01 13:22:04 rgb | |
11109 | + * Added support for debug printing of version info. | |
11110 | + * | |
11111 | + * Revision 1.3 1998/07/29 20:42:46 rgb | |
11112 | + * Add a macro for clearing all tunnel devices. | |
11113 | + * Rearrange structures and declarations for sharing with userspace. | |
11114 | + * | |
11115 | + * Revision 1.2 1998/06/25 20:01:45 rgb | |
11116 | + * Make prototypes available for ipsec_init and ipsec proc_dir_entries | |
11117 | + * for static linking. | |
11118 | + * | |
11119 | + * Revision 1.1 1998/06/18 21:27:50 henry | |
11120 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
11121 | + * kernel-build scripts happier in the presence of symlinks | |
11122 | + * | |
11123 | + * Revision 1.3 1998/05/18 21:51:50 rgb | |
11124 | + * Added macros for num of I/F's and a procfs debug switch. | |
11125 | + * | |
11126 | + * Revision 1.2 1998/04/21 21:29:09 rgb | |
11127 | + * Rearrange debug switches to change on the fly debug output from user | |
11128 | + * space. Only kernel changes checked in at this time. radij.c was also | |
11129 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
11130 | + * an OOPS and hence, netlink device open errors. | |
11131 | + * | |
11132 | + * Revision 1.1 1998/04/09 03:06:13 henry | |
11133 | + * sources moved up from linux/net/ipsec | |
11134 | + * | |
11135 | + * Revision 1.1.1.1 1998/04/08 05:35:05 henry | |
11136 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
11137 | + * | |
11138 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
11139 | + * Added transport mode. | |
11140 | + * Changed the way routing is done. | |
11141 | + * Lots of bug fixes. | |
11142 | + * | |
11143 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
11144 | + * No changes. | |
11145 | + * | |
11146 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
11147 | + * Minor cleanups. | |
11148 | + * Rationalized debugging code. | |
11149 | + * | |
11150 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
11151 | + * First limited release. | |
11152 | + * | |
11153 | + * | |
11154 | + */ | |
11155 | diff -druN linux-noipsec/net/ipsec/ipsec_xform.c linux/net/ipsec/ipsec_xform.c | |
11156 | --- linux-noipsec/net/ipsec/ipsec_xform.c Thu Jan 1 01:00:00 1970 | |
11157 | +++ linux/net/ipsec/ipsec_xform.c Mon Nov 6 05:32:08 2000 | |
11158 | @@ -0,0 +1,1178 @@ | |
11159 | +/* | |
11160 | + * Common routines for IPSEC transformations. | |
11161 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
11162 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
11163 | + * | |
11164 | + * This program is free software; you can redistribute it and/or modify it | |
11165 | + * under the terms of the GNU General Public License as published by the | |
11166 | + * Free Software Foundation; either version 2 of the License, or (at your | |
11167 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11168 | + * | |
11169 | + * This program is distributed in the hope that it will be useful, but | |
11170 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
11171 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
11172 | + * for more details. | |
11173 | + * | |
11174 | + * RCSID $Id$ | |
11175 | + */ | |
11176 | + | |
11177 | +#include <linux/config.h> | |
11178 | +#include <linux/version.h> | |
11179 | + | |
11180 | +#include <linux/kernel.h> /* printk() */ | |
11181 | +#include <linux/malloc.h> /* kmalloc() */ | |
11182 | +#include <linux/errno.h> /* error codes */ | |
11183 | +#include <linux/types.h> /* size_t */ | |
11184 | +#include <linux/interrupt.h> /* mark_bh */ | |
11185 | + | |
11186 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
11187 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
11188 | +#include <linux/ip.h> /* struct iphdr */ | |
11189 | +#include <linux/skbuff.h> | |
11190 | +#include <linux/random.h> /* get_random_bytes() */ | |
11191 | +#include <freeswan.h> | |
11192 | +#ifdef SPINLOCK | |
11193 | +#ifdef SPINLOCK_23 | |
11194 | +#include <linux/spinlock.h> /* *lock* */ | |
11195 | +#else /* SPINLOCK_23 */ | |
11196 | +#include <asm/spinlock.h> /* *lock* */ | |
11197 | +#endif /* SPINLOCK_23 */ | |
11198 | +#endif /* SPINLOCK */ | |
11199 | +#ifdef NET_21 | |
11200 | +#include <asm/uaccess.h> | |
11201 | +#include <linux/in6.h> | |
11202 | +#endif | |
11203 | +#include <asm/checksum.h> | |
11204 | +#include <net/ip.h> | |
11205 | + | |
11206 | +#include "radij.h" | |
11207 | +#include "ipsec_encap.h" | |
11208 | +#include "ipsec_radij.h" | |
11209 | +#include "ipsec_netlink.h" | |
11210 | +#include "ipsec_xform.h" | |
11211 | +#include "ipsec_ipe4.h" | |
11212 | +#include "ipsec_ah.h" | |
11213 | +#include "ipsec_esp.h" | |
11214 | + | |
11215 | +#include <pfkeyv2.h> | |
11216 | +#include <pfkey.h> | |
11217 | + | |
11218 | +#ifdef CONFIG_IPSEC_DEBUG | |
11219 | +int debug_xform = 0; | |
11220 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
11221 | + | |
11222 | +#define SENDERR(_x) do { len = -(_x); goto errlab; } while (0) | |
11223 | + | |
11224 | +extern int des_set_key(caddr_t, caddr_t); | |
11225 | + | |
11226 | +struct xformsw xformsw[] = { | |
11227 | +{ XF_IP4, 0, "IPv4_Encapsulation"}, | |
11228 | +{ XF_AHHMACMD5, XFT_AUTH, "HMAC_MD5_Authentication"}, | |
11229 | +{ XF_AHHMACSHA1, XFT_AUTH, "HMAC_SHA-1_Authentication"}, | |
11230 | +{ XF_ESP3DES, XFT_CONF, "3DES_Encryption"}, | |
11231 | +{ XF_ESP3DESMD596, XFT_CONF, "3DES-MD5-96_Encryption"}, | |
11232 | +{ XF_ESP3DESSHA196, XFT_CONF, "3DES-SHA1-96_Encryption"}, | |
11233 | +{ XF_ESPNULLMD596, XFT_CONF, "NULL-MD5-96_ESP_*Plaintext*"}, | |
11234 | +{ XF_ESPNULLSHA196, XFT_CONF, "NULL-SHA1-96_ESP_*Plaintext*"}, | |
11235 | +}; | |
11236 | + | |
11237 | +struct tdb *tdbh[TDB_HASHMOD]; | |
11238 | +#ifdef SPINLOCK | |
11239 | +spinlock_t tdb_lock = SPIN_LOCK_UNLOCKED; | |
11240 | +#else /* SPINLOCK */ | |
11241 | +spinlock_t tdb_lock; | |
11242 | +#endif /* SPINLOCK */ | |
11243 | +struct xformsw *xformswNXFORMSW = &xformsw[sizeof(xformsw)/sizeof(xformsw[0])]; | |
11244 | + | |
11245 | +int | |
11246 | +ipsec_tdbinit(void) | |
11247 | +{ | |
11248 | + int i; | |
11249 | + | |
11250 | + for(i = 1; i < TDB_HASHMOD; i++) { | |
11251 | + tdbh[i] = NULL; | |
11252 | + } | |
11253 | + return 0; | |
11254 | +} | |
11255 | + | |
11256 | +struct tdb * | |
11257 | +gettdb(struct sa_id *said) | |
11258 | +{ | |
11259 | + int hashval; | |
11260 | + struct tdb *tdbp; | |
11261 | + char sa[SATOA_BUF]; | |
11262 | + | |
11263 | + if(!said) { | |
11264 | + KLIPS_PRINT(debug_xform, | |
11265 | + "klips_error:gettdb: null pointer passed in!\n"); | |
11266 | + return NULL; | |
11267 | + } | |
11268 | + | |
11269 | + satoa(*said, 0, sa, SATOA_BUF); | |
11270 | + | |
11271 | + hashval = (said->spi+said->dst.s_addr+said->proto) % TDB_HASHMOD; | |
11272 | + | |
11273 | + KLIPS_PRINT(debug_xform, | |
11274 | + "klips_debug:gettdb: linked entry in tdb table for hash=%d of SA:%s requested.\n", | |
11275 | + hashval, sa); | |
11276 | + | |
11277 | + if(!(tdbp = tdbh[hashval])) { | |
11278 | + KLIPS_PRINT(debug_xform, | |
11279 | + "klips_debug:gettdb: no entries in tdb table for hash=%d of SA:%s.\n", | |
11280 | + hashval, sa); | |
11281 | + return NULL; | |
11282 | + } | |
11283 | + | |
11284 | + for (; tdbp; tdbp = tdbp->tdb_hnext) { | |
11285 | + if ((tdbp->tdb_said.spi == said->spi) && | |
11286 | + (tdbp->tdb_said.dst.s_addr == said->dst.s_addr) && | |
11287 | + (tdbp->tdb_said.proto == said->proto)) { | |
11288 | + return tdbp; | |
11289 | + } | |
11290 | + } | |
11291 | + | |
11292 | + KLIPS_PRINT(debug_xform, | |
11293 | + "klips_debug:gettdb: no entry in linked list for hash=%d of SA:%s.\n", | |
11294 | + hashval, sa); | |
11295 | + return NULL; | |
11296 | +} | |
11297 | + | |
11298 | +/* void */ | |
11299 | +int | |
11300 | +puttdb(struct tdb *tdbp) | |
11301 | +{ | |
11302 | + int error = 0; | |
11303 | + unsigned int hashval; | |
11304 | + | |
11305 | + if(!tdbp) { | |
11306 | + KLIPS_PRINT(debug_xform, | |
11307 | + "klips_error:puttdb: null pointer passed in!\n"); | |
11308 | + return -ENODATA; | |
11309 | + } | |
11310 | + hashval = ((tdbp->tdb_said.spi + tdbp->tdb_said.dst.s_addr + tdbp->tdb_said.proto) % TDB_HASHMOD); | |
11311 | + | |
11312 | + spin_lock_bh(&tdb_lock); | |
11313 | + | |
11314 | + tdbp->tdb_hnext = tdbh[hashval]; | |
11315 | + tdbh[hashval] = tdbp; | |
11316 | + | |
11317 | + spin_unlock_bh(&tdb_lock); | |
11318 | + | |
11319 | + return error; | |
11320 | +} | |
11321 | + | |
11322 | +/* This tdb better be locked before it is handed in, or races might | |
11323 | + * happen */ | |
11324 | + | |
11325 | +/* void */ | |
11326 | +int | |
11327 | +deltdb(struct tdb *tdbp) | |
11328 | +{ | |
11329 | + unsigned int hashval; | |
11330 | + struct tdb *tdbtp; | |
11331 | + char sa[SATOA_BUF]; | |
11332 | + | |
11333 | + if(!tdbp) { | |
11334 | + KLIPS_PRINT(debug_xform, | |
11335 | + "klips_error:deltdb: null pointer passed in!\n"); | |
11336 | + return -ENODATA; | |
11337 | + } | |
11338 | + | |
11339 | + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
11340 | + if(tdbp->tdb_inext || tdbp->tdb_onext) { | |
11341 | + KLIPS_PRINT(debug_xform, | |
11342 | + "klips_error:deltdb: SA:%s still linked!\n", | |
11343 | + sa); | |
11344 | + return -EMLINK; | |
11345 | + } | |
11346 | + | |
11347 | + hashval = ((tdbp->tdb_said.spi + tdbp->tdb_said.dst.s_addr + tdbp->tdb_said.proto) % TDB_HASHMOD); | |
11348 | + | |
11349 | + KLIPS_PRINT(debug_xform, | |
11350 | + "klips_debug:deltdb: deleting SA:%s, hashval=%d.\n", | |
11351 | + sa, hashval); | |
11352 | + if(!tdbh[hashval]) { | |
11353 | + KLIPS_PRINT(debug_xform, | |
11354 | + "klips_debug:deltdb: no entries in tdb table for hash=%d of SA:%s.\n", | |
11355 | + hashval, sa); | |
11356 | + return -ENOENT; | |
11357 | + } | |
11358 | + | |
11359 | + if (tdbp == tdbh[hashval]) { | |
11360 | + tdbh[hashval] = tdbh[hashval]->tdb_hnext; | |
11361 | + tdbp->tdb_hnext = NULL; | |
11362 | + KLIPS_PRINT(debug_xform, | |
11363 | + "klips_debug:deltdb: successfully deleted first tdb in chain.\n"); | |
11364 | + return 0; | |
11365 | + } else { | |
11366 | + for (tdbtp = tdbh[hashval]; tdbtp; tdbtp = tdbtp->tdb_hnext) { | |
11367 | + if (tdbtp->tdb_hnext == tdbp) { | |
11368 | + tdbtp->tdb_hnext = tdbp->tdb_hnext; | |
11369 | + tdbp->tdb_hnext = NULL; | |
11370 | + KLIPS_PRINT(debug_xform, | |
11371 | + "klips_debug:deltdb: successfully " | |
11372 | + "deleted link in tdb chain.\n"); | |
11373 | + return 0; | |
11374 | + } | |
11375 | + } | |
11376 | + } | |
11377 | + | |
11378 | + KLIPS_PRINT(debug_xform, | |
11379 | + "klips_debug:deltdb: no entries in linked list for hash=%d of SA:%s.\n", | |
11380 | + hashval, sa); | |
11381 | + return -ENOENT; | |
11382 | +} | |
11383 | + | |
11384 | +/* This tdb better be locked before it is handed in, or races might | |
11385 | + * happen */ | |
11386 | + | |
11387 | +int | |
11388 | +deltdbchain(struct tdb *tdbp) | |
11389 | +{ | |
11390 | + struct tdb *tdbdel; | |
11391 | + int error = 0; | |
11392 | + char sa[SATOA_BUF]; | |
11393 | + | |
11394 | + if(!tdbp) { | |
11395 | + KLIPS_PRINT(debug_xform, | |
11396 | + "klips_error:deltdbchain: null pointer passed in!\n"); | |
11397 | + return -ENODATA; | |
11398 | + } | |
11399 | + | |
11400 | + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
11401 | + KLIPS_PRINT(debug_xform, | |
11402 | + "klips_debug:deltdbchain: passed SA:%s\n", sa); | |
11403 | + while(tdbp->tdb_onext) { | |
11404 | + tdbp = tdbp->tdb_onext; | |
11405 | + } | |
11406 | + | |
11407 | + while(tdbp) { | |
11408 | + /* XXX send a pfkey message up to advise of deleted TDB */ | |
11409 | + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
11410 | + KLIPS_PRINT(debug_xform, | |
11411 | + "klips_debug:deltdbchain: unlinking and delting SA:%s", sa); | |
11412 | + tdbdel = tdbp; | |
11413 | + tdbp = tdbp->tdb_inext; | |
11414 | + if(tdbp) { | |
11415 | + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
11416 | + KLIPS_PRINT(debug_xform, | |
11417 | + ", inext=%s", sa); | |
11418 | + tdbdel->tdb_inext = NULL; | |
11419 | + tdbp->tdb_onext = NULL; | |
11420 | + } | |
11421 | + KLIPS_PRINT(debug_xform, | |
11422 | + ".\n"); | |
11423 | + if((error = deltdb(tdbdel))) { | |
11424 | + KLIPS_PRINT(debug_xform, | |
11425 | + "klips_debug:deltdbchain: " | |
11426 | + "deltdb returned error %d.\n", -error); | |
11427 | + return error; | |
11428 | + } | |
11429 | + if((error = ipsec_tdbwipe(tdbdel))) { | |
11430 | + KLIPS_PRINT(debug_xform, | |
11431 | + "klips_debug:deltdbchain: " | |
11432 | + "ipsec_tdbwipe returned error %d.\n", -error); | |
11433 | + return error; | |
11434 | + } | |
11435 | + } | |
11436 | + return error; | |
11437 | +} | |
11438 | + | |
11439 | +#if 0 | |
11440 | +int | |
11441 | +tdb_init(struct tdb *tdbp, struct encap_msghdr *em) | |
11442 | +{ | |
11443 | + int alg; | |
11444 | + struct xformsw *xsp; | |
11445 | + int len; | |
11446 | + int i; | |
11447 | +#if defined(CONFIG_IPSEC_ENC_3DES) | |
11448 | + int error; | |
11449 | +#endif /* CONFIG_IPSEC_ENC_3DES */ | |
11450 | + | |
11451 | + char sa[SATOA_BUF]; | |
11452 | + size_t sa_len; | |
11453 | + | |
11454 | + if(!tdbp || !em) { | |
11455 | + KLIPS_PRINT(debug_xform, | |
11456 | + "klips_error:tdb_init: null pointer passed in!\n"); | |
11457 | + SENDERR(ENODATA); | |
11458 | + } | |
11459 | + | |
11460 | + sa_len = satoa(em->em_said, 0, sa, SATOA_BUF); | |
11461 | + | |
11462 | + KLIPS_PRINT(debug_esp, | |
11463 | + "klips_debug:tdb_init: (algo_switch defined) called for SA:%s\n", sa); | |
11464 | + alg = em->em_alg; | |
11465 | + | |
11466 | + for (xsp = xformsw; xsp < xformswNXFORMSW; xsp++) { | |
11467 | + if (xsp->xf_type == alg) { | |
11468 | + KLIPS_PRINT(debug_netlink, | |
11469 | + "klips_debug:tdb_init: called with tdbp=0x%p, xsp=0x%p, em=0x%p\n", | |
11470 | + tdbp, xsp, em); | |
11471 | + KLIPS_PRINT(debug_netlink, | |
11472 | + "klips_debug:tdb_init: calling init routine of %s\n", | |
11473 | + xsp->xf_name); | |
11474 | + tdbp->tdb_xform = xsp; | |
11475 | + tdbp->tdb_replaywin_lastseq = 0; | |
11476 | + tdbp->tdb_replaywin_bitmap = 0; | |
11477 | + /* check size of message here XXX */ | |
11478 | + switch(alg) { | |
11479 | +#ifdef CONFIG_IPSEC_IPIP | |
11480 | + case XF_IP4: { | |
11481 | + struct ipe4_xdata *xd; | |
11482 | + xd = (struct ipe4_xdata *)(em->em_dat); | |
11483 | + | |
11484 | + tdbp->tdb_authalg = AH_NONE; | |
11485 | + tdbp->tdb_encalg = ESP_NONE; | |
11486 | + | |
11487 | + if((tdbp->tdb_addr_s = (struct sockaddr*) | |
11488 | + kmalloc((tdbp->tdb_addr_s_size = sizeof(struct sockaddr_in)), | |
11489 | + GFP_ATOMIC)) == NULL) { | |
11490 | + SENDERR(ENOMEM); | |
11491 | + } | |
11492 | + if((tdbp->tdb_addr_d = (struct sockaddr*) | |
11493 | + kmalloc((tdbp->tdb_addr_d_size = sizeof(struct sockaddr_in)), | |
11494 | + GFP_ATOMIC)) == NULL) { | |
11495 | + SENDERR(ENOMEM); | |
11496 | + } | |
11497 | + | |
11498 | + /* might want to use a different structure here, or set sin_family and sin_port */ | |
11499 | + ((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr = xd->i4_src; | |
11500 | + ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr = xd->i4_dst; | |
11501 | + } | |
11502 | + break; | |
11503 | +#endif /* !CONFIG_IPSEC_IPIP */ | |
11504 | + | |
11505 | +#ifdef CONFIG_IPSEC_AH | |
11506 | + | |
11507 | +# ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
11508 | + case XF_AHHMACMD5: { | |
11509 | + struct ahhmacmd5_edata *ed; | |
11510 | + unsigned char kb[AHMD596_BLKLEN]; | |
11511 | + MD5_CTX *ictx; | |
11512 | + MD5_CTX *octx; | |
11513 | + | |
11514 | + ed = (struct ahhmacmd5_edata *)em->em_dat; | |
11515 | + | |
11516 | + tdbp->tdb_authalg = AH_MD5; | |
11517 | + tdbp->tdb_encalg = ESP_NONE; | |
11518 | + | |
11519 | + if (em->em_msglen - EMT_SETSPI_FLEN > sizeof (struct ahhmacmd5_edata)) | |
11520 | + SENDERR(EINVAL); | |
11521 | + | |
11522 | + if (ed->ame_klen != AHMD596_KLEN) { | |
11523 | + KLIPS_PRINT(debug_ah, | |
11524 | + "klips_debug:tdb_init: incorrect key size: %d" | |
11525 | + "-- must be %d octets (bytes)\n", | |
11526 | + ed->ame_klen, AHMD596_KLEN); | |
11527 | + SENDERR(EINVAL); | |
11528 | + } | |
11529 | + | |
11530 | + if (ed->ame_alen != AHMD596_ALEN) { | |
11531 | + KLIPS_PRINT(debug_ah, | |
11532 | + "klips_debug:tdb_init: authenticator size: %d" | |
11533 | + " -- must be %d octets (bytes)\n", | |
11534 | + ed->ame_alen, AHMD596_ALEN); | |
11535 | + SENDERR(EINVAL); | |
11536 | + } | |
11537 | + | |
11538 | + KLIPS_PRINT(debug_ah, | |
11539 | + "klips_debug:tdb_init: hmac md5-96 key is 0x%08x %08x %08x %08x\n", | |
11540 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)), | |
11541 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)), | |
11542 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)), | |
11543 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+3))); | |
11544 | + | |
11545 | + tdbp->tdb_key_bits_a = ed->ame_klen; | |
11546 | + tdbp->tdb_auth_bits = ed->ame_alen * 8; | |
11547 | + | |
11548 | + if(ed->ame_ooowin > 64) { | |
11549 | + KLIPS_PRINT(debug_ah, | |
11550 | + "klips_debug:tdb_init: replay window size: %d" | |
11551 | + " -- must be 0 <= size <= 64\n", | |
11552 | + ed->ame_ooowin); | |
11553 | + SENDERR(EINVAL); | |
11554 | + } | |
11555 | + tdbp->tdb_replaywin = ed->ame_ooowin; | |
11556 | + tdbp->tdb_replaywin_lastseq = tdbp->tdb_replaywin_bitmap = 0; | |
11557 | + | |
11558 | + if((tdbp->tdb_key_a = (caddr_t) | |
11559 | + kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)), | |
11560 | + GFP_ATOMIC)) == NULL) { | |
11561 | + SENDERR(ENOMEM); | |
11562 | + } | |
11563 | + | |
11564 | + for (i = 0; i < ed->ame_klen; i++) { | |
11565 | + kb[i] = ed->ame_key[i] ^ HMAC_IPAD; | |
11566 | + } | |
11567 | + for (; i < AHMD596_BLKLEN; i++) { | |
11568 | + kb[i] = HMAC_IPAD; | |
11569 | + } | |
11570 | + | |
11571 | + ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx); | |
11572 | + MD5Init(ictx); | |
11573 | + MD5Update(ictx, kb, AHMD596_BLKLEN); | |
11574 | + | |
11575 | + for (i = 0; i < AHMD596_BLKLEN; i++) | |
11576 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
11577 | + | |
11578 | + octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx); | |
11579 | + MD5Init(octx); | |
11580 | + MD5Update(octx, kb, AHMD596_BLKLEN); | |
11581 | + | |
11582 | + KLIPS_PRINT(debug_ah, | |
11583 | + "klips_debug:tdb_init: MD5 ictx=0x%08x %08x %08x %08x" | |
11584 | + " octx=0x%08x %08x %08x %08x\n", | |
11585 | + ((__u32*)ictx)[0], | |
11586 | + ((__u32*)ictx)[1], | |
11587 | + ((__u32*)ictx)[2], | |
11588 | + ((__u32*)ictx)[3], | |
11589 | + ((__u32*)octx)[0], | |
11590 | + ((__u32*)octx)[1], | |
11591 | + ((__u32*)octx)[2], | |
11592 | + ((__u32*)octx)[3] ); | |
11593 | + | |
11594 | + /* zero key buffer -- paranoid */ | |
11595 | + memset(kb, 0, sizeof(kb)); | |
11596 | + memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen); | |
11597 | + } | |
11598 | + break; | |
11599 | +# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
11600 | +# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
11601 | + case XF_AHHMACSHA1: { | |
11602 | + struct ahhmacsha1_edata *ed; | |
11603 | + unsigned char kb[AHSHA196_BLKLEN]; | |
11604 | + SHA1_CTX *ictx; | |
11605 | + SHA1_CTX *octx; | |
11606 | + | |
11607 | + ed = (struct ahhmacsha1_edata *)em->em_dat; | |
11608 | + | |
11609 | + tdbp->tdb_authalg = AH_SHA; | |
11610 | + tdbp->tdb_encalg = ESP_NONE; | |
11611 | + | |
11612 | + if (em->em_msglen - EMT_SETSPI_FLEN > sizeof (struct ahhmacsha1_edata)) | |
11613 | + SENDERR(EINVAL); | |
11614 | + | |
11615 | + if (ed->ame_klen != AHSHA196_KLEN) { | |
11616 | + KLIPS_PRINT(debug_ah, | |
11617 | + "klips_debug:tdb_init: incorrect key size: %d" | |
11618 | + "-- must be %d octets (bytes)\n", | |
11619 | + ed->ame_klen, AHSHA196_KLEN); | |
11620 | + SENDERR(EINVAL); | |
11621 | + } | |
11622 | + | |
11623 | + if (ed->ame_alen != AHSHA196_ALEN) { | |
11624 | + KLIPS_PRINT(debug_ah, | |
11625 | + "klips_debug:tdb_init: authenticator size: %d" | |
11626 | + " -- must be %d octets (bytes)\n", | |
11627 | + ed->ame_alen, AHSHA196_ALEN); | |
11628 | + SENDERR(EINVAL); | |
11629 | + } | |
11630 | + | |
11631 | + KLIPS_PRINT(debug_ah, | |
11632 | + "klips_debug:tdb_init: hmac sha1-96 key is 0x%08x %08x %08x %08x\n", | |
11633 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)), | |
11634 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)), | |
11635 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)), | |
11636 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+3))); | |
11637 | + | |
11638 | + tdbp->tdb_key_bits_a = ed->ame_klen; | |
11639 | + tdbp->tdb_auth_bits = ed->ame_alen * 8; | |
11640 | + | |
11641 | + if(ed->ame_ooowin > 64) { | |
11642 | + KLIPS_PRINT(debug_ah, | |
11643 | + "klips_debug:tdb_init: replay window size: %d" | |
11644 | + " -- must be 0 <= size <= 64\n", | |
11645 | + ed->ame_ooowin); | |
11646 | + SENDERR(EINVAL); | |
11647 | + } | |
11648 | + tdbp->tdb_replaywin = ed->ame_ooowin; | |
11649 | + tdbp->tdb_replaywin_lastseq = tdbp->tdb_replaywin_bitmap = 0; | |
11650 | + | |
11651 | + if((tdbp->tdb_key_a = (caddr_t) | |
11652 | + kmalloc((tdbp->tdb_key_a_size = (__u16)sizeof(struct sha1_ctx)), | |
11653 | + GFP_ATOMIC)) == NULL) { | |
11654 | + SENDERR(ENOMEM); | |
11655 | + } | |
11656 | + | |
11657 | + for (i = 0; i < ed->ame_klen; i++) | |
11658 | + kb[i] = ed->ame_key[i] ^ HMAC_IPAD; | |
11659 | + for (; i < AHSHA196_BLKLEN; i++) | |
11660 | + kb[i] = HMAC_IPAD; | |
11661 | + | |
11662 | + ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx); | |
11663 | + SHA1Init(ictx); | |
11664 | + SHA1Update(ictx, kb, AHSHA196_BLKLEN); | |
11665 | + | |
11666 | + for (i = 0; i < AHSHA196_BLKLEN; i++) | |
11667 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
11668 | + | |
11669 | + octx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->octx); | |
11670 | + SHA1Init(octx); | |
11671 | + SHA1Update(octx, kb, AHSHA196_BLKLEN); | |
11672 | + | |
11673 | + KLIPS_PRINT(debug_ah, | |
11674 | + "klips_debug:tdb_init: SHA1 ictx=0x%08x %08x %08x %08x" | |
11675 | + " octx=0x%08x %08x %08x %08x\n", | |
11676 | + ((__u32*)ictx)[0], | |
11677 | + ((__u32*)ictx)[1], | |
11678 | + ((__u32*)ictx)[2], | |
11679 | + ((__u32*)ictx)[3], | |
11680 | + ((__u32*)octx)[0], | |
11681 | + ((__u32*)octx)[1], | |
11682 | + ((__u32*)octx)[2], | |
11683 | + ((__u32*)octx)[3] ); | |
11684 | + | |
11685 | + /* zero key buffer -- paranoid */ | |
11686 | + memset(kb, 0, sizeof(kb)); | |
11687 | + memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen); | |
11688 | + } | |
11689 | + break; | |
11690 | +# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
11691 | + | |
11692 | +#endif /* CONFIG_IPSEC_AH */ | |
11693 | + | |
11694 | +#ifdef CONFIG_IPSEC_ESP | |
11695 | +#ifdef CONFIG_IPSEC_ENC_3DES | |
11696 | + case XF_ESP3DES: | |
11697 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
11698 | + case XF_ESP3DESMD596: | |
11699 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
11700 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
11701 | + case XF_ESP3DESSHA196: | |
11702 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
11703 | +#endif /* CONFIG_IPSEC_ENC_3DES */ | |
11704 | +#ifdef CONFIG_IPSEC_ENC_NULL | |
11705 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
11706 | + case XF_ESPNULLMD596: | |
11707 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
11708 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
11709 | + case XF_ESPNULLSHA196: | |
11710 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
11711 | +#endif /* CONFIG_IPSEC_ENC_NULL */ | |
11712 | + { | |
11713 | + struct espblkrply_edata *ed; | |
11714 | + unsigned char kb[AHMD596_BLKLEN]; | |
11715 | + ed = (struct espblkrply_edata *)em->em_dat; | |
11716 | + | |
11717 | + KLIPS_PRINT(debug_esp, | |
11718 | + "klips_debug:tdb_init: " | |
11719 | + "netlink data:" | |
11720 | + " eklen=%d" | |
11721 | + " aklen=%d" | |
11722 | + " flags=%d" | |
11723 | + " ooowin=%d.\n", | |
11724 | + ed->eme_klen, | |
11725 | + ed->ame_klen, | |
11726 | + ed->eme_flags, | |
11727 | + ed->eme_ooowin); | |
11728 | + | |
11729 | + if(ed->eme_ooowin > 64) { | |
11730 | + KLIPS_PRINT(debug_esp, | |
11731 | + "klips_debug:tdb_init: replay window size: %d" | |
11732 | + "-- must be 0 <= size <= 64\n", | |
11733 | + ed->eme_ooowin); | |
11734 | + SENDERR(EINVAL); | |
11735 | + } | |
11736 | + tdbp->tdb_replaywin = ed->eme_ooowin; | |
11737 | + | |
11738 | + switch(alg) { | |
11739 | + case XF_ESP3DES: | |
11740 | + case XF_ESP3DESMD596: | |
11741 | + case XF_ESP3DESSHA196: | |
11742 | + if((tdbp->tdb_iv = (caddr_t) | |
11743 | + kmalloc((tdbp->tdb_iv_size = EMT_ESPDES_IV_SZ), GFP_ATOMIC)) == NULL) { | |
11744 | + SENDERR(ENOMEM); | |
11745 | + } | |
11746 | + get_random_bytes((void *)tdbp->tdb_iv, EMT_ESPDES_IV_SZ); | |
11747 | + tdbp->tdb_iv_bits = tdbp->tdb_iv_size * 8; | |
11748 | + break; | |
11749 | + default: | |
11750 | + } | |
11751 | + | |
11752 | + switch(alg) { | |
11753 | +#ifdef CONFIG_IPSEC_ENC_3DES | |
11754 | + case XF_ESP3DES: | |
11755 | + case XF_ESP3DESMD596: | |
11756 | + case XF_ESP3DESSHA196: | |
11757 | + tdbp->tdb_encalg = ESP_3DES; | |
11758 | + | |
11759 | + if (ed->eme_klen != EMT_ESP3DES_KEY_SZ) { | |
11760 | + KLIPS_PRINT(debug_esp, | |
11761 | + "klips_debug:tdb_init: incorrect encryption " | |
11762 | + "key size: %d -- must be %d octets (bytes)\n", | |
11763 | + ed->eme_klen, EMT_ESP3DES_KEY_SZ); | |
11764 | + SENDERR(EINVAL); | |
11765 | + } | |
11766 | + | |
11767 | + tdbp->tdb_key_bits_e = ed->eme_klen; | |
11768 | + | |
11769 | + if((tdbp->tdb_key_e = (caddr_t) | |
11770 | + kmalloc((tdbp->tdb_key_e_size = 3 * sizeof(struct des_eks)), | |
11771 | + GFP_ATOMIC)) == NULL) { | |
11772 | + SENDERR(ENOMEM); | |
11773 | + } | |
11774 | + | |
11775 | + for(i = 0; i < 3; i++) { | |
11776 | +#if 0 | |
11777 | + KLIPS_PRINT(debug_esp, | |
11778 | + "klips_debug:tdb_init: 3des key %d/3 is 0x%08lx%08lx\n", | |
11779 | + i + 1, | |
11780 | + ntohl(*((__u32 *)ed->eme_key + i * 2)), | |
11781 | + ntohl(*((__u32 *)ed->eme_key + i * 2 + 1))); | |
11782 | +#endif | |
11783 | + error = des_set_key((caddr_t)(ed->eme_key) + EMT_ESPDES_KEY_SZ * i, | |
11784 | + (caddr_t)&((struct des_eks*)(tdbp->tdb_key_e))[i]); | |
11785 | + if (error == -1) | |
11786 | + printk("klips_debug:tdb_init: parity error in des key %d/3\n", i + 1); | |
11787 | + else if (error == -2) | |
11788 | + printk("klips_debug:tdb_init: illegal weak des key %d/3\n", i + 1); | |
11789 | + if (error) { | |
11790 | + memset(tdbp->tdb_key_e, 0, 3 * sizeof(struct des_eks)); | |
11791 | + kfree(tdbp->tdb_key_e); | |
11792 | + SENDERR(EINVAL); | |
11793 | + } | |
11794 | + } | |
11795 | + | |
11796 | + break; | |
11797 | +#endif /* CONFIG_IPSEC_ENC_3DES */ | |
11798 | + default: | |
11799 | + tdbp->tdb_encalg = ESP_NULL; | |
11800 | + } | |
11801 | + | |
11802 | + switch(alg) { | |
11803 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
11804 | + case XF_ESP3DESMD596: | |
11805 | + case XF_ESPNULLMD596: | |
11806 | + { | |
11807 | + MD5_CTX *ictx; | |
11808 | + MD5_CTX *octx; | |
11809 | + | |
11810 | + tdbp->tdb_authalg = AH_MD5; | |
11811 | + | |
11812 | + if (ed->ame_klen != AHMD596_KLEN) { | |
11813 | + KLIPS_PRINT(debug_esp, | |
11814 | + "klips_debug:tdb_init: incorrect authorisation " | |
11815 | + " key size: %d -- must be %d octets (bytes)\n", | |
11816 | + ed->ame_klen, AHMD596_KLEN); | |
11817 | + SENDERR(EINVAL); | |
11818 | + } | |
11819 | + | |
11820 | + tdbp->tdb_key_bits_a = ed->ame_klen; | |
11821 | + tdbp->tdb_auth_bits = ed->ame_klen * 8; | |
11822 | + | |
11823 | + | |
11824 | + if((tdbp->tdb_key_a = (caddr_t) | |
11825 | + kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)), | |
11826 | + GFP_ATOMIC)) == NULL) { | |
11827 | + SENDERR(ENOMEM); | |
11828 | + } | |
11829 | + KLIPS_PRINT(debug_esp, | |
11830 | + "klips_debug:tdb_init: hmac md5-96 key is 0x%08x %08x %08x %08x\n", | |
11831 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)), | |
11832 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)), | |
11833 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)), | |
11834 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+3))); | |
11835 | + | |
11836 | + for (i=0; i< AHMD596_KLEN; i++) | |
11837 | + kb[i] = (*(((unsigned char *)(ed->ame_key)) + i)) ^ HMAC_IPAD; | |
11838 | + /* | |
11839 | + * HMAC_key is now contained in the first 128 bits of kb. | |
11840 | + * Pad with zeroes and XOR with HMAC_IPAD to create the inner context | |
11841 | + */ | |
11842 | + for (; i<AHMD596_BLKLEN; i++) { | |
11843 | + kb[i] = HMAC_IPAD; | |
11844 | + } | |
11845 | + | |
11846 | + ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx); | |
11847 | + MD5Init(ictx); | |
11848 | + MD5Update(ictx, kb, AHMD596_BLKLEN); | |
11849 | + | |
11850 | + for (i=0; i<AHMD596_BLKLEN; i++) { | |
11851 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
11852 | + } | |
11853 | + | |
11854 | + octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx); | |
11855 | + MD5Init(octx); | |
11856 | + MD5Update(octx, kb, AHMD596_BLKLEN); | |
11857 | + | |
11858 | + KLIPS_PRINT(debug_esp, | |
11859 | + "klips_debug:tdb_init: MD5 ictx=0x%08x %08x %08x %08x" | |
11860 | + " octx=0x%08x %08x %08x %08x\n", | |
11861 | + ((__u32*)ictx)[0], | |
11862 | + ((__u32*)ictx)[1], | |
11863 | + ((__u32*)ictx)[2], | |
11864 | + ((__u32*)ictx)[3], | |
11865 | + ((__u32*)octx)[0], | |
11866 | + ((__u32*)octx)[1], | |
11867 | + ((__u32*)octx)[2], | |
11868 | + ((__u32*)octx)[3] ); | |
11869 | + | |
11870 | + memset(kb, 0, sizeof(kb)); /* paranoid */ | |
11871 | + memset((caddr_t)&(ed->eme_key), 0, ed->eme_klen); | |
11872 | + memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen); | |
11873 | + break; | |
11874 | + } | |
11875 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
11876 | +#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
11877 | + case XF_ESPNULLSHA196: | |
11878 | + case XF_ESP3DESSHA196: | |
11879 | + { | |
11880 | + SHA1_CTX *ictx; | |
11881 | + SHA1_CTX *octx; | |
11882 | + | |
11883 | + tdbp->tdb_authalg = AH_SHA; | |
11884 | + | |
11885 | + if (ed->ame_klen != AHSHA196_KLEN) { | |
11886 | + KLIPS_PRINT(debug_esp, | |
11887 | + "klips_debug:tdb_init: incorrect authorisation " | |
11888 | + " key size: %d -- must be %d octets (bytes)\n", | |
11889 | + ed->ame_klen, AHSHA196_KLEN); | |
11890 | + SENDERR(EINVAL); | |
11891 | + } | |
11892 | + | |
11893 | + tdbp->tdb_key_bits_a = ed->ame_klen; | |
11894 | + tdbp->tdb_auth_bits = ed->ame_klen * 8; | |
11895 | + | |
11896 | + if((tdbp->tdb_key_a = (caddr_t) | |
11897 | + kmalloc((tdbp->tdb_key_a_size = sizeof(struct sha1_ctx)), | |
11898 | + GFP_ATOMIC)) == NULL) { | |
11899 | + SENDERR(ENOMEM); | |
11900 | + } | |
11901 | + KLIPS_PRINT(debug_esp, | |
11902 | + "klips_debug:tdb_init: hmac sha1-96 key is 0x%08x %08x %08x %08x\n", | |
11903 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+0)), | |
11904 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+1)), | |
11905 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+2)), | |
11906 | + (__u32)ntohl(*(((__u32 *)ed->ame_key)+3))); | |
11907 | + | |
11908 | + for (i=0; i< AHSHA196_KLEN; i++) | |
11909 | + kb[i] = (*(((unsigned char *)(ed->ame_key)) + i)) ^ HMAC_IPAD; | |
11910 | + /* | |
11911 | + * HMAC_key is now contained in the first 128 bits of kb. | |
11912 | + * Pad with zeroes and XOR with HMAC_IPAD to create the inner context | |
11913 | + */ | |
11914 | + for (; i<AHSHA196_BLKLEN; i++) | |
11915 | + kb[i] = HMAC_IPAD; | |
11916 | + | |
11917 | + ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx); | |
11918 | + SHA1Init(ictx); | |
11919 | + SHA1Update(ictx, kb, AHSHA196_BLKLEN); | |
11920 | + | |
11921 | + for (i=0; i<AHSHA196_BLKLEN; i++) | |
11922 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
11923 | + | |
11924 | + octx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->octx); | |
11925 | + SHA1Init(octx); | |
11926 | + SHA1Update(octx, kb, AHSHA196_BLKLEN); | |
11927 | + | |
11928 | + KLIPS_PRINT(debug_esp, | |
11929 | + "klips_debug:tdb_init: SHA1 ictx=0x%08x %08x %08x %08x" | |
11930 | + " octx=0x%08x %08x %08x %08x\n", | |
11931 | + ((__u32*)ictx)[0], | |
11932 | + ((__u32*)ictx)[1], | |
11933 | + ((__u32*)ictx)[2], | |
11934 | + ((__u32*)ictx)[3], | |
11935 | + ((__u32*)octx)[0], | |
11936 | + ((__u32*)octx)[1], | |
11937 | + ((__u32*)octx)[2], | |
11938 | + ((__u32*)octx)[3] ); | |
11939 | + | |
11940 | + memset(kb, 0, sizeof(kb)); /* paranoid */ | |
11941 | + memset((caddr_t)&(ed->eme_key), 0, ed->eme_klen); | |
11942 | + memset((caddr_t)&(ed->ame_key), 0, ed->ame_klen); | |
11943 | + break; | |
11944 | + } | |
11945 | +#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
11946 | + case XF_ESP3DES: | |
11947 | + tdbp->tdb_authalg = AH_NONE; | |
11948 | + break; | |
11949 | + default: | |
11950 | + } | |
11951 | + } | |
11952 | + break; | |
11953 | +#endif /* !CONFIG_IPSEC_ESP */ | |
11954 | + default: | |
11955 | + KLIPS_PRINT(debug_xform, | |
11956 | + "klips_debug:tdb_init: alg=%d not configured\n", alg); | |
11957 | + SENDERR(ESOCKTNOSUPPORT); | |
11958 | + } | |
11959 | + SENDERR(0); | |
11960 | + } | |
11961 | + } | |
11962 | + KLIPS_PRINT(debug_xform & DB_XF_INIT, | |
11963 | + "klips_debug:tdb_init: unregistered algorithm %d requested\n" | |
11964 | + "klips_debug: trying to setup SA:%s\n", alg, sa); | |
11965 | + SENDERR(EINVAL); | |
11966 | +errlab: | |
11967 | + return len; | |
11968 | +} | |
11969 | +#endif | |
11970 | + | |
11971 | +int | |
11972 | +ipsec_tdbcleanup(__u8 proto) | |
11973 | +{ | |
11974 | + int i; | |
11975 | + int error = 0; | |
11976 | + struct tdb *tdbp, **tdbprev, *tdbdel; | |
11977 | + char sa[SATOA_BUF]; | |
11978 | + | |
11979 | + KLIPS_PRINT(debug_xform, | |
11980 | + "klips_debug:ipsec_tdbcleanup: cleaning up proto=%d.\n", proto); | |
11981 | + | |
11982 | + spin_lock_bh(&tdb_lock); | |
11983 | + | |
11984 | + for (i = 0; i < TDB_HASHMOD; i++) { | |
11985 | + tdbprev = &(tdbh[i]); | |
11986 | + tdbp = tdbh[i]; | |
11987 | + for(; tdbp;) { | |
11988 | + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
11989 | + KLIPS_PRINT(debug_xform, | |
11990 | + "klips_debug:ipsec_tdbcleanup: checking SA:%s, hash=%d", | |
11991 | + sa, i); | |
11992 | + tdbdel = tdbp; | |
11993 | + tdbp = tdbdel->tdb_hnext; | |
11994 | + if(tdbp) { | |
11995 | + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
11996 | + KLIPS_PRINT(debug_xform, | |
11997 | + ", hnext=%s", sa); | |
11998 | + } | |
11999 | + if(*tdbprev) { | |
12000 | + satoa((*tdbprev)->tdb_said, 0, sa, SATOA_BUF); | |
12001 | + KLIPS_PRINT(debug_xform, | |
12002 | + ", *tdbprev=%s", sa); | |
12003 | + if((*tdbprev)->tdb_hnext) { | |
12004 | + satoa((*tdbprev)->tdb_hnext->tdb_said, 0, sa, SATOA_BUF); | |
12005 | + KLIPS_PRINT(debug_xform, | |
12006 | + ", *tdbprev->tdb_hnext=%s", sa); | |
12007 | + } | |
12008 | + } | |
12009 | + KLIPS_PRINT(debug_xform, | |
12010 | + ".\n"); | |
12011 | + if(!proto || (proto == tdbdel->tdb_said.proto)) { | |
12012 | + satoa(tdbdel->tdb_said, 0, sa, SATOA_BUF); | |
12013 | + KLIPS_PRINT(debug_xform, | |
12014 | + "klips_debug:ipsec_tdbcleanup: deleting SA chain:%s.\n", | |
12015 | + sa); | |
12016 | + /* *tdbprev = tdbdel->tdb_hnext; */ | |
12017 | + if((error = deltdbchain(tdbdel))) { | |
12018 | + goto errlab; | |
12019 | + } | |
12020 | + tdbprev = &(tdbh[i]); | |
12021 | + tdbp = tdbh[i]; | |
12022 | + | |
12023 | + KLIPS_PRINT(debug_xform, | |
12024 | + "klips_debug:ipsec_tdbcleanup: deleted SA chain:%s", sa); | |
12025 | + if(tdbp) { | |
12026 | + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
12027 | + KLIPS_PRINT(debug_xform, | |
12028 | + ", tdbh[%d]=%s", i, sa); | |
12029 | + } | |
12030 | + if(*tdbprev) { | |
12031 | + satoa((*tdbprev)->tdb_said, 0, sa, SATOA_BUF); | |
12032 | + KLIPS_PRINT(debug_xform, | |
12033 | + ", *tdbprev=%s", sa); | |
12034 | + if((*tdbprev)->tdb_hnext) { | |
12035 | + satoa((*tdbprev)->tdb_hnext->tdb_said, 0, sa, SATOA_BUF); | |
12036 | + KLIPS_PRINT(debug_xform, | |
12037 | + ", *tdbprev->tdb_hnext=%s", sa); | |
12038 | + } | |
12039 | + } | |
12040 | + KLIPS_PRINT(debug_xform, | |
12041 | + ".\n"); | |
12042 | + } else { | |
12043 | + tdbprev = &tdbdel; | |
12044 | + } | |
12045 | + } | |
12046 | + } | |
12047 | + errlab: | |
12048 | + | |
12049 | + spin_unlock_bh(&tdb_lock); | |
12050 | + | |
12051 | + return(-error); | |
12052 | +} | |
12053 | + | |
12054 | +int | |
12055 | +ipsec_tdbwipe(struct tdb *tdbp) | |
12056 | +{ | |
12057 | + if(!tdbp) { | |
12058 | + return -1; | |
12059 | + } | |
12060 | + | |
12061 | + if(tdbp->tdb_addr_s) { | |
12062 | + memset((caddr_t)(tdbp->tdb_addr_s), 0, tdbp->tdb_addr_s_size); | |
12063 | + kfree(tdbp->tdb_addr_s); | |
12064 | + } | |
12065 | + tdbp->tdb_addr_s = NULL; | |
12066 | + | |
12067 | + if(tdbp->tdb_addr_d) { | |
12068 | + memset((caddr_t)(tdbp->tdb_addr_d), 0, tdbp->tdb_addr_d_size); | |
12069 | + kfree(tdbp->tdb_addr_d); | |
12070 | + } | |
12071 | + tdbp->tdb_addr_d = NULL; | |
12072 | + | |
12073 | + if(tdbp->tdb_addr_p) { | |
12074 | + memset((caddr_t)(tdbp->tdb_addr_p), 0, tdbp->tdb_addr_p_size); | |
12075 | + kfree(tdbp->tdb_addr_p); | |
12076 | + } | |
12077 | + tdbp->tdb_addr_p = NULL; | |
12078 | + | |
12079 | + if(tdbp->tdb_key_a) { | |
12080 | + memset((caddr_t)(tdbp->tdb_key_a), 0, tdbp->tdb_key_a_size); | |
12081 | + kfree(tdbp->tdb_key_a); | |
12082 | + } | |
12083 | + tdbp->tdb_key_a = NULL; | |
12084 | + | |
12085 | + if(tdbp->tdb_key_e) { | |
12086 | + memset((caddr_t)(tdbp->tdb_key_e), 0, tdbp->tdb_key_e_size); | |
12087 | + kfree(tdbp->tdb_key_e); | |
12088 | + } | |
12089 | + tdbp->tdb_key_e = NULL; | |
12090 | + | |
12091 | + if(tdbp->tdb_iv) { | |
12092 | + memset((caddr_t)(tdbp->tdb_iv), 0, tdbp->tdb_iv_size); | |
12093 | + kfree(tdbp->tdb_iv); | |
12094 | + } | |
12095 | + tdbp->tdb_iv = NULL; | |
12096 | + | |
12097 | + if(tdbp->tdb_ident_data_s) { | |
12098 | + memset((caddr_t)(tdbp->tdb_ident_data_s), | |
12099 | + 0, | |
12100 | + tdbp->tdb_ident_len_s * IPSEC_PFKEYv2_ALIGN); | |
12101 | + kfree(tdbp->tdb_ident_data_s); | |
12102 | + } | |
12103 | + tdbp->tdb_ident_data_s = NULL; | |
12104 | + | |
12105 | + if(tdbp->tdb_ident_data_d) { | |
12106 | + memset((caddr_t)(tdbp->tdb_ident_data_d), | |
12107 | + 0, | |
12108 | + tdbp->tdb_ident_len_d * IPSEC_PFKEYv2_ALIGN); | |
12109 | + kfree(tdbp->tdb_ident_data_d); | |
12110 | + } | |
12111 | + tdbp->tdb_ident_data_d = NULL; | |
12112 | + | |
12113 | + memset((caddr_t)tdbp, 0, sizeof(*tdbp)); | |
12114 | + kfree(tdbp); | |
12115 | + tdbp = NULL; | |
12116 | + | |
12117 | + return 0; | |
12118 | +} | |
12119 | + | |
12120 | +/* | |
12121 | + * $Log$ | |
12122 | + * Revision 1.47 2000/11/06 04:32:08 rgb | |
12123 | + * Ditched spin_lock_irqsave in favour of spin_lock_bh. | |
12124 | + * | |
12125 | + * Revision 1.46 2000/09/20 16:21:57 rgb | |
12126 | + * Cleaned up ident string alloc/free. | |
12127 | + * | |
12128 | + * Revision 1.45 2000/09/08 19:16:51 rgb | |
12129 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
12130 | + * Removed all references to CONFIG_IPSEC_PFKEYv2. | |
12131 | + * | |
12132 | + * Revision 1.44 2000/08/30 05:29:04 rgb | |
12133 | + * Compiler-define out no longer used tdb_init() in ipsec_xform.c. | |
12134 | + * | |
12135 | + * Revision 1.43 2000/08/18 21:30:41 rgb | |
12136 | + * Purged all tdb_spi, tdb_proto and tdb_dst macros. They are unclear. | |
12137 | + * | |
12138 | + * Revision 1.42 2000/08/01 14:51:51 rgb | |
12139 | + * Removed _all_ remaining traces of DES. | |
12140 | + * | |
12141 | + * Revision 1.41 2000/07/28 14:58:31 rgb | |
12142 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
12143 | + * | |
12144 | + * Revision 1.40 2000/06/28 05:50:11 rgb | |
12145 | + * Actually set iv_bits. | |
12146 | + * | |
12147 | + * Revision 1.39 2000/05/10 23:11:09 rgb | |
12148 | + * Added netlink debugging output. | |
12149 | + * Added a cast to quiet down the ntohl bug. | |
12150 | + * | |
12151 | + * Revision 1.38 2000/05/10 19:18:42 rgb | |
12152 | + * Cast output of ntohl so that the broken prototype doesn't make our | |
12153 | + * compile noisy. | |
12154 | + * | |
12155 | + * Revision 1.37 2000/03/16 14:04:59 rgb | |
12156 | + * Hardwired CONFIG_IPSEC_PFKEYv2 on. | |
12157 | + * | |
12158 | + * Revision 1.36 2000/01/26 10:11:28 rgb | |
12159 | + * Fixed spacing in error text causing run-in words. | |
12160 | + * | |
12161 | + * Revision 1.35 2000/01/21 06:17:16 rgb | |
12162 | + * Tidied up compiler directive indentation for readability. | |
12163 | + * Added ictx,octx vars for simplification.(kravietz) | |
12164 | + * Added macros for HMAC padding magic numbers.(kravietz) | |
12165 | + * Fixed missing key length reporting bug. | |
12166 | + * Fixed bug in tdbwipe to return immediately on NULL tdbp passed in. | |
12167 | + * | |
12168 | + * Revision 1.34 1999/12/08 00:04:19 rgb | |
12169 | + * Fixed SA direction overwriting bug for netlink users. | |
12170 | + * | |
12171 | + * Revision 1.33 1999/12/01 22:16:44 rgb | |
12172 | + * Minor formatting changes in ESP MD5 initialisation. | |
12173 | + * | |
12174 | + * Revision 1.32 1999/11/25 09:06:36 rgb | |
12175 | + * Fixed error return messages, should be returning negative numbers. | |
12176 | + * Implemented SENDERR macro for propagating error codes. | |
12177 | + * Added debug message and separate error code for algorithms not compiled | |
12178 | + * in. | |
12179 | + * | |
12180 | + * Revision 1.31 1999/11/23 23:06:26 rgb | |
12181 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
12182 | + * | |
12183 | + * Revision 1.30 1999/11/18 04:09:20 rgb | |
12184 | + * Replaced all kernel version macros to shorter, readable form. | |
12185 | + * | |
12186 | + * Revision 1.29 1999/11/17 15:53:40 rgb | |
12187 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
12188 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
12189 | + * klips/net/ipsec/Makefile. | |
12190 | + * | |
12191 | + * Revision 1.28 1999/10/18 20:04:01 rgb | |
12192 | + * Clean-out unused cruft. | |
12193 | + * | |
12194 | + * Revision 1.27 1999/10/03 19:01:03 rgb | |
12195 | + * Spinlock support for 2.3.xx and 2.0.xx kernels. | |
12196 | + * | |
12197 | + * Revision 1.26 1999/10/01 16:22:24 rgb | |
12198 | + * Switch from assignment init. to functional init. of spinlocks. | |
12199 | + * | |
12200 | + * Revision 1.25 1999/10/01 15:44:54 rgb | |
12201 | + * Move spinlock header include to 2.1> scope. | |
12202 | + * | |
12203 | + * Revision 1.24 1999/10/01 00:03:46 rgb | |
12204 | + * Added tdb structure locking. | |
12205 | + * Minor formatting changes. | |
12206 | + * Add function to initialize tdb hash table. | |
12207 | + * | |
12208 | + * Revision 1.23 1999/05/25 22:42:12 rgb | |
12209 | + * Add deltdbchain() debugging. | |
12210 | + * | |
12211 | + * Revision 1.22 1999/05/25 21:24:31 rgb | |
12212 | + * Add debugging statements to deltdbchain(). | |
12213 | + * | |
12214 | + * Revision 1.21 1999/05/25 03:51:48 rgb | |
12215 | + * Refix error return code. | |
12216 | + * | |
12217 | + * Revision 1.20 1999/05/25 03:34:07 rgb | |
12218 | + * Fix error return for flush. | |
12219 | + * | |
12220 | + * Revision 1.19 1999/05/09 03:25:37 rgb | |
12221 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
12222 | + * | |
12223 | + * Revision 1.18 1999/05/05 22:02:32 rgb | |
12224 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
12225 | + * | |
12226 | + * Revision 1.17 1999/04/29 15:20:16 rgb | |
12227 | + * Change gettdb parameter to a pointer to reduce stack loading and | |
12228 | + * facilitate parameter sanity checking. | |
12229 | + * Add sanity checking for null pointer arguments. | |
12230 | + * Add debugging instrumentation. | |
12231 | + * Add function deltdbchain() which will take care of unlinking, | |
12232 | + * zeroing and deleting a chain of tdbs. | |
12233 | + * Add a parameter to tdbcleanup to be able to delete a class of SAs. | |
12234 | + * tdbwipe now actually zeroes the tdb as well as any of its pointed | |
12235 | + * structures. | |
12236 | + * | |
12237 | + * Revision 1.16 1999/04/16 15:36:29 rgb | |
12238 | + * Fix cut-and-paste error causing a memory leak in IPIP TDB freeing. | |
12239 | + * | |
12240 | + * Revision 1.15 1999/04/11 00:29:01 henry | |
12241 | + * GPL boilerplate | |
12242 | + * | |
12243 | + * Revision 1.14 1999/04/06 04:54:28 rgb | |
12244 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
12245 | + * patch shell fixes. | |
12246 | + * | |
12247 | + * Revision 1.13 1999/02/19 18:23:01 rgb | |
12248 | + * Nix debug off compile warning. | |
12249 | + * | |
12250 | + * Revision 1.12 1999/02/17 16:52:16 rgb | |
12251 | + * Consolidate satoa()s for space and speed efficiency. | |
12252 | + * Convert DEBUG_IPSEC to KLIPS_PRINT | |
12253 | + * Clean out unused cruft. | |
12254 | + * Ditch NET_IPIP dependancy. | |
12255 | + * Loop for 3des key setting. | |
12256 | + * | |
12257 | + * Revision 1.11 1999/01/26 02:09:05 rgb | |
12258 | + * Remove ah/esp/IPIP switching on include files. | |
12259 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
12260 | + * Removed dead code. | |
12261 | + * Clean up debug code when switched off. | |
12262 | + * Remove references to INET_GET_PROTOCOL. | |
12263 | + * Added code exclusion macros to reduce code from unused algorithms. | |
12264 | + * | |
12265 | + * Revision 1.10 1999/01/22 06:28:55 rgb | |
12266 | + * Cruft clean-out. | |
12267 | + * Put random IV generation in kernel. | |
12268 | + * Added algorithm switch code. | |
12269 | + * Enhanced debugging. | |
12270 | + * 64-bit clean-up. | |
12271 | + * | |
12272 | + * Revision 1.9 1998/11/30 13:22:55 rgb | |
12273 | + * Rationalised all the klips kernel file headers. They are much shorter | |
12274 | + * now and won't conflict under RH5.2. | |
12275 | + * | |
12276 | + * Revision 1.8 1998/11/25 04:59:06 rgb | |
12277 | + * Add conditionals for no IPIP tunnel code. | |
12278 | + * Delete commented out code. | |
12279 | + * | |
12280 | + * Revision 1.7 1998/10/31 06:50:41 rgb | |
12281 | + * Convert xform ASCII names to no spaces. | |
12282 | + * Fixed up comments in #endif directives. | |
12283 | + * | |
12284 | + * Revision 1.6 1998/10/19 14:44:28 rgb | |
12285 | + * Added inclusion of freeswan.h. | |
12286 | + * sa_id structure implemented and used: now includes protocol. | |
12287 | + * | |
12288 | + * Revision 1.5 1998/10/09 04:32:19 rgb | |
12289 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
12290 | + * | |
12291 | + * Revision 1.4 1998/08/12 00:11:31 rgb | |
12292 | + * Added new xform functions to the xform table. | |
12293 | + * Fixed minor debug output spelling error. | |
12294 | + * | |
12295 | + * Revision 1.3 1998/07/09 17:45:31 rgb | |
12296 | + * Clarify algorithm not available message. | |
12297 | + * | |
12298 | + * Revision 1.2 1998/06/23 03:00:51 rgb | |
12299 | + * Check for presence of IPIP protocol if it is setup one way (we don't | |
12300 | + * know what has been set up the other way and can only assume it will be | |
12301 | + * symmetrical with the exception of keys). | |
12302 | + * | |
12303 | + * Revision 1.1 1998/06/18 21:27:51 henry | |
12304 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
12305 | + * kernel-build scripts happier in the presence of symlinks | |
12306 | + * | |
12307 | + * Revision 1.3 1998/06/11 05:54:59 rgb | |
12308 | + * Added transform version string pointer to xformsw initialisations. | |
12309 | + * | |
12310 | + * Revision 1.2 1998/04/21 21:28:57 rgb | |
12311 | + * Rearrange debug switches to change on the fly debug output from user | |
12312 | + * space. Only kernel changes checked in at this time. radij.c was also | |
12313 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
12314 | + * an OOPS and hence, netlink device open errors. | |
12315 | + * | |
12316 | + * Revision 1.1 1998/04/09 03:06:13 henry | |
12317 | + * sources moved up from linux/net/ipsec | |
12318 | + * | |
12319 | + * Revision 1.1.1.1 1998/04/08 05:35:02 henry | |
12320 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
12321 | + * | |
12322 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
12323 | + * Added ESP-3DES-MD5-96 | |
12324 | + * | |
12325 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
12326 | + * Added new transforms. | |
12327 | + * | |
12328 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
12329 | + * Minor cleanups. | |
12330 | + * Rationalized debugging code. | |
12331 | + * | |
12332 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
12333 | + * First limited release. | |
12334 | + * | |
12335 | + * | |
12336 | + */ | |
12337 | diff -druN linux-noipsec/net/ipsec/ipsec_xform.h linux/net/ipsec/ipsec_xform.h | |
12338 | --- linux-noipsec/net/ipsec/ipsec_xform.h Thu Jan 1 01:00:00 1970 | |
12339 | +++ linux/net/ipsec/ipsec_xform.h Mon Nov 6 05:30:40 2000 | |
12340 | @@ -0,0 +1,359 @@ | |
12341 | +/* | |
12342 | + * Definitions relevant to IPSEC transformations | |
12343 | + * Copyright (C) 1996, 1997 John Ioannidis. | |
12344 | + * Copyright (C) 1998, 1999 Richard Guy Briggs. | |
12345 | + * | |
12346 | + * This program is free software; you can redistribute it and/or modify it | |
12347 | + * under the terms of the GNU General Public License as published by the | |
12348 | + * Free Software Foundation; either version 2 of the License, or (at your | |
12349 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
12350 | + * | |
12351 | + * This program is distributed in the hope that it will be useful, but | |
12352 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
12353 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
12354 | + * for more details. | |
12355 | + * | |
12356 | + * RCSID $Id$ | |
12357 | + */ | |
12358 | + | |
12359 | +#include <freeswan.h> | |
12360 | + | |
12361 | +#define XF_NONE 0 /* No transform set */ | |
12362 | +#define XF_IP4 1 /* IPv4 inside IPv4 */ | |
12363 | +#define XF_AHMD5 2 /* AH MD5 */ | |
12364 | +#define XF_AHSHA 3 /* AH SHA */ | |
12365 | +#define XF_ESP3DES 5 /* ESP DES3-CBC */ | |
12366 | +#define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */ | |
12367 | +#define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */ | |
12368 | +#define XF_ESP3DESMD5 9 /* triple DES, HMAC-MD-5, 128-bits of authentication */ | |
12369 | +#define XF_ESP3DESMD596 10 /* triple DES, HMAC-MD-5, 96-bits of authentication */ | |
12370 | +#define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */ | |
12371 | +#define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */ | |
12372 | +#define XF_ESP3DESSHA196 14 /* triple DES, HMAC-SHA-1, 96-bits of authentication */ | |
12373 | +#define XF_IP6 15 /* IPv6 inside IPv6 */ | |
12374 | +#define XF_COMPDEFLATE 16 /* IPCOMP deflate */ | |
12375 | + | |
12376 | +#define XF_CLR 126 /* Clear SA table */ | |
12377 | +#define XF_DEL 127 /* Delete SA */ | |
12378 | + | |
12379 | +/* IPsec AH transform values | |
12380 | + * RFC 2407 | |
12381 | + * draft-ietf-ipsec-doi-tc-mib-02.txt | |
12382 | + */ | |
12383 | + | |
12384 | +#define AH_NONE 0 | |
12385 | +#define AH_MD5 2 | |
12386 | +#define AH_SHA 3 | |
12387 | + | |
12388 | +/* IPsec ESP transform values */ | |
12389 | + | |
12390 | +#define ESP_NONE 0 | |
12391 | +#define ESP_3DES 3 | |
12392 | +#define ESP_RC5 4 | |
12393 | +#define ESP_IDEA 5 | |
12394 | +#define ESP_CAST 6 | |
12395 | +#define ESP_BLOWFISH 7 | |
12396 | +#define ESP_3IDEA 8 | |
12397 | +#define ESP_RC4 10 | |
12398 | +#define ESP_NULL 11 | |
12399 | + | |
12400 | +/* IPCOMP transform values */ | |
12401 | + | |
12402 | +#define IPCOMP_NONE 0 | |
12403 | +#define IPCOMP_OUI 1 | |
12404 | +#define IPCOMP_DEFLAT 2 | |
12405 | +#define IPCOMP_LZS 3 | |
12406 | +#define IPCOMP_V42BIS 4 | |
12407 | + | |
12408 | +#define XFT_AUTH 0x0001 | |
12409 | +#define XFT_CONF 0x0100 | |
12410 | + | |
12411 | +#ifdef CONFIG_IPSEC_DEBUG | |
12412 | +#define DB_XF_INIT 0x0001 | |
12413 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
12414 | + | |
12415 | +#ifdef __KERNEL__ | |
12416 | +/* 'struct tdb' should really be 64bit aligned... XXX */ | |
12417 | +struct tdb /* tunnel descriptor block */ | |
12418 | +{ | |
12419 | + struct tdb *tdb_hnext; /* next in hash chain */ | |
12420 | + struct tdb *tdb_onext; /* next in output */ | |
12421 | + struct tdb *tdb_inext; /* next in input (prev!) */ | |
12422 | + struct ifnet *tdb_rcvif; /* related rcv encap interface */ | |
12423 | + struct sa_id tdb_said; /* SA ID */ | |
12424 | + __u32 tdb_seq; /* seq num of msg that set this SA */ | |
12425 | + __u32 tdb_pid; /* PID of process that set this SA */ | |
12426 | + __u8 tdb_authalg; /* auth algorithm for this SA */ | |
12427 | + __u8 tdb_encalg; /* enc algorithm for this SA */ | |
12428 | + | |
12429 | + __u32 tdb_alg_errs; /* number of algorithm errors */ | |
12430 | + __u32 tdb_auth_errs; /* number of authentication errors */ | |
12431 | + __u32 tdb_encsize_errs; /* number of encryption size errors */ | |
12432 | + __u32 tdb_encpad_errs; /* number of encryption size errors */ | |
12433 | + __u32 tdb_replaywin_errs; /* number of pkt sequence errors */ | |
12434 | + | |
12435 | + __u8 tdb_replaywin; /* replay window size */ | |
12436 | + __u8 tdb_state; /* state of SA */ | |
12437 | + __u32 tdb_replaywin_lastseq; /* last pkt sequence num */ | |
12438 | + __u64 tdb_replaywin_bitmap; /* bitmap of received pkts */ | |
12439 | + __u32 tdb_replaywin_maxdiff; /* maximum pkt sequence difference */ | |
12440 | + | |
12441 | + __u32 tdb_flags; /* generic xform flags */ | |
12442 | + | |
12443 | + __u32 tdb_lifetime_allocations_c; /* see rfc2367 */ | |
12444 | + __u32 tdb_lifetime_allocations_s; | |
12445 | + __u32 tdb_lifetime_allocations_h; | |
12446 | + __u64 tdb_lifetime_bytes_c; | |
12447 | + __u64 tdb_lifetime_bytes_s; | |
12448 | + __u64 tdb_lifetime_bytes_h; | |
12449 | + __u64 tdb_lifetime_addtime_c; | |
12450 | + __u64 tdb_lifetime_addtime_s; | |
12451 | + __u64 tdb_lifetime_addtime_h; | |
12452 | + __u64 tdb_lifetime_usetime_c; | |
12453 | + __u64 tdb_lifetime_usetime_s; | |
12454 | + __u64 tdb_lifetime_usetime_h; | |
12455 | + __u64 tdb_lifetime_packets_c; | |
12456 | + __u64 tdb_lifetime_packets_s; | |
12457 | + __u64 tdb_lifetime_packets_h; | |
12458 | + __u64 tdb_lifetime_usetime_l; /* last time transform was used */ | |
12459 | + struct sockaddr *tdb_addr_s; /* src sockaddr */ | |
12460 | + struct sockaddr *tdb_addr_d; /* dst sockaddr */ | |
12461 | + struct sockaddr *tdb_addr_p; /* proxy sockaddr */ | |
12462 | + __u16 tdb_addr_s_size; | |
12463 | + __u16 tdb_addr_d_size; | |
12464 | + __u16 tdb_addr_p_size; | |
12465 | + __u16 tdb_key_bits_a; /* size of authkey in bits */ | |
12466 | + __u16 tdb_auth_bits; /* size of authenticator in bits */ | |
12467 | + __u16 tdb_key_bits_e; /* size of enckey in bits */ | |
12468 | + __u16 tdb_iv_bits; /* size of IV in bits */ | |
12469 | + | |
12470 | + __u8 tdb_iv_size; | |
12471 | + __u16 tdb_key_a_size; | |
12472 | + __u16 tdb_key_e_size; | |
12473 | + caddr_t tdb_key_a; /* authentication key */ | |
12474 | + caddr_t tdb_key_e; /* encryption key */ | |
12475 | + caddr_t tdb_iv; /* Initialisation Vector */ | |
12476 | + __u16 tdb_ident_type_s; /* src identity type */ | |
12477 | + __u16 tdb_ident_type_d; /* dst identity type */ | |
12478 | + __u64 tdb_ident_id_s; /* src identity id */ | |
12479 | + __u64 tdb_ident_id_d; /* dst identity id */ | |
12480 | + __u8 tdb_ident_len_s; /* src identity type */ | |
12481 | + __u8 tdb_ident_len_d; /* dst identity type */ | |
12482 | + caddr_t tdb_ident_data_s; /* src identity data */ | |
12483 | + caddr_t tdb_ident_data_d; /* dst identity data */ | |
12484 | +#ifdef CONFIG_IPSEC_IPCOMP | |
12485 | + __u16 tdb_comp_adapt_tries; /* ipcomp self-adaption tries */ | |
12486 | + __u16 tdb_comp_adapt_skip; /* ipcomp self-adaption to-skip */ | |
12487 | + __u64 tdb_comp_ratio_cbytes; /* compressed bytes */ | |
12488 | + __u64 tdb_comp_ratio_dbytes; /* decompressed (or uncompressed) bytes */ | |
12489 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
12490 | +#if 0 | |
12491 | + __u32 tdb_sens_dpd; | |
12492 | + __u8 tdb_sens_sens_level; | |
12493 | + __u8 tdb_sens_sens_len; | |
12494 | + __u64* tdb_sens_sens_bitmap; | |
12495 | + __u8 tdb_sens_integ_level; | |
12496 | + __u8 tdb_sens_integ_len; | |
12497 | + __u64* tdb_sens_integ_bitmap; | |
12498 | +#endif | |
12499 | +}; | |
12500 | + | |
12501 | +#define PROTO2TXT(x) \ | |
12502 | + (x) == IPPROTO_AH ? "AH" : \ | |
12503 | + (x) == IPPROTO_ESP ? "ESP" : \ | |
12504 | + (x) == IPPROTO_IPIP ? "IPIP" : \ | |
12505 | + (x) == IPPROTO_COMP ? "COMP" : \ | |
12506 | + "UNKNOWN_proto" | |
12507 | + | |
12508 | +#if 0 | |
12509 | + (x)->tdb_said.proto == IPPROTO_AH ? "AH" : \ | |
12510 | + (x)->tdb_said.proto == IPPROTO_ESP ? "ESP" : \ | |
12511 | + (x)->tdb_said.proto == IPPROTO_IPIP ? "IPIP" : \ | |
12512 | + (x)->tdb_said.proto == IPPROTO_COMP ? "COMP" : \ | |
12513 | + "UNKNOWN_proto", \ | |
12514 | + | |
12515 | +#endif | |
12516 | +#define TDB_XFORM_NAME(x) \ | |
12517 | + PROTO2TXT((x)->tdb_said.proto), \ | |
12518 | + (x)->tdb_said.proto == IPPROTO_COMP ? \ | |
12519 | + ((x)->tdb_encalg == SADB_X_CALG_DEFLATE ? \ | |
12520 | + "_DEFLATE" : "_UNKNOWN_comp") : \ | |
12521 | + (x)->tdb_encalg == ESP_NONE ? "" : \ | |
12522 | + (x)->tdb_encalg == ESP_3DES ? "_3DES" : \ | |
12523 | + (x)->tdb_encalg == ESP_NULL ? "_NULL_encr" : \ | |
12524 | + "_UNKNOWN_encr", \ | |
12525 | + (x)->tdb_authalg == AH_NONE ? "" : \ | |
12526 | + (x)->tdb_authalg == AH_MD5 ? "_HMAC_MD5" : \ | |
12527 | + (x)->tdb_authalg == AH_SHA ? "_HMAC_SHA1" : \ | |
12528 | + "_UNKNOWN_auth" \ | |
12529 | + | |
12530 | +#define TDB_HASHMOD 257 | |
12531 | + | |
12532 | +struct xformsw | |
12533 | +{ | |
12534 | + u_short xf_type; /* Unique ID of xform */ | |
12535 | + u_short xf_flags; /* secondary type reall) */ | |
12536 | + char *xf_name; /* human-readable name */ | |
12537 | +}; | |
12538 | + | |
12539 | +extern struct tdb *tdbh[TDB_HASHMOD]; | |
12540 | +extern spinlock_t tdb_lock; | |
12541 | +extern struct xformsw xformsw[], *xformswNXFORMSW; | |
12542 | + | |
12543 | +extern int ipsec_tdbinit(void); | |
12544 | +extern struct tdb *gettdb(struct sa_id*); | |
12545 | +extern /* void */ int deltdb(struct tdb *); | |
12546 | +extern /* void */ int deltdbchain(struct tdb *); | |
12547 | +extern /* void */ int puttdb(struct tdb *); | |
12548 | +extern int tdb_init(struct tdb *, struct encap_msghdr *); | |
12549 | +extern int ipsec_tdbcleanup(__u8); | |
12550 | +extern int ipsec_tdbwipe(struct tdb *); | |
12551 | + | |
12552 | +#ifdef CONFIG_IPSEC_DEBUG | |
12553 | +extern int debug_xform; | |
12554 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
12555 | +#endif /* __KERNEL__ */ | |
12556 | + | |
12557 | +/* | |
12558 | + * $Log$ | |
12559 | + * Revision 1.28 2000/11/06 04:30:40 rgb | |
12560 | + * Add Svenning's adaptive content compression. | |
12561 | + * | |
12562 | + * Revision 1.27 2000/09/19 00:38:25 rgb | |
12563 | + * Fixed algorithm name bugs introduced for ipcomp. | |
12564 | + * | |
12565 | + * Revision 1.26 2000/09/17 21:36:48 rgb | |
12566 | + * Added proto2txt macro. | |
12567 | + * | |
12568 | + * Revision 1.25 2000/09/17 18:56:47 rgb | |
12569 | + * Added IPCOMP support. | |
12570 | + * | |
12571 | + * Revision 1.24 2000/09/12 19:34:12 rgb | |
12572 | + * Defined XF_IP6 from Gerhard for ipv6 tunnel support. | |
12573 | + * | |
12574 | + * Revision 1.23 2000/09/12 03:23:14 rgb | |
12575 | + * Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb. | |
12576 | + * | |
12577 | + * Revision 1.22 2000/09/08 19:12:56 rgb | |
12578 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
12579 | + * | |
12580 | + * Revision 1.21 2000/09/01 18:32:43 rgb | |
12581 | + * Added (disabled) sensitivity members to tdb struct. | |
12582 | + * | |
12583 | + * Revision 1.20 2000/08/30 05:31:01 rgb | |
12584 | + * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst. | |
12585 | + * Kill remainder of tdb_xform, tdb_xdata, xformsw. | |
12586 | + * | |
12587 | + * Revision 1.19 2000/08/01 14:51:52 rgb | |
12588 | + * Removed _all_ remaining traces of DES. | |
12589 | + * | |
12590 | + * Revision 1.18 2000/01/21 06:17:45 rgb | |
12591 | + * Tidied up spacing. | |
12592 | + * | |
12593 | + * Revision 1.17 1999/11/17 15:53:40 rgb | |
12594 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
12595 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
12596 | + * klips/net/ipsec/Makefile. | |
12597 | + * | |
12598 | + * Revision 1.16 1999/10/16 04:23:07 rgb | |
12599 | + * Add stats for replaywin_errs, replaywin_max_sequence_difference, | |
12600 | + * authentication errors, encryption size errors, encryption padding | |
12601 | + * errors, and time since last packet. | |
12602 | + * | |
12603 | + * Revision 1.15 1999/10/16 00:29:11 rgb | |
12604 | + * Added SA lifetime packet counting variables. | |
12605 | + * | |
12606 | + * Revision 1.14 1999/10/01 00:04:14 rgb | |
12607 | + * Added tdb structure locking. | |
12608 | + * Add function to initialize tdb hash table. | |
12609 | + * | |
12610 | + * Revision 1.13 1999/04/29 15:20:57 rgb | |
12611 | + * dd return values to init and cleanup functions. | |
12612 | + * Eliminate unnessessary usage of tdb_xform member to further switch | |
12613 | + * away from the transform switch to the algorithm switch. | |
12614 | + * Change gettdb parameter to a pointer to reduce stack loading and | |
12615 | + * facilitate parameter sanity checking. | |
12616 | + * Add a parameter to tdbcleanup to be able to delete a class of SAs. | |
12617 | + * | |
12618 | + * Revision 1.12 1999/04/15 15:37:25 rgb | |
12619 | + * Forward check changes from POST1_00 branch. | |
12620 | + * | |
12621 | + * Revision 1.9.2.2 1999/04/13 20:35:57 rgb | |
12622 | + * Fix spelling mistake in comment. | |
12623 | + * | |
12624 | + * Revision 1.9.2.1 1999/03/30 17:13:52 rgb | |
12625 | + * Extend struct tdb to support pfkey. | |
12626 | + * | |
12627 | + * Revision 1.11 1999/04/11 00:29:01 henry | |
12628 | + * GPL boilerplate | |
12629 | + * | |
12630 | + * Revision 1.10 1999/04/06 04:54:28 rgb | |
12631 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
12632 | + * patch shell fixes. | |
12633 | + * | |
12634 | + * Revision 1.9 1999/01/26 02:09:31 rgb | |
12635 | + * Removed CONFIG_IPSEC_ALGO_SWITCH macro. | |
12636 | + * Removed dead code. | |
12637 | + * | |
12638 | + * Revision 1.8 1999/01/22 06:29:35 rgb | |
12639 | + * Added algorithm switch code. | |
12640 | + * Cruft clean-out. | |
12641 | + * | |
12642 | + * Revision 1.7 1998/11/10 05:37:35 rgb | |
12643 | + * Add support for SA direction flag. | |
12644 | + * | |
12645 | + * Revision 1.6 1998/10/19 14:44:29 rgb | |
12646 | + * Added inclusion of freeswan.h. | |
12647 | + * sa_id structure implemented and used: now includes protocol. | |
12648 | + * | |
12649 | + * Revision 1.5 1998/08/12 00:12:30 rgb | |
12650 | + * Added macros for new xforms. Added prototypes for new xforms. | |
12651 | + * | |
12652 | + * Revision 1.4 1998/07/28 00:04:20 rgb | |
12653 | + * Add macro for clearing the SA table. | |
12654 | + * | |
12655 | + * Revision 1.3 1998/07/14 18:06:46 rgb | |
12656 | + * Added #ifdef __KERNEL__ directives to restrict scope of header. | |
12657 | + * | |
12658 | + * Revision 1.2 1998/06/23 03:02:19 rgb | |
12659 | + * Created a prototype for ipsec_tdbcleanup when it was moved from | |
12660 | + * ipsec_init.c. | |
12661 | + * | |
12662 | + * Revision 1.1 1998/06/18 21:27:51 henry | |
12663 | + * move sources from klips/src to klips/net/ipsec, to keep stupid | |
12664 | + * kernel-build scripts happier in the presence of symlinks | |
12665 | + * | |
12666 | + * Revision 1.4 1998/06/11 05:55:31 rgb | |
12667 | + * Added transform version string pointer to xformsw structure definition. | |
12668 | + * Added extern declarations for transform version strings. | |
12669 | + * | |
12670 | + * Revision 1.3 1998/05/18 22:02:54 rgb | |
12671 | + * Modify the *_zeroize function prototypes to include one parameter. | |
12672 | + * | |
12673 | + * Revision 1.2 1998/04/21 21:29:08 rgb | |
12674 | + * Rearrange debug switches to change on the fly debug output from user | |
12675 | + * space. Only kernel changes checked in at this time. radij.c was also | |
12676 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
12677 | + * an OOPS and hence, netlink device open errors. | |
12678 | + * | |
12679 | + * Revision 1.1 1998/04/09 03:06:14 henry | |
12680 | + * sources moved up from linux/net/ipsec | |
12681 | + * | |
12682 | + * Revision 1.1.1.1 1998/04/08 05:35:06 henry | |
12683 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
12684 | + * | |
12685 | + * Revision 0.5 1997/06/03 04:24:48 ji | |
12686 | + * Added ESP-3DES-MD5-96 | |
12687 | + * | |
12688 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
12689 | + * Added new transforms. | |
12690 | + * | |
12691 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
12692 | + * Minor cleanups. | |
12693 | + * Rationalized debugging code. | |
12694 | + * | |
12695 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
12696 | + * First limited release. | |
12697 | + * | |
12698 | + * | |
12699 | + */ | |
12700 | diff -druN linux-noipsec/net/ipsec/libdes/Makefile linux/net/ipsec/libdes/Makefile | |
12701 | --- linux-noipsec/net/ipsec/libdes/Makefile Thu Jan 1 01:00:00 1970 | |
12702 | +++ linux/net/ipsec/libdes/Makefile Fri Dec 15 15:02:26 2000 | |
12703 | @@ -0,0 +1,246 @@ | |
12704 | +# You must select the correct terminal control system to be used to | |
12705 | +# turn character echo off when reading passwords. There a 5 systems | |
12706 | +# SGTTY - the old BSD system | |
12707 | +# TERMIO - most system V boxes | |
12708 | +# TERMIOS - SGI (ala IRIX). | |
12709 | +# VMS - the DEC operating system | |
12710 | +# MSDOS - we all know what it is :-) | |
12711 | +# read_pwd.c makes a reasonable guess at what is correct. | |
12712 | + | |
12713 | +# Targets | |
12714 | +# make - twidle the options yourself :-) | |
12715 | +# make cc - standard cc options | |
12716 | +# make gcc - standard gcc options | |
12717 | +# make x86-elf - linux-elf etc | |
12718 | +# make x86-out - linux-a.out, FreeBSD etc | |
12719 | +# make x86-solaris | |
12720 | +# make x86-bdsi | |
12721 | + | |
12722 | +# If you are on a DEC Alpha, edit des.h and change the DES_LONG | |
12723 | +# define to 'unsigned int'. I have seen this give a %20 speedup. | |
12724 | + | |
12725 | +OPTS0= -DLIBDES_LIT -DRAND -DTERMIO #-DNOCONST | |
12726 | + | |
12727 | +# Version 1.94 has changed the strings_to_key function so that it is | |
12728 | +# now compatible with MITs when the string is longer than 8 characters. | |
12729 | +# If you wish to keep the old version, uncomment the following line. | |
12730 | +# This will affect the -E/-D options on des(1). | |
12731 | +#OPTS1= -DOLD_STR_TO_KEY | |
12732 | + | |
12733 | +# There are 4 possible performance options | |
12734 | +# -DDES_PTR | |
12735 | +# -DDES_RISC1 | |
12736 | +# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2) | |
12737 | +# -DDES_UNROLL | |
12738 | +# after the initial build, run 'des_opts' to see which options are best | |
12739 | +# for your platform. There are some listed in options.txt | |
12740 | +#OPTS2= -DDES_PTR | |
12741 | +#OPTS3= -DDES_RISC1 # or DES_RISC2 | |
12742 | +#OPTS4= -DDES_UNROLL | |
12743 | + | |
12744 | +OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4) | |
12745 | + | |
12746 | +MAKE=make -f Makefile | |
12747 | +#CC=cc | |
12748 | +#CFLAG= -O | |
12749 | + | |
12750 | +#CC=gcc | |
12751 | +#CFLAG= -O4 -funroll-loops -fomit-frame-pointer | |
12752 | +CFLAG=-fomit-frame-pointer | |
12753 | + | |
12754 | +CFLAGS=$(OPT_FLAGS) $(CFLAG) | |
12755 | +CPP=$(CC) -E | |
12756 | +AS=as | |
12757 | + | |
12758 | +# Assember version of des_encrypt*(). | |
12759 | +DES_ENC=des_enc.o fcrypt_b.o # normal C version | |
12760 | +#DES_ENC=asm/dx86-elf.o asm/yx86-elf.o # elf format x86 | |
12761 | +#DES_ENC=asm/dx86-out.o asm/yx86-out.o # a.out format x86 | |
12762 | +#DES_ENC=asm/dx86-sol.o asm/yx86-sol.o # solaris format x86 | |
12763 | +#DES_ENC=asm/dx86bsdi.o asm/yx86basi.o # bsdi format x86 | |
12764 | + | |
12765 | +LIBDIR=/usr/lib | |
12766 | +BINDIR=/usr/bin | |
12767 | +INCDIR=/usr/include | |
12768 | +MANDIR=/usr/share/man | |
12769 | +MAN1=1 | |
12770 | +MAN3=3 | |
12771 | +SHELL=/bin/sh | |
12772 | +OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o | |
12773 | +OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \ | |
12774 | + xcbc_enc.o qud_cksm.o \ | |
12775 | + cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \ | |
12776 | + enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o \ | |
12777 | + rand_key.o read_pwd.o read2pwd.o rpc_enc.o str2key.o supp.o | |
12778 | + | |
12779 | +GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \ | |
12780 | + des.doc options.txt asm | |
12781 | +GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \ | |
12782 | + des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \ | |
12783 | + Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \ | |
12784 | + des.org des_locl.org | |
12785 | +TESTING_LIT= destest speed des_opts | |
12786 | +TESTING_FULL= rpw $(TESTING_LIT) | |
12787 | +TESTING_SRC_LIT=destest.c speed.c des_opts.c | |
12788 | +TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT) | |
12789 | +HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h | |
12790 | +HEADERS_FULL= $(HEADERS_LIT) rpc_des.h | |
12791 | +LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c | |
12792 | +LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \ | |
12793 | + cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \ | |
12794 | + enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c \ | |
12795 | + rand_key.c rpc_enc.c str2key.c supp.c \ | |
12796 | + xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c | |
12797 | + | |
12798 | +PERL= des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl | |
12799 | + | |
12800 | +OBJ= $(OBJ_LIT) | |
12801 | +GENERAL=$(GENERAL_LIT) | |
12802 | +TESTING=$(TESTING_LIT) | |
12803 | +TESTING_SRC=$(TESTING_SRC_LIT) | |
12804 | +HEADERS=$(HEADERS_LIT) | |
12805 | +LIBDES= $(LIBDES_LIT) | |
12806 | + | |
12807 | +ALL= $(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS) | |
12808 | + | |
12809 | +DLIB= libdes.a | |
12810 | + | |
12811 | +all: $(DLIB) $(TESTING) | |
12812 | + | |
12813 | +cc: | |
12814 | + $(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all | |
12815 | + | |
12816 | +gcc: | |
12817 | + $(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all | |
12818 | + | |
12819 | +x86-elf: | |
12820 | + $(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC='$(CC)' CFLAGS="-DELF $(OPTS) $(CFLAG)" all | |
12821 | + | |
12822 | +x86-out: | |
12823 | + $(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC='$(CC)' CFLAGS="-DOUT $(OPTS) $(CFLAG)" all | |
12824 | + | |
12825 | +x86-solaris: | |
12826 | + $(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC='$(CC)' CFLAGS="-DSOL $(OPTS) $(CFLAG)" all | |
12827 | + | |
12828 | +x86-bsdi: | |
12829 | + $(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC='$(CC)' CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all | |
12830 | + | |
12831 | +# elf | |
12832 | +asm/dx86-elf.o: asm/dx86unix.cpp | |
12833 | + $(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o | |
12834 | + | |
12835 | +asm/yx86-elf.o: asm/yx86unix.cpp | |
12836 | + $(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o | |
12837 | + | |
12838 | +# solaris | |
12839 | +asm/dx86-sol.o: asm/dx86unix.cpp | |
12840 | + $(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s | |
12841 | + as -o asm/dx86-sol.o asm/dx86-sol.s | |
12842 | + rm -f asm/dx86-sol.s | |
12843 | + | |
12844 | +asm/yx86-sol.o: asm/yx86unix.cpp | |
12845 | + $(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s | |
12846 | + as -o asm/yx86-sol.o asm/yx86-sol.s | |
12847 | + rm -f asm/yx86-sol.s | |
12848 | + | |
12849 | +# a.out | |
12850 | +asm/dx86-out.o: asm/dx86unix.cpp | |
12851 | + $(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o | |
12852 | + | |
12853 | +asm/yx86-out.o: asm/yx86unix.cpp | |
12854 | + $(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o | |
12855 | + | |
12856 | +# bsdi | |
12857 | +asm/dx86bsdi.o: asm/dx86unix.cpp | |
12858 | + $(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o | |
12859 | + | |
12860 | +asm/yx86bsdi.o: asm/yx86unix.cpp | |
12861 | + $(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o | |
12862 | + | |
12863 | +asm/dx86unix.cpp: | |
12864 | + (cd asm; perl des-586.pl cpp >dx86unix.cpp) | |
12865 | + | |
12866 | +asm/yx86unix.cpp: | |
12867 | + (cd asm; perl crypt586.pl cpp >yx86unix.cpp) | |
12868 | + | |
12869 | +test: all | |
12870 | + ./destest | |
12871 | + | |
12872 | +$(DLIB): $(OBJ) | |
12873 | + /bin/rm -f $(DLIB) | |
12874 | + ar cr $(DLIB) $(OBJ) | |
12875 | + -if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \ | |
12876 | + else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \ | |
12877 | + else exit 0; fi; fi | |
12878 | + | |
12879 | +des_opts: des_opts.o $(DLIB) | |
12880 | + $(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB) | |
12881 | + | |
12882 | +destest: destest.o $(DLIB) | |
12883 | + $(CC) $(CFLAGS) -o destest destest.o $(DLIB) | |
12884 | + | |
12885 | +rpw: rpw.o $(DLIB) | |
12886 | + $(CC) $(CFLAGS) -o rpw rpw.o $(DLIB) | |
12887 | + | |
12888 | +speed: speed.o $(DLIB) | |
12889 | + $(CC) $(CFLAGS) -o speed speed.o $(DLIB) | |
12890 | + | |
12891 | +des: des.o $(DLIB) | |
12892 | + $(CC) $(CFLAGS) -o des des.o $(DLIB) | |
12893 | + | |
12894 | +tags: | |
12895 | + ctags $(TESTING_SRC) $(LIBDES) | |
12896 | + | |
12897 | +tar_lit: | |
12898 | + /bin/mv Makefile Makefile.tmp | |
12899 | + /bin/cp Makefile.lit Makefile | |
12900 | + tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \ | |
12901 | + $(GENERAL_LIT) $(TESTING_SRC_LIT) | |
12902 | + /bin/rm -f Makefile | |
12903 | + /bin/mv Makefile.tmp Makefile | |
12904 | + | |
12905 | +tar: | |
12906 | + tar chf libdes.tar $(ALL) | |
12907 | + | |
12908 | +shar: | |
12909 | + shar $(ALL) >libdes.shar | |
12910 | + | |
12911 | +depend: | |
12912 | + makedepend $(LIBDES) $(TESTING_SRC) | |
12913 | + | |
12914 | +clean: | |
12915 | + /bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o | |
12916 | + | |
12917 | +dclean: | |
12918 | + sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new | |
12919 | + mv -f Makefile.new Makefile | |
12920 | + | |
12921 | +# Eric is probably going to choke when he next looks at this --tjh | |
12922 | +install: | |
12923 | + if test $(INSTALLTOP); then \ | |
12924 | + echo SSL style install; \ | |
12925 | + cp $(DLIB) $(INSTALLTOP)/lib; \ | |
12926 | + if test -s /bin/ranlib; then \ | |
12927 | + /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \ | |
12928 | + else \ | |
12929 | + if test -s /usr/bin/ranlib; then \ | |
12930 | + /usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \ | |
12931 | + fi; fi; \ | |
12932 | + chmod 644 $(INSTALLTOP)/lib/$(DLIB); \ | |
12933 | + cp des.h $(INSTALLTOP)/include; \ | |
12934 | + chmod 644 $(INSTALLTOP)/include/des.h; \ | |
12935 | + else \ | |
12936 | + echo Standalone install; \ | |
12937 | + cp $(DLIB) $(DESTDIR)$(LIBDIR)/$(DLIB); \ | |
12938 | + if test -s /bin/ranlib; then \ | |
12939 | + /bin/ranlib $(DESTDIR)$(LIBDIR)/$(DLIB); \ | |
12940 | + else \ | |
12941 | + if test -s /usr/bin/ranlib; then \ | |
12942 | + /usr/bin/ranlib $(LIBDIR)/$(DLIB); \ | |
12943 | + fi; \ | |
12944 | + fi; \ | |
12945 | + cp des_crypt.man $(DESTDIR)$(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \ | |
12946 | + cp des.man $(DESTDIR)$(MANDIR)/man$(MAN1)/des.$(MAN1); \ | |
12947 | + cp des.h $(DESTDIR)$(INCDIR)/des.h; \ | |
12948 | + fi | |
12949 | +# DO NOT DELETE THIS LINE -- make depend depends on it. | |
12950 | diff -druN linux-noipsec/net/ipsec/libdes/asm/crypt586.pl linux/net/ipsec/libdes/asm/crypt586.pl | |
12951 | --- linux-noipsec/net/ipsec/libdes/asm/crypt586.pl Thu Jan 1 01:00:00 1970 | |
12952 | +++ linux/net/ipsec/libdes/asm/crypt586.pl Thu Feb 18 17:41:30 1999 | |
12953 | @@ -0,0 +1,204 @@ | |
12954 | +#!/usr/local/bin/perl | |
12955 | +# | |
12956 | +# The inner loop instruction sequence and the IP/FP modifications are from | |
12957 | +# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> | |
12958 | +# I've added the stuff needed for crypt() but I've not worried about making | |
12959 | +# things perfect. | |
12960 | +# | |
12961 | + | |
12962 | +push(@INC,"perlasm","../../perlasm"); | |
12963 | +require "x86asm.pl"; | |
12964 | + | |
12965 | +&asm_init($ARGV[0],"crypt586.pl"); | |
12966 | + | |
12967 | +$L="edi"; | |
12968 | +$R="esi"; | |
12969 | + | |
12970 | +&external_label("des_SPtrans"); | |
12971 | +&fcrypt_body("fcrypt_body"); | |
12972 | +&asm_finish(); | |
12973 | + | |
12974 | +sub fcrypt_body | |
12975 | + { | |
12976 | + local($name,$do_ip)=@_; | |
12977 | + | |
12978 | + &function_begin($name,"EXTRN _des_SPtrans:DWORD"); | |
12979 | + | |
12980 | + &comment(""); | |
12981 | + &comment("Load the 2 words"); | |
12982 | + $ks="ebp"; | |
12983 | + | |
12984 | + &xor( $L, $L); | |
12985 | + &xor( $R, $R); | |
12986 | + &mov($ks,&wparam(1)); | |
12987 | + | |
12988 | + &push(25); # add a variable | |
12989 | + | |
12990 | + &set_label("start"); | |
12991 | + for ($i=0; $i<16; $i+=2) | |
12992 | + { | |
12993 | + &comment(""); | |
12994 | + &comment("Round $i"); | |
12995 | + &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
12996 | + | |
12997 | + &comment(""); | |
12998 | + &comment("Round ".sprintf("%d",$i+1)); | |
12999 | + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
13000 | + } | |
13001 | + &mov("ebx", &swtmp(0)); | |
13002 | + &mov("eax", $L); | |
13003 | + &dec("ebx"); | |
13004 | + &mov($L, $R); | |
13005 | + &mov($R, "eax"); | |
13006 | + &mov(&swtmp(0), "ebx"); | |
13007 | + &jnz(&label("start")); | |
13008 | + | |
13009 | + &comment(""); | |
13010 | + &comment("FP"); | |
13011 | + &mov("edx",&wparam(0)); | |
13012 | + | |
13013 | + &FP_new($R,$L,"eax",3); | |
13014 | + &mov(&DWP(0,"edx","",0),"eax"); | |
13015 | + &mov(&DWP(4,"edx","",0),$L); | |
13016 | + | |
13017 | + &pop("ecx"); # remove variable | |
13018 | + | |
13019 | + &function_end($name); | |
13020 | + } | |
13021 | + | |
13022 | +sub D_ENCRYPT | |
13023 | + { | |
13024 | + local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_; | |
13025 | + | |
13026 | + &mov( $u, &wparam(2)); # 2 | |
13027 | + &mov( $t, $R); | |
13028 | + &shr( $t, 16); # 1 | |
13029 | + &mov( $tmp2, &wparam(3)); # 2 | |
13030 | + &xor( $t, $R); # 1 | |
13031 | + | |
13032 | + &and( $u, $t); # 2 | |
13033 | + &and( $t, $tmp2); # 2 | |
13034 | + | |
13035 | + &mov( $tmp1, $u); | |
13036 | + &shl( $tmp1, 16); # 1 | |
13037 | + &mov( $tmp2, $t); | |
13038 | + &shl( $tmp2, 16); # 1 | |
13039 | + &xor( $u, $tmp1); # 2 | |
13040 | + &xor( $t, $tmp2); # 2 | |
13041 | + &mov( $tmp1, &DWP(&n2a($S*4),$ks,"",0)); # 2 | |
13042 | + &xor( $u, $tmp1); | |
13043 | + &mov( $tmp2, &DWP(&n2a(($S+1)*4),$ks,"",0)); # 2 | |
13044 | + &xor( $u, $R); | |
13045 | + &xor( $t, $R); | |
13046 | + &xor( $t, $tmp2); | |
13047 | + | |
13048 | + &and( $u, "0xfcfcfcfc" ); # 2 | |
13049 | + &xor( $tmp1, $tmp1); # 1 | |
13050 | + &and( $t, "0xcfcfcfcf" ); # 2 | |
13051 | + &xor( $tmp2, $tmp2); | |
13052 | + &movb( &LB($tmp1), &LB($u) ); | |
13053 | + &movb( &LB($tmp2), &HB($u) ); | |
13054 | + &rotr( $t, 4 ); | |
13055 | + &mov( $ks, &DWP(" $desSP",$tmp1,"",0)); | |
13056 | + &movb( &LB($tmp1), &LB($t) ); | |
13057 | + &xor( $L, $ks); | |
13058 | + &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0)); | |
13059 | + &xor( $L, $ks); | |
13060 | + &movb( &LB($tmp2), &HB($t) ); | |
13061 | + &shr( $u, 16); | |
13062 | + &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0)); | |
13063 | + &xor( $L, $ks); | |
13064 | + &movb( &LB($tmp1), &HB($u) ); | |
13065 | + &shr( $t, 16); | |
13066 | + &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0)); | |
13067 | + &xor( $L, $ks); | |
13068 | + &mov( $ks, &wparam(1)); | |
13069 | + &movb( &LB($tmp2), &HB($t) ); | |
13070 | + &and( $u, "0xff" ); | |
13071 | + &and( $t, "0xff" ); | |
13072 | + &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0)); | |
13073 | + &xor( $L, $tmp1); | |
13074 | + &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0)); | |
13075 | + &xor( $L, $tmp1); | |
13076 | + &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0)); | |
13077 | + &xor( $L, $tmp1); | |
13078 | + &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0)); | |
13079 | + &xor( $L, $tmp1); | |
13080 | + } | |
13081 | + | |
13082 | +sub n2a | |
13083 | + { | |
13084 | + sprintf("%d",$_[0]); | |
13085 | + } | |
13086 | + | |
13087 | +# now has a side affect of rotating $a by $shift | |
13088 | +sub R_PERM_OP | |
13089 | + { | |
13090 | + local($a,$b,$tt,$shift,$mask,$last)=@_; | |
13091 | + | |
13092 | + &rotl( $a, $shift ) if ($shift != 0); | |
13093 | + &mov( $tt, $a ); | |
13094 | + &xor( $a, $b ); | |
13095 | + &and( $a, $mask ); | |
13096 | + if ($notlast eq $b) | |
13097 | + { | |
13098 | + &xor( $b, $a ); | |
13099 | + &xor( $tt, $a ); | |
13100 | + } | |
13101 | + else | |
13102 | + { | |
13103 | + &xor( $tt, $a ); | |
13104 | + &xor( $b, $a ); | |
13105 | + } | |
13106 | + &comment(""); | |
13107 | + } | |
13108 | + | |
13109 | +sub IP_new | |
13110 | + { | |
13111 | + local($l,$r,$tt,$lr)=@_; | |
13112 | + | |
13113 | + &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l); | |
13114 | + &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l); | |
13115 | + &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); | |
13116 | + &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); | |
13117 | + &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); | |
13118 | + | |
13119 | + if ($lr != 3) | |
13120 | + { | |
13121 | + if (($lr-3) < 0) | |
13122 | + { &rotr($tt, 3-$lr); } | |
13123 | + else { &rotl($tt, $lr-3); } | |
13124 | + } | |
13125 | + if ($lr != 2) | |
13126 | + { | |
13127 | + if (($lr-2) < 0) | |
13128 | + { &rotr($r, 2-$lr); } | |
13129 | + else { &rotl($r, $lr-2); } | |
13130 | + } | |
13131 | + } | |
13132 | + | |
13133 | +sub FP_new | |
13134 | + { | |
13135 | + local($l,$r,$tt,$lr)=@_; | |
13136 | + | |
13137 | + if ($lr != 2) | |
13138 | + { | |
13139 | + if (($lr-2) < 0) | |
13140 | + { &rotl($r, 2-$lr); } | |
13141 | + else { &rotr($r, $lr-2); } | |
13142 | + } | |
13143 | + if ($lr != 3) | |
13144 | + { | |
13145 | + if (($lr-3) < 0) | |
13146 | + { &rotl($l, 3-$lr); } | |
13147 | + else { &rotr($l, $lr-3); } | |
13148 | + } | |
13149 | + | |
13150 | + &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r); | |
13151 | + &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r); | |
13152 | + &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l); | |
13153 | + &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l); | |
13154 | + &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r); | |
13155 | + &rotr($tt , 4); | |
13156 | + } | |
13157 | + | |
13158 | diff -druN linux-noipsec/net/ipsec/libdes/asm/des-586.pl linux/net/ipsec/libdes/asm/des-586.pl | |
13159 | --- linux-noipsec/net/ipsec/libdes/asm/des-586.pl Thu Jan 1 01:00:00 1970 | |
13160 | +++ linux/net/ipsec/libdes/asm/des-586.pl Thu Feb 18 17:41:31 1999 | |
13161 | @@ -0,0 +1,251 @@ | |
13162 | +#!/usr/local/bin/perl | |
13163 | +# | |
13164 | +# The inner loop instruction sequence and the IP/FP modifications are from | |
13165 | +# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> | |
13166 | +# | |
13167 | + | |
13168 | +push(@INC,"perlasm","../../perlasm"); | |
13169 | +require "x86asm.pl"; | |
13170 | +require "cbc.pl"; | |
13171 | +require "desboth.pl"; | |
13172 | + | |
13173 | +# base code is in microsft | |
13174 | +# op dest, source | |
13175 | +# format. | |
13176 | +# | |
13177 | + | |
13178 | +&asm_init($ARGV[0],"des-586.pl"); | |
13179 | + | |
13180 | +$L="edi"; | |
13181 | +$R="esi"; | |
13182 | + | |
13183 | +&external_label("des_SPtrans"); | |
13184 | +&des_encrypt("des_encrypt",1); | |
13185 | +&des_encrypt("des_encrypt2",0); | |
13186 | +&des_encrypt3("des_encrypt3",1); | |
13187 | +&des_encrypt3("des_decrypt3",0); | |
13188 | +&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); | |
13189 | +&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); | |
13190 | + | |
13191 | +&asm_finish(); | |
13192 | + | |
13193 | +sub des_encrypt | |
13194 | + { | |
13195 | + local($name,$do_ip)=@_; | |
13196 | + | |
13197 | + &function_begin_B($name,"EXTRN _des_SPtrans:DWORD"); | |
13198 | + | |
13199 | + &push("esi"); | |
13200 | + &push("edi"); | |
13201 | + | |
13202 | + &comment(""); | |
13203 | + &comment("Load the 2 words"); | |
13204 | + $ks="ebp"; | |
13205 | + | |
13206 | + if ($do_ip) | |
13207 | + { | |
13208 | + &mov($R,&wparam(0)); | |
13209 | + &xor( "ecx", "ecx" ); | |
13210 | + | |
13211 | + &push("ebx"); | |
13212 | + &push("ebp"); | |
13213 | + | |
13214 | + &mov("eax",&DWP(0,$R,"",0)); | |
13215 | + &mov("ebx",&wparam(2)); # get encrypt flag | |
13216 | + &mov($L,&DWP(4,$R,"",0)); | |
13217 | + &comment(""); | |
13218 | + &comment("IP"); | |
13219 | + &IP_new("eax",$L,$R,3); | |
13220 | + } | |
13221 | + else | |
13222 | + { | |
13223 | + &mov("eax",&wparam(0)); | |
13224 | + &xor( "ecx", "ecx" ); | |
13225 | + | |
13226 | + &push("ebx"); | |
13227 | + &push("ebp"); | |
13228 | + | |
13229 | + &mov($R,&DWP(0,"eax","",0)); | |
13230 | + &mov("ebx",&wparam(2)); # get encrypt flag | |
13231 | + &rotl($R,3); | |
13232 | + &mov($L,&DWP(4,"eax","",0)); | |
13233 | + &rotl($L,3); | |
13234 | + } | |
13235 | + | |
13236 | + &mov( $ks, &wparam(1) ); | |
13237 | + &cmp("ebx","0"); | |
13238 | + &je(&label("start_decrypt")); | |
13239 | + | |
13240 | + for ($i=0; $i<16; $i+=2) | |
13241 | + { | |
13242 | + &comment(""); | |
13243 | + &comment("Round $i"); | |
13244 | + &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
13245 | + | |
13246 | + &comment(""); | |
13247 | + &comment("Round ".sprintf("%d",$i+1)); | |
13248 | + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
13249 | + } | |
13250 | + &jmp(&label("end")); | |
13251 | + | |
13252 | + &set_label("start_decrypt"); | |
13253 | + | |
13254 | + for ($i=15; $i>0; $i-=2) | |
13255 | + { | |
13256 | + &comment(""); | |
13257 | + &comment("Round $i"); | |
13258 | + &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
13259 | + &comment(""); | |
13260 | + &comment("Round ".sprintf("%d",$i-1)); | |
13261 | + &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | |
13262 | + } | |
13263 | + | |
13264 | + &set_label("end"); | |
13265 | + | |
13266 | + if ($do_ip) | |
13267 | + { | |
13268 | + &comment(""); | |
13269 | + &comment("FP"); | |
13270 | + &mov("edx",&wparam(0)); | |
13271 | + &FP_new($L,$R,"eax",3); | |
13272 | + | |
13273 | + &mov(&DWP(0,"edx","",0),"eax"); | |
13274 | + &mov(&DWP(4,"edx","",0),$R); | |
13275 | + } | |
13276 | + else | |
13277 | + { | |
13278 | + &comment(""); | |
13279 | + &comment("Fixup"); | |
13280 | + &rotr($L,3); # r | |
13281 | + &mov("eax",&wparam(0)); | |
13282 | + &rotr($R,3); # l | |
13283 | + &mov(&DWP(0,"eax","",0),$L); | |
13284 | + &mov(&DWP(4,"eax","",0),$R); | |
13285 | + } | |
13286 | + | |
13287 | + &pop("ebp"); | |
13288 | + &pop("ebx"); | |
13289 | + &pop("edi"); | |
13290 | + &pop("esi"); | |
13291 | + &ret(); | |
13292 | + | |
13293 | + &function_end_B($name); | |
13294 | + } | |
13295 | + | |
13296 | +sub D_ENCRYPT | |
13297 | + { | |
13298 | + local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_; | |
13299 | + | |
13300 | + &mov( $u, &DWP(&n2a($S*4),$ks,"",0)); | |
13301 | + &xor( $tmp1, $tmp1); | |
13302 | + &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0)); | |
13303 | + &xor( $u, $R); | |
13304 | + &xor( $t, $R); | |
13305 | + &and( $u, "0xfcfcfcfc" ); | |
13306 | + &and( $t, "0xcfcfcfcf" ); | |
13307 | + &movb( &LB($tmp1), &LB($u) ); | |
13308 | + &movb( &LB($tmp2), &HB($u) ); | |
13309 | + &rotr( $t, 4 ); | |
13310 | + &mov( $ks, &DWP(" $desSP",$tmp1,"",0)); | |
13311 | + &movb( &LB($tmp1), &LB($t) ); | |
13312 | + &xor( $L, $ks); | |
13313 | + &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0)); | |
13314 | + &xor( $L, $ks); ###### | |
13315 | + &movb( &LB($tmp2), &HB($t) ); | |
13316 | + &shr( $u, 16); | |
13317 | + &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0)); | |
13318 | + &xor( $L, $ks); ###### | |
13319 | + &movb( &LB($tmp1), &HB($u) ); | |
13320 | + &shr( $t, 16); | |
13321 | + &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0)); | |
13322 | + &xor( $L, $ks); | |
13323 | + &mov( $ks, &wparam(1) ); | |
13324 | + &movb( &LB($tmp2), &HB($t) ); | |
13325 | + &and( $u, "0xff" ); | |
13326 | + &and( $t, "0xff" ); | |
13327 | + &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0)); | |
13328 | + &xor( $L, $tmp1); | |
13329 | + &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0)); | |
13330 | + &xor( $L, $tmp1); | |
13331 | + &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0)); | |
13332 | + &xor( $L, $tmp1); | |
13333 | + &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0)); | |
13334 | + &xor( $L, $tmp1); | |
13335 | + } | |
13336 | + | |
13337 | +sub n2a | |
13338 | + { | |
13339 | + sprintf("%d",$_[0]); | |
13340 | + } | |
13341 | + | |
13342 | +# now has a side affect of rotating $a by $shift | |
13343 | +sub R_PERM_OP | |
13344 | + { | |
13345 | + local($a,$b,$tt,$shift,$mask,$last)=@_; | |
13346 | + | |
13347 | + &rotl( $a, $shift ) if ($shift != 0); | |
13348 | + &mov( $tt, $a ); | |
13349 | + &xor( $a, $b ); | |
13350 | + &and( $a, $mask ); | |
13351 | + if (!$last eq $b) | |
13352 | + { | |
13353 | + &xor( $b, $a ); | |
13354 | + &xor( $tt, $a ); | |
13355 | + } | |
13356 | + else | |
13357 | + { | |
13358 | + &xor( $tt, $a ); | |
13359 | + &xor( $b, $a ); | |
13360 | + } | |
13361 | + &comment(""); | |
13362 | + } | |
13363 | + | |
13364 | +sub IP_new | |
13365 | + { | |
13366 | + local($l,$r,$tt,$lr)=@_; | |
13367 | + | |
13368 | + &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l); | |
13369 | + &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l); | |
13370 | + &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); | |
13371 | + &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); | |
13372 | + &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); | |
13373 | + | |
13374 | + if ($lr != 3) | |
13375 | + { | |
13376 | + if (($lr-3) < 0) | |
13377 | + { &rotr($tt, 3-$lr); } | |
13378 | + else { &rotl($tt, $lr-3); } | |
13379 | + } | |
13380 | + if ($lr != 2) | |
13381 | + { | |
13382 | + if (($lr-2) < 0) | |
13383 | + { &rotr($r, 2-$lr); } | |
13384 | + else { &rotl($r, $lr-2); } | |
13385 | + } | |
13386 | + } | |
13387 | + | |
13388 | +sub FP_new | |
13389 | + { | |
13390 | + local($l,$r,$tt,$lr)=@_; | |
13391 | + | |
13392 | + if ($lr != 2) | |
13393 | + { | |
13394 | + if (($lr-2) < 0) | |
13395 | + { &rotl($r, 2-$lr); } | |
13396 | + else { &rotr($r, $lr-2); } | |
13397 | + } | |
13398 | + if ($lr != 3) | |
13399 | + { | |
13400 | + if (($lr-3) < 0) | |
13401 | + { &rotl($l, 3-$lr); } | |
13402 | + else { &rotr($l, $lr-3); } | |
13403 | + } | |
13404 | + | |
13405 | + &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r); | |
13406 | + &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r); | |
13407 | + &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l); | |
13408 | + &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l); | |
13409 | + &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r); | |
13410 | + &rotr($tt , 4); | |
13411 | + } | |
13412 | + | |
13413 | diff -druN linux-noipsec/net/ipsec/libdes/asm/des686.pl linux/net/ipsec/libdes/asm/des686.pl | |
13414 | --- linux-noipsec/net/ipsec/libdes/asm/des686.pl Thu Jan 1 01:00:00 1970 | |
13415 | +++ linux/net/ipsec/libdes/asm/des686.pl Thu Feb 18 17:41:32 1999 | |
13416 | @@ -0,0 +1,230 @@ | |
13417 | +#!/usr/local/bin/perl | |
13418 | + | |
13419 | +$prog="des686.pl"; | |
13420 | + | |
13421 | +# base code is in microsft | |
13422 | +# op dest, source | |
13423 | +# format. | |
13424 | +# | |
13425 | + | |
13426 | +# WILL NOT WORK ANYMORE WITH desboth.pl | |
13427 | +require "desboth.pl"; | |
13428 | + | |
13429 | +if ( ($ARGV[0] eq "elf")) | |
13430 | + { require "x86unix.pl"; } | |
13431 | +elsif ( ($ARGV[0] eq "a.out")) | |
13432 | + { $aout=1; require "x86unix.pl"; } | |
13433 | +elsif ( ($ARGV[0] eq "sol")) | |
13434 | + { $sol=1; require "x86unix.pl"; } | |
13435 | +elsif ( ($ARGV[0] eq "cpp")) | |
13436 | + { $cpp=1; require "x86unix.pl"; } | |
13437 | +elsif ( ($ARGV[0] eq "win32")) | |
13438 | + { require "x86ms.pl"; } | |
13439 | +else | |
13440 | + { | |
13441 | + print STDERR <<"EOF"; | |
13442 | +Pick one target type from | |
13443 | + elf - linux, FreeBSD etc | |
13444 | + a.out - old linux | |
13445 | + sol - x86 solaris | |
13446 | + cpp - format so x86unix.cpp can be used | |
13447 | + win32 - Windows 95/Windows NT | |
13448 | +EOF | |
13449 | + exit(1); | |
13450 | + } | |
13451 | + | |
13452 | +&comment("Don't even think of reading this code"); | |
13453 | +&comment("It was automatically generated by $prog"); | |
13454 | +&comment("Which is a perl program used to generate the x86 assember for"); | |
13455 | +&comment("any of elf, a.out, Win32, or Solaris"); | |
13456 | +&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+"); | |
13457 | +&comment("eric <eay\@cryptsoft.com>"); | |
13458 | +&comment(""); | |
13459 | + | |
13460 | +&file("dx86xxxx"); | |
13461 | + | |
13462 | +$L="edi"; | |
13463 | +$R="esi"; | |
13464 | + | |
13465 | +&des_encrypt("des_encrypt",1); | |
13466 | +&des_encrypt("des_encrypt2",0); | |
13467 | + | |
13468 | +&des_encrypt3("des_encrypt3",1); | |
13469 | +&des_encrypt3("des_decrypt3",0); | |
13470 | + | |
13471 | +&file_end(); | |
13472 | + | |
13473 | +sub des_encrypt | |
13474 | + { | |
13475 | + local($name,$do_ip)=@_; | |
13476 | + | |
13477 | + &function_begin($name,"EXTRN _des_SPtrans:DWORD"); | |
13478 | + | |
13479 | + &comment(""); | |
13480 | + &comment("Load the 2 words"); | |
13481 | + &mov("eax",&wparam(0)); | |
13482 | + &mov($L,&DWP(0,"eax","",0)); | |
13483 | + &mov($R,&DWP(4,"eax","",0)); | |
13484 | + | |
13485 | + $ksp=&wparam(1); | |
13486 | + | |
13487 | + if ($do_ip) | |
13488 | + { | |
13489 | + &comment(""); | |
13490 | + &comment("IP"); | |
13491 | + &IP_new($L,$R,"eax"); | |
13492 | + } | |
13493 | + | |
13494 | + &comment(""); | |
13495 | + &comment("fixup rotate"); | |
13496 | + &rotl($R,3); | |
13497 | + &rotl($L,3); | |
13498 | + &exch($L,$R); | |
13499 | + | |
13500 | + &comment(""); | |
13501 | + &comment("load counter, key_schedule and enc flag"); | |
13502 | + &mov("eax",&wparam(2)); # get encrypt flag | |
13503 | + &mov("ebp",&wparam(1)); # get ks | |
13504 | + &cmp("eax","0"); | |
13505 | + &je(&label("start_decrypt")); | |
13506 | + | |
13507 | + # encrypting part | |
13508 | + | |
13509 | + for ($i=0; $i<16; $i+=2) | |
13510 | + { | |
13511 | + &comment(""); | |
13512 | + &comment("Round $i"); | |
13513 | + &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); | |
13514 | + | |
13515 | + &comment(""); | |
13516 | + &comment("Round ".sprintf("%d",$i+1)); | |
13517 | + &D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); | |
13518 | + } | |
13519 | + &jmp(&label("end")); | |
13520 | + | |
13521 | + &set_label("start_decrypt"); | |
13522 | + | |
13523 | + for ($i=15; $i>0; $i-=2) | |
13524 | + { | |
13525 | + &comment(""); | |
13526 | + &comment("Round $i"); | |
13527 | + &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); | |
13528 | + &comment(""); | |
13529 | + &comment("Round ".sprintf("%d",$i-1)); | |
13530 | + &D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); | |
13531 | + } | |
13532 | + | |
13533 | + &set_label("end"); | |
13534 | + | |
13535 | + &comment(""); | |
13536 | + &comment("Fixup"); | |
13537 | + &rotr($L,3); # r | |
13538 | + &rotr($R,3); # l | |
13539 | + | |
13540 | + if ($do_ip) | |
13541 | + { | |
13542 | + &comment(""); | |
13543 | + &comment("FP"); | |
13544 | + &FP_new($R,$L,"eax"); | |
13545 | + } | |
13546 | + | |
13547 | + &mov("eax",&wparam(0)); | |
13548 | + &mov(&DWP(0,"eax","",0),$L); | |
13549 | + &mov(&DWP(4,"eax","",0),$R); | |
13550 | + | |
13551 | + &function_end($name); | |
13552 | + } | |
13553 | + | |
13554 | + | |
13555 | +# The logic is to load R into 2 registers and operate on both at the same time. | |
13556 | +# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte' | |
13557 | +# while also masking the other copy and doing a lookup. We then also accumulate the | |
13558 | +# L value in 2 registers then combine them at the end. | |
13559 | +sub D_ENCRYPT | |
13560 | + { | |
13561 | + local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_; | |
13562 | + | |
13563 | + &mov( $u, &DWP(&n2a($S*4),$ks,"",0)); | |
13564 | + &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0)); | |
13565 | + &xor( $u, $R ); | |
13566 | + &xor( $t, $R ); | |
13567 | + &rotr( $t, 4 ); | |
13568 | + | |
13569 | + # the numbers at the end of the line are origional instruction order | |
13570 | + &mov( $tmp2, $u ); # 1 2 | |
13571 | + &mov( $tmp1, $t ); # 1 1 | |
13572 | + &and( $tmp2, "0xfc" ); # 1 4 | |
13573 | + &and( $tmp1, "0xfc" ); # 1 3 | |
13574 | + &shr( $t, 8 ); # 1 5 | |
13575 | + &xor( $L, &DWP("0x100+$desSP",$tmp1,"",0)); # 1 7 | |
13576 | + &shr( $u, 8 ); # 1 6 | |
13577 | + &mov( $tmp1, &DWP(" $desSP",$tmp2,"",0)); # 1 8 | |
13578 | + | |
13579 | + &mov( $tmp2, $u ); # 2 2 | |
13580 | + &xor( $L, $tmp1 ); # 1 9 | |
13581 | + &and( $tmp2, "0xfc" ); # 2 4 | |
13582 | + &mov( $tmp1, $t ); # 2 1 | |
13583 | + &and( $tmp1, "0xfc" ); # 2 3 | |
13584 | + &shr( $t, 8 ); # 2 5 | |
13585 | + &xor( $L, &DWP("0x300+$desSP",$tmp1,"",0)); # 2 7 | |
13586 | + &shr( $u, 8 ); # 2 6 | |
13587 | + &mov( $tmp1, &DWP("0x200+$desSP",$tmp2,"",0)); # 2 8 | |
13588 | + &mov( $tmp2, $u ); # 3 2 | |
13589 | + | |
13590 | + &xor( $L, $tmp1 ); # 2 9 | |
13591 | + &and( $tmp2, "0xfc" ); # 3 4 | |
13592 | + | |
13593 | + &mov( $tmp1, $t ); # 3 1 | |
13594 | + &shr( $u, 8 ); # 3 6 | |
13595 | + &and( $tmp1, "0xfc" ); # 3 3 | |
13596 | + &shr( $t, 8 ); # 3 5 | |
13597 | + &xor( $L, &DWP("0x500+$desSP",$tmp1,"",0)); # 3 7 | |
13598 | + &mov( $tmp1, &DWP("0x400+$desSP",$tmp2,"",0)); # 3 8 | |
13599 | + | |
13600 | + &and( $t, "0xfc" ); # 4 1 | |
13601 | + &xor( $L, $tmp1 ); # 3 9 | |
13602 | + | |
13603 | + &and( $u, "0xfc" ); # 4 2 | |
13604 | + &xor( $L, &DWP("0x700+$desSP",$t,"",0)); # 4 3 | |
13605 | + &xor( $L, &DWP("0x600+$desSP",$u,"",0)); # 4 4 | |
13606 | + } | |
13607 | + | |
13608 | +sub PERM_OP | |
13609 | + { | |
13610 | + local($a,$b,$tt,$shift,$mask)=@_; | |
13611 | + | |
13612 | + &mov( $tt, $a ); | |
13613 | + &shr( $tt, $shift ); | |
13614 | + &xor( $tt, $b ); | |
13615 | + &and( $tt, $mask ); | |
13616 | + &xor( $b, $tt ); | |
13617 | + &shl( $tt, $shift ); | |
13618 | + &xor( $a, $tt ); | |
13619 | + } | |
13620 | + | |
13621 | +sub IP_new | |
13622 | + { | |
13623 | + local($l,$r,$tt)=@_; | |
13624 | + | |
13625 | + &PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f"); | |
13626 | + &PERM_OP($l,$r,$tt,16,"0x0000ffff"); | |
13627 | + &PERM_OP($r,$l,$tt, 2,"0x33333333"); | |
13628 | + &PERM_OP($l,$r,$tt, 8,"0x00ff00ff"); | |
13629 | + &PERM_OP($r,$l,$tt, 1,"0x55555555"); | |
13630 | + } | |
13631 | + | |
13632 | +sub FP_new | |
13633 | + { | |
13634 | + local($l,$r,$tt)=@_; | |
13635 | + | |
13636 | + &PERM_OP($l,$r,$tt, 1,"0x55555555"); | |
13637 | + &PERM_OP($r,$l,$tt, 8,"0x00ff00ff"); | |
13638 | + &PERM_OP($l,$r,$tt, 2,"0x33333333"); | |
13639 | + &PERM_OP($r,$l,$tt,16,"0x0000ffff"); | |
13640 | + &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f"); | |
13641 | + } | |
13642 | + | |
13643 | +sub n2a | |
13644 | + { | |
13645 | + sprintf("%d",$_[0]); | |
13646 | + } | |
13647 | diff -druN linux-noipsec/net/ipsec/libdes/asm/desboth.pl linux/net/ipsec/libdes/asm/desboth.pl | |
13648 | --- linux-noipsec/net/ipsec/libdes/asm/desboth.pl Thu Jan 1 01:00:00 1970 | |
13649 | +++ linux/net/ipsec/libdes/asm/desboth.pl Thu Feb 18 17:41:32 1999 | |
13650 | @@ -0,0 +1,79 @@ | |
13651 | +#!/usr/local/bin/perl | |
13652 | + | |
13653 | +$L="edi"; | |
13654 | +$R="esi"; | |
13655 | + | |
13656 | +sub des_encrypt3 | |
13657 | + { | |
13658 | + local($name,$enc)=@_; | |
13659 | + | |
13660 | + &function_begin_B($name,""); | |
13661 | + &push("ebx"); | |
13662 | + &mov("ebx",&wparam(0)); | |
13663 | + | |
13664 | + &push("ebp"); | |
13665 | + &push("esi"); | |
13666 | + | |
13667 | + &push("edi"); | |
13668 | + | |
13669 | + &comment(""); | |
13670 | + &comment("Load the data words"); | |
13671 | + &mov($L,&DWP(0,"ebx","",0)); | |
13672 | + &mov($R,&DWP(4,"ebx","",0)); | |
13673 | + &stack_push(3); | |
13674 | + | |
13675 | + &comment(""); | |
13676 | + &comment("IP"); | |
13677 | + &IP_new($L,$R,"edx",0); | |
13678 | + | |
13679 | + # put them back | |
13680 | + | |
13681 | + if ($enc) | |
13682 | + { | |
13683 | + &mov(&DWP(4,"ebx","",0),$R); | |
13684 | + &mov("eax",&wparam(1)); | |
13685 | + &mov(&DWP(0,"ebx","",0),"edx"); | |
13686 | + &mov("edi",&wparam(2)); | |
13687 | + &mov("esi",&wparam(3)); | |
13688 | + } | |
13689 | + else | |
13690 | + { | |
13691 | + &mov(&DWP(4,"ebx","",0),$R); | |
13692 | + &mov("esi",&wparam(1)); | |
13693 | + &mov(&DWP(0,"ebx","",0),"edx"); | |
13694 | + &mov("edi",&wparam(2)); | |
13695 | + &mov("eax",&wparam(3)); | |
13696 | + } | |
13697 | + &mov(&swtmp(2), (($enc)?"1":"0")); | |
13698 | + &mov(&swtmp(1), "eax"); | |
13699 | + &mov(&swtmp(0), "ebx"); | |
13700 | + &call("des_encrypt2"); | |
13701 | + &mov(&swtmp(2), (($enc)?"0":"1")); | |
13702 | + &mov(&swtmp(1), "edi"); | |
13703 | + &mov(&swtmp(0), "ebx"); | |
13704 | + &call("des_encrypt2"); | |
13705 | + &mov(&swtmp(2), (($enc)?"1":"0")); | |
13706 | + &mov(&swtmp(1), "esi"); | |
13707 | + &mov(&swtmp(0), "ebx"); | |
13708 | + &call("des_encrypt2"); | |
13709 | + | |
13710 | + &stack_pop(3); | |
13711 | + &mov($L,&DWP(0,"ebx","",0)); | |
13712 | + &mov($R,&DWP(4,"ebx","",0)); | |
13713 | + | |
13714 | + &comment(""); | |
13715 | + &comment("FP"); | |
13716 | + &FP_new($L,$R,"eax",0); | |
13717 | + | |
13718 | + &mov(&DWP(0,"ebx","",0),"eax"); | |
13719 | + &mov(&DWP(4,"ebx","",0),$R); | |
13720 | + | |
13721 | + &pop("edi"); | |
13722 | + &pop("esi"); | |
13723 | + &pop("ebp"); | |
13724 | + &pop("ebx"); | |
13725 | + &ret(); | |
13726 | + &function_end_B($name); | |
13727 | + } | |
13728 | + | |
13729 | + | |
13730 | diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/cbc.pl linux/net/ipsec/libdes/asm/perlasm/cbc.pl | |
13731 | --- linux-noipsec/net/ipsec/libdes/asm/perlasm/cbc.pl Thu Jan 1 01:00:00 1970 | |
13732 | +++ linux/net/ipsec/libdes/asm/perlasm/cbc.pl Thu Feb 18 17:41:34 1999 | |
13733 | @@ -0,0 +1,342 @@ | |
13734 | +#!/usr/local/bin/perl | |
13735 | + | |
13736 | +# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) | |
13737 | +# des_cblock (*input); | |
13738 | +# des_cblock (*output); | |
13739 | +# long length; | |
13740 | +# des_key_schedule schedule; | |
13741 | +# des_cblock (*ivec); | |
13742 | +# int enc; | |
13743 | +# | |
13744 | +# calls | |
13745 | +# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | |
13746 | +# | |
13747 | + | |
13748 | +#&cbc("des_ncbc_encrypt","des_encrypt",0); | |
13749 | +#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt", | |
13750 | +# 1,4,5,3,5,-1); | |
13751 | +#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt", | |
13752 | +# 0,4,5,3,5,-1); | |
13753 | +#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3", | |
13754 | +# 0,6,7,3,4,5); | |
13755 | +# | |
13756 | +# When doing a cipher that needs bigendian order, | |
13757 | +# for encrypt, the iv is kept in bigendian form, | |
13758 | +# while for decrypt, it is kept in little endian. | |
13759 | +sub cbc | |
13760 | + { | |
13761 | + local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_; | |
13762 | + # name is the function name | |
13763 | + # enc_func and dec_func and the functions to call for encrypt/decrypt | |
13764 | + # swap is true if byte order needs to be reversed | |
13765 | + # iv_off is parameter number for the iv | |
13766 | + # enc_off is parameter number for the encrypt/decrypt flag | |
13767 | + # p1,p2,p3 are the offsets for parameters to be passed to the | |
13768 | + # underlying calls. | |
13769 | + | |
13770 | + &function_begin_B($name,""); | |
13771 | + &comment(""); | |
13772 | + | |
13773 | + $in="esi"; | |
13774 | + $out="edi"; | |
13775 | + $count="ebp"; | |
13776 | + | |
13777 | + &push("ebp"); | |
13778 | + &push("ebx"); | |
13779 | + &push("esi"); | |
13780 | + &push("edi"); | |
13781 | + | |
13782 | + $data_off=4; | |
13783 | + $data_off+=4 if ($p1 > 0); | |
13784 | + $data_off+=4 if ($p2 > 0); | |
13785 | + $data_off+=4 if ($p3 > 0); | |
13786 | + | |
13787 | + &mov($count, &wparam(2)); # length | |
13788 | + | |
13789 | + &comment("getting iv ptr from parameter $iv_off"); | |
13790 | + &mov("ebx", &wparam($iv_off)); # Get iv ptr | |
13791 | + | |
13792 | + &mov($in, &DWP(0,"ebx","",0));# iv[0] | |
13793 | + &mov($out, &DWP(4,"ebx","",0));# iv[1] | |
13794 | + | |
13795 | + &push($out); | |
13796 | + &push($in); | |
13797 | + &push($out); # used in decrypt for iv[1] | |
13798 | + &push($in); # used in decrypt for iv[0] | |
13799 | + | |
13800 | + &mov("ebx", "esp"); # This is the address of tin[2] | |
13801 | + | |
13802 | + &mov($in, &wparam(0)); # in | |
13803 | + &mov($out, &wparam(1)); # out | |
13804 | + | |
13805 | + # We have loaded them all, how lets push things | |
13806 | + &comment("getting encrypt flag from parameter $enc_off"); | |
13807 | + &mov("ecx", &wparam($enc_off)); # Get enc flag | |
13808 | + if ($p3 > 0) | |
13809 | + { | |
13810 | + &comment("get and push parameter $p3"); | |
13811 | + if ($enc_off != $p3) | |
13812 | + { &mov("eax", &wparam($p3)); &push("eax"); } | |
13813 | + else { &push("ecx"); } | |
13814 | + } | |
13815 | + if ($p2 > 0) | |
13816 | + { | |
13817 | + &comment("get and push parameter $p2"); | |
13818 | + if ($enc_off != $p2) | |
13819 | + { &mov("eax", &wparam($p2)); &push("eax"); } | |
13820 | + else { &push("ecx"); } | |
13821 | + } | |
13822 | + if ($p1 > 0) | |
13823 | + { | |
13824 | + &comment("get and push parameter $p1"); | |
13825 | + if ($enc_off != $p1) | |
13826 | + { &mov("eax", &wparam($p1)); &push("eax"); } | |
13827 | + else { &push("ecx"); } | |
13828 | + } | |
13829 | + &push("ebx"); # push data/iv | |
13830 | + | |
13831 | + &cmp("ecx",0); | |
13832 | + &jz(&label("decrypt")); | |
13833 | + | |
13834 | + &and($count,0xfffffff8); | |
13835 | + &mov("eax", &DWP($data_off,"esp","",0)); # load iv[0] | |
13836 | + &mov("ebx", &DWP($data_off+4,"esp","",0)); # load iv[1] | |
13837 | + | |
13838 | + &jz(&label("encrypt_finish")); | |
13839 | + | |
13840 | + ############################################################# | |
13841 | + | |
13842 | + &set_label("encrypt_loop"); | |
13843 | + # encrypt start | |
13844 | + # "eax" and "ebx" hold iv (or the last cipher text) | |
13845 | + | |
13846 | + &mov("ecx", &DWP(0,$in,"",0)); # load first 4 bytes | |
13847 | + &mov("edx", &DWP(4,$in,"",0)); # second 4 bytes | |
13848 | + | |
13849 | + &xor("eax", "ecx"); | |
13850 | + &xor("ebx", "edx"); | |
13851 | + | |
13852 | + &bswap("eax") if $swap; | |
13853 | + &bswap("ebx") if $swap; | |
13854 | + | |
13855 | + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call | |
13856 | + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # | |
13857 | + | |
13858 | + &call($enc_func); | |
13859 | + | |
13860 | + &mov("eax", &DWP($data_off,"esp","",0)); | |
13861 | + &mov("ebx", &DWP($data_off+4,"esp","",0)); | |
13862 | + | |
13863 | + &bswap("eax") if $swap; | |
13864 | + &bswap("ebx") if $swap; | |
13865 | + | |
13866 | + &mov(&DWP(0,$out,"",0),"eax"); | |
13867 | + &mov(&DWP(4,$out,"",0),"ebx"); | |
13868 | + | |
13869 | + # eax and ebx are the next iv. | |
13870 | + | |
13871 | + &add($in, 8); | |
13872 | + &add($out, 8); | |
13873 | + | |
13874 | + &sub($count, 8); | |
13875 | + &jnz(&label("encrypt_loop")); | |
13876 | + | |
13877 | +###################################################################3 | |
13878 | + &set_label("encrypt_finish"); | |
13879 | + &mov($count, &wparam(2)); # length | |
13880 | + &and($count, 7); | |
13881 | + &jz(&label("finish")); | |
13882 | + &xor("ecx","ecx"); | |
13883 | + &xor("edx","edx"); | |
13884 | + &mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4)); | |
13885 | + &jmp_ptr($count); | |
13886 | + | |
13887 | +&set_label("ej7"); | |
13888 | + &xor("edx", "edx") if $ppro; # ppro friendly | |
13889 | + &movb(&HB("edx"), &BP(6,$in,"",0)); | |
13890 | + &shl("edx",8); | |
13891 | +&set_label("ej6"); | |
13892 | + &movb(&HB("edx"), &BP(5,$in,"",0)); | |
13893 | +&set_label("ej5"); | |
13894 | + &movb(&LB("edx"), &BP(4,$in,"",0)); | |
13895 | +&set_label("ej4"); | |
13896 | + &mov("ecx", &DWP(0,$in,"",0)); | |
13897 | + &jmp(&label("ejend")); | |
13898 | +&set_label("ej3"); | |
13899 | + &movb(&HB("ecx"), &BP(2,$in,"",0)); | |
13900 | + &xor("ecx", "ecx") if $ppro; # ppro friendly | |
13901 | + &shl("ecx",8); | |
13902 | +&set_label("ej2"); | |
13903 | + &movb(&HB("ecx"), &BP(1,$in,"",0)); | |
13904 | +&set_label("ej1"); | |
13905 | + &movb(&LB("ecx"), &BP(0,$in,"",0)); | |
13906 | +&set_label("ejend"); | |
13907 | + | |
13908 | + &xor("eax", "ecx"); | |
13909 | + &xor("ebx", "edx"); | |
13910 | + | |
13911 | + &bswap("eax") if $swap; | |
13912 | + &bswap("ebx") if $swap; | |
13913 | + | |
13914 | + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call | |
13915 | + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # | |
13916 | + | |
13917 | + &call($enc_func); | |
13918 | + | |
13919 | + &mov("eax", &DWP($data_off,"esp","",0)); | |
13920 | + &mov("ebx", &DWP($data_off+4,"esp","",0)); | |
13921 | + | |
13922 | + &bswap("eax") if $swap; | |
13923 | + &bswap("ebx") if $swap; | |
13924 | + | |
13925 | + &mov(&DWP(0,$out,"",0),"eax"); | |
13926 | + &mov(&DWP(4,$out,"",0),"ebx"); | |
13927 | + | |
13928 | + &jmp(&label("finish")); | |
13929 | + | |
13930 | + ############################################################# | |
13931 | + ############################################################# | |
13932 | + &set_label("decrypt",1); | |
13933 | + # decrypt start | |
13934 | + &and($count,0xfffffff8); | |
13935 | + # The next 2 instructions are only for if the jz is taken | |
13936 | + &mov("eax", &DWP($data_off+8,"esp","",0)); # get iv[0] | |
13937 | + &mov("ebx", &DWP($data_off+12,"esp","",0)); # get iv[1] | |
13938 | + &jz(&label("decrypt_finish")); | |
13939 | + | |
13940 | + &set_label("decrypt_loop"); | |
13941 | + &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes | |
13942 | + &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes | |
13943 | + | |
13944 | + &bswap("eax") if $swap; | |
13945 | + &bswap("ebx") if $swap; | |
13946 | + | |
13947 | + &mov(&DWP($data_off,"esp","",0), "eax"); # put back | |
13948 | + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # | |
13949 | + | |
13950 | + &call($dec_func); | |
13951 | + | |
13952 | + &mov("eax", &DWP($data_off,"esp","",0)); # get return | |
13953 | + &mov("ebx", &DWP($data_off+4,"esp","",0)); # | |
13954 | + | |
13955 | + &bswap("eax") if $swap; | |
13956 | + &bswap("ebx") if $swap; | |
13957 | + | |
13958 | + &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] | |
13959 | + &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] | |
13960 | + | |
13961 | + &xor("ecx", "eax"); | |
13962 | + &xor("edx", "ebx"); | |
13963 | + | |
13964 | + &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, | |
13965 | + &mov("ebx", &DWP(4,$in,"",0)); # next iv actually | |
13966 | + | |
13967 | + &mov(&DWP(0,$out,"",0),"ecx"); | |
13968 | + &mov(&DWP(4,$out,"",0),"edx"); | |
13969 | + | |
13970 | + &mov(&DWP($data_off+8,"esp","",0), "eax"); # save iv | |
13971 | + &mov(&DWP($data_off+12,"esp","",0), "ebx"); # | |
13972 | + | |
13973 | + &add($in, 8); | |
13974 | + &add($out, 8); | |
13975 | + | |
13976 | + &sub($count, 8); | |
13977 | + &jnz(&label("decrypt_loop")); | |
13978 | +############################ ENDIT #######################3 | |
13979 | + &set_label("decrypt_finish"); | |
13980 | + &mov($count, &wparam(2)); # length | |
13981 | + &and($count, 7); | |
13982 | + &jz(&label("finish")); | |
13983 | + | |
13984 | + &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes | |
13985 | + &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes | |
13986 | + | |
13987 | + &bswap("eax") if $swap; | |
13988 | + &bswap("ebx") if $swap; | |
13989 | + | |
13990 | + &mov(&DWP($data_off,"esp","",0), "eax"); # put back | |
13991 | + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # | |
13992 | + | |
13993 | + &call($dec_func); | |
13994 | + | |
13995 | + &mov("eax", &DWP($data_off,"esp","",0)); # get return | |
13996 | + &mov("ebx", &DWP($data_off+4,"esp","",0)); # | |
13997 | + | |
13998 | + &bswap("eax") if $swap; | |
13999 | + &bswap("ebx") if $swap; | |
14000 | + | |
14001 | + &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] | |
14002 | + &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] | |
14003 | + | |
14004 | + &xor("ecx", "eax"); | |
14005 | + &xor("edx", "ebx"); | |
14006 | + | |
14007 | + # this is for when we exit | |
14008 | + &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, | |
14009 | + &mov("ebx", &DWP(4,$in,"",0)); # next iv actually | |
14010 | + | |
14011 | +&set_label("dj7"); | |
14012 | + &rotr("edx", 16); | |
14013 | + &movb(&BP(6,$out,"",0), &LB("edx")); | |
14014 | + &shr("edx",16); | |
14015 | +&set_label("dj6"); | |
14016 | + &movb(&BP(5,$out,"",0), &HB("edx")); | |
14017 | +&set_label("dj5"); | |
14018 | + &movb(&BP(4,$out,"",0), &LB("edx")); | |
14019 | +&set_label("dj4"); | |
14020 | + &mov(&DWP(0,$out,"",0), "ecx"); | |
14021 | + &jmp(&label("djend")); | |
14022 | +&set_label("dj3"); | |
14023 | + &rotr("ecx", 16); | |
14024 | + &movb(&BP(2,$out,"",0), &LB("ecx")); | |
14025 | + &shl("ecx",16); | |
14026 | +&set_label("dj2"); | |
14027 | + &movb(&BP(1,$in,"",0), &HB("ecx")); | |
14028 | +&set_label("dj1"); | |
14029 | + &movb(&BP(0,$in,"",0), &LB("ecx")); | |
14030 | +&set_label("djend"); | |
14031 | + | |
14032 | + # final iv is still in eax:ebx | |
14033 | + &jmp(&label("finish")); | |
14034 | + | |
14035 | + | |
14036 | +############################ FINISH #######################3 | |
14037 | + &set_label("finish",1); | |
14038 | + &mov("ecx", &wparam($iv_off)); # Get iv ptr | |
14039 | + | |
14040 | + ################################################# | |
14041 | + $total=16+4; | |
14042 | + $total+=4 if ($p1 > 0); | |
14043 | + $total+=4 if ($p2 > 0); | |
14044 | + $total+=4 if ($p3 > 0); | |
14045 | + &add("esp",$total); | |
14046 | + | |
14047 | + &mov(&DWP(0,"ecx","",0), "eax"); # save iv | |
14048 | + &mov(&DWP(4,"ecx","",0), "ebx"); # save iv | |
14049 | + | |
14050 | + &function_end_A($name); | |
14051 | + | |
14052 | + &set_label("cbc_enc_jmp_table",1); | |
14053 | + &data_word("0"); | |
14054 | + &data_word(&label("ej1")); | |
14055 | + &data_word(&label("ej2")); | |
14056 | + &data_word(&label("ej3")); | |
14057 | + &data_word(&label("ej4")); | |
14058 | + &data_word(&label("ej5")); | |
14059 | + &data_word(&label("ej6")); | |
14060 | + &data_word(&label("ej7")); | |
14061 | + &set_label("cbc_dec_jmp_table",1); | |
14062 | + &data_word("0"); | |
14063 | + &data_word(&label("dj1")); | |
14064 | + &data_word(&label("dj2")); | |
14065 | + &data_word(&label("dj3")); | |
14066 | + &data_word(&label("dj4")); | |
14067 | + &data_word(&label("dj5")); | |
14068 | + &data_word(&label("dj6")); | |
14069 | + &data_word(&label("dj7")); | |
14070 | + | |
14071 | + &function_end_B($name); | |
14072 | + | |
14073 | + } | |
14074 | + | |
14075 | +1; | |
14076 | diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/readme linux/net/ipsec/libdes/asm/perlasm/readme | |
14077 | --- linux-noipsec/net/ipsec/libdes/asm/perlasm/readme Thu Jan 1 01:00:00 1970 | |
14078 | +++ linux/net/ipsec/libdes/asm/perlasm/readme Thu Feb 18 17:41:35 1999 | |
14079 | @@ -0,0 +1,124 @@ | |
14080 | +The perl scripts in this directory are my 'hack' to generate | |
14081 | +multiple different assembler formats via the one origional script. | |
14082 | + | |
14083 | +The way to use this library is to start with adding the path to this directory | |
14084 | +and then include it. | |
14085 | + | |
14086 | +push(@INC,"perlasm","../../perlasm"); | |
14087 | +require "x86asm.pl"; | |
14088 | + | |
14089 | +The first thing we do is setup the file and type of assember | |
14090 | + | |
14091 | +&asm_init($ARGV[0],$0); | |
14092 | + | |
14093 | +The first argument is the 'type'. Currently | |
14094 | +'cpp', 'sol', 'a.out', 'elf' or 'win32'. | |
14095 | +Argument 2 is the file name. | |
14096 | + | |
14097 | +The reciprocal function is | |
14098 | +&asm_finish() which should be called at the end. | |
14099 | + | |
14100 | +There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler, | |
14101 | +and x86unix.pl which is the unix (gas) version. | |
14102 | + | |
14103 | +Functions of interest are: | |
14104 | +&external_label("des_SPtrans"); declare and external variable | |
14105 | +&LB(reg); Low byte for a register | |
14106 | +&HB(reg); High byte for a register | |
14107 | +&BP(off,base,index,scale) Byte pointer addressing | |
14108 | +&DWP(off,base,index,scale) Word pointer addressing | |
14109 | +&stack_push(num) Basically a 'sub esp, num*4' with extra | |
14110 | +&stack_pop(num) inverse of stack_push | |
14111 | +&function_begin(name,extra) Start a function with pushing of | |
14112 | + edi, esi, ebx and ebp. extra is extra win32 | |
14113 | + external info that may be required. | |
14114 | +&function_begin_B(name,extra) Same as norma function_begin but no pushing. | |
14115 | +&function_end(name) Call at end of function. | |
14116 | +&function_end_A(name) Standard pop and ret, for use inside functions | |
14117 | +&function_end_B(name) Call at end but with poping or 'ret'. | |
14118 | +&swtmp(num) Address on stack temp word. | |
14119 | +&wparam(num) Parameter number num, that was push | |
14120 | + in C convention. This all works over pushes | |
14121 | + and pops. | |
14122 | +&comment("hello there") Put in a comment. | |
14123 | +&label("loop") Refer to a label, normally a jmp target. | |
14124 | +&set_label("loop") Set a label at this point. | |
14125 | +&data_word(word) Put in a word of data. | |
14126 | + | |
14127 | +So how does this all hold together? Given | |
14128 | + | |
14129 | +int calc(int len, int *data) | |
14130 | + { | |
14131 | + int i,j=0; | |
14132 | + | |
14133 | + for (i=0; i<len; i++) | |
14134 | + { | |
14135 | + j+=other(data[i]); | |
14136 | + } | |
14137 | + } | |
14138 | + | |
14139 | +So a very simple version of this function could be coded as | |
14140 | + | |
14141 | + push(@INC,"perlasm","../../perlasm"); | |
14142 | + require "x86asm.pl"; | |
14143 | + | |
14144 | + &asm_init($ARGV[0],"cacl.pl"); | |
14145 | + | |
14146 | + &external_label("other"); | |
14147 | + | |
14148 | + $tmp1= "eax"; | |
14149 | + $j= "edi"; | |
14150 | + $data= "esi"; | |
14151 | + $i= "ebp"; | |
14152 | + | |
14153 | + &comment("a simple function"); | |
14154 | + &function_begin("calc"); | |
14155 | + &mov( $data, &wparam(1)); # data | |
14156 | + &xor( $j, $j); | |
14157 | + &xor( $i, $i); | |
14158 | + | |
14159 | + &set_label("loop"); | |
14160 | + &cmp( $i, &wparam(0)); | |
14161 | + &jge( &label("end")); | |
14162 | + | |
14163 | + &mov( $tmp1, &DWP(0,$data,$i,4)); | |
14164 | + &push( $tmp1); | |
14165 | + &call( "other"); | |
14166 | + &add( $j, "eax"); | |
14167 | + &pop( $tmp1); | |
14168 | + &inc( $i); | |
14169 | + &jmp( &label("loop")); | |
14170 | + | |
14171 | + &set_label("end"); | |
14172 | + &mov( "eax", $j); | |
14173 | + | |
14174 | + &function_end("calc"); | |
14175 | + | |
14176 | + &asm_finish(); | |
14177 | + | |
14178 | +The above example is very very unoptimised but gives an idea of how | |
14179 | +things work. | |
14180 | + | |
14181 | +There is also a cbc mode function generator in cbc.pl | |
14182 | + | |
14183 | +&cbc( $name, | |
14184 | + $encrypt_function_name, | |
14185 | + $decrypt_function_name, | |
14186 | + $true_if_byte_swap_needed, | |
14187 | + $parameter_number_for_iv, | |
14188 | + $parameter_number_for_encrypt_flag, | |
14189 | + $first_parameter_to_pass, | |
14190 | + $second_parameter_to_pass, | |
14191 | + $third_parameter_to_pass); | |
14192 | + | |
14193 | +So for example, given | |
14194 | +void BF_encrypt(BF_LONG *data,BF_KEY *key); | |
14195 | +void BF_decrypt(BF_LONG *data,BF_KEY *key); | |
14196 | +void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length, | |
14197 | + BF_KEY *ks, unsigned char *iv, int enc); | |
14198 | + | |
14199 | +&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1); | |
14200 | + | |
14201 | +&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); | |
14202 | +&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); | |
14203 | + | |
14204 | diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/x86asm.pl linux/net/ipsec/libdes/asm/perlasm/x86asm.pl | |
14205 | --- linux-noipsec/net/ipsec/libdes/asm/perlasm/x86asm.pl Thu Jan 1 01:00:00 1970 | |
14206 | +++ linux/net/ipsec/libdes/asm/perlasm/x86asm.pl Thu Feb 18 17:41:35 1999 | |
14207 | @@ -0,0 +1,111 @@ | |
14208 | +#!/usr/local/bin/perl | |
14209 | + | |
14210 | +# require 'x86asm.pl'; | |
14211 | +# &asm_init("cpp","des-586.pl"); | |
14212 | +# XXX | |
14213 | +# XXX | |
14214 | +# main'asm_finish | |
14215 | + | |
14216 | +sub main'asm_finish | |
14217 | + { | |
14218 | + &file_end(); | |
14219 | + &asm_finish_cpp() if $cpp; | |
14220 | + print &asm_get_output(); | |
14221 | + } | |
14222 | + | |
14223 | +sub main'asm_init | |
14224 | + { | |
14225 | + ($type,$fn)=@_; | |
14226 | + $filename=$fn; | |
14227 | + | |
14228 | + $cpp=$sol=$aout=$win32=0; | |
14229 | + if ( ($type eq "elf")) | |
14230 | + { require "x86unix.pl"; } | |
14231 | + elsif ( ($type eq "a.out")) | |
14232 | + { $aout=1; require "x86unix.pl"; } | |
14233 | + elsif ( ($type eq "sol")) | |
14234 | + { $sol=1; require "x86unix.pl"; } | |
14235 | + elsif ( ($type eq "cpp")) | |
14236 | + { $cpp=1; require "x86unix.pl"; } | |
14237 | + elsif ( ($type eq "win32")) | |
14238 | + { $win32=1; require "x86ms.pl"; } | |
14239 | + else | |
14240 | + { | |
14241 | + print STDERR <<"EOF"; | |
14242 | +Pick one target type from | |
14243 | + elf - linux, FreeBSD etc | |
14244 | + a.out - old linux | |
14245 | + sol - x86 solaris | |
14246 | + cpp - format so x86unix.cpp can be used | |
14247 | + win32 - Windows 95/Windows NT | |
14248 | +EOF | |
14249 | + exit(1); | |
14250 | + } | |
14251 | + | |
14252 | + &asm_init_output(); | |
14253 | + | |
14254 | +&comment("Don't even think of reading this code"); | |
14255 | +&comment("It was automatically generated by $filename"); | |
14256 | +&comment("Which is a perl program used to generate the x86 assember for"); | |
14257 | +&comment("any of elf, a.out, BSDI,Win32, or Solaris"); | |
14258 | +&comment("eric <eay\@cryptsoft.com>"); | |
14259 | +&comment(""); | |
14260 | + | |
14261 | + $filename =~ s/\.pl$//; | |
14262 | + &file($filename); | |
14263 | + } | |
14264 | + | |
14265 | +sub asm_finish_cpp | |
14266 | + { | |
14267 | + return unless $cpp; | |
14268 | + | |
14269 | + local($tmp,$i); | |
14270 | + foreach $i (&get_labels()) | |
14271 | + { | |
14272 | + $tmp.="#define $i _$i\n"; | |
14273 | + } | |
14274 | + print <<"EOF"; | |
14275 | +/* Run the C pre-processor over this file with one of the following defined | |
14276 | + * ELF - elf object files, | |
14277 | + * OUT - a.out object files, | |
14278 | + * BSDI - BSDI style a.out object files | |
14279 | + * SOL - Solaris style elf | |
14280 | + */ | |
14281 | + | |
14282 | +#define TYPE(a,b) .type a,b | |
14283 | +#define SIZE(a,b) .size a,b | |
14284 | + | |
14285 | +#if defined(OUT) || defined(BSDI) | |
14286 | +$tmp | |
14287 | +#endif | |
14288 | + | |
14289 | +#ifdef OUT | |
14290 | +#define OK 1 | |
14291 | +#define ALIGN 4 | |
14292 | +#endif | |
14293 | + | |
14294 | +#ifdef BSDI | |
14295 | +#define OK 1 | |
14296 | +#define ALIGN 4 | |
14297 | +#undef SIZE | |
14298 | +#undef TYPE | |
14299 | +#endif | |
14300 | + | |
14301 | +#if defined(ELF) || defined(SOL) | |
14302 | +#define OK 1 | |
14303 | +#define ALIGN 16 | |
14304 | +#endif | |
14305 | + | |
14306 | +#ifndef OK | |
14307 | +You need to define one of | |
14308 | +ELF - elf systems - linux-elf, NetBSD and DG-UX | |
14309 | +OUT - a.out systems - linux-a.out and FreeBSD | |
14310 | +SOL - solaris systems, which are elf with strange comment lines | |
14311 | +BSDI - a.out with a very primative version of as. | |
14312 | +#endif | |
14313 | + | |
14314 | +/* Let the Assembler begin :-) */ | |
14315 | +EOF | |
14316 | + } | |
14317 | + | |
14318 | +1; | |
14319 | diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/x86ms.pl linux/net/ipsec/libdes/asm/perlasm/x86ms.pl | |
14320 | --- linux-noipsec/net/ipsec/libdes/asm/perlasm/x86ms.pl Thu Jan 1 01:00:00 1970 | |
14321 | +++ linux/net/ipsec/libdes/asm/perlasm/x86ms.pl Thu Feb 18 17:41:35 1999 | |
14322 | @@ -0,0 +1,345 @@ | |
14323 | +#!/usr/local/bin/perl | |
14324 | + | |
14325 | +package x86ms; | |
14326 | + | |
14327 | +$label="L000"; | |
14328 | + | |
14329 | +%lb=( 'eax', 'al', | |
14330 | + 'ebx', 'bl', | |
14331 | + 'ecx', 'cl', | |
14332 | + 'edx', 'dl', | |
14333 | + 'ax', 'al', | |
14334 | + 'bx', 'bl', | |
14335 | + 'cx', 'cl', | |
14336 | + 'dx', 'dl', | |
14337 | + ); | |
14338 | + | |
14339 | +%hb=( 'eax', 'ah', | |
14340 | + 'ebx', 'bh', | |
14341 | + 'ecx', 'ch', | |
14342 | + 'edx', 'dh', | |
14343 | + 'ax', 'ah', | |
14344 | + 'bx', 'bh', | |
14345 | + 'cx', 'ch', | |
14346 | + 'dx', 'dh', | |
14347 | + ); | |
14348 | + | |
14349 | +sub main'asm_init_output { @out=(); } | |
14350 | +sub main'asm_get_output { return(@out); } | |
14351 | +sub main'get_labels { return(@labels); } | |
14352 | +sub main'external_label { push(@labels,@_); } | |
14353 | + | |
14354 | +sub main'LB | |
14355 | + { | |
14356 | + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; | |
14357 | + return($lb{$_[0]}); | |
14358 | + } | |
14359 | + | |
14360 | +sub main'HB | |
14361 | + { | |
14362 | + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; | |
14363 | + return($hb{$_[0]}); | |
14364 | + } | |
14365 | + | |
14366 | +sub main'BP | |
14367 | + { | |
14368 | + &get_mem("BYTE",@_); | |
14369 | + } | |
14370 | + | |
14371 | +sub main'DWP | |
14372 | + { | |
14373 | + &get_mem("DWORD",@_); | |
14374 | + } | |
14375 | + | |
14376 | +sub main'stack_push | |
14377 | + { | |
14378 | + local($num)=@_; | |
14379 | + $stack+=$num*4; | |
14380 | + &main'sub("esp",$num*4); | |
14381 | + } | |
14382 | + | |
14383 | +sub main'stack_pop | |
14384 | + { | |
14385 | + local($num)=@_; | |
14386 | + $stack-=$num*4; | |
14387 | + &main'add("esp",$num*4); | |
14388 | + } | |
14389 | + | |
14390 | +sub get_mem | |
14391 | + { | |
14392 | + local($size,$addr,$reg1,$reg2,$idx)=@_; | |
14393 | + local($t,$post); | |
14394 | + local($ret)="$size PTR "; | |
14395 | + | |
14396 | + $addr =~ s/^\s+//; | |
14397 | + if ($addr =~ /^(.+)\+(.+)$/) | |
14398 | + { | |
14399 | + $reg2=&conv($1); | |
14400 | + $addr="_$2"; | |
14401 | + } | |
14402 | + elsif ($addr =~ /^[_a-zA-Z]/) | |
14403 | + { | |
14404 | + $addr="_$addr"; | |
14405 | + } | |
14406 | + | |
14407 | + $reg1="$regs{$reg1}" if defined($regs{$reg1}); | |
14408 | + $reg2="$regs{$reg2}" if defined($regs{$reg2}); | |
14409 | + if (($addr ne "") && ($addr ne 0)) | |
14410 | + { | |
14411 | + if ($addr !~ /^-/) | |
14412 | + { $ret.=$addr; } | |
14413 | + else { $post=$addr; } | |
14414 | + } | |
14415 | + if ($reg2 ne "") | |
14416 | + { | |
14417 | + $t=""; | |
14418 | + $t="*$idx" if ($idx != 0); | |
14419 | + $reg1="+".$reg1 if ("$reg1$post" ne ""); | |
14420 | + $ret.="[$reg2$t$reg1$post]"; | |
14421 | + } | |
14422 | + else | |
14423 | + { | |
14424 | + $ret.="[$reg1$post]" | |
14425 | + } | |
14426 | + return($ret); | |
14427 | + } | |
14428 | + | |
14429 | +sub main'mov { &out2("mov",@_); } | |
14430 | +sub main'movb { &out2("mov",@_); } | |
14431 | +sub main'and { &out2("and",@_); } | |
14432 | +sub main'or { &out2("or",@_); } | |
14433 | +sub main'shl { &out2("shl",@_); } | |
14434 | +sub main'shr { &out2("shr",@_); } | |
14435 | +sub main'xor { &out2("xor",@_); } | |
14436 | +sub main'xorb { &out2("xor",@_); } | |
14437 | +sub main'add { &out2("add",@_); } | |
14438 | +sub main'adc { &out2("adc",@_); } | |
14439 | +sub main'sub { &out2("sub",@_); } | |
14440 | +sub main'rotl { &out2("rol",@_); } | |
14441 | +sub main'rotr { &out2("ror",@_); } | |
14442 | +sub main'exch { &out2("xchg",@_); } | |
14443 | +sub main'cmp { &out2("cmp",@_); } | |
14444 | +sub main'lea { &out2("lea",@_); } | |
14445 | +sub main'mul { &out1("mul",@_); } | |
14446 | +sub main'div { &out1("div",@_); } | |
14447 | +sub main'dec { &out1("dec",@_); } | |
14448 | +sub main'inc { &out1("inc",@_); } | |
14449 | +sub main'jmp { &out1("jmp",@_); } | |
14450 | +sub main'jmp_ptr { &out1p("jmp",@_); } | |
14451 | +sub main'je { &out1("je",@_); } | |
14452 | +sub main'jle { &out1("jle",@_); } | |
14453 | +sub main'jz { &out1("jz",@_); } | |
14454 | +sub main'jge { &out1("jge",@_); } | |
14455 | +sub main'jl { &out1("jl",@_); } | |
14456 | +sub main'jb { &out1("jb",@_); } | |
14457 | +sub main'jnz { &out1("jnz",@_); } | |
14458 | +sub main'jne { &out1("jne",@_); } | |
14459 | +sub main'push { &out1("push",@_); $stack+=4; } | |
14460 | +sub main'pop { &out1("pop",@_); $stack-=4; } | |
14461 | +sub main'bswap { &out1("bswap",@_); &using486(); } | |
14462 | +sub main'not { &out1("not",@_); } | |
14463 | +sub main'call { &out1("call",'_'.$_[0]); } | |
14464 | +sub main'ret { &out0("ret"); } | |
14465 | +sub main'nop { &out0("nop"); } | |
14466 | + | |
14467 | +sub out2 | |
14468 | + { | |
14469 | + local($name,$p1,$p2)=@_; | |
14470 | + local($l,$t); | |
14471 | + | |
14472 | + push(@out,"\t$name\t"); | |
14473 | + $t=&conv($p1).","; | |
14474 | + $l=length($t); | |
14475 | + push(@out,$t); | |
14476 | + $l=4-($l+9)/8; | |
14477 | + push(@out,"\t" x $l); | |
14478 | + push(@out,&conv($p2)); | |
14479 | + push(@out,"\n"); | |
14480 | + } | |
14481 | + | |
14482 | +sub out0 | |
14483 | + { | |
14484 | + local($name)=@_; | |
14485 | + | |
14486 | + push(@out,"\t$name\n"); | |
14487 | + } | |
14488 | + | |
14489 | +sub out1 | |
14490 | + { | |
14491 | + local($name,$p1)=@_; | |
14492 | + local($l,$t); | |
14493 | + | |
14494 | + push(@out,"\t$name\t".&conv($p1)."\n"); | |
14495 | + } | |
14496 | + | |
14497 | +sub conv | |
14498 | + { | |
14499 | + local($p)=@_; | |
14500 | + | |
14501 | + $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; | |
14502 | + return $p; | |
14503 | + } | |
14504 | + | |
14505 | +sub using486 | |
14506 | + { | |
14507 | + return if $using486; | |
14508 | + $using486++; | |
14509 | + grep(s/\.386/\.486/,@out); | |
14510 | + } | |
14511 | + | |
14512 | +sub main'file | |
14513 | + { | |
14514 | + local($file)=@_; | |
14515 | + | |
14516 | + local($tmp)=<<"EOF"; | |
14517 | + TITLE $file.asm | |
14518 | + .386 | |
14519 | +.model FLAT | |
14520 | +EOF | |
14521 | + push(@out,$tmp); | |
14522 | + } | |
14523 | + | |
14524 | +sub main'function_begin | |
14525 | + { | |
14526 | + local($func,$extra)=@_; | |
14527 | + | |
14528 | + push(@labels,$func); | |
14529 | + | |
14530 | + local($tmp)=<<"EOF"; | |
14531 | +_TEXT SEGMENT | |
14532 | +PUBLIC _$func | |
14533 | +$extra | |
14534 | +_$func PROC NEAR | |
14535 | + push ebp | |
14536 | + push ebx | |
14537 | + push esi | |
14538 | + push edi | |
14539 | +EOF | |
14540 | + push(@out,$tmp); | |
14541 | + $stack=20; | |
14542 | + } | |
14543 | + | |
14544 | +sub main'function_begin_B | |
14545 | + { | |
14546 | + local($func,$extra)=@_; | |
14547 | + | |
14548 | + local($tmp)=<<"EOF"; | |
14549 | +_TEXT SEGMENT | |
14550 | +PUBLIC _$func | |
14551 | +$extra | |
14552 | +_$func PROC NEAR | |
14553 | +EOF | |
14554 | + push(@out,$tmp); | |
14555 | + $stack=4; | |
14556 | + } | |
14557 | + | |
14558 | +sub main'function_end | |
14559 | + { | |
14560 | + local($func)=@_; | |
14561 | + | |
14562 | + local($tmp)=<<"EOF"; | |
14563 | + pop edi | |
14564 | + pop esi | |
14565 | + pop ebx | |
14566 | + pop ebp | |
14567 | + ret | |
14568 | +_$func ENDP | |
14569 | +_TEXT ENDS | |
14570 | +EOF | |
14571 | + push(@out,$tmp); | |
14572 | + $stack=0; | |
14573 | + %label=(); | |
14574 | + } | |
14575 | + | |
14576 | +sub main'function_end_B | |
14577 | + { | |
14578 | + local($func)=@_; | |
14579 | + | |
14580 | + local($tmp)=<<"EOF"; | |
14581 | +_$func ENDP | |
14582 | +_TEXT ENDS | |
14583 | +EOF | |
14584 | + push(@out,$tmp); | |
14585 | + $stack=0; | |
14586 | + %label=(); | |
14587 | + } | |
14588 | + | |
14589 | +sub main'function_end_A | |
14590 | + { | |
14591 | + local($func)=@_; | |
14592 | + | |
14593 | + local($tmp)=<<"EOF"; | |
14594 | + pop edi | |
14595 | + pop esi | |
14596 | + pop ebx | |
14597 | + pop ebp | |
14598 | + ret | |
14599 | +EOF | |
14600 | + push(@out,$tmp); | |
14601 | + } | |
14602 | + | |
14603 | +sub main'file_end | |
14604 | + { | |
14605 | + push(@out,"END\n"); | |
14606 | + } | |
14607 | + | |
14608 | +sub main'wparam | |
14609 | + { | |
14610 | + local($num)=@_; | |
14611 | + | |
14612 | + return(&main'DWP($stack+$num*4,"esp","",0)); | |
14613 | + } | |
14614 | + | |
14615 | +sub main'swtmp | |
14616 | + { | |
14617 | + return(&main'DWP($_[0]*4,"esp","",0)); | |
14618 | + } | |
14619 | + | |
14620 | +# Should use swtmp, which is above esp. Linix can trash the stack above esp | |
14621 | +#sub main'wtmp | |
14622 | +# { | |
14623 | +# local($num)=@_; | |
14624 | +# | |
14625 | +# return(&main'DWP(-(($num+1)*4),"esp","",0)); | |
14626 | +# } | |
14627 | + | |
14628 | +sub main'comment | |
14629 | + { | |
14630 | + foreach (@_) | |
14631 | + { | |
14632 | + push(@out,"\t; $_\n"); | |
14633 | + } | |
14634 | + } | |
14635 | + | |
14636 | +sub main'label | |
14637 | + { | |
14638 | + if (!defined($label{$_[0]})) | |
14639 | + { | |
14640 | + $label{$_[0]}="\$${label}${_[0]}"; | |
14641 | + $label++; | |
14642 | + } | |
14643 | + return($label{$_[0]}); | |
14644 | + } | |
14645 | + | |
14646 | +sub main'set_label | |
14647 | + { | |
14648 | + if (!defined($label{$_[0]})) | |
14649 | + { | |
14650 | + $label{$_[0]}="${label}${_[0]}"; | |
14651 | + $label++; | |
14652 | + } | |
14653 | + push(@out,"$label{$_[0]}:\n"); | |
14654 | + } | |
14655 | + | |
14656 | +sub main'data_word | |
14657 | + { | |
14658 | + push(@out,"\tDD\t$_[0]\n"); | |
14659 | + } | |
14660 | + | |
14661 | +sub out1p | |
14662 | + { | |
14663 | + local($name,$p1)=@_; | |
14664 | + local($l,$t); | |
14665 | + | |
14666 | + push(@out,"\t$name\t ".&conv($p1)."\n"); | |
14667 | + } | |
14668 | diff -druN linux-noipsec/net/ipsec/libdes/asm/perlasm/x86unix.pl linux/net/ipsec/libdes/asm/perlasm/x86unix.pl | |
14669 | --- linux-noipsec/net/ipsec/libdes/asm/perlasm/x86unix.pl Thu Jan 1 01:00:00 1970 | |
14670 | +++ linux/net/ipsec/libdes/asm/perlasm/x86unix.pl Thu Feb 18 17:41:36 1999 | |
14671 | @@ -0,0 +1,403 @@ | |
14672 | +#!/usr/local/bin/perl | |
14673 | + | |
14674 | +package x86unix; | |
14675 | + | |
14676 | +$label="L000"; | |
14677 | + | |
14678 | +$align=($main'aout)?"4":"16"; | |
14679 | +$under=($main'aout)?"_":""; | |
14680 | +$com_start=($main'sol)?"/":"#"; | |
14681 | + | |
14682 | +sub main'asm_init_output { @out=(); } | |
14683 | +sub main'asm_get_output { return(@out); } | |
14684 | +sub main'get_labels { return(@labels); } | |
14685 | +sub main'external_label { push(@labels,@_); } | |
14686 | + | |
14687 | +if ($main'cpp) | |
14688 | + { | |
14689 | + $align="ALIGN"; | |
14690 | + $under=""; | |
14691 | + $com_start='/*'; | |
14692 | + $com_end='*/'; | |
14693 | + } | |
14694 | + | |
14695 | +%lb=( 'eax', '%al', | |
14696 | + 'ebx', '%bl', | |
14697 | + 'ecx', '%cl', | |
14698 | + 'edx', '%dl', | |
14699 | + 'ax', '%al', | |
14700 | + 'bx', '%bl', | |
14701 | + 'cx', '%cl', | |
14702 | + 'dx', '%dl', | |
14703 | + ); | |
14704 | + | |
14705 | +%hb=( 'eax', '%ah', | |
14706 | + 'ebx', '%bh', | |
14707 | + 'ecx', '%ch', | |
14708 | + 'edx', '%dh', | |
14709 | + 'ax', '%ah', | |
14710 | + 'bx', '%bh', | |
14711 | + 'cx', '%ch', | |
14712 | + 'dx', '%dh', | |
14713 | + ); | |
14714 | + | |
14715 | +%regs=( 'eax', '%eax', | |
14716 | + 'ebx', '%ebx', | |
14717 | + 'ecx', '%ecx', | |
14718 | + 'edx', '%edx', | |
14719 | + 'esi', '%esi', | |
14720 | + 'edi', '%edi', | |
14721 | + 'ebp', '%ebp', | |
14722 | + 'esp', '%esp', | |
14723 | + ); | |
14724 | + | |
14725 | +%reg_val=( | |
14726 | + 'eax', 0x00, | |
14727 | + 'ebx', 0x03, | |
14728 | + 'ecx', 0x01, | |
14729 | + 'edx', 0x02, | |
14730 | + 'esi', 0x06, | |
14731 | + 'edi', 0x07, | |
14732 | + 'ebp', 0x05, | |
14733 | + 'esp', 0x04, | |
14734 | + ); | |
14735 | + | |
14736 | +sub main'LB | |
14737 | + { | |
14738 | + (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; | |
14739 | + return($lb{$_[0]}); | |
14740 | + } | |
14741 | + | |
14742 | +sub main'HB | |
14743 | + { | |
14744 | + (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; | |
14745 | + return($hb{$_[0]}); | |
14746 | + } | |
14747 | + | |
14748 | +sub main'DWP | |
14749 | + { | |
14750 | + local($addr,$reg1,$reg2,$idx)=@_; | |
14751 | + | |
14752 | + $ret=""; | |
14753 | + $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; | |
14754 | + $reg1="$regs{$reg1}" if defined($regs{$reg1}); | |
14755 | + $reg2="$regs{$reg2}" if defined($regs{$reg2}); | |
14756 | + $ret.=$addr if ($addr ne "") && ($addr ne 0); | |
14757 | + if ($reg2 ne "") | |
14758 | + { $ret.="($reg1,$reg2,$idx)"; } | |
14759 | + else | |
14760 | + { $ret.="($reg1)" } | |
14761 | + return($ret); | |
14762 | + } | |
14763 | + | |
14764 | +sub main'BP | |
14765 | + { | |
14766 | + return(&main'DWP(@_)); | |
14767 | + } | |
14768 | + | |
14769 | +#sub main'BP | |
14770 | +# { | |
14771 | +# local($addr,$reg1,$reg2,$idx)=@_; | |
14772 | +# | |
14773 | +# $ret=""; | |
14774 | +# | |
14775 | +# $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; | |
14776 | +# $reg1="$regs{$reg1}" if defined($regs{$reg1}); | |
14777 | +# $reg2="$regs{$reg2}" if defined($regs{$reg2}); | |
14778 | +# $ret.=$addr if ($addr ne "") && ($addr ne 0); | |
14779 | +# if ($reg2 ne "") | |
14780 | +# { $ret.="($reg1,$reg2,$idx)"; } | |
14781 | +# else | |
14782 | +# { $ret.="($reg1)" } | |
14783 | +# return($ret); | |
14784 | +# } | |
14785 | + | |
14786 | +sub main'mov { &out2("movl",@_); } | |
14787 | +sub main'movb { &out2("movb",@_); } | |
14788 | +sub main'and { &out2("andl",@_); } | |
14789 | +sub main'or { &out2("orl",@_); } | |
14790 | +sub main'shl { &out2("sall",@_); } | |
14791 | +sub main'shr { &out2("shrl",@_); } | |
14792 | +sub main'xor { &out2("xorl",@_); } | |
14793 | +sub main'xorb { &out2("xorb",@_); } | |
14794 | +sub main'add { &out2("addl",@_); } | |
14795 | +sub main'adc { &out2("adcl",@_); } | |
14796 | +sub main'sub { &out2("subl",@_); } | |
14797 | +sub main'rotl { &out2("roll",@_); } | |
14798 | +sub main'rotr { &out2("rorl",@_); } | |
14799 | +sub main'exch { &out2("xchg",@_); } | |
14800 | +sub main'cmp { &out2("cmpl",@_); } | |
14801 | +sub main'lea { &out2("leal",@_); } | |
14802 | +sub main'mul { &out1("mull",@_); } | |
14803 | +sub main'div { &out1("divl",@_); } | |
14804 | +sub main'jmp { &out1("jmp",@_); } | |
14805 | +sub main'jmp_ptr { &out1p("jmp",@_); } | |
14806 | +sub main'je { &out1("je",@_); } | |
14807 | +sub main'jle { &out1("jle",@_); } | |
14808 | +sub main'jne { &out1("jne",@_); } | |
14809 | +sub main'jnz { &out1("jnz",@_); } | |
14810 | +sub main'jz { &out1("jz",@_); } | |
14811 | +sub main'jge { &out1("jge",@_); } | |
14812 | +sub main'jl { &out1("jl",@_); } | |
14813 | +sub main'jb { &out1("jb",@_); } | |
14814 | +sub main'dec { &out1("decl",@_); } | |
14815 | +sub main'inc { &out1("incl",@_); } | |
14816 | +sub main'push { &out1("pushl",@_); $stack+=4; } | |
14817 | +sub main'pop { &out1("popl",@_); $stack-=4; } | |
14818 | +sub main'bswap { &out1("bswapl",@_); } | |
14819 | +sub main'not { &out1("notl",@_); } | |
14820 | +sub main'call { &out1("call",$under.$_[0]); } | |
14821 | +sub main'ret { &out0("ret"); } | |
14822 | +sub main'nop { &out0("nop"); } | |
14823 | + | |
14824 | +sub out2 | |
14825 | + { | |
14826 | + local($name,$p1,$p2)=@_; | |
14827 | + local($l,$ll,$t); | |
14828 | + local(%special)=( "roll",0xD1C0,"rorl",0xD1C8, | |
14829 | + "rcll",0xD1D0,"rcrl",0xD1D8, | |
14830 | + "shll",0xD1E0,"shrl",0xD1E8, | |
14831 | + "sarl",0xD1F8); | |
14832 | + | |
14833 | + if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1)) | |
14834 | + { | |
14835 | + $op=$special{$name}|$reg_val{$p1}; | |
14836 | + $tmp1=sprintf ".byte %d\n",($op>>8)&0xff; | |
14837 | + $tmp2=sprintf ".byte %d\t",$op &0xff; | |
14838 | + push(@out,$tmp1); | |
14839 | + push(@out,$tmp2); | |
14840 | + | |
14841 | + $p2=&conv($p2); | |
14842 | + $p1=&conv($p1); | |
14843 | + &main'comment("$name $p2 $p1"); | |
14844 | + return; | |
14845 | + } | |
14846 | + | |
14847 | + push(@out,"\t$name\t"); | |
14848 | + $t=&conv($p2).","; | |
14849 | + $l=length($t); | |
14850 | + push(@out,$t); | |
14851 | + $ll=4-($l+9)/8; | |
14852 | + $tmp1=sprintf "\t" x $ll; | |
14853 | + push(@out,$tmp1); | |
14854 | + push(@out,&conv($p1)."\n"); | |
14855 | + } | |
14856 | + | |
14857 | +sub out1 | |
14858 | + { | |
14859 | + local($name,$p1)=@_; | |
14860 | + local($l,$t); | |
14861 | + | |
14862 | + push(@out,"\t$name\t".&conv($p1)."\n"); | |
14863 | + } | |
14864 | + | |
14865 | +sub out1p | |
14866 | + { | |
14867 | + local($name,$p1)=@_; | |
14868 | + local($l,$t); | |
14869 | + | |
14870 | + push(@out,"\t$name\t*".&conv($p1)."\n"); | |
14871 | + } | |
14872 | + | |
14873 | +sub out0 | |
14874 | + { | |
14875 | + push(@out,"\t$_[0]\n"); | |
14876 | + } | |
14877 | + | |
14878 | +sub conv | |
14879 | + { | |
14880 | + local($p)=@_; | |
14881 | + | |
14882 | +# $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; | |
14883 | + | |
14884 | + $p=$regs{$p} if (defined($regs{$p})); | |
14885 | + | |
14886 | + $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/; | |
14887 | + $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/; | |
14888 | + return $p; | |
14889 | + } | |
14890 | + | |
14891 | +sub main'file | |
14892 | + { | |
14893 | + local($file)=@_; | |
14894 | + | |
14895 | + local($tmp)=<<"EOF"; | |
14896 | + .file "$file.s" | |
14897 | + .version "01.01" | |
14898 | +gcc2_compiled.: | |
14899 | +EOF | |
14900 | + push(@out,$tmp); | |
14901 | + } | |
14902 | + | |
14903 | +sub main'function_begin | |
14904 | + { | |
14905 | + local($func)=@_; | |
14906 | + | |
14907 | + $func=$under.$func; | |
14908 | + | |
14909 | + local($tmp)=<<"EOF"; | |
14910 | +.text | |
14911 | + .align $align | |
14912 | +.globl $func | |
14913 | +EOF | |
14914 | + push(@out,$tmp); | |
14915 | + if ($main'cpp) | |
14916 | + { $tmp=push(@out,"\tTYPE($func,\@function)\n"); } | |
14917 | + else { $tmp=push(@out,"\t.type\t$func,\@function\n"); } | |
14918 | + push(@out,"$func:\n"); | |
14919 | + $tmp=<<"EOF"; | |
14920 | + pushl %ebp | |
14921 | + pushl %ebx | |
14922 | + pushl %esi | |
14923 | + pushl %edi | |
14924 | + | |
14925 | +EOF | |
14926 | + push(@out,$tmp); | |
14927 | + $stack=20; | |
14928 | + } | |
14929 | + | |
14930 | +sub main'function_begin_B | |
14931 | + { | |
14932 | + local($func,$extra)=@_; | |
14933 | + | |
14934 | + $func=$under.$func; | |
14935 | + | |
14936 | + local($tmp)=<<"EOF"; | |
14937 | +.text | |
14938 | + .align $align | |
14939 | +.globl $func | |
14940 | +EOF | |
14941 | + push(@out,$tmp); | |
14942 | + if ($main'cpp) | |
14943 | + { push(@out,"\tTYPE($func,\@function)\n"); } | |
14944 | + else { push(@out,"\t.type $func,\@function\n"); } | |
14945 | + push(@out,"$func:\n"); | |
14946 | + $stack=4; | |
14947 | + } | |
14948 | + | |
14949 | +sub main'function_end | |
14950 | + { | |
14951 | + local($func)=@_; | |
14952 | + | |
14953 | + $func=$under.$func; | |
14954 | + | |
14955 | + local($tmp)=<<"EOF"; | |
14956 | + popl %edi | |
14957 | + popl %esi | |
14958 | + popl %ebx | |
14959 | + popl %ebp | |
14960 | + ret | |
14961 | +.${func}_end: | |
14962 | +EOF | |
14963 | + push(@out,$tmp); | |
14964 | + if ($main'cpp) | |
14965 | + { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } | |
14966 | + else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); } | |
14967 | + push(@out,".ident \"$func\"\n"); | |
14968 | + $stack=0; | |
14969 | + %label=(); | |
14970 | + } | |
14971 | + | |
14972 | +sub main'function_end_A | |
14973 | + { | |
14974 | + local($func)=@_; | |
14975 | + | |
14976 | + local($tmp)=<<"EOF"; | |
14977 | + popl %edi | |
14978 | + popl %esi | |
14979 | + popl %ebx | |
14980 | + popl %ebp | |
14981 | + ret | |
14982 | +EOF | |
14983 | + push(@out,$tmp); | |
14984 | + } | |
14985 | + | |
14986 | +sub main'function_end_B | |
14987 | + { | |
14988 | + local($func)=@_; | |
14989 | + | |
14990 | + $func=$under.$func; | |
14991 | + | |
14992 | + push(@out,".${func}_end:\n"); | |
14993 | + if ($main'cpp) | |
14994 | + { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } | |
14995 | + else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); } | |
14996 | + push(@out,".ident \"desasm.pl\"\n"); | |
14997 | + $stack=0; | |
14998 | + %label=(); | |
14999 | + } | |
15000 | + | |
15001 | +sub main'wparam | |
15002 | + { | |
15003 | + local($num)=@_; | |
15004 | + | |
15005 | + return(&main'DWP($stack+$num*4,"esp","",0)); | |
15006 | + } | |
15007 | + | |
15008 | +sub main'stack_push | |
15009 | + { | |
15010 | + local($num)=@_; | |
15011 | + $stack+=$num*4; | |
15012 | + &main'sub("esp",$num*4); | |
15013 | + } | |
15014 | + | |
15015 | +sub main'stack_pop | |
15016 | + { | |
15017 | + local($num)=@_; | |
15018 | + $stack-=$num*4; | |
15019 | + &main'add("esp",$num*4); | |
15020 | + } | |
15021 | + | |
15022 | +sub main'swtmp | |
15023 | + { | |
15024 | + return(&main'DWP($_[0]*4,"esp","",0)); | |
15025 | + } | |
15026 | + | |
15027 | +# Should use swtmp, which is above esp. Linix can trash the stack above esp | |
15028 | +#sub main'wtmp | |
15029 | +# { | |
15030 | +# local($num)=@_; | |
15031 | +# | |
15032 | +# return(&main'DWP(-($num+1)*4,"esp","",0)); | |
15033 | +# } | |
15034 | + | |
15035 | +sub main'comment | |
15036 | + { | |
15037 | + foreach (@_) | |
15038 | + { | |
15039 | + if (/^\s*$/) | |
15040 | + { push(@out,"\n"); } | |
15041 | + else | |
15042 | + { push(@out,"\t$com_start $_ $com_end\n"); } | |
15043 | + } | |
15044 | + } | |
15045 | + | |
15046 | +sub main'label | |
15047 | + { | |
15048 | + if (!defined($label{$_[0]})) | |
15049 | + { | |
15050 | + $label{$_[0]}=".${label}${_[0]}"; | |
15051 | + $label++; | |
15052 | + } | |
15053 | + return($label{$_[0]}); | |
15054 | + } | |
15055 | + | |
15056 | +sub main'set_label | |
15057 | + { | |
15058 | + if (!defined($label{$_[0]})) | |
15059 | + { | |
15060 | + $label{$_[0]}=".${label}${_[0]}"; | |
15061 | + $label++; | |
15062 | + } | |
15063 | + push(@out,".align $align\n") if ($_[1] != 0); | |
15064 | + push(@out,"$label{$_[0]}:\n"); | |
15065 | + } | |
15066 | + | |
15067 | +sub main'file_end | |
15068 | + { | |
15069 | + } | |
15070 | + | |
15071 | +sub main'data_word | |
15072 | + { | |
15073 | + push(@out,"\t.long $_[0]\n"); | |
15074 | + } | |
15075 | diff -druN linux-noipsec/net/ipsec/libdes/cbc_enc.c linux/net/ipsec/libdes/cbc_enc.c | |
15076 | --- linux-noipsec/net/ipsec/libdes/cbc_enc.c Thu Jan 1 01:00:00 1970 | |
15077 | +++ linux/net/ipsec/libdes/cbc_enc.c Thu Feb 18 17:41:10 1999 | |
15078 | @@ -0,0 +1,135 @@ | |
15079 | +/* crypto/des/cbc_enc.c */ | |
15080 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
15081 | + * All rights reserved. | |
15082 | + * | |
15083 | + * This package is an SSL implementation written | |
15084 | + * by Eric Young (eay@cryptsoft.com). | |
15085 | + * The implementation was written so as to conform with Netscapes SSL. | |
15086 | + * | |
15087 | + * This library is free for commercial and non-commercial use as long as | |
15088 | + * the following conditions are aheared to. The following conditions | |
15089 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
15090 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
15091 | + * included with this distribution is covered by the same copyright terms | |
15092 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15093 | + * | |
15094 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
15095 | + * the code are not to be removed. | |
15096 | + * If this package is used in a product, Eric Young should be given attribution | |
15097 | + * as the author of the parts of the library used. | |
15098 | + * This can be in the form of a textual message at program startup or | |
15099 | + * in documentation (online or textual) provided with the package. | |
15100 | + * | |
15101 | + * Redistribution and use in source and binary forms, with or without | |
15102 | + * modification, are permitted provided that the following conditions | |
15103 | + * are met: | |
15104 | + * 1. Redistributions of source code must retain the copyright | |
15105 | + * notice, this list of conditions and the following disclaimer. | |
15106 | + * 2. Redistributions in binary form must reproduce the above copyright | |
15107 | + * notice, this list of conditions and the following disclaimer in the | |
15108 | + * documentation and/or other materials provided with the distribution. | |
15109 | + * 3. All advertising materials mentioning features or use of this software | |
15110 | + * must display the following acknowledgement: | |
15111 | + * "This product includes cryptographic software written by | |
15112 | + * Eric Young (eay@cryptsoft.com)" | |
15113 | + * The word 'cryptographic' can be left out if the rouines from the library | |
15114 | + * being used are not cryptographic related :-). | |
15115 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
15116 | + * the apps directory (application code) you must include an acknowledgement: | |
15117 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
15118 | + * | |
15119 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
15120 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15121 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
15122 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
15123 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
15124 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
15125 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15126 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
15127 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
15128 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
15129 | + * SUCH DAMAGE. | |
15130 | + * | |
15131 | + * The licence and distribution terms for any publically available version or | |
15132 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
15133 | + * copied and put under another distribution licence | |
15134 | + * [including the GNU Public Licence.] | |
15135 | + */ | |
15136 | + | |
15137 | +#include "des_locl.h" | |
15138 | + | |
15139 | +void des_cbc_encrypt(input, output, length, schedule, ivec, enc) | |
15140 | +des_cblock (*input); | |
15141 | +des_cblock (*output); | |
15142 | +long length; | |
15143 | +des_key_schedule schedule; | |
15144 | +des_cblock (*ivec); | |
15145 | +int enc; | |
15146 | + { | |
15147 | + register DES_LONG tin0,tin1; | |
15148 | + register DES_LONG tout0,tout1,xor0,xor1; | |
15149 | + register unsigned char *in,*out; | |
15150 | + register long l=length; | |
15151 | + DES_LONG tin[2]; | |
15152 | + unsigned char *iv; | |
15153 | + | |
15154 | + in=(unsigned char *)input; | |
15155 | + out=(unsigned char *)output; | |
15156 | + iv=(unsigned char *)ivec; | |
15157 | + | |
15158 | + if (enc) | |
15159 | + { | |
15160 | + c2l(iv,tout0); | |
15161 | + c2l(iv,tout1); | |
15162 | + for (l-=8; l>=0; l-=8) | |
15163 | + { | |
15164 | + c2l(in,tin0); | |
15165 | + c2l(in,tin1); | |
15166 | + tin0^=tout0; tin[0]=tin0; | |
15167 | + tin1^=tout1; tin[1]=tin1; | |
15168 | + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | |
15169 | + tout0=tin[0]; l2c(tout0,out); | |
15170 | + tout1=tin[1]; l2c(tout1,out); | |
15171 | + } | |
15172 | + if (l != -8) | |
15173 | + { | |
15174 | + c2ln(in,tin0,tin1,l+8); | |
15175 | + tin0^=tout0; tin[0]=tin0; | |
15176 | + tin1^=tout1; tin[1]=tin1; | |
15177 | + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | |
15178 | + tout0=tin[0]; l2c(tout0,out); | |
15179 | + tout1=tin[1]; l2c(tout1,out); | |
15180 | + } | |
15181 | + } | |
15182 | + else | |
15183 | + { | |
15184 | + c2l(iv,xor0); | |
15185 | + c2l(iv,xor1); | |
15186 | + for (l-=8; l>=0; l-=8) | |
15187 | + { | |
15188 | + c2l(in,tin0); tin[0]=tin0; | |
15189 | + c2l(in,tin1); tin[1]=tin1; | |
15190 | + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | |
15191 | + tout0=tin[0]^xor0; | |
15192 | + tout1=tin[1]^xor1; | |
15193 | + l2c(tout0,out); | |
15194 | + l2c(tout1,out); | |
15195 | + xor0=tin0; | |
15196 | + xor1=tin1; | |
15197 | + } | |
15198 | + if (l != -8) | |
15199 | + { | |
15200 | + c2l(in,tin0); tin[0]=tin0; | |
15201 | + c2l(in,tin1); tin[1]=tin1; | |
15202 | + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | |
15203 | + tout0=tin[0]^xor0; | |
15204 | + tout1=tin[1]^xor1; | |
15205 | + l2cn(tout0,tout1,out,l+8); | |
15206 | + /* xor0=tin0; | |
15207 | + xor1=tin1; */ | |
15208 | + } | |
15209 | + } | |
15210 | + tin0=tin1=tout0=tout1=xor0=xor1=0; | |
15211 | + tin[0]=tin[1]=0; | |
15212 | + } | |
15213 | + | |
15214 | diff -druN linux-noipsec/net/ipsec/libdes/des.h linux/net/ipsec/libdes/des.h | |
15215 | --- linux-noipsec/net/ipsec/libdes/des.h Thu Jan 1 01:00:00 1970 | |
15216 | +++ linux/net/ipsec/libdes/des.h Wed Oct 4 16:54:10 2000 | |
15217 | @@ -0,0 +1,303 @@ | |
15218 | +/* crypto/des/des.org */ | |
15219 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
15220 | + * All rights reserved. | |
15221 | + * | |
15222 | + * This package is an SSL implementation written | |
15223 | + * by Eric Young (eay@cryptsoft.com). | |
15224 | + * The implementation was written so as to conform with Netscapes SSL. | |
15225 | + * | |
15226 | + * This library is free for commercial and non-commercial use as long as | |
15227 | + * the following conditions are aheared to. The following conditions | |
15228 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
15229 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
15230 | + * included with this distribution is covered by the same copyright terms | |
15231 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15232 | + * | |
15233 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
15234 | + * the code are not to be removed. | |
15235 | + * If this package is used in a product, Eric Young should be given attribution | |
15236 | + * as the author of the parts of the library used. | |
15237 | + * This can be in the form of a textual message at program startup or | |
15238 | + * in documentation (online or textual) provided with the package. | |
15239 | + * | |
15240 | + * Redistribution and use in source and binary forms, with or without | |
15241 | + * modification, are permitted provided that the following conditions | |
15242 | + * are met: | |
15243 | + * 1. Redistributions of source code must retain the copyright | |
15244 | + * notice, this list of conditions and the following disclaimer. | |
15245 | + * 2. Redistributions in binary form must reproduce the above copyright | |
15246 | + * notice, this list of conditions and the following disclaimer in the | |
15247 | + * documentation and/or other materials provided with the distribution. | |
15248 | + * 3. All advertising materials mentioning features or use of this software | |
15249 | + * must display the following acknowledgement: | |
15250 | + * "This product includes cryptographic software written by | |
15251 | + * Eric Young (eay@cryptsoft.com)" | |
15252 | + * The word 'cryptographic' can be left out if the rouines from the library | |
15253 | + * being used are not cryptographic related :-). | |
15254 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
15255 | + * the apps directory (application code) you must include an acknowledgement: | |
15256 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
15257 | + * | |
15258 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
15259 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15260 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
15261 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
15262 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
15263 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
15264 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15265 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
15266 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
15267 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
15268 | + * SUCH DAMAGE. | |
15269 | + * | |
15270 | + * The licence and distribution terms for any publically available version or | |
15271 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
15272 | + * copied and put under another distribution licence | |
15273 | + * [including the GNU Public Licence.] | |
15274 | + */ | |
15275 | + | |
15276 | +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | |
15277 | + * | |
15278 | + * Always modify des.org since des.h is automatically generated from | |
15279 | + * it during SSLeay configuration. | |
15280 | + * | |
15281 | + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | |
15282 | + */ | |
15283 | + | |
15284 | +#ifndef HEADER_DES_H | |
15285 | +#define HEADER_DES_H | |
15286 | + | |
15287 | +#ifdef __cplusplus | |
15288 | +extern "C" { | |
15289 | +#endif | |
15290 | + | |
15291 | +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a | |
15292 | + * %20 speed up (longs are 8 bytes, int's are 4). */ | |
15293 | +#ifndef DES_LONG | |
15294 | +/* RCSID $Id$ */ | |
15295 | +/* This conditional for FreeS/WAN project. */ | |
15296 | +#ifdef __alpha | |
15297 | +#define DES_LONG unsigned int | |
15298 | +#else | |
15299 | +#define DES_LONG unsigned long | |
15300 | +#endif | |
15301 | +#endif | |
15302 | + | |
15303 | +typedef unsigned char des_cblock[8]; | |
15304 | +typedef struct des_ks_struct | |
15305 | + { | |
15306 | + union { | |
15307 | + des_cblock _; | |
15308 | + /* make sure things are correct size on machines with | |
15309 | + * 8 byte longs */ | |
15310 | + DES_LONG pad[2]; | |
15311 | + } ks; | |
15312 | +#undef _ | |
15313 | +#define _ ks._ | |
15314 | + } des_key_schedule[16]; | |
15315 | + | |
15316 | +#define DES_KEY_SZ (sizeof(des_cblock)) | |
15317 | +#define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) | |
15318 | + | |
15319 | +#define DES_ENCRYPT 1 | |
15320 | +#define DES_DECRYPT 0 | |
15321 | + | |
15322 | +#define DES_CBC_MODE 0 | |
15323 | +#define DES_PCBC_MODE 1 | |
15324 | + | |
15325 | +#define des_ecb2_encrypt(i,o,k1,k2,e) \ | |
15326 | + des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) | |
15327 | + | |
15328 | +#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ | |
15329 | + des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) | |
15330 | + | |
15331 | +#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ | |
15332 | + des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) | |
15333 | + | |
15334 | +#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ | |
15335 | + des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) | |
15336 | + | |
15337 | +#define C_Block des_cblock | |
15338 | +#define Key_schedule des_key_schedule | |
15339 | +#ifdef KERBEROS | |
15340 | +#define ENCRYPT DES_ENCRYPT | |
15341 | +#define DECRYPT DES_DECRYPT | |
15342 | +#endif | |
15343 | +#define KEY_SZ DES_KEY_SZ | |
15344 | +#define string_to_key des_string_to_key | |
15345 | +#define read_pw_string des_read_pw_string | |
15346 | +#define random_key des_random_key | |
15347 | +#define pcbc_encrypt des_pcbc_encrypt | |
15348 | +#define set_key des_set_key | |
15349 | +#define key_sched des_key_sched | |
15350 | +#define ecb_encrypt des_ecb_encrypt | |
15351 | +#define cbc_encrypt des_cbc_encrypt | |
15352 | +#define ncbc_encrypt des_ncbc_encrypt | |
15353 | +#define xcbc_encrypt des_xcbc_encrypt | |
15354 | +#define cbc_cksum des_cbc_cksum | |
15355 | +#define quad_cksum des_quad_cksum | |
15356 | + | |
15357 | +/* For compatibility with the MIT lib - eay 20/05/92 */ | |
15358 | +typedef des_key_schedule bit_64; | |
15359 | +#define des_fixup_key_parity des_set_odd_parity | |
15360 | +#define des_check_key_parity check_parity | |
15361 | + | |
15362 | +extern int des_check_key; /* defaults to false */ | |
15363 | +extern int des_rw_mode; /* defaults to DES_PCBC_MODE */ | |
15364 | + | |
15365 | +/* The next line is used to disable full ANSI prototypes, if your | |
15366 | + * compiler has problems with the prototypes, make sure this line always | |
15367 | + * evaluates to true :-) */ | |
15368 | +#if defined(MSDOS) || defined(__STDC__) | |
15369 | +#undef NOPROTO | |
15370 | +#endif | |
15371 | +#ifndef NOPROTO | |
15372 | +char *des_options(void); | |
15373 | +void des_ecb3_encrypt(des_cblock *input,des_cblock *output, | |
15374 | + des_key_schedule ks1,des_key_schedule ks2, | |
15375 | + des_key_schedule ks3, int enc); | |
15376 | +DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output, | |
15377 | + long length,des_key_schedule schedule,des_cblock *ivec); | |
15378 | +void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length, | |
15379 | + des_key_schedule schedule,des_cblock *ivec,int enc); | |
15380 | +void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length, | |
15381 | + des_key_schedule schedule,des_cblock *ivec,int enc); | |
15382 | +void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length, | |
15383 | + des_key_schedule schedule,des_cblock *ivec, | |
15384 | + des_cblock *inw,des_cblock *outw,int enc); | |
15385 | +void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, | |
15386 | + long length,des_key_schedule schedule,des_cblock *ivec,int enc); | |
15387 | +void des_ecb_encrypt(des_cblock *input,des_cblock *output, | |
15388 | + des_key_schedule ks,int enc); | |
15389 | +void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); | |
15390 | +void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); | |
15391 | +void des_encrypt3(DES_LONG *data, des_key_schedule ks1, | |
15392 | + des_key_schedule ks2, des_key_schedule ks3); | |
15393 | +void des_decrypt3(DES_LONG *data, des_key_schedule ks1, | |
15394 | + des_key_schedule ks2, des_key_schedule ks3); | |
15395 | +void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, | |
15396 | + long length, des_key_schedule ks1, des_key_schedule ks2, | |
15397 | + des_key_schedule ks3, des_cblock *ivec, int enc); | |
15398 | +void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, | |
15399 | + long length, des_key_schedule ks1, des_key_schedule ks2, | |
15400 | + des_key_schedule ks3, des_cblock *ivec, int *num, int enc); | |
15401 | +void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, | |
15402 | + long length, des_key_schedule ks1, des_key_schedule ks2, | |
15403 | + des_key_schedule ks3, des_cblock *ivec, int *num); | |
15404 | + | |
15405 | +void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white), | |
15406 | + des_cblock (*out_white)); | |
15407 | + | |
15408 | +int des_enc_read(int fd,char *buf,int len,des_key_schedule sched, | |
15409 | + des_cblock *iv); | |
15410 | +int des_enc_write(int fd,char *buf,int len,des_key_schedule sched, | |
15411 | + des_cblock *iv); | |
15412 | +char *des_fcrypt(const char *buf,const char *salt, char *ret); | |
15413 | +#ifdef PERL5 | |
15414 | +char *des_crypt(const char *buf,const char *salt); | |
15415 | +#else | |
15416 | +/* some stupid compilers complain because I have declared char instead | |
15417 | + * of const char */ | |
15418 | +#ifdef HEADER_DES_LOCL_H | |
15419 | +char *crypt(const char *buf,const char *salt); | |
15420 | +#else | |
15421 | +char *crypt(); | |
15422 | +#endif | |
15423 | +#endif | |
15424 | +void des_ofb_encrypt(unsigned char *in,unsigned char *out, | |
15425 | + int numbits,long length,des_key_schedule schedule,des_cblock *ivec); | |
15426 | +void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length, | |
15427 | + des_key_schedule schedule,des_cblock *ivec,int enc); | |
15428 | +DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output, | |
15429 | + long length,int out_count,des_cblock *seed); | |
15430 | +void des_random_seed(des_cblock key); | |
15431 | +void des_random_key(des_cblock ret); | |
15432 | +int des_read_password(des_cblock *key,char *prompt,int verify); | |
15433 | +int des_read_2passwords(des_cblock *key1,des_cblock *key2, | |
15434 | + char *prompt,int verify); | |
15435 | +int des_read_pw_string(char *buf,int length,char *prompt,int verify); | |
15436 | +void des_set_odd_parity(des_cblock *key); | |
15437 | +int des_is_weak_key(des_cblock *key); | |
15438 | +int des_set_key(des_cblock *key,des_key_schedule schedule); | |
15439 | +int des_key_sched(des_cblock *key,des_key_schedule schedule); | |
15440 | +void des_string_to_key(char *str,des_cblock *key); | |
15441 | +void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2); | |
15442 | +void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, | |
15443 | + des_key_schedule schedule, des_cblock *ivec, int *num, int enc); | |
15444 | +void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, | |
15445 | + des_key_schedule schedule, des_cblock *ivec, int *num); | |
15446 | +int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify); | |
15447 | + | |
15448 | +/* Extra functions from Mark Murray <mark@grondar.za> */ | |
15449 | +/* The following functions are not in the normal unix build or the | |
15450 | + * SSLeay build. When using the SSLeay build, use RAND_seed() | |
15451 | + * and RAND_bytes() instead. */ | |
15452 | +int des_new_random_key(des_cblock *key); | |
15453 | +void des_init_random_number_generator(des_cblock *key); | |
15454 | +void des_set_random_generator_seed(des_cblock *key); | |
15455 | +void des_set_sequence_number(des_cblock new_sequence_number); | |
15456 | +void des_generate_random_block(des_cblock *block); | |
15457 | + | |
15458 | +#else | |
15459 | + | |
15460 | +char *des_options(); | |
15461 | +void des_ecb3_encrypt(); | |
15462 | +DES_LONG des_cbc_cksum(); | |
15463 | +void des_cbc_encrypt(); | |
15464 | +void des_ncbc_encrypt(); | |
15465 | +void des_xcbc_encrypt(); | |
15466 | +void des_cfb_encrypt(); | |
15467 | +void des_ede3_cfb64_encrypt(); | |
15468 | +void des_ede3_ofb64_encrypt(); | |
15469 | +void des_ecb_encrypt(); | |
15470 | +void des_encrypt(); | |
15471 | +void des_encrypt2(); | |
15472 | +void des_encrypt3(); | |
15473 | +void des_decrypt3(); | |
15474 | +void des_ede3_cbc_encrypt(); | |
15475 | +int des_enc_read(); | |
15476 | +int des_enc_write(); | |
15477 | +char *des_fcrypt(); | |
15478 | +#ifdef PERL5 | |
15479 | +char *des_crypt(); | |
15480 | +#else | |
15481 | +char *crypt(); | |
15482 | +#endif | |
15483 | +void des_ofb_encrypt(); | |
15484 | +void des_pcbc_encrypt(); | |
15485 | +DES_LONG des_quad_cksum(); | |
15486 | +void des_random_seed(); | |
15487 | +void des_random_key(); | |
15488 | +int des_read_password(); | |
15489 | +int des_read_2passwords(); | |
15490 | +int des_read_pw_string(); | |
15491 | +void des_set_odd_parity(); | |
15492 | +int des_is_weak_key(); | |
15493 | +int des_set_key(); | |
15494 | +int des_key_sched(); | |
15495 | +void des_string_to_key(); | |
15496 | +void des_string_to_2keys(); | |
15497 | +void des_cfb64_encrypt(); | |
15498 | +void des_ofb64_encrypt(); | |
15499 | +int des_read_pw(); | |
15500 | +void des_xwhite_in2out(); | |
15501 | + | |
15502 | +/* Extra functions from Mark Murray <mark@grondar.za> */ | |
15503 | +/* The following functions are not in the normal unix build or the | |
15504 | + * SSLeay build. When using the SSLeay build, use RAND_seed() | |
15505 | + * and RAND_bytes() instead. */ | |
15506 | +#ifdef FreeBSD | |
15507 | +int des_new_random_key(); | |
15508 | +void des_init_random_number_generator(); | |
15509 | +void des_set_random_generator_seed(); | |
15510 | +void des_set_sequence_number(); | |
15511 | +void des_generate_random_block(); | |
15512 | +#endif | |
15513 | + | |
15514 | +#endif | |
15515 | + | |
15516 | +#ifdef __cplusplus | |
15517 | +} | |
15518 | +#endif | |
15519 | + | |
15520 | +#endif | |
15521 | diff -druN linux-noipsec/net/ipsec/libdes/des_enc.c linux/net/ipsec/libdes/des_enc.c | |
15522 | --- linux-noipsec/net/ipsec/libdes/des_enc.c Thu Jan 1 01:00:00 1970 | |
15523 | +++ linux/net/ipsec/libdes/des_enc.c Thu Feb 18 17:41:12 1999 | |
15524 | @@ -0,0 +1,502 @@ | |
15525 | +/* crypto/des/des_enc.c */ | |
15526 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
15527 | + * All rights reserved. | |
15528 | + * | |
15529 | + * This package is an SSL implementation written | |
15530 | + * by Eric Young (eay@cryptsoft.com). | |
15531 | + * The implementation was written so as to conform with Netscapes SSL. | |
15532 | + * | |
15533 | + * This library is free for commercial and non-commercial use as long as | |
15534 | + * the following conditions are aheared to. The following conditions | |
15535 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
15536 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
15537 | + * included with this distribution is covered by the same copyright terms | |
15538 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15539 | + * | |
15540 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
15541 | + * the code are not to be removed. | |
15542 | + * If this package is used in a product, Eric Young should be given attribution | |
15543 | + * as the author of the parts of the library used. | |
15544 | + * This can be in the form of a textual message at program startup or | |
15545 | + * in documentation (online or textual) provided with the package. | |
15546 | + * | |
15547 | + * Redistribution and use in source and binary forms, with or without | |
15548 | + * modification, are permitted provided that the following conditions | |
15549 | + * are met: | |
15550 | + * 1. Redistributions of source code must retain the copyright | |
15551 | + * notice, this list of conditions and the following disclaimer. | |
15552 | + * 2. Redistributions in binary form must reproduce the above copyright | |
15553 | + * notice, this list of conditions and the following disclaimer in the | |
15554 | + * documentation and/or other materials provided with the distribution. | |
15555 | + * 3. All advertising materials mentioning features or use of this software | |
15556 | + * must display the following acknowledgement: | |
15557 | + * "This product includes cryptographic software written by | |
15558 | + * Eric Young (eay@cryptsoft.com)" | |
15559 | + * The word 'cryptographic' can be left out if the rouines from the library | |
15560 | + * being used are not cryptographic related :-). | |
15561 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
15562 | + * the apps directory (application code) you must include an acknowledgement: | |
15563 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
15564 | + * | |
15565 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
15566 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
15567 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
15568 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
15569 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
15570 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
15571 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15572 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
15573 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
15574 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
15575 | + * SUCH DAMAGE. | |
15576 | + * | |
15577 | + * The licence and distribution terms for any publically available version or | |
15578 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
15579 | + * copied and put under another distribution licence | |
15580 | + * [including the GNU Public Licence.] | |
15581 | + */ | |
15582 | + | |
15583 | +#include "des_locl.h" | |
15584 | + | |
15585 | +void des_encrypt(data, ks, enc) | |
15586 | +DES_LONG *data; | |
15587 | +des_key_schedule ks; | |
15588 | +int enc; | |
15589 | + { | |
15590 | + register DES_LONG l,r,t,u; | |
15591 | +#ifdef DES_PTR | |
15592 | + register unsigned char *des_SP=(unsigned char *)des_SPtrans; | |
15593 | +#endif | |
15594 | +#ifndef DES_UNROLL | |
15595 | + register int i; | |
15596 | +#endif | |
15597 | + register DES_LONG *s; | |
15598 | + | |
15599 | + r=data[0]; | |
15600 | + l=data[1]; | |
15601 | + | |
15602 | + IP(r,l); | |
15603 | + /* Things have been modified so that the initial rotate is | |
15604 | + * done outside the loop. This required the | |
15605 | + * des_SPtrans values in sp.h to be rotated 1 bit to the right. | |
15606 | + * One perl script later and things have a 5% speed up on a sparc2. | |
15607 | + * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> | |
15608 | + * for pointing this out. */ | |
15609 | + /* clear the top bits on machines with 8byte longs */ | |
15610 | + /* shift left by 2 */ | |
15611 | + r=ROTATE(r,29)&0xffffffffL; | |
15612 | + l=ROTATE(l,29)&0xffffffffL; | |
15613 | + | |
15614 | + s=(DES_LONG *)ks; | |
15615 | + /* I don't know if it is worth the effort of loop unrolling the | |
15616 | + * inner loop */ | |
15617 | + if (enc) | |
15618 | + { | |
15619 | +#ifdef DES_UNROLL | |
15620 | + D_ENCRYPT(l,r, 0); /* 1 */ | |
15621 | + D_ENCRYPT(r,l, 2); /* 2 */ | |
15622 | + D_ENCRYPT(l,r, 4); /* 3 */ | |
15623 | + D_ENCRYPT(r,l, 6); /* 4 */ | |
15624 | + D_ENCRYPT(l,r, 8); /* 5 */ | |
15625 | + D_ENCRYPT(r,l,10); /* 6 */ | |
15626 | + D_ENCRYPT(l,r,12); /* 7 */ | |
15627 | + D_ENCRYPT(r,l,14); /* 8 */ | |
15628 | + D_ENCRYPT(l,r,16); /* 9 */ | |
15629 | + D_ENCRYPT(r,l,18); /* 10 */ | |
15630 | + D_ENCRYPT(l,r,20); /* 11 */ | |
15631 | + D_ENCRYPT(r,l,22); /* 12 */ | |
15632 | + D_ENCRYPT(l,r,24); /* 13 */ | |
15633 | + D_ENCRYPT(r,l,26); /* 14 */ | |
15634 | + D_ENCRYPT(l,r,28); /* 15 */ | |
15635 | + D_ENCRYPT(r,l,30); /* 16 */ | |
15636 | +#else | |
15637 | + for (i=0; i<32; i+=8) | |
15638 | + { | |
15639 | + D_ENCRYPT(l,r,i+0); /* 1 */ | |
15640 | + D_ENCRYPT(r,l,i+2); /* 2 */ | |
15641 | + D_ENCRYPT(l,r,i+4); /* 3 */ | |
15642 | + D_ENCRYPT(r,l,i+6); /* 4 */ | |
15643 | + } | |
15644 | +#endif | |
15645 | + } | |
15646 | + else | |
15647 | + { | |
15648 | +#ifdef DES_UNROLL | |
15649 | + D_ENCRYPT(l,r,30); /* 16 */ | |
15650 | + D_ENCRYPT(r,l,28); /* 15 */ | |
15651 | + D_ENCRYPT(l,r,26); /* 14 */ | |
15652 | + D_ENCRYPT(r,l,24); /* 13 */ | |
15653 | + D_ENCRYPT(l,r,22); /* 12 */ | |
15654 | + D_ENCRYPT(r,l,20); /* 11 */ | |
15655 | + D_ENCRYPT(l,r,18); /* 10 */ | |
15656 | + D_ENCRYPT(r,l,16); /* 9 */ | |
15657 | + D_ENCRYPT(l,r,14); /* 8 */ | |
15658 | + D_ENCRYPT(r,l,12); /* 7 */ | |
15659 | + D_ENCRYPT(l,r,10); /* 6 */ | |
15660 | + D_ENCRYPT(r,l, 8); /* 5 */ | |
15661 | + D_ENCRYPT(l,r, 6); /* 4 */ | |
15662 | + D_ENCRYPT(r,l, 4); /* 3 */ | |
15663 | + D_ENCRYPT(l,r, 2); /* 2 */ | |
15664 | + D_ENCRYPT(r,l, 0); /* 1 */ | |
15665 | +#else | |
15666 | + for (i=30; i>0; i-=8) | |
15667 | + { | |
15668 | + D_ENCRYPT(l,r,i-0); /* 16 */ | |
15669 | + D_ENCRYPT(r,l,i-2); /* 15 */ | |
15670 | + D_ENCRYPT(l,r,i-4); /* 14 */ | |
15671 | + D_ENCRYPT(r,l,i-6); /* 13 */ | |
15672 | + } | |
15673 | +#endif | |
15674 | + } | |
15675 | + | |
15676 | + /* rotate and clear the top bits on machines with 8byte longs */ | |
15677 | + l=ROTATE(l,3)&0xffffffffL; | |
15678 | + r=ROTATE(r,3)&0xffffffffL; | |
15679 | + | |
15680 | + FP(r,l); | |
15681 | + data[0]=l; | |
15682 | + data[1]=r; | |
15683 | + l=r=t=u=0; | |
15684 | + } | |
15685 | + | |
15686 | +void des_encrypt2(data, ks, enc) | |
15687 | +DES_LONG *data; | |
15688 | +des_key_schedule ks; | |
15689 | +int enc; | |
15690 | + { | |
15691 | + register DES_LONG l,r,t,u; | |
15692 | +#ifdef DES_PTR | |
15693 | + register unsigned char *des_SP=(unsigned char *)des_SPtrans; | |
15694 | +#endif | |
15695 | +#ifndef DES_UNROLL | |
15696 | + register int i; | |
15697 | +#endif | |
15698 | + register DES_LONG *s; | |
15699 | + | |
15700 | + r=data[0]; | |
15701 | + l=data[1]; | |
15702 | + | |
15703 | + /* Things have been modified so that the initial rotate is | |
15704 | + * done outside the loop. This required the | |
15705 | + * des_SPtrans values in sp.h to be rotated 1 bit to the right. | |
15706 | + * One perl script later and things have a 5% speed up on a sparc2. | |
15707 | + * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> | |
15708 | + * for pointing this out. */ | |
15709 | + /* clear the top bits on machines with 8byte longs */ | |
15710 | + r=ROTATE(r,29)&0xffffffffL; | |
15711 | + l=ROTATE(l,29)&0xffffffffL; | |
15712 | + | |
15713 | + s=(DES_LONG *)ks; | |
15714 | + /* I don't know if it is worth the effort of loop unrolling the | |
15715 | + * inner loop */ | |
15716 | + if (enc) | |
15717 | + { | |
15718 | +#ifdef DES_UNROLL | |
15719 | + D_ENCRYPT(l,r, 0); /* 1 */ | |
15720 | + D_ENCRYPT(r,l, 2); /* 2 */ | |
15721 | + D_ENCRYPT(l,r, 4); /* 3 */ | |
15722 | + D_ENCRYPT(r,l, 6); /* 4 */ | |
15723 | + D_ENCRYPT(l,r, 8); /* 5 */ | |
15724 | + D_ENCRYPT(r,l,10); /* 6 */ | |
15725 | + D_ENCRYPT(l,r,12); /* 7 */ | |
15726 | + D_ENCRYPT(r,l,14); /* 8 */ | |
15727 | + D_ENCRYPT(l,r,16); /* 9 */ | |
15728 | + D_ENCRYPT(r,l,18); /* 10 */ | |
15729 | + D_ENCRYPT(l,r,20); /* 11 */ | |
15730 | + D_ENCRYPT(r,l,22); /* 12 */ | |
15731 | + D_ENCRYPT(l,r,24); /* 13 */ | |
15732 | + D_ENCRYPT(r,l,26); /* 14 */ | |
15733 | + D_ENCRYPT(l,r,28); /* 15 */ | |
15734 | + D_ENCRYPT(r,l,30); /* 16 */ | |
15735 | +#else | |
15736 | + for (i=0; i<32; i+=8) | |
15737 | + { | |
15738 | + D_ENCRYPT(l,r,i+0); /* 1 */ | |
15739 | + D_ENCRYPT(r,l,i+2); /* 2 */ | |
15740 | + D_ENCRYPT(l,r,i+4); /* 3 */ | |
15741 | + D_ENCRYPT(r,l,i+6); /* 4 */ | |
15742 | + } | |
15743 | +#endif | |
15744 | + } | |
15745 | + else | |
15746 | + { | |
15747 | +#ifdef DES_UNROLL | |
15748 | + D_ENCRYPT(l,r,30); /* 16 */ | |
15749 | + D_ENCRYPT(r,l,28); /* 15 */ | |
15750 | + D_ENCRYPT(l,r,26); /* 14 */ | |
15751 | + D_ENCRYPT(r,l,24); /* 13 */ | |
15752 | + D_ENCRYPT(l,r,22); /* 12 */ | |
15753 | + D_ENCRYPT(r,l,20); /* 11 */ | |
15754 | + D_ENCRYPT(l,r,18); /* 10 */ | |
15755 | + D_ENCRYPT(r,l,16); /* 9 */ | |
15756 | + D_ENCRYPT(l,r,14); /* 8 */ | |
15757 | + D_ENCRYPT(r,l,12); /* 7 */ | |
15758 | + D_ENCRYPT(l,r,10); /* 6 */ | |
15759 | + D_ENCRYPT(r,l, 8); /* 5 */ | |
15760 | + D_ENCRYPT(l,r, 6); /* 4 */ | |
15761 | + D_ENCRYPT(r,l, 4); /* 3 */ | |
15762 | + D_ENCRYPT(l,r, 2); /* 2 */ | |
15763 | + D_ENCRYPT(r,l, 0); /* 1 */ | |
15764 | +#else | |
15765 | + for (i=30; i>0; i-=8) | |
15766 | + { | |
15767 | + D_ENCRYPT(l,r,i-0); /* 16 */ | |
15768 | + D_ENCRYPT(r,l,i-2); /* 15 */ | |
15769 | + D_ENCRYPT(l,r,i-4); /* 14 */ | |
15770 | + D_ENCRYPT(r,l,i-6); /* 13 */ | |
15771 | + } | |
15772 | +#endif | |
15773 | + } | |
15774 | + /* rotate and clear the top bits on machines with 8byte longs */ | |
15775 | + data[0]=ROTATE(l,3)&0xffffffffL; | |
15776 | + data[1]=ROTATE(r,3)&0xffffffffL; | |
15777 | + l=r=t=u=0; | |
15778 | + } | |
15779 | + | |
15780 | +void des_encrypt3(data,ks1,ks2,ks3) | |
15781 | +DES_LONG *data; | |
15782 | +des_key_schedule ks1; | |
15783 | +des_key_schedule ks2; | |
15784 | +des_key_schedule ks3; | |
15785 | + { | |
15786 | + register DES_LONG l,r; | |
15787 | + | |
15788 | + l=data[0]; | |
15789 | + r=data[1]; | |
15790 | + IP(l,r); | |
15791 | + data[0]=l; | |
15792 | + data[1]=r; | |
15793 | + des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT); | |
15794 | + des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT); | |
15795 | + des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT); | |
15796 | + l=data[0]; | |
15797 | + r=data[1]; | |
15798 | + FP(r,l); | |
15799 | + data[0]=l; | |
15800 | + data[1]=r; | |
15801 | + } | |
15802 | + | |
15803 | +void des_decrypt3(data,ks1,ks2,ks3) | |
15804 | +DES_LONG *data; | |
15805 | +des_key_schedule ks1; | |
15806 | +des_key_schedule ks2; | |
15807 | +des_key_schedule ks3; | |
15808 | + { | |
15809 | + register DES_LONG l,r; | |
15810 | + | |
15811 | + l=data[0]; | |
15812 | + r=data[1]; | |
15813 | + IP(l,r); | |
15814 | + data[0]=l; | |
15815 | + data[1]=r; | |
15816 | + des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT); | |
15817 | + des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT); | |
15818 | + des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT); | |
15819 | + l=data[0]; | |
15820 | + r=data[1]; | |
15821 | + FP(r,l); | |
15822 | + data[0]=l; | |
15823 | + data[1]=r; | |
15824 | + } | |
15825 | + | |
15826 | +#ifndef DES_DEFAULT_OPTIONS | |
15827 | + | |
15828 | +void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) | |
15829 | +des_cblock (*input); | |
15830 | +des_cblock (*output); | |
15831 | +long length; | |
15832 | +des_key_schedule schedule; | |
15833 | +des_cblock (*ivec); | |
15834 | +int enc; | |
15835 | + { | |
15836 | + register DES_LONG tin0,tin1; | |
15837 | + register DES_LONG tout0,tout1,xor0,xor1; | |
15838 | + register unsigned char *in,*out; | |
15839 | + register long l=length; | |
15840 | + DES_LONG tin[2]; | |
15841 | + unsigned char *iv; | |
15842 | + | |
15843 | + in=(unsigned char *)input; | |
15844 | + out=(unsigned char *)output; | |
15845 | + iv=(unsigned char *)ivec; | |
15846 | + | |
15847 | + if (enc) | |
15848 | + { | |
15849 | + c2l(iv,tout0); | |
15850 | + c2l(iv,tout1); | |
15851 | + for (l-=8; l>=0; l-=8) | |
15852 | + { | |
15853 | + c2l(in,tin0); | |
15854 | + c2l(in,tin1); | |
15855 | + tin0^=tout0; tin[0]=tin0; | |
15856 | + tin1^=tout1; tin[1]=tin1; | |
15857 | + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | |
15858 | + tout0=tin[0]; l2c(tout0,out); | |
15859 | + tout1=tin[1]; l2c(tout1,out); | |
15860 | + } | |
15861 | + if (l != -8) | |
15862 | + { | |
15863 | + c2ln(in,tin0,tin1,l+8); | |
15864 | + tin0^=tout0; tin[0]=tin0; | |
15865 | + tin1^=tout1; tin[1]=tin1; | |
15866 | + des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | |
15867 | + tout0=tin[0]; l2c(tout0,out); | |
15868 | + tout1=tin[1]; l2c(tout1,out); | |
15869 | + } | |
15870 | + iv=(unsigned char *)ivec; | |
15871 | + l2c(tout0,iv); | |
15872 | + l2c(tout1,iv); | |
15873 | + } | |
15874 | + else | |
15875 | + { | |
15876 | + c2l(iv,xor0); | |
15877 | + c2l(iv,xor1); | |
15878 | + for (l-=8; l>=0; l-=8) | |
15879 | + { | |
15880 | + c2l(in,tin0); tin[0]=tin0; | |
15881 | + c2l(in,tin1); tin[1]=tin1; | |
15882 | + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | |
15883 | + tout0=tin[0]^xor0; | |
15884 | + tout1=tin[1]^xor1; | |
15885 | + l2c(tout0,out); | |
15886 | + l2c(tout1,out); | |
15887 | + xor0=tin0; | |
15888 | + xor1=tin1; | |
15889 | + } | |
15890 | + if (l != -8) | |
15891 | + { | |
15892 | + c2l(in,tin0); tin[0]=tin0; | |
15893 | + c2l(in,tin1); tin[1]=tin1; | |
15894 | + des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | |
15895 | + tout0=tin[0]^xor0; | |
15896 | + tout1=tin[1]^xor1; | |
15897 | + l2cn(tout0,tout1,out,l+8); | |
15898 | + xor0=tin0; | |
15899 | + xor1=tin1; | |
15900 | + } | |
15901 | + | |
15902 | + iv=(unsigned char *)ivec; | |
15903 | + l2c(xor0,iv); | |
15904 | + l2c(xor1,iv); | |
15905 | + } | |
15906 | + tin0=tin1=tout0=tout1=xor0=xor1=0; | |
15907 | + tin[0]=tin[1]=0; | |
15908 | + } | |
15909 | + | |
15910 | +void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc) | |
15911 | +des_cblock (*input); | |
15912 | +des_cblock (*output); | |
15913 | +long length; | |
15914 | +des_key_schedule ks1; | |
15915 | +des_key_schedule ks2; | |
15916 | +des_key_schedule ks3; | |
15917 | +des_cblock (*ivec); | |
15918 | +int enc; | |
15919 | + { | |
15920 | + register DES_LONG tin0,tin1; | |
15921 | + register DES_LONG tout0,tout1,xor0,xor1; | |
15922 | + register unsigned char *in,*out; | |
15923 | + register long l=length; | |
15924 | + DES_LONG tin[2]; | |
15925 | + unsigned char *iv; | |
15926 | + | |
15927 | + in=(unsigned char *)input; | |
15928 | + out=(unsigned char *)output; | |
15929 | + iv=(unsigned char *)ivec; | |
15930 | + | |
15931 | + if (enc) | |
15932 | + { | |
15933 | + c2l(iv,tout0); | |
15934 | + c2l(iv,tout1); | |
15935 | + for (l-=8; l>=0; l-=8) | |
15936 | + { | |
15937 | + c2l(in,tin0); | |
15938 | + c2l(in,tin1); | |
15939 | + tin0^=tout0; | |
15940 | + tin1^=tout1; | |
15941 | + | |
15942 | + tin[0]=tin0; | |
15943 | + tin[1]=tin1; | |
15944 | + des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); | |
15945 | + tout0=tin[0]; | |
15946 | + tout1=tin[1]; | |
15947 | + | |
15948 | + l2c(tout0,out); | |
15949 | + l2c(tout1,out); | |
15950 | + } | |
15951 | + if (l != -8) | |
15952 | + { | |
15953 | + c2ln(in,tin0,tin1,l+8); | |
15954 | + tin0^=tout0; | |
15955 | + tin1^=tout1; | |
15956 | + | |
15957 | + tin[0]=tin0; | |
15958 | + tin[1]=tin1; | |
15959 | + des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); | |
15960 | + tout0=tin[0]; | |
15961 | + tout1=tin[1]; | |
15962 | + | |
15963 | + l2c(tout0,out); | |
15964 | + l2c(tout1,out); | |
15965 | + } | |
15966 | + iv=(unsigned char *)ivec; | |
15967 | + l2c(tout0,iv); | |
15968 | + l2c(tout1,iv); | |
15969 | + } | |
15970 | + else | |
15971 | + { | |
15972 | + register DES_LONG t0,t1; | |
15973 | + | |
15974 | + c2l(iv,xor0); | |
15975 | + c2l(iv,xor1); | |
15976 | + for (l-=8; l>=0; l-=8) | |
15977 | + { | |
15978 | + c2l(in,tin0); | |
15979 | + c2l(in,tin1); | |
15980 | + | |
15981 | + t0=tin0; | |
15982 | + t1=tin1; | |
15983 | + | |
15984 | + tin[0]=tin0; | |
15985 | + tin[1]=tin1; | |
15986 | + des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); | |
15987 | + tout0=tin[0]; | |
15988 | + tout1=tin[1]; | |
15989 | + | |
15990 | + tout0^=xor0; | |
15991 | + tout1^=xor1; | |
15992 | + l2c(tout0,out); | |
15993 | + l2c(tout1,out); | |
15994 | + xor0=t0; | |
15995 | + xor1=t1; | |
15996 | + } | |
15997 | + if (l != -8) | |
15998 | + { | |
15999 | + c2l(in,tin0); | |
16000 | + c2l(in,tin1); | |
16001 | + | |
16002 | + t0=tin0; | |
16003 | + t1=tin1; | |
16004 | + | |
16005 | + tin[0]=tin0; | |
16006 | + tin[1]=tin1; | |
16007 | + des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); | |
16008 | + tout0=tin[0]; | |
16009 | + tout1=tin[1]; | |
16010 | + | |
16011 | + tout0^=xor0; | |
16012 | + tout1^=xor1; | |
16013 | + l2cn(tout0,tout1,out,l+8); | |
16014 | + xor0=t0; | |
16015 | + xor1=t1; | |
16016 | + } | |
16017 | + | |
16018 | + iv=(unsigned char *)ivec; | |
16019 | + l2c(xor0,iv); | |
16020 | + l2c(xor1,iv); | |
16021 | + } | |
16022 | + tin0=tin1=tout0=tout1=xor0=xor1=0; | |
16023 | + tin[0]=tin[1]=0; | |
16024 | + } | |
16025 | + | |
16026 | +#endif /* DES_DEFAULT_OPTIONS */ | |
16027 | diff -druN linux-noipsec/net/ipsec/libdes/des_locl.h linux/net/ipsec/libdes/des_locl.h | |
16028 | --- linux-noipsec/net/ipsec/libdes/des_locl.h Thu Jan 1 01:00:00 1970 | |
16029 | +++ linux/net/ipsec/libdes/des_locl.h Wed Oct 4 16:54:10 2000 | |
16030 | @@ -0,0 +1,511 @@ | |
16031 | +/* crypto/des/des_locl.org */ | |
16032 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
16033 | + * All rights reserved. | |
16034 | + * | |
16035 | + * This package is an SSL implementation written | |
16036 | + * by Eric Young (eay@cryptsoft.com). | |
16037 | + * The implementation was written so as to conform with Netscapes SSL. | |
16038 | + * | |
16039 | + * This library is free for commercial and non-commercial use as long as | |
16040 | + * the following conditions are aheared to. The following conditions | |
16041 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
16042 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
16043 | + * included with this distribution is covered by the same copyright terms | |
16044 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
16045 | + * | |
16046 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
16047 | + * the code are not to be removed. | |
16048 | + * If this package is used in a product, Eric Young should be given attribution | |
16049 | + * as the author of the parts of the library used. | |
16050 | + * This can be in the form of a textual message at program startup or | |
16051 | + * in documentation (online or textual) provided with the package. | |
16052 | + * | |
16053 | + * Redistribution and use in source and binary forms, with or without | |
16054 | + * modification, are permitted provided that the following conditions | |
16055 | + * are met: | |
16056 | + * 1. Redistributions of source code must retain the copyright | |
16057 | + * notice, this list of conditions and the following disclaimer. | |
16058 | + * 2. Redistributions in binary form must reproduce the above copyright | |
16059 | + * notice, this list of conditions and the following disclaimer in the | |
16060 | + * documentation and/or other materials provided with the distribution. | |
16061 | + * 3. All advertising materials mentioning features or use of this software | |
16062 | + * must display the following acknowledgement: | |
16063 | + * "This product includes cryptographic software written by | |
16064 | + * Eric Young (eay@cryptsoft.com)" | |
16065 | + * The word 'cryptographic' can be left out if the rouines from the library | |
16066 | + * being used are not cryptographic related :-). | |
16067 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
16068 | + * the apps directory (application code) you must include an acknowledgement: | |
16069 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
16070 | + * | |
16071 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
16072 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
16073 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
16074 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
16075 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
16076 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
16077 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
16078 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
16079 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
16080 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
16081 | + * SUCH DAMAGE. | |
16082 | + * | |
16083 | + * The licence and distribution terms for any publically available version or | |
16084 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
16085 | + * copied and put under another distribution licence | |
16086 | + * [including the GNU Public Licence.] | |
16087 | + */ | |
16088 | + | |
16089 | +/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | |
16090 | + * | |
16091 | + * Always modify des_locl.org since des_locl.h is automatically generated from | |
16092 | + * it during SSLeay configuration. | |
16093 | + * | |
16094 | + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | |
16095 | + */ | |
16096 | + | |
16097 | +#ifndef HEADER_DES_LOCL_H | |
16098 | +#define HEADER_DES_LOCL_H | |
16099 | + | |
16100 | +#if defined(WIN32) || defined(WIN16) | |
16101 | +#ifndef MSDOS | |
16102 | +#define MSDOS | |
16103 | +#endif | |
16104 | +#endif | |
16105 | + | |
16106 | +#include "des.h" | |
16107 | + | |
16108 | +#ifndef DES_DEFAULT_OPTIONS | |
16109 | +/* the following is tweaked from a config script, that is why it is a | |
16110 | + * protected undef/define */ | |
16111 | +#ifndef DES_PTR | |
16112 | +#define DES_PTR | |
16113 | +#endif | |
16114 | + | |
16115 | +/* This helps C compiler generate the correct code for multiple functional | |
16116 | + * units. It reduces register dependancies at the expense of 2 more | |
16117 | + * registers */ | |
16118 | +#ifndef DES_RISC1 | |
16119 | +#define DES_RISC1 | |
16120 | +#endif | |
16121 | + | |
16122 | +#ifndef DES_RISC2 | |
16123 | +#undef DES_RISC2 | |
16124 | +#endif | |
16125 | + | |
16126 | +#if defined(DES_RISC1) && defined(DES_RISC2) | |
16127 | +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! | |
16128 | +#endif | |
16129 | + | |
16130 | +/* Unroll the inner loop, this sometimes helps, sometimes hinders. | |
16131 | + * Very mucy CPU dependant */ | |
16132 | +#ifndef DES_UNROLL | |
16133 | +#define DES_UNROLL | |
16134 | +#endif | |
16135 | + | |
16136 | +/* These default values were supplied by | |
16137 | + * Peter Gutman <pgut001@cs.auckland.ac.nz> | |
16138 | + * They are only used if nothing else has been defined */ | |
16139 | +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) | |
16140 | +/* Special defines which change the way the code is built depending on the | |
16141 | + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find | |
16142 | + even newer MIPS CPU's, but at the moment one size fits all for | |
16143 | + optimization options. Older Sparc's work better with only UNROLL, but | |
16144 | + there's no way to tell at compile time what it is you're running on */ | |
16145 | + | |
16146 | +#if defined( sun ) /* Newer Sparc's */ | |
16147 | + #define DES_PTR | |
16148 | + #define DES_RISC1 | |
16149 | + #define DES_UNROLL | |
16150 | +#elif defined( __ultrix ) /* Older MIPS */ | |
16151 | + #define DES_PTR | |
16152 | + #define DES_RISC2 | |
16153 | + #define DES_UNROLL | |
16154 | +#elif defined( __osf1__ ) /* Alpha */ | |
16155 | + #define DES_PTR | |
16156 | + #define DES_RISC2 | |
16157 | +#elif defined ( _AIX ) /* RS6000 */ | |
16158 | + /* Unknown */ | |
16159 | +#elif defined( __hpux ) /* HP-PA */ | |
16160 | + /* Unknown */ | |
16161 | +#elif defined( __aux ) /* 68K */ | |
16162 | + /* Unknown */ | |
16163 | +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ | |
16164 | + #define DES_UNROLL | |
16165 | +#elif defined( __sgi ) /* Newer MIPS */ | |
16166 | + #define DES_PTR | |
16167 | + #define DES_RISC2 | |
16168 | + #define DES_UNROLL | |
16169 | +#elif defined( i386 ) /* x86 boxes, should be gcc */ | |
16170 | + #define DES_PTR | |
16171 | + #define DES_RISC1 | |
16172 | + #define DES_UNROLL | |
16173 | +#endif /* Systems-specific speed defines */ | |
16174 | +#endif | |
16175 | + | |
16176 | +#endif /* DES_DEFAULT_OPTIONS */ | |
16177 | + | |
16178 | +#ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */ | |
16179 | +#include <stdlib.h> | |
16180 | +#include <errno.h> | |
16181 | +#include <time.h> | |
16182 | +#include <io.h> | |
16183 | +#ifndef RAND | |
16184 | +#define RAND | |
16185 | +#endif | |
16186 | +#undef NOPROTO | |
16187 | +#endif | |
16188 | + | |
16189 | +#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS) | |
16190 | +#include <string.h> | |
16191 | +#endif | |
16192 | + | |
16193 | +#ifndef RAND | |
16194 | +#define RAND | |
16195 | +#endif | |
16196 | + | |
16197 | +#ifdef linux | |
16198 | +#undef RAND | |
16199 | +#endif | |
16200 | + | |
16201 | +#ifdef MSDOS | |
16202 | +#define getpid() 2 | |
16203 | +#define RAND | |
16204 | +#undef NOPROTO | |
16205 | +#endif | |
16206 | + | |
16207 | +#if defined(NOCONST) | |
16208 | +#define const | |
16209 | +#endif | |
16210 | + | |
16211 | +#ifdef __STDC__ | |
16212 | +#undef NOPROTO | |
16213 | +#endif | |
16214 | + | |
16215 | +#ifdef RAND | |
16216 | +#define srandom(s) srand(s) | |
16217 | +#define random rand | |
16218 | +#endif | |
16219 | + | |
16220 | +#define ITERATIONS 16 | |
16221 | +#define HALF_ITERATIONS 8 | |
16222 | + | |
16223 | +/* used in des_read and des_write */ | |
16224 | +#define MAXWRITE (1024*16) | |
16225 | +#define BSIZE (MAXWRITE+4) | |
16226 | + | |
16227 | +#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ | |
16228 | + l|=((DES_LONG)(*((c)++)))<< 8L, \ | |
16229 | + l|=((DES_LONG)(*((c)++)))<<16L, \ | |
16230 | + l|=((DES_LONG)(*((c)++)))<<24L) | |
16231 | + | |
16232 | +/* NOTE - c is not incremented as per c2l */ | |
16233 | +#define c2ln(c,l1,l2,n) { \ | |
16234 | + c+=n; \ | |
16235 | + l1=l2=0; \ | |
16236 | + switch (n) { \ | |
16237 | + case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ | |
16238 | + case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ | |
16239 | + case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ | |
16240 | + case 5: l2|=((DES_LONG)(*(--(c)))); \ | |
16241 | + case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ | |
16242 | + case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ | |
16243 | + case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ | |
16244 | + case 1: l1|=((DES_LONG)(*(--(c)))); \ | |
16245 | + } \ | |
16246 | + } | |
16247 | + | |
16248 | +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | |
16249 | + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | |
16250 | + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | |
16251 | + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) | |
16252 | + | |
16253 | +/* replacements for htonl and ntohl since I have no idea what to do | |
16254 | + * when faced with machines with 8 byte longs. */ | |
16255 | +#define HDRSIZE 4 | |
16256 | + | |
16257 | +#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ | |
16258 | + l|=((DES_LONG)(*((c)++)))<<16L, \ | |
16259 | + l|=((DES_LONG)(*((c)++)))<< 8L, \ | |
16260 | + l|=((DES_LONG)(*((c)++)))) | |
16261 | + | |
16262 | +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ | |
16263 | + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ | |
16264 | + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | |
16265 | + *((c)++)=(unsigned char)(((l) )&0xff)) | |
16266 | + | |
16267 | +/* NOTE - c is not incremented as per l2c */ | |
16268 | +#define l2cn(l1,l2,c,n) { \ | |
16269 | + c+=n; \ | |
16270 | + switch (n) { \ | |
16271 | + case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ | |
16272 | + case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ | |
16273 | + case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ | |
16274 | + case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ | |
16275 | + case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ | |
16276 | + case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ | |
16277 | + case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ | |
16278 | + case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ | |
16279 | + } \ | |
16280 | + } | |
16281 | + | |
16282 | +#if defined(WIN32) | |
16283 | +#define ROTATE(a,n) (_lrotr(a,n)) | |
16284 | +#else | |
16285 | +#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) | |
16286 | +#endif | |
16287 | + | |
16288 | +/* Don't worry about the LOAD_DATA() stuff, that is used by | |
16289 | + * fcrypt() to add it's little bit to the front */ | |
16290 | + | |
16291 | +#ifdef DES_FCRYPT | |
16292 | + | |
16293 | +#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ | |
16294 | + { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } | |
16295 | + | |
16296 | +#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ | |
16297 | + t=R^(R>>16L); \ | |
16298 | + u=t&E0; t&=E1; \ | |
16299 | + tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ | |
16300 | + tmp=(t<<16); t^=R^s[S+1]; t^=tmp | |
16301 | +#else | |
16302 | +#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) | |
16303 | +#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ | |
16304 | + u=R^s[S ]; \ | |
16305 | + t=R^s[S+1] | |
16306 | +#endif | |
16307 | + | |
16308 | +/* The changes to this macro may help or hinder, depending on the | |
16309 | + * compiler and the achitecture. gcc2 always seems to do well :-). | |
16310 | + * Inspired by Dana How <how@isl.stanford.edu> | |
16311 | + * DO NOT use the alternative version on machines with 8 byte longs. | |
16312 | + * It does not seem to work on the Alpha, even when DES_LONG is 4 | |
16313 | + * bytes, probably an issue of accessing non-word aligned objects :-( */ | |
16314 | +#ifdef DES_PTR | |
16315 | + | |
16316 | +/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there | |
16317 | + * is no reason to not xor all the sub items together. This potentially | |
16318 | + * saves a register since things can be xored directly into L */ | |
16319 | + | |
16320 | +#if defined(DES_RISC1) || defined(DES_RISC2) | |
16321 | +#ifdef DES_RISC1 | |
16322 | +#define D_ENCRYPT(LL,R,S) { \ | |
16323 | + unsigned int u1,u2,u3; \ | |
16324 | + LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
16325 | + u2=(int)u>>8L; \ | |
16326 | + u1=(int)u&0xfc; \ | |
16327 | + u2&=0xfc; \ | |
16328 | + t=ROTATE(t,4); \ | |
16329 | + u>>=16L; \ | |
16330 | + LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ | |
16331 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ | |
16332 | + u3=(int)(u>>8L); \ | |
16333 | + u1=(int)u&0xfc; \ | |
16334 | + u3&=0xfc; \ | |
16335 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \ | |
16336 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \ | |
16337 | + u2=(int)t>>8L; \ | |
16338 | + u1=(int)t&0xfc; \ | |
16339 | + u2&=0xfc; \ | |
16340 | + t>>=16L; \ | |
16341 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ | |
16342 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ | |
16343 | + u3=(int)t>>8L; \ | |
16344 | + u1=(int)t&0xfc; \ | |
16345 | + u3&=0xfc; \ | |
16346 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \ | |
16347 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); } | |
16348 | +#endif | |
16349 | +#ifdef DES_RISC2 | |
16350 | +#define D_ENCRYPT(LL,R,S) { \ | |
16351 | + unsigned int u1,u2,s1,s2; \ | |
16352 | + LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
16353 | + u2=(int)u>>8L; \ | |
16354 | + u1=(int)u&0xfc; \ | |
16355 | + u2&=0xfc; \ | |
16356 | + t=ROTATE(t,4); \ | |
16357 | + LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ | |
16358 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ | |
16359 | + s1=(int)(u>>16L); \ | |
16360 | + s2=(int)(u>>24L); \ | |
16361 | + s1&=0xfc; \ | |
16362 | + s2&=0xfc; \ | |
16363 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \ | |
16364 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \ | |
16365 | + u2=(int)t>>8L; \ | |
16366 | + u1=(int)t&0xfc; \ | |
16367 | + u2&=0xfc; \ | |
16368 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ | |
16369 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ | |
16370 | + s1=(int)(t>>16L); \ | |
16371 | + s2=(int)(t>>24L); \ | |
16372 | + s1&=0xfc; \ | |
16373 | + s2&=0xfc; \ | |
16374 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \ | |
16375 | + LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); } | |
16376 | +#endif | |
16377 | +#else | |
16378 | +#define D_ENCRYPT(LL,R,S) { \ | |
16379 | + LOAD_DATA_tmp(R,S,u,t,E0,E1); \ | |
16380 | + t=ROTATE(t,4); \ | |
16381 | + LL^= \ | |
16382 | + *(DES_LONG *)((unsigned char *)des_SP +((u )&0xfc))^ \ | |
16383 | + *(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \ | |
16384 | + *(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \ | |
16385 | + *(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \ | |
16386 | + *(DES_LONG *)((unsigned char *)des_SP+0x100+((t )&0xfc))^ \ | |
16387 | + *(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \ | |
16388 | + *(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \ | |
16389 | + *(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); } | |
16390 | +#endif | |
16391 | + | |
16392 | +#else /* original version */ | |
16393 | + | |
16394 | +#if defined(DES_RISC1) || defined(DES_RISC2) | |
16395 | +#ifdef DES_RISC1 | |
16396 | +#define D_ENCRYPT(LL,R,S) {\ | |
16397 | + unsigned int u1,u2,u3; \ | |
16398 | + LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
16399 | + u>>=2L; \ | |
16400 | + t=ROTATE(t,6); \ | |
16401 | + u2=(int)u>>8L; \ | |
16402 | + u1=(int)u&0x3f; \ | |
16403 | + u2&=0x3f; \ | |
16404 | + u>>=16L; \ | |
16405 | + LL^=des_SPtrans[0][u1]; \ | |
16406 | + LL^=des_SPtrans[2][u2]; \ | |
16407 | + u3=(int)u>>8L; \ | |
16408 | + u1=(int)u&0x3f; \ | |
16409 | + u3&=0x3f; \ | |
16410 | + LL^=des_SPtrans[4][u1]; \ | |
16411 | + LL^=des_SPtrans[6][u3]; \ | |
16412 | + u2=(int)t>>8L; \ | |
16413 | + u1=(int)t&0x3f; \ | |
16414 | + u2&=0x3f; \ | |
16415 | + t>>=16L; \ | |
16416 | + LL^=des_SPtrans[1][u1]; \ | |
16417 | + LL^=des_SPtrans[3][u2]; \ | |
16418 | + u3=(int)t>>8L; \ | |
16419 | + u1=(int)t&0x3f; \ | |
16420 | + u3&=0x3f; \ | |
16421 | + LL^=des_SPtrans[5][u1]; \ | |
16422 | + LL^=des_SPtrans[7][u3]; } | |
16423 | +#endif | |
16424 | +#ifdef DES_RISC2 | |
16425 | +#define D_ENCRYPT(LL,R,S) {\ | |
16426 | + unsigned int u1,u2,s1,s2; \ | |
16427 | + LOAD_DATA(R,S,u,t,E0,E1,u1); \ | |
16428 | + u>>=2L; \ | |
16429 | + t=ROTATE(t,6); \ | |
16430 | + u2=(int)u>>8L; \ | |
16431 | + u1=(int)u&0x3f; \ | |
16432 | + u2&=0x3f; \ | |
16433 | + LL^=des_SPtrans[0][u1]; \ | |
16434 | + LL^=des_SPtrans[2][u2]; \ | |
16435 | + s1=(int)u>>16L; \ | |
16436 | + s2=(int)u>>24L; \ | |
16437 | + s1&=0x3f; \ | |
16438 | + s2&=0x3f; \ | |
16439 | + LL^=des_SPtrans[4][s1]; \ | |
16440 | + LL^=des_SPtrans[6][s2]; \ | |
16441 | + u2=(int)t>>8L; \ | |
16442 | + u1=(int)t&0x3f; \ | |
16443 | + u2&=0x3f; \ | |
16444 | + LL^=des_SPtrans[1][u1]; \ | |
16445 | + LL^=des_SPtrans[3][u2]; \ | |
16446 | + s1=(int)t>>16; \ | |
16447 | + s2=(int)t>>24L; \ | |
16448 | + s1&=0x3f; \ | |
16449 | + s2&=0x3f; \ | |
16450 | + LL^=des_SPtrans[5][s1]; \ | |
16451 | + LL^=des_SPtrans[7][s2]; } | |
16452 | +#endif | |
16453 | + | |
16454 | +#else | |
16455 | + | |
16456 | +#define D_ENCRYPT(LL,R,S) {\ | |
16457 | + LOAD_DATA_tmp(R,S,u,t,E0,E1); \ | |
16458 | + t=ROTATE(t,4); \ | |
16459 | + LL^=\ | |
16460 | + des_SPtrans[0][(u>> 2L)&0x3f]^ \ | |
16461 | + des_SPtrans[2][(u>>10L)&0x3f]^ \ | |
16462 | + des_SPtrans[4][(u>>18L)&0x3f]^ \ | |
16463 | + des_SPtrans[6][(u>>26L)&0x3f]^ \ | |
16464 | + des_SPtrans[1][(t>> 2L)&0x3f]^ \ | |
16465 | + des_SPtrans[3][(t>>10L)&0x3f]^ \ | |
16466 | + des_SPtrans[5][(t>>18L)&0x3f]^ \ | |
16467 | + des_SPtrans[7][(t>>26L)&0x3f]; } | |
16468 | +#endif | |
16469 | +#endif | |
16470 | + | |
16471 | + /* IP and FP | |
16472 | + * The problem is more of a geometric problem that random bit fiddling. | |
16473 | + 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 | |
16474 | + 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 | |
16475 | + 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 | |
16476 | + 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 | |
16477 | + | |
16478 | + 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 | |
16479 | + 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 | |
16480 | + 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 | |
16481 | + 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 | |
16482 | + | |
16483 | + The output has been subject to swaps of the form | |
16484 | + 0 1 -> 3 1 but the odd and even bits have been put into | |
16485 | + 2 3 2 0 | |
16486 | + different words. The main trick is to remember that | |
16487 | + t=((l>>size)^r)&(mask); | |
16488 | + r^=t; | |
16489 | + l^=(t<<size); | |
16490 | + can be used to swap and move bits between words. | |
16491 | + | |
16492 | + So l = 0 1 2 3 r = 16 17 18 19 | |
16493 | + 4 5 6 7 20 21 22 23 | |
16494 | + 8 9 10 11 24 25 26 27 | |
16495 | + 12 13 14 15 28 29 30 31 | |
16496 | + becomes (for size == 2 and mask == 0x3333) | |
16497 | + t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19 | |
16498 | + 6^20 7^21 -- -- 4 5 20 21 6 7 22 23 | |
16499 | + 10^24 11^25 -- -- 8 9 24 25 10 11 24 25 | |
16500 | + 14^28 15^29 -- -- 12 13 28 29 14 15 28 29 | |
16501 | + | |
16502 | + Thanks for hints from Richard Outerbridge - he told me IP&FP | |
16503 | + could be done in 15 xor, 10 shifts and 5 ands. | |
16504 | + When I finally started to think of the problem in 2D | |
16505 | + I first got ~42 operations without xors. When I remembered | |
16506 | + how to use xors :-) I got it to its final state. | |
16507 | + */ | |
16508 | +#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ | |
16509 | + (b)^=(t),\ | |
16510 | + (a)^=((t)<<(n))) | |
16511 | + | |
16512 | +#define IP(l,r) \ | |
16513 | + { \ | |
16514 | + register DES_LONG tt; \ | |
16515 | + PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ | |
16516 | + PERM_OP(l,r,tt,16,0x0000ffffL); \ | |
16517 | + PERM_OP(r,l,tt, 2,0x33333333L); \ | |
16518 | + PERM_OP(l,r,tt, 8,0x00ff00ffL); \ | |
16519 | + PERM_OP(r,l,tt, 1,0x55555555L); \ | |
16520 | + } | |
16521 | + | |
16522 | +#define FP(l,r) \ | |
16523 | + { \ | |
16524 | + register DES_LONG tt; \ | |
16525 | + PERM_OP(l,r,tt, 1,0x55555555L); \ | |
16526 | + PERM_OP(r,l,tt, 8,0x00ff00ffL); \ | |
16527 | + PERM_OP(l,r,tt, 2,0x33333333L); \ | |
16528 | + PERM_OP(r,l,tt,16,0x0000ffffL); \ | |
16529 | + PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ | |
16530 | + } | |
16531 | + | |
16532 | +extern const DES_LONG des_SPtrans[8][64]; | |
16533 | + | |
16534 | +#ifndef NOPROTO | |
16535 | +void fcrypt_body(DES_LONG *out,des_key_schedule ks, | |
16536 | + DES_LONG Eswap0, DES_LONG Eswap1); | |
16537 | +#else | |
16538 | +void fcrypt_body(); | |
16539 | +#endif | |
16540 | + | |
16541 | +#endif | |
16542 | diff -druN linux-noipsec/net/ipsec/libdes/des_opts.c linux/net/ipsec/libdes/des_opts.c | |
16543 | --- linux-noipsec/net/ipsec/libdes/des_opts.c Thu Jan 1 01:00:00 1970 | |
16544 | +++ linux/net/ipsec/libdes/des_opts.c Thu Feb 18 17:41:13 1999 | |
16545 | @@ -0,0 +1,620 @@ | |
16546 | +/* crypto/des/des_opts.c */ | |
16547 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
16548 | + * All rights reserved. | |
16549 | + * | |
16550 | + * This package is an SSL implementation written | |
16551 | + * by Eric Young (eay@cryptsoft.com). | |
16552 | + * The implementation was written so as to conform with Netscapes SSL. | |
16553 | + * | |
16554 | + * This library is free for commercial and non-commercial use as long as | |
16555 | + * the following conditions are aheared to. The following conditions | |
16556 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
16557 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
16558 | + * included with this distribution is covered by the same copyright terms | |
16559 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
16560 | + * | |
16561 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
16562 | + * the code are not to be removed. | |
16563 | + * If this package is used in a product, Eric Young should be given attribution | |
16564 | + * as the author of the parts of the library used. | |
16565 | + * This can be in the form of a textual message at program startup or | |
16566 | + * in documentation (online or textual) provided with the package. | |
16567 | + * | |
16568 | + * Redistribution and use in source and binary forms, with or without | |
16569 | + * modification, are permitted provided that the following conditions | |
16570 | + * are met: | |
16571 | + * 1. Redistributions of source code must retain the copyright | |
16572 | + * notice, this list of conditions and the following disclaimer. | |
16573 | + * 2. Redistributions in binary form must reproduce the above copyright | |
16574 | + * notice, this list of conditions and the following disclaimer in the | |
16575 | + * documentation and/or other materials provided with the distribution. | |
16576 | + * 3. All advertising materials mentioning features or use of this software | |
16577 | + * must display the following acknowledgement: | |
16578 | + * "This product includes cryptographic software written by | |
16579 | + * Eric Young (eay@cryptsoft.com)" | |
16580 | + * The word 'cryptographic' can be left out if the rouines from the library | |
16581 | + * being used are not cryptographic related :-). | |
16582 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
16583 | + * the apps directory (application code) you must include an acknowledgement: | |
16584 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
16585 | + * | |
16586 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
16587 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
16588 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
16589 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
16590 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
16591 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
16592 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
16593 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
16594 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
16595 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
16596 | + * SUCH DAMAGE. | |
16597 | + * | |
16598 | + * The licence and distribution terms for any publically available version or | |
16599 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
16600 | + * copied and put under another distribution licence | |
16601 | + * [including the GNU Public Licence.] | |
16602 | + */ | |
16603 | + | |
16604 | +/* define PART1, PART2, PART3 or PART4 to build only with a few of the options. | |
16605 | + * This is for machines with 64k code segment size restrictions. */ | |
16606 | + | |
16607 | +#ifndef MSDOS | |
16608 | +#define TIMES | |
16609 | +#endif | |
16610 | + | |
16611 | +#include <stdio.h> | |
16612 | +#ifndef MSDOS | |
16613 | +#include <unistd.h> | |
16614 | +#else | |
16615 | +#include <io.h> | |
16616 | +extern void exit(); | |
16617 | +#endif | |
16618 | +#include <signal.h> | |
16619 | +#ifndef VMS | |
16620 | +#ifndef _IRIX | |
16621 | +#include <time.h> | |
16622 | +#endif | |
16623 | +#ifdef TIMES | |
16624 | +#include <sys/types.h> | |
16625 | +#include <sys/times.h> | |
16626 | +#endif | |
16627 | +#else /* VMS */ | |
16628 | +#include <types.h> | |
16629 | +struct tms { | |
16630 | + time_t tms_utime; | |
16631 | + time_t tms_stime; | |
16632 | + time_t tms_uchild; /* I dunno... */ | |
16633 | + time_t tms_uchildsys; /* so these names are a guess :-) */ | |
16634 | + } | |
16635 | +#endif | |
16636 | +#ifndef TIMES | |
16637 | +#include <sys/timeb.h> | |
16638 | +#endif | |
16639 | + | |
16640 | +#ifdef sun | |
16641 | +#include <limits.h> | |
16642 | +#include <sys/param.h> | |
16643 | +#endif | |
16644 | + | |
16645 | +#include "des.h" | |
16646 | +#include "spr.h" | |
16647 | + | |
16648 | +#define DES_DEFAULT_OPTIONS | |
16649 | + | |
16650 | +#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4) | |
16651 | +#define PART1 | |
16652 | +#define PART2 | |
16653 | +#define PART3 | |
16654 | +#define PART4 | |
16655 | +#endif | |
16656 | + | |
16657 | +#ifdef PART1 | |
16658 | + | |
16659 | +#undef DES_UNROLL | |
16660 | +#undef DES_RISC1 | |
16661 | +#undef DES_RISC2 | |
16662 | +#undef DES_PTR | |
16663 | +#undef D_ENCRYPT | |
16664 | +#define des_encrypt des_encrypt_u4_cisc_idx | |
16665 | +#define des_encrypt2 des_encrypt2_u4_cisc_idx | |
16666 | +#define des_encrypt3 des_encrypt3_u4_cisc_idx | |
16667 | +#define des_decrypt3 des_decrypt3_u4_cisc_idx | |
16668 | +#undef HEADER_DES_LOCL_H | |
16669 | +#include "des_enc.c" | |
16670 | + | |
16671 | +#define DES_UNROLL | |
16672 | +#undef DES_RISC1 | |
16673 | +#undef DES_RISC2 | |
16674 | +#undef DES_PTR | |
16675 | +#undef D_ENCRYPT | |
16676 | +#undef des_encrypt | |
16677 | +#undef des_encrypt2 | |
16678 | +#undef des_encrypt3 | |
16679 | +#undef des_decrypt3 | |
16680 | +#define des_encrypt des_encrypt_u16_cisc_idx | |
16681 | +#define des_encrypt2 des_encrypt2_u16_cisc_idx | |
16682 | +#define des_encrypt3 des_encrypt3_u16_cisc_idx | |
16683 | +#define des_decrypt3 des_decrypt3_u16_cisc_idx | |
16684 | +#undef HEADER_DES_LOCL_H | |
16685 | +#include "des_enc.c" | |
16686 | + | |
16687 | +#undef DES_UNROLL | |
16688 | +#define DES_RISC1 | |
16689 | +#undef DES_RISC2 | |
16690 | +#undef DES_PTR | |
16691 | +#undef D_ENCRYPT | |
16692 | +#undef des_encrypt | |
16693 | +#undef des_encrypt2 | |
16694 | +#undef des_encrypt3 | |
16695 | +#undef des_decrypt3 | |
16696 | +#define des_encrypt des_encrypt_u4_risc1_idx | |
16697 | +#define des_encrypt2 des_encrypt2_u4_risc1_idx | |
16698 | +#define des_encrypt3 des_encrypt3_u4_risc1_idx | |
16699 | +#define des_decrypt3 des_decrypt3_u4_risc1_idx | |
16700 | +#undef HEADER_DES_LOCL_H | |
16701 | +#include "des_enc.c" | |
16702 | + | |
16703 | +#endif | |
16704 | + | |
16705 | +#ifdef PART2 | |
16706 | + | |
16707 | +#undef DES_UNROLL | |
16708 | +#undef DES_RISC1 | |
16709 | +#define DES_RISC2 | |
16710 | +#undef DES_PTR | |
16711 | +#undef D_ENCRYPT | |
16712 | +#undef des_encrypt | |
16713 | +#undef des_encrypt2 | |
16714 | +#undef des_encrypt3 | |
16715 | +#undef des_decrypt3 | |
16716 | +#define des_encrypt des_encrypt_u4_risc2_idx | |
16717 | +#define des_encrypt2 des_encrypt2_u4_risc2_idx | |
16718 | +#define des_encrypt3 des_encrypt3_u4_risc2_idx | |
16719 | +#define des_decrypt3 des_decrypt3_u4_risc2_idx | |
16720 | +#undef HEADER_DES_LOCL_H | |
16721 | +#include "des_enc.c" | |
16722 | + | |
16723 | +#define DES_UNROLL | |
16724 | +#define DES_RISC1 | |
16725 | +#undef DES_RISC2 | |
16726 | +#undef DES_PTR | |
16727 | +#undef D_ENCRYPT | |
16728 | +#undef des_encrypt | |
16729 | +#undef des_encrypt2 | |
16730 | +#undef des_encrypt3 | |
16731 | +#undef des_decrypt3 | |
16732 | +#define des_encrypt des_encrypt_u16_risc1_idx | |
16733 | +#define des_encrypt2 des_encrypt2_u16_risc1_idx | |
16734 | +#define des_encrypt3 des_encrypt3_u16_risc1_idx | |
16735 | +#define des_decrypt3 des_decrypt3_u16_risc1_idx | |
16736 | +#undef HEADER_DES_LOCL_H | |
16737 | +#include "des_enc.c" | |
16738 | + | |
16739 | +#define DES_UNROLL | |
16740 | +#undef DES_RISC1 | |
16741 | +#define DES_RISC2 | |
16742 | +#undef DES_PTR | |
16743 | +#undef D_ENCRYPT | |
16744 | +#undef des_encrypt | |
16745 | +#undef des_encrypt2 | |
16746 | +#undef des_encrypt3 | |
16747 | +#undef des_decrypt3 | |
16748 | +#define des_encrypt des_encrypt_u16_risc2_idx | |
16749 | +#define des_encrypt2 des_encrypt2_u16_risc2_idx | |
16750 | +#define des_encrypt3 des_encrypt3_u16_risc2_idx | |
16751 | +#define des_decrypt3 des_decrypt3_u16_risc2_idx | |
16752 | +#undef HEADER_DES_LOCL_H | |
16753 | +#include "des_enc.c" | |
16754 | + | |
16755 | +#endif | |
16756 | + | |
16757 | +#ifdef PART3 | |
16758 | + | |
16759 | +#undef DES_UNROLL | |
16760 | +#undef DES_RISC1 | |
16761 | +#undef DES_RISC2 | |
16762 | +#define DES_PTR | |
16763 | +#undef D_ENCRYPT | |
16764 | +#undef des_encrypt | |
16765 | +#undef des_encrypt2 | |
16766 | +#undef des_encrypt3 | |
16767 | +#undef des_decrypt3 | |
16768 | +#define des_encrypt des_encrypt_u4_cisc_ptr | |
16769 | +#define des_encrypt2 des_encrypt2_u4_cisc_ptr | |
16770 | +#define des_encrypt3 des_encrypt3_u4_cisc_ptr | |
16771 | +#define des_decrypt3 des_decrypt3_u4_cisc_ptr | |
16772 | +#undef HEADER_DES_LOCL_H | |
16773 | +#include "des_enc.c" | |
16774 | + | |
16775 | +#define DES_UNROLL | |
16776 | +#undef DES_RISC1 | |
16777 | +#undef DES_RISC2 | |
16778 | +#define DES_PTR | |
16779 | +#undef D_ENCRYPT | |
16780 | +#undef des_encrypt | |
16781 | +#undef des_encrypt2 | |
16782 | +#undef des_encrypt3 | |
16783 | +#undef des_decrypt3 | |
16784 | +#define des_encrypt des_encrypt_u16_cisc_ptr | |
16785 | +#define des_encrypt2 des_encrypt2_u16_cisc_ptr | |
16786 | +#define des_encrypt3 des_encrypt3_u16_cisc_ptr | |
16787 | +#define des_decrypt3 des_decrypt3_u16_cisc_ptr | |
16788 | +#undef HEADER_DES_LOCL_H | |
16789 | +#include "des_enc.c" | |
16790 | + | |
16791 | +#undef DES_UNROLL | |
16792 | +#define DES_RISC1 | |
16793 | +#undef DES_RISC2 | |
16794 | +#define DES_PTR | |
16795 | +#undef D_ENCRYPT | |
16796 | +#undef des_encrypt | |
16797 | +#undef des_encrypt2 | |
16798 | +#undef des_encrypt3 | |
16799 | +#undef des_decrypt3 | |
16800 | +#define des_encrypt des_encrypt_u4_risc1_ptr | |
16801 | +#define des_encrypt2 des_encrypt2_u4_risc1_ptr | |
16802 | +#define des_encrypt3 des_encrypt3_u4_risc1_ptr | |
16803 | +#define des_decrypt3 des_decrypt3_u4_risc1_ptr | |
16804 | +#undef HEADER_DES_LOCL_H | |
16805 | +#include "des_enc.c" | |
16806 | + | |
16807 | +#endif | |
16808 | + | |
16809 | +#ifdef PART4 | |
16810 | + | |
16811 | +#undef DES_UNROLL | |
16812 | +#undef DES_RISC1 | |
16813 | +#define DES_RISC2 | |
16814 | +#define DES_PTR | |
16815 | +#undef D_ENCRYPT | |
16816 | +#undef des_encrypt | |
16817 | +#undef des_encrypt2 | |
16818 | +#undef des_encrypt3 | |
16819 | +#undef des_decrypt3 | |
16820 | +#define des_encrypt des_encrypt_u4_risc2_ptr | |
16821 | +#define des_encrypt2 des_encrypt2_u4_risc2_ptr | |
16822 | +#define des_encrypt3 des_encrypt3_u4_risc2_ptr | |
16823 | +#define des_decrypt3 des_decrypt3_u4_risc2_ptr | |
16824 | +#undef HEADER_DES_LOCL_H | |
16825 | +#include "des_enc.c" | |
16826 | + | |
16827 | +#define DES_UNROLL | |
16828 | +#define DES_RISC1 | |
16829 | +#undef DES_RISC2 | |
16830 | +#define DES_PTR | |
16831 | +#undef D_ENCRYPT | |
16832 | +#undef des_encrypt | |
16833 | +#undef des_encrypt2 | |
16834 | +#undef des_encrypt3 | |
16835 | +#undef des_decrypt3 | |
16836 | +#define des_encrypt des_encrypt_u16_risc1_ptr | |
16837 | +#define des_encrypt2 des_encrypt2_u16_risc1_ptr | |
16838 | +#define des_encrypt3 des_encrypt3_u16_risc1_ptr | |
16839 | +#define des_decrypt3 des_decrypt3_u16_risc1_ptr | |
16840 | +#undef HEADER_DES_LOCL_H | |
16841 | +#include "des_enc.c" | |
16842 | + | |
16843 | +#define DES_UNROLL | |
16844 | +#undef DES_RISC1 | |
16845 | +#define DES_RISC2 | |
16846 | +#define DES_PTR | |
16847 | +#undef D_ENCRYPT | |
16848 | +#undef des_encrypt | |
16849 | +#undef des_encrypt2 | |
16850 | +#undef des_encrypt3 | |
16851 | +#undef des_decrypt3 | |
16852 | +#define des_encrypt des_encrypt_u16_risc2_ptr | |
16853 | +#define des_encrypt2 des_encrypt2_u16_risc2_ptr | |
16854 | +#define des_encrypt3 des_encrypt3_u16_risc2_ptr | |
16855 | +#define des_decrypt3 des_decrypt3_u16_risc2_ptr | |
16856 | +#undef HEADER_DES_LOCL_H | |
16857 | +#include "des_enc.c" | |
16858 | + | |
16859 | +#endif | |
16860 | + | |
16861 | +/* The following if from times(3) man page. It may need to be changed */ | |
16862 | +#ifndef HZ | |
16863 | +# ifndef CLK_TCK | |
16864 | +# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */ | |
16865 | +# ifndef VMS | |
16866 | +# define HZ 100.0 | |
16867 | +# else /* VMS */ | |
16868 | +# define HZ 100.0 | |
16869 | +# endif | |
16870 | +# else /* _BSD_CLK_TCK_ */ | |
16871 | +# define HZ ((double)_BSD_CLK_TCK_) | |
16872 | +# endif | |
16873 | +# else /* CLK_TCK */ | |
16874 | +# define HZ ((double)CLK_TCK) | |
16875 | +# endif | |
16876 | +#endif | |
16877 | + | |
16878 | +#define BUFSIZE ((long)1024) | |
16879 | +long run=0; | |
16880 | + | |
16881 | +#ifndef NOPROTO | |
16882 | +double Time_F(int s); | |
16883 | +#else | |
16884 | +double Time_F(); | |
16885 | +#endif | |
16886 | + | |
16887 | +#ifdef SIGALRM | |
16888 | +#if defined(__STDC__) || defined(sgi) | |
16889 | +#define SIGRETTYPE void | |
16890 | +#else | |
16891 | +#define SIGRETTYPE int | |
16892 | +#endif | |
16893 | + | |
16894 | +#ifndef NOPROTO | |
16895 | +SIGRETTYPE sig_done(int sig); | |
16896 | +#else | |
16897 | +SIGRETTYPE sig_done(); | |
16898 | +#endif | |
16899 | + | |
16900 | +SIGRETTYPE sig_done(sig) | |
16901 | +int sig; | |
16902 | + { | |
16903 | + signal(SIGALRM,sig_done); | |
16904 | + run=0; | |
16905 | +#ifdef LINT | |
16906 | + sig=sig; | |
16907 | +#endif | |
16908 | + } | |
16909 | +#endif | |
16910 | + | |
16911 | +#define START 0 | |
16912 | +#define STOP 1 | |
16913 | + | |
16914 | +double Time_F(s) | |
16915 | +int s; | |
16916 | + { | |
16917 | + double ret; | |
16918 | +#ifdef TIMES | |
16919 | + static struct tms tstart,tend; | |
16920 | + | |
16921 | + if (s == START) | |
16922 | + { | |
16923 | + times(&tstart); | |
16924 | + return(0); | |
16925 | + } | |
16926 | + else | |
16927 | + { | |
16928 | + times(&tend); | |
16929 | + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; | |
16930 | + return((ret == 0.0)?1e-6:ret); | |
16931 | + } | |
16932 | +#else /* !times() */ | |
16933 | + static struct timeb tstart,tend; | |
16934 | + long i; | |
16935 | + | |
16936 | + if (s == START) | |
16937 | + { | |
16938 | + ftime(&tstart); | |
16939 | + return(0); | |
16940 | + } | |
16941 | + else | |
16942 | + { | |
16943 | + ftime(&tend); | |
16944 | + i=(long)tend.millitm-(long)tstart.millitm; | |
16945 | + ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; | |
16946 | + return((ret == 0.0)?1e-6:ret); | |
16947 | + } | |
16948 | +#endif | |
16949 | + } | |
16950 | + | |
16951 | +#ifdef SIGALRM | |
16952 | +#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10); | |
16953 | +#else | |
16954 | +#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb); | |
16955 | +#endif | |
16956 | + | |
16957 | +#define time_it(func,name,index) \ | |
16958 | + print_name(name); \ | |
16959 | + Time_F(START); \ | |
16960 | + for (count=0,run=1; COND(cb); count++) \ | |
16961 | + { \ | |
16962 | + unsigned long d[2]; \ | |
16963 | + func(d,&(sch[0]),DES_ENCRYPT); \ | |
16964 | + } \ | |
16965 | + tm[index]=Time_F(STOP); \ | |
16966 | + fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \ | |
16967 | + tm[index]=((double)COUNT(cb))/tm[index]; | |
16968 | + | |
16969 | +#define print_it(name,index) \ | |
16970 | + fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \ | |
16971 | + tm[index]*8,1.0e6/tm[index]); | |
16972 | + | |
16973 | +int main(argc,argv) | |
16974 | +int argc; | |
16975 | +char **argv; | |
16976 | + { | |
16977 | + long count; | |
16978 | + static unsigned char buf[BUFSIZE]; | |
16979 | + static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; | |
16980 | + static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; | |
16981 | + static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; | |
16982 | + des_key_schedule sch,sch2,sch3; | |
16983 | + double d,tm[16],max=0; | |
16984 | + int rank[16]; | |
16985 | + char *str[16]; | |
16986 | + int max_idx=0,i,num=0,j; | |
16987 | +#ifndef SIGALARM | |
16988 | + long ca,cb,cc,cd,ce; | |
16989 | +#endif | |
16990 | + | |
16991 | + for (i=0; i<12; i++) | |
16992 | + { | |
16993 | + tm[i]=0.0; | |
16994 | + rank[i]=0; | |
16995 | + } | |
16996 | + | |
16997 | +#ifndef TIMES | |
16998 | + fprintf(stderr,"To get the most acurate results, try to run this\n"); | |
16999 | + fprintf(stderr,"program when this computer is idle.\n"); | |
17000 | +#endif | |
17001 | + | |
17002 | + des_set_key((C_Block *)key,sch); | |
17003 | + des_set_key((C_Block *)key2,sch2); | |
17004 | + des_set_key((C_Block *)key3,sch3); | |
17005 | + | |
17006 | +#ifndef SIGALRM | |
17007 | + fprintf(stderr,"First we calculate the approximate speed ...\n"); | |
17008 | + des_set_key((C_Block *)key,sch); | |
17009 | + count=10; | |
17010 | + do { | |
17011 | + long i; | |
17012 | + unsigned long data[2]; | |
17013 | + | |
17014 | + count*=2; | |
17015 | + Time_F(START); | |
17016 | + for (i=count; i; i--) | |
17017 | + des_encrypt(data,&(sch[0]),DES_ENCRYPT); | |
17018 | + d=Time_F(STOP); | |
17019 | + } while (d < 3.0); | |
17020 | + ca=count; | |
17021 | + cb=count*3; | |
17022 | + cc=count*3*8/BUFSIZE+1; | |
17023 | + cd=count*8/BUFSIZE+1; | |
17024 | + | |
17025 | + ce=count/20+1; | |
17026 | +#define COND(d) (count != (d)) | |
17027 | +#define COUNT(d) (d) | |
17028 | +#else | |
17029 | +#define COND(c) (run) | |
17030 | +#define COUNT(d) (count) | |
17031 | + signal(SIGALRM,sig_done); | |
17032 | + alarm(10); | |
17033 | +#endif | |
17034 | + | |
17035 | +#ifdef PART1 | |
17036 | + time_it(des_encrypt_u4_cisc_idx, "des_encrypt_u4_cisc_idx ", 0); | |
17037 | + time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1); | |
17038 | + time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2); | |
17039 | + num+=3; | |
17040 | +#endif | |
17041 | +#ifdef PART2 | |
17042 | + time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3); | |
17043 | + time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4); | |
17044 | + time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5); | |
17045 | + num+=3; | |
17046 | +#endif | |
17047 | +#ifdef PART3 | |
17048 | + time_it(des_encrypt_u4_cisc_ptr, "des_encrypt_u4_cisc_ptr ", 6); | |
17049 | + time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7); | |
17050 | + time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8); | |
17051 | + num+=3; | |
17052 | +#endif | |
17053 | +#ifdef PART4 | |
17054 | + time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9); | |
17055 | + time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10); | |
17056 | + time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11); | |
17057 | + num+=3; | |
17058 | +#endif | |
17059 | + | |
17060 | +#ifdef PART1 | |
17061 | + str[0]=" 4 c i"; | |
17062 | + print_it("des_encrypt_u4_cisc_idx ",0); | |
17063 | + max=tm[0]; | |
17064 | + max_idx=0; | |
17065 | + str[1]="16 c i"; | |
17066 | + print_it("des_encrypt_u16_cisc_idx ",1); | |
17067 | + if (max < tm[1]) { max=tm[1]; max_idx=1; } | |
17068 | + str[2]=" 4 r1 i"; | |
17069 | + print_it("des_encrypt_u4_risc1_idx ",2); | |
17070 | + if (max < tm[2]) { max=tm[2]; max_idx=2; } | |
17071 | +#endif | |
17072 | +#ifdef PART2 | |
17073 | + str[3]="16 r1 i"; | |
17074 | + print_it("des_encrypt_u16_risc1_idx",3); | |
17075 | + if (max < tm[3]) { max=tm[3]; max_idx=3; } | |
17076 | + str[4]=" 4 r2 i"; | |
17077 | + print_it("des_encrypt_u4_risc2_idx ",4); | |
17078 | + if (max < tm[4]) { max=tm[4]; max_idx=4; } | |
17079 | + str[5]="16 r2 i"; | |
17080 | + print_it("des_encrypt_u16_risc2_idx",5); | |
17081 | + if (max < tm[5]) { max=tm[5]; max_idx=5; } | |
17082 | +#endif | |
17083 | +#ifdef PART3 | |
17084 | + str[6]=" 4 c p"; | |
17085 | + print_it("des_encrypt_u4_cisc_ptr ",6); | |
17086 | + if (max < tm[6]) { max=tm[6]; max_idx=6; } | |
17087 | + str[7]="16 c p"; | |
17088 | + print_it("des_encrypt_u16_cisc_ptr ",7); | |
17089 | + if (max < tm[7]) { max=tm[7]; max_idx=7; } | |
17090 | + str[8]=" 4 r1 p"; | |
17091 | + print_it("des_encrypt_u4_risc1_ptr ",8); | |
17092 | + if (max < tm[8]) { max=tm[8]; max_idx=8; } | |
17093 | +#endif | |
17094 | +#ifdef PART4 | |
17095 | + str[9]="16 r1 p"; | |
17096 | + print_it("des_encrypt_u16_risc1_ptr",9); | |
17097 | + if (max < tm[9]) { max=tm[9]; max_idx=9; } | |
17098 | + str[10]=" 4 r2 p"; | |
17099 | + print_it("des_encrypt_u4_risc2_ptr ",10); | |
17100 | + if (max < tm[10]) { max=tm[10]; max_idx=10; } | |
17101 | + str[11]="16 r2 p"; | |
17102 | + print_it("des_encrypt_u16_risc2_ptr",11); | |
17103 | + if (max < tm[11]) { max=tm[11]; max_idx=11; } | |
17104 | +#endif | |
17105 | + printf("options des ecb/s\n"); | |
17106 | + printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]); | |
17107 | + d=tm[max_idx]; | |
17108 | + tm[max_idx]= -2.0; | |
17109 | + max= -1.0; | |
17110 | + for (;;) | |
17111 | + { | |
17112 | + for (i=0; i<12; i++) | |
17113 | + { | |
17114 | + if (max < tm[i]) { max=tm[i]; j=i; } | |
17115 | + } | |
17116 | + if (max < 0.0) break; | |
17117 | + printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0); | |
17118 | + tm[j]= -2.0; | |
17119 | + max= -1.0; | |
17120 | + } | |
17121 | + | |
17122 | + switch (max_idx) | |
17123 | + { | |
17124 | + case 0: | |
17125 | + printf("-DDES_DEFAULT_OPTIONS\n"); | |
17126 | + break; | |
17127 | + case 1: | |
17128 | + printf("-DDES_UNROLL\n"); | |
17129 | + break; | |
17130 | + case 2: | |
17131 | + printf("-DDES_RISC1\n"); | |
17132 | + break; | |
17133 | + case 3: | |
17134 | + printf("-DDES_UNROLL -DDES_RISC1\n"); | |
17135 | + break; | |
17136 | + case 4: | |
17137 | + printf("-DDES_RISC2\n"); | |
17138 | + break; | |
17139 | + case 5: | |
17140 | + printf("-DDES_UNROLL -DDES_RISC2\n"); | |
17141 | + break; | |
17142 | + case 6: | |
17143 | + printf("-DDES_PTR\n"); | |
17144 | + break; | |
17145 | + case 7: | |
17146 | + printf("-DDES_UNROLL -DDES_PTR\n"); | |
17147 | + break; | |
17148 | + case 8: | |
17149 | + printf("-DDES_RISC1 -DDES_PTR\n"); | |
17150 | + break; | |
17151 | + case 9: | |
17152 | + printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n"); | |
17153 | + break; | |
17154 | + case 10: | |
17155 | + printf("-DDES_RISC2 -DDES_PTR\n"); | |
17156 | + break; | |
17157 | + case 11: | |
17158 | + printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n"); | |
17159 | + break; | |
17160 | + } | |
17161 | + exit(0); | |
17162 | +#if defined(LINT) || defined(MSDOS) | |
17163 | + return(0); | |
17164 | +#endif | |
17165 | + } | |
17166 | diff -druN linux-noipsec/net/ipsec/libdes/des_ver.h linux/net/ipsec/libdes/des_ver.h | |
17167 | --- linux-noipsec/net/ipsec/libdes/des_ver.h Thu Jan 1 01:00:00 1970 | |
17168 | +++ linux/net/ipsec/libdes/des_ver.h Thu Feb 18 17:41:13 1999 | |
17169 | @@ -0,0 +1,60 @@ | |
17170 | +/* crypto/des/des_ver.h */ | |
17171 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
17172 | + * All rights reserved. | |
17173 | + * | |
17174 | + * This package is an SSL implementation written | |
17175 | + * by Eric Young (eay@cryptsoft.com). | |
17176 | + * The implementation was written so as to conform with Netscapes SSL. | |
17177 | + * | |
17178 | + * This library is free for commercial and non-commercial use as long as | |
17179 | + * the following conditions are aheared to. The following conditions | |
17180 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
17181 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
17182 | + * included with this distribution is covered by the same copyright terms | |
17183 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
17184 | + * | |
17185 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
17186 | + * the code are not to be removed. | |
17187 | + * If this package is used in a product, Eric Young should be given attribution | |
17188 | + * as the author of the parts of the library used. | |
17189 | + * This can be in the form of a textual message at program startup or | |
17190 | + * in documentation (online or textual) provided with the package. | |
17191 | + * | |
17192 | + * Redistribution and use in source and binary forms, with or without | |
17193 | + * modification, are permitted provided that the following conditions | |
17194 | + * are met: | |
17195 | + * 1. Redistributions of source code must retain the copyright | |
17196 | + * notice, this list of conditions and the following disclaimer. | |
17197 | + * 2. Redistributions in binary form must reproduce the above copyright | |
17198 | + * notice, this list of conditions and the following disclaimer in the | |
17199 | + * documentation and/or other materials provided with the distribution. | |
17200 | + * 3. All advertising materials mentioning features or use of this software | |
17201 | + * must display the following acknowledgement: | |
17202 | + * "This product includes cryptographic software written by | |
17203 | + * Eric Young (eay@cryptsoft.com)" | |
17204 | + * The word 'cryptographic' can be left out if the rouines from the library | |
17205 | + * being used are not cryptographic related :-). | |
17206 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
17207 | + * the apps directory (application code) you must include an acknowledgement: | |
17208 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
17209 | + * | |
17210 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
17211 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
17212 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
17213 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
17214 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
17215 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
17216 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
17217 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
17218 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
17219 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
17220 | + * SUCH DAMAGE. | |
17221 | + * | |
17222 | + * The licence and distribution terms for any publically available version or | |
17223 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
17224 | + * copied and put under another distribution licence | |
17225 | + * [including the GNU Public Licence.] | |
17226 | + */ | |
17227 | + | |
17228 | +extern char *DES_version; /* SSLeay version string */ | |
17229 | +extern char *libdes_version; /* old libdes version string */ | |
17230 | diff -druN linux-noipsec/net/ipsec/libdes/destest.c linux/net/ipsec/libdes/destest.c | |
17231 | --- linux-noipsec/net/ipsec/libdes/destest.c Thu Jan 1 01:00:00 1970 | |
17232 | +++ linux/net/ipsec/libdes/destest.c Thu Feb 18 17:41:13 1999 | |
17233 | @@ -0,0 +1,871 @@ | |
17234 | +/* crypto/des/destest.c */ | |
17235 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
17236 | + * All rights reserved. | |
17237 | + * | |
17238 | + * This package is an SSL implementation written | |
17239 | + * by Eric Young (eay@cryptsoft.com). | |
17240 | + * The implementation was written so as to conform with Netscapes SSL. | |
17241 | + * | |
17242 | + * This library is free for commercial and non-commercial use as long as | |
17243 | + * the following conditions are aheared to. The following conditions | |
17244 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
17245 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
17246 | + * included with this distribution is covered by the same copyright terms | |
17247 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
17248 | + * | |
17249 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
17250 | + * the code are not to be removed. | |
17251 | + * If this package is used in a product, Eric Young should be given attribution | |
17252 | + * as the author of the parts of the library used. | |
17253 | + * This can be in the form of a textual message at program startup or | |
17254 | + * in documentation (online or textual) provided with the package. | |
17255 | + * | |
17256 | + * Redistribution and use in source and binary forms, with or without | |
17257 | + * modification, are permitted provided that the following conditions | |
17258 | + * are met: | |
17259 | + * 1. Redistributions of source code must retain the copyright | |
17260 | + * notice, this list of conditions and the following disclaimer. | |
17261 | + * 2. Redistributions in binary form must reproduce the above copyright | |
17262 | + * notice, this list of conditions and the following disclaimer in the | |
17263 | + * documentation and/or other materials provided with the distribution. | |
17264 | + * 3. All advertising materials mentioning features or use of this software | |
17265 | + * must display the following acknowledgement: | |
17266 | + * "This product includes cryptographic software written by | |
17267 | + * Eric Young (eay@cryptsoft.com)" | |
17268 | + * The word 'cryptographic' can be left out if the rouines from the library | |
17269 | + * being used are not cryptographic related :-). | |
17270 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
17271 | + * the apps directory (application code) you must include an acknowledgement: | |
17272 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
17273 | + * | |
17274 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
17275 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
17276 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
17277 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
17278 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
17279 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
17280 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
17281 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
17282 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
17283 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
17284 | + * SUCH DAMAGE. | |
17285 | + * | |
17286 | + * The licence and distribution terms for any publically available version or | |
17287 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
17288 | + * copied and put under another distribution licence | |
17289 | + * [including the GNU Public Licence.] | |
17290 | + */ | |
17291 | + | |
17292 | +#if defined(WIN32) || defined(WIN16) || defined(WINDOWS) | |
17293 | +#ifndef MSDOS | |
17294 | +#define MSDOS | |
17295 | +#endif | |
17296 | +#endif | |
17297 | + | |
17298 | +#include <stdio.h> | |
17299 | +#include <stdlib.h> | |
17300 | +#ifndef MSDOS | |
17301 | +#include <unistd.h> | |
17302 | +#else | |
17303 | +#include <io.h> | |
17304 | +#endif | |
17305 | +#include <string.h> | |
17306 | +#include "des.h" | |
17307 | + | |
17308 | +/* tisk tisk - the test keys don't all have odd parity :-( */ | |
17309 | +/* test data */ | |
17310 | +#define NUM_TESTS 34 | |
17311 | +static unsigned char key_data[NUM_TESTS][8]={ | |
17312 | + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
17313 | + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, | |
17314 | + {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
17315 | + {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, | |
17316 | + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, | |
17317 | + {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, | |
17318 | + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
17319 | + {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}, | |
17320 | + {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57}, | |
17321 | + {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E}, | |
17322 | + {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86}, | |
17323 | + {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E}, | |
17324 | + {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6}, | |
17325 | + {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE}, | |
17326 | + {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6}, | |
17327 | + {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE}, | |
17328 | + {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16}, | |
17329 | + {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F}, | |
17330 | + {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46}, | |
17331 | + {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E}, | |
17332 | + {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76}, | |
17333 | + {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07}, | |
17334 | + {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F}, | |
17335 | + {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7}, | |
17336 | + {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF}, | |
17337 | + {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6}, | |
17338 | + {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF}, | |
17339 | + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, | |
17340 | + {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, | |
17341 | + {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, | |
17342 | + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
17343 | + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, | |
17344 | + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, | |
17345 | + {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}}; | |
17346 | + | |
17347 | +static unsigned char plain_data[NUM_TESTS][8]={ | |
17348 | + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
17349 | + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, | |
17350 | + {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, | |
17351 | + {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, | |
17352 | + {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, | |
17353 | + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, | |
17354 | + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
17355 | + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, | |
17356 | + {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42}, | |
17357 | + {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA}, | |
17358 | + {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72}, | |
17359 | + {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A}, | |
17360 | + {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2}, | |
17361 | + {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A}, | |
17362 | + {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2}, | |
17363 | + {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A}, | |
17364 | + {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02}, | |
17365 | + {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A}, | |
17366 | + {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32}, | |
17367 | + {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA}, | |
17368 | + {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62}, | |
17369 | + {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2}, | |
17370 | + {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA}, | |
17371 | + {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92}, | |
17372 | + {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A}, | |
17373 | + {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2}, | |
17374 | + {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A}, | |
17375 | + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, | |
17376 | + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, | |
17377 | + {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, | |
17378 | + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, | |
17379 | + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
17380 | + {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, | |
17381 | + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}}; | |
17382 | + | |
17383 | +static unsigned char cipher_data[NUM_TESTS][8]={ | |
17384 | + {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, | |
17385 | + {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58}, | |
17386 | + {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B}, | |
17387 | + {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33}, | |
17388 | + {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D}, | |
17389 | + {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD}, | |
17390 | + {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, | |
17391 | + {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4}, | |
17392 | + {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B}, | |
17393 | + {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71}, | |
17394 | + {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A}, | |
17395 | + {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A}, | |
17396 | + {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95}, | |
17397 | + {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B}, | |
17398 | + {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09}, | |
17399 | + {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A}, | |
17400 | + {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F}, | |
17401 | + {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88}, | |
17402 | + {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77}, | |
17403 | + {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A}, | |
17404 | + {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56}, | |
17405 | + {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56}, | |
17406 | + {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56}, | |
17407 | + {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC}, | |
17408 | + {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A}, | |
17409 | + {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41}, | |
17410 | + {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93}, | |
17411 | + {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00}, | |
17412 | + {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06}, | |
17413 | + {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7}, | |
17414 | + {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51}, | |
17415 | + {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE}, | |
17416 | + {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D}, | |
17417 | + {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}}; | |
17418 | + | |
17419 | +static unsigned char cipher_ecb2[NUM_TESTS-1][8]={ | |
17420 | + {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E}, | |
17421 | + {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16}, | |
17422 | + {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27}, | |
17423 | + {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6}, | |
17424 | + {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25}, | |
17425 | + {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A}, | |
17426 | + {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74}, | |
17427 | + {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6}, | |
17428 | + {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67}, | |
17429 | + {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10}, | |
17430 | + {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85}, | |
17431 | + {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA}, | |
17432 | + {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3}, | |
17433 | + {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3}, | |
17434 | + {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A}, | |
17435 | + {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69}, | |
17436 | + {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1}, | |
17437 | + {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7}, | |
17438 | + {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F}, | |
17439 | + {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87}, | |
17440 | + {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A}, | |
17441 | + {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE}, | |
17442 | + {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3}, | |
17443 | + {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD}, | |
17444 | + {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84}, | |
17445 | + {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85}, | |
17446 | + {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC}, | |
17447 | + {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89}, | |
17448 | + {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E}, | |
17449 | + {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89}, | |
17450 | + {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7}, | |
17451 | + {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8}, | |
17452 | + {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}}; | |
17453 | + | |
17454 | +static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; | |
17455 | +static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; | |
17456 | +static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; | |
17457 | +static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; | |
17458 | +static char cbc_data[40]="7654321 Now is the time for \0001"; | |
17459 | + | |
17460 | +static unsigned char cbc_ok[32]={ | |
17461 | + 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, | |
17462 | + 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb, | |
17463 | + 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68, | |
17464 | + 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; | |
17465 | + | |
17466 | +static unsigned char xcbc_ok[32]={ | |
17467 | + 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48, | |
17468 | + 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD, | |
17469 | + 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76, | |
17470 | + 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2, | |
17471 | + }; | |
17472 | + | |
17473 | +static unsigned char cbc3_ok[32]={ | |
17474 | + 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0, | |
17475 | + 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC, | |
17476 | + 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4, | |
17477 | + 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75}; | |
17478 | + | |
17479 | +static unsigned char pcbc_ok[32]={ | |
17480 | + 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, | |
17481 | + 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15, | |
17482 | + 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f, | |
17483 | + 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88}; | |
17484 | + | |
17485 | +static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; | |
17486 | +static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; | |
17487 | +static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; | |
17488 | +static unsigned char plain[24]= | |
17489 | + { | |
17490 | + 0x4e,0x6f,0x77,0x20,0x69,0x73, | |
17491 | + 0x20,0x74,0x68,0x65,0x20,0x74, | |
17492 | + 0x69,0x6d,0x65,0x20,0x66,0x6f, | |
17493 | + 0x72,0x20,0x61,0x6c,0x6c,0x20 | |
17494 | + }; | |
17495 | +static unsigned char cfb_cipher8[24]= { | |
17496 | + 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8, | |
17497 | + 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 }; | |
17498 | +static unsigned char cfb_cipher16[24]={ | |
17499 | + 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70, | |
17500 | + 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B }; | |
17501 | +static unsigned char cfb_cipher32[24]={ | |
17502 | + 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD, | |
17503 | + 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 }; | |
17504 | +static unsigned char cfb_cipher48[24]={ | |
17505 | + 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85, | |
17506 | + 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F }; | |
17507 | +static unsigned char cfb_cipher64[24]={ | |
17508 | + 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B, | |
17509 | + 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 }; | |
17510 | + | |
17511 | +static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; | |
17512 | +static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; | |
17513 | +static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8]; | |
17514 | +static unsigned char ofb_cipher[24]= | |
17515 | + { | |
17516 | + 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51, | |
17517 | + 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f, | |
17518 | + 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 | |
17519 | + }; | |
17520 | + | |
17521 | +DES_LONG cbc_cksum_ret=0xB462FEF7L; | |
17522 | +unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; | |
17523 | + | |
17524 | +#ifndef NOPROTO | |
17525 | +static char *pt(unsigned char *p); | |
17526 | +static int cfb_test(int bits, unsigned char *cfb_cipher); | |
17527 | +static int cfb64_test(unsigned char *cfb_cipher); | |
17528 | +static int ede_cfb64_test(unsigned char *cfb_cipher); | |
17529 | +#else | |
17530 | +static char *pt(); | |
17531 | +static int cfb_test(); | |
17532 | +static int cfb64_test(); | |
17533 | +static int ede_cfb64_test(); | |
17534 | +#endif | |
17535 | + | |
17536 | +int main(argc,argv) | |
17537 | +int argc; | |
17538 | +char *argv[]; | |
17539 | + { | |
17540 | + int i,j,err=0; | |
17541 | + des_cblock in,out,outin,iv3; | |
17542 | + des_key_schedule ks,ks2,ks3; | |
17543 | + unsigned char cbc_in[40]; | |
17544 | + unsigned char cbc_out[40]; | |
17545 | + DES_LONG cs; | |
17546 | + unsigned char qret[4][4],cret[8]; | |
17547 | + DES_LONG lqret[4]; | |
17548 | + int num; | |
17549 | + char *str; | |
17550 | + | |
17551 | + printf("Doing ecb\n"); | |
17552 | + for (i=0; i<NUM_TESTS; i++) | |
17553 | + { | |
17554 | + if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0) | |
17555 | + { | |
17556 | + printf("Key error %2d:%d\n",i+1,j); | |
17557 | + err=1; | |
17558 | + } | |
17559 | + memcpy(in,plain_data[i],8); | |
17560 | + memset(out,0,8); | |
17561 | + memset(outin,0,8); | |
17562 | + des_ecb_encrypt((C_Block *)in,(C_Block *)out,ks,DES_ENCRYPT); | |
17563 | + des_ecb_encrypt((C_Block *)out,(C_Block *)outin,ks,DES_DECRYPT); | |
17564 | + | |
17565 | + if (memcmp(out,cipher_data[i],8) != 0) | |
17566 | + { | |
17567 | + printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", | |
17568 | + i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]), | |
17569 | + pt(out)); | |
17570 | + err=1; | |
17571 | + } | |
17572 | + if (memcmp(in,outin,8) != 0) | |
17573 | + { | |
17574 | + printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", | |
17575 | + i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); | |
17576 | + err=1; | |
17577 | + } | |
17578 | + } | |
17579 | + | |
17580 | +#ifndef LIBDES_LIT | |
17581 | + printf("Doing ede ecb\n"); | |
17582 | + for (i=0; i<(NUM_TESTS-1); i++) | |
17583 | + { | |
17584 | + if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0) | |
17585 | + { | |
17586 | + err=1; | |
17587 | + printf("Key error %2d:%d\n",i+1,j); | |
17588 | + } | |
17589 | + if ((j=des_key_sched((C_Block *)(key_data[i+1]),ks2)) != 0) | |
17590 | + { | |
17591 | + printf("Key error %2d:%d\n",i+2,j); | |
17592 | + err=1; | |
17593 | + } | |
17594 | + if ((j=des_key_sched((C_Block *)(key_data[i+2]),ks3)) != 0) | |
17595 | + { | |
17596 | + printf("Key error %2d:%d\n",i+3,j); | |
17597 | + err=1; | |
17598 | + } | |
17599 | + memcpy(in,plain_data[i],8); | |
17600 | + memset(out,0,8); | |
17601 | + memset(outin,0,8); | |
17602 | + des_ecb2_encrypt((C_Block *)in,(C_Block *)out,ks,ks2, | |
17603 | + DES_ENCRYPT); | |
17604 | + des_ecb2_encrypt((C_Block *)out,(C_Block *)outin,ks,ks2, | |
17605 | + DES_DECRYPT); | |
17606 | + | |
17607 | + if (memcmp(out,cipher_ecb2[i],8) != 0) | |
17608 | + { | |
17609 | + printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n", | |
17610 | + i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]), | |
17611 | + pt(out)); | |
17612 | + err=1; | |
17613 | + } | |
17614 | + if (memcmp(in,outin,8) != 0) | |
17615 | + { | |
17616 | + printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n", | |
17617 | + i+1,pt(key_data[i]),pt(out),pt(in),pt(outin)); | |
17618 | + err=1; | |
17619 | + } | |
17620 | + } | |
17621 | +#endif | |
17622 | + | |
17623 | + printf("Doing cbc\n"); | |
17624 | + if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) | |
17625 | + { | |
17626 | + printf("Key error %d\n",j); | |
17627 | + err=1; | |
17628 | + } | |
17629 | + memset(cbc_out,0,40); | |
17630 | + memset(cbc_in,0,40); | |
17631 | + memcpy(iv3,cbc_iv,sizeof(cbc_iv)); | |
17632 | + des_ncbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, | |
17633 | + (long)strlen((char *)cbc_data)+1,ks, | |
17634 | + (C_Block *)iv3,DES_ENCRYPT); | |
17635 | + if (memcmp(cbc_out,cbc_ok,32) != 0) | |
17636 | + printf("cbc_encrypt encrypt error\n"); | |
17637 | + | |
17638 | + memcpy(iv3,cbc_iv,sizeof(cbc_iv)); | |
17639 | + des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, | |
17640 | + (long)strlen((char *)cbc_data)+1,ks, | |
17641 | + (C_Block *)iv3,DES_DECRYPT); | |
17642 | + if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0) | |
17643 | + { | |
17644 | + printf("cbc_encrypt decrypt error\n"); | |
17645 | + err=1; | |
17646 | + } | |
17647 | + | |
17648 | +#ifndef LIBDES_LIT | |
17649 | + printf("Doing desx cbc\n"); | |
17650 | + if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) | |
17651 | + { | |
17652 | + printf("Key error %d\n",j); | |
17653 | + err=1; | |
17654 | + } | |
17655 | + memset(cbc_out,0,40); | |
17656 | + memset(cbc_in,0,40); | |
17657 | + memcpy(iv3,cbc_iv,sizeof(cbc_iv)); | |
17658 | + des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, | |
17659 | + (long)strlen((char *)cbc_data)+1,ks, | |
17660 | + (C_Block *)iv3, | |
17661 | + (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT); | |
17662 | + if (memcmp(cbc_out,xcbc_ok,32) != 0) | |
17663 | + { | |
17664 | + printf("des_xcbc_encrypt encrypt error\n"); | |
17665 | + } | |
17666 | + memcpy(iv3,cbc_iv,sizeof(cbc_iv)); | |
17667 | + des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, | |
17668 | + (long)strlen((char *)cbc_data)+1,ks, | |
17669 | + (C_Block *)iv3, | |
17670 | + (C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT); | |
17671 | + if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) | |
17672 | + { | |
17673 | + printf("des_xcbc_encrypt decrypt error\n"); | |
17674 | + err=1; | |
17675 | + } | |
17676 | +#endif | |
17677 | + | |
17678 | + printf("Doing ede cbc\n"); | |
17679 | + if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) | |
17680 | + { | |
17681 | + printf("Key error %d\n",j); | |
17682 | + err=1; | |
17683 | + } | |
17684 | + if ((j=des_key_sched((C_Block *)cbc2_key,ks2)) != 0) | |
17685 | + { | |
17686 | + printf("Key error %d\n",j); | |
17687 | + err=1; | |
17688 | + } | |
17689 | + if ((j=des_key_sched((C_Block *)cbc3_key,ks3)) != 0) | |
17690 | + { | |
17691 | + printf("Key error %d\n",j); | |
17692 | + err=1; | |
17693 | + } | |
17694 | + memset(cbc_out,0,40); | |
17695 | + memset(cbc_in,0,40); | |
17696 | + i=strlen((char *)cbc_data)+1; | |
17697 | + /* i=((i+7)/8)*8; */ | |
17698 | + memcpy(iv3,cbc_iv,sizeof(cbc_iv)); | |
17699 | + | |
17700 | + des_ede3_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, | |
17701 | + 16L,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT); | |
17702 | + des_ede3_cbc_encrypt((C_Block *)&(cbc_data[16]), | |
17703 | + (C_Block *)&(cbc_out[16]), | |
17704 | + (long)i-16,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT); | |
17705 | + if (memcmp(cbc_out,cbc3_ok, | |
17706 | + (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) | |
17707 | + { | |
17708 | + printf("des_ede3_cbc_encrypt encrypt error\n"); | |
17709 | + err=1; | |
17710 | + } | |
17711 | + | |
17712 | + memcpy(iv3,cbc_iv,sizeof(cbc_iv)); | |
17713 | + des_ede3_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, | |
17714 | + (long)i,ks,ks2,ks3,(C_Block *)iv3,DES_DECRYPT); | |
17715 | + if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0) | |
17716 | + { | |
17717 | + printf("des_ede3_cbc_encrypt decrypt error\n"); | |
17718 | + err=1; | |
17719 | + } | |
17720 | + | |
17721 | +#ifndef LIBDES_LIT | |
17722 | + printf("Doing pcbc\n"); | |
17723 | + if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0) | |
17724 | + { | |
17725 | + printf("Key error %d\n",j); | |
17726 | + err=1; | |
17727 | + } | |
17728 | + memset(cbc_out,0,40); | |
17729 | + memset(cbc_in,0,40); | |
17730 | + des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out, | |
17731 | + (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_ENCRYPT); | |
17732 | + if (memcmp(cbc_out,pcbc_ok,32) != 0) | |
17733 | + { | |
17734 | + printf("pcbc_encrypt encrypt error\n"); | |
17735 | + err=1; | |
17736 | + } | |
17737 | + des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in, | |
17738 | + (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_DECRYPT); | |
17739 | + if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0) | |
17740 | + { | |
17741 | + printf("pcbc_encrypt decrypt error\n"); | |
17742 | + err=1; | |
17743 | + } | |
17744 | + | |
17745 | + printf("Doing "); | |
17746 | + printf("cfb8 "); | |
17747 | + err+=cfb_test(8,cfb_cipher8); | |
17748 | + printf("cfb16 "); | |
17749 | + err+=cfb_test(16,cfb_cipher16); | |
17750 | + printf("cfb32 "); | |
17751 | + err+=cfb_test(32,cfb_cipher32); | |
17752 | + printf("cfb48 "); | |
17753 | + err+=cfb_test(48,cfb_cipher48); | |
17754 | + printf("cfb64 "); | |
17755 | + err+=cfb_test(64,cfb_cipher64); | |
17756 | + | |
17757 | + printf("cfb64() "); | |
17758 | + err+=cfb64_test(cfb_cipher64); | |
17759 | + | |
17760 | + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); | |
17761 | + for (i=0; i<sizeof(plain); i++) | |
17762 | + des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]), | |
17763 | + 8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT); | |
17764 | + if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0) | |
17765 | + { | |
17766 | + printf("cfb_encrypt small encrypt error\n"); | |
17767 | + err=1; | |
17768 | + } | |
17769 | + | |
17770 | + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); | |
17771 | + for (i=0; i<sizeof(plain); i++) | |
17772 | + des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]), | |
17773 | + 8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT); | |
17774 | + if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) | |
17775 | + { | |
17776 | + printf("cfb_encrypt small decrypt error\n"); | |
17777 | + err=1; | |
17778 | + } | |
17779 | + | |
17780 | + printf("ede_cfb64() "); | |
17781 | + err+=ede_cfb64_test(cfb_cipher64); | |
17782 | + | |
17783 | + printf("done\n"); | |
17784 | + | |
17785 | + printf("Doing ofb\n"); | |
17786 | + des_key_sched((C_Block *)ofb_key,ks); | |
17787 | + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); | |
17788 | + des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks, | |
17789 | + (C_Block *)ofb_tmp); | |
17790 | + if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) | |
17791 | + { | |
17792 | + printf("ofb_encrypt encrypt error\n"); | |
17793 | +printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", | |
17794 | +ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3], | |
17795 | +ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]); | |
17796 | +printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", | |
17797 | +ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3], | |
17798 | +ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]); | |
17799 | + err=1; | |
17800 | + } | |
17801 | + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); | |
17802 | + des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks, | |
17803 | + (C_Block *)ofb_tmp); | |
17804 | + if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) | |
17805 | + { | |
17806 | + printf("ofb_encrypt decrypt error\n"); | |
17807 | +printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", | |
17808 | +ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3], | |
17809 | +ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]); | |
17810 | +printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", | |
17811 | +plain[8+0], plain[8+1], plain[8+2], plain[8+3], | |
17812 | +plain[8+4], plain[8+5], plain[8+6], plain[8+7]); | |
17813 | + err=1; | |
17814 | + } | |
17815 | + | |
17816 | + printf("Doing ofb64\n"); | |
17817 | + des_key_sched((C_Block *)ofb_key,ks); | |
17818 | + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); | |
17819 | + memset(ofb_buf1,0,sizeof(ofb_buf1)); | |
17820 | + memset(ofb_buf2,0,sizeof(ofb_buf1)); | |
17821 | + num=0; | |
17822 | + for (i=0; i<sizeof(plain); i++) | |
17823 | + { | |
17824 | + des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks, | |
17825 | + (C_Block *)ofb_tmp,&num); | |
17826 | + } | |
17827 | + if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) | |
17828 | + { | |
17829 | + printf("ofb64_encrypt encrypt error\n"); | |
17830 | + err=1; | |
17831 | + } | |
17832 | + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); | |
17833 | + num=0; | |
17834 | + des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, | |
17835 | + (C_Block *)ofb_tmp,&num); | |
17836 | + if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) | |
17837 | + { | |
17838 | + printf("ofb64_encrypt decrypt error\n"); | |
17839 | + err=1; | |
17840 | + } | |
17841 | + | |
17842 | + printf("Doing ede_ofb64\n"); | |
17843 | + des_key_sched((C_Block *)ofb_key,ks); | |
17844 | + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); | |
17845 | + memset(ofb_buf1,0,sizeof(ofb_buf1)); | |
17846 | + memset(ofb_buf2,0,sizeof(ofb_buf1)); | |
17847 | + num=0; | |
17848 | + for (i=0; i<sizeof(plain); i++) | |
17849 | + { | |
17850 | + des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks, | |
17851 | + (C_Block *)ofb_tmp,&num); | |
17852 | + } | |
17853 | + if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0) | |
17854 | + { | |
17855 | + printf("ede_ofb64_encrypt encrypt error\n"); | |
17856 | + err=1; | |
17857 | + } | |
17858 | + memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv)); | |
17859 | + num=0; | |
17860 | + des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks, | |
17861 | + ks,ks,(C_Block *)ofb_tmp,&num); | |
17862 | + if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0) | |
17863 | + { | |
17864 | + printf("ede_ofb64_encrypt decrypt error\n"); | |
17865 | + err=1; | |
17866 | + } | |
17867 | + | |
17868 | + printf("Doing cbc_cksum\n"); | |
17869 | + des_key_sched((C_Block *)cbc_key,ks); | |
17870 | + cs=des_cbc_cksum((C_Block *)cbc_data,(C_Block *)cret, | |
17871 | + (long)strlen(cbc_data),ks,(C_Block *)cbc_iv); | |
17872 | + if (cs != cbc_cksum_ret) | |
17873 | + { | |
17874 | + printf("bad return value (%08lX), should be %08lX\n", | |
17875 | + (unsigned long)cs,(unsigned long)cbc_cksum_ret); | |
17876 | + err=1; | |
17877 | + } | |
17878 | + if (memcmp(cret,cbc_cksum_data,8) != 0) | |
17879 | + { | |
17880 | + printf("bad cbc_cksum block returned\n"); | |
17881 | + err=1; | |
17882 | + } | |
17883 | + | |
17884 | + printf("Doing quad_cksum\n"); | |
17885 | + cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret, | |
17886 | + (long)strlen(cbc_data),2,(C_Block *)cbc_iv); | |
17887 | + for (i=0; i<4; i++) | |
17888 | + { | |
17889 | + lqret[i]=0; | |
17890 | + memcpy(&(lqret[i]),&(qret[i][0]),4); | |
17891 | + } | |
17892 | + { /* Big-endian fix */ | |
17893 | + static DES_LONG l=1; | |
17894 | + static unsigned char *c=(unsigned char *)&l; | |
17895 | + DES_LONG ll; | |
17896 | + | |
17897 | + if (!c[0]) | |
17898 | + { | |
17899 | + ll=lqret[0]^lqret[3]; | |
17900 | + lqret[0]^=ll; | |
17901 | + lqret[3]^=ll; | |
17902 | + ll=lqret[1]^lqret[2]; | |
17903 | + lqret[1]^=ll; | |
17904 | + lqret[2]^=ll; | |
17905 | + } | |
17906 | + } | |
17907 | + if (cs != 0x70d7a63aL) | |
17908 | + { | |
17909 | + printf("quad_cksum error, ret %08lx should be 70d7a63a\n", | |
17910 | + (unsigned long)cs); | |
17911 | + err=1; | |
17912 | + } | |
17913 | + if (lqret[0] != 0x327eba8dL) | |
17914 | + { | |
17915 | + printf("quad_cksum error, out[0] %08lx is not %08lx\n", | |
17916 | + (unsigned long)lqret[0],0x327eba8dL); | |
17917 | + err=1; | |
17918 | + } | |
17919 | + if (lqret[1] != 0x201a49ccL) | |
17920 | + { | |
17921 | + printf("quad_cksum error, out[1] %08lx is not %08lx\n", | |
17922 | + (unsigned long)lqret[1],0x201a49ccL); | |
17923 | + err=1; | |
17924 | + } | |
17925 | + if (lqret[2] != 0x70d7a63aL) | |
17926 | + { | |
17927 | + printf("quad_cksum error, out[2] %08lx is not %08lx\n", | |
17928 | + (unsigned long)lqret[2],0x70d7a63aL); | |
17929 | + err=1; | |
17930 | + } | |
17931 | + if (lqret[3] != 0x501c2c26L) | |
17932 | + { | |
17933 | + printf("quad_cksum error, out[3] %08lx is not %08lx\n", | |
17934 | + (unsigned long)lqret[3],0x501c2c26L); | |
17935 | + err=1; | |
17936 | + } | |
17937 | +#endif | |
17938 | + | |
17939 | + printf("input word alignment test"); | |
17940 | + for (i=0; i<4; i++) | |
17941 | + { | |
17942 | + printf(" %d",i); | |
17943 | + des_ncbc_encrypt((C_Block *)&(cbc_out[i]),(C_Block *)cbc_in, | |
17944 | + (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv, | |
17945 | + DES_ENCRYPT); | |
17946 | + } | |
17947 | + printf("\noutput word alignment test"); | |
17948 | + for (i=0; i<4; i++) | |
17949 | + { | |
17950 | + printf(" %d",i); | |
17951 | + des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)&(cbc_in[i]), | |
17952 | + (long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv, | |
17953 | + DES_ENCRYPT); | |
17954 | + } | |
17955 | + printf("\n"); | |
17956 | + printf("fast crypt test "); | |
17957 | + str=crypt("testing","ef"); | |
17958 | + if (strcmp("efGnQx2725bI2",str) != 0) | |
17959 | + { | |
17960 | + printf("fast crypt error, %s should be efGnQx2725bI2\n",str); | |
17961 | + err=1; | |
17962 | + } | |
17963 | + str=crypt("bca76;23","yA"); | |
17964 | + if (strcmp("yA1Rp/1hZXIJk",str) != 0) | |
17965 | + { | |
17966 | + printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str); | |
17967 | + err=1; | |
17968 | + } | |
17969 | + printf("\n"); | |
17970 | + exit(err); | |
17971 | + return(0); | |
17972 | + } | |
17973 | + | |
17974 | +static char *pt(p) | |
17975 | +unsigned char *p; | |
17976 | + { | |
17977 | + static char bufs[10][20]; | |
17978 | + static int bnum=0; | |
17979 | + char *ret; | |
17980 | + int i; | |
17981 | + static char *f="0123456789ABCDEF"; | |
17982 | + | |
17983 | + ret= &(bufs[bnum++][0]); | |
17984 | + bnum%=10; | |
17985 | + for (i=0; i<8; i++) | |
17986 | + { | |
17987 | + ret[i*2]=f[(p[i]>>4)&0xf]; | |
17988 | + ret[i*2+1]=f[p[i]&0xf]; | |
17989 | + } | |
17990 | + ret[16]='\0'; | |
17991 | + return(ret); | |
17992 | + } | |
17993 | + | |
17994 | +#ifndef LIBDES_LIT | |
17995 | + | |
17996 | +static int cfb_test(bits, cfb_cipher) | |
17997 | +int bits; | |
17998 | +unsigned char *cfb_cipher; | |
17999 | + { | |
18000 | + des_key_schedule ks; | |
18001 | + int i,err=0; | |
18002 | + | |
18003 | + des_key_sched((C_Block *)cfb_key,ks); | |
18004 | + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); | |
18005 | + des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks, | |
18006 | + (C_Block *)cfb_tmp,DES_ENCRYPT); | |
18007 | + if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) | |
18008 | + { | |
18009 | + err=1; | |
18010 | + printf("cfb_encrypt encrypt error\n"); | |
18011 | + for (i=0; i<24; i+=8) | |
18012 | + printf("%s\n",pt(&(cfb_buf1[i]))); | |
18013 | + } | |
18014 | + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); | |
18015 | + des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks, | |
18016 | + (C_Block *)cfb_tmp,DES_DECRYPT); | |
18017 | + if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) | |
18018 | + { | |
18019 | + err=1; | |
18020 | + printf("cfb_encrypt decrypt error\n"); | |
18021 | + for (i=0; i<24; i+=8) | |
18022 | + printf("%s\n",pt(&(cfb_buf1[i]))); | |
18023 | + } | |
18024 | + return(err); | |
18025 | + } | |
18026 | + | |
18027 | +static int cfb64_test(cfb_cipher) | |
18028 | +unsigned char *cfb_cipher; | |
18029 | + { | |
18030 | + des_key_schedule ks; | |
18031 | + int err=0,i,n; | |
18032 | + | |
18033 | + des_key_sched((C_Block *)cfb_key,ks); | |
18034 | + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); | |
18035 | + n=0; | |
18036 | + des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks, | |
18037 | + (C_Block *)cfb_tmp,&n,DES_ENCRYPT); | |
18038 | + des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), | |
18039 | + (long)sizeof(plain)-12,ks, | |
18040 | + (C_Block *)cfb_tmp,&n,DES_ENCRYPT); | |
18041 | + if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) | |
18042 | + { | |
18043 | + err=1; | |
18044 | + printf("cfb_encrypt encrypt error\n"); | |
18045 | + for (i=0; i<24; i+=8) | |
18046 | + printf("%s\n",pt(&(cfb_buf1[i]))); | |
18047 | + } | |
18048 | + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); | |
18049 | + n=0; | |
18050 | + des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks, | |
18051 | + (C_Block *)cfb_tmp,&n,DES_DECRYPT); | |
18052 | + des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), | |
18053 | + (long)sizeof(plain)-17,ks, | |
18054 | + (C_Block *)cfb_tmp,&n,DES_DECRYPT); | |
18055 | + if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) | |
18056 | + { | |
18057 | + err=1; | |
18058 | + printf("cfb_encrypt decrypt error\n"); | |
18059 | + for (i=0; i<24; i+=8) | |
18060 | + printf("%s\n",pt(&(cfb_buf2[i]))); | |
18061 | + } | |
18062 | + return(err); | |
18063 | + } | |
18064 | + | |
18065 | +static int ede_cfb64_test(cfb_cipher) | |
18066 | +unsigned char *cfb_cipher; | |
18067 | + { | |
18068 | + des_key_schedule ks; | |
18069 | + int err=0,i,n; | |
18070 | + | |
18071 | + des_key_sched((C_Block *)cfb_key,ks); | |
18072 | + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); | |
18073 | + n=0; | |
18074 | + des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks, | |
18075 | + (C_Block *)cfb_tmp,&n,DES_ENCRYPT); | |
18076 | + des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), | |
18077 | + (long)sizeof(plain)-12,ks,ks,ks, | |
18078 | + (C_Block *)cfb_tmp,&n,DES_ENCRYPT); | |
18079 | + if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) | |
18080 | + { | |
18081 | + err=1; | |
18082 | + printf("ede_cfb_encrypt encrypt error\n"); | |
18083 | + for (i=0; i<24; i+=8) | |
18084 | + printf("%s\n",pt(&(cfb_buf1[i]))); | |
18085 | + } | |
18086 | + memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); | |
18087 | + n=0; | |
18088 | + des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks, | |
18089 | + (C_Block *)cfb_tmp,&n,DES_DECRYPT); | |
18090 | + des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), | |
18091 | + (long)sizeof(plain)-17,ks,ks,ks, | |
18092 | + (C_Block *)cfb_tmp,&n,DES_DECRYPT); | |
18093 | + if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) | |
18094 | + { | |
18095 | + err=1; | |
18096 | + printf("ede_cfb_encrypt decrypt error\n"); | |
18097 | + for (i=0; i<24; i+=8) | |
18098 | + printf("%s\n",pt(&(cfb_buf2[i]))); | |
18099 | + } | |
18100 | + return(err); | |
18101 | + } | |
18102 | + | |
18103 | +#endif | |
18104 | + | |
18105 | diff -druN linux-noipsec/net/ipsec/libdes/ecb_enc.c linux/net/ipsec/libdes/ecb_enc.c | |
18106 | --- linux-noipsec/net/ipsec/libdes/ecb_enc.c Thu Jan 1 01:00:00 1970 | |
18107 | +++ linux/net/ipsec/libdes/ecb_enc.c Tue Apr 6 00:02:01 1999 | |
18108 | @@ -0,0 +1,128 @@ | |
18109 | +/* crypto/des/ecb_enc.c */ | |
18110 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
18111 | + * All rights reserved. | |
18112 | + * | |
18113 | + * This package is an SSL implementation written | |
18114 | + * by Eric Young (eay@cryptsoft.com). | |
18115 | + * The implementation was written so as to conform with Netscapes SSL. | |
18116 | + * | |
18117 | + * This library is free for commercial and non-commercial use as long as | |
18118 | + * the following conditions are aheared to. The following conditions | |
18119 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
18120 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
18121 | + * included with this distribution is covered by the same copyright terms | |
18122 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
18123 | + * | |
18124 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
18125 | + * the code are not to be removed. | |
18126 | + * If this package is used in a product, Eric Young should be given attribution | |
18127 | + * as the author of the parts of the library used. | |
18128 | + * This can be in the form of a textual message at program startup or | |
18129 | + * in documentation (online or textual) provided with the package. | |
18130 | + * | |
18131 | + * Redistribution and use in source and binary forms, with or without | |
18132 | + * modification, are permitted provided that the following conditions | |
18133 | + * are met: | |
18134 | + * 1. Redistributions of source code must retain the copyright | |
18135 | + * notice, this list of conditions and the following disclaimer. | |
18136 | + * 2. Redistributions in binary form must reproduce the above copyright | |
18137 | + * notice, this list of conditions and the following disclaimer in the | |
18138 | + * documentation and/or other materials provided with the distribution. | |
18139 | + * 3. All advertising materials mentioning features or use of this software | |
18140 | + * must display the following acknowledgement: | |
18141 | + * "This product includes cryptographic software written by | |
18142 | + * Eric Young (eay@cryptsoft.com)" | |
18143 | + * The word 'cryptographic' can be left out if the rouines from the library | |
18144 | + * being used are not cryptographic related :-). | |
18145 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
18146 | + * the apps directory (application code) you must include an acknowledgement: | |
18147 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
18148 | + * | |
18149 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
18150 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
18151 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
18152 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
18153 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
18154 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
18155 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
18156 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
18157 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
18158 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
18159 | + * SUCH DAMAGE. | |
18160 | + * | |
18161 | + * The licence and distribution terms for any publically available version or | |
18162 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
18163 | + * copied and put under another distribution licence | |
18164 | + * [including the GNU Public Licence.] | |
18165 | + */ | |
18166 | + | |
18167 | +#include "des_locl.h" | |
18168 | +#include "spr.h" | |
18169 | + | |
18170 | +char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay"; | |
18171 | +char *DES_version="DES part of SSLeay 0.8.2b 08-Jan-1998"; | |
18172 | + | |
18173 | +/* RCSID $Id$ */ | |
18174 | +/* This function ifdef'ed out for FreeS/WAN project. */ | |
18175 | +#ifdef notdef | |
18176 | +char *des_options() | |
18177 | + { | |
18178 | + static int init=1; | |
18179 | + static char buf[32]; | |
18180 | + | |
18181 | + if (init) | |
18182 | + { | |
18183 | + char *ptr,*unroll,*risc,*size; | |
18184 | + | |
18185 | + init=0; | |
18186 | +#ifdef DES_PTR | |
18187 | + ptr="ptr"; | |
18188 | +#else | |
18189 | + ptr="idx"; | |
18190 | +#endif | |
18191 | +#if defined(DES_RISC1) || defined(DES_RISC2) | |
18192 | +#ifdef DES_RISC1 | |
18193 | + risc="risc1"; | |
18194 | +#endif | |
18195 | +#ifdef DES_RISC2 | |
18196 | + risc="risc2"; | |
18197 | +#endif | |
18198 | +#else | |
18199 | + risc="cisc"; | |
18200 | +#endif | |
18201 | +#ifdef DES_UNROLL | |
18202 | + unroll="16"; | |
18203 | +#else | |
18204 | + unroll="4"; | |
18205 | +#endif | |
18206 | + if (sizeof(DES_LONG) != sizeof(long)) | |
18207 | + size="int"; | |
18208 | + else | |
18209 | + size="long"; | |
18210 | + sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); | |
18211 | + } | |
18212 | + return(buf); | |
18213 | + } | |
18214 | +#endif | |
18215 | + | |
18216 | + | |
18217 | +void des_ecb_encrypt(input, output, ks, enc) | |
18218 | +des_cblock (*input); | |
18219 | +des_cblock (*output); | |
18220 | +des_key_schedule ks; | |
18221 | +int enc; | |
18222 | + { | |
18223 | + register DES_LONG l; | |
18224 | + register unsigned char *in,*out; | |
18225 | + DES_LONG ll[2]; | |
18226 | + | |
18227 | + in=(unsigned char *)input; | |
18228 | + out=(unsigned char *)output; | |
18229 | + c2l(in,l); ll[0]=l; | |
18230 | + c2l(in,l); ll[1]=l; | |
18231 | + des_encrypt(ll,ks,enc); | |
18232 | + l=ll[0]; l2c(l,out); | |
18233 | + l=ll[1]; l2c(l,out); | |
18234 | + l=ll[0]=ll[1]=0; | |
18235 | + } | |
18236 | + | |
18237 | diff -druN linux-noipsec/net/ipsec/libdes/fcrypt.c linux/net/ipsec/libdes/fcrypt.c | |
18238 | --- linux-noipsec/net/ipsec/libdes/fcrypt.c Thu Jan 1 01:00:00 1970 | |
18239 | +++ linux/net/ipsec/libdes/fcrypt.c Wed Oct 4 16:54:11 2000 | |
18240 | @@ -0,0 +1,152 @@ | |
18241 | +/* NOCW */ | |
18242 | + | |
18243 | +/* This version of crypt has been developed from my MIT compatable | |
18244 | + * DES library. | |
18245 | + * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au | |
18246 | + * Eric Young (eay@cryptsoft.com) | |
18247 | + */ | |
18248 | + | |
18249 | +/* Modification by Jens Kupferschmidt (Cu) | |
18250 | + * I have included directive PARA for shared memory computers. | |
18251 | + * I have included a directive LONGCRYPT to using this routine to cipher | |
18252 | + * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN | |
18253 | + * definition is the maximum of lenght of password and can changed. I have | |
18254 | + * defined 24. | |
18255 | + */ | |
18256 | + | |
18257 | +#include "des_locl.h" | |
18258 | + | |
18259 | +/* Added more values to handle illegal salt values the way normal | |
18260 | + * crypt() implementations do. The patch was sent by | |
18261 | + * Bjorn Gronvall <bg@sics.se> | |
18262 | + */ | |
18263 | +static unsigned const char con_salt[128]={ | |
18264 | +0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9, | |
18265 | +0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1, | |
18266 | +0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9, | |
18267 | +0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1, | |
18268 | +0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9, | |
18269 | +0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01, | |
18270 | +0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09, | |
18271 | +0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A, | |
18272 | +0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12, | |
18273 | +0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A, | |
18274 | +0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22, | |
18275 | +0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24, | |
18276 | +0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C, | |
18277 | +0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34, | |
18278 | +0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C, | |
18279 | +0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44, | |
18280 | +}; | |
18281 | + | |
18282 | +static unsigned const char cov_2char[64]={ | |
18283 | +0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, | |
18284 | +0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, | |
18285 | +0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, | |
18286 | +0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, | |
18287 | +0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62, | |
18288 | +0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A, | |
18289 | +0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72, | |
18290 | +0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A | |
18291 | +}; | |
18292 | + | |
18293 | +#ifndef NOPROTO | |
18294 | +void fcrypt_body(DES_LONG *out,des_key_schedule ks, | |
18295 | + DES_LONG Eswap0, DES_LONG Eswap1); | |
18296 | + | |
18297 | +#ifdef PERL5 | |
18298 | +char *des_crypt(const char *buf,const char *salt); | |
18299 | +#else | |
18300 | +char *crypt(const char *buf,const char *salt); | |
18301 | +#endif | |
18302 | +#else | |
18303 | +void fcrypt_body(); | |
18304 | +#ifdef PERL5 | |
18305 | +char *des_crypt(); | |
18306 | +#else | |
18307 | +char *crypt(); | |
18308 | +#endif | |
18309 | +#endif | |
18310 | + | |
18311 | +#ifdef PERL5 | |
18312 | +char *des_crypt(buf,salt) | |
18313 | +#else | |
18314 | +char *crypt(buf,salt) | |
18315 | +#endif | |
18316 | +const char *buf; | |
18317 | +const char *salt; | |
18318 | + { | |
18319 | + static char buff[14]; | |
18320 | + | |
18321 | + return(des_fcrypt(buf,salt,buff)); | |
18322 | + } | |
18323 | + | |
18324 | + | |
18325 | +char *des_fcrypt(buf,salt,ret) | |
18326 | +const char *buf; | |
18327 | +const char *salt; | |
18328 | +char *ret; | |
18329 | + { | |
18330 | + unsigned int i,j,x,y; | |
18331 | + DES_LONG Eswap0,Eswap1; | |
18332 | + DES_LONG out[2],ll; | |
18333 | + des_cblock key; | |
18334 | + des_key_schedule ks; | |
18335 | + unsigned char bb[9]; | |
18336 | + unsigned char *b=bb; | |
18337 | + unsigned char c,u; | |
18338 | + | |
18339 | + /* eay 25/08/92 | |
18340 | + * If you call crypt("pwd","*") as often happens when you | |
18341 | + * have * as the pwd field in /etc/passwd, the function | |
18342 | + * returns *\0XXXXXXXXX | |
18343 | + * The \0 makes the string look like * so the pwd "*" would | |
18344 | + * crypt to "*". This was found when replacing the crypt in | |
18345 | + * our shared libraries. People found that the disbled | |
18346 | + * accounts effectivly had no passwd :-(. */ | |
18347 | + x=ret[0]=((salt[0] == '\0')?'A':salt[0]); | |
18348 | + Eswap0=con_salt[x]<<2; | |
18349 | + x=ret[1]=((salt[1] == '\0')?'A':salt[1]); | |
18350 | + Eswap1=con_salt[x]<<6; | |
18351 | + | |
18352 | +/* EAY | |
18353 | +r=strlen(buf); | |
18354 | +r=(r+7)/8; | |
18355 | +*/ | |
18356 | + for (i=0; i<8; i++) | |
18357 | + { | |
18358 | + c= *(buf++); | |
18359 | + if (!c) break; | |
18360 | + key[i]=(c<<1); | |
18361 | + } | |
18362 | + for (; i<8; i++) | |
18363 | + key[i]=0; | |
18364 | + | |
18365 | + des_set_key((des_cblock *)(key),ks); | |
18366 | + fcrypt_body(&(out[0]),ks,Eswap0,Eswap1); | |
18367 | + | |
18368 | + ll=out[0]; l2c(ll,b); | |
18369 | + ll=out[1]; l2c(ll,b); | |
18370 | + y=0; | |
18371 | + u=0x80; | |
18372 | + bb[8]=0; | |
18373 | + for (i=2; i<13; i++) | |
18374 | + { | |
18375 | + c=0; | |
18376 | + for (j=0; j<6; j++) | |
18377 | + { | |
18378 | + c<<=1; | |
18379 | + if (bb[y] & u) c|=1; | |
18380 | + u>>=1; | |
18381 | + if (!u) | |
18382 | + { | |
18383 | + y++; | |
18384 | + u=0x80; | |
18385 | + } | |
18386 | + } | |
18387 | + ret[i]=cov_2char[c]; | |
18388 | + } | |
18389 | + ret[13]='\0'; | |
18390 | + return(ret); | |
18391 | + } | |
18392 | + | |
18393 | diff -druN linux-noipsec/net/ipsec/libdes/fcrypt_b.c linux/net/ipsec/libdes/fcrypt_b.c | |
18394 | --- linux-noipsec/net/ipsec/libdes/fcrypt_b.c Thu Jan 1 01:00:00 1970 | |
18395 | +++ linux/net/ipsec/libdes/fcrypt_b.c Thu Feb 18 17:41:14 1999 | |
18396 | @@ -0,0 +1,148 @@ | |
18397 | +/* crypto/des/fcrypt_b.c */ | |
18398 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
18399 | + * All rights reserved. | |
18400 | + * | |
18401 | + * This package is an SSL implementation written | |
18402 | + * by Eric Young (eay@cryptsoft.com). | |
18403 | + * The implementation was written so as to conform with Netscapes SSL. | |
18404 | + * | |
18405 | + * This library is free for commercial and non-commercial use as long as | |
18406 | + * the following conditions are aheared to. The following conditions | |
18407 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
18408 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
18409 | + * included with this distribution is covered by the same copyright terms | |
18410 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
18411 | + * | |
18412 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
18413 | + * the code are not to be removed. | |
18414 | + * If this package is used in a product, Eric Young should be given attribution | |
18415 | + * as the author of the parts of the library used. | |
18416 | + * This can be in the form of a textual message at program startup or | |
18417 | + * in documentation (online or textual) provided with the package. | |
18418 | + * | |
18419 | + * Redistribution and use in source and binary forms, with or without | |
18420 | + * modification, are permitted provided that the following conditions | |
18421 | + * are met: | |
18422 | + * 1. Redistributions of source code must retain the copyright | |
18423 | + * notice, this list of conditions and the following disclaimer. | |
18424 | + * 2. Redistributions in binary form must reproduce the above copyright | |
18425 | + * notice, this list of conditions and the following disclaimer in the | |
18426 | + * documentation and/or other materials provided with the distribution. | |
18427 | + * 3. All advertising materials mentioning features or use of this software | |
18428 | + * must display the following acknowledgement: | |
18429 | + * "This product includes cryptographic software written by | |
18430 | + * Eric Young (eay@cryptsoft.com)" | |
18431 | + * The word 'cryptographic' can be left out if the rouines from the library | |
18432 | + * being used are not cryptographic related :-). | |
18433 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
18434 | + * the apps directory (application code) you must include an acknowledgement: | |
18435 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
18436 | + * | |
18437 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
18438 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
18439 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
18440 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
18441 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
18442 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
18443 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
18444 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
18445 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
18446 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
18447 | + * SUCH DAMAGE. | |
18448 | + * | |
18449 | + * The licence and distribution terms for any publically available version or | |
18450 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
18451 | + * copied and put under another distribution licence | |
18452 | + * [including the GNU Public Licence.] | |
18453 | + */ | |
18454 | + | |
18455 | +#include <stdio.h> | |
18456 | + | |
18457 | +/* This version of crypt has been developed from my MIT compatable | |
18458 | + * DES library. | |
18459 | + * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au | |
18460 | + * Eric Young (eay@cryptsoft.com) | |
18461 | + */ | |
18462 | + | |
18463 | +#define DES_FCRYPT | |
18464 | +#include "des_locl.h" | |
18465 | +#undef DES_FCRYPT | |
18466 | + | |
18467 | +#undef PERM_OP | |
18468 | +#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ | |
18469 | + (b)^=(t),\ | |
18470 | + (a)^=((t)<<(n))) | |
18471 | + | |
18472 | +#undef HPERM_OP | |
18473 | +#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ | |
18474 | + (a)=(a)^(t)^(t>>(16-(n))))\ | |
18475 | + | |
18476 | +void fcrypt_body(out, ks, Eswap0, Eswap1) | |
18477 | +DES_LONG *out; | |
18478 | +des_key_schedule ks; | |
18479 | +DES_LONG Eswap0; | |
18480 | +DES_LONG Eswap1; | |
18481 | + { | |
18482 | + register DES_LONG l,r,t,u; | |
18483 | +#ifdef DES_PTR | |
18484 | + register unsigned char *des_SP=(unsigned char *)des_SPtrans; | |
18485 | +#endif | |
18486 | + register DES_LONG *s; | |
18487 | + register int j; | |
18488 | + register DES_LONG E0,E1; | |
18489 | + | |
18490 | + l=0; | |
18491 | + r=0; | |
18492 | + | |
18493 | + s=(DES_LONG *)ks; | |
18494 | + E0=Eswap0; | |
18495 | + E1=Eswap1; | |
18496 | + | |
18497 | + for (j=0; j<25; j++) | |
18498 | + { | |
18499 | +#ifdef DES_UNROLL | |
18500 | + register int i; | |
18501 | + | |
18502 | + for (i=0; i<32; i+=8) | |
18503 | + { | |
18504 | + D_ENCRYPT(l,r,i+0); /* 1 */ | |
18505 | + D_ENCRYPT(r,l,i+2); /* 2 */ | |
18506 | + D_ENCRYPT(l,r,i+4); /* 1 */ | |
18507 | + D_ENCRYPT(r,l,i+6); /* 2 */ | |
18508 | + } | |
18509 | +#else | |
18510 | + D_ENCRYPT(l,r, 0); /* 1 */ | |
18511 | + D_ENCRYPT(r,l, 2); /* 2 */ | |
18512 | + D_ENCRYPT(l,r, 4); /* 3 */ | |
18513 | + D_ENCRYPT(r,l, 6); /* 4 */ | |
18514 | + D_ENCRYPT(l,r, 8); /* 5 */ | |
18515 | + D_ENCRYPT(r,l,10); /* 6 */ | |
18516 | + D_ENCRYPT(l,r,12); /* 7 */ | |
18517 | + D_ENCRYPT(r,l,14); /* 8 */ | |
18518 | + D_ENCRYPT(l,r,16); /* 9 */ | |
18519 | + D_ENCRYPT(r,l,18); /* 10 */ | |
18520 | + D_ENCRYPT(l,r,20); /* 11 */ | |
18521 | + D_ENCRYPT(r,l,22); /* 12 */ | |
18522 | + D_ENCRYPT(l,r,24); /* 13 */ | |
18523 | + D_ENCRYPT(r,l,26); /* 14 */ | |
18524 | + D_ENCRYPT(l,r,28); /* 15 */ | |
18525 | + D_ENCRYPT(r,l,30); /* 16 */ | |
18526 | +#endif | |
18527 | + | |
18528 | + t=l; | |
18529 | + l=r; | |
18530 | + r=t; | |
18531 | + } | |
18532 | + l=ROTATE(l,3)&0xffffffffL; | |
18533 | + r=ROTATE(r,3)&0xffffffffL; | |
18534 | + | |
18535 | + PERM_OP(l,r,t, 1,0x55555555L); | |
18536 | + PERM_OP(r,l,t, 8,0x00ff00ffL); | |
18537 | + PERM_OP(l,r,t, 2,0x33333333L); | |
18538 | + PERM_OP(r,l,t,16,0x0000ffffL); | |
18539 | + PERM_OP(l,r,t, 4,0x0f0f0f0fL); | |
18540 | + | |
18541 | + out[0]=r; | |
18542 | + out[1]=l; | |
18543 | + } | |
18544 | + | |
18545 | diff -druN linux-noipsec/net/ipsec/libdes/podd.h linux/net/ipsec/libdes/podd.h | |
18546 | --- linux-noipsec/net/ipsec/libdes/podd.h Thu Jan 1 01:00:00 1970 | |
18547 | +++ linux/net/ipsec/libdes/podd.h Thu Feb 18 17:41:15 1999 | |
18548 | @@ -0,0 +1,75 @@ | |
18549 | +/* crypto/des/podd.h */ | |
18550 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
18551 | + * All rights reserved. | |
18552 | + * | |
18553 | + * This package is an SSL implementation written | |
18554 | + * by Eric Young (eay@cryptsoft.com). | |
18555 | + * The implementation was written so as to conform with Netscapes SSL. | |
18556 | + * | |
18557 | + * This library is free for commercial and non-commercial use as long as | |
18558 | + * the following conditions are aheared to. The following conditions | |
18559 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
18560 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
18561 | + * included with this distribution is covered by the same copyright terms | |
18562 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
18563 | + * | |
18564 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
18565 | + * the code are not to be removed. | |
18566 | + * If this package is used in a product, Eric Young should be given attribution | |
18567 | + * as the author of the parts of the library used. | |
18568 | + * This can be in the form of a textual message at program startup or | |
18569 | + * in documentation (online or textual) provided with the package. | |
18570 | + * | |
18571 | + * Redistribution and use in source and binary forms, with or without | |
18572 | + * modification, are permitted provided that the following conditions | |
18573 | + * are met: | |
18574 | + * 1. Redistributions of source code must retain the copyright | |
18575 | + * notice, this list of conditions and the following disclaimer. | |
18576 | + * 2. Redistributions in binary form must reproduce the above copyright | |
18577 | + * notice, this list of conditions and the following disclaimer in the | |
18578 | + * documentation and/or other materials provided with the distribution. | |
18579 | + * 3. All advertising materials mentioning features or use of this software | |
18580 | + * must display the following acknowledgement: | |
18581 | + * "This product includes cryptographic software written by | |
18582 | + * Eric Young (eay@cryptsoft.com)" | |
18583 | + * The word 'cryptographic' can be left out if the rouines from the library | |
18584 | + * being used are not cryptographic related :-). | |
18585 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
18586 | + * the apps directory (application code) you must include an acknowledgement: | |
18587 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
18588 | + * | |
18589 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
18590 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
18591 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
18592 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
18593 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
18594 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
18595 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
18596 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
18597 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
18598 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
18599 | + * SUCH DAMAGE. | |
18600 | + * | |
18601 | + * The licence and distribution terms for any publically available version or | |
18602 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
18603 | + * copied and put under another distribution licence | |
18604 | + * [including the GNU Public Licence.] | |
18605 | + */ | |
18606 | + | |
18607 | +static const unsigned char odd_parity[256]={ | |
18608 | + 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, | |
18609 | + 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, | |
18610 | + 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, | |
18611 | + 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, | |
18612 | + 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, | |
18613 | + 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, | |
18614 | + 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, | |
18615 | +112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, | |
18616 | +128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, | |
18617 | +145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, | |
18618 | +161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, | |
18619 | +176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, | |
18620 | +193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, | |
18621 | +208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, | |
18622 | +224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, | |
18623 | +241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254}; | |
18624 | diff -druN linux-noipsec/net/ipsec/libdes/set_key.c linux/net/ipsec/libdes/set_key.c | |
18625 | --- linux-noipsec/net/ipsec/libdes/set_key.c Thu Jan 1 01:00:00 1970 | |
18626 | +++ linux/net/ipsec/libdes/set_key.c Thu Feb 18 17:41:15 1999 | |
18627 | @@ -0,0 +1,246 @@ | |
18628 | +/* crypto/des/set_key.c */ | |
18629 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
18630 | + * All rights reserved. | |
18631 | + * | |
18632 | + * This package is an SSL implementation written | |
18633 | + * by Eric Young (eay@cryptsoft.com). | |
18634 | + * The implementation was written so as to conform with Netscapes SSL. | |
18635 | + * | |
18636 | + * This library is free for commercial and non-commercial use as long as | |
18637 | + * the following conditions are aheared to. The following conditions | |
18638 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
18639 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
18640 | + * included with this distribution is covered by the same copyright terms | |
18641 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
18642 | + * | |
18643 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
18644 | + * the code are not to be removed. | |
18645 | + * If this package is used in a product, Eric Young should be given attribution | |
18646 | + * as the author of the parts of the library used. | |
18647 | + * This can be in the form of a textual message at program startup or | |
18648 | + * in documentation (online or textual) provided with the package. | |
18649 | + * | |
18650 | + * Redistribution and use in source and binary forms, with or without | |
18651 | + * modification, are permitted provided that the following conditions | |
18652 | + * are met: | |
18653 | + * 1. Redistributions of source code must retain the copyright | |
18654 | + * notice, this list of conditions and the following disclaimer. | |
18655 | + * 2. Redistributions in binary form must reproduce the above copyright | |
18656 | + * notice, this list of conditions and the following disclaimer in the | |
18657 | + * documentation and/or other materials provided with the distribution. | |
18658 | + * 3. All advertising materials mentioning features or use of this software | |
18659 | + * must display the following acknowledgement: | |
18660 | + * "This product includes cryptographic software written by | |
18661 | + * Eric Young (eay@cryptsoft.com)" | |
18662 | + * The word 'cryptographic' can be left out if the rouines from the library | |
18663 | + * being used are not cryptographic related :-). | |
18664 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
18665 | + * the apps directory (application code) you must include an acknowledgement: | |
18666 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
18667 | + * | |
18668 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
18669 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
18670 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
18671 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
18672 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
18673 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
18674 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
18675 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
18676 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
18677 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
18678 | + * SUCH DAMAGE. | |
18679 | + * | |
18680 | + * The licence and distribution terms for any publically available version or | |
18681 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
18682 | + * copied and put under another distribution licence | |
18683 | + * [including the GNU Public Licence.] | |
18684 | + */ | |
18685 | + | |
18686 | +/* set_key.c v 1.4 eay 24/9/91 | |
18687 | + * 1.4 Speed up by 400% :-) | |
18688 | + * 1.3 added register declarations. | |
18689 | + * 1.2 unrolled make_key_sched a bit more | |
18690 | + * 1.1 added norm_expand_bits | |
18691 | + * 1.0 First working version | |
18692 | + */ | |
18693 | +#include "des_locl.h" | |
18694 | +#include "podd.h" | |
18695 | +#include "sk.h" | |
18696 | + | |
18697 | +#ifndef NOPROTO | |
18698 | +static int check_parity(des_cblock (*key)); | |
18699 | +#else | |
18700 | +static int check_parity(); | |
18701 | +#endif | |
18702 | + | |
18703 | +int des_check_key=0; | |
18704 | + | |
18705 | +void des_set_odd_parity(key) | |
18706 | +des_cblock (*key); | |
18707 | + { | |
18708 | + int i; | |
18709 | + | |
18710 | + for (i=0; i<DES_KEY_SZ; i++) | |
18711 | + (*key)[i]=odd_parity[(*key)[i]]; | |
18712 | + } | |
18713 | + | |
18714 | +static int check_parity(key) | |
18715 | +des_cblock (*key); | |
18716 | + { | |
18717 | + int i; | |
18718 | + | |
18719 | + for (i=0; i<DES_KEY_SZ; i++) | |
18720 | + { | |
18721 | + if ((*key)[i] != odd_parity[(*key)[i]]) | |
18722 | + return(0); | |
18723 | + } | |
18724 | + return(1); | |
18725 | + } | |
18726 | + | |
18727 | +/* Weak and semi week keys as take from | |
18728 | + * %A D.W. Davies | |
18729 | + * %A W.L. Price | |
18730 | + * %T Security for Computer Networks | |
18731 | + * %I John Wiley & Sons | |
18732 | + * %D 1984 | |
18733 | + * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference | |
18734 | + * (and actual cblock values). | |
18735 | + */ | |
18736 | +#define NUM_WEAK_KEY 16 | |
18737 | +static des_cblock weak_keys[NUM_WEAK_KEY]={ | |
18738 | + /* weak keys */ | |
18739 | + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, | |
18740 | + {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, | |
18741 | + {0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F}, | |
18742 | + {0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0}, | |
18743 | + /* semi-weak keys */ | |
18744 | + {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE}, | |
18745 | + {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01}, | |
18746 | + {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1}, | |
18747 | + {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E}, | |
18748 | + {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1}, | |
18749 | + {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01}, | |
18750 | + {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE}, | |
18751 | + {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E}, | |
18752 | + {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E}, | |
18753 | + {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01}, | |
18754 | + {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, | |
18755 | + {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}}; | |
18756 | + | |
18757 | +int des_is_weak_key(key) | |
18758 | +des_cblock (*key); | |
18759 | + { | |
18760 | + int i; | |
18761 | + | |
18762 | + for (i=0; i<NUM_WEAK_KEY; i++) | |
18763 | + /* Added == 0 to comparision, I obviously don't run | |
18764 | + * this section very often :-(, thanks to | |
18765 | + * engineering@MorningStar.Com for the fix | |
18766 | + * eay 93/06/29 | |
18767 | + * Another problem, I was comparing only the first 4 | |
18768 | + * bytes, 97/03/18 */ | |
18769 | + if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1); | |
18770 | + return(0); | |
18771 | + } | |
18772 | + | |
18773 | +/* NOW DEFINED IN des_local.h | |
18774 | + * See ecb_encrypt.c for a pseudo description of these macros. | |
18775 | + * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ | |
18776 | + * (b)^=(t),\ | |
18777 | + * (a)=((a)^((t)<<(n)))) | |
18778 | + */ | |
18779 | + | |
18780 | +#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ | |
18781 | + (a)=(a)^(t)^(t>>(16-(n)))) | |
18782 | + | |
18783 | +/* return 0 if key parity is odd (correct), | |
18784 | + * return -1 if key parity error, | |
18785 | + * return -2 if illegal weak key. | |
18786 | + */ | |
18787 | +int des_set_key(key, schedule) | |
18788 | +des_cblock (*key); | |
18789 | +des_key_schedule schedule; | |
18790 | + { | |
18791 | + static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; | |
18792 | + register DES_LONG c,d,t,s,t2; | |
18793 | + register unsigned char *in; | |
18794 | + register DES_LONG *k; | |
18795 | + register int i; | |
18796 | + | |
18797 | + if (des_check_key) | |
18798 | + { | |
18799 | + if (!check_parity(key)) | |
18800 | + return(-1); | |
18801 | + | |
18802 | + if (des_is_weak_key(key)) | |
18803 | + return(-2); | |
18804 | + } | |
18805 | + | |
18806 | + k=(DES_LONG *)schedule; | |
18807 | + in=(unsigned char *)key; | |
18808 | + | |
18809 | + c2l(in,c); | |
18810 | + c2l(in,d); | |
18811 | + | |
18812 | + /* do PC1 in 60 simple operations */ | |
18813 | +/* PERM_OP(d,c,t,4,0x0f0f0f0fL); | |
18814 | + HPERM_OP(c,t,-2, 0xcccc0000L); | |
18815 | + HPERM_OP(c,t,-1, 0xaaaa0000L); | |
18816 | + HPERM_OP(c,t, 8, 0x00ff0000L); | |
18817 | + HPERM_OP(c,t,-1, 0xaaaa0000L); | |
18818 | + HPERM_OP(d,t,-8, 0xff000000L); | |
18819 | + HPERM_OP(d,t, 8, 0x00ff0000L); | |
18820 | + HPERM_OP(d,t, 2, 0x33330000L); | |
18821 | + d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L); | |
18822 | + d=(d>>8)|((c&0xf0000000L)>>4); | |
18823 | + c&=0x0fffffffL; */ | |
18824 | + | |
18825 | + /* I now do it in 47 simple operations :-) | |
18826 | + * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) | |
18827 | + * for the inspiration. :-) */ | |
18828 | + PERM_OP (d,c,t,4,0x0f0f0f0fL); | |
18829 | + HPERM_OP(c,t,-2,0xcccc0000L); | |
18830 | + HPERM_OP(d,t,-2,0xcccc0000L); | |
18831 | + PERM_OP (d,c,t,1,0x55555555L); | |
18832 | + PERM_OP (c,d,t,8,0x00ff00ffL); | |
18833 | + PERM_OP (d,c,t,1,0x55555555L); | |
18834 | + d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) | | |
18835 | + ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L)); | |
18836 | + c&=0x0fffffffL; | |
18837 | + | |
18838 | + for (i=0; i<ITERATIONS; i++) | |
18839 | + { | |
18840 | + if (shifts2[i]) | |
18841 | + { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); } | |
18842 | + else | |
18843 | + { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); } | |
18844 | + c&=0x0fffffffL; | |
18845 | + d&=0x0fffffffL; | |
18846 | + /* could be a few less shifts but I am to lazy at this | |
18847 | + * point in time to investigate */ | |
18848 | + s= des_skb[0][ (c )&0x3f ]| | |
18849 | + des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]| | |
18850 | + des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]| | |
18851 | + des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) | | |
18852 | + ((c>>22L)&0x38)]; | |
18853 | + t= des_skb[4][ (d )&0x3f ]| | |
18854 | + des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| | |
18855 | + des_skb[6][ (d>>15L)&0x3f ]| | |
18856 | + des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)]; | |
18857 | + | |
18858 | + /* table contained 0213 4657 */ | |
18859 | + t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL; | |
18860 | + *(k++)=ROTATE(t2,30)&0xffffffffL; | |
18861 | + | |
18862 | + t2=((s>>16L)|(t&0xffff0000L)); | |
18863 | + *(k++)=ROTATE(t2,26)&0xffffffffL; | |
18864 | + } | |
18865 | + return(0); | |
18866 | + } | |
18867 | + | |
18868 | +int des_key_sched(key, schedule) | |
18869 | +des_cblock (*key); | |
18870 | +des_key_schedule schedule; | |
18871 | + { | |
18872 | + return(des_set_key(key,schedule)); | |
18873 | + } | |
18874 | diff -druN linux-noipsec/net/ipsec/libdes/sk.h linux/net/ipsec/libdes/sk.h | |
18875 | --- linux-noipsec/net/ipsec/libdes/sk.h Thu Jan 1 01:00:00 1970 | |
18876 | +++ linux/net/ipsec/libdes/sk.h Thu Feb 18 17:41:16 1999 | |
18877 | @@ -0,0 +1,204 @@ | |
18878 | +/* crypto/des/sk.h */ | |
18879 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
18880 | + * All rights reserved. | |
18881 | + * | |
18882 | + * This package is an SSL implementation written | |
18883 | + * by Eric Young (eay@cryptsoft.com). | |
18884 | + * The implementation was written so as to conform with Netscapes SSL. | |
18885 | + * | |
18886 | + * This library is free for commercial and non-commercial use as long as | |
18887 | + * the following conditions are aheared to. The following conditions | |
18888 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
18889 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
18890 | + * included with this distribution is covered by the same copyright terms | |
18891 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
18892 | + * | |
18893 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
18894 | + * the code are not to be removed. | |
18895 | + * If this package is used in a product, Eric Young should be given attribution | |
18896 | + * as the author of the parts of the library used. | |
18897 | + * This can be in the form of a textual message at program startup or | |
18898 | + * in documentation (online or textual) provided with the package. | |
18899 | + * | |
18900 | + * Redistribution and use in source and binary forms, with or without | |
18901 | + * modification, are permitted provided that the following conditions | |
18902 | + * are met: | |
18903 | + * 1. Redistributions of source code must retain the copyright | |
18904 | + * notice, this list of conditions and the following disclaimer. | |
18905 | + * 2. Redistributions in binary form must reproduce the above copyright | |
18906 | + * notice, this list of conditions and the following disclaimer in the | |
18907 | + * documentation and/or other materials provided with the distribution. | |
18908 | + * 3. All advertising materials mentioning features or use of this software | |
18909 | + * must display the following acknowledgement: | |
18910 | + * "This product includes cryptographic software written by | |
18911 | + * Eric Young (eay@cryptsoft.com)" | |
18912 | + * The word 'cryptographic' can be left out if the rouines from the library | |
18913 | + * being used are not cryptographic related :-). | |
18914 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
18915 | + * the apps directory (application code) you must include an acknowledgement: | |
18916 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
18917 | + * | |
18918 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
18919 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
18920 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
18921 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
18922 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
18923 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
18924 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
18925 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
18926 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
18927 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
18928 | + * SUCH DAMAGE. | |
18929 | + * | |
18930 | + * The licence and distribution terms for any publically available version or | |
18931 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
18932 | + * copied and put under another distribution licence | |
18933 | + * [including the GNU Public Licence.] | |
18934 | + */ | |
18935 | + | |
18936 | +static const DES_LONG des_skb[8][64]={ | |
18937 | +{ | |
18938 | +/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ | |
18939 | +0x00000000L,0x00000010L,0x20000000L,0x20000010L, | |
18940 | +0x00010000L,0x00010010L,0x20010000L,0x20010010L, | |
18941 | +0x00000800L,0x00000810L,0x20000800L,0x20000810L, | |
18942 | +0x00010800L,0x00010810L,0x20010800L,0x20010810L, | |
18943 | +0x00000020L,0x00000030L,0x20000020L,0x20000030L, | |
18944 | +0x00010020L,0x00010030L,0x20010020L,0x20010030L, | |
18945 | +0x00000820L,0x00000830L,0x20000820L,0x20000830L, | |
18946 | +0x00010820L,0x00010830L,0x20010820L,0x20010830L, | |
18947 | +0x00080000L,0x00080010L,0x20080000L,0x20080010L, | |
18948 | +0x00090000L,0x00090010L,0x20090000L,0x20090010L, | |
18949 | +0x00080800L,0x00080810L,0x20080800L,0x20080810L, | |
18950 | +0x00090800L,0x00090810L,0x20090800L,0x20090810L, | |
18951 | +0x00080020L,0x00080030L,0x20080020L,0x20080030L, | |
18952 | +0x00090020L,0x00090030L,0x20090020L,0x20090030L, | |
18953 | +0x00080820L,0x00080830L,0x20080820L,0x20080830L, | |
18954 | +0x00090820L,0x00090830L,0x20090820L,0x20090830L, | |
18955 | +},{ | |
18956 | +/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ | |
18957 | +0x00000000L,0x02000000L,0x00002000L,0x02002000L, | |
18958 | +0x00200000L,0x02200000L,0x00202000L,0x02202000L, | |
18959 | +0x00000004L,0x02000004L,0x00002004L,0x02002004L, | |
18960 | +0x00200004L,0x02200004L,0x00202004L,0x02202004L, | |
18961 | +0x00000400L,0x02000400L,0x00002400L,0x02002400L, | |
18962 | +0x00200400L,0x02200400L,0x00202400L,0x02202400L, | |
18963 | +0x00000404L,0x02000404L,0x00002404L,0x02002404L, | |
18964 | +0x00200404L,0x02200404L,0x00202404L,0x02202404L, | |
18965 | +0x10000000L,0x12000000L,0x10002000L,0x12002000L, | |
18966 | +0x10200000L,0x12200000L,0x10202000L,0x12202000L, | |
18967 | +0x10000004L,0x12000004L,0x10002004L,0x12002004L, | |
18968 | +0x10200004L,0x12200004L,0x10202004L,0x12202004L, | |
18969 | +0x10000400L,0x12000400L,0x10002400L,0x12002400L, | |
18970 | +0x10200400L,0x12200400L,0x10202400L,0x12202400L, | |
18971 | +0x10000404L,0x12000404L,0x10002404L,0x12002404L, | |
18972 | +0x10200404L,0x12200404L,0x10202404L,0x12202404L, | |
18973 | +},{ | |
18974 | +/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ | |
18975 | +0x00000000L,0x00000001L,0x00040000L,0x00040001L, | |
18976 | +0x01000000L,0x01000001L,0x01040000L,0x01040001L, | |
18977 | +0x00000002L,0x00000003L,0x00040002L,0x00040003L, | |
18978 | +0x01000002L,0x01000003L,0x01040002L,0x01040003L, | |
18979 | +0x00000200L,0x00000201L,0x00040200L,0x00040201L, | |
18980 | +0x01000200L,0x01000201L,0x01040200L,0x01040201L, | |
18981 | +0x00000202L,0x00000203L,0x00040202L,0x00040203L, | |
18982 | +0x01000202L,0x01000203L,0x01040202L,0x01040203L, | |
18983 | +0x08000000L,0x08000001L,0x08040000L,0x08040001L, | |
18984 | +0x09000000L,0x09000001L,0x09040000L,0x09040001L, | |
18985 | +0x08000002L,0x08000003L,0x08040002L,0x08040003L, | |
18986 | +0x09000002L,0x09000003L,0x09040002L,0x09040003L, | |
18987 | +0x08000200L,0x08000201L,0x08040200L,0x08040201L, | |
18988 | +0x09000200L,0x09000201L,0x09040200L,0x09040201L, | |
18989 | +0x08000202L,0x08000203L,0x08040202L,0x08040203L, | |
18990 | +0x09000202L,0x09000203L,0x09040202L,0x09040203L, | |
18991 | +},{ | |
18992 | +/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ | |
18993 | +0x00000000L,0x00100000L,0x00000100L,0x00100100L, | |
18994 | +0x00000008L,0x00100008L,0x00000108L,0x00100108L, | |
18995 | +0x00001000L,0x00101000L,0x00001100L,0x00101100L, | |
18996 | +0x00001008L,0x00101008L,0x00001108L,0x00101108L, | |
18997 | +0x04000000L,0x04100000L,0x04000100L,0x04100100L, | |
18998 | +0x04000008L,0x04100008L,0x04000108L,0x04100108L, | |
18999 | +0x04001000L,0x04101000L,0x04001100L,0x04101100L, | |
19000 | +0x04001008L,0x04101008L,0x04001108L,0x04101108L, | |
19001 | +0x00020000L,0x00120000L,0x00020100L,0x00120100L, | |
19002 | +0x00020008L,0x00120008L,0x00020108L,0x00120108L, | |
19003 | +0x00021000L,0x00121000L,0x00021100L,0x00121100L, | |
19004 | +0x00021008L,0x00121008L,0x00021108L,0x00121108L, | |
19005 | +0x04020000L,0x04120000L,0x04020100L,0x04120100L, | |
19006 | +0x04020008L,0x04120008L,0x04020108L,0x04120108L, | |
19007 | +0x04021000L,0x04121000L,0x04021100L,0x04121100L, | |
19008 | +0x04021008L,0x04121008L,0x04021108L,0x04121108L, | |
19009 | +},{ | |
19010 | +/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ | |
19011 | +0x00000000L,0x10000000L,0x00010000L,0x10010000L, | |
19012 | +0x00000004L,0x10000004L,0x00010004L,0x10010004L, | |
19013 | +0x20000000L,0x30000000L,0x20010000L,0x30010000L, | |
19014 | +0x20000004L,0x30000004L,0x20010004L,0x30010004L, | |
19015 | +0x00100000L,0x10100000L,0x00110000L,0x10110000L, | |
19016 | +0x00100004L,0x10100004L,0x00110004L,0x10110004L, | |
19017 | +0x20100000L,0x30100000L,0x20110000L,0x30110000L, | |
19018 | +0x20100004L,0x30100004L,0x20110004L,0x30110004L, | |
19019 | +0x00001000L,0x10001000L,0x00011000L,0x10011000L, | |
19020 | +0x00001004L,0x10001004L,0x00011004L,0x10011004L, | |
19021 | +0x20001000L,0x30001000L,0x20011000L,0x30011000L, | |
19022 | +0x20001004L,0x30001004L,0x20011004L,0x30011004L, | |
19023 | +0x00101000L,0x10101000L,0x00111000L,0x10111000L, | |
19024 | +0x00101004L,0x10101004L,0x00111004L,0x10111004L, | |
19025 | +0x20101000L,0x30101000L,0x20111000L,0x30111000L, | |
19026 | +0x20101004L,0x30101004L,0x20111004L,0x30111004L, | |
19027 | +},{ | |
19028 | +/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ | |
19029 | +0x00000000L,0x08000000L,0x00000008L,0x08000008L, | |
19030 | +0x00000400L,0x08000400L,0x00000408L,0x08000408L, | |
19031 | +0x00020000L,0x08020000L,0x00020008L,0x08020008L, | |
19032 | +0x00020400L,0x08020400L,0x00020408L,0x08020408L, | |
19033 | +0x00000001L,0x08000001L,0x00000009L,0x08000009L, | |
19034 | +0x00000401L,0x08000401L,0x00000409L,0x08000409L, | |
19035 | +0x00020001L,0x08020001L,0x00020009L,0x08020009L, | |
19036 | +0x00020401L,0x08020401L,0x00020409L,0x08020409L, | |
19037 | +0x02000000L,0x0A000000L,0x02000008L,0x0A000008L, | |
19038 | +0x02000400L,0x0A000400L,0x02000408L,0x0A000408L, | |
19039 | +0x02020000L,0x0A020000L,0x02020008L,0x0A020008L, | |
19040 | +0x02020400L,0x0A020400L,0x02020408L,0x0A020408L, | |
19041 | +0x02000001L,0x0A000001L,0x02000009L,0x0A000009L, | |
19042 | +0x02000401L,0x0A000401L,0x02000409L,0x0A000409L, | |
19043 | +0x02020001L,0x0A020001L,0x02020009L,0x0A020009L, | |
19044 | +0x02020401L,0x0A020401L,0x02020409L,0x0A020409L, | |
19045 | +},{ | |
19046 | +/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ | |
19047 | +0x00000000L,0x00000100L,0x00080000L,0x00080100L, | |
19048 | +0x01000000L,0x01000100L,0x01080000L,0x01080100L, | |
19049 | +0x00000010L,0x00000110L,0x00080010L,0x00080110L, | |
19050 | +0x01000010L,0x01000110L,0x01080010L,0x01080110L, | |
19051 | +0x00200000L,0x00200100L,0x00280000L,0x00280100L, | |
19052 | +0x01200000L,0x01200100L,0x01280000L,0x01280100L, | |
19053 | +0x00200010L,0x00200110L,0x00280010L,0x00280110L, | |
19054 | +0x01200010L,0x01200110L,0x01280010L,0x01280110L, | |
19055 | +0x00000200L,0x00000300L,0x00080200L,0x00080300L, | |
19056 | +0x01000200L,0x01000300L,0x01080200L,0x01080300L, | |
19057 | +0x00000210L,0x00000310L,0x00080210L,0x00080310L, | |
19058 | +0x01000210L,0x01000310L,0x01080210L,0x01080310L, | |
19059 | +0x00200200L,0x00200300L,0x00280200L,0x00280300L, | |
19060 | +0x01200200L,0x01200300L,0x01280200L,0x01280300L, | |
19061 | +0x00200210L,0x00200310L,0x00280210L,0x00280310L, | |
19062 | +0x01200210L,0x01200310L,0x01280210L,0x01280310L, | |
19063 | +},{ | |
19064 | +/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ | |
19065 | +0x00000000L,0x04000000L,0x00040000L,0x04040000L, | |
19066 | +0x00000002L,0x04000002L,0x00040002L,0x04040002L, | |
19067 | +0x00002000L,0x04002000L,0x00042000L,0x04042000L, | |
19068 | +0x00002002L,0x04002002L,0x00042002L,0x04042002L, | |
19069 | +0x00000020L,0x04000020L,0x00040020L,0x04040020L, | |
19070 | +0x00000022L,0x04000022L,0x00040022L,0x04040022L, | |
19071 | +0x00002020L,0x04002020L,0x00042020L,0x04042020L, | |
19072 | +0x00002022L,0x04002022L,0x00042022L,0x04042022L, | |
19073 | +0x00000800L,0x04000800L,0x00040800L,0x04040800L, | |
19074 | +0x00000802L,0x04000802L,0x00040802L,0x04040802L, | |
19075 | +0x00002800L,0x04002800L,0x00042800L,0x04042800L, | |
19076 | +0x00002802L,0x04002802L,0x00042802L,0x04042802L, | |
19077 | +0x00000820L,0x04000820L,0x00040820L,0x04040820L, | |
19078 | +0x00000822L,0x04000822L,0x00040822L,0x04040822L, | |
19079 | +0x00002820L,0x04002820L,0x00042820L,0x04042820L, | |
19080 | +0x00002822L,0x04002822L,0x00042822L,0x04042822L, | |
19081 | +}}; | |
19082 | diff -druN linux-noipsec/net/ipsec/libdes/speed.c linux/net/ipsec/libdes/speed.c | |
19083 | --- linux-noipsec/net/ipsec/libdes/speed.c Thu Jan 1 01:00:00 1970 | |
19084 | +++ linux/net/ipsec/libdes/speed.c Thu Feb 18 17:41:16 1999 | |
19085 | @@ -0,0 +1,329 @@ | |
19086 | +/* crypto/des/speed.c */ | |
19087 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
19088 | + * All rights reserved. | |
19089 | + * | |
19090 | + * This package is an SSL implementation written | |
19091 | + * by Eric Young (eay@cryptsoft.com). | |
19092 | + * The implementation was written so as to conform with Netscapes SSL. | |
19093 | + * | |
19094 | + * This library is free for commercial and non-commercial use as long as | |
19095 | + * the following conditions are aheared to. The following conditions | |
19096 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
19097 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
19098 | + * included with this distribution is covered by the same copyright terms | |
19099 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
19100 | + * | |
19101 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
19102 | + * the code are not to be removed. | |
19103 | + * If this package is used in a product, Eric Young should be given attribution | |
19104 | + * as the author of the parts of the library used. | |
19105 | + * This can be in the form of a textual message at program startup or | |
19106 | + * in documentation (online or textual) provided with the package. | |
19107 | + * | |
19108 | + * Redistribution and use in source and binary forms, with or without | |
19109 | + * modification, are permitted provided that the following conditions | |
19110 | + * are met: | |
19111 | + * 1. Redistributions of source code must retain the copyright | |
19112 | + * notice, this list of conditions and the following disclaimer. | |
19113 | + * 2. Redistributions in binary form must reproduce the above copyright | |
19114 | + * notice, this list of conditions and the following disclaimer in the | |
19115 | + * documentation and/or other materials provided with the distribution. | |
19116 | + * 3. All advertising materials mentioning features or use of this software | |
19117 | + * must display the following acknowledgement: | |
19118 | + * "This product includes cryptographic software written by | |
19119 | + * Eric Young (eay@cryptsoft.com)" | |
19120 | + * The word 'cryptographic' can be left out if the rouines from the library | |
19121 | + * being used are not cryptographic related :-). | |
19122 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
19123 | + * the apps directory (application code) you must include an acknowledgement: | |
19124 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
19125 | + * | |
19126 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
19127 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
19128 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
19129 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
19130 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
19131 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
19132 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
19133 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
19134 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
19135 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
19136 | + * SUCH DAMAGE. | |
19137 | + * | |
19138 | + * The licence and distribution terms for any publically available version or | |
19139 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
19140 | + * copied and put under another distribution licence | |
19141 | + * [including the GNU Public Licence.] | |
19142 | + */ | |
19143 | + | |
19144 | +/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ | |
19145 | +/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ | |
19146 | + | |
19147 | +#ifndef MSDOS | |
19148 | +#define TIMES | |
19149 | +#endif | |
19150 | + | |
19151 | +#include <stdio.h> | |
19152 | +#ifndef MSDOS | |
19153 | +#include <unistd.h> | |
19154 | +#else | |
19155 | +#include <io.h> | |
19156 | +extern int exit(); | |
19157 | +#endif | |
19158 | +#include <signal.h> | |
19159 | +#ifndef VMS | |
19160 | +#ifndef _IRIX | |
19161 | +#include <time.h> | |
19162 | +#endif | |
19163 | +#ifdef TIMES | |
19164 | +#include <sys/types.h> | |
19165 | +#include <sys/times.h> | |
19166 | +#endif | |
19167 | +#else /* VMS */ | |
19168 | +#include <types.h> | |
19169 | +struct tms { | |
19170 | + time_t tms_utime; | |
19171 | + time_t tms_stime; | |
19172 | + time_t tms_uchild; /* I dunno... */ | |
19173 | + time_t tms_uchildsys; /* so these names are a guess :-) */ | |
19174 | + } | |
19175 | +#endif | |
19176 | +#ifndef TIMES | |
19177 | +#include <sys/timeb.h> | |
19178 | +#endif | |
19179 | + | |
19180 | +#ifdef sun | |
19181 | +#include <limits.h> | |
19182 | +#include <sys/param.h> | |
19183 | +#endif | |
19184 | + | |
19185 | +#include "des.h" | |
19186 | + | |
19187 | +/* The following if from times(3) man page. It may need to be changed */ | |
19188 | +#ifndef HZ | |
19189 | +# ifndef CLK_TCK | |
19190 | +# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */ | |
19191 | +# ifndef VMS | |
19192 | +# define HZ 100.0 | |
19193 | +# else /* VMS */ | |
19194 | +# define HZ 100.0 | |
19195 | +# endif | |
19196 | +# else /* _BSD_CLK_TCK_ */ | |
19197 | +# define HZ ((double)_BSD_CLK_TCK_) | |
19198 | +# endif | |
19199 | +# else /* CLK_TCK */ | |
19200 | +# define HZ ((double)CLK_TCK) | |
19201 | +# endif | |
19202 | +#endif | |
19203 | + | |
19204 | +#define BUFSIZE ((long)1024) | |
19205 | +long run=0; | |
19206 | + | |
19207 | +#ifndef NOPROTO | |
19208 | +double Time_F(int s); | |
19209 | +#else | |
19210 | +double Time_F(); | |
19211 | +#endif | |
19212 | + | |
19213 | +#ifdef SIGALRM | |
19214 | +#if defined(__STDC__) || defined(sgi) || defined(_AIX) | |
19215 | +#define SIGRETTYPE void | |
19216 | +#else | |
19217 | +#define SIGRETTYPE int | |
19218 | +#endif | |
19219 | + | |
19220 | +#ifndef NOPROTO | |
19221 | +SIGRETTYPE sig_done(int sig); | |
19222 | +#else | |
19223 | +SIGRETTYPE sig_done(); | |
19224 | +#endif | |
19225 | + | |
19226 | +SIGRETTYPE sig_done(sig) | |
19227 | +int sig; | |
19228 | + { | |
19229 | + signal(SIGALRM,sig_done); | |
19230 | + run=0; | |
19231 | +#ifdef LINT | |
19232 | + sig=sig; | |
19233 | +#endif | |
19234 | + } | |
19235 | +#endif | |
19236 | + | |
19237 | +#define START 0 | |
19238 | +#define STOP 1 | |
19239 | + | |
19240 | +double Time_F(s) | |
19241 | +int s; | |
19242 | + { | |
19243 | + double ret; | |
19244 | +#ifdef TIMES | |
19245 | + static struct tms tstart,tend; | |
19246 | + | |
19247 | + if (s == START) | |
19248 | + { | |
19249 | + times(&tstart); | |
19250 | + return(0); | |
19251 | + } | |
19252 | + else | |
19253 | + { | |
19254 | + times(&tend); | |
19255 | + ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; | |
19256 | + return((ret == 0.0)?1e-6:ret); | |
19257 | + } | |
19258 | +#else /* !times() */ | |
19259 | + static struct timeb tstart,tend; | |
19260 | + long i; | |
19261 | + | |
19262 | + if (s == START) | |
19263 | + { | |
19264 | + ftime(&tstart); | |
19265 | + return(0); | |
19266 | + } | |
19267 | + else | |
19268 | + { | |
19269 | + ftime(&tend); | |
19270 | + i=(long)tend.millitm-(long)tstart.millitm; | |
19271 | + ret=((double)(tend.time-tstart.time))+((double)i)/1e3; | |
19272 | + return((ret == 0.0)?1e-6:ret); | |
19273 | + } | |
19274 | +#endif | |
19275 | + } | |
19276 | + | |
19277 | +int main(argc,argv) | |
19278 | +int argc; | |
19279 | +char **argv; | |
19280 | + { | |
19281 | + long count; | |
19282 | + static unsigned char buf[BUFSIZE]; | |
19283 | + static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; | |
19284 | + static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; | |
19285 | + static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; | |
19286 | + des_key_schedule sch,sch2,sch3; | |
19287 | + double a,b,c,d,e; | |
19288 | +#ifndef SIGALRM | |
19289 | + long ca,cb,cc,cd,ce; | |
19290 | +#endif | |
19291 | + | |
19292 | +#ifndef TIMES | |
19293 | + printf("To get the most acurate results, try to run this\n"); | |
19294 | + printf("program when this computer is idle.\n"); | |
19295 | +#endif | |
19296 | + | |
19297 | + des_set_key((C_Block *)key2,sch2); | |
19298 | + des_set_key((C_Block *)key3,sch3); | |
19299 | + | |
19300 | +#ifndef SIGALRM | |
19301 | + printf("First we calculate the approximate speed ...\n"); | |
19302 | + des_set_key((C_Block *)key,sch); | |
19303 | + count=10; | |
19304 | + do { | |
19305 | + long i; | |
19306 | + DES_LONG data[2]; | |
19307 | + | |
19308 | + count*=2; | |
19309 | + Time_F(START); | |
19310 | + for (i=count; i; i--) | |
19311 | + des_encrypt(data,&(sch[0]),DES_ENCRYPT); | |
19312 | + d=Time_F(STOP); | |
19313 | + } while (d < 3.0); | |
19314 | + ca=count; | |
19315 | + cb=count*3; | |
19316 | + cc=count*3*8/BUFSIZE+1; | |
19317 | + cd=count*8/BUFSIZE+1; | |
19318 | + ce=count/20+1; | |
19319 | + printf("Doing set_key %ld times\n",ca); | |
19320 | +#define COND(d) (count != (d)) | |
19321 | +#define COUNT(d) (d) | |
19322 | +#else | |
19323 | +#define COND(c) (run) | |
19324 | +#define COUNT(d) (count) | |
19325 | + signal(SIGALRM,sig_done); | |
19326 | + printf("Doing set_key for 10 seconds\n"); | |
19327 | + alarm(10); | |
19328 | +#endif | |
19329 | + | |
19330 | + Time_F(START); | |
19331 | + for (count=0,run=1; COND(ca); count++) | |
19332 | + des_set_key((C_Block *)key,sch); | |
19333 | + d=Time_F(STOP); | |
19334 | + printf("%ld set_key's in %.2f seconds\n",count,d); | |
19335 | + a=((double)COUNT(ca))/d; | |
19336 | + | |
19337 | +#ifdef SIGALRM | |
19338 | + printf("Doing des_encrypt's for 10 seconds\n"); | |
19339 | + alarm(10); | |
19340 | +#else | |
19341 | + printf("Doing des_encrypt %ld times\n",cb); | |
19342 | +#endif | |
19343 | + Time_F(START); | |
19344 | + for (count=0,run=1; COND(cb); count++) | |
19345 | + { | |
19346 | + DES_LONG data[2]; | |
19347 | + | |
19348 | + des_encrypt(data,&(sch[0]),DES_ENCRYPT); | |
19349 | + } | |
19350 | + d=Time_F(STOP); | |
19351 | + printf("%ld des_encrypt's in %.2f second\n",count,d); | |
19352 | + b=((double)COUNT(cb)*8)/d; | |
19353 | + | |
19354 | +#ifdef SIGALRM | |
19355 | + printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n", | |
19356 | + BUFSIZE); | |
19357 | + alarm(10); | |
19358 | +#else | |
19359 | + printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc, | |
19360 | + BUFSIZE); | |
19361 | +#endif | |
19362 | + Time_F(START); | |
19363 | + for (count=0,run=1; COND(cc); count++) | |
19364 | + des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]), | |
19365 | + (C_Block *)&(key[0]),DES_ENCRYPT); | |
19366 | + d=Time_F(STOP); | |
19367 | + printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n", | |
19368 | + count,BUFSIZE,d); | |
19369 | + c=((double)COUNT(cc)*BUFSIZE)/d; | |
19370 | + | |
19371 | +#ifdef SIGALRM | |
19372 | + printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n", | |
19373 | + BUFSIZE); | |
19374 | + alarm(10); | |
19375 | +#else | |
19376 | + printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd, | |
19377 | + BUFSIZE); | |
19378 | +#endif | |
19379 | + Time_F(START); | |
19380 | + for (count=0,run=1; COND(cd); count++) | |
19381 | + des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE, | |
19382 | + &(sch[0]), | |
19383 | + &(sch2[0]), | |
19384 | + &(sch3[0]), | |
19385 | + (C_Block *)&(key[0]), | |
19386 | + DES_ENCRYPT); | |
19387 | + d=Time_F(STOP); | |
19388 | + printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n", | |
19389 | + count,BUFSIZE,d); | |
19390 | + d=((double)COUNT(cd)*BUFSIZE)/d; | |
19391 | + | |
19392 | +#ifdef SIGALRM | |
19393 | + printf("Doing crypt for 10 seconds\n"); | |
19394 | + alarm(10); | |
19395 | +#else | |
19396 | + printf("Doing crypt %ld times\n",ce); | |
19397 | +#endif | |
19398 | + Time_F(START); | |
19399 | + for (count=0,run=1; COND(ce); count++) | |
19400 | + crypt("testing1","ef"); | |
19401 | + e=Time_F(STOP); | |
19402 | + printf("%ld crypts in %.2f second\n",count,e); | |
19403 | + e=((double)COUNT(ce))/e; | |
19404 | + | |
19405 | + printf("set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a); | |
19406 | + printf("DES raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b); | |
19407 | + printf("DES cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c); | |
19408 | + printf("DES ede cbc bytes per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d); | |
19409 | + printf("crypt per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e); | |
19410 | + exit(0); | |
19411 | +#if defined(LINT) || defined(MSDOS) | |
19412 | + return(0); | |
19413 | +#endif | |
19414 | + } | |
19415 | diff -druN linux-noipsec/net/ipsec/libdes/spr.h linux/net/ipsec/libdes/spr.h | |
19416 | --- linux-noipsec/net/ipsec/libdes/spr.h Thu Jan 1 01:00:00 1970 | |
19417 | +++ linux/net/ipsec/libdes/spr.h Thu Feb 18 17:41:16 1999 | |
19418 | @@ -0,0 +1,204 @@ | |
19419 | +/* crypto/des/spr.h */ | |
19420 | +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | |
19421 | + * All rights reserved. | |
19422 | + * | |
19423 | + * This package is an SSL implementation written | |
19424 | + * by Eric Young (eay@cryptsoft.com). | |
19425 | + * The implementation was written so as to conform with Netscapes SSL. | |
19426 | + * | |
19427 | + * This library is free for commercial and non-commercial use as long as | |
19428 | + * the following conditions are aheared to. The following conditions | |
19429 | + * apply to all code found in this distribution, be it the RC4, RSA, | |
19430 | + * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
19431 | + * included with this distribution is covered by the same copyright terms | |
19432 | + * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
19433 | + * | |
19434 | + * Copyright remains Eric Young's, and as such any Copyright notices in | |
19435 | + * the code are not to be removed. | |
19436 | + * If this package is used in a product, Eric Young should be given attribution | |
19437 | + * as the author of the parts of the library used. | |
19438 | + * This can be in the form of a textual message at program startup or | |
19439 | + * in documentation (online or textual) provided with the package. | |
19440 | + * | |
19441 | + * Redistribution and use in source and binary forms, with or without | |
19442 | + * modification, are permitted provided that the following conditions | |
19443 | + * are met: | |
19444 | + * 1. Redistributions of source code must retain the copyright | |
19445 | + * notice, this list of conditions and the following disclaimer. | |
19446 | + * 2. Redistributions in binary form must reproduce the above copyright | |
19447 | + * notice, this list of conditions and the following disclaimer in the | |
19448 | + * documentation and/or other materials provided with the distribution. | |
19449 | + * 3. All advertising materials mentioning features or use of this software | |
19450 | + * must display the following acknowledgement: | |
19451 | + * "This product includes cryptographic software written by | |
19452 | + * Eric Young (eay@cryptsoft.com)" | |
19453 | + * The word 'cryptographic' can be left out if the rouines from the library | |
19454 | + * being used are not cryptographic related :-). | |
19455 | + * 4. If you include any Windows specific code (or a derivative thereof) from | |
19456 | + * the apps directory (application code) you must include an acknowledgement: | |
19457 | + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
19458 | + * | |
19459 | + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
19460 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
19461 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
19462 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
19463 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
19464 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
19465 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
19466 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
19467 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
19468 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
19469 | + * SUCH DAMAGE. | |
19470 | + * | |
19471 | + * The licence and distribution terms for any publically available version or | |
19472 | + * derivative of this code cannot be changed. i.e. this code cannot simply be | |
19473 | + * copied and put under another distribution licence | |
19474 | + * [including the GNU Public Licence.] | |
19475 | + */ | |
19476 | + | |
19477 | +const DES_LONG des_SPtrans[8][64]={ | |
19478 | +{ | |
19479 | +/* nibble 0 */ | |
19480 | +0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, | |
19481 | +0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, | |
19482 | +0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, | |
19483 | +0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, | |
19484 | +0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, | |
19485 | +0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, | |
19486 | +0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, | |
19487 | +0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, | |
19488 | +0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, | |
19489 | +0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, | |
19490 | +0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, | |
19491 | +0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, | |
19492 | +0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, | |
19493 | +0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, | |
19494 | +0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, | |
19495 | +0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, | |
19496 | +},{ | |
19497 | +/* nibble 1 */ | |
19498 | +0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, | |
19499 | +0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, | |
19500 | +0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, | |
19501 | +0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, | |
19502 | +0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, | |
19503 | +0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, | |
19504 | +0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, | |
19505 | +0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, | |
19506 | +0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, | |
19507 | +0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, | |
19508 | +0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, | |
19509 | +0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, | |
19510 | +0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, | |
19511 | +0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, | |
19512 | +0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, | |
19513 | +0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, | |
19514 | +},{ | |
19515 | +/* nibble 2 */ | |
19516 | +0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, | |
19517 | +0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, | |
19518 | +0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, | |
19519 | +0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, | |
19520 | +0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, | |
19521 | +0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, | |
19522 | +0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, | |
19523 | +0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, | |
19524 | +0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, | |
19525 | +0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, | |
19526 | +0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, | |
19527 | +0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, | |
19528 | +0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, | |
19529 | +0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, | |
19530 | +0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, | |
19531 | +0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, | |
19532 | +},{ | |
19533 | +/* nibble 3 */ | |
19534 | +0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, | |
19535 | +0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, | |
19536 | +0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, | |
19537 | +0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, | |
19538 | +0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, | |
19539 | +0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, | |
19540 | +0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, | |
19541 | +0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, | |
19542 | +0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, | |
19543 | +0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, | |
19544 | +0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, | |
19545 | +0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, | |
19546 | +0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, | |
19547 | +0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, | |
19548 | +0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, | |
19549 | +0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, | |
19550 | +},{ | |
19551 | +/* nibble 4 */ | |
19552 | +0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, | |
19553 | +0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, | |
19554 | +0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, | |
19555 | +0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, | |
19556 | +0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, | |
19557 | +0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, | |
19558 | +0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, | |
19559 | +0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, | |
19560 | +0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, | |
19561 | +0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, | |
19562 | +0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, | |
19563 | +0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, | |
19564 | +0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, | |
19565 | +0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, | |
19566 | +0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, | |
19567 | +0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, | |
19568 | +},{ | |
19569 | +/* nibble 5 */ | |
19570 | +0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, | |
19571 | +0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, | |
19572 | +0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, | |
19573 | +0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, | |
19574 | +0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, | |
19575 | +0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, | |
19576 | +0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, | |
19577 | +0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, | |
19578 | +0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, | |
19579 | +0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, | |
19580 | +0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, | |
19581 | +0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, | |
19582 | +0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, | |
19583 | +0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, | |
19584 | +0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, | |
19585 | +0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, | |
19586 | +},{ | |
19587 | +/* nibble 6 */ | |
19588 | +0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, | |
19589 | +0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, | |
19590 | +0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, | |
19591 | +0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, | |
19592 | +0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, | |
19593 | +0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, | |
19594 | +0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, | |
19595 | +0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, | |
19596 | +0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, | |
19597 | +0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, | |
19598 | +0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, | |
19599 | +0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, | |
19600 | +0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, | |
19601 | +0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, | |
19602 | +0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, | |
19603 | +0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, | |
19604 | +},{ | |
19605 | +/* nibble 7 */ | |
19606 | +0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, | |
19607 | +0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, | |
19608 | +0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, | |
19609 | +0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, | |
19610 | +0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, | |
19611 | +0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, | |
19612 | +0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, | |
19613 | +0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, | |
19614 | +0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, | |
19615 | +0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, | |
19616 | +0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, | |
19617 | +0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, | |
19618 | +0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, | |
19619 | +0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, | |
19620 | +0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, | |
19621 | +0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, | |
19622 | +}}; | |
19623 | diff -druN linux-noipsec/net/ipsec/libfreeswan/Makefile linux/net/ipsec/libfreeswan/Makefile | |
19624 | --- linux-noipsec/net/ipsec/libfreeswan/Makefile Thu Jan 1 01:00:00 1970 | |
19625 | +++ linux/net/ipsec/libfreeswan/Makefile Fri Sep 8 21:12:57 2000 | |
19626 | @@ -0,0 +1,53 @@ | |
19627 | +# FreeS/WAN library | |
19628 | +# Copyright (C) 1998, 1999, 2000 Henry Spencer. | |
19629 | +# | |
19630 | +# This program is free software; you can redistribute it and/or modify it | |
19631 | +# under the terms of the GNU General Public License as published by the | |
19632 | +# Free Software Foundation; either version 2 of the License, or (at your | |
19633 | +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
19634 | +# | |
19635 | +# This program is distributed in the hope that it will be useful, but | |
19636 | +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
19637 | +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
19638 | +# for more details. | |
19639 | +# | |
19640 | +# RCSID $Id$ | |
19641 | + | |
19642 | +ifndef TOPDIR | |
19643 | +TOPDIR := /usr/src/linux | |
19644 | +endif | |
19645 | + | |
19646 | +L_TARGET := libkernel.a | |
19647 | + | |
19648 | +L_OBJS := ultoa.o addrtoa.o subnettoa.o subnetof.o goodmask.o datatot.o \ | |
19649 | + rangetoa.o satoa.o pfkey_v2_parse.o pfkey_v2_build.o pfkey_v2_ext_bits.o | |
19650 | + | |
19651 | +HDRS=freeswan.h internal.h | |
19652 | + | |
19653 | +override CFLAGS += -I. | |
19654 | + | |
19655 | +ifeq ($(CONFIG_IPSEC_DEBUG),y) | |
19656 | +override CFLAGS += -g | |
19657 | +endif | |
19658 | + | |
19659 | +override CFLAGS += -Wall | |
19660 | +#override CFLAGS += -Wconversion | |
19661 | +#override CFLAGS += -Wmissing-prototypes | |
19662 | +override CFLAGS += -Wpointer-arith | |
19663 | +#override CFLAGS += -Wcast-qual | |
19664 | +#override CFLAGS += -Wmissing-declarations | |
19665 | +override CFLAGS += -Wstrict-prototypes | |
19666 | +#override CFLAGS += -pedantic | |
19667 | +#override CFLAGS += -O3 | |
19668 | +#override CFLAGS += -W | |
19669 | +#override CFLAGS += -Wwrite-strings | |
19670 | +override CFLAGS += -Wbad-function-cast | |
19671 | + | |
19672 | +include $(TOPDIR)/Rules.make | |
19673 | + | |
19674 | +$(L_OBJS): $(HDRS) | |
19675 | + | |
19676 | +clean: | |
19677 | + rm -f $(L_TARGET) *.o try* core *.core | |
19678 | + ( cd des && $(MAKE) clean ) | |
19679 | + | |
19680 | diff -druN linux-noipsec/net/ipsec/libfreeswan/addrtoa.c linux/net/ipsec/libfreeswan/addrtoa.c | |
19681 | --- linux-noipsec/net/ipsec/libfreeswan/addrtoa.c Thu Jan 1 01:00:00 1970 | |
19682 | +++ linux/net/ipsec/libfreeswan/addrtoa.c Sun Apr 11 01:19:36 1999 | |
19683 | @@ -0,0 +1,68 @@ | |
19684 | +/* | |
19685 | + * addresses to ASCII | |
19686 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
19687 | + * | |
19688 | + * This library is free software; you can redistribute it and/or modify it | |
19689 | + * under the terms of the GNU Library General Public License as published by | |
19690 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
19691 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
19692 | + * | |
19693 | + * This library is distributed in the hope that it will be useful, but | |
19694 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
19695 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
19696 | + * License for more details. | |
19697 | + * | |
19698 | + * RCSID $Id$ | |
19699 | + */ | |
19700 | +#include "internal.h" | |
19701 | +#include "freeswan.h" | |
19702 | + | |
19703 | +#define NBYTES 4 /* bytes in an address */ | |
19704 | +#define PERBYTE 4 /* three digits plus a dot or NUL */ | |
19705 | +#define BUFLEN (NBYTES*PERBYTE) | |
19706 | + | |
19707 | +#if BUFLEN != ADDRTOA_BUF | |
19708 | +#error "ADDRTOA_BUF in freeswan.h inconsistent with addrtoa() code" | |
19709 | +#endif | |
19710 | + | |
19711 | +/* | |
19712 | + - addrtoa - convert binary address to ASCII dotted decimal | |
19713 | + */ | |
19714 | +size_t /* space needed for full conversion */ | |
19715 | +addrtoa(addr, format, dst, dstlen) | |
19716 | +struct in_addr addr; | |
19717 | +int format; /* character */ | |
19718 | +char *dst; /* need not be valid if dstlen is 0 */ | |
19719 | +size_t dstlen; | |
19720 | +{ | |
19721 | + unsigned long a = ntohl(addr.s_addr); | |
19722 | + int i; | |
19723 | + size_t n; | |
19724 | + unsigned long byte; | |
19725 | + char buf[BUFLEN]; | |
19726 | + char *p; | |
19727 | + | |
19728 | + switch (format) { | |
19729 | + case 0: | |
19730 | + break; | |
19731 | + default: | |
19732 | + return 0; | |
19733 | + break; | |
19734 | + } | |
19735 | + | |
19736 | + p = buf; | |
19737 | + for (i = NBYTES-1; i >= 0; i--) { | |
19738 | + byte = (a >> (i*8)) & 0xff; | |
19739 | + p += ultoa(byte, 10, p, PERBYTE); | |
19740 | + if (i != 0) | |
19741 | + *(p-1) = '.'; | |
19742 | + } | |
19743 | + n = p - buf; | |
19744 | + | |
19745 | + if (dstlen > 0) { | |
19746 | + if (n > dstlen) | |
19747 | + buf[dstlen - 1] = '\0'; | |
19748 | + strcpy(dst, buf); | |
19749 | + } | |
19750 | + return n; | |
19751 | +} | |
19752 | diff -druN linux-noipsec/net/ipsec/libfreeswan/addrtot.c linux/net/ipsec/libfreeswan/addrtot.c | |
19753 | --- linux-noipsec/net/ipsec/libfreeswan/addrtot.c Thu Jan 1 01:00:00 1970 | |
19754 | +++ linux/net/ipsec/libfreeswan/addrtot.c Tue Sep 12 06:56:39 2000 | |
19755 | @@ -0,0 +1,230 @@ | |
19756 | +/* | |
19757 | + * addresses to text | |
19758 | + * Copyright (C) 2000 Henry Spencer. | |
19759 | + * | |
19760 | + * This library is free software; you can redistribute it and/or modify it | |
19761 | + * under the terms of the GNU Library General Public License as published by | |
19762 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
19763 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
19764 | + * | |
19765 | + * This library is distributed in the hope that it will be useful, but | |
19766 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
19767 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
19768 | + * License for more details. | |
19769 | + * | |
19770 | + * RCSID $Id$ | |
19771 | + */ | |
19772 | +#include "internal.h" | |
19773 | +#include "freeswan.h" | |
19774 | + | |
19775 | +#define IP4BYTES 4 /* bytes in an IPv4 address */ | |
19776 | +#define PERBYTE 4 /* three digits plus a dot or NUL */ | |
19777 | +#define IP6BYTES 16 /* bytes in an IPv6 address */ | |
19778 | + | |
19779 | +/* forwards */ | |
19780 | +static size_t normal4(const unsigned char *s, size_t len, char *b, char **dp); | |
19781 | +static size_t normal6(const unsigned char *s, size_t len, char *b, char **dp); | |
19782 | +static size_t reverse4(const unsigned char *s, size_t len, char *b, char **dp); | |
19783 | +static size_t reverse6(const unsigned char *s, size_t len, char *b, char **dp); | |
19784 | +static size_t reverse62(const unsigned char *s, size_t len, char *b, char **dp); | |
19785 | + | |
19786 | +/* | |
19787 | + - addrtot - convert binary address to text (dotted decimal or IPv6 string) | |
19788 | + */ | |
19789 | +size_t /* space needed for full conversion */ | |
19790 | +addrtot(src, format, dst, dstlen) | |
19791 | +const ip_address *src; | |
19792 | +int format; /* character */ | |
19793 | +char *dst; /* need not be valid if dstlen is 0 */ | |
19794 | +size_t dstlen; | |
19795 | +{ | |
19796 | + const unsigned char *b; | |
19797 | + size_t n; | |
19798 | + char buf[1+ADDRTOT_BUF+1]; /* :address: */ | |
19799 | + char *p; | |
19800 | + int t = addrtypeof(src); | |
19801 | +# define TF(t, f) (((t)<<8) | (f)) | |
19802 | + | |
19803 | + n = addrbytesptr(src, &b); | |
19804 | + if (n == 0) | |
19805 | + return 0; | |
19806 | + | |
19807 | + switch (TF(t, format)) { | |
19808 | + case TF(AF_INET, 0): | |
19809 | + n = normal4(b, n, buf, &p); | |
19810 | + break; | |
19811 | + case TF(AF_INET6, 0): | |
19812 | + n = normal6(b, n, buf, &p); | |
19813 | + break; | |
19814 | + case TF(AF_INET, 'r'): | |
19815 | + n = reverse4(b, n, buf, &p); | |
19816 | + break; | |
19817 | + case TF(AF_INET6, 'r'): | |
19818 | + n = reverse6(b, n, buf, &p); | |
19819 | + break; | |
19820 | + case TF(AF_INET6, 'R'): | |
19821 | + n = reverse62(b, n, buf, &p); | |
19822 | + break; | |
19823 | + default: /* including (AF_INET, 'R') */ | |
19824 | + return 0; | |
19825 | + break; | |
19826 | + } | |
19827 | + | |
19828 | + if (dstlen > 0) { | |
19829 | + if (dstlen < n) | |
19830 | + p[dstlen - 1] = '\0'; | |
19831 | + strcpy(dst, p); | |
19832 | + } | |
19833 | + return n; | |
19834 | +} | |
19835 | + | |
19836 | +/* | |
19837 | + - normal4 - normal IPv4 address-text conversion | |
19838 | + */ | |
19839 | +static size_t /* size of text, including NUL */ | |
19840 | +normal4(srcp, srclen, buf, dstp) | |
19841 | +const unsigned char *srcp; | |
19842 | +size_t srclen; | |
19843 | +char *buf; /* guaranteed large enough */ | |
19844 | +char **dstp; /* where to put result pointer */ | |
19845 | +{ | |
19846 | + int i; | |
19847 | + char *p; | |
19848 | + | |
19849 | + if (srclen != IP4BYTES) /* "can't happen" */ | |
19850 | + return 0; | |
19851 | + p = buf; | |
19852 | + for (i = 0; i < IP4BYTES; i++) { | |
19853 | + p += ultot(srcp[i], 10, p, PERBYTE); | |
19854 | + if (i != IP4BYTES - 1) | |
19855 | + *(p-1) = '.'; /* overwrites the NUL */ | |
19856 | + } | |
19857 | + *dstp = buf; | |
19858 | + return p - buf; | |
19859 | +} | |
19860 | + | |
19861 | +/* | |
19862 | + - normal6 - normal IPv6 address-text conversion | |
19863 | + */ | |
19864 | +static size_t /* size of text, including NUL */ | |
19865 | +normal6(srcp, srclen, buf, dstp) | |
19866 | +const unsigned char *srcp; | |
19867 | +size_t srclen; | |
19868 | +char *buf; /* guaranteed large enough, plus 2 */ | |
19869 | +char **dstp; /* where to put result pointer */ | |
19870 | +{ | |
19871 | + int i; | |
19872 | + unsigned long piece; | |
19873 | + char *p; | |
19874 | + char *q; | |
19875 | + | |
19876 | + if (srclen != IP6BYTES) /* "can't happen" */ | |
19877 | + return 0; | |
19878 | + p = buf; | |
19879 | + *p++ = ':'; | |
19880 | + for (i = 0; i < IP6BYTES/2; i++) { | |
19881 | + piece = (srcp[2*i] << 8) + srcp[2*i + 1]; | |
19882 | + p += ultot(piece, 16, p, 5); /* 5 = abcd + NUL */ | |
19883 | + *(p-1) = ':'; /* overwrites the NUL */ | |
19884 | + } | |
19885 | + *p = '\0'; | |
19886 | + q = strstr(buf, ":0:0:"); | |
19887 | + if (q != NULL) { /* zero squishing is possible */ | |
19888 | + p = q + 1; | |
19889 | + while (*p == '0' && *(p+1) == ':') | |
19890 | + p += 2; | |
19891 | + q++; | |
19892 | + *q++ = ':'; /* overwrite first 0 */ | |
19893 | + while (*p != '\0') | |
19894 | + *q++ = *p++; | |
19895 | + *q = '\0'; | |
19896 | + if (!(*(q-1) == ':' && *(q-2) == ':')) | |
19897 | + *--q = '\0'; /* strip final : unless :: */ | |
19898 | + p = buf; | |
19899 | + if (!(*p == ':' && *(p+1) == ':')) | |
19900 | + p++; /* skip initial : unless :: */ | |
19901 | + } else { | |
19902 | + q = p; | |
19903 | + *--q = '\0'; /* strip final : */ | |
19904 | + p = buf + 1; /* skip initial : */ | |
19905 | + } | |
19906 | + *dstp = p; | |
19907 | + return q - p + 1; | |
19908 | +} | |
19909 | + | |
19910 | +/* | |
19911 | + - reverse4 - IPv4 reverse-lookup conversion | |
19912 | + */ | |
19913 | +static size_t /* size of text, including NUL */ | |
19914 | +reverse4(srcp, srclen, buf, dstp) | |
19915 | +const unsigned char *srcp; | |
19916 | +size_t srclen; | |
19917 | +char *buf; /* guaranteed large enough */ | |
19918 | +char **dstp; /* where to put result pointer */ | |
19919 | +{ | |
19920 | + int i; | |
19921 | + char *p; | |
19922 | + | |
19923 | + if (srclen != IP4BYTES) /* "can't happen" */ | |
19924 | + return 0; | |
19925 | + p = buf; | |
19926 | + for (i = IP4BYTES-1; i >= 0; i--) { | |
19927 | + p += ultot(srcp[i], 10, p, PERBYTE); | |
19928 | + *(p-1) = '.'; /* overwrites the NUL */ | |
19929 | + } | |
19930 | + strcpy(p, "IN-ADDR.ARPA."); | |
19931 | + *dstp = buf; | |
19932 | + return strlen(buf) + 1; | |
19933 | +} | |
19934 | + | |
19935 | +/* | |
19936 | + - reverse62 - obsolete IPv6 reverse-lookup conversion (RFC 1886) | |
19937 | + * A trifle inefficient, really shouldn't use ultot... | |
19938 | + */ | |
19939 | +static size_t /* size of text, including NUL */ | |
19940 | +reverse62(srcp, srclen, buf, dstp) | |
19941 | +const unsigned char *srcp; | |
19942 | +size_t srclen; | |
19943 | +char *buf; /* guaranteed large enough */ | |
19944 | +char **dstp; /* where to put result pointer */ | |
19945 | +{ | |
19946 | + int i; | |
19947 | + unsigned long piece; | |
19948 | + char *p; | |
19949 | + | |
19950 | + if (srclen != IP6BYTES) /* "can't happen" */ | |
19951 | + return 0; | |
19952 | + p = buf; | |
19953 | + for (i = IP6BYTES-1; i >= 0; i--) { | |
19954 | + piece = srcp[i]; | |
19955 | + p += ultot(piece&0xf, 16, p, 2); | |
19956 | + *(p-1) = '.'; | |
19957 | + p += ultot(piece>>4, 16, p, 2); | |
19958 | + *(p-1) = '.'; | |
19959 | + } | |
19960 | + strcpy(p, "IP6.INT."); | |
19961 | + *dstp = buf; | |
19962 | + return strlen(buf) + 1; | |
19963 | +} | |
19964 | + | |
19965 | +/* | |
19966 | + - reverse6 - modern IPv6 reverse-lookup conversion (RFC 2874) | |
19967 | + */ | |
19968 | +static size_t /* size of text, including NUL */ | |
19969 | +reverse6(srcp, srclen, buf, dstp) | |
19970 | +const unsigned char *srcp; | |
19971 | +size_t srclen; | |
19972 | +char *buf; /* guaranteed large enough */ | |
19973 | +char **dstp; /* where to put result pointer */ | |
19974 | +{ | |
19975 | + char *p; | |
19976 | + | |
19977 | + if (srclen != IP6BYTES) /* "can't happen" */ | |
19978 | + return 0; | |
19979 | + strcpy(buf, "\\[x"); | |
19980 | + p = buf + strlen(buf); | |
19981 | + (void) datatot((const char *)srcp, srclen, 16, p, IP6BYTES*2 + 1); | |
19982 | + strcat(buf, "].IP6.ARPA."); /* leave count implicit */ | |
19983 | + *dstp = buf; | |
19984 | + return strlen(buf) + 1; | |
19985 | +} | |
19986 | diff -druN linux-noipsec/net/ipsec/libfreeswan/addrtypeof.c linux/net/ipsec/libfreeswan/addrtypeof.c | |
19987 | --- linux-noipsec/net/ipsec/libfreeswan/addrtypeof.c Thu Jan 1 01:00:00 1970 | |
19988 | +++ linux/net/ipsec/libfreeswan/addrtypeof.c Fri Sep 8 20:03:44 2000 | |
19989 | @@ -0,0 +1,94 @@ | |
19990 | +/* | |
19991 | + * extract parts of an ip_address | |
19992 | + * Copyright (C) 2000 Henry Spencer. | |
19993 | + * | |
19994 | + * This library is free software; you can redistribute it and/or modify it | |
19995 | + * under the terms of the GNU Library General Public License as published by | |
19996 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
19997 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
19998 | + * | |
19999 | + * This library is distributed in the hope that it will be useful, but | |
20000 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
20001 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
20002 | + * License for more details. | |
20003 | + * | |
20004 | + * RCSID $Id$ | |
20005 | + */ | |
20006 | +#include "internal.h" | |
20007 | +#include "freeswan.h" | |
20008 | + | |
20009 | +/* | |
20010 | + - addrtypeof - get the type of an ip_address | |
20011 | + */ | |
20012 | +int | |
20013 | +addrtypeof(src) | |
20014 | +const ip_address *src; | |
20015 | +{ | |
20016 | + return src->u.v4.sin_family; | |
20017 | +} | |
20018 | + | |
20019 | +/* | |
20020 | + - addrbytesptr - get pointer to the address bytes of an ip_address | |
20021 | + */ | |
20022 | +size_t /* 0 for error */ | |
20023 | +addrbytesptr(src, dstp) | |
20024 | +const ip_address *src; | |
20025 | +const unsigned char **dstp; /* NULL means just a size query */ | |
20026 | +{ | |
20027 | + const unsigned char *p; | |
20028 | + size_t n; | |
20029 | + | |
20030 | + switch (src->u.v4.sin_family) { | |
20031 | + case AF_INET: | |
20032 | + p = (const unsigned char *)&src->u.v4.sin_addr.s_addr; | |
20033 | + n = 4; | |
20034 | + break; | |
20035 | + case AF_INET6: | |
20036 | + p = (const unsigned char *)&src->u.v6.sin6_addr; | |
20037 | + n = 16; | |
20038 | + break; | |
20039 | + default: | |
20040 | + return 0; | |
20041 | + break; | |
20042 | + } | |
20043 | + | |
20044 | + if (dstp != NULL) | |
20045 | + *dstp = p; | |
20046 | + return n; | |
20047 | +} | |
20048 | + | |
20049 | +/* | |
20050 | + - addrlenof - get length of the address bytes of an ip_address | |
20051 | + */ | |
20052 | +size_t /* 0 for error */ | |
20053 | +addrlenof(src) | |
20054 | +const ip_address *src; | |
20055 | +{ | |
20056 | + return addrbytesptr(src, NULL); | |
20057 | +} | |
20058 | + | |
20059 | +/* | |
20060 | + - addrbytesof - get the address bytes of an ip_address | |
20061 | + */ | |
20062 | +size_t /* 0 for error */ | |
20063 | +addrbytesof(src, dst, dstlen) | |
20064 | +const ip_address *src; | |
20065 | +unsigned char *dst; | |
20066 | +size_t dstlen; | |
20067 | +{ | |
20068 | + const unsigned char *p; | |
20069 | + size_t n; | |
20070 | + size_t ncopy; | |
20071 | + | |
20072 | + n = addrbytesptr(src, &p); | |
20073 | + if (n == 0) | |
20074 | + return 0; | |
20075 | + | |
20076 | + if (dstlen > 0) { | |
20077 | + ncopy = n; | |
20078 | + if (ncopy > dstlen) | |
20079 | + ncopy = dstlen; | |
20080 | + memcpy(dst, p, ncopy); | |
20081 | + } | |
20082 | + return n; | |
20083 | +} | |
20084 | diff -druN linux-noipsec/net/ipsec/libfreeswan/anyaddr.c linux/net/ipsec/libfreeswan/anyaddr.c | |
20085 | --- linux-noipsec/net/ipsec/libfreeswan/anyaddr.c Thu Jan 1 01:00:00 1970 | |
20086 | +++ linux/net/ipsec/libfreeswan/anyaddr.c Tue Sep 19 09:09:32 2000 | |
20087 | @@ -0,0 +1,146 @@ | |
20088 | +/* | |
20089 | + * special addresses | |
20090 | + * Copyright (C) 2000 Henry Spencer. | |
20091 | + * | |
20092 | + * This library is free software; you can redistribute it and/or modify it | |
20093 | + * under the terms of the GNU Library General Public License as published by | |
20094 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
20095 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
20096 | + * | |
20097 | + * This library is distributed in the hope that it will be useful, but | |
20098 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
20099 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
20100 | + * License for more details. | |
20101 | + * | |
20102 | + * RCSID $Id$ | |
20103 | + */ | |
20104 | +#include "internal.h" | |
20105 | +#include "freeswan.h" | |
20106 | + | |
20107 | +/* these are mostly fallbacks for the no-IPv6-support-in-library case */ | |
20108 | +#ifndef IN6ADDR_ANY_INIT | |
20109 | +#define IN6ADDR_ANY_INIT {{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }} | |
20110 | +#endif | |
20111 | +#ifndef IN6ADDR_LOOPBACK_INIT | |
20112 | +#define IN6ADDR_LOOPBACK_INIT {{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }} | |
20113 | +#endif | |
20114 | + | |
20115 | +static struct in6_addr v6any = IN6ADDR_ANY_INIT; | |
20116 | +static struct in6_addr v6loop = IN6ADDR_LOOPBACK_INIT; | |
20117 | + | |
20118 | +/* | |
20119 | + - anyaddr - initialize to the any-address value | |
20120 | + */ | |
20121 | +err_t /* NULL for success, else string literal */ | |
20122 | +anyaddr(af, dst) | |
20123 | +int af; /* address family */ | |
20124 | +ip_address *dst; | |
20125 | +{ | |
20126 | + uint32_t v4any = htonl(INADDR_ANY); | |
20127 | + | |
20128 | + switch (af) { | |
20129 | + case AF_INET: | |
20130 | + return initaddr((unsigned char *)&v4any, sizeof(v4any), af, dst); | |
20131 | + break; | |
20132 | + case AF_INET6: | |
20133 | + return initaddr((unsigned char *)&v6any, sizeof(v6any), af, dst); | |
20134 | + break; | |
20135 | + default: | |
20136 | + return "unknown address family in anyaddr/unspecaddr"; | |
20137 | + break; | |
20138 | + } | |
20139 | +} | |
20140 | + | |
20141 | +/* | |
20142 | + - unspecaddr - initialize to the unspecified-address value | |
20143 | + */ | |
20144 | +err_t /* NULL for success, else string literal */ | |
20145 | +unspecaddr(af, dst) | |
20146 | +int af; /* address family */ | |
20147 | +ip_address *dst; | |
20148 | +{ | |
20149 | + return anyaddr(af, dst); | |
20150 | +} | |
20151 | + | |
20152 | +/* | |
20153 | + - loopbackaddr - initialize to the loopback-address value | |
20154 | + */ | |
20155 | +err_t /* NULL for success, else string literal */ | |
20156 | +loopbackaddr(af, dst) | |
20157 | +int af; /* address family */ | |
20158 | +ip_address *dst; | |
20159 | +{ | |
20160 | + uint32_t v4loop = htonl(INADDR_LOOPBACK); | |
20161 | + | |
20162 | + switch (af) { | |
20163 | + case AF_INET: | |
20164 | + return initaddr((unsigned char *)&v4loop, sizeof(v4loop), af, dst); | |
20165 | + break; | |
20166 | + case AF_INET6: | |
20167 | + return initaddr((unsigned char *)&v6loop, sizeof(v6loop), af, dst); | |
20168 | + break; | |
20169 | + default: | |
20170 | + return "unknown address family in loopbackaddr"; | |
20171 | + break; | |
20172 | + } | |
20173 | +} | |
20174 | + | |
20175 | +/* | |
20176 | + - isanyaddr - test for the any-address value | |
20177 | + */ | |
20178 | +int | |
20179 | +isanyaddr(src) | |
20180 | +const ip_address *src; | |
20181 | +{ | |
20182 | + uint32_t v4any = htonl(INADDR_ANY); | |
20183 | + int cmp; | |
20184 | + | |
20185 | + switch (src->u.v4.sin_family) { | |
20186 | + case AF_INET: | |
20187 | + cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4any, sizeof(v4any)); | |
20188 | + break; | |
20189 | + case AF_INET6: | |
20190 | + cmp = memcmp(&src->u.v6.sin6_addr, &v6any, sizeof(v6any)); | |
20191 | + break; | |
20192 | + default: | |
20193 | + return 0; | |
20194 | + break; | |
20195 | + } | |
20196 | + | |
20197 | + return (cmp == 0) ? 1 : 0; | |
20198 | +} | |
20199 | + | |
20200 | +/* | |
20201 | + - isunspecaddr - test for the unspecified-address value | |
20202 | + */ | |
20203 | +int | |
20204 | +isunspecaddr(src) | |
20205 | +const ip_address *src; | |
20206 | +{ | |
20207 | + return isanyaddr(src); | |
20208 | +} | |
20209 | + | |
20210 | +/* | |
20211 | + - isloopbackaddr - test for the loopback-address value | |
20212 | + */ | |
20213 | +int | |
20214 | +isloopbackaddr(src) | |
20215 | +const ip_address *src; | |
20216 | +{ | |
20217 | + uint32_t v4loop = htonl(INADDR_LOOPBACK); | |
20218 | + int cmp; | |
20219 | + | |
20220 | + switch (src->u.v4.sin_family) { | |
20221 | + case AF_INET: | |
20222 | + cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4loop, sizeof(v4loop)); | |
20223 | + break; | |
20224 | + case AF_INET6: | |
20225 | + cmp = memcmp(&src->u.v6.sin6_addr, &v6loop, sizeof(v6loop)); | |
20226 | + break; | |
20227 | + default: | |
20228 | + return 0; | |
20229 | + break; | |
20230 | + } | |
20231 | + | |
20232 | + return (cmp == 0) ? 1 : 0; | |
20233 | +} | |
20234 | diff -druN linux-noipsec/net/ipsec/libfreeswan/atoaddr.c linux/net/ipsec/libfreeswan/atoaddr.c | |
20235 | --- linux-noipsec/net/ipsec/libfreeswan/atoaddr.c Thu Jan 1 01:00:00 1970 | |
20236 | +++ linux/net/ipsec/libfreeswan/atoaddr.c Sat Jan 22 03:17:22 2000 | |
20237 | @@ -0,0 +1,238 @@ | |
20238 | +/* | |
20239 | + * conversion from ASCII forms of addresses to internal ones | |
20240 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
20241 | + * | |
20242 | + * This library is free software; you can redistribute it and/or modify it | |
20243 | + * under the terms of the GNU Library General Public License as published by | |
20244 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
20245 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
20246 | + * | |
20247 | + * This library is distributed in the hope that it will be useful, but | |
20248 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
20249 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
20250 | + * License for more details. | |
20251 | + * | |
20252 | + * RCSID $Id$ | |
20253 | + */ | |
20254 | +#include "internal.h" | |
20255 | +#include "freeswan.h" | |
20256 | + | |
20257 | +/* | |
20258 | + * Define NOLEADINGZEROS to interpret 032 as an error, not as 32. There | |
20259 | + * is deliberately no way to interpret it as 26 (i.e., as octal). | |
20260 | + */ | |
20261 | + | |
20262 | +/* | |
20263 | + * Legal characters in a domain name. Underscore technically is not, | |
20264 | + * but is a common misunderstanding. | |
20265 | + */ | |
20266 | +static const char namechars[] = "abcdefghijklmnopqrstuvwxyz0123456789" | |
20267 | + "ABCDEFGHIJKLMNOPQRSTUVWXYZ-_."; | |
20268 | + | |
20269 | +static const char *try8hex(const char *, size_t, struct in_addr *); | |
20270 | +static const char *try8hosthex(const char *, size_t, struct in_addr *); | |
20271 | +static const char *trydotted(const char *, size_t, struct in_addr *); | |
20272 | +static const char *getbyte(const char **, const char *, int *); | |
20273 | + | |
20274 | +/* | |
20275 | + - atoaddr - convert ASCII name or dotted-decimal address to binary address | |
20276 | + */ | |
20277 | +const char * /* NULL for success, else string literal */ | |
20278 | +atoaddr(src, srclen, addrp) | |
20279 | +const char *src; | |
20280 | +size_t srclen; /* 0 means "apply strlen" */ | |
20281 | +struct in_addr *addrp; | |
20282 | +{ | |
20283 | + struct hostent *h; | |
20284 | + struct netent *ne = NULL; | |
20285 | + const char *oops; | |
20286 | +# define HEXLEN 10 /* strlen("0x11223344") */ | |
20287 | +# ifndef ATOADDRBUF | |
20288 | +# define ATOADDRBUF 100 | |
20289 | +# endif | |
20290 | + char namebuf[ATOADDRBUF]; | |
20291 | + char *p = namebuf; | |
20292 | + char *q; | |
20293 | + | |
20294 | + if (srclen == 0) | |
20295 | + srclen = strlen(src); | |
20296 | + if (srclen == 0) | |
20297 | + return "empty string"; | |
20298 | + | |
20299 | + /* might it be hex? */ | |
20300 | + if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'x')) | |
20301 | + return try8hex(src+2, srclen-2, addrp); | |
20302 | + if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'h')) | |
20303 | + return try8hosthex(src+2, srclen-2, addrp); | |
20304 | + | |
20305 | + /* try it as dotted decimal */ | |
20306 | + oops = trydotted(src, srclen, addrp); | |
20307 | + if (oops == NULL) | |
20308 | + return NULL; /* it worked */ | |
20309 | + if (*oops != '?') | |
20310 | + return oops; /* it *was* probably meant as a d.q. */ | |
20311 | + | |
20312 | + /* try it as a name -- first, NUL-terminate it */ | |
20313 | + if (srclen > sizeof(namebuf)-1) { | |
20314 | + p = (char *) MALLOC(srclen+1); | |
20315 | + if (p == NULL) | |
20316 | + return "unable to allocate temporary space for name"; | |
20317 | + } | |
20318 | + p[0] = '\0'; | |
20319 | + strncat(p, src, srclen); | |
20320 | + | |
20321 | + /* next, check that it's a vaguely legal name */ | |
20322 | + for (q = p; *q != '\0'; q++) | |
20323 | + if (!isprint(*q)) | |
20324 | + return "unprintable character in name"; | |
20325 | + if (strspn(p, namechars) != srclen) | |
20326 | + return "illegal (non-DNS-name) character in name"; | |
20327 | + | |
20328 | + /* try as host name, failing that as /etc/networks network name */ | |
20329 | + h = gethostbyname(p); | |
20330 | + if (h == NULL) | |
20331 | + ne = getnetbyname(p); | |
20332 | + if (p != namebuf) | |
20333 | + FREE(p); | |
20334 | + if (h == NULL && ne == NULL) | |
20335 | + return "name lookup failed"; | |
20336 | + | |
20337 | + if (h != NULL) | |
20338 | + memcpy(&addrp->s_addr, h->h_addr, sizeof(addrp->s_addr)); | |
20339 | + else | |
20340 | + addrp->s_addr = htonl(ne->n_net); | |
20341 | + return NULL; | |
20342 | +} | |
20343 | + | |
20344 | +/* | |
20345 | + - try8hosthex - try conversion as an eight-digit host-order hex number | |
20346 | + */ | |
20347 | +const char * /* NULL for success, else string literal */ | |
20348 | +try8hosthex(src, srclen, addrp) | |
20349 | +const char *src; | |
20350 | +size_t srclen; /* should be 8 */ | |
20351 | +struct in_addr *addrp; | |
20352 | +{ | |
20353 | + const char *oops; | |
20354 | + unsigned long addr; | |
20355 | + | |
20356 | + if (srclen != 8) | |
20357 | + return "internal error, try8hex called with bad length"; | |
20358 | + | |
20359 | + oops = atoul(src, srclen, 16, &addr); | |
20360 | + if (oops != NULL) | |
20361 | + return oops; | |
20362 | + | |
20363 | + addrp->s_addr = addr; | |
20364 | + return NULL; | |
20365 | +} | |
20366 | + | |
20367 | +/* | |
20368 | + - try8hex - try conversion as an eight-digit network-order hex number | |
20369 | + */ | |
20370 | +const char * /* NULL for success, else string literal */ | |
20371 | +try8hex(src, srclen, addrp) | |
20372 | +const char *src; | |
20373 | +size_t srclen; /* should be 8 */ | |
20374 | +struct in_addr *addrp; | |
20375 | +{ | |
20376 | + const char *oops; | |
20377 | + | |
20378 | + oops = try8hosthex(src, srclen, addrp); | |
20379 | + if (oops != NULL) | |
20380 | + return oops; | |
20381 | + | |
20382 | + addrp->s_addr = htonl(addrp->s_addr); | |
20383 | + return NULL; | |
20384 | +} | |
20385 | + | |
20386 | +/* | |
20387 | + - trydotted - try conversion as dotted decimal | |
20388 | + * | |
20389 | + * If the first char of a complaint is '?', that means "didn't look like | |
20390 | + * dotted decimal at all". | |
20391 | + */ | |
20392 | +const char * /* NULL for success, else string literal */ | |
20393 | +trydotted(src, srclen, addrp) | |
20394 | +const char *src; | |
20395 | +size_t srclen; | |
20396 | +struct in_addr *addrp; | |
20397 | +{ | |
20398 | + const char *stop = src + srclen; /* just past end */ | |
20399 | + int byte; | |
20400 | + const char *oops; | |
20401 | + unsigned long addr; | |
20402 | + int i; | |
20403 | +# define NBYTES 4 | |
20404 | +# define BYTE 8 | |
20405 | + | |
20406 | + addr = 0; | |
20407 | + for (i = 0; i < NBYTES && src < stop; i++) { | |
20408 | + oops = getbyte(&src, stop, &byte); | |
20409 | + if (oops != NULL) { | |
20410 | + if (*oops != '?') | |
20411 | + return oops; /* bad number */ | |
20412 | + if (i > 1) | |
20413 | + return oops+1; /* failed number */ | |
20414 | + return oops; /* with leading '?' */ | |
20415 | + } | |
20416 | + addr = (addr << BYTE) | byte; | |
20417 | + if (i < 3 && src < stop && *src++ != '.') { | |
20418 | + if (i == 0) | |
20419 | + return "?syntax error in dotted-decimal address"; | |
20420 | + else | |
20421 | + return "syntax error in dotted-decimal address"; | |
20422 | + } | |
20423 | + } | |
20424 | + addr <<= (NBYTES - i) * BYTE; | |
20425 | + if (src != stop) | |
20426 | + return "extra garbage on end of dotted-decimal address"; | |
20427 | + | |
20428 | + addrp->s_addr = htonl(addr); | |
20429 | + return NULL; | |
20430 | +} | |
20431 | + | |
20432 | +/* | |
20433 | + - getbyte - try to scan a byte in dotted decimal | |
20434 | + * A subtlety here is that all this arithmetic on ASCII digits really is | |
20435 | + * highly portable -- ANSI C guarantees that digits 0-9 are contiguous. | |
20436 | + * It's easier to just do it ourselves than set up for a call to atoul(). | |
20437 | + * | |
20438 | + * If the first char of a complaint is '?', that means "didn't look like a | |
20439 | + * number at all". | |
20440 | + */ | |
20441 | +const char * /* NULL for success, else string literal */ | |
20442 | +getbyte(srcp, stop, retp) | |
20443 | +const char **srcp; /* *srcp is updated */ | |
20444 | +const char *stop; /* first untouchable char */ | |
20445 | +int *retp; /* return-value pointer */ | |
20446 | +{ | |
20447 | + char c; | |
20448 | + const char *p; | |
20449 | + int no; | |
20450 | + | |
20451 | + if (*srcp >= stop) | |
20452 | + return "?empty number in dotted-decimal address"; | |
20453 | + | |
20454 | + if (stop - *srcp >= 3 && **srcp == '0' && CIEQ(*(*srcp+1), 'x')) | |
20455 | + return "hex numbers not supported in dotted-decimal addresses"; | |
20456 | +#ifdef NOLEADINGZEROS | |
20457 | + if (stop - *srcp >= 2 && **srcp == '0' && isdigit(*(*srcp+1))) | |
20458 | + return "octal numbers not supported in dotted-decimal addresses"; | |
20459 | +#endif /* NOLEADINGZEROS */ | |
20460 | + | |
20461 | + /* must be decimal, if it's numeric at all */ | |
20462 | + no = 0; | |
20463 | + p = *srcp; | |
20464 | + while (p < stop && no <= 255 && (c = *p) >= '0' && c <= '9') { | |
20465 | + no = no*10 + (c - '0'); | |
20466 | + p++; | |
20467 | + } | |
20468 | + if (p == *srcp) | |
20469 | + return "?non-numeric component in dotted-decimal address"; | |
20470 | + *srcp = p; | |
20471 | + if (no > 255) | |
20472 | + return "byte overflow in dotted-decimal address"; | |
20473 | + *retp = no; | |
20474 | + return NULL; | |
20475 | +} | |
20476 | diff -druN linux-noipsec/net/ipsec/libfreeswan/atoasr.c linux/net/ipsec/libfreeswan/atoasr.c | |
20477 | --- linux-noipsec/net/ipsec/libfreeswan/atoasr.c Thu Jan 1 01:00:00 1970 | |
20478 | +++ linux/net/ipsec/libfreeswan/atoasr.c Tue Dec 7 06:00:51 1999 | |
20479 | @@ -0,0 +1,212 @@ | |
20480 | +/* | |
20481 | + * convert from ASCII form of address/subnet/range to binary | |
20482 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
20483 | + * | |
20484 | + * This library is free software; you can redistribute it and/or modify it | |
20485 | + * under the terms of the GNU Library General Public License as published by | |
20486 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
20487 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
20488 | + * | |
20489 | + * This library is distributed in the hope that it will be useful, but | |
20490 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
20491 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
20492 | + * License for more details. | |
20493 | + * | |
20494 | + * RCSID $Id$ | |
20495 | + */ | |
20496 | +#include "internal.h" | |
20497 | +#include "freeswan.h" | |
20498 | + | |
20499 | +/* | |
20500 | + - atoasr - convert ASCII to address, subnet, or range | |
20501 | + */ | |
20502 | +const char * /* NULL for success, else string literal */ | |
20503 | +atoasr(src, srclen, typep, addrsp) | |
20504 | +const char *src; | |
20505 | +size_t srclen; /* 0 means "apply strlen" */ | |
20506 | +char *typep; /* return type code: 'a', 's', 'r' */ | |
20507 | +struct in_addr addrsp[2]; | |
20508 | +{ | |
20509 | + const char *punct; | |
20510 | + const char *stop; | |
20511 | + const char *oops; | |
20512 | + | |
20513 | + if (srclen == 0) | |
20514 | + srclen = strlen(src); | |
20515 | + if (srclen == 0) | |
20516 | + return "empty string"; | |
20517 | + | |
20518 | + /* subnet is easy to spot */ | |
20519 | + punct = memchr(src, '/', srclen); | |
20520 | + if (punct != NULL) { | |
20521 | + *typep = 's'; | |
20522 | + return atosubnet(src, srclen, &addrsp[0], &addrsp[1]); | |
20523 | + } | |
20524 | + | |
20525 | + /* try for a range */ | |
20526 | + stop = src + srclen; | |
20527 | + for (punct = src; (punct = memchr(punct, '.', stop - punct)) != NULL; | |
20528 | + punct++) | |
20529 | + if (stop - punct > 3 && *(punct+1) == '.' && *(punct+2) == '.') | |
20530 | + break; /* NOTE BREAK OUT */ | |
20531 | + if (punct == NULL) { | |
20532 | + /* didn't find the range delimiter, must be plain address */ | |
20533 | + *typep = 'a'; | |
20534 | + return atoaddr(src, srclen, &addrsp[0]); | |
20535 | + } | |
20536 | + | |
20537 | + /* looks like a range */ | |
20538 | + *typep = 'r'; | |
20539 | + if (stop - punct > 4 && *(punct+3) == '.') | |
20540 | + punct++; /* first dot is trailing dot of name */ | |
20541 | + oops = atoaddr(src, punct - src, &addrsp[0]); | |
20542 | + if (oops != NULL) | |
20543 | + return oops; | |
20544 | + oops = atoaddr(punct+3, stop - (punct+3), &addrsp[1]); | |
20545 | + if (oops != NULL) | |
20546 | + return oops; | |
20547 | + if (ntohl(addrsp[0].s_addr) > ntohl(addrsp[1].s_addr)) | |
20548 | + return "invalid range, begin > end"; | |
20549 | + return NULL; | |
20550 | +} | |
20551 | + | |
20552 | + | |
20553 | + | |
20554 | +#ifdef ATOASR_MAIN | |
20555 | + | |
20556 | +#include <stdio.h> | |
20557 | + | |
20558 | +void regress(); | |
20559 | + | |
20560 | +int | |
20561 | +main(argc, argv) | |
20562 | +int argc; | |
20563 | +char *argv[]; | |
20564 | +{ | |
20565 | + struct in_addr a[2]; | |
20566 | + char buf[100]; | |
20567 | + const char *oops; | |
20568 | + size_t n; | |
20569 | + char type; | |
20570 | + | |
20571 | + if (argc < 2) { | |
20572 | + fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n", | |
20573 | + argv[0]); | |
20574 | + exit(2); | |
20575 | + } | |
20576 | + | |
20577 | + if (strcmp(argv[1], "-r") == 0) { | |
20578 | + regress(); | |
20579 | + fprintf(stderr, "regress() returned?!?\n"); | |
20580 | + exit(1); | |
20581 | + } | |
20582 | + | |
20583 | + oops = atoasr(argv[1], 0, &type, a); | |
20584 | + if (oops != NULL) { | |
20585 | + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); | |
20586 | + exit(1); | |
20587 | + } | |
20588 | + switch (type) { | |
20589 | + case 'a': | |
20590 | + n = addrtoa(a[0], 0, buf, sizeof(buf)); | |
20591 | + break; | |
20592 | + case 's': | |
20593 | + n = subnettoa(a[0], a[1], 0, buf, sizeof(buf)); | |
20594 | + break; | |
20595 | + case 'r': | |
20596 | + n = rangetoa(a, 0, buf, sizeof(buf)); | |
20597 | + break; | |
20598 | + default: | |
20599 | + fprintf(stderr, "%s: unknown type '%c'\n", argv[0], type); | |
20600 | + exit(1); | |
20601 | + break; | |
20602 | + } | |
20603 | + if (n > sizeof(buf)) { | |
20604 | + fprintf(stderr, "%s: reverse conversion of ", argv[0]); | |
20605 | + fprintf(stderr, "%s ", inet_ntoa(a[0])); | |
20606 | + fprintf(stderr, "%s", inet_ntoa(a[1])); | |
20607 | + fprintf(stderr, " failed: need %ld bytes, have only %ld\n", | |
20608 | + (long)n, (long)sizeof(buf)); | |
20609 | + exit(1); | |
20610 | + } | |
20611 | + printf("%s\n", buf); | |
20612 | + | |
20613 | + exit(0); | |
20614 | +} | |
20615 | + | |
20616 | +struct rtab { | |
20617 | + char *input; | |
20618 | + char *output; /* NULL means error expected */ | |
20619 | +} rtab[] = { | |
20620 | + "1.2.3.0", "1.2.3.0", | |
20621 | + "1.2.3.0/255.255.255.0", "1.2.3.0/24", | |
20622 | + "1.2.3.0...1.2.3.5", "1.2.3.0...1.2.3.5", | |
20623 | + "1.2.3.4.5", NULL, | |
20624 | + "1.2.3.4/", NULL, | |
20625 | + "1.2.3.4...", NULL, | |
20626 | + "1.2.3.4....", NULL, | |
20627 | + "localhost./32", "127.0.0.1/32", | |
20628 | + "localhost....127.0.0.3", "127.0.0.1...127.0.0.3", | |
20629 | + "127.0.0.0...localhost.", "127.0.0.0...127.0.0.1", | |
20630 | + "127.0.0.3...localhost.", NULL, | |
20631 | + NULL, NULL | |
20632 | +}; | |
20633 | + | |
20634 | +void | |
20635 | +regress() | |
20636 | +{ | |
20637 | + struct rtab *r; | |
20638 | + int status = 0; | |
20639 | + struct in_addr a[2]; | |
20640 | + struct in_addr m; | |
20641 | + char in[100]; | |
20642 | + char buf[100]; | |
20643 | + const char *oops; | |
20644 | + size_t n; | |
20645 | + char type; | |
20646 | + | |
20647 | + for (r = rtab; r->input != NULL; r++) { | |
20648 | + strcpy(in, r->input); | |
20649 | + oops = atoasr(in, 0, &type, a); | |
20650 | + if (oops != NULL && r->output == NULL) | |
20651 | + {} /* okay, error expected */ | |
20652 | + else if (oops != NULL) { | |
20653 | + printf("`%s' atoasr failed: %s\n", r->input, oops); | |
20654 | + status = 1; | |
20655 | + } else if (r->output == NULL) { | |
20656 | + printf("`%s' atoasr succeeded unexpectedly '%c'\n", | |
20657 | + r->input, type); | |
20658 | + status = 1; | |
20659 | + } else { | |
20660 | + switch (type) { | |
20661 | + case 'a': | |
20662 | + n = addrtoa(a[0], 0, buf, sizeof(buf)); | |
20663 | + break; | |
20664 | + case 's': | |
20665 | + n = subnettoa(a[0], a[1], 0, buf, sizeof(buf)); | |
20666 | + break; | |
20667 | + case 'r': | |
20668 | + n = rangetoa(a, 0, buf, sizeof(buf)); | |
20669 | + break; | |
20670 | + default: | |
20671 | + fprintf(stderr, "`%s' unknown type '%c'\n", | |
20672 | + r->input, type); | |
20673 | + n = 0; | |
20674 | + status = 1; | |
20675 | + break; | |
20676 | + } | |
20677 | + if (n > sizeof(buf)) { | |
20678 | + printf("`%s' '%c' reverse failed: need %ld\n", | |
20679 | + r->input, type, (long)n); | |
20680 | + status = 1; | |
20681 | + } else if (n > 0 && strcmp(r->output, buf) != 0) { | |
20682 | + printf("`%s' '%c' gave `%s', expected `%s'\n", | |
20683 | + r->input, type, buf, r->output); | |
20684 | + status = 1; | |
20685 | + } | |
20686 | + } | |
20687 | + } | |
20688 | + exit(status); | |
20689 | +} | |
20690 | + | |
20691 | +#endif /* ATOASR_MAIN */ | |
20692 | diff -druN linux-noipsec/net/ipsec/libfreeswan/atosa.c linux/net/ipsec/libfreeswan/atosa.c | |
20693 | --- linux-noipsec/net/ipsec/libfreeswan/atosa.c Thu Jan 1 01:00:00 1970 | |
20694 | +++ linux/net/ipsec/libfreeswan/atosa.c Sun Sep 17 20:55:37 2000 | |
20695 | @@ -0,0 +1,199 @@ | |
20696 | +/* | |
20697 | + * convert from ASCII form of SA ID to binary | |
20698 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
20699 | + * | |
20700 | + * This library is free software; you can redistribute it and/or modify it | |
20701 | + * under the terms of the GNU Library General Public License as published by | |
20702 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
20703 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
20704 | + * | |
20705 | + * This library is distributed in the hope that it will be useful, but | |
20706 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
20707 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
20708 | + * License for more details. | |
20709 | + * | |
20710 | + * RCSID $Id$ | |
20711 | + */ | |
20712 | +#include "internal.h" | |
20713 | +#include "freeswan.h" | |
20714 | + | |
20715 | +static struct satype { | |
20716 | + char *prefix; | |
20717 | + size_t prelen; /* strlen(prefix) */ | |
20718 | + int proto; | |
20719 | +} satypes[] = { | |
20720 | + { "ah", 2, SA_AH }, | |
20721 | + { "esp", 3, SA_ESP }, | |
20722 | + { "tun", 3, SA_IPIP }, | |
20723 | + { "comp", 4, SA_COMP }, | |
20724 | + { NULL, 0, 0, } | |
20725 | +}; | |
20726 | + | |
20727 | +/* | |
20728 | + - atosa - convert ASCII "ah507@10.0.0.1" to SA identifier | |
20729 | + */ | |
20730 | +const char * /* NULL for success, else string literal */ | |
20731 | +atosa(src, srclen, sa) | |
20732 | +const char *src; | |
20733 | +size_t srclen; /* 0 means "apply strlen" */ | |
20734 | +struct sa_id *sa; | |
20735 | +{ | |
20736 | + const char *at; | |
20737 | + const char *addr; | |
20738 | + const char *spi = NULL; | |
20739 | + struct satype *sat; | |
20740 | + unsigned long ul; | |
20741 | + const char *oops; | |
20742 | +# define MINLEN 5 /* ah0@0 is as short as it can get */ | |
20743 | + static char ptname[] = PASSTHROUGHNAME; | |
20744 | +# define PTNLEN (sizeof(ptname)-1) /* -1 for NUL */ | |
20745 | + | |
20746 | + if (srclen == 0) | |
20747 | + srclen = strlen(src); | |
20748 | + if (srclen == 0) | |
20749 | + return "empty string"; | |
20750 | + if (srclen < MINLEN) | |
20751 | + return "string too short to be SA specifier"; | |
20752 | + if (srclen == PTNLEN && memcmp(src, ptname, PTNLEN) == 0) { | |
20753 | + src = PASSTHROUGHIS; | |
20754 | + srclen = strlen(src); | |
20755 | + } | |
20756 | + | |
20757 | + at = memchr(src, '@', srclen); | |
20758 | + if (at == NULL) | |
20759 | + return "no @ in SA specifier"; | |
20760 | + | |
20761 | + for (sat = satypes; sat->prefix != NULL; sat++) | |
20762 | + if (sat->prelen < srclen && | |
20763 | + strncmp(src, sat->prefix, sat->prelen) == 0) { | |
20764 | + sa->proto = sat->proto; | |
20765 | + spi = src + sat->prelen; | |
20766 | + break; /* NOTE BREAK OUT */ | |
20767 | + } | |
20768 | + if (sat->prefix == NULL) | |
20769 | + return "SA specifier lacks valid protocol prefix"; | |
20770 | + | |
20771 | + if (spi >= at) | |
20772 | + return "no SPI in SA specifier"; | |
20773 | + oops = atoul(spi, at - spi, 13, &ul); | |
20774 | + if (oops != NULL) | |
20775 | + return oops; | |
20776 | + sa->spi = htonl(ul); | |
20777 | + | |
20778 | + addr = at + 1; | |
20779 | + oops = atoaddr(addr, srclen - (addr - src), &sa->dst); | |
20780 | + if (oops != NULL) | |
20781 | + return oops; | |
20782 | + | |
20783 | + return NULL; | |
20784 | +} | |
20785 | + | |
20786 | + | |
20787 | + | |
20788 | +#ifdef ATOSA_MAIN | |
20789 | + | |
20790 | +#include <stdio.h> | |
20791 | + | |
20792 | +void regress(); | |
20793 | + | |
20794 | +int | |
20795 | +main(argc, argv) | |
20796 | +int argc; | |
20797 | +char *argv[]; | |
20798 | +{ | |
20799 | + struct sa_id sa; | |
20800 | + char buf[100]; | |
20801 | + const char *oops; | |
20802 | + size_t n; | |
20803 | + | |
20804 | + if (argc < 2) { | |
20805 | + fprintf(stderr, "Usage: %s {ahnnn@aaa|-r}\n", argv[0]); | |
20806 | + exit(2); | |
20807 | + } | |
20808 | + | |
20809 | + if (strcmp(argv[1], "-r") == 0) { | |
20810 | + regress(); | |
20811 | + fprintf(stderr, "regress() returned?!?\n"); | |
20812 | + exit(1); | |
20813 | + } | |
20814 | + | |
20815 | + oops = atosa(argv[1], 0, &sa); | |
20816 | + if (oops != NULL) { | |
20817 | + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); | |
20818 | + exit(1); | |
20819 | + } | |
20820 | + n = satoa(sa, 0, buf, sizeof(buf)); | |
20821 | + if (n > sizeof(buf)) { | |
20822 | + fprintf(stderr, "%s: reverse conv of `%d'", argv[0], sa.proto); | |
20823 | + fprintf(stderr, "%lu@", sa.spi); | |
20824 | + fprintf(stderr, "%s", inet_ntoa(sa.dst)); | |
20825 | + fprintf(stderr, " failed: need %ld bytes, have only %ld\n", | |
20826 | + (long)n, (long)sizeof(buf)); | |
20827 | + exit(1); | |
20828 | + } | |
20829 | + printf("%s\n", buf); | |
20830 | + | |
20831 | + exit(0); | |
20832 | +} | |
20833 | + | |
20834 | +struct rtab { | |
20835 | + char *input; | |
20836 | + char *output; /* NULL means error expected */ | |
20837 | +} rtab[] = { | |
20838 | + "esp257@1.2.3.0", "esp257@1.2.3.0", | |
20839 | + "ah0x20@1.2.3.4", "ah32@1.2.3.4", | |
20840 | + "tun011@111.2.3.99", "tun11@111.2.3.99", | |
20841 | + "", NULL, | |
20842 | + "_", NULL, | |
20843 | + "ah2.2", NULL, | |
20844 | + "goo2@1.2.3.4", NULL, | |
20845 | + "esp9@1.2.3.4", "esp9@1.2.3.4", | |
20846 | + "espp9@1.2.3.4", NULL, | |
20847 | + "es9@1.2.3.4", NULL, | |
20848 | + "ah@1.2.3.4", NULL, | |
20849 | + "esp7x7@1.2.3.4", NULL, | |
20850 | + "esp77@1.0x2.3.4", NULL, | |
20851 | + PASSTHROUGHNAME, PASSTHROUGHNAME, | |
20852 | + NULL, NULL | |
20853 | +}; | |
20854 | + | |
20855 | +void | |
20856 | +regress() | |
20857 | +{ | |
20858 | + struct rtab *r; | |
20859 | + int status = 0; | |
20860 | + struct sa_id sa; | |
20861 | + char in[100]; | |
20862 | + char buf[100]; | |
20863 | + const char *oops; | |
20864 | + size_t n; | |
20865 | + | |
20866 | + for (r = rtab; r->input != NULL; r++) { | |
20867 | + strcpy(in, r->input); | |
20868 | + oops = atosa(in, 0, &sa); | |
20869 | + if (oops != NULL && r->output == NULL) | |
20870 | + {} /* okay, error expected */ | |
20871 | + else if (oops != NULL) { | |
20872 | + printf("`%s' atosa failed: %s\n", r->input, oops); | |
20873 | + status = 1; | |
20874 | + } else if (r->output == NULL) { | |
20875 | + printf("`%s' atosa succeeded unexpectedly\n", | |
20876 | + r->input); | |
20877 | + status = 1; | |
20878 | + } else { | |
20879 | + n = satoa(sa, 'd', buf, sizeof(buf)); | |
20880 | + if (n > sizeof(buf)) { | |
20881 | + printf("`%s' satoa failed: need %ld\n", | |
20882 | + r->input, (long)n); | |
20883 | + status = 1; | |
20884 | + } else if (strcmp(r->output, buf) != 0) { | |
20885 | + printf("`%s' gave `%s', expected `%s'\n", | |
20886 | + r->input, buf, r->output); | |
20887 | + status = 1; | |
20888 | + } | |
20889 | + } | |
20890 | + } | |
20891 | + exit(status); | |
20892 | +} | |
20893 | + | |
20894 | +#endif /* ATOSA_MAIN */ | |
20895 | diff -druN linux-noipsec/net/ipsec/libfreeswan/atosubnet.c linux/net/ipsec/libfreeswan/atosubnet.c | |
20896 | --- linux-noipsec/net/ipsec/libfreeswan/atosubnet.c Thu Jan 1 01:00:00 1970 | |
20897 | +++ linux/net/ipsec/libfreeswan/atosubnet.c Wed Feb 16 19:59:08 2000 | |
20898 | @@ -0,0 +1,215 @@ | |
20899 | +/* | |
20900 | + * convert from ASCII form of subnet specification to binary | |
20901 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
20902 | + * | |
20903 | + * This library is free software; you can redistribute it and/or modify it | |
20904 | + * under the terms of the GNU Library General Public License as published by | |
20905 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
20906 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
20907 | + * | |
20908 | + * This library is distributed in the hope that it will be useful, but | |
20909 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
20910 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
20911 | + * License for more details. | |
20912 | + * | |
20913 | + * RCSID $Id$ | |
20914 | + */ | |
20915 | +#include "internal.h" | |
20916 | +#include "freeswan.h" | |
20917 | + | |
20918 | +#ifndef DEFAULTSUBNET | |
20919 | +#define DEFAULTSUBNET "%default" | |
20920 | +#endif | |
20921 | + | |
20922 | +/* | |
20923 | + - atosubnet - convert ASCII "addr/mask" to address and mask | |
20924 | + * Mask can be integer bit count. | |
20925 | + */ | |
20926 | +const char * /* NULL for success, else string literal */ | |
20927 | +atosubnet(src, srclen, addrp, maskp) | |
20928 | +const char *src; | |
20929 | +size_t srclen; /* 0 means "apply strlen" */ | |
20930 | +struct in_addr *addrp; | |
20931 | +struct in_addr *maskp; | |
20932 | +{ | |
20933 | + const char *slash; | |
20934 | + const char *mask; | |
20935 | + size_t mlen; | |
20936 | + const char *oops; | |
20937 | + unsigned long bc; | |
20938 | + static char def[] = DEFAULTSUBNET; | |
20939 | +# define DEFLEN (sizeof(def) - 1) /* -1 for NUL */ | |
20940 | + static char defis[] = "0/0"; | |
20941 | +# define DEFILEN (sizeof(defis) - 1) | |
20942 | + | |
20943 | + if (srclen == 0) | |
20944 | + srclen = strlen(src); | |
20945 | + if (srclen == 0) | |
20946 | + return "empty string"; | |
20947 | + | |
20948 | + if (srclen == DEFLEN && strncmp(src, def, srclen) == 0) { | |
20949 | + src = defis; | |
20950 | + srclen = DEFILEN; | |
20951 | + } | |
20952 | + | |
20953 | + slash = memchr(src, '/', srclen); | |
20954 | + if (slash == NULL) | |
20955 | + return "no / in subnet specification"; | |
20956 | + mask = slash + 1; | |
20957 | + mlen = srclen - (mask - src); | |
20958 | + | |
20959 | + oops = atoaddr(src, slash-src, addrp); | |
20960 | + if (oops != NULL) | |
20961 | + return oops; | |
20962 | + | |
20963 | + oops = atoul(mask, mlen, 10, &bc); | |
20964 | + if (oops == NULL) { | |
20965 | + /* atoul succeeded, it's a bit-count mask */ | |
20966 | + if (bc > ABITS) | |
20967 | + return "bit-count mask too large"; | |
20968 | +#ifdef NOLEADINGZEROS | |
20969 | + if (mlen > 1 && *mask == '0') | |
20970 | + return "octal not allowed in mask"; | |
20971 | +#endif /* NOLEADINGZEROS */ | |
20972 | + *maskp = bitstomask((int)bc); | |
20973 | + } else { | |
20974 | + oops = atoaddr(mask, mlen, maskp); | |
20975 | + if (oops != NULL) | |
20976 | + return oops; | |
20977 | + if (!goodmask(*maskp)) | |
20978 | + return "non-contiguous mask"; | |
20979 | + } | |
20980 | + | |
20981 | + addrp->s_addr &= maskp->s_addr; | |
20982 | + return NULL; | |
20983 | +} | |
20984 | + | |
20985 | + | |
20986 | + | |
20987 | +#ifdef ATOSUBNET_MAIN | |
20988 | + | |
20989 | +#include <stdio.h> | |
20990 | + | |
20991 | +void regress(); | |
20992 | + | |
20993 | +int | |
20994 | +main(argc, argv) | |
20995 | +int argc; | |
20996 | +char *argv[]; | |
20997 | +{ | |
20998 | + struct in_addr a; | |
20999 | + struct in_addr m; | |
21000 | + char buf[100]; | |
21001 | + const char *oops; | |
21002 | + size_t n; | |
21003 | + | |
21004 | + if (argc < 2) { | |
21005 | + fprintf(stderr, "Usage: %s {addr/mask|-r}\n", argv[0]); | |
21006 | + exit(2); | |
21007 | + } | |
21008 | + | |
21009 | + if (strcmp(argv[1], "-r") == 0) { | |
21010 | + regress(); | |
21011 | + fprintf(stderr, "regress() returned?!?\n"); | |
21012 | + exit(1); | |
21013 | + } | |
21014 | + | |
21015 | + oops = atosubnet(argv[1], 0, &a, &m); | |
21016 | + if (oops != NULL) { | |
21017 | + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); | |
21018 | + exit(1); | |
21019 | + } | |
21020 | + n = subnettoa(a, m, 0, buf, sizeof(buf)); | |
21021 | + if (n > sizeof(buf)) { | |
21022 | + fprintf(stderr, "%s: reverse conversion of ", argv[0]); | |
21023 | + fprintf(stderr, "%s/", inet_ntoa(a)); | |
21024 | + fprintf(stderr, "%s", inet_ntoa(m)); | |
21025 | + fprintf(stderr, " failed: need %ld bytes, have only %ld\n", | |
21026 | + (long)n, (long)sizeof(buf)); | |
21027 | + exit(1); | |
21028 | + } | |
21029 | + printf("%s\n", buf); | |
21030 | + | |
21031 | + exit(0); | |
21032 | +} | |
21033 | + | |
21034 | +struct rtab { | |
21035 | + char *input; | |
21036 | + char *output; /* NULL means error expected */ | |
21037 | +} rtab[] = { | |
21038 | + "1.2.3.0/255.255.255.0", "1.2.3.0/24", | |
21039 | + "1.2.3.0/24", "1.2.3.0/24", | |
21040 | + "1.2.3.1/255.255.255.240", "1.2.3.0/28", | |
21041 | + "1.2.3.1/32", "1.2.3.1/32", | |
21042 | + "1.2.3.1/0", "0.0.0.0/0", | |
21043 | +/* "1.2.3.1/255.255.127.0", "1.2.3.0/255.255.127.0", */ | |
21044 | + "1.2.3.1/255.255.127.0", NULL, | |
21045 | + "128.009.000.032/32", "128.9.0.32/32", | |
21046 | + "128.0x9.0.32/32", NULL, | |
21047 | + "0x80090020/32", "128.9.0.32/32", | |
21048 | + "0x800x0020/32", NULL, | |
21049 | + "128.9.0.32/0xffFF0000", "128.9.0.0/16", | |
21050 | + "128.9.0.32/0xff0000FF", NULL, | |
21051 | + "128.9.0.32/0x0000ffFF", NULL, | |
21052 | + "128.9.0.32/0x00ffFF0000", NULL, | |
21053 | + "128.9.0.32/0xffFF", NULL, | |
21054 | + "128.9.0.32.27/32", NULL, | |
21055 | + "128.9.0k32/32", NULL, | |
21056 | + "328.9.0.32/32", NULL, | |
21057 | + "128.9..32/32", NULL, | |
21058 | + "10/8", "10.0.0.0/8", | |
21059 | + "10.0/8", "10.0.0.0/8", | |
21060 | + "10.0.0/8", "10.0.0.0/8", | |
21061 | + "10.0.1/24", "10.0.1.0/24", | |
21062 | + "_", NULL, | |
21063 | + "_/_", NULL, | |
21064 | + "1.2.3.1", NULL, | |
21065 | + "1.2.3.1/_", NULL, | |
21066 | + "1.2.3.1/24._", NULL, | |
21067 | + "1.2.3.1/99", NULL, | |
21068 | + "localhost./32", "127.0.0.1/32", | |
21069 | + "%default", "0.0.0.0/0", | |
21070 | + NULL, NULL | |
21071 | +}; | |
21072 | + | |
21073 | +void | |
21074 | +regress() | |
21075 | +{ | |
21076 | + struct rtab *r; | |
21077 | + int status = 0; | |
21078 | + struct in_addr a; | |
21079 | + struct in_addr m; | |
21080 | + char in[100]; | |
21081 | + char buf[100]; | |
21082 | + const char *oops; | |
21083 | + size_t n; | |
21084 | + | |
21085 | + for (r = rtab; r->input != NULL; r++) { | |
21086 | + strcpy(in, r->input); | |
21087 | + oops = atosubnet(in, 0, &a, &m); | |
21088 | + if (oops != NULL && r->output == NULL) | |
21089 | + {} /* okay, error expected */ | |
21090 | + else if (oops != NULL) { | |
21091 | + printf("`%s' atosubnet failed: %s\n", r->input, oops); | |
21092 | + status = 1; | |
21093 | + } else if (r->output == NULL) { | |
21094 | + printf("`%s' atosubnet succeeded unexpectedly\n", | |
21095 | + r->input); | |
21096 | + status = 1; | |
21097 | + } else { | |
21098 | + n = subnettoa(a, m, 0, buf, sizeof(buf)); | |
21099 | + if (n > sizeof(buf)) { | |
21100 | + printf("`%s' subnettoa failed: need %ld\n", | |
21101 | + r->input, (long)n); | |
21102 | + status = 1; | |
21103 | + } else if (strcmp(r->output, buf) != 0) { | |
21104 | + printf("`%s' gave `%s', expected `%s'\n", | |
21105 | + r->input, buf, r->output); | |
21106 | + status = 1; | |
21107 | + } | |
21108 | + } | |
21109 | + } | |
21110 | + exit(status); | |
21111 | +} | |
21112 | + | |
21113 | +#endif /* ATOSUBNET_MAIN */ | |
21114 | diff -druN linux-noipsec/net/ipsec/libfreeswan/atoul.c linux/net/ipsec/libfreeswan/atoul.c | |
21115 | --- linux-noipsec/net/ipsec/libfreeswan/atoul.c Thu Jan 1 01:00:00 1970 | |
21116 | +++ linux/net/ipsec/libfreeswan/atoul.c Tue Dec 7 06:00:52 1999 | |
21117 | @@ -0,0 +1,90 @@ | |
21118 | +/* | |
21119 | + * convert from ASCII form of unsigned long to binary | |
21120 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
21121 | + * | |
21122 | + * This library is free software; you can redistribute it and/or modify it | |
21123 | + * under the terms of the GNU Library General Public License as published by | |
21124 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
21125 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
21126 | + * | |
21127 | + * This library is distributed in the hope that it will be useful, but | |
21128 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
21129 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
21130 | + * License for more details. | |
21131 | + * | |
21132 | + * RCSID $Id$ | |
21133 | + */ | |
21134 | +#include "internal.h" | |
21135 | +#include "freeswan.h" | |
21136 | + | |
21137 | +/* | |
21138 | + - atoul - convert ASCII substring to unsigned long number | |
21139 | + */ | |
21140 | +const char * /* NULL for success, else string literal */ | |
21141 | +atoul(src, srclen, base, resultp) | |
21142 | +const char *src; | |
21143 | +size_t srclen; /* 0 means strlen(src) */ | |
21144 | +int base; /* 0 means figure it out */ | |
21145 | +unsigned long *resultp; | |
21146 | +{ | |
21147 | + const char *stop; | |
21148 | + static char hex[] = "0123456789abcdef"; | |
21149 | + static char uchex[] = "0123456789ABCDEF"; | |
21150 | + int d; | |
21151 | + char c; | |
21152 | + char *p; | |
21153 | + unsigned long r; | |
21154 | + unsigned long rlimit; | |
21155 | + int dlimit; | |
21156 | + | |
21157 | + if (srclen == 0) | |
21158 | + srclen = strlen(src); | |
21159 | + if (srclen == 0) | |
21160 | + return "empty string"; | |
21161 | + | |
21162 | + if (base == 0 || base == 13) { | |
21163 | + if (srclen > 2 && *src == '0' && CIEQ(*(src+1), 'x')) | |
21164 | + return atoul(src+2, srclen-2, 16, resultp); | |
21165 | + if (srclen > 1 && *src == '0' && base != 13) | |
21166 | + return atoul(src+1, srclen-1, 8, resultp); | |
21167 | + return atoul(src, srclen, 10, resultp); | |
21168 | + } | |
21169 | + if (base != 8 && base != 10 && base != 16) | |
21170 | + return "unsupported number base"; | |
21171 | + | |
21172 | + r = 0; | |
21173 | + stop = src + srclen; | |
21174 | + if (base == 16) { | |
21175 | + while (src < stop) { | |
21176 | + c = *src++; | |
21177 | + p = strchr(hex, c); | |
21178 | + if (p != NULL) | |
21179 | + d = p - hex; | |
21180 | + else { | |
21181 | + p = strchr(uchex, c); | |
21182 | + if (p == NULL) | |
21183 | + return "non-hex-digit in hex number"; | |
21184 | + d = p - uchex; | |
21185 | + } | |
21186 | + r = (r << 4) | d; | |
21187 | + } | |
21188 | + /* defer length check to catch invalid digits first */ | |
21189 | + if (srclen > sizeof(unsigned long) * 2) | |
21190 | + return "hex number too long"; | |
21191 | + } else { | |
21192 | + rlimit = ULONG_MAX / base; | |
21193 | + dlimit = (int)(ULONG_MAX - rlimit*base); | |
21194 | + while (src < stop) { | |
21195 | + c = *src++; | |
21196 | + d = c - '0'; | |
21197 | + if (d < 0 || d >= base) | |
21198 | + return "non-digit in number"; | |
21199 | + if (r > rlimit || (r == rlimit && d > dlimit)) | |
21200 | + return "unsigned-long overflow"; | |
21201 | + r = r*base + d; | |
21202 | + } | |
21203 | + } | |
21204 | + | |
21205 | + *resultp = r; | |
21206 | + return NULL; | |
21207 | +} | |
21208 | diff -druN linux-noipsec/net/ipsec/libfreeswan/datatot.c linux/net/ipsec/libfreeswan/datatot.c | |
21209 | --- linux-noipsec/net/ipsec/libfreeswan/datatot.c Thu Jan 1 01:00:00 1970 | |
21210 | +++ linux/net/ipsec/libfreeswan/datatot.c Fri Aug 18 17:09:07 2000 | |
21211 | @@ -0,0 +1,225 @@ | |
21212 | +/* | |
21213 | + * convert from binary data (e.g. key) to text form | |
21214 | + * Copyright (C) 2000 Henry Spencer. | |
21215 | + * | |
21216 | + * This library is free software; you can redistribute it and/or modify it | |
21217 | + * under the terms of the GNU Library General Public License as published by | |
21218 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
21219 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
21220 | + * | |
21221 | + * This library is distributed in the hope that it will be useful, but | |
21222 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
21223 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
21224 | + * License for more details. | |
21225 | + * | |
21226 | + * RCSID $Id$ | |
21227 | + */ | |
21228 | +#include "internal.h" | |
21229 | +#include "freeswan.h" | |
21230 | + | |
21231 | +static void convert(const char *src, size_t nreal, int format, char *out); | |
21232 | + | |
21233 | +/* | |
21234 | + - datatot - convert data bytes to text | |
21235 | + */ | |
21236 | +size_t /* true length (with NUL) for success */ | |
21237 | +datatot(src, srclen, format, dst, dstlen) | |
21238 | +const char *src; | |
21239 | +size_t srclen; | |
21240 | +int format; /* character indicating what format */ | |
21241 | +char *dst; /* need not be valid if dstlen is 0 */ | |
21242 | +size_t dstlen; | |
21243 | +{ | |
21244 | + size_t inblocksize; /* process this many bytes at a time */ | |
21245 | + size_t outblocksize; /* producing this many */ | |
21246 | + size_t breakevery; /* add a _ every this many (0 means don't) */ | |
21247 | + size_t sincebreak; /* output bytes since last _ */ | |
21248 | + char inblock[10]; /* enough for any format */ | |
21249 | + char outblock[10]; /* enough for any format */ | |
21250 | + char fake[1]; /* fake output area for dstlen == 0 */ | |
21251 | + size_t needed; /* return value */ | |
21252 | + char *stop; /* where the terminating NUL will go */ | |
21253 | + size_t ntodo; /* remaining input */ | |
21254 | + size_t nreal; | |
21255 | + char *out; | |
21256 | + char *prefix; | |
21257 | + | |
21258 | + breakevery = 0; | |
21259 | + switch (format) { | |
21260 | + case 0: | |
21261 | + case 'h': | |
21262 | + format = 'x'; | |
21263 | + breakevery = 8; | |
21264 | + /* FALLTHROUGH */ | |
21265 | + case 'x': | |
21266 | + inblocksize = 1; | |
21267 | + outblocksize = 2; | |
21268 | + prefix = "0x"; | |
21269 | + break; | |
21270 | + case 16: | |
21271 | + inblocksize = 1; | |
21272 | + outblocksize = 2; | |
21273 | + prefix = ""; | |
21274 | + format = 'x'; | |
21275 | + break; | |
21276 | + case 's': | |
21277 | + inblocksize = 3; | |
21278 | + outblocksize = 4; | |
21279 | + prefix = "0s"; | |
21280 | + break; | |
21281 | + case 64: /* beware, equals ' ' */ | |
21282 | + inblocksize = 3; | |
21283 | + outblocksize = 4; | |
21284 | + prefix = ""; | |
21285 | + format = 's'; | |
21286 | + break; | |
21287 | + default: | |
21288 | + return 0; | |
21289 | + break; | |
21290 | + } | |
21291 | + assert(inblocksize < sizeof(inblock)); | |
21292 | + assert(outblocksize < sizeof(outblock)); | |
21293 | + assert(breakevery % outblocksize == 0); | |
21294 | + | |
21295 | + if (srclen == 0) | |
21296 | + return 0; | |
21297 | + ntodo = srclen; | |
21298 | + | |
21299 | + if (dstlen == 0) { /* dispose of awkward special case */ | |
21300 | + dst = fake; | |
21301 | + dstlen = 1; | |
21302 | + } | |
21303 | + stop = dst + dstlen - 1; | |
21304 | + | |
21305 | + nreal = strlen(prefix); | |
21306 | + needed = nreal; /* for starters */ | |
21307 | + if (dstlen <= nreal) { /* prefix won't fit */ | |
21308 | + strncpy(dst, prefix, dstlen - 1); | |
21309 | + dst += dstlen - 1; | |
21310 | + } else { | |
21311 | + strcpy(dst, prefix); | |
21312 | + dst += nreal; | |
21313 | + } | |
21314 | + assert(dst <= stop); | |
21315 | + sincebreak = 0; | |
21316 | + | |
21317 | + while (ntodo > 0) { | |
21318 | + if (ntodo < inblocksize) { /* incomplete input */ | |
21319 | + memset(inblock, 0, sizeof(inblock)); | |
21320 | + memcpy(inblock, src, ntodo); | |
21321 | + src = inblock; | |
21322 | + nreal = ntodo; | |
21323 | + ntodo = inblocksize; | |
21324 | + } else | |
21325 | + nreal = inblocksize; | |
21326 | + out = (outblocksize > stop - dst) ? outblock : dst; | |
21327 | + | |
21328 | + convert(src, nreal, format, out); | |
21329 | + needed += outblocksize; | |
21330 | + sincebreak += outblocksize; | |
21331 | + if (dst < stop) { | |
21332 | + if (out != dst) { | |
21333 | + assert(outblocksize > stop - dst); | |
21334 | + memcpy(dst, out, stop - dst); | |
21335 | + dst = stop; | |
21336 | + } else | |
21337 | + dst += outblocksize; | |
21338 | + } | |
21339 | + | |
21340 | + src += inblocksize; | |
21341 | + ntodo -= inblocksize; | |
21342 | + if (breakevery != 0 && sincebreak >= breakevery && ntodo > 0) { | |
21343 | + if (dst < stop) | |
21344 | + *dst++ = '_'; | |
21345 | + needed++; | |
21346 | + sincebreak = 0; | |
21347 | + } | |
21348 | + } | |
21349 | + | |
21350 | + assert(dst <= stop); | |
21351 | + *dst++ = '\0'; | |
21352 | + needed++; | |
21353 | + | |
21354 | + return needed; | |
21355 | +} | |
21356 | + | |
21357 | +/* | |
21358 | + - convert - convert one input block to one output block | |
21359 | + */ | |
21360 | +static void | |
21361 | +convert(src, nreal, format, out) | |
21362 | +const char *src; | |
21363 | +size_t nreal; /* how much of the input block is real */ | |
21364 | +int format; | |
21365 | +char *out; | |
21366 | +{ | |
21367 | + static char hex[] = "0123456789abcdef"; | |
21368 | + static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" | |
21369 | + "abcdefghijklmnopqrstuvwxyz" | |
21370 | + "0123456789+/"; | |
21371 | + unsigned char c; | |
21372 | + unsigned char c1, c2, c3; | |
21373 | + | |
21374 | + assert(nreal > 0); | |
21375 | + switch (format) { | |
21376 | + case 'x': | |
21377 | + assert(nreal == 1); | |
21378 | + c = (unsigned char)*src; | |
21379 | + *out++ = hex[c >> 4]; | |
21380 | + *out++ = hex[c & 0xf]; | |
21381 | + break; | |
21382 | + case 's': | |
21383 | + c1 = (unsigned char)*src++; | |
21384 | + c2 = (unsigned char)*src++; | |
21385 | + c3 = (unsigned char)*src++; | |
21386 | + *out++ = base64[c1 >> 2]; /* top 6 bits of c1 */ | |
21387 | + c = (c1 & 0x3) << 4; /* bottom 2 of c1... */ | |
21388 | + c |= c2 >> 4; /* ...top 4 of c2 */ | |
21389 | + *out++ = base64[c]; | |
21390 | + if (nreal == 1) | |
21391 | + *out++ = '='; | |
21392 | + else { | |
21393 | + c = (c2 & 0xf) << 2; /* bottom 4 of c2... */ | |
21394 | + c |= c3 >> 6; /* ...top 2 of c3 */ | |
21395 | + *out++ = base64[c]; | |
21396 | + } | |
21397 | + if (nreal <= 2) | |
21398 | + *out++ = '='; | |
21399 | + else | |
21400 | + *out++ = base64[c3 & 0x3f]; /* bottom 6 of c3 */ | |
21401 | + break; | |
21402 | + default: | |
21403 | + assert(nreal == 0); /* unknown format */ | |
21404 | + break; | |
21405 | + } | |
21406 | +} | |
21407 | + | |
21408 | +/* | |
21409 | + - datatoa - convert data to ASCII | |
21410 | + * backward-compatibility synonym for datatot | |
21411 | + */ | |
21412 | +size_t /* true length (with NUL) for success */ | |
21413 | +datatoa(src, srclen, format, dst, dstlen) | |
21414 | +const char *src; | |
21415 | +size_t srclen; | |
21416 | +int format; /* character indicating what format */ | |
21417 | +char *dst; /* need not be valid if dstlen is 0 */ | |
21418 | +size_t dstlen; | |
21419 | +{ | |
21420 | + return datatot(src, srclen, format, dst, dstlen); | |
21421 | +} | |
21422 | + | |
21423 | +/* | |
21424 | + - bytestoa - convert data bytes to ASCII | |
21425 | + * backward-compatibility synonym for datatot | |
21426 | + */ | |
21427 | +size_t /* true length (with NUL) for success */ | |
21428 | +bytestoa(src, srclen, format, dst, dstlen) | |
21429 | +const char *src; | |
21430 | +size_t srclen; | |
21431 | +int format; /* character indicating what format */ | |
21432 | +char *dst; /* need not be valid if dstlen is 0 */ | |
21433 | +size_t dstlen; | |
21434 | +{ | |
21435 | + return datatot(src, srclen, format, dst, dstlen); | |
21436 | +} | |
21437 | diff -druN linux-noipsec/net/ipsec/libfreeswan/freeswan.h linux/net/ipsec/libfreeswan/freeswan.h | |
21438 | --- linux-noipsec/net/ipsec/libfreeswan/freeswan.h Thu Jan 1 01:00:00 1970 | |
21439 | +++ linux/net/ipsec/libfreeswan/freeswan.h Mon Nov 6 05:37:12 2000 | |
21440 | @@ -0,0 +1,474 @@ | |
21441 | +#ifndef _FREESWAN_H | |
21442 | +/* | |
21443 | + * header file for FreeS/WAN library functions | |
21444 | + * Copyright (C) 1998, 1999, 2000 Henry Spencer. | |
21445 | + * | |
21446 | + * This library is free software; you can redistribute it and/or modify it | |
21447 | + * under the terms of the GNU Library General Public License as published by | |
21448 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
21449 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
21450 | + * | |
21451 | + * This library is distributed in the hope that it will be useful, but | |
21452 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
21453 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
21454 | + * License for more details. | |
21455 | + * | |
21456 | + * RCSID $Id$ | |
21457 | + */ | |
21458 | +#define _FREESWAN_H /* seen it, no need to see it again */ | |
21459 | + | |
21460 | + | |
21461 | + | |
21462 | +/* | |
21463 | + * First, assorted kernel-version-dependent trickery. | |
21464 | + */ | |
21465 | +#include <linux/version.h> | |
21466 | +#ifndef KERNEL_VERSION | |
21467 | +#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) | |
21468 | +#endif | |
21469 | + | |
21470 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,0) | |
21471 | +#define HEADER_CACHE_BIND_21 | |
21472 | +#endif | |
21473 | + | |
21474 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) | |
21475 | +#define SPINLOCK | |
21476 | +# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
21477 | +# define SPINLOCK_23 | |
21478 | +# endif | |
21479 | +#endif | |
21480 | + | |
21481 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,25) | |
21482 | +#define PROC_FS_2325 | |
21483 | +#else | |
21484 | +# if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) | |
21485 | +# define PROC_FS_21 | |
21486 | +# endif | |
21487 | +#endif | |
21488 | + | |
21489 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) | |
21490 | +#define NETDEV_23 | |
21491 | +#endif | |
21492 | + | |
21493 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) | |
21494 | +#define NETLINK_SOCK | |
21495 | +#define NET_21 | |
21496 | +#endif | |
21497 | + | |
21498 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,30) | |
21499 | +#define PROC_NO_DUMMY | |
21500 | +#endif | |
21501 | + | |
21502 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,35) | |
21503 | +#define SKB_COPY_EXPAND | |
21504 | +#endif | |
21505 | + | |
21506 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,37) | |
21507 | +#define IP_SELECT_IDENT | |
21508 | +#endif | |
21509 | + | |
21510 | +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,50)) && defined(CONFIG_NETFILTER) | |
21511 | +#define SKB_RESET_NFCT | |
21512 | +#endif | |
21513 | + | |
21514 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,19) | |
21515 | +#define net_device_stats enet_statistics | |
21516 | +#endif | |
21517 | + | |
21518 | + | |
21519 | + | |
21520 | +/* | |
21521 | + * We've just got to have some datatypes defined... And annoyingly, just | |
21522 | + * where we get them depends on whether we're in userland or not. | |
21523 | + */ | |
21524 | +#ifdef __KERNEL__ | |
21525 | + | |
21526 | +# include <linux/types.h> | |
21527 | +# include <linux/in.h> | |
21528 | + | |
21529 | +# ifdef NET_21 | |
21530 | +# include <linux/in6.h> | |
21531 | +# else | |
21532 | + /* old kernel in.h has some IPv6 stuff, but not quite enough */ | |
21533 | +# define s6_addr16 s6_addr | |
21534 | +# define AF_INET6 10 | |
21535 | +# define uint8_t __u8 | |
21536 | +# define uint16_t __u16 | |
21537 | +# define uint32_t __u32 | |
21538 | +# define uint64_t __u64 | |
21539 | +# endif | |
21540 | + | |
21541 | +# ifndef SPINLOCK | |
21542 | +# include <linux/bios32.h> | |
21543 | + /* simulate spin locks and read/write locks */ | |
21544 | + typedef struct { | |
21545 | + volatile char lock; | |
21546 | + } spinlock_t; | |
21547 | + | |
21548 | + typedef struct { | |
21549 | + volatile unsigned int lock; | |
21550 | + } rwlock_t; | |
21551 | + | |
21552 | +# define spin_lock_init(x) { (x)->lock = 0;} | |
21553 | +# define rw_lock_init(x) { (x)->lock = 0; } | |
21554 | + | |
21555 | +# define spin_lock(x) { while ((x)->lock) barrier(); (x)->lock=1;} | |
21556 | +# define spin_lock_irq(x) { cli(); spin_lock(x);} | |
21557 | +# define spin_lock_irqsave(x,flags) { save_flags(flags); spin_lock_irq(x);} | |
21558 | + | |
21559 | +# define spin_unlock(x) { (x)->lock=0;} | |
21560 | +# define spin_unlock_irq(x) { spin_unlock(x); sti();} | |
21561 | +# define spin_unlock_irqrestore(x,flags) { spin_unlock(x); restore_flags(flags);} | |
21562 | + | |
21563 | +# define read_lock(x) spin_lock(x) | |
21564 | +# define read_lock_irq(x) spin_lock_irq(x) | |
21565 | +# define read_lock_irqsave(x,flags) spin_lock_irqsave(x,flags) | |
21566 | + | |
21567 | +# define read_unlock(x) spin_unlock(x) | |
21568 | +# define read_unlock_irq(x) spin_unlock_irq(x) | |
21569 | +# define read_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags) | |
21570 | + | |
21571 | +# define write_lock(x) spin_lock(x) | |
21572 | +# define write_lock_irq(x) spin_lock_irq(x) | |
21573 | +# define write_lock_irqsave(x,flags) spin_lock_irqsave(x,flags) | |
21574 | + | |
21575 | +# define write_unlock(x) spin_unlock(x) | |
21576 | +# define write_unlock_irq(x) spin_unlock_irq(x) | |
21577 | +# define write_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags) | |
21578 | +# endif /* !SPINLOCK */ | |
21579 | + | |
21580 | +# ifndef SPINLOCK_23 | |
21581 | +# define spin_lock_bh(x) spin_lock_irq(x) | |
21582 | +# define spin_unlock_bh(x) spin_unlock_irq(x) | |
21583 | + | |
21584 | +# define read_lock_bh(x) read_lock_irq(x) | |
21585 | +# define read_unlock_bh(x) read_unlock_irq(x) | |
21586 | + | |
21587 | +# define write_lock_bh(x) write_lock_irq(x) | |
21588 | +# define write_unlock_bh(x) write_unlock_irq(x) | |
21589 | +# endif /* !SPINLOCK_23 */ | |
21590 | + | |
21591 | +#ifndef IPPROTO_COMP | |
21592 | +#define IPPROTO_COMP 108 | |
21593 | +#endif /* !IPPROTO_COMP */ | |
21594 | + | |
21595 | +#ifdef CONFIG_IPSEC_DEBUG | |
21596 | +#define DEBUG_NO_STATIC | |
21597 | +#else /* CONFIG_IPSEC_DEBUG */ | |
21598 | +#define DEBUG_NO_STATIC static | |
21599 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
21600 | + | |
21601 | +#else /* __KERNEL__ */ | |
21602 | + | |
21603 | +# include <stdio.h> | |
21604 | +# include <netinet/in.h> | |
21605 | + | |
21606 | +# define uint8_t u_int8_t | |
21607 | +# define uint16_t u_int16_t | |
21608 | +# define uint32_t u_int32_t | |
21609 | +# define uint64_t u_int64_t | |
21610 | + | |
21611 | +#define DEBUG_NO_STATIC static | |
21612 | + | |
21613 | +#endif /* __KERNEL__ */ | |
21614 | + | |
21615 | + | |
21616 | + | |
21617 | +/* | |
21618 | + * Basic data types for the address-handling functions. | |
21619 | + * ip_address and ip_subnet are supposed to be opaque types; do not | |
21620 | + * use their definitions directly, they are subject to change! | |
21621 | + */ | |
21622 | + | |
21623 | +/* first, some quick fakes in case we're on an old system with no IPv6 */ | |
21624 | +#ifndef __KERNEL__ | |
21625 | +#ifndef IN6ADDR_ANY_INIT | |
21626 | +struct in6_addr { | |
21627 | + unsigned char s6_addr16[16]; | |
21628 | +}; | |
21629 | +struct sockaddr_in6 { | |
21630 | + unsigned short sin6_family; | |
21631 | + unsigned short sin6_port; | |
21632 | + unsigned long sin6_flowinfo; | |
21633 | + struct { | |
21634 | + unsigned char s6_addr16[16]; | |
21635 | + } sin6_addr; | |
21636 | +}; | |
21637 | +#endif /* !IN6ADDR_ANY_INIT */ | |
21638 | +#endif /* !__KERNEL__ */ | |
21639 | + | |
21640 | +/* then the main types */ | |
21641 | +typedef struct { | |
21642 | + union { | |
21643 | + struct sockaddr_in v4; | |
21644 | + struct sockaddr_in6 v6; | |
21645 | + } u; | |
21646 | +} ip_address; | |
21647 | +typedef struct { | |
21648 | + ip_address addr; | |
21649 | + int maskbits; | |
21650 | +} ip_subnet; | |
21651 | + | |
21652 | +/* and the SA ID stuff */ | |
21653 | +#ifdef __KERNEL__ | |
21654 | +typedef __u32 ipsec_spi_t; | |
21655 | +#else | |
21656 | +typedef u_int32_t ipsec_spi_t; | |
21657 | +#endif | |
21658 | +typedef struct { /* to identify an SA, we need: */ | |
21659 | + ip_address dst; /* A. destination host */ | |
21660 | + ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */ | |
21661 | + int proto; /* C. protocol */ | |
21662 | +# define SA_ESP 50 /* IPPROTO_ESP */ | |
21663 | +# define SA_AH 51 /* IPPROTO_AH */ | |
21664 | +# define SA_IPIP 4 /* IPPROTO_IPIP */ | |
21665 | +# define SA_COMP 108 /* IPPROTO_COMP */ | |
21666 | +} ip_said; | |
21667 | +struct sa_id { /* old v4-only version */ | |
21668 | + struct in_addr dst; | |
21669 | + ipsec_spi_t spi; | |
21670 | + int proto; | |
21671 | +}; | |
21672 | + | |
21673 | +/* misc */ | |
21674 | +typedef const char *err_t; /* error message, or NULL for success */ | |
21675 | + | |
21676 | + | |
21677 | + | |
21678 | +/* | |
21679 | + * new IPv6-compatible functions | |
21680 | + */ | |
21681 | + | |
21682 | +/* text conversions */ | |
21683 | +err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst); | |
21684 | +size_t ultot(unsigned long src, int format, char *buf, size_t buflen); | |
21685 | +#define ULTOT_BUF (22+1) /* holds 64 bits in octal */ | |
21686 | +err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst); | |
21687 | +err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst); | |
21688 | +size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen); | |
21689 | +/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */ | |
21690 | +#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1) | |
21691 | +err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst); | |
21692 | +size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen); | |
21693 | +#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3) | |
21694 | +err_t ttosa(const char *src, size_t srclen, ip_said *dst); | |
21695 | +size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen); | |
21696 | +#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF) | |
21697 | +err_t ttodata(const char *src, size_t srclen, int base, char *buf, | |
21698 | + size_t buflen, size_t *needed); | |
21699 | +size_t datatot(const char *src, size_t srclen, int format, char *buf, | |
21700 | + size_t buflen); | |
21701 | + | |
21702 | +/* initializations */ | |
21703 | +void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst); | |
21704 | +err_t loopbackaddr(int af, ip_address *dst); | |
21705 | +err_t unspecaddr(int af, ip_address *dst); | |
21706 | +err_t anyaddr(int af, ip_address *dst); | |
21707 | +err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst); | |
21708 | +err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst); | |
21709 | + | |
21710 | +/* misc. conversions and related */ | |
21711 | +err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst); | |
21712 | +int addrtypeof(const ip_address *src); | |
21713 | +int subnettypeof(const ip_subnet *src); | |
21714 | +size_t addrlenof(const ip_address *src); | |
21715 | +size_t addrbytesptr(const ip_address *src, const unsigned char **dst); | |
21716 | +size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen); | |
21717 | +int masktocount(const ip_address *src); | |
21718 | +void networkof(const ip_subnet *src, ip_address *dst); | |
21719 | +void maskof(const ip_subnet *src, ip_address *dst); | |
21720 | + | |
21721 | +/* tests */ | |
21722 | +int sameaddr(const ip_address *a, const ip_address *b); | |
21723 | +int addrcmp(const ip_address *a, const ip_address *b); | |
21724 | +int samesubnet(const ip_subnet *a, const ip_subnet *b); | |
21725 | +int addrinsubnet(const ip_address *a, const ip_subnet *s); | |
21726 | +int subnetinsubnet(const ip_subnet *a, const ip_subnet *b); | |
21727 | +int subnetishost(const ip_subnet *s); | |
21728 | +int samesaid(const ip_said *a, const ip_said *b); | |
21729 | +int sameaddrtype(const ip_address *a, const ip_address *b); | |
21730 | +int samesubnettype(const ip_subnet *a, const ip_subnet *b); | |
21731 | +int isanyaddr(const ip_address *src); | |
21732 | +int isunspecaddr(const ip_address *src); | |
21733 | +int isloopbackaddr(const ip_address *src); | |
21734 | + | |
21735 | +/* low-level grot */ | |
21736 | +int portof(const ip_address *src); | |
21737 | +void setportof(int port, ip_address *dst); | |
21738 | +struct sockaddr *sockaddrof(ip_address *src); | |
21739 | +size_t sockaddrlenof(const ip_address *src); | |
21740 | + | |
21741 | + | |
21742 | + | |
21743 | +/* | |
21744 | + * old functions, to be deleted eventually | |
21745 | + */ | |
21746 | + | |
21747 | +/* unsigned long */ | |
21748 | +const char * /* NULL for success, else string literal */ | |
21749 | +atoul( | |
21750 | + const char *src, | |
21751 | + size_t srclen, /* 0 means strlen(src) */ | |
21752 | + int base, /* 0 means figure it out */ | |
21753 | + unsigned long *resultp | |
21754 | +); | |
21755 | +size_t /* space needed for full conversion */ | |
21756 | +ultoa( | |
21757 | + unsigned long n, | |
21758 | + int base, | |
21759 | + char *dst, | |
21760 | + size_t dstlen | |
21761 | +); | |
21762 | +#define ULTOA_BUF 21 /* just large enough for largest result, */ | |
21763 | + /* assuming 64-bit unsigned long! */ | |
21764 | + | |
21765 | +/* Internet addresses */ | |
21766 | +const char * /* NULL for success, else string literal */ | |
21767 | +atoaddr( | |
21768 | + const char *src, | |
21769 | + size_t srclen, /* 0 means strlen(src) */ | |
21770 | + struct in_addr *addr | |
21771 | +); | |
21772 | +size_t /* space needed for full conversion */ | |
21773 | +addrtoa( | |
21774 | + struct in_addr addr, | |
21775 | + int format, /* character; 0 means default */ | |
21776 | + char *dst, | |
21777 | + size_t dstlen | |
21778 | +); | |
21779 | +#define ADDRTOA_BUF 16 /* just large enough for largest result */ | |
21780 | + | |
21781 | +/* subnets */ | |
21782 | +const char * /* NULL for success, else string literal */ | |
21783 | +atosubnet( | |
21784 | + const char *src, | |
21785 | + size_t srclen, /* 0 means strlen(src) */ | |
21786 | + struct in_addr *addr, | |
21787 | + struct in_addr *mask | |
21788 | +); | |
21789 | +size_t /* space needed for full conversion */ | |
21790 | +subnettoa( | |
21791 | + struct in_addr addr, | |
21792 | + struct in_addr mask, | |
21793 | + int format, /* character; 0 means default */ | |
21794 | + char *dst, | |
21795 | + size_t dstlen | |
21796 | +); | |
21797 | +#define SUBNETTOA_BUF 32 /* large enough for worst case result */ | |
21798 | + | |
21799 | +/* ranges */ | |
21800 | +const char * /* NULL for success, else string literal */ | |
21801 | +atoasr( | |
21802 | + const char *src, | |
21803 | + size_t srclen, /* 0 means strlen(src) */ | |
21804 | + char *type, /* 'a', 's', 'r' */ | |
21805 | + struct in_addr *addrs /* two-element array */ | |
21806 | +); | |
21807 | +size_t /* space needed for full conversion */ | |
21808 | +rangetoa( | |
21809 | + struct in_addr *addrs, /* two-element array */ | |
21810 | + int format, /* character; 0 means default */ | |
21811 | + char *dst, | |
21812 | + size_t dstlen | |
21813 | +); | |
21814 | +#define RANGETOA_BUF 34 /* large enough for worst case result */ | |
21815 | + | |
21816 | +/* data types for SA conversion functions */ | |
21817 | + | |
21818 | +/* SAs */ | |
21819 | +const char * /* NULL for success, else string literal */ | |
21820 | +atosa( | |
21821 | + const char *src, | |
21822 | + size_t srclen, /* 0 means strlen(src) */ | |
21823 | + struct sa_id *sa | |
21824 | +); | |
21825 | +size_t /* space needed for full conversion */ | |
21826 | +satoa( | |
21827 | + struct sa_id sa, | |
21828 | + int format, /* character; 0 means default */ | |
21829 | + char *dst, | |
21830 | + size_t dstlen | |
21831 | +); | |
21832 | +#define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF) | |
21833 | + | |
21834 | +/* generic data, e.g. keys */ | |
21835 | +const char * /* NULL for success, else string literal */ | |
21836 | +atobytes( | |
21837 | + const char *src, | |
21838 | + size_t srclen, /* 0 means strlen(src) */ | |
21839 | + char *dst, | |
21840 | + size_t dstlen, | |
21841 | + size_t *lenp /* NULL means don't bother telling me */ | |
21842 | +); | |
21843 | +size_t /* 0 failure, else true size */ | |
21844 | +bytestoa( | |
21845 | + const char *src, | |
21846 | + size_t srclen, | |
21847 | + int format, /* character; 0 means default */ | |
21848 | + char *dst, | |
21849 | + size_t dstlen | |
21850 | +); | |
21851 | + | |
21852 | +/* old versions of generic-data functions; deprecated */ | |
21853 | +size_t /* 0 failure, else true size */ | |
21854 | +atodata( | |
21855 | + const char *src, | |
21856 | + size_t srclen, /* 0 means strlen(src) */ | |
21857 | + char *dst, | |
21858 | + size_t dstlen | |
21859 | +); | |
21860 | +size_t /* 0 failure, else true size */ | |
21861 | +datatoa( | |
21862 | + const char *src, | |
21863 | + size_t srclen, | |
21864 | + int format, /* character; 0 means default */ | |
21865 | + char *dst, | |
21866 | + size_t dstlen | |
21867 | +); | |
21868 | + | |
21869 | +/* part extraction and special addresses */ | |
21870 | +struct in_addr | |
21871 | +subnetof( | |
21872 | + struct in_addr addr, | |
21873 | + struct in_addr mask | |
21874 | +); | |
21875 | +struct in_addr | |
21876 | +hostof( | |
21877 | + struct in_addr addr, | |
21878 | + struct in_addr mask | |
21879 | +); | |
21880 | +struct in_addr | |
21881 | +broadcastof( | |
21882 | + struct in_addr addr, | |
21883 | + struct in_addr mask | |
21884 | +); | |
21885 | + | |
21886 | +/* mask handling */ | |
21887 | +int | |
21888 | +goodmask( | |
21889 | + struct in_addr mask | |
21890 | +); | |
21891 | +int | |
21892 | +masktobits( | |
21893 | + struct in_addr mask | |
21894 | +); | |
21895 | +struct in_addr | |
21896 | +bitstomask( | |
21897 | + int n | |
21898 | +); | |
21899 | + | |
21900 | + | |
21901 | + | |
21902 | +/* | |
21903 | + * general utilities | |
21904 | + */ | |
21905 | + | |
21906 | +#ifndef __KERNEL__ | |
21907 | +/* option pickup from files (userland only because of use of FILE) */ | |
21908 | +const char *optionsfrom(const char *filename, int *argcp, char ***argvp, | |
21909 | + int optind, FILE *errorreport); | |
21910 | +#endif | |
21911 | + | |
21912 | + | |
21913 | + | |
21914 | +#endif /* _FREESWAN_H */ | |
21915 | diff -druN linux-noipsec/net/ipsec/libfreeswan/goodmask.c linux/net/ipsec/libfreeswan/goodmask.c | |
21916 | --- linux-noipsec/net/ipsec/libfreeswan/goodmask.c Thu Jan 1 01:00:00 1970 | |
21917 | +++ linux/net/ipsec/libfreeswan/goodmask.c Wed Feb 16 19:54:24 2000 | |
21918 | @@ -0,0 +1,97 @@ | |
21919 | +/* | |
21920 | + * minor utilities for subnet-mask manipulation | |
21921 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
21922 | + * | |
21923 | + * This library is free software; you can redistribute it and/or modify it | |
21924 | + * under the terms of the GNU Library General Public License as published by | |
21925 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
21926 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
21927 | + * | |
21928 | + * This library is distributed in the hope that it will be useful, but | |
21929 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
21930 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
21931 | + * License for more details. | |
21932 | + * | |
21933 | + * RCSID $Id$ | |
21934 | + */ | |
21935 | +#include "internal.h" | |
21936 | +#include "freeswan.h" | |
21937 | + | |
21938 | +/* | |
21939 | + - goodmask - is this a good (^1*0*$) subnet mask? | |
21940 | + * You are not expected to understand this. See Henry S. Warren Jr, | |
21941 | + * "Functions realizable with word-parallel logical and two's-complement | |
21942 | + * addition instructions", CACM 20.6 (June 1977), p.439. | |
21943 | + */ | |
21944 | +int /* predicate */ | |
21945 | +goodmask(mask) | |
21946 | +struct in_addr mask; | |
21947 | +{ | |
21948 | + unsigned long x = ntohl(mask.s_addr); | |
21949 | + /* clear rightmost contiguous string of 1-bits */ | |
21950 | +# define CRCS1B(x) (((x|(x-1))+1)&x) | |
21951 | +# define TOPBIT (1UL << 31) | |
21952 | + | |
21953 | + /* either zero, or has one string of 1-bits which is left-justified */ | |
21954 | + if (x == 0 || (CRCS1B(x) == 0 && (x&TOPBIT))) | |
21955 | + return 1; | |
21956 | + return 0; | |
21957 | +} | |
21958 | + | |
21959 | +/* | |
21960 | + - masktobits - how many bits in this mask? | |
21961 | + * The algorithm is essentially a binary search, but highly optimized | |
21962 | + * for this particular task. | |
21963 | + */ | |
21964 | +int /* -1 means !goodmask() */ | |
21965 | +masktobits(mask) | |
21966 | +struct in_addr mask; | |
21967 | +{ | |
21968 | + unsigned long m = ntohl(mask.s_addr); | |
21969 | + int masklen; | |
21970 | + | |
21971 | + if (!goodmask(mask)) | |
21972 | + return -1; | |
21973 | + | |
21974 | + if (m&0x00000001UL) | |
21975 | + return 32; | |
21976 | + masklen = 0; | |
21977 | + if (m&(0x0000ffffUL<<1)) { /* <<1 for 1-origin numbering */ | |
21978 | + masklen |= 0x10; | |
21979 | + m <<= 16; | |
21980 | + } | |
21981 | + if (m&(0x00ff0000UL<<1)) { | |
21982 | + masklen |= 0x08; | |
21983 | + m <<= 8; | |
21984 | + } | |
21985 | + if (m&(0x0f000000UL<<1)) { | |
21986 | + masklen |= 0x04; | |
21987 | + m <<= 4; | |
21988 | + } | |
21989 | + if (m&(0x30000000UL<<1)) { | |
21990 | + masklen |= 0x02; | |
21991 | + m <<= 2; | |
21992 | + } | |
21993 | + if (m&(0x40000000UL<<1)) | |
21994 | + masklen |= 0x01; | |
21995 | + | |
21996 | + return masklen; | |
21997 | +} | |
21998 | + | |
21999 | +/* | |
22000 | + - bitstomask - return a mask with this many high bits on | |
22001 | + */ | |
22002 | +struct in_addr | |
22003 | +bitstomask(n) | |
22004 | +int n; | |
22005 | +{ | |
22006 | + struct in_addr result; | |
22007 | + | |
22008 | + if (n > 0 && n <= ABITS) | |
22009 | + result.s_addr = htonl(~((1UL << (ABITS - n)) - 1)); | |
22010 | + else if (n == 0) | |
22011 | + result.s_addr = 0; | |
22012 | + else | |
22013 | + result.s_addr = 0; /* best error report we can do */ | |
22014 | + return result; | |
22015 | +} | |
22016 | diff -druN linux-noipsec/net/ipsec/libfreeswan/initaddr.c linux/net/ipsec/libfreeswan/initaddr.c | |
22017 | --- linux-noipsec/net/ipsec/libfreeswan/initaddr.c Thu Jan 1 01:00:00 1970 | |
22018 | +++ linux/net/ipsec/libfreeswan/initaddr.c Fri Aug 25 16:40:05 2000 | |
22019 | @@ -0,0 +1,51 @@ | |
22020 | +/* | |
22021 | + * initialize address structure | |
22022 | + * Copyright (C) 2000 Henry Spencer. | |
22023 | + * | |
22024 | + * This library is free software; you can redistribute it and/or modify it | |
22025 | + * under the terms of the GNU Library General Public License as published by | |
22026 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
22027 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
22028 | + * | |
22029 | + * This library is distributed in the hope that it will be useful, but | |
22030 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
22031 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
22032 | + * License for more details. | |
22033 | + * | |
22034 | + * RCSID $Id$ | |
22035 | + */ | |
22036 | +#include "internal.h" | |
22037 | +#include "freeswan.h" | |
22038 | + | |
22039 | +/* | |
22040 | + - initaddr - initialize ip_address from bytes | |
22041 | + */ | |
22042 | +err_t /* NULL for success, else string literal */ | |
22043 | +initaddr(src, srclen, af, dst) | |
22044 | +const unsigned char *src; | |
22045 | +size_t srclen; | |
22046 | +int af; /* address family */ | |
22047 | +ip_address *dst; | |
22048 | +{ | |
22049 | + switch (af) { | |
22050 | + case AF_INET: | |
22051 | + if (srclen != 4) | |
22052 | + return "IPv4 address must be exactly 4 bytes"; | |
22053 | + dst->u.v4.sin_family = af; | |
22054 | + dst->u.v4.sin_port = 0; /* unused */ | |
22055 | + memcpy((char *)&dst->u.v4.sin_addr.s_addr, src, srclen); | |
22056 | + break; | |
22057 | + case AF_INET6: | |
22058 | + if (srclen != 16) | |
22059 | + return "IPv6 address must be exactly 16 bytes"; | |
22060 | + dst->u.v6.sin6_family = af; | |
22061 | + dst->u.v6.sin6_flowinfo = 0; /* unused */ | |
22062 | + dst->u.v6.sin6_port = 0; /* unused */ | |
22063 | + memcpy((char *)&dst->u.v6.sin6_addr, src, srclen); | |
22064 | + break; | |
22065 | + default: | |
22066 | + return "unknown address family in initaddr"; | |
22067 | + break; | |
22068 | + } | |
22069 | + return NULL; | |
22070 | +} | |
22071 | diff -druN linux-noipsec/net/ipsec/libfreeswan/initsaid.c linux/net/ipsec/libfreeswan/initsaid.c | |
22072 | --- linux-noipsec/net/ipsec/libfreeswan/initsaid.c Thu Jan 1 01:00:00 1970 | |
22073 | +++ linux/net/ipsec/libfreeswan/initsaid.c Fri Sep 8 20:03:45 2000 | |
22074 | @@ -0,0 +1,33 @@ | |
22075 | +/* | |
22076 | + * initialize SA ID structure | |
22077 | + * Copyright (C) 2000 Henry Spencer. | |
22078 | + * | |
22079 | + * This library is free software; you can redistribute it and/or modify it | |
22080 | + * under the terms of the GNU Library General Public License as published by | |
22081 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
22082 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
22083 | + * | |
22084 | + * This library is distributed in the hope that it will be useful, but | |
22085 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
22086 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
22087 | + * License for more details. | |
22088 | + * | |
22089 | + * RCSID $Id$ | |
22090 | + */ | |
22091 | +#include "internal.h" | |
22092 | +#include "freeswan.h" | |
22093 | + | |
22094 | +/* | |
22095 | + - initsaid - initialize SA ID from bits | |
22096 | + */ | |
22097 | +void | |
22098 | +initsaid(addr, spi, proto, dst) | |
22099 | +const ip_address *addr; | |
22100 | +ipsec_spi_t spi; | |
22101 | +int proto; | |
22102 | +ip_said *dst; | |
22103 | +{ | |
22104 | + dst->dst = *addr; | |
22105 | + dst->spi = spi; | |
22106 | + dst->proto = proto; | |
22107 | +} | |
22108 | diff -druN linux-noipsec/net/ipsec/libfreeswan/initsubnet.c linux/net/ipsec/libfreeswan/initsubnet.c | |
22109 | --- linux-noipsec/net/ipsec/libfreeswan/initsubnet.c Thu Jan 1 01:00:00 1970 | |
22110 | +++ linux/net/ipsec/libfreeswan/initsubnet.c Fri Sep 8 20:03:45 2000 | |
22111 | @@ -0,0 +1,77 @@ | |
22112 | +/* | |
22113 | + * initialize subnet structure | |
22114 | + * Copyright (C) 2000 Henry Spencer. | |
22115 | + * | |
22116 | + * This library is free software; you can redistribute it and/or modify it | |
22117 | + * under the terms of the GNU Library General Public License as published by | |
22118 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
22119 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
22120 | + * | |
22121 | + * This library is distributed in the hope that it will be useful, but | |
22122 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
22123 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
22124 | + * License for more details. | |
22125 | + * | |
22126 | + * RCSID $Id$ | |
22127 | + */ | |
22128 | +#include "internal.h" | |
22129 | +#include "freeswan.h" | |
22130 | + | |
22131 | +/* | |
22132 | + - initsubnet - initialize ip_subnet from address and count | |
22133 | + * | |
22134 | + * The only hard part is checking for host-part bits turned on. | |
22135 | + */ | |
22136 | +err_t /* NULL for success, else string literal */ | |
22137 | +initsubnet(addr, count, clash, dst) | |
22138 | +const ip_address *addr; | |
22139 | +int count; | |
22140 | +int clash; /* '0' zero host-part bits, 'x' die on them */ | |
22141 | +ip_subnet *dst; | |
22142 | +{ | |
22143 | + unsigned char *p; | |
22144 | + int n; | |
22145 | + int c; | |
22146 | + unsigned m; | |
22147 | + int die; | |
22148 | + | |
22149 | + dst->addr = *addr; | |
22150 | + n = addrbytesptr(&dst->addr, (const unsigned char **)&p); | |
22151 | + if (n == 0) | |
22152 | + return "unknown address family"; | |
22153 | + | |
22154 | + switch (clash) { | |
22155 | + case '0': | |
22156 | + die = 0; | |
22157 | + break; | |
22158 | + case 'x': | |
22159 | + die = 1; | |
22160 | + break; | |
22161 | + default: | |
22162 | + return "unknown clash-control value in initsubnet"; | |
22163 | + break; | |
22164 | + } | |
22165 | + | |
22166 | + c = count / 8; | |
22167 | + if (c > n) | |
22168 | + return "impossible mask count"; | |
22169 | + p += c; | |
22170 | + n -= c; | |
22171 | + | |
22172 | + m = 0xff; | |
22173 | + c = count % 8; | |
22174 | + if (n > 0 && c != 0) /* partial byte */ | |
22175 | + m >>= c; | |
22176 | + for (; n > 0; n--) { | |
22177 | + if ((*p & m) != 0) { | |
22178 | + if (die) | |
22179 | + return "improper subnet, host-part bits on"; | |
22180 | + *p &= ~m; | |
22181 | + } | |
22182 | + m = 0xff; | |
22183 | + p++; | |
22184 | + } | |
22185 | + | |
22186 | + dst->maskbits = count; | |
22187 | + return NULL; | |
22188 | +} | |
22189 | diff -druN linux-noipsec/net/ipsec/libfreeswan/internal.h linux/net/ipsec/libfreeswan/internal.h | |
22190 | --- linux-noipsec/net/ipsec/libfreeswan/internal.h Thu Jan 1 01:00:00 1970 | |
22191 | +++ linux/net/ipsec/libfreeswan/internal.h Tue Aug 8 04:34:15 2000 | |
22192 | @@ -0,0 +1,81 @@ | |
22193 | +/* | |
22194 | + * internal definitions for use within the library; do not export! | |
22195 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
22196 | + * | |
22197 | + * This library is free software; you can redistribute it and/or modify it | |
22198 | + * under the terms of the GNU Library General Public License as published by | |
22199 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
22200 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
22201 | + * | |
22202 | + * This library is distributed in the hope that it will be useful, but | |
22203 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
22204 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
22205 | + * License for more details. | |
22206 | + * | |
22207 | + * RCSID $Id$ | |
22208 | + */ | |
22209 | + | |
22210 | +#ifndef ABITS | |
22211 | +#define ABITS 32 /* bits in an IPv4 address */ | |
22212 | +#endif | |
22213 | + | |
22214 | +/* case-independent ASCII character equality comparison */ | |
22215 | +#define CIEQ(c1, c2) ( ((c1)&~040) == ((c2)&~040) ) | |
22216 | + | |
22217 | +/* syntax for passthrough SA */ | |
22218 | +#ifndef PASSTHROUGHNAME | |
22219 | +#define PASSTHROUGHNAME "%passthrough" | |
22220 | +#define PASSTHROUGH4NAME "%passthrough4" | |
22221 | +#define PASSTHROUGH6NAME "%passthrough6" | |
22222 | +#define PASSTHROUGHIS "tun0@0.0.0.0" | |
22223 | +#define PASSTHROUGH4IS "tun0@0.0.0.0" | |
22224 | +#define PASSTHROUGH6IS "tun0@::" | |
22225 | +#define PASSTHROUGHTYPE "tun" | |
22226 | +#define PASSTHROUGHSPI 0 | |
22227 | +#define PASSTHROUGHDST 0 | |
22228 | +#endif | |
22229 | + | |
22230 | +/* | |
22231 | + * Headers, greatly complicated by stupid and unnecessary inconsistencies | |
22232 | + * between the user environment and the kernel environment. These are done | |
22233 | + * here so that this mess need exist in only one place. | |
22234 | + * | |
22235 | + * It may seem like a -I or two could avoid most of this, but on closer | |
22236 | + * inspection it is not quite that easy. | |
22237 | + */ | |
22238 | + | |
22239 | +/* things that need to come from one place or the other, depending */ | |
22240 | +#ifdef __KERNEL__ | |
22241 | +#include <linux/types.h> | |
22242 | +#include <linux/socket.h> | |
22243 | +#include <linux/in.h> | |
22244 | +#include <linux/string.h> | |
22245 | +#include <linux/ctype.h> | |
22246 | +#define assert(foo) /* nothing */ | |
22247 | +#else | |
22248 | +#include <sys/types.h> | |
22249 | +#include <netinet/in.h> | |
22250 | +#include <string.h> | |
22251 | +#include <ctype.h> | |
22252 | +#include <assert.h> | |
22253 | +#endif | |
22254 | + | |
22255 | +/* things that exist only in userland */ | |
22256 | +#ifndef __KERNEL__ | |
22257 | + | |
22258 | +/* You'd think this would be okay in the kernel too -- it's just a */ | |
22259 | +/* bunch of constants -- but no, in RH5.1 it screws up other things. */ | |
22260 | +/* (Credit: Mike Warfield tracked this problem down. Thanks Mike!) */ | |
22261 | +/* Fortunately, we don't need it in the kernel subset of the library. */ | |
22262 | +#include <limits.h> | |
22263 | + | |
22264 | +/* header files for things that should never be called in kernel */ | |
22265 | +#include <netdb.h> | |
22266 | + | |
22267 | +/* memory allocation, currently user-only, macro-ized just in case */ | |
22268 | +#include <stdlib.h> | |
22269 | +#define MALLOC(n) malloc(n) | |
22270 | +#define FREE(p) free(p) | |
22271 | + | |
22272 | +#endif /* __KERNEL__ */ | |
22273 | + | |
22274 | diff -druN linux-noipsec/net/ipsec/libfreeswan/optionsfrom.c linux/net/ipsec/libfreeswan/optionsfrom.c | |
22275 | --- linux-noipsec/net/ipsec/libfreeswan/optionsfrom.c Thu Jan 1 01:00:00 1970 | |
22276 | +++ linux/net/ipsec/libfreeswan/optionsfrom.c Sun Apr 11 01:24:21 1999 | |
22277 | @@ -0,0 +1,301 @@ | |
22278 | +/* | |
22279 | + * pick up more options from a file, in the middle of an option scan | |
22280 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
22281 | + * | |
22282 | + * This library is free software; you can redistribute it and/or modify it | |
22283 | + * under the terms of the GNU Library General Public License as published by | |
22284 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
22285 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
22286 | + * | |
22287 | + * This library is distributed in the hope that it will be useful, but | |
22288 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
22289 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
22290 | + * License for more details. | |
22291 | + * | |
22292 | + * RCSID $Id$ | |
22293 | + */ | |
22294 | +#include "internal.h" | |
22295 | +#include "freeswan.h" | |
22296 | + | |
22297 | +#include <stdio.h> | |
22298 | + | |
22299 | +#define MAX 100 /* loop-detection limit */ | |
22300 | + | |
22301 | +/* internal work area */ | |
22302 | +struct work { | |
22303 | +# define LOTS 1024 | |
22304 | + char buf[LOTS]; | |
22305 | + char *line; | |
22306 | + char *pending; | |
22307 | +}; | |
22308 | + | |
22309 | +static const char *dowork(const char *, int *, char ***, int); | |
22310 | +static const char *getanarg(FILE *, struct work *, char **); | |
22311 | +static char *getline(FILE *, char *, size_t); | |
22312 | + | |
22313 | +/* | |
22314 | + - optionsfrom - add some options, taken from a file, to argc/argv | |
22315 | + * If errsto is non-NULL, does not return in event of error. | |
22316 | + */ | |
22317 | +const char * /* NULL for success, else string literal */ | |
22318 | +optionsfrom(filename, argcp, argvp, optind, errsto) | |
22319 | +const char *filename; | |
22320 | +int *argcp; /* pointer to argc */ | |
22321 | +char ***argvp; /* pointer to argv */ | |
22322 | +int optind; /* current optind, number of next argument */ | |
22323 | +FILE *errsto; /* where to report errors (NULL means return) */ | |
22324 | +{ | |
22325 | + const char *e; | |
22326 | + static int nuses = 0; | |
22327 | + | |
22328 | + if (errsto != NULL) { | |
22329 | + nuses++; | |
22330 | + if (nuses >= MAX) { | |
22331 | + fprintf(errsto, | |
22332 | + "%s: optionsfrom called %d times, looping?\n", | |
22333 | + (*argvp)[0], nuses); | |
22334 | + exit(2); | |
22335 | + } | |
22336 | + } else | |
22337 | + nuses = 0; | |
22338 | + | |
22339 | + e = dowork(filename, argcp, argvp, optind); | |
22340 | + if (e != NULL && errsto != NULL) { | |
22341 | + fprintf(errsto, "%s: optionsfrom failed: %s\n", (*argvp)[0], e); | |
22342 | + exit(2); | |
22343 | + } | |
22344 | + return e; | |
22345 | +} | |
22346 | + | |
22347 | +/* | |
22348 | + - dowork - do all the real work of optionsfrom | |
22349 | + * Does not alter the existing arguments, but does relocate and alter | |
22350 | + * the argv pointer vector. | |
22351 | + */ | |
22352 | +static const char * /* NULL for success, else string literal */ | |
22353 | +dowork(filename, argcp, argvp, optind) | |
22354 | +const char *filename; | |
22355 | +int *argcp; /* pointer to argc */ | |
22356 | +char ***argvp; /* pointer to argv */ | |
22357 | +int optind; /* current optind, number of next argument */ | |
22358 | +{ | |
22359 | + char **newargv; | |
22360 | + char **tmp; | |
22361 | + int newargc; | |
22362 | + int next; /* place for next argument */ | |
22363 | + int room; /* how many more new arguments we can hold */ | |
22364 | +# define SOME 10 /* first guess at how many we'll need */ | |
22365 | + FILE *f; | |
22366 | + int i; | |
22367 | + const char *p; | |
22368 | + struct work wa; /* for getanarg() */ | |
22369 | + | |
22370 | + f = fopen(filename, "r"); | |
22371 | + if (f == NULL) | |
22372 | + return "unable to open file"; | |
22373 | + | |
22374 | + newargc = *argcp + SOME; | |
22375 | + newargv = malloc((newargc+1) * sizeof(char *)); | |
22376 | + if (newargv == NULL) | |
22377 | + return "unable to allocate memory"; | |
22378 | + memcpy(newargv, *argvp, optind * sizeof(char *)); | |
22379 | + room = SOME; | |
22380 | + next = optind; | |
22381 | + | |
22382 | + newargv[next] = NULL; | |
22383 | + wa.pending = NULL; | |
22384 | + while ((p = getanarg(f, &wa, &newargv[next])) == NULL) { | |
22385 | + if (room == 0) { | |
22386 | + newargc += SOME; | |
22387 | + tmp = realloc(newargv, (newargc+1) * sizeof(char *)); | |
22388 | + if (tmp == NULL) { | |
22389 | + p = "out of space for new argv"; | |
22390 | + break; /* NOTE BREAK OUT */ | |
22391 | + } | |
22392 | + newargv = tmp; | |
22393 | + room += SOME; | |
22394 | + } | |
22395 | + next++; | |
22396 | + room--; | |
22397 | + } | |
22398 | + if (p != NULL && !feof(f)) { /* error of some kind */ | |
22399 | + for (i = optind+1; i <= next; i++) | |
22400 | + if (newargv[i] != NULL) | |
22401 | + free(newargv[i]); | |
22402 | + free(newargv); | |
22403 | + fclose(f); | |
22404 | + return p; | |
22405 | + } | |
22406 | + | |
22407 | + fclose(f); | |
22408 | + memcpy(newargv + next, *argvp + optind, | |
22409 | + (*argcp+1-optind) * sizeof(char *)); | |
22410 | + *argcp += next - optind; | |
22411 | + *argvp = newargv; | |
22412 | + return NULL; | |
22413 | +} | |
22414 | + | |
22415 | +/* | |
22416 | + - getanarg - get a malloced argument from the file | |
22417 | + */ | |
22418 | +static const char * /* NULL for success, else string literal */ | |
22419 | +getanarg(f, w, linep) | |
22420 | +FILE *f; | |
22421 | +struct work *w; | |
22422 | +char **linep; /* where to store pointer if successful */ | |
22423 | +{ | |
22424 | + size_t len; | |
22425 | + char *p; | |
22426 | + char *endp; | |
22427 | + | |
22428 | + while (w->pending == NULL) { /* no pending line */ | |
22429 | + if ((w->line = getline(f, w->buf, sizeof(w->buf))) == NULL) | |
22430 | + return "error in line read"; /* caller checks EOF */ | |
22431 | + if (w->line[0] != '#' && | |
22432 | + *(w->line + strspn(w->line, " \t")) != '\0') | |
22433 | + w->pending = w->line; | |
22434 | + } | |
22435 | + | |
22436 | + if (w->pending == w->line && w->line[0] != '-') { | |
22437 | + /* fresh plain line */ | |
22438 | + w->pending = NULL; | |
22439 | + p = w->line; | |
22440 | + endp = p + strlen(p); | |
22441 | + if (*p == '"' && endp > p+1 && *(endp-1) == '"') { | |
22442 | + p++; | |
22443 | + endp--; | |
22444 | + *endp = '\0'; | |
22445 | + } | |
22446 | + if (w->line == w->buf) { | |
22447 | + *linep = malloc(endp - p + 1); | |
22448 | + if (*linep == NULL) | |
22449 | + return "out of memory for new line"; | |
22450 | + strcpy(*linep, p); | |
22451 | + } else /* getline already malloced it */ | |
22452 | + *linep = p; | |
22453 | + return NULL; | |
22454 | + } | |
22455 | + | |
22456 | + /* chip off a piece of a pending line */ | |
22457 | + p = w->pending; | |
22458 | + p += strspn(p, " \t"); | |
22459 | + endp = p + strcspn(p, " \t"); | |
22460 | + len = endp - p; | |
22461 | + if (*endp != '\0') { | |
22462 | + *endp++ = '\0'; | |
22463 | + endp += strspn(endp, " \t"); | |
22464 | + } | |
22465 | + /* endp now points to next real character, or to line-end NUL */ | |
22466 | + *linep = malloc(len + 1); | |
22467 | + if (*linep == NULL) { | |
22468 | + if (w->line != w->buf) | |
22469 | + free(w->line); | |
22470 | + return "out of memory for new argument"; | |
22471 | + } | |
22472 | + strcpy(*linep, p); | |
22473 | + if (*endp == '\0') { | |
22474 | + w->pending = NULL; | |
22475 | + if (w->line != w->buf) | |
22476 | + free(w->line); | |
22477 | + } else | |
22478 | + w->pending = endp; | |
22479 | + return NULL; | |
22480 | +} | |
22481 | + | |
22482 | +/* | |
22483 | + - getline - read a line from the file, trim newline off | |
22484 | + */ | |
22485 | +static char * /* pointer to line, NULL for eof/error */ | |
22486 | +getline(f, buf, bufsize) | |
22487 | +FILE *f; | |
22488 | +char *buf; /* buffer to use, if convenient */ | |
22489 | +size_t bufsize; /* size of buf */ | |
22490 | +{ | |
22491 | + size_t len; | |
22492 | + | |
22493 | + if (fgets(buf, bufsize, f) == NULL) | |
22494 | + return NULL; | |
22495 | + len = strlen(buf); | |
22496 | + | |
22497 | + if (len < bufsize-1 || buf[bufsize-1] == '\n') { | |
22498 | + /* it fit */ | |
22499 | + buf[len-1] = '\0'; | |
22500 | + return buf; | |
22501 | + } | |
22502 | + | |
22503 | + /* oh crud, buffer overflow */ | |
22504 | + /* for now, to hell with it */ | |
22505 | + return NULL; | |
22506 | +} | |
22507 | + | |
22508 | + | |
22509 | + | |
22510 | +#ifdef TEST | |
22511 | + | |
22512 | +#include <getopt.h> | |
22513 | + | |
22514 | +char usage[] = "Usage: tester [--foo] [--bar] [--optionsfrom file] arg ..."; | |
22515 | +struct option opts[] = { | |
22516 | + "foo", 0, NULL, 'f', | |
22517 | + "bar", 0, NULL, 'b', | |
22518 | + "builtin", 0, NULL, 'B', | |
22519 | + "optionsfrom", 1, NULL, '+', | |
22520 | + "help", 0, NULL, 'h', | |
22521 | + "version", 0, NULL, 'v', | |
22522 | + 0, 0, NULL, 0, | |
22523 | +}; | |
22524 | + | |
22525 | +int | |
22526 | +main(argc, argv) | |
22527 | +int argc; | |
22528 | +char *argv[]; | |
22529 | +{ | |
22530 | + int opt; | |
22531 | + extern char *optarg; | |
22532 | + extern int optind; | |
22533 | + int errflg = 0; | |
22534 | + const char *p; | |
22535 | + int i; | |
22536 | + FILE *errs = NULL; | |
22537 | + | |
22538 | + while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) | |
22539 | + switch (opt) { | |
22540 | + case 'f': | |
22541 | + case 'b': | |
22542 | + break; | |
22543 | + case 'B': | |
22544 | + errs = stderr; | |
22545 | + break; | |
22546 | + case '+': /* optionsfrom */ | |
22547 | + p = optionsfrom(optarg, &argc, &argv, optind, errs); | |
22548 | + if (p != NULL) { | |
22549 | + fprintf(stderr, "%s: optionsfrom error: %s\n", | |
22550 | + argv[0], p); | |
22551 | + exit(1); | |
22552 | + } | |
22553 | + break; | |
22554 | + case 'h': /* help */ | |
22555 | + printf("%s\n", usage); | |
22556 | + exit(0); | |
22557 | + break; | |
22558 | + case 'v': /* version */ | |
22559 | + printf("1\n"); | |
22560 | + exit(0); | |
22561 | + break; | |
22562 | + case '?': | |
22563 | + default: | |
22564 | + errflg = 1; | |
22565 | + break; | |
22566 | + } | |
22567 | + if (errflg) { | |
22568 | + fprintf(stderr, "%s\n", usage); | |
22569 | + exit(2); | |
22570 | + } | |
22571 | + | |
22572 | + for (i = 1; i < argc; i++) | |
22573 | + printf("%d: `%s'\n", i, argv[i]); | |
22574 | + exit(0); | |
22575 | +} | |
22576 | + | |
22577 | + | |
22578 | +#endif /* TEST */ | |
22579 | diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkey.h linux/net/ipsec/libfreeswan/pfkey.h | |
22580 | --- linux-noipsec/net/ipsec/libfreeswan/pfkey.h Thu Jan 1 01:00:00 1970 | |
22581 | +++ linux/net/ipsec/libfreeswan/pfkey.h Tue Oct 10 22:10:19 2000 | |
22582 | @@ -0,0 +1,340 @@ | |
22583 | +/* | |
22584 | + * FreeS/WAN specific PF_KEY headers | |
22585 | + * Copyright (C) 1999 Richard Guy Briggs. | |
22586 | + * | |
22587 | + * This program is free software; you can redistribute it and/or modify it | |
22588 | + * under the terms of the GNU General Public License as published by the | |
22589 | + * Free Software Foundation; either version 2 of the License, or (at your | |
22590 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
22591 | + * | |
22592 | + * This program is distributed in the hope that it will be useful, but | |
22593 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
22594 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
22595 | + * for more details. | |
22596 | + * | |
22597 | + * RCSID $Id$ | |
22598 | + */ | |
22599 | + | |
22600 | +#ifndef __NET_IPSEC_PF_KEY_H | |
22601 | +#define __NET_IPSEC_PF_KEY_H | |
22602 | +#ifdef __KERNEL__ | |
22603 | +extern void pfkey_proto_init(struct net_proto *pro); | |
22604 | +extern struct proto_ops pfkey_proto_ops; | |
22605 | +typedef struct sock pfkey_sock; | |
22606 | +extern int debug_pfkey; | |
22607 | + | |
22608 | +extern /* void */ int pfkey_init(void); | |
22609 | +extern /* void */ int pfkey_cleanup(void); | |
22610 | + | |
22611 | +extern struct sock *pfkey_sock_list; | |
22612 | +struct socket_list | |
22613 | +{ | |
22614 | + struct socket *socketp; | |
22615 | + struct socket_list *next; | |
22616 | +}; | |
22617 | +extern int pfkey_list_insert_socket(struct socket*, struct socket_list**); | |
22618 | +extern int pfkey_list_remove_socket(struct socket*, struct socket_list**); | |
22619 | +extern struct socket_list *pfkey_open_sockets; | |
22620 | +extern struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1]; | |
22621 | + | |
22622 | +struct supported | |
22623 | +{ | |
22624 | + uint16_t supported_alg_exttype; | |
22625 | + uint8_t supported_alg_id; | |
22626 | + uint8_t supported_alg_ivlen; | |
22627 | + uint16_t supported_alg_minbits; | |
22628 | + uint16_t supported_alg_maxbits; | |
22629 | +}; | |
22630 | + | |
22631 | +extern struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1]; | |
22632 | +struct supported_list | |
22633 | +{ | |
22634 | + struct supported *supportedp; | |
22635 | + struct supported_list *next; | |
22636 | +}; | |
22637 | +extern int pfkey_list_insert_supported(struct supported*, struct supported_list**); | |
22638 | +extern int pfkey_list_remove_supported(struct supported*, struct supported_list**); | |
22639 | + | |
22640 | +extern uint8_t sadb_satype2proto[]; | |
22641 | + | |
22642 | +/* | |
22643 | +#if defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2) | |
22644 | + */ | |
22645 | +struct sockaddr_key | |
22646 | +{ | |
22647 | + uint16_t key_family; /* PF_KEY */ | |
22648 | + uint16_t key_pad; /* not used */ | |
22649 | + uint32_t key_pid; /* process ID */ | |
22650 | +}; | |
22651 | +/* | |
22652 | +#endif */ /* defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2) | |
22653 | + */ | |
22654 | + | |
22655 | +struct pfkey_extracted_data | |
22656 | +{ | |
22657 | + struct tdb* tdb; | |
22658 | + struct tdb* tdb2; | |
22659 | + struct eroute *eroute; | |
22660 | +}; | |
22661 | + | |
22662 | +extern int pfkey_upmsg(struct socket *, struct sadb_msg *); | |
22663 | +extern int pfkey_expire(struct tdb *, int); | |
22664 | +extern int pfkey_acquire(struct tdb *); | |
22665 | +#endif /* __KERNEL__ */ | |
22666 | + | |
22667 | +extern uint8_t satype2proto(uint8_t satype); | |
22668 | +extern uint8_t proto2satype(uint8_t proto); | |
22669 | +extern char* proto2name(uint8_t proto); | |
22670 | + | |
22671 | +struct key_opt | |
22672 | +{ | |
22673 | + uint32_t key_pid; /* process ID */ | |
22674 | + struct sock *sk; | |
22675 | +}; | |
22676 | + | |
22677 | +#define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid | |
22678 | + | |
22679 | +#define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t)) | |
22680 | +#define BITS_PER_OCTET 8 | |
22681 | +#define OCTETBITS 8 | |
22682 | +#define PFKEYBITS 64 | |
22683 | +#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */ | |
22684 | +#define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */ | |
22685 | + | |
22686 | +#define PFKEYv2_MAX_MSGSIZE 4096 | |
22687 | + | |
22688 | +/* | |
22689 | + * PF_KEYv2 permitted and required extensions in and out bitmaps | |
22690 | + */ | |
22691 | + | |
22692 | +extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/]; | |
22693 | +#define EXT_BITS_IN 0 | |
22694 | +#define EXT_BITS_OUT 1 | |
22695 | +#define EXT_BITS_PERM 0 | |
22696 | +#define EXT_BITS_REQ 1 | |
22697 | + | |
22698 | +extern void pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]); | |
22699 | +extern void pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]); | |
22700 | +extern void pfkey_msg_free(struct sadb_msg **pfkey_msg); | |
22701 | + | |
22702 | +extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg, | |
22703 | + int (*ext_parsers[])(struct sadb_ext* ), | |
22704 | + struct sadb_ext **extensions, | |
22705 | + int dir); | |
22706 | + | |
22707 | +/* | |
22708 | + * PF_KEYv2 build function prototypes | |
22709 | + */ | |
22710 | + | |
22711 | +int | |
22712 | +pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, | |
22713 | + uint8_t msg_type, | |
22714 | + uint8_t satype, | |
22715 | + uint8_t msg_errno, | |
22716 | + uint32_t seq, | |
22717 | + uint32_t pid); | |
22718 | + | |
22719 | +int | |
22720 | +pfkey_sa_build(struct sadb_ext ** pfkey_ext, | |
22721 | + uint16_t exttype, | |
22722 | + uint32_t spi, /* in network order */ | |
22723 | + uint8_t replay_window, | |
22724 | + uint8_t sa_state, | |
22725 | + uint8_t auth, | |
22726 | + uint8_t encrypt, | |
22727 | + uint32_t flags); | |
22728 | + | |
22729 | +int | |
22730 | +pfkey_lifetime_build(struct sadb_ext ** pfkey_ext, | |
22731 | + uint16_t exttype, | |
22732 | + uint32_t allocations, | |
22733 | + uint64_t bytes, | |
22734 | + uint64_t addtime, | |
22735 | + uint64_t usetime); | |
22736 | + | |
22737 | +int | |
22738 | +pfkey_address_build(struct sadb_ext** pfkey_ext, | |
22739 | + uint16_t exttype, | |
22740 | + uint8_t proto, | |
22741 | + uint8_t prefixlen, | |
22742 | + struct sockaddr* address); | |
22743 | + | |
22744 | +int | |
22745 | +pfkey_key_build(struct sadb_ext** pfkey_ext, | |
22746 | + uint16_t exttype, | |
22747 | + uint16_t key_bits, | |
22748 | + char* key); | |
22749 | + | |
22750 | +int | |
22751 | +pfkey_ident_build(struct sadb_ext** pfkey_ext, | |
22752 | + uint16_t exttype, | |
22753 | + uint16_t ident_type, | |
22754 | + uint64_t ident_id, | |
22755 | + char* ident_string); | |
22756 | + | |
22757 | +int | |
22758 | +pfkey_sens_build(struct sadb_ext** pfkey_ext, | |
22759 | + uint32_t dpd, | |
22760 | + uint8_t sens_level, | |
22761 | + uint8_t sens_len, | |
22762 | + uint64_t* sens_bitmap, | |
22763 | + uint8_t integ_level, | |
22764 | + uint8_t integ_len, | |
22765 | + uint64_t* integ_bitmap); | |
22766 | + | |
22767 | +int | |
22768 | +pfkey_prop_build(struct sadb_ext** pfkey_ext, | |
22769 | + uint8_t replay, | |
22770 | + unsigned int comb_num, | |
22771 | + struct sadb_comb* comb); | |
22772 | + | |
22773 | +int | |
22774 | +pfkey_supported_build(struct sadb_ext** pfkey_ext, | |
22775 | + uint16_t exttype, | |
22776 | + unsigned int alg_num, | |
22777 | + struct sadb_alg* alg); | |
22778 | + | |
22779 | +int | |
22780 | +pfkey_spirange_build(struct sadb_ext** pfkey_ext, | |
22781 | + uint16_t exttype, | |
22782 | + uint32_t min, | |
22783 | + uint32_t max); | |
22784 | + | |
22785 | +int | |
22786 | +pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext); | |
22787 | + | |
22788 | +int | |
22789 | +pfkey_x_satype_build(struct sadb_ext** pfkey_ext, | |
22790 | + uint8_t satype); | |
22791 | + | |
22792 | +int | |
22793 | +pfkey_x_debug_build(struct sadb_ext** pfkey_ext, | |
22794 | + uint32_t tunnel, | |
22795 | + uint32_t netlink, | |
22796 | + uint32_t xform, | |
22797 | + uint32_t eroute, | |
22798 | + uint32_t spi, | |
22799 | + uint32_t radij, | |
22800 | + uint32_t esp, | |
22801 | + uint32_t ah, | |
22802 | + uint32_t rcv, | |
22803 | + uint32_t pfkey, | |
22804 | + uint32_t ipcomp, | |
22805 | + uint32_t verbose); | |
22806 | + | |
22807 | +int | |
22808 | +pfkey_msg_build(struct sadb_msg** pfkey_msg, | |
22809 | + struct sadb_ext* extensions[], | |
22810 | + int dir); | |
22811 | + | |
22812 | +#endif /* __NET_IPSEC_PF_KEY_H */ | |
22813 | + | |
22814 | +/* | |
22815 | + * $Log$ | |
22816 | + * Revision 1.28 2000/10/10 20:10:19 rgb | |
22817 | + * Added support for debug_ipcomp and debug_verbose to klipsdebug. | |
22818 | + * | |
22819 | + * Revision 1.27 2000/09/21 04:20:45 rgb | |
22820 | + * Fixed array size off-by-one error. (Thanks Svenning!) | |
22821 | + * | |
22822 | + * Revision 1.26 2000/09/12 03:26:05 rgb | |
22823 | + * Added pfkey_acquire prototype. | |
22824 | + * | |
22825 | + * Revision 1.25 2000/09/08 19:21:28 rgb | |
22826 | + * Fix pfkey_prop_build() parameter to be only single indirection. | |
22827 | + * | |
22828 | + * Revision 1.24 2000/09/01 18:46:42 rgb | |
22829 | + * Added a supported algorithms array lists, one per satype and registered | |
22830 | + * existing algorithms. | |
22831 | + * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to | |
22832 | + * list. | |
22833 | + * | |
22834 | + * Revision 1.23 2000/08/27 01:55:26 rgb | |
22835 | + * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code. | |
22836 | + * | |
22837 | + * Revision 1.22 2000/08/20 21:39:23 rgb | |
22838 | + * Added kernel prototypes for kernel funcitions pfkey_upmsg() and | |
22839 | + * pfkey_expire(). | |
22840 | + * | |
22841 | + * Revision 1.21 2000/08/15 17:29:23 rgb | |
22842 | + * Fixes from SZI to untested pfkey_prop_build(). | |
22843 | + * | |
22844 | + * Revision 1.20 2000/05/10 20:14:19 rgb | |
22845 | + * Fleshed out sensitivity, proposal and supported extensions. | |
22846 | + * | |
22847 | + * Revision 1.19 2000/03/16 14:07:23 rgb | |
22848 | + * Renamed ALIGN macro to avoid fighting with others in kernel. | |
22849 | + * | |
22850 | + * Revision 1.18 2000/01/22 23:24:06 rgb | |
22851 | + * Added prototypes for proto2satype(), satype2proto() and proto2name(). | |
22852 | + * | |
22853 | + * Revision 1.17 2000/01/21 06:26:59 rgb | |
22854 | + * Converted from double tdb arguments to one structure (extr) | |
22855 | + * containing pointers to all temporary information structures. | |
22856 | + * Added klipsdebug switching capability. | |
22857 | + * Dropped unused argument to pfkey_x_satype_build(). | |
22858 | + * | |
22859 | + * Revision 1.16 1999/12/29 21:17:41 rgb | |
22860 | + * Changed pfkey_msg_build() I/F to include a struct sadb_msg** | |
22861 | + * parameter for cleaner manipulation of extensions[] and to guard | |
22862 | + * against potential memory leaks. | |
22863 | + * Changed the I/F to pfkey_msg_free() for the same reason. | |
22864 | + * | |
22865 | + * Revision 1.15 1999/12/09 23:12:54 rgb | |
22866 | + * Added macro for BITS_PER_OCTET. | |
22867 | + * Added argument to pfkey_sa_build() to do eroutes. | |
22868 | + * | |
22869 | + * Revision 1.14 1999/12/08 20:33:25 rgb | |
22870 | + * Changed sa_family_t to uint16_t for 2.0.xx compatibility. | |
22871 | + * | |
22872 | + * Revision 1.13 1999/12/07 19:53:40 rgb | |
22873 | + * Removed unused first argument from extension parsers. | |
22874 | + * Changed __u* types to uint* to avoid use of asm/types.h and | |
22875 | + * sys/types.h in userspace code. | |
22876 | + * Added function prototypes for pfkey message and extensions | |
22877 | + * initialisation and cleanup. | |
22878 | + * | |
22879 | + * Revision 1.12 1999/12/01 22:19:38 rgb | |
22880 | + * Change pfkey_sa_build to accept an SPI in network byte order. | |
22881 | + * | |
22882 | + * Revision 1.11 1999/11/27 11:55:26 rgb | |
22883 | + * Added extern sadb_satype2proto to enable moving protocol lookup table | |
22884 | + * to lib/pfkey_v2_parse.c. | |
22885 | + * Delete unused, moved typedefs. | |
22886 | + * Add argument to pfkey_msg_parse() for direction. | |
22887 | + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. | |
22888 | + * | |
22889 | + * Revision 1.10 1999/11/23 22:29:21 rgb | |
22890 | + * This file has been moved in the distribution from klips/net/ipsec to | |
22891 | + * lib. | |
22892 | + * Add macros for dealing with alignment and rounding up more opaquely. | |
22893 | + * The uint<n>_t type defines have been moved to freeswan.h to avoid | |
22894 | + * chicken-and-egg problems. | |
22895 | + * Add macros for dealing with alignment and rounding up more opaque. | |
22896 | + * Added prototypes for using extention header bitmaps. | |
22897 | + * Added prototypes of all the build functions. | |
22898 | + * | |
22899 | + * Revision 1.9 1999/11/20 21:59:48 rgb | |
22900 | + * Moved socketlist type declarations and prototypes for shared use. | |
22901 | + * Slightly modified scope of sockaddr_key declaration. | |
22902 | + * | |
22903 | + * Revision 1.8 1999/11/17 14:34:25 rgb | |
22904 | + * Protect sa_family_t from being used in userspace with GLIBC<2. | |
22905 | + * | |
22906 | + * Revision 1.7 1999/10/27 19:40:35 rgb | |
22907 | + * Add a maximum PFKEY packet size macro. | |
22908 | + * | |
22909 | + * Revision 1.6 1999/10/26 16:58:58 rgb | |
22910 | + * Created a sockaddr_key and key_opt socket extension structures. | |
22911 | + * | |
22912 | + * Revision 1.5 1999/06/10 05:24:41 rgb | |
22913 | + * Renamed variables to reduce confusion. | |
22914 | + * | |
22915 | + * Revision 1.4 1999/04/29 15:21:11 rgb | |
22916 | + * Add pfkey support to debugging. | |
22917 | + * Add return values to init and cleanup functions. | |
22918 | + * | |
22919 | + * Revision 1.3 1999/04/15 17:58:07 rgb | |
22920 | + * Add RCSID labels. | |
22921 | + * | |
22922 | + */ | |
22923 | diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_build.c linux/net/ipsec/libfreeswan/pfkey_v2_build.c | |
22924 | --- linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_build.c Thu Jan 1 01:00:00 1970 | |
22925 | +++ linux/net/ipsec/libfreeswan/pfkey_v2_build.c Fri Nov 17 19:10:30 2000 | |
22926 | @@ -0,0 +1,1265 @@ | |
22927 | +/* | |
22928 | + * RFC2367 PF_KEYv2 Key management API message parser | |
22929 | + * Copyright (C) 1999 Richard Guy Briggs. | |
22930 | + * | |
22931 | + * This program is free software; you can redistribute it and/or modify it | |
22932 | + * under the terms of the GNU General Public License as published by the | |
22933 | + * Free Software Foundation; either version 2 of the License, or (at your | |
22934 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
22935 | + * | |
22936 | + * This program is distributed in the hope that it will be useful, but | |
22937 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
22938 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
22939 | + * for more details. | |
22940 | + * | |
22941 | + * RCSID $Id$ | |
22942 | + */ | |
22943 | + | |
22944 | +/* | |
22945 | + * Template from klips/net/ipsec/ipsec/ipsec_parser.c. | |
22946 | + */ | |
22947 | + | |
22948 | +char pfkey_v2_build_c_version[] = "$Id$"; | |
22949 | + | |
22950 | +/* | |
22951 | + * Some ugly stuff to allow consistent debugging code for use in the | |
22952 | + * kernel and in user space | |
22953 | +*/ | |
22954 | + | |
22955 | +#ifdef __KERNEL__ | |
22956 | + | |
22957 | +# include <linux/kernel.h> /* for printk */ | |
22958 | + | |
22959 | +# include <linux/malloc.h> /* kmalloc() */ | |
22960 | +# include <linux/errno.h> /* error codes */ | |
22961 | +# include <linux/types.h> /* size_t */ | |
22962 | +# include <linux/interrupt.h> /* mark_bh */ | |
22963 | + | |
22964 | +# include <linux/netdevice.h> /* struct device, and other headers */ | |
22965 | +# include <linux/etherdevice.h> /* eth_type_trans */ | |
22966 | +# include <linux/ip.h> /* struct iphdr */ | |
22967 | +# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
22968 | +# include <linux/ipv6.h> /* struct ipv6hdr */ | |
22969 | +# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ | |
22970 | +extern int debug_pfkey; | |
22971 | + | |
22972 | +# define MALLOC(size) kmalloc(size, GFP_ATOMIC) | |
22973 | +# define FREE(obj) kfree(obj) | |
22974 | +#else /* __KERNEL__ */ | |
22975 | + | |
22976 | +# include <sys/types.h> | |
22977 | +# include <linux/types.h> | |
22978 | +# include <linux/errno.h> | |
22979 | +# include <malloc.h> | |
22980 | +# include <string.h> /* memset */ | |
22981 | + | |
22982 | +# include "../pluto/constants.h" | |
22983 | +# include "../pluto/defs.h" /* for PRINTF_LIKE */ | |
22984 | +# include "../pluto/log.h" /* for debugging and DBG_log */ | |
22985 | + | |
22986 | +extern unsigned int debugging; /* bits selecting what to report */ | |
22987 | +unsigned int pfkey_lib_debug = 0; | |
22988 | + | |
22989 | +/* #define PLUTO */ | |
22990 | + | |
22991 | +# ifdef PLUTO | |
22992 | +# define DEBUGGING(args...) { DBG_log("pfkey_lib_debug:" args); } | |
22993 | +# else | |
22994 | +# define DEBUGGING(args...) if(pfkey_lib_debug) { printf("pfkey_lib_debug:" args); } else { ; } | |
22995 | +# endif | |
22996 | +# define MALLOC(size) malloc(size) | |
22997 | +# define FREE(obj) free(obj) | |
22998 | +#endif /* __KERNEL__ */ | |
22999 | + | |
23000 | +#include <freeswan.h> | |
23001 | +#include <pfkeyv2.h> | |
23002 | +#include <pfkey.h> | |
23003 | + | |
23004 | +#ifdef __KERNEL__ | |
23005 | +# include "../radij.h" /* rd_nodes */ | |
23006 | +# include "../ipsec_encap.h" /* sockaddr_encap */ | |
23007 | +# include "../ipsec_netlink.h" /* KLIPS_PRINT */ | |
23008 | +# define DEBUGGING(args...) \ | |
23009 | + KLIPS_PRINT(debug_pfkey, "klips_debug:" args) | |
23010 | +/* ((debug_pfkey) ? printk(KERN_INFO "klips_debug:" format , ## args) : 0) */ | |
23011 | +#endif /* __KERNEL__ */ | |
23012 | + | |
23013 | + | |
23014 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
23015 | + | |
23016 | +void | |
23017 | +pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) | |
23018 | +{ | |
23019 | + int i; | |
23020 | + | |
23021 | + for (i = 0; i != SADB_EXT_MAX + 1; i++) { | |
23022 | + extensions[i] = NULL; | |
23023 | + } | |
23024 | +} | |
23025 | + | |
23026 | +void | |
23027 | +pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) | |
23028 | +{ | |
23029 | + int i; | |
23030 | + | |
23031 | + if(!extensions) { | |
23032 | + return; | |
23033 | + } | |
23034 | + | |
23035 | + if(extensions[0]) { | |
23036 | + memset(extensions[0], 0, sizeof(struct sadb_msg)); | |
23037 | + FREE(extensions[0]); | |
23038 | + extensions[0] = NULL; | |
23039 | + } | |
23040 | + | |
23041 | + for (i = 1; i != SADB_EXT_MAX + 1; i++) { | |
23042 | + if(extensions[i]) { | |
23043 | + memset(extensions[i], 0, extensions[i]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); | |
23044 | + FREE(extensions[i]); | |
23045 | + extensions[i] = NULL; | |
23046 | + } | |
23047 | + } | |
23048 | +} | |
23049 | + | |
23050 | +void | |
23051 | +pfkey_msg_free(struct sadb_msg **pfkey_msg) | |
23052 | +{ | |
23053 | + if(*pfkey_msg) { | |
23054 | + memset(*pfkey_msg, 0, (*pfkey_msg)->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); | |
23055 | + FREE(*pfkey_msg); | |
23056 | + *pfkey_msg = NULL; | |
23057 | + } | |
23058 | +} | |
23059 | + | |
23060 | +/* Default extension builders taken from the KLIPS code */ | |
23061 | + | |
23062 | +int | |
23063 | +pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, | |
23064 | + uint8_t msg_type, | |
23065 | + uint8_t satype, | |
23066 | + uint8_t msg_errno, | |
23067 | + uint32_t seq, | |
23068 | + uint32_t pid) | |
23069 | +{ | |
23070 | + int error = 0; | |
23071 | + struct sadb_msg *pfkey_msg = (struct sadb_msg *)*pfkey_ext; | |
23072 | + | |
23073 | + DEBUGGING( | |
23074 | + "pfkey_msg_hdr_build:\n"); | |
23075 | + DEBUGGING( | |
23076 | + "pfkey_msg_hdr_build: on_entry &pfkey_ext=%p pfkey_ext=%p *pfkey_ext=%p.\n", | |
23077 | + &pfkey_ext, | |
23078 | + pfkey_ext, | |
23079 | + *pfkey_ext); | |
23080 | + /* sanity checks... */ | |
23081 | + if(pfkey_msg) { | |
23082 | + DEBUGGING( | |
23083 | + "pfkey_msg_hdr_build:why is pfkey_msg already pointing to something?\n"); | |
23084 | + SENDERR(EINVAL); | |
23085 | + } | |
23086 | + | |
23087 | + if(!msg_type) { | |
23088 | + DEBUGGING( | |
23089 | + "pfkey_msg_hdr_build: msg type not set, must be non-zero..\n"); | |
23090 | + SENDERR(EINVAL); | |
23091 | + } | |
23092 | + | |
23093 | + if(msg_type > SADB_MAX) { | |
23094 | + DEBUGGING( | |
23095 | + "pfkey_msg_hdr_build: msg type too large:%d.\n", | |
23096 | + msg_type); | |
23097 | + SENDERR(EINVAL); | |
23098 | + } | |
23099 | + | |
23100 | + if(satype > SADB_SATYPE_MAX) { | |
23101 | + DEBUGGING( | |
23102 | + "pfkey_msg_hdr_build: satype %d > max %d\n", | |
23103 | + satype, SADB_SATYPE_MAX); | |
23104 | + SENDERR(EINVAL); | |
23105 | + } | |
23106 | + | |
23107 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23108 | + pfkey_msg = (struct sadb_msg*) | |
23109 | + MALLOC(sizeof(struct sadb_msg)))) { | |
23110 | + DEBUGGING( | |
23111 | + "pfkey_msg_hdr_build: memory allocation failed\n"); | |
23112 | + SENDERR(ENOMEM); | |
23113 | + } | |
23114 | + memset(pfkey_msg, 0, sizeof(struct sadb_msg)); | |
23115 | + | |
23116 | + pfkey_msg->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; | |
23117 | + | |
23118 | + pfkey_msg->sadb_msg_type = msg_type; | |
23119 | + pfkey_msg->sadb_msg_satype = satype; | |
23120 | + | |
23121 | + pfkey_msg->sadb_msg_version = PF_KEY_V2; | |
23122 | + pfkey_msg->sadb_msg_errno = msg_errno; | |
23123 | + pfkey_msg->sadb_msg_reserved = 0; | |
23124 | + pfkey_msg->sadb_msg_seq = seq; | |
23125 | + pfkey_msg->sadb_msg_pid = pid; | |
23126 | + DEBUGGING( | |
23127 | + "pfkey_msg_hdr_build: on_exit &pfkey_ext=%p pfkey_ext=%p *pfkey_ext=%p.\n", | |
23128 | + &pfkey_ext, | |
23129 | + pfkey_ext, | |
23130 | + *pfkey_ext); | |
23131 | +errlab: | |
23132 | + return error; | |
23133 | +} | |
23134 | + | |
23135 | +int | |
23136 | +pfkey_sa_build(struct sadb_ext ** pfkey_ext, | |
23137 | + uint16_t exttype, | |
23138 | + uint32_t spi, /* in network order */ | |
23139 | + uint8_t replay_window, | |
23140 | + uint8_t sa_state, | |
23141 | + uint8_t auth, | |
23142 | + uint8_t encrypt, | |
23143 | + uint32_t flags) | |
23144 | +{ | |
23145 | + int error = 0; | |
23146 | + struct sadb_sa *pfkey_sa = (struct sadb_sa *)*pfkey_ext; | |
23147 | + | |
23148 | + DEBUGGING( | |
23149 | + "pfkey_sa_build: spi=%08x replay=%d sa_state=%d auth=%d encrypt=%d flags=%d\n", | |
23150 | + ntohl(spi), /* in network order */ | |
23151 | + replay_window, | |
23152 | + sa_state, | |
23153 | + auth, | |
23154 | + encrypt, | |
23155 | + flags); | |
23156 | + /* sanity checks... */ | |
23157 | + if(pfkey_sa) { | |
23158 | + DEBUGGING( | |
23159 | + "pfkey_sa_build:why is pfkey_sa already pointing to something?\n"); | |
23160 | + SENDERR(EINVAL); | |
23161 | + } | |
23162 | + | |
23163 | + if(exttype != SADB_EXT_SA && | |
23164 | + exttype != SADB_X_EXT_SA2) { | |
23165 | + DEBUGGING( | |
23166 | + "pfkey_sa_build: invalid exttype=%d.\n", | |
23167 | + exttype); | |
23168 | + SENDERR(EINVAL); | |
23169 | + } | |
23170 | + | |
23171 | + if(replay_window > 64) { | |
23172 | + DEBUGGING( | |
23173 | + "pfkey_sa_build: replay window size: %d" | |
23174 | + " -- must be 0 <= size <= 64\n", | |
23175 | + replay_window); | |
23176 | + SENDERR(EINVAL); | |
23177 | + } | |
23178 | + | |
23179 | + if(auth > SADB_AALG_MAX) { | |
23180 | + DEBUGGING( | |
23181 | + "pfkey_sa_build: auth=%d > SADB_AALG_MAX=%d.\n", | |
23182 | + auth, | |
23183 | + SADB_AALG_MAX); | |
23184 | + SENDERR(EINVAL); | |
23185 | + } | |
23186 | + | |
23187 | + if(encrypt > SADB_EALG_MAX) { | |
23188 | + DEBUGGING( | |
23189 | + "pfkey_sa_build: encrypt=%d > SADB_EALG_MAX=%d.\n", | |
23190 | + encrypt, | |
23191 | + SADB_EALG_MAX); | |
23192 | + SENDERR(EINVAL); | |
23193 | + } | |
23194 | + | |
23195 | + if(sa_state > SADB_SASTATE_MAX) { | |
23196 | + DEBUGGING( | |
23197 | + "pfkey_sa_build: sa_state=%d exceeds MAX=%d.\n", | |
23198 | + sa_state, | |
23199 | + SADB_SASTATE_MAX); | |
23200 | + SENDERR(EINVAL); | |
23201 | + } | |
23202 | + | |
23203 | + if(sa_state == SADB_SASTATE_DEAD) { | |
23204 | + DEBUGGING( | |
23205 | + "pfkey_sa_build: sa_state=%d is DEAD=%d is not allowed.\n", | |
23206 | + sa_state, | |
23207 | + SADB_SASTATE_DEAD); | |
23208 | + SENDERR(EINVAL); | |
23209 | + } | |
23210 | + | |
23211 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23212 | + pfkey_sa = (struct sadb_sa*) | |
23213 | + MALLOC(sizeof(struct sadb_sa)))) { | |
23214 | + DEBUGGING( | |
23215 | + "pfkey_sa_build: memory allocation failed\n"); | |
23216 | + SENDERR(ENOMEM); | |
23217 | + } | |
23218 | + memset(pfkey_sa, 0, sizeof(struct sadb_sa)); | |
23219 | + | |
23220 | + pfkey_sa->sadb_sa_len = sizeof(*pfkey_sa) / IPSEC_PFKEYv2_ALIGN; | |
23221 | + pfkey_sa->sadb_sa_exttype = exttype; | |
23222 | + pfkey_sa->sadb_sa_spi = spi; | |
23223 | + pfkey_sa->sadb_sa_replay = replay_window; | |
23224 | + pfkey_sa->sadb_sa_state = sa_state; | |
23225 | + pfkey_sa->sadb_sa_auth = auth; | |
23226 | + pfkey_sa->sadb_sa_encrypt = encrypt; | |
23227 | + pfkey_sa->sadb_sa_flags = flags; | |
23228 | + | |
23229 | +errlab: | |
23230 | + return error; | |
23231 | +} | |
23232 | + | |
23233 | +int | |
23234 | +pfkey_lifetime_build(struct sadb_ext ** pfkey_ext, | |
23235 | + uint16_t exttype, | |
23236 | + uint32_t allocations, | |
23237 | + uint64_t bytes, | |
23238 | + uint64_t addtime, | |
23239 | + uint64_t usetime) | |
23240 | +{ | |
23241 | + int error = 0; | |
23242 | + struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)*pfkey_ext; | |
23243 | + | |
23244 | + DEBUGGING( | |
23245 | + "pfkey_lifetime_build:\n"); | |
23246 | + /* sanity checks... */ | |
23247 | + if(pfkey_lifetime) { | |
23248 | + DEBUGGING( | |
23249 | + "pfkey_lifetime_build:why is pfkey_lifetime already pointing to something?\n"); | |
23250 | + SENDERR(EINVAL); | |
23251 | + } | |
23252 | + | |
23253 | + if(exttype != SADB_EXT_LIFETIME_CURRENT && | |
23254 | + exttype != SADB_EXT_LIFETIME_HARD && | |
23255 | + exttype != SADB_EXT_LIFETIME_SOFT) { | |
23256 | + DEBUGGING( | |
23257 | + "pfkey_lifetime_build: invalid exttype=%d.\n", | |
23258 | + exttype); | |
23259 | + SENDERR(EINVAL); | |
23260 | + } | |
23261 | + | |
23262 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23263 | + pfkey_lifetime = (struct sadb_lifetime*) | |
23264 | + MALLOC(sizeof(struct sadb_lifetime)))) { | |
23265 | + DEBUGGING( | |
23266 | + "pfkey_lifetime_build: memory allocation failed\n"); | |
23267 | + SENDERR(ENOMEM); | |
23268 | + } | |
23269 | + memset(pfkey_lifetime, 0, sizeof(struct sadb_lifetime)); | |
23270 | + | |
23271 | + pfkey_lifetime->sadb_lifetime_len = sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN; | |
23272 | + pfkey_lifetime->sadb_lifetime_exttype = exttype; | |
23273 | + pfkey_lifetime->sadb_lifetime_allocations = allocations; | |
23274 | + pfkey_lifetime->sadb_lifetime_bytes = bytes; | |
23275 | + pfkey_lifetime->sadb_lifetime_addtime = addtime; | |
23276 | + pfkey_lifetime->sadb_lifetime_usetime = usetime; | |
23277 | + | |
23278 | +errlab: | |
23279 | + return error; | |
23280 | +} | |
23281 | + | |
23282 | +int | |
23283 | +pfkey_address_build(struct sadb_ext** pfkey_ext, | |
23284 | + uint16_t exttype, | |
23285 | + uint8_t proto, | |
23286 | + uint8_t prefixlen, | |
23287 | + struct sockaddr* address) | |
23288 | +{ | |
23289 | + int error = 0; | |
23290 | + int saddr_len = 0; | |
23291 | + char ipaddr_txt[ADDRTOT_BUF]; | |
23292 | + struct sadb_address *pfkey_address = (struct sadb_address *)*pfkey_ext; | |
23293 | + | |
23294 | + DEBUGGING( | |
23295 | + "pfkey_address_build: exttype=%d proto=%d prefixlen=%d\n", exttype, proto, prefixlen); | |
23296 | + /* sanity checks... */ | |
23297 | + if(pfkey_address) { | |
23298 | + DEBUGGING( | |
23299 | + "pfkey_address_build:why is pfkey_address already pointing to something?\n"); | |
23300 | + SENDERR(EINVAL); | |
23301 | + } | |
23302 | + | |
23303 | + if (!address) { | |
23304 | + DEBUGGING("pfkey_address_build: address is NULL\n"); | |
23305 | + SENDERR(EINVAL); | |
23306 | + } | |
23307 | + | |
23308 | + switch(exttype) { | |
23309 | + case SADB_EXT_ADDRESS_SRC: | |
23310 | + case SADB_EXT_ADDRESS_DST: | |
23311 | + case SADB_EXT_ADDRESS_PROXY: | |
23312 | + case SADB_X_EXT_ADDRESS_DST2: | |
23313 | + case SADB_X_EXT_ADDRESS_SRC_FLOW: | |
23314 | + case SADB_X_EXT_ADDRESS_DST_FLOW: | |
23315 | + case SADB_X_EXT_ADDRESS_SRC_MASK: | |
23316 | + case SADB_X_EXT_ADDRESS_DST_MASK: | |
23317 | + break; | |
23318 | + default: | |
23319 | + DEBUGGING( | |
23320 | + "pfkey_address_build: unrecognised ext_type=%d.\n", | |
23321 | + exttype); | |
23322 | + SENDERR(EINVAL); | |
23323 | + } | |
23324 | + | |
23325 | + switch(address->sa_family) { | |
23326 | + case AF_INET: | |
23327 | + DEBUGGING( | |
23328 | + "pfkey_address_build: found address family AF_INET.\n"); | |
23329 | + saddr_len = sizeof(struct sockaddr_in); | |
23330 | + sprintf(ipaddr_txt, "%d.%d.%d.%d" | |
23331 | + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 0) & 0xFF | |
23332 | + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 8) & 0xFF | |
23333 | + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 16) & 0xFF | |
23334 | + , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 24) & 0xFF); | |
23335 | + break; | |
23336 | + case AF_INET6: | |
23337 | + DEBUGGING( | |
23338 | + "pfkey_address_build: found address family AF_INET6.\n"); | |
23339 | + saddr_len = sizeof(struct sockaddr_in6); | |
23340 | + sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x" | |
23341 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[0]) | |
23342 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[1]) | |
23343 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[2]) | |
23344 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[3]) | |
23345 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[4]) | |
23346 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[5]) | |
23347 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[6]) | |
23348 | + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[7])); | |
23349 | + break; | |
23350 | + default: | |
23351 | + DEBUGGING( | |
23352 | + "pfkey_address_build: address->sa_family=%d not supported.\n", | |
23353 | + address->sa_family); | |
23354 | + SENDERR(EPFNOSUPPORT); | |
23355 | + } | |
23356 | + | |
23357 | + DEBUGGING( | |
23358 | + "pfkey_address_build: found address=%s.\n", | |
23359 | + ipaddr_txt); | |
23360 | + if(prefixlen != 0) { | |
23361 | + DEBUGGING( | |
23362 | + "pfkey_address_build: address prefixes not supported yet.\n"); | |
23363 | + SENDERR(EAFNOSUPPORT); /* not supported yet */ | |
23364 | + } | |
23365 | + | |
23366 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23367 | + pfkey_address = (struct sadb_address*) | |
23368 | + MALLOC(ALIGN_N(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN) ))) { | |
23369 | + DEBUGGING( | |
23370 | + "pfkey_lifetime_build: memory allocation failed\n"); | |
23371 | + SENDERR(ENOMEM); | |
23372 | + } | |
23373 | + memset(pfkey_address, | |
23374 | + 0, | |
23375 | + ALIGN_N(sizeof(struct sadb_address) + saddr_len, | |
23376 | + IPSEC_PFKEYv2_ALIGN)); | |
23377 | + | |
23378 | + pfkey_address->sadb_address_len = DIVUP(sizeof(struct sadb_address) + saddr_len, | |
23379 | + IPSEC_PFKEYv2_ALIGN); | |
23380 | + | |
23381 | + pfkey_address->sadb_address_exttype = exttype; | |
23382 | + pfkey_address->sadb_address_proto = proto; | |
23383 | + pfkey_address->sadb_address_prefixlen = prefixlen; | |
23384 | + pfkey_address->sadb_address_reserved = 0; | |
23385 | + | |
23386 | + memcpy((char*)pfkey_address + sizeof(struct sadb_address), | |
23387 | + address, | |
23388 | + saddr_len); | |
23389 | + | |
23390 | +#if 0 | |
23391 | + for(i = 0; i < sizeof(struct sockaddr_in) - offsetof(struct sockaddr_in, sin_zero); i++) { | |
23392 | + pfkey_address_s_ska.sin_zero[i] = 0; | |
23393 | + } | |
23394 | +#endif | |
23395 | + DEBUGGING( | |
23396 | + "pfkey_address_build: successful.\n"); | |
23397 | + | |
23398 | + errlab: | |
23399 | + return error; | |
23400 | +} | |
23401 | + | |
23402 | +int | |
23403 | +pfkey_key_build(struct sadb_ext** pfkey_ext, | |
23404 | + uint16_t exttype, | |
23405 | + uint16_t key_bits, | |
23406 | + char* key) | |
23407 | +{ | |
23408 | + int error = 0; | |
23409 | + struct sadb_key *pfkey_key = (struct sadb_key *)*pfkey_ext; | |
23410 | + | |
23411 | + DEBUGGING( | |
23412 | + "pfkey_key_build:\n"); | |
23413 | + /* sanity checks... */ | |
23414 | + if(pfkey_key) { | |
23415 | + DEBUGGING( | |
23416 | + "pfkey_key_build:why is pfkey_key already pointing to something?\n"); | |
23417 | + SENDERR(EINVAL); | |
23418 | + } | |
23419 | + | |
23420 | + if(!key_bits) { | |
23421 | + DEBUGGING( | |
23422 | + "pfkey_key_build: key_bits is zero, it must be non-zero.\n"); | |
23423 | + SENDERR(EINVAL); | |
23424 | + } | |
23425 | + | |
23426 | + if( !((exttype == SADB_EXT_KEY_AUTH) || (exttype == SADB_EXT_KEY_ENCRYPT))) { | |
23427 | + DEBUGGING( | |
23428 | + "pfkey_key_build: unsupported extension type=%d.\n", | |
23429 | + exttype); | |
23430 | + SENDERR(EINVAL); | |
23431 | + } | |
23432 | + | |
23433 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23434 | + pfkey_key = (struct sadb_key*) | |
23435 | + MALLOC(sizeof(struct sadb_key) + | |
23436 | + DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN))) { | |
23437 | + DEBUGGING( | |
23438 | + "pfkey_key_build: memory allocation failed\n"); | |
23439 | + SENDERR(ENOMEM); | |
23440 | + } | |
23441 | + memset(pfkey_key, | |
23442 | + 0, | |
23443 | + sizeof(struct sadb_key) + | |
23444 | + DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN); | |
23445 | + | |
23446 | + pfkey_key->sadb_key_len = DIVUP(sizeof(struct sadb_key) * IPSEC_PFKEYv2_ALIGN + key_bits, | |
23447 | + 64); | |
23448 | + pfkey_key->sadb_key_exttype = exttype; | |
23449 | + pfkey_key->sadb_key_bits = key_bits; | |
23450 | + pfkey_key->sadb_key_reserved = 0; | |
23451 | + memcpy((char*)pfkey_key + sizeof(struct sadb_key), | |
23452 | + key, | |
23453 | + DIVUP(key_bits, 8)); | |
23454 | + | |
23455 | +errlab: | |
23456 | + return error; | |
23457 | +} | |
23458 | + | |
23459 | +int | |
23460 | +pfkey_ident_build(struct sadb_ext** pfkey_ext, | |
23461 | + uint16_t exttype, | |
23462 | + uint16_t ident_type, | |
23463 | + uint64_t ident_id, | |
23464 | + char* ident_string) | |
23465 | +{ | |
23466 | + int error = 0; | |
23467 | + struct sadb_ident *pfkey_ident = (struct sadb_ident *)*pfkey_ext; | |
23468 | + | |
23469 | + DEBUGGING( | |
23470 | + "pfkey_ident_build:\n"); | |
23471 | + /* sanity checks... */ | |
23472 | + if(pfkey_ident) { | |
23473 | + DEBUGGING( | |
23474 | + "pfkey_ident_build:why is pfkey_ident already pointing to something?\n"); | |
23475 | + SENDERR(EINVAL); | |
23476 | + } | |
23477 | + | |
23478 | + if( ! ((exttype == SADB_EXT_IDENTITY_SRC) || | |
23479 | + (exttype == SADB_EXT_IDENTITY_DST))) { | |
23480 | + DEBUGGING( | |
23481 | + "pfkey_ident_build: unsupported extension type=%d.\n", | |
23482 | + exttype); | |
23483 | + SENDERR(EINVAL); | |
23484 | + } | |
23485 | + | |
23486 | + if((ident_type == SADB_IDENTTYPE_RESERVED)) { | |
23487 | + DEBUGGING( | |
23488 | + "pfkey_ident_build: ident_type must be non-zero.\n"); | |
23489 | + SENDERR(EINVAL); | |
23490 | + } | |
23491 | + | |
23492 | + if(ident_type > SADB_IDENTTYPE_MAX) { | |
23493 | + DEBUGGING( | |
23494 | + "pfkey_ident_build: identtype=%d out of range.\n", | |
23495 | + ident_type); | |
23496 | + SENDERR(EINVAL); | |
23497 | + } | |
23498 | + | |
23499 | + if(((ident_type == SADB_IDENTTYPE_PREFIX) || | |
23500 | + (ident_type == SADB_IDENTTYPE_FQDN)) && | |
23501 | + !ident_string) { | |
23502 | + DEBUGGING( | |
23503 | + "pfkey_ident_build: string required to allocate size of extension.\n"); | |
23504 | + SENDERR(EINVAL); | |
23505 | + } | |
23506 | + | |
23507 | +#if 0 | |
23508 | + if((ident_type == SADB_IDENTTYPE_USERFQDN) ) { | |
23509 | + } | |
23510 | +#endif | |
23511 | + | |
23512 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23513 | + pfkey_ident = (struct sadb_ident*) | |
23514 | + MALLOC(ALIGN_N(sizeof(struct sadb_key) + strlen(ident_string), IPSEC_PFKEYv2_ALIGN)))) { | |
23515 | + DEBUGGING( | |
23516 | + "pfkey_ident_build: memory allocation failed\n"); | |
23517 | + SENDERR(ENOMEM); | |
23518 | + } | |
23519 | + memset(pfkey_ident, | |
23520 | + 0, | |
23521 | + ALIGN_N(sizeof(struct sadb_ident) + strlen(ident_string), | |
23522 | + IPSEC_PFKEYv2_ALIGN)); | |
23523 | + | |
23524 | + pfkey_ident->sadb_ident_len = DIVUP(sizeof(struct sadb_ident) + strlen(ident_string), | |
23525 | + IPSEC_PFKEYv2_ALIGN); | |
23526 | + | |
23527 | + pfkey_ident->sadb_ident_exttype = exttype; | |
23528 | + pfkey_ident->sadb_ident_type = ident_type; | |
23529 | + pfkey_ident->sadb_ident_reserved = 0; | |
23530 | + pfkey_ident->sadb_ident_id = ident_id; | |
23531 | + memcpy((char*)pfkey_ident + sizeof(struct sadb_ident), | |
23532 | + ident_string, | |
23533 | + strlen(ident_string)); | |
23534 | + | |
23535 | + /* string terminator/padding must be zero */ | |
23536 | + /* Which one is better, I don't know... */ | |
23537 | +#if 0 | |
23538 | + for(i = strlen(ident_string); | |
23539 | + i < ALIGN_N(sizeof(struct sadb_ident) + strlen(ident_string), IPSEC_PFKEYv2_ALIGN); | |
23540 | + i++) { | |
23541 | + ((char*)pfkey_ident)[i] = 0; | |
23542 | + } | |
23543 | +#else | |
23544 | + memset(((char*)pfkey_ident) + sizeof(struct sadb_ident) + strlen(ident_string), | |
23545 | + 0, | |
23546 | + ALIGN_N(sizeof(struct sadb_ident) + strlen(ident_string), IPSEC_PFKEYv2_ALIGN) - | |
23547 | + sizeof(struct sadb_ident) + strlen(ident_string)); | |
23548 | +#endif | |
23549 | + | |
23550 | +errlab: | |
23551 | + return error; | |
23552 | +} | |
23553 | + | |
23554 | +int | |
23555 | +pfkey_sens_build(struct sadb_ext** pfkey_ext, | |
23556 | + uint32_t dpd, | |
23557 | + uint8_t sens_level, | |
23558 | + uint8_t sens_len, | |
23559 | + uint64_t* sens_bitmap, | |
23560 | + uint8_t integ_level, | |
23561 | + uint8_t integ_len, | |
23562 | + uint64_t* integ_bitmap) | |
23563 | +{ | |
23564 | + int error = 0; | |
23565 | + struct sadb_sens *pfkey_sens = (struct sadb_sens *)*pfkey_ext; | |
23566 | + int i; | |
23567 | + uint64_t* bitmap; | |
23568 | + | |
23569 | + DEBUGGING( | |
23570 | + "pfkey_sens_build:\n"); | |
23571 | + /* sanity checks... */ | |
23572 | + if(pfkey_sens) { | |
23573 | + DEBUGGING( | |
23574 | + "pfkey_sens_build:why is pfkey_sens already pointing to something?\n"); | |
23575 | + SENDERR(EINVAL); | |
23576 | + } | |
23577 | + | |
23578 | + DEBUGGING( | |
23579 | + "pfkey_sens_build: Sorry, I can't build exttype=%d yet.\n", | |
23580 | + (*pfkey_ext)->sadb_ext_type); | |
23581 | + SENDERR(EINVAL); /* don't process these yet */ | |
23582 | + | |
23583 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23584 | + pfkey_sens = (struct sadb_sens*) | |
23585 | + MALLOC(sizeof(struct sadb_sens) + | |
23586 | + (sens_len + integ_len) * sizeof(uint64_t)))) { | |
23587 | + DEBUGGING( | |
23588 | + "pfkey_sens_build: memory allocation failed\n"); | |
23589 | + SENDERR(ENOMEM); | |
23590 | + } | |
23591 | + memset(pfkey_sens, | |
23592 | + 0, | |
23593 | + sizeof(struct sadb_sens) + | |
23594 | + (sens_len + integ_len) * sizeof(uint64_t)); | |
23595 | + | |
23596 | + pfkey_sens->sadb_sens_len = (sizeof(struct sadb_sens) + | |
23597 | + (sens_len + integ_len) * sizeof(uint64_t)) / IPSEC_PFKEYv2_ALIGN; | |
23598 | + pfkey_sens->sadb_sens_exttype = SADB_EXT_SENSITIVITY; | |
23599 | + pfkey_sens->sadb_sens_dpd = dpd; | |
23600 | + pfkey_sens->sadb_sens_sens_level = sens_level; | |
23601 | + pfkey_sens->sadb_sens_sens_len = sens_len; | |
23602 | + pfkey_sens->sadb_sens_integ_level = integ_level; | |
23603 | + pfkey_sens->sadb_sens_integ_len = integ_len; | |
23604 | + pfkey_sens->sadb_sens_reserved = 0; | |
23605 | + | |
23606 | + bitmap = (uint64_t*)((char*)pfkey_ext + sizeof(struct sadb_sens)); | |
23607 | + for(i = 0; i < sens_len; i++) { | |
23608 | + *bitmap = sens_bitmap[i]; | |
23609 | + bitmap++; | |
23610 | + } | |
23611 | + for(i = 0; i < integ_len; i++) { | |
23612 | + *bitmap = integ_bitmap[i]; | |
23613 | + bitmap++; | |
23614 | + } | |
23615 | + | |
23616 | +errlab: | |
23617 | + return error; | |
23618 | +} | |
23619 | + | |
23620 | +int | |
23621 | +pfkey_prop_build(struct sadb_ext** pfkey_ext, | |
23622 | + uint8_t replay, | |
23623 | + unsigned int comb_num, | |
23624 | + struct sadb_comb* comb) | |
23625 | +{ | |
23626 | + int error = 0; | |
23627 | + int i; | |
23628 | + struct sadb_prop *pfkey_prop = (struct sadb_prop *)*pfkey_ext; | |
23629 | + struct sadb_comb *combp; | |
23630 | + | |
23631 | + DEBUGGING( | |
23632 | + "pfkey_prop_build:\n"); | |
23633 | + /* sanity checks... */ | |
23634 | + if(pfkey_prop) { | |
23635 | + DEBUGGING( | |
23636 | + "pfkey_prop_build:why is pfkey_prop already pointing to something?\n"); | |
23637 | + SENDERR(EINVAL); | |
23638 | + } | |
23639 | + | |
23640 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23641 | + pfkey_prop = (struct sadb_prop*) | |
23642 | + MALLOC(sizeof(struct sadb_prop) + | |
23643 | + comb_num * sizeof(struct sadb_comb)))) { | |
23644 | + DEBUGGING( | |
23645 | + "pfkey_prop_build: memory allocation failed\n"); | |
23646 | + SENDERR(ENOMEM); | |
23647 | + } | |
23648 | + memset(pfkey_prop, | |
23649 | + 0, | |
23650 | + sizeof(struct sadb_prop) + | |
23651 | + comb_num * sizeof(struct sadb_comb)); | |
23652 | + | |
23653 | + pfkey_prop->sadb_prop_len = (sizeof(struct sadb_prop) + | |
23654 | + comb_num * sizeof(struct sadb_comb)) / IPSEC_PFKEYv2_ALIGN; | |
23655 | + | |
23656 | + pfkey_prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; | |
23657 | + pfkey_prop->sadb_prop_replay = replay; | |
23658 | + | |
23659 | + for(i=0; i<3; i++) { | |
23660 | + pfkey_prop->sadb_prop_reserved[i] = 0; | |
23661 | + } | |
23662 | + | |
23663 | + combp = (struct sadb_comb*)((char*)*pfkey_ext + sizeof(struct sadb_prop)); | |
23664 | + for(i = 0; i < comb_num; i++) { | |
23665 | + memcpy (combp, &(comb[i]), sizeof(struct sadb_comb)); | |
23666 | + combp++; | |
23667 | + } | |
23668 | + | |
23669 | +#if 0 | |
23670 | + uint8_t sadb_comb_auth; | |
23671 | + uint8_t sadb_comb_encrypt; | |
23672 | + uint16_t sadb_comb_flags; | |
23673 | + uint16_t sadb_comb_auth_minbits; | |
23674 | + uint16_t sadb_comb_auth_maxbits; | |
23675 | + uint16_t sadb_comb_encrypt_minbits; | |
23676 | + uint16_t sadb_comb_encrypt_maxbits; | |
23677 | + uint32_t sadb_comb_reserved; | |
23678 | + uint32_t sadb_comb_soft_allocations; | |
23679 | + uint32_t sadb_comb_hard_allocations; | |
23680 | + uint64_t sadb_comb_soft_bytes; | |
23681 | + uint64_t sadb_comb_hard_bytes; | |
23682 | + uint64_t sadb_comb_soft_addtime; | |
23683 | + uint64_t sadb_comb_hard_addtime; | |
23684 | + uint64_t sadb_comb_soft_usetime; | |
23685 | + uint64_t sadb_comb_hard_usetime; | |
23686 | +#endif | |
23687 | +errlab: | |
23688 | + return error; | |
23689 | +} | |
23690 | + | |
23691 | +int | |
23692 | +pfkey_supported_build(struct sadb_ext** pfkey_ext, | |
23693 | + uint16_t exttype, | |
23694 | + unsigned int alg_num, | |
23695 | + struct sadb_alg* alg) | |
23696 | +{ | |
23697 | + int error = 0; | |
23698 | + unsigned int i; | |
23699 | + struct sadb_supported *pfkey_supported = (struct sadb_supported *)*pfkey_ext; | |
23700 | + struct sadb_alg *pfkey_alg; | |
23701 | + | |
23702 | + /* sanity checks... */ | |
23703 | + if(pfkey_supported) { | |
23704 | + DEBUGGING( | |
23705 | + "pfkey_supported_build:why is pfkey_supported already pointing to something?\n"); | |
23706 | + SENDERR(EINVAL); | |
23707 | + } | |
23708 | + | |
23709 | + if( !((exttype == SADB_EXT_SUPPORTED_AUTH) || (exttype == SADB_EXT_SUPPORTED_ENCRYPT))) { | |
23710 | + DEBUGGING( | |
23711 | + "pfkey_supported_build: unsupported extension type=%d.\n", | |
23712 | + exttype); | |
23713 | + SENDERR(EINVAL); | |
23714 | + } | |
23715 | + | |
23716 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23717 | + pfkey_supported = (struct sadb_supported*) | |
23718 | + MALLOC(sizeof(struct sadb_supported) + | |
23719 | + alg_num * | |
23720 | + sizeof(struct sadb_alg)))) { | |
23721 | + DEBUGGING( | |
23722 | + "pfkey_supported_build: memory allocation failed\n"); | |
23723 | + SENDERR(ENOMEM); | |
23724 | + } | |
23725 | + memset(pfkey_supported, | |
23726 | + 0, | |
23727 | + sizeof(struct sadb_supported) + | |
23728 | + alg_num * | |
23729 | + sizeof(struct sadb_alg)); | |
23730 | + | |
23731 | + pfkey_supported->sadb_supported_len = (sizeof(struct sadb_supported) + | |
23732 | + alg_num * | |
23733 | + sizeof(struct sadb_alg)) / | |
23734 | + IPSEC_PFKEYv2_ALIGN; | |
23735 | + pfkey_supported->sadb_supported_exttype = exttype; | |
23736 | + pfkey_supported->sadb_supported_reserved = 0; | |
23737 | + | |
23738 | + pfkey_alg = (struct sadb_alg*)((char*)pfkey_supported + sizeof(struct sadb_supported)); | |
23739 | + for(i = 0; i < alg_num; i++) { | |
23740 | + memcpy (pfkey_alg, &(alg[i]), sizeof(struct sadb_alg)); | |
23741 | + pfkey_alg->sadb_alg_reserved = 0; | |
23742 | + pfkey_alg++; | |
23743 | + } | |
23744 | + | |
23745 | +#if 0 | |
23746 | + DEBUGGING( | |
23747 | + "pfkey_supported_build: Sorry, I can't build exttype=%d yet.\n", | |
23748 | + (*pfkey_ext)->sadb_ext_type); | |
23749 | + SENDERR(EINVAL); /* don't process these yet */ | |
23750 | + | |
23751 | + uint8_t sadb_alg_id; | |
23752 | + uint8_t sadb_alg_ivlen; | |
23753 | + uint16_t sadb_alg_minbits; | |
23754 | + uint16_t sadb_alg_maxbits; | |
23755 | + uint16_t sadb_alg_reserved; | |
23756 | +#endif | |
23757 | +errlab: | |
23758 | + return error; | |
23759 | +} | |
23760 | + | |
23761 | +int | |
23762 | +pfkey_spirange_build(struct sadb_ext** pfkey_ext, | |
23763 | + uint16_t exttype, | |
23764 | + uint32_t min, /* in network order */ | |
23765 | + uint32_t max) /* in network order */ | |
23766 | +{ | |
23767 | + int error = 0; | |
23768 | + struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)*pfkey_ext; | |
23769 | + | |
23770 | + /* sanity checks... */ | |
23771 | + if(pfkey_spirange) { | |
23772 | + DEBUGGING( | |
23773 | + "pfkey_spirange_build:why is pfkey_spirange already pointing to something?\n"); | |
23774 | + SENDERR(EINVAL); | |
23775 | + } | |
23776 | + | |
23777 | + if(ntohl(max) < ntohl(min)) { | |
23778 | + DEBUGGING( | |
23779 | + "pfkey_spirange_build: minspi=%08x must be < maxspi=%08x.\n", | |
23780 | + ntohl(min), | |
23781 | + ntohl(max)); | |
23782 | + SENDERR(EINVAL); | |
23783 | + } | |
23784 | + | |
23785 | + if(ntohl(min) <= 255) { | |
23786 | + DEBUGGING( | |
23787 | + "pfkey_spirange_build: minspi=%08x must be > 255.\n", | |
23788 | + ntohl(min)); | |
23789 | + SENDERR(EEXIST); | |
23790 | + } | |
23791 | + | |
23792 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23793 | + pfkey_spirange = (struct sadb_spirange*) | |
23794 | + MALLOC(sizeof(struct sadb_spirange)))) { | |
23795 | + DEBUGGING( | |
23796 | + "pfkey_spirange_build: memory allocation failed\n"); | |
23797 | + SENDERR(ENOMEM); | |
23798 | + } | |
23799 | + memset(pfkey_spirange, | |
23800 | + 0, | |
23801 | + sizeof(struct sadb_spirange)); | |
23802 | + | |
23803 | + pfkey_spirange->sadb_spirange_len = sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN; | |
23804 | + | |
23805 | + pfkey_spirange->sadb_spirange_exttype = SADB_EXT_SPIRANGE; | |
23806 | + pfkey_spirange->sadb_spirange_min = min; | |
23807 | + pfkey_spirange->sadb_spirange_max = max; | |
23808 | + pfkey_spirange->sadb_spirange_reserved = 0; | |
23809 | + errlab: | |
23810 | + return error; | |
23811 | +} | |
23812 | + | |
23813 | +int | |
23814 | +pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext) | |
23815 | +{ | |
23816 | + int error = 0; | |
23817 | + struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)*pfkey_ext; | |
23818 | + | |
23819 | + /* sanity checks... */ | |
23820 | + if(pfkey_x_kmprivate) { | |
23821 | + DEBUGGING( | |
23822 | + "pfkey_x_kmprivate_build:why is pfkey_x_kmprivate already pointing to something?\n"); | |
23823 | + SENDERR(EINVAL); | |
23824 | + } | |
23825 | + | |
23826 | + pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0; | |
23827 | + | |
23828 | + DEBUGGING( | |
23829 | + "pfkey_x_kmprivate_build: Sorry, I can't build exttype=%d yet.\n", | |
23830 | + (*pfkey_ext)->sadb_ext_type); | |
23831 | + SENDERR(EINVAL); /* don't process these yet */ | |
23832 | + | |
23833 | + if(!(*pfkey_ext = (struct sadb_ext*) | |
23834 | + pfkey_x_kmprivate = (struct sadb_x_kmprivate*) | |
23835 | + MALLOC(sizeof(struct sadb_x_kmprivate)))) { | |
23836 | + DEBUGGING( | |
23837 | + "pfkey_x_kmprivate_build: memory allocation failed\n"); | |
23838 | + SENDERR(ENOMEM); | |
23839 | + } | |
23840 | + memset(pfkey_x_kmprivate, | |
23841 | + 0, | |
23842 | + sizeof(struct sadb_x_kmprivate)); | |
23843 | + | |
23844 | + pfkey_x_kmprivate->sadb_x_kmprivate_len = | |
23845 | + sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN; | |
23846 | + | |
23847 | + pfkey_x_kmprivate->sadb_x_kmprivate_exttype = SADB_X_EXT_KMPRIVATE; | |
23848 | + pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0; | |
23849 | +errlab: | |
23850 | + return error; | |
23851 | +} | |
23852 | + | |
23853 | +int | |
23854 | +pfkey_x_satype_build(struct sadb_ext** pfkey_ext, | |
23855 | + uint8_t satype) | |
23856 | +{ | |
23857 | + int error = 0; | |
23858 | + int i; | |
23859 | + struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)*pfkey_ext; | |
23860 | + | |
23861 | + DEBUGGING( | |
23862 | + "pfkey_x_satype_build:\n"); | |
23863 | + /* sanity checks... */ | |
23864 | + if(pfkey_x_satype) { | |
23865 | + DEBUGGING( | |
23866 | + "pfkey_x_satype_build:why is pfkey_x_satype already pointing to something?\n"); | |
23867 | + SENDERR(EINVAL); | |
23868 | + } | |
23869 | + | |
23870 | + if(!satype) { | |
23871 | + DEBUGGING( | |
23872 | + "pfkey_x_satype_build: SA type not set, must be non-zero.\n"); | |
23873 | + SENDERR(EINVAL); | |
23874 | + } | |
23875 | + | |
23876 | + if(satype > SADB_SATYPE_MAX) { | |
23877 | + DEBUGGING( | |
23878 | + "pfkey_x_satype_build: satype %d > max %d\n", | |
23879 | + satype, SADB_SATYPE_MAX); | |
23880 | + SENDERR(EINVAL); | |
23881 | + } | |
23882 | + | |
23883 | + if(!(*pfkey_ext = (struct sadb_ext*)pfkey_x_satype = (struct sadb_x_satype*) | |
23884 | + MALLOC(sizeof(struct sadb_x_satype)))) { | |
23885 | + DEBUGGING( | |
23886 | + "pfkey_x_satype_build: memory allocation failed\n"); | |
23887 | + SENDERR(ENOMEM); | |
23888 | + } | |
23889 | + memset(pfkey_x_satype, | |
23890 | + 0, | |
23891 | + sizeof(struct sadb_x_satype)); | |
23892 | + | |
23893 | + pfkey_x_satype->sadb_x_satype_len = sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN; | |
23894 | + | |
23895 | + pfkey_x_satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2; | |
23896 | + pfkey_x_satype->sadb_x_satype_satype = satype; | |
23897 | + for(i=0; i<3; i++) { | |
23898 | + pfkey_x_satype->sadb_x_satype_reserved[i] = 0; | |
23899 | + } | |
23900 | + | |
23901 | +errlab: | |
23902 | + return error; | |
23903 | +} | |
23904 | + | |
23905 | +int | |
23906 | +pfkey_x_debug_build(struct sadb_ext** pfkey_ext, | |
23907 | + uint32_t tunnel, | |
23908 | + uint32_t netlink, | |
23909 | + uint32_t xform, | |
23910 | + uint32_t eroute, | |
23911 | + uint32_t spi, | |
23912 | + uint32_t radij, | |
23913 | + uint32_t esp, | |
23914 | + uint32_t ah, | |
23915 | + uint32_t rcv, | |
23916 | + uint32_t pfkey, | |
23917 | + uint32_t ipcomp, | |
23918 | + uint32_t verbose) | |
23919 | +{ | |
23920 | + int error = 0; | |
23921 | + int i; | |
23922 | + struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)*pfkey_ext; | |
23923 | + | |
23924 | + DEBUGGING( | |
23925 | + "pfkey_x_debug_build:\n"); | |
23926 | + /* sanity checks... */ | |
23927 | + if(pfkey_x_debug) { | |
23928 | + DEBUGGING( | |
23929 | + "pfkey_x_debug_build:why is pfkey_x_debug already pointing to something?\n"); | |
23930 | + SENDERR(EINVAL); | |
23931 | + } | |
23932 | + | |
23933 | + DEBUGGING( | |
23934 | + "pfkey_x_debug_build:tunnel=%x netlink=%x xform=%x eroute=%x spi=%x radij=%x esp=%x ah=%x rcv=%x pfkey=%x ipcomp=%x verbose=%x?\n", | |
23935 | + tunnel, netlink, xform, eroute, spi, radij, esp, ah, rcv, pfkey, ipcomp, verbose); | |
23936 | + | |
23937 | + if(!(*pfkey_ext = (struct sadb_ext*)pfkey_x_debug = (struct sadb_x_debug*) | |
23938 | + MALLOC(sizeof(struct sadb_x_debug)))) { | |
23939 | + DEBUGGING( | |
23940 | + "pfkey_x_debug_build: memory allocation failed\n"); | |
23941 | + SENDERR(ENOMEM); | |
23942 | + } | |
23943 | +#if 0 | |
23944 | + memset(pfkey_x_debug, | |
23945 | + 0, | |
23946 | + sizeof(struct sadb_x_debug)); | |
23947 | +#endif | |
23948 | + | |
23949 | + pfkey_x_debug->sadb_x_debug_len = sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN; | |
23950 | + pfkey_x_debug->sadb_x_debug_exttype = SADB_X_EXT_DEBUG; | |
23951 | + | |
23952 | + pfkey_x_debug->sadb_x_debug_tunnel = tunnel; | |
23953 | + pfkey_x_debug->sadb_x_debug_netlink = netlink; | |
23954 | + pfkey_x_debug->sadb_x_debug_xform = xform; | |
23955 | + pfkey_x_debug->sadb_x_debug_eroute = eroute; | |
23956 | + pfkey_x_debug->sadb_x_debug_spi = spi; | |
23957 | + pfkey_x_debug->sadb_x_debug_radij = radij; | |
23958 | + pfkey_x_debug->sadb_x_debug_esp = esp; | |
23959 | + pfkey_x_debug->sadb_x_debug_ah = ah; | |
23960 | + pfkey_x_debug->sadb_x_debug_rcv = rcv; | |
23961 | + pfkey_x_debug->sadb_x_debug_pfkey = pfkey; | |
23962 | + pfkey_x_debug->sadb_x_debug_ipcomp = ipcomp; | |
23963 | + pfkey_x_debug->sadb_x_debug_verbose = verbose; | |
23964 | + | |
23965 | + for(i=0; i<4; i++) { | |
23966 | + pfkey_x_debug->sadb_x_debug_reserved[i] = 0; | |
23967 | + } | |
23968 | + | |
23969 | +errlab: | |
23970 | + return error; | |
23971 | +} | |
23972 | + | |
23973 | +#if I_DONT_THINK_THIS_WILL_BE_USEFUL | |
23974 | +int (*ext_default_builders[SADB_EXT_MAX +1])(struct sadb_msg*, struct sadb_ext*) | |
23975 | + = | |
23976 | +{ | |
23977 | + NULL, /* pfkey_msg_build, */ | |
23978 | + pfkey_sa_build, | |
23979 | + pfkey_lifetime_build, | |
23980 | + pfkey_lifetime_build, | |
23981 | + pfkey_lifetime_build, | |
23982 | + pfkey_address_build, | |
23983 | + pfkey_address_build, | |
23984 | + pfkey_address_build, | |
23985 | + pfkey_key_build, | |
23986 | + pfkey_key_build, | |
23987 | + pfkey_ident_build, | |
23988 | + pfkey_ident_build, | |
23989 | + pfkey_sens_build, | |
23990 | + pfkey_prop_build, | |
23991 | + pfkey_supported_build, | |
23992 | + pfkey_supported_build, | |
23993 | + pfkey_spirange_build, | |
23994 | + pfkey_x_kmprivate_build, | |
23995 | + pfkey_x_satype_build, | |
23996 | + pfkey_sa_build, | |
23997 | + pfkey_address_build, | |
23998 | + pfkey_address_build, | |
23999 | + pfkey_address_build, | |
24000 | + pfkey_address_build, | |
24001 | + pfkey_address_build, | |
24002 | + pfkey_x_ext_debug_build | |
24003 | +}; | |
24004 | +#endif | |
24005 | + | |
24006 | +int | |
24007 | +pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int dir) | |
24008 | +{ | |
24009 | + int error = 0; | |
24010 | + int ext; | |
24011 | + int total_size; | |
24012 | + struct sadb_ext *pfkey_ext; | |
24013 | + int extensions_seen = 0; | |
24014 | + struct sadb_ext *extensions_check[SADB_EXT_MAX + 1]; | |
24015 | + | |
24016 | + if(!extensions[0]) { | |
24017 | + DEBUGGING( | |
24018 | + "pfkey_msg_build: extensions[0] must be specified (struct sadb_msg).\n"); | |
24019 | + SENDERR(EINVAL); | |
24020 | + } | |
24021 | + | |
24022 | + total_size = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; | |
24023 | + for(ext = 1; ext <= SADB_EXT_MAX; ext++) { | |
24024 | + if(extensions[ext]) { | |
24025 | + total_size += (extensions[ext])->sadb_ext_len; | |
24026 | + } | |
24027 | + } | |
24028 | + | |
24029 | + if(!(*pfkey_msg = (struct sadb_msg*)MALLOC(total_size * IPSEC_PFKEYv2_ALIGN))) { | |
24030 | + DEBUGGING( | |
24031 | + "pfkey_msg_build: memory allocation failed\n"); | |
24032 | + SENDERR(ENOMEM); | |
24033 | + } | |
24034 | + | |
24035 | + DEBUGGING( | |
24036 | + "pfkey_msg_build: pfkey_msg=%p allocated %d bytes, &(extensions[0])=%p\n", | |
24037 | + *pfkey_msg, | |
24038 | + total_size * IPSEC_PFKEYv2_ALIGN, | |
24039 | + &(extensions[0])); | |
24040 | + memcpy(*pfkey_msg, | |
24041 | + extensions[0], | |
24042 | + sizeof(struct sadb_msg)); | |
24043 | + (*pfkey_msg)->sadb_msg_len = total_size; | |
24044 | + (*pfkey_msg)->sadb_msg_reserved = 0; | |
24045 | + extensions_seen = 1 ; | |
24046 | + | |
24047 | + pfkey_ext = (struct sadb_ext*)(((char*)(*pfkey_msg)) + sizeof(struct sadb_msg)); | |
24048 | + | |
24049 | + for(ext = 1; ext <= SADB_EXT_MAX; ext++) { | |
24050 | + /* copy from extension[ext] to buffer */ | |
24051 | + if(extensions[ext]) { | |
24052 | + /* Is this type of extension permitted for this type of message? */ | |
24053 | + if(!(extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type] & | |
24054 | + 1<<ext)) { | |
24055 | + DEBUGGING( | |
24056 | + "pfkey_msg_build: " | |
24057 | + "ext type %d not permitted, exts_perm=%08x, 1<<type=%08x\n", | |
24058 | + ext, | |
24059 | + extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type], | |
24060 | + 1<<ext); | |
24061 | + SENDERR(EINVAL); | |
24062 | + } | |
24063 | + DEBUGGING( | |
24064 | + "pfkey_msg_build: copying %d bytes from extensions[%d]=%p to=%p\n", | |
24065 | + (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN, | |
24066 | + ext, | |
24067 | + (extensions[ext]), | |
24068 | + pfkey_ext); | |
24069 | + memcpy(pfkey_ext, | |
24070 | + extensions[ext], | |
24071 | + (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); | |
24072 | + ((char*)pfkey_ext) += (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN; | |
24073 | + /* Mark that we have seen this extension and remember the header location */ | |
24074 | + extensions_seen |= ( 1 << ext ); | |
24075 | + } | |
24076 | + } | |
24077 | + | |
24078 | + /* check required extensions */ | |
24079 | + DEBUGGING( | |
24080 | + "pfkey_msg_build: extensions " | |
24081 | + "permitted=%08x, seen=%08x, required=%08x.\n", | |
24082 | + extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type], | |
24083 | + extensions_seen, | |
24084 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]); | |
24085 | + | |
24086 | + if((extensions_seen & | |
24087 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) != | |
24088 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) { | |
24089 | + DEBUGGING( | |
24090 | + "pfkey_msg_build: required extensions missing:%08x.\n", | |
24091 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type] - | |
24092 | + (extensions_seen & | |
24093 | + extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) ); | |
24094 | + SENDERR(EINVAL); | |
24095 | + } | |
24096 | + | |
24097 | + if((error = pfkey_msg_parse(*pfkey_msg, NULL, extensions_check, dir))) { | |
24098 | + DEBUGGING( | |
24099 | + "pfkey_msg_build: Trouble parsing newly built pfkey message, error=%d.\n", | |
24100 | + error); | |
24101 | + SENDERR(-error); | |
24102 | + } | |
24103 | + | |
24104 | +errlab: | |
24105 | + | |
24106 | + return error; | |
24107 | +} | |
24108 | + | |
24109 | +/* | |
24110 | + * $Log$ | |
24111 | + * Revision 1.21 2000/11/17 18:10:30 rgb | |
24112 | + * Fixed bugs mostly relating to spirange, to treat all spi variables as | |
24113 | + * network byte order since this is the way PF_KEYv2 stored spis. | |
24114 | + * | |
24115 | + * Revision 1.20 2000/10/12 00:02:39 rgb | |
24116 | + * Removed 'format, ##' nonsense from debug macros for RH7.0. | |
24117 | + * | |
24118 | + * Revision 1.19 2000/10/10 20:10:20 rgb | |
24119 | + * Added support for debug_ipcomp and debug_verbose to klipsdebug. | |
24120 | + * | |
24121 | + * Revision 1.18 2000/09/12 18:59:54 rgb | |
24122 | + * Added Gerhard's IPv6 support to pfkey parts of libfreeswan. | |
24123 | + * | |
24124 | + * Revision 1.17 2000/09/12 03:27:00 rgb | |
24125 | + * Moved DEBUGGING definition to compile kernel with debug off. | |
24126 | + * | |
24127 | + * Revision 1.16 2000/09/08 19:22:12 rgb | |
24128 | + * Fixed pfkey_prop_build() parameter to be only single indirection. | |
24129 | + * Fixed struct alg copy. | |
24130 | + * | |
24131 | + * Revision 1.15 2000/08/20 21:40:01 rgb | |
24132 | + * Added an address parameter sanity check to pfkey_address_build(). | |
24133 | + * | |
24134 | + * Revision 1.14 2000/08/15 17:29:23 rgb | |
24135 | + * Fixes from SZI to untested pfkey_prop_build(). | |
24136 | + * | |
24137 | + * Revision 1.13 2000/06/02 22:54:14 rgb | |
24138 | + * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support. | |
24139 | + * | |
24140 | + * Revision 1.12 2000/05/10 19:24:01 rgb | |
24141 | + * Fleshed out sensitivity, proposal and supported extensions. | |
24142 | + * | |
24143 | + * Revision 1.11 2000/03/16 14:07:23 rgb | |
24144 | + * Renamed ALIGN macro to avoid fighting with others in kernel. | |
24145 | + * | |
24146 | + * Revision 1.10 2000/01/24 21:14:35 rgb | |
24147 | + * Added disabled pluto pfkey lib debug flag. | |
24148 | + * | |
24149 | + * Revision 1.9 2000/01/21 06:27:32 rgb | |
24150 | + * Added address cases for eroute flows. | |
24151 | + * Removed unused code. | |
24152 | + * Dropped unused argument to pfkey_x_satype_build(). | |
24153 | + * Indented compiler directives for readability. | |
24154 | + * Added klipsdebug switching capability. | |
24155 | + * Fixed SADB_EXT_MAX bug not permitting last extension access. | |
24156 | + * | |
24157 | + * Revision 1.8 1999/12/29 21:17:41 rgb | |
24158 | + * Changed pfkey_msg_build() I/F to include a struct sadb_msg** | |
24159 | + * parameter for cleaner manipulation of extensions[] and to guard | |
24160 | + * against potential memory leaks. | |
24161 | + * Changed the I/F to pfkey_msg_free() for the same reason. | |
24162 | + * | |
24163 | + * Revision 1.7 1999/12/09 23:12:20 rgb | |
24164 | + * Removed unused cruft. | |
24165 | + * Added argument to pfkey_sa_build() to do eroutes. | |
24166 | + * Fixed exttype check in as yet unused pfkey_lifetime_build(). | |
24167 | + * | |
24168 | + * Revision 1.6 1999/12/07 19:54:29 rgb | |
24169 | + * Removed static pluto debug flag. | |
24170 | + * Added functions for pfkey message and extensions initialisation | |
24171 | + * and cleanup. | |
24172 | + * | |
24173 | + * Revision 1.5 1999/12/01 22:20:06 rgb | |
24174 | + * Changed pfkey_sa_build to accept an SPI in network byte order. | |
24175 | + * Added <string.h> to quiet userspace compiler. | |
24176 | + * Moved pfkey_lib_debug variable into the library. | |
24177 | + * Removed SATYPE check from pfkey_msg_hdr_build so FLUSH will work. | |
24178 | + * Added extension assembly debugging. | |
24179 | + * Isolated assignment with brackets to be sure of scope. | |
24180 | + * | |
24181 | + * Revision 1.4 1999/11/27 11:57:35 rgb | |
24182 | + * Added ipv6 headers. | |
24183 | + * Remove over-zealous algorithm sanity checkers from pfkey_sa_build. | |
24184 | + * Debugging error messages added. | |
24185 | + * Fixed missing auth and encrypt assignment bug. | |
24186 | + * Add argument to pfkey_msg_parse() for direction. | |
24187 | + * Move parse-after-build check inside pfkey_msg_build(). | |
24188 | + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. | |
24189 | + * Add CVS log entry to bottom of file. | |
24190 | + * | |
24191 | + */ | |
24192 | diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_ext_bits.c linux/net/ipsec/libfreeswan/pfkey_v2_ext_bits.c | |
24193 | --- linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_ext_bits.c Thu Jan 1 01:00:00 1970 | |
24194 | +++ linux/net/ipsec/libfreeswan/pfkey_v2_ext_bits.c Wed Sep 13 00:35:37 2000 | |
24195 | @@ -0,0 +1,696 @@ | |
24196 | +/* | |
24197 | + * RFC2367 PF_KEYv2 Key management API message parser | |
24198 | + * Copyright (C) 1999 Richard Guy Briggs. | |
24199 | + * | |
24200 | + * This program is free software; you can redistribute it and/or modify it | |
24201 | + * under the terms of the GNU General Public License as published by the | |
24202 | + * Free Software Foundation; either version 2 of the License, or (at your | |
24203 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
24204 | + * | |
24205 | + * This program is distributed in the hope that it will be useful, but | |
24206 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
24207 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
24208 | + * for more details. | |
24209 | + * | |
24210 | + * RCSID $Id$ | |
24211 | + */ | |
24212 | + | |
24213 | +/* | |
24214 | + * Template from klips/net/ipsec/ipsec/ipsec_parse.c. | |
24215 | + */ | |
24216 | + | |
24217 | +char pfkey_v2_ext_bits_c_version[] = "$Id$"; | |
24218 | + | |
24219 | +/* | |
24220 | + * Some ugly stuff to allow consistent debugging code for use in the | |
24221 | + * kernel and in user space | |
24222 | +*/ | |
24223 | + | |
24224 | +#ifdef __KERNEL__ | |
24225 | + | |
24226 | +#include <linux/kernel.h> /* for printk */ | |
24227 | + | |
24228 | +#include <linux/malloc.h> /* kmalloc() */ | |
24229 | +#include <linux/errno.h> /* error codes */ | |
24230 | +#include <linux/types.h> /* size_t */ | |
24231 | +#include <linux/interrupt.h> /* mark_bh */ | |
24232 | + | |
24233 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
24234 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
24235 | +#include <linux/ip.h> /* struct iphdr */ | |
24236 | +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
24237 | +#include <linux/ipv6.h> | |
24238 | +#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ | |
24239 | + | |
24240 | +#else /* __KERNEL__ */ | |
24241 | + | |
24242 | +#include <sys/types.h> | |
24243 | +#include <linux/types.h> | |
24244 | +#include <linux/errno.h> | |
24245 | +#endif | |
24246 | + | |
24247 | +#include <freeswan.h> | |
24248 | +#include <pfkeyv2.h> | |
24249 | +#include <pfkey.h> | |
24250 | + | |
24251 | +unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/] = { | |
24252 | + | |
24253 | +/* INBOUND EXTENSIONS */ | |
24254 | +{ | |
24255 | + | |
24256 | +/* PERMITTED IN */ | |
24257 | +{ | |
24258 | +/* SADB_RESERVED */ | |
24259 | +0 | |
24260 | +, | |
24261 | +/* SADB_GETSPI */ | |
24262 | +1<<SADB_EXT_RESERVED | |
24263 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24264 | +| 1<<SADB_EXT_ADDRESS_DST | |
24265 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24266 | +| 1<<SADB_EXT_SPIRANGE | |
24267 | +, | |
24268 | +/* SADB_UPDATE */ | |
24269 | +1<<SADB_EXT_RESERVED | |
24270 | +| 1<<SADB_EXT_SA | |
24271 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24272 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24273 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24274 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24275 | +| 1<<SADB_EXT_ADDRESS_DST | |
24276 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24277 | +| 1<<SADB_EXT_KEY_AUTH | |
24278 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24279 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24280 | +| 1<<SADB_EXT_IDENTITY_DST | |
24281 | +| 1<<SADB_EXT_SENSITIVITY | |
24282 | +, | |
24283 | +/* SADB_ADD */ | |
24284 | +1<<SADB_EXT_RESERVED | |
24285 | +| 1<<SADB_EXT_SA | |
24286 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24287 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24288 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24289 | +| 1<<SADB_EXT_ADDRESS_DST | |
24290 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24291 | +| 1<<SADB_EXT_KEY_AUTH | |
24292 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24293 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24294 | +| 1<<SADB_EXT_IDENTITY_DST | |
24295 | +| 1<<SADB_EXT_SENSITIVITY | |
24296 | +, | |
24297 | +/* SADB_DELETE */ | |
24298 | +1<<SADB_EXT_RESERVED | |
24299 | +| 1<<SADB_EXT_SA | |
24300 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24301 | +| 1<<SADB_EXT_ADDRESS_DST | |
24302 | +, | |
24303 | +/* SADB_GET */ | |
24304 | +1<<SADB_EXT_RESERVED | |
24305 | +| 1<<SADB_EXT_SA | |
24306 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24307 | +| 1<<SADB_EXT_ADDRESS_DST | |
24308 | +, | |
24309 | +/* SADB_ACQUIRE */ | |
24310 | +1<<SADB_EXT_RESERVED | |
24311 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24312 | +| 1<<SADB_EXT_ADDRESS_DST | |
24313 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24314 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24315 | +| 1<<SADB_EXT_IDENTITY_DST | |
24316 | +| 1<<SADB_EXT_SENSITIVITY | |
24317 | +| 1<<SADB_EXT_PROPOSAL | |
24318 | +, | |
24319 | +/* SADB_REGISTER */ | |
24320 | +1<<SADB_EXT_RESERVED | |
24321 | +, | |
24322 | +/* SADB_EXPIRE */ | |
24323 | +0 | |
24324 | +, | |
24325 | +/* SADB_FLUSH */ | |
24326 | +1<<SADB_EXT_RESERVED | |
24327 | +, | |
24328 | +/* SADB_DUMP */ | |
24329 | +1<<SADB_EXT_RESERVED | |
24330 | +, | |
24331 | +/* SADB_X_PROMISC */ | |
24332 | +1<<SADB_EXT_RESERVED | |
24333 | +| 1<<SADB_EXT_SA | |
24334 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24335 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24336 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24337 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24338 | +| 1<<SADB_EXT_ADDRESS_DST | |
24339 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24340 | +| 1<<SADB_EXT_KEY_AUTH | |
24341 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24342 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24343 | +| 1<<SADB_EXT_IDENTITY_DST | |
24344 | +| 1<<SADB_EXT_SENSITIVITY | |
24345 | +| 1<<SADB_EXT_PROPOSAL | |
24346 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
24347 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
24348 | +| 1<<SADB_EXT_SPIRANGE | |
24349 | +| 1<<SADB_X_EXT_KMPRIVATE | |
24350 | +| 1<<SADB_X_EXT_SATYPE2 | |
24351 | +| 1<<SADB_X_EXT_SA2 | |
24352 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24353 | +, | |
24354 | +/* SADB_X_PCHANGE */ | |
24355 | +1<<SADB_EXT_RESERVED | |
24356 | +| 1<<SADB_EXT_SA | |
24357 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24358 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24359 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24360 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24361 | +| 1<<SADB_EXT_ADDRESS_DST | |
24362 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24363 | +| 1<<SADB_EXT_KEY_AUTH | |
24364 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24365 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24366 | +| 1<<SADB_EXT_IDENTITY_DST | |
24367 | +| 1<<SADB_EXT_SENSITIVITY | |
24368 | +| 1<<SADB_EXT_PROPOSAL | |
24369 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
24370 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
24371 | +| 1<<SADB_EXT_SPIRANGE | |
24372 | +| 1<<SADB_X_EXT_KMPRIVATE | |
24373 | +| 1<<SADB_X_EXT_SATYPE2 | |
24374 | +| 1<<SADB_X_EXT_SA2 | |
24375 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24376 | +, | |
24377 | +/* SADB_X_GRPSA */ | |
24378 | +1<<SADB_EXT_RESERVED | |
24379 | +| 1<<SADB_EXT_SA | |
24380 | +| 1<<SADB_EXT_ADDRESS_DST | |
24381 | +| 1<<SADB_X_EXT_SATYPE2 | |
24382 | +| 1<<SADB_X_EXT_SA2 | |
24383 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24384 | +, | |
24385 | +/* SADB_X_ADDFLOW */ | |
24386 | +1<<SADB_EXT_RESERVED | |
24387 | +| 1<<SADB_EXT_SA | |
24388 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24389 | +| 1<<SADB_EXT_ADDRESS_DST | |
24390 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
24391 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
24392 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
24393 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
24394 | +, | |
24395 | +/* SADB_X_DELFLOW */ | |
24396 | +1<<SADB_EXT_RESERVED | |
24397 | +| 1<<SADB_EXT_SA | |
24398 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
24399 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
24400 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
24401 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
24402 | +, | |
24403 | +/* SADB_X_DEBUG */ | |
24404 | +1<<SADB_EXT_RESERVED | |
24405 | +| 1<<SADB_X_EXT_DEBUG | |
24406 | +}, | |
24407 | + | |
24408 | +/* REQUIRED IN */ | |
24409 | +{ | |
24410 | +/* SADB_RESERVED */ | |
24411 | +0 | |
24412 | +, | |
24413 | +/* SADB_GETSPI */ | |
24414 | +1<<SADB_EXT_RESERVED | |
24415 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24416 | +| 1<<SADB_EXT_ADDRESS_DST | |
24417 | +| 1<<SADB_EXT_SPIRANGE | |
24418 | +, | |
24419 | +/* SADB_UPDATE */ | |
24420 | +1<<SADB_EXT_RESERVED | |
24421 | +| 1<<SADB_EXT_SA | |
24422 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24423 | +| 1<<SADB_EXT_ADDRESS_DST | |
24424 | +| 1<<SADB_EXT_KEY_AUTH | |
24425 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24426 | +, | |
24427 | +/* SADB_ADD */ | |
24428 | +1<<SADB_EXT_RESERVED | |
24429 | +| 1<<SADB_EXT_SA | |
24430 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24431 | +| 1<<SADB_EXT_ADDRESS_DST | |
24432 | +/*| 1<<SADB_EXT_KEY_AUTH*/ | |
24433 | +/*| 1<<SADB_EXT_KEY_ENCRYPT*/ | |
24434 | +, | |
24435 | +/* SADB_DELETE */ | |
24436 | +1<<SADB_EXT_RESERVED | |
24437 | +| 1<<SADB_EXT_SA | |
24438 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24439 | +| 1<<SADB_EXT_ADDRESS_DST | |
24440 | +, | |
24441 | +/* SADB_GET */ | |
24442 | +1<<SADB_EXT_RESERVED | |
24443 | +| 1<<SADB_EXT_SA | |
24444 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24445 | +| 1<<SADB_EXT_ADDRESS_DST | |
24446 | +, | |
24447 | +/* SADB_ACQUIRE */ | |
24448 | +1<<SADB_EXT_RESERVED | |
24449 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24450 | +| 1<<SADB_EXT_ADDRESS_DST | |
24451 | +| 1<<SADB_EXT_PROPOSAL | |
24452 | +, | |
24453 | +/* SADB_REGISTER */ | |
24454 | +1<<SADB_EXT_RESERVED | |
24455 | +, | |
24456 | +/* SADB_EXPIRE */ | |
24457 | +0 | |
24458 | +, | |
24459 | +/* SADB_FLUSH */ | |
24460 | +1<<SADB_EXT_RESERVED | |
24461 | +, | |
24462 | +/* SADB_DUMP */ | |
24463 | +1<<SADB_EXT_RESERVED | |
24464 | +, | |
24465 | +/* SADB_X_PROMISC */ | |
24466 | +1<<SADB_EXT_RESERVED | |
24467 | +| 1<<SADB_EXT_SA | |
24468 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24469 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24470 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24471 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24472 | +| 1<<SADB_EXT_ADDRESS_DST | |
24473 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24474 | +| 1<<SADB_EXT_KEY_AUTH | |
24475 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24476 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24477 | +| 1<<SADB_EXT_IDENTITY_DST | |
24478 | +| 1<<SADB_EXT_SENSITIVITY | |
24479 | +| 1<<SADB_EXT_PROPOSAL | |
24480 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
24481 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
24482 | +| 1<<SADB_EXT_SPIRANGE | |
24483 | +| 1<<SADB_X_EXT_KMPRIVATE | |
24484 | +| 1<<SADB_X_EXT_SATYPE2 | |
24485 | +| 1<<SADB_X_EXT_SA2 | |
24486 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24487 | +, | |
24488 | +/* SADB_X_PCHANGE */ | |
24489 | +1<<SADB_EXT_RESERVED | |
24490 | +| 1<<SADB_EXT_SA | |
24491 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24492 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24493 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24494 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24495 | +| 1<<SADB_EXT_ADDRESS_DST | |
24496 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24497 | +| 1<<SADB_EXT_KEY_AUTH | |
24498 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24499 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24500 | +| 1<<SADB_EXT_IDENTITY_DST | |
24501 | +| 1<<SADB_EXT_SENSITIVITY | |
24502 | +| 1<<SADB_EXT_PROPOSAL | |
24503 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
24504 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
24505 | +| 1<<SADB_EXT_SPIRANGE | |
24506 | +| 1<<SADB_X_EXT_KMPRIVATE | |
24507 | +| 1<<SADB_X_EXT_SATYPE2 | |
24508 | +| 1<<SADB_X_EXT_SA2 | |
24509 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24510 | +, | |
24511 | +/* SADB_X_GRPSA */ | |
24512 | +1<<SADB_EXT_RESERVED | |
24513 | +| 1<<SADB_EXT_SA | |
24514 | +| 1<<SADB_EXT_ADDRESS_DST | |
24515 | +/*| 1<<SADB_X_EXT_SATYPE2*/ | |
24516 | +/*| 1<<SADB_X_EXT_SA2*/ | |
24517 | +/*| 1<<SADB_X_EXT_ADDRESS_DST2*/ | |
24518 | +, | |
24519 | +/* SADB_X_ADDFLOW */ | |
24520 | +1<<SADB_EXT_RESERVED | |
24521 | +| 1<<SADB_EXT_SA | |
24522 | +| 1<<SADB_EXT_ADDRESS_DST | |
24523 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
24524 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
24525 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
24526 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
24527 | +, | |
24528 | +/* SADB_X_DELFLOW */ | |
24529 | +1<<SADB_EXT_RESERVED | |
24530 | +/*| 1<<SADB_EXT_SA*/ | |
24531 | +#if 0 /* SADB_X_CLREROUTE doesn't need all these... */ | |
24532 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
24533 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
24534 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
24535 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
24536 | +#endif | |
24537 | +, | |
24538 | +/* SADB_X_DEBUG */ | |
24539 | +1<<SADB_EXT_RESERVED | |
24540 | +| 1<<SADB_X_EXT_DEBUG | |
24541 | +} | |
24542 | + | |
24543 | +}, | |
24544 | + | |
24545 | +/* OUTBOUND EXTENSIONS */ | |
24546 | +{ | |
24547 | + | |
24548 | +/* PERMITTED OUT */ | |
24549 | +{ | |
24550 | +/* SADB_RESERVED */ | |
24551 | +0 | |
24552 | +, | |
24553 | +/* SADB_GETSPI */ | |
24554 | +1<<SADB_EXT_RESERVED | |
24555 | +| 1<<SADB_EXT_SA | |
24556 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24557 | +| 1<<SADB_EXT_ADDRESS_DST | |
24558 | +, | |
24559 | +/* SADB_UPDATE */ | |
24560 | +1<<SADB_EXT_RESERVED | |
24561 | +| 1<<SADB_EXT_SA | |
24562 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24563 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24564 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24565 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24566 | +| 1<<SADB_EXT_ADDRESS_DST | |
24567 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24568 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24569 | +| 1<<SADB_EXT_IDENTITY_DST | |
24570 | +| 1<<SADB_EXT_SENSITIVITY | |
24571 | +, | |
24572 | +/* SADB_ADD */ | |
24573 | +1<<SADB_EXT_RESERVED | |
24574 | +| 1<<SADB_EXT_SA | |
24575 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24576 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24577 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24578 | +| 1<<SADB_EXT_ADDRESS_DST | |
24579 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24580 | +| 1<<SADB_EXT_IDENTITY_DST | |
24581 | +| 1<<SADB_EXT_SENSITIVITY | |
24582 | +, | |
24583 | +/* SADB_DELETE */ | |
24584 | +1<<SADB_EXT_RESERVED | |
24585 | +| 1<<SADB_EXT_SA | |
24586 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24587 | +| 1<<SADB_EXT_ADDRESS_DST | |
24588 | +, | |
24589 | +/* SADB_GET */ | |
24590 | +1<<SADB_EXT_RESERVED | |
24591 | +| 1<<SADB_EXT_SA | |
24592 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24593 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24594 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24595 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24596 | +| 1<<SADB_EXT_ADDRESS_DST | |
24597 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24598 | +| 1<<SADB_EXT_KEY_AUTH | |
24599 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24600 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24601 | +| 1<<SADB_EXT_IDENTITY_DST | |
24602 | +| 1<<SADB_EXT_SENSITIVITY | |
24603 | +, | |
24604 | +/* SADB_ACQUIRE */ | |
24605 | +1<<SADB_EXT_RESERVED | |
24606 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24607 | +| 1<<SADB_EXT_ADDRESS_DST | |
24608 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24609 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24610 | +| 1<<SADB_EXT_IDENTITY_DST | |
24611 | +| 1<<SADB_EXT_SENSITIVITY | |
24612 | +| 1<<SADB_EXT_PROPOSAL | |
24613 | +, | |
24614 | +/* SADB_REGISTER */ | |
24615 | +1<<SADB_EXT_RESERVED | |
24616 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
24617 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
24618 | +, | |
24619 | +/* SADB_EXPIRE */ | |
24620 | +1<<SADB_EXT_RESERVED | |
24621 | +| 1<<SADB_EXT_SA | |
24622 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24623 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24624 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24625 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24626 | +| 1<<SADB_EXT_ADDRESS_DST | |
24627 | +, | |
24628 | +/* SADB_FLUSH */ | |
24629 | +1<<SADB_EXT_RESERVED | |
24630 | +, | |
24631 | +/* SADB_DUMP */ | |
24632 | +1<<SADB_EXT_RESERVED | |
24633 | +| 1<<SADB_EXT_SA | |
24634 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24635 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24636 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24637 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24638 | +| 1<<SADB_EXT_ADDRESS_DST | |
24639 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24640 | +| 1<<SADB_EXT_KEY_AUTH | |
24641 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24642 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24643 | +| 1<<SADB_EXT_IDENTITY_DST | |
24644 | +| 1<<SADB_EXT_SENSITIVITY | |
24645 | +, | |
24646 | +/* SADB_X_PROMISC */ | |
24647 | +1<<SADB_EXT_RESERVED | |
24648 | +| 1<<SADB_EXT_SA | |
24649 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24650 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24651 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24652 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24653 | +| 1<<SADB_EXT_ADDRESS_DST | |
24654 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24655 | +| 1<<SADB_EXT_KEY_AUTH | |
24656 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24657 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24658 | +| 1<<SADB_EXT_IDENTITY_DST | |
24659 | +| 1<<SADB_EXT_SENSITIVITY | |
24660 | +| 1<<SADB_EXT_PROPOSAL | |
24661 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
24662 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
24663 | +| 1<<SADB_EXT_SPIRANGE | |
24664 | +| 1<<SADB_X_EXT_KMPRIVATE | |
24665 | +| 1<<SADB_X_EXT_SATYPE2 | |
24666 | +| 1<<SADB_X_EXT_SA2 | |
24667 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24668 | +, | |
24669 | +/* SADB_X_PCHANGE */ | |
24670 | +1<<SADB_EXT_RESERVED | |
24671 | +| 1<<SADB_EXT_SA | |
24672 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24673 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24674 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24675 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24676 | +| 1<<SADB_EXT_ADDRESS_DST | |
24677 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24678 | +| 1<<SADB_EXT_KEY_AUTH | |
24679 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24680 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24681 | +| 1<<SADB_EXT_IDENTITY_DST | |
24682 | +| 1<<SADB_EXT_SENSITIVITY | |
24683 | +| 1<<SADB_EXT_PROPOSAL | |
24684 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
24685 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
24686 | +| 1<<SADB_EXT_SPIRANGE | |
24687 | +| 1<<SADB_X_EXT_KMPRIVATE | |
24688 | +| 1<<SADB_X_EXT_SATYPE2 | |
24689 | +| 1<<SADB_X_EXT_SA2 | |
24690 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24691 | +, | |
24692 | +/* SADB_X_GRPSA */ | |
24693 | +1<<SADB_EXT_RESERVED | |
24694 | +| 1<<SADB_EXT_SA | |
24695 | +| 1<<SADB_EXT_ADDRESS_DST | |
24696 | +| 1<<SADB_X_EXT_SATYPE2 | |
24697 | +| 1<<SADB_X_EXT_SA2 | |
24698 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24699 | +, | |
24700 | +/* SADB_X_ADDFLOW */ | |
24701 | +1<<SADB_EXT_RESERVED | |
24702 | +| 1<<SADB_EXT_SA | |
24703 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24704 | +| 1<<SADB_EXT_ADDRESS_DST | |
24705 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
24706 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
24707 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
24708 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
24709 | +, | |
24710 | +/* SADB_X_DELFLOW */ | |
24711 | +1<<SADB_EXT_RESERVED | |
24712 | +| 1<<SADB_EXT_SA | |
24713 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
24714 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
24715 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
24716 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
24717 | +, | |
24718 | +/* SADB_X_DEBUG */ | |
24719 | +1<<SADB_EXT_RESERVED | |
24720 | +| 1<<SADB_X_EXT_DEBUG | |
24721 | +}, | |
24722 | + | |
24723 | +/* REQUIRED OUT */ | |
24724 | +{ | |
24725 | +/* SADB_RESERVED */ | |
24726 | +0 | |
24727 | +, | |
24728 | +/* SADB_GETSPI */ | |
24729 | +1<<SADB_EXT_RESERVED | |
24730 | +| 1<<SADB_EXT_SA | |
24731 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24732 | +| 1<<SADB_EXT_ADDRESS_DST | |
24733 | +, | |
24734 | +/* SADB_UPDATE */ | |
24735 | +1<<SADB_EXT_RESERVED | |
24736 | +| 1<<SADB_EXT_SA | |
24737 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24738 | +| 1<<SADB_EXT_ADDRESS_DST | |
24739 | +, | |
24740 | +/* SADB_ADD */ | |
24741 | +1<<SADB_EXT_RESERVED | |
24742 | +| 1<<SADB_EXT_SA | |
24743 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24744 | +| 1<<SADB_EXT_ADDRESS_DST | |
24745 | +, | |
24746 | +/* SADB_DELETE */ | |
24747 | +1<<SADB_EXT_RESERVED | |
24748 | +| 1<<SADB_EXT_SA | |
24749 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24750 | +| 1<<SADB_EXT_ADDRESS_DST | |
24751 | +, | |
24752 | +/* SADB_GET */ | |
24753 | +1<<SADB_EXT_RESERVED | |
24754 | +| 1<<SADB_EXT_SA | |
24755 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24756 | +| 1<<SADB_EXT_ADDRESS_DST | |
24757 | +| 1<<SADB_EXT_KEY_AUTH | |
24758 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24759 | +, | |
24760 | +/* SADB_ACQUIRE */ | |
24761 | +1<<SADB_EXT_RESERVED | |
24762 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24763 | +| 1<<SADB_EXT_ADDRESS_DST | |
24764 | +| 1<<SADB_EXT_PROPOSAL | |
24765 | +, | |
24766 | +/* SADB_REGISTER */ | |
24767 | +1<<SADB_EXT_RESERVED | |
24768 | +/* | 1<<SADB_EXT_SUPPORTED_AUTH | |
24769 | + | 1<<SADB_EXT_SUPPORTED_ENCRYPT */ | |
24770 | +, | |
24771 | +/* SADB_EXPIRE */ | |
24772 | +1<<SADB_EXT_RESERVED | |
24773 | +| 1<<SADB_EXT_SA | |
24774 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24775 | +/* | 1<<SADB_EXT_LIFETIME_HARD | |
24776 | + | 1<<SADB_EXT_LIFETIME_SOFT */ | |
24777 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24778 | +| 1<<SADB_EXT_ADDRESS_DST | |
24779 | +, | |
24780 | +/* SADB_FLUSH */ | |
24781 | +1<<SADB_EXT_RESERVED | |
24782 | +, | |
24783 | +/* SADB_DUMP */ | |
24784 | +1<<SADB_EXT_RESERVED | |
24785 | +| 1<<SADB_EXT_SA | |
24786 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24787 | +| 1<<SADB_EXT_ADDRESS_DST | |
24788 | +| 1<<SADB_EXT_KEY_AUTH | |
24789 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24790 | +, | |
24791 | +/* SADB_X_PROMISC */ | |
24792 | +1<<SADB_EXT_RESERVED | |
24793 | +| 1<<SADB_EXT_SA | |
24794 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24795 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24796 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24797 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24798 | +| 1<<SADB_EXT_ADDRESS_DST | |
24799 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24800 | +| 1<<SADB_EXT_KEY_AUTH | |
24801 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24802 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24803 | +| 1<<SADB_EXT_IDENTITY_DST | |
24804 | +| 1<<SADB_EXT_SENSITIVITY | |
24805 | +| 1<<SADB_EXT_PROPOSAL | |
24806 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
24807 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
24808 | +| 1<<SADB_EXT_SPIRANGE | |
24809 | +| 1<<SADB_X_EXT_KMPRIVATE | |
24810 | +| 1<<SADB_X_EXT_SATYPE2 | |
24811 | +| 1<<SADB_X_EXT_SA2 | |
24812 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24813 | +, | |
24814 | +/* SADB_X_PCHANGE */ | |
24815 | +1<<SADB_EXT_RESERVED | |
24816 | +| 1<<SADB_EXT_SA | |
24817 | +| 1<<SADB_EXT_LIFETIME_CURRENT | |
24818 | +| 1<<SADB_EXT_LIFETIME_HARD | |
24819 | +| 1<<SADB_EXT_LIFETIME_SOFT | |
24820 | +| 1<<SADB_EXT_ADDRESS_SRC | |
24821 | +| 1<<SADB_EXT_ADDRESS_DST | |
24822 | +| 1<<SADB_EXT_ADDRESS_PROXY | |
24823 | +| 1<<SADB_EXT_KEY_AUTH | |
24824 | +| 1<<SADB_EXT_KEY_ENCRYPT | |
24825 | +| 1<<SADB_EXT_IDENTITY_SRC | |
24826 | +| 1<<SADB_EXT_IDENTITY_DST | |
24827 | +| 1<<SADB_EXT_SENSITIVITY | |
24828 | +| 1<<SADB_EXT_PROPOSAL | |
24829 | +| 1<<SADB_EXT_SUPPORTED_AUTH | |
24830 | +| 1<<SADB_EXT_SUPPORTED_ENCRYPT | |
24831 | +| 1<<SADB_EXT_SPIRANGE | |
24832 | +| 1<<SADB_X_EXT_KMPRIVATE | |
24833 | +| 1<<SADB_X_EXT_SATYPE2 | |
24834 | +| 1<<SADB_X_EXT_SA2 | |
24835 | +| 1<<SADB_X_EXT_ADDRESS_DST2 | |
24836 | +, | |
24837 | +/* SADB_X_GRPSA */ | |
24838 | +1<<SADB_EXT_RESERVED | |
24839 | +| 1<<SADB_EXT_SA | |
24840 | +| 1<<SADB_EXT_ADDRESS_DST | |
24841 | +, | |
24842 | +/* SADB_X_ADDFLOW */ | |
24843 | +1<<SADB_EXT_RESERVED | |
24844 | +| 1<<SADB_EXT_SA | |
24845 | +| 1<<SADB_EXT_ADDRESS_DST | |
24846 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
24847 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
24848 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
24849 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
24850 | +, | |
24851 | +/* SADB_X_DELFLOW */ | |
24852 | +1<<SADB_EXT_RESERVED | |
24853 | +/*| 1<<SADB_EXT_SA*/ | |
24854 | +| 1<<SADB_X_EXT_ADDRESS_SRC_FLOW | |
24855 | +| 1<<SADB_X_EXT_ADDRESS_DST_FLOW | |
24856 | +| 1<<SADB_X_EXT_ADDRESS_SRC_MASK | |
24857 | +| 1<<SADB_X_EXT_ADDRESS_DST_MASK | |
24858 | +, | |
24859 | +/* SADB_X_DEBUG */ | |
24860 | +1<<SADB_EXT_RESERVED | |
24861 | +| 1<<SADB_X_EXT_DEBUG | |
24862 | +} | |
24863 | +} | |
24864 | +}; | |
24865 | + | |
24866 | +/* | |
24867 | + * $Log$ | |
24868 | + * Revision 1.7 2000/09/12 22:35:37 rgb | |
24869 | + * Restructured to remove unused extensions from CLEARFLOW messages. | |
24870 | + * | |
24871 | + * Revision 1.6 2000/09/09 06:39:01 rgb | |
24872 | + * Added comments for clarity. | |
24873 | + * | |
24874 | + * Revision 1.5 2000/06/02 22:54:14 rgb | |
24875 | + * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support. | |
24876 | + * | |
24877 | + * Revision 1.4 2000/01/21 06:27:56 rgb | |
24878 | + * Added address cases for eroute flows. | |
24879 | + * Added comments for each message type. | |
24880 | + * Added klipsdebug switching capability. | |
24881 | + * Fixed GRPSA bitfields. | |
24882 | + * | |
24883 | + * Revision 1.3 1999/12/01 22:20:27 rgb | |
24884 | + * Remove requirement for a proxy address in an incoming getspi message. | |
24885 | + * | |
24886 | + * Revision 1.2 1999/11/27 11:57:06 rgb | |
24887 | + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. | |
24888 | + * Add CVS log entry to bottom of file. | |
24889 | + * Cleaned out unused bits. | |
24890 | + * | |
24891 | + */ | |
24892 | diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_parse.c linux/net/ipsec/libfreeswan/pfkey_v2_parse.c | |
24893 | --- linux-noipsec/net/ipsec/libfreeswan/pfkey_v2_parse.c Thu Jan 1 01:00:00 1970 | |
24894 | +++ linux/net/ipsec/libfreeswan/pfkey_v2_parse.c Fri Nov 17 19:10:30 2000 | |
24895 | @@ -0,0 +1,1428 @@ | |
24896 | +/* | |
24897 | + * RFC2367 PF_KEYv2 Key management API message parser | |
24898 | + * Copyright (C) 1999 Richard Guy Briggs. | |
24899 | + * | |
24900 | + * This program is free software; you can redistribute it and/or modify it | |
24901 | + * under the terms of the GNU General Public License as published by the | |
24902 | + * Free Software Foundation; either version 2 of the License, or (at your | |
24903 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
24904 | + * | |
24905 | + * This program is distributed in the hope that it will be useful, but | |
24906 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
24907 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
24908 | + * for more details. | |
24909 | + * | |
24910 | + * RCSID $Id$ | |
24911 | + */ | |
24912 | + | |
24913 | +/* | |
24914 | + * Template from klips/net/ipsec/ipsec/ipsec_parser.c. | |
24915 | + */ | |
24916 | + | |
24917 | +char pfkey_v2_parse_c_version[] = "$Id$"; | |
24918 | + | |
24919 | +/* | |
24920 | + * Some ugly stuff to allow consistent debugging code for use in the | |
24921 | + * kernel and in user space | |
24922 | +*/ | |
24923 | + | |
24924 | +#ifdef __KERNEL__ | |
24925 | + | |
24926 | +# include <linux/kernel.h> /* for printk */ | |
24927 | + | |
24928 | +# include <linux/malloc.h> /* kmalloc() */ | |
24929 | +# include <linux/errno.h> /* error codes */ | |
24930 | +# include <linux/types.h> /* size_t */ | |
24931 | +# include <linux/interrupt.h> /* mark_bh */ | |
24932 | + | |
24933 | +# include <linux/netdevice.h> /* struct device, and other headers */ | |
24934 | +# include <linux/etherdevice.h> /* eth_type_trans */ | |
24935 | +# include <linux/ip.h> /* struct iphdr */ | |
24936 | +# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
24937 | +# include <linux/ipv6.h> /* struct ipv6hdr */ | |
24938 | +# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ | |
24939 | +extern int debug_pfkey; | |
24940 | + | |
24941 | +#else /* __KERNEL__ */ | |
24942 | + | |
24943 | +# include <sys/types.h> | |
24944 | +# include <linux/types.h> | |
24945 | +# include <linux/errno.h> | |
24946 | + | |
24947 | +# include "../pluto/constants.h" | |
24948 | +# include "../pluto/defs.h" /* for PRINTF_LIKE */ | |
24949 | +# include "../pluto/log.h" /* for debugging and DBG_log */ | |
24950 | + | |
24951 | +extern unsigned int pfkey_lib_debug; /* bits selecting what to report */ | |
24952 | + | |
24953 | +/* #define PLUTO */ | |
24954 | + | |
24955 | +# ifdef PLUTO | |
24956 | +# define DEBUGGING(args...) { DBG_log("pfkey_lib_debug:" args); } | |
24957 | +# else | |
24958 | +# define DEBUGGING(args...) if(pfkey_lib_debug) { printf("pfkey_lib_debug:" args); } else { ; } | |
24959 | +# endif | |
24960 | + | |
24961 | +#endif /* __KERNEL__ */ | |
24962 | + | |
24963 | + | |
24964 | +#include <freeswan.h> | |
24965 | +#include <pfkeyv2.h> | |
24966 | +#include <pfkey.h> | |
24967 | + | |
24968 | +#ifdef __KERNEL__ | |
24969 | +# include "../radij.h" /* rd_nodes */ | |
24970 | +# include "../ipsec_encap.h" /* sockaddr_encap */ | |
24971 | +# include "../ipsec_netlink.h" /* KLIPS_PRINT */ | |
24972 | +# define DEBUGGING(args...) \ | |
24973 | + KLIPS_PRINT(debug_pfkey, "klips_debug:" args) | |
24974 | +/* ((debug_pfkey) ? printk(KERN_INFO "klips_debug:" format , ## args) : 0) */ | |
24975 | +#endif /* __KERNEL__ */ | |
24976 | + | |
24977 | + | |
24978 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
24979 | + | |
24980 | +struct satype_tbl { | |
24981 | + uint8_t proto; | |
24982 | + uint8_t satype; | |
24983 | + char* name; | |
24984 | +} static satype_tbl[] = { | |
24985 | +#ifdef __KERNEL__ | |
24986 | + { IPPROTO_ESP, SADB_SATYPE_ESP, "ESP" }, | |
24987 | + { IPPROTO_AH, SADB_SATYPE_AH, "AH" }, | |
24988 | + { IPPROTO_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, | |
24989 | +#ifdef CONFIG_IPSEC_IPCOMP | |
24990 | + { IPPROTO_COMP, SADB_X_SATYPE_COMP, "COMP" }, | |
24991 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
24992 | +#else /* __KERNEL__ */ | |
24993 | + { SA_ESP, SADB_SATYPE_ESP, "ESP" }, | |
24994 | + { SA_AH, SADB_SATYPE_AH, "AH" }, | |
24995 | + { SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, | |
24996 | + { SA_COMP, SADB_X_SATYPE_COMP, "COMP" }, | |
24997 | +#endif /* __KERNEL__ */ | |
24998 | + { 0, 0 } | |
24999 | +}; | |
25000 | + | |
25001 | +uint8_t satype2proto(uint8_t satype) { | |
25002 | + int i =0; | |
25003 | + | |
25004 | + while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) { | |
25005 | + i++; | |
25006 | + } | |
25007 | + return satype_tbl[i].proto; | |
25008 | +} | |
25009 | + | |
25010 | +uint8_t proto2satype(uint8_t proto) { | |
25011 | + int i = 0; | |
25012 | + | |
25013 | + while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { | |
25014 | + i++; | |
25015 | + } | |
25016 | + return satype_tbl[i].satype; | |
25017 | +} | |
25018 | + | |
25019 | +char* proto2name(uint8_t proto) { | |
25020 | + int i = 0; | |
25021 | + | |
25022 | + while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { | |
25023 | + i++; | |
25024 | + } | |
25025 | + return satype_tbl[i].name; | |
25026 | +} | |
25027 | + | |
25028 | +uint8_t sadb_satype2proto[] = { | |
25029 | +#ifdef __KERNEL__ | |
25030 | + 0, | |
25031 | + 0, | |
25032 | + IPPROTO_AH, | |
25033 | + IPPROTO_ESP, | |
25034 | + 0, | |
25035 | + 0, | |
25036 | + 0, | |
25037 | + 0, | |
25038 | + 0, | |
25039 | + IPPROTO_IPIP, | |
25040 | + IPPROTO_COMP | |
25041 | +#else /* __KERNEL__ */ | |
25042 | + 0, | |
25043 | + 0, | |
25044 | + SA_AH, | |
25045 | + SA_ESP, | |
25046 | + 0, | |
25047 | + 0, | |
25048 | + 0, | |
25049 | + 0, | |
25050 | + 0, | |
25051 | + SA_IPIP, | |
25052 | + SA_COMP | |
25053 | +#endif /* __KERNEL__ */ | |
25054 | +}; | |
25055 | + | |
25056 | +/* Default extension parsers taken from the KLIPS code */ | |
25057 | + | |
25058 | +DEBUG_NO_STATIC int | |
25059 | +pfkey_sa_parse(struct sadb_ext *pfkey_ext) | |
25060 | +{ | |
25061 | + int error = 0; | |
25062 | + struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext; | |
25063 | + | |
25064 | + DEBUGGING( | |
25065 | + "pfkey_sa_parse:\n"); | |
25066 | + /* sanity checks... */ | |
25067 | + if(!pfkey_sa) { | |
25068 | + DEBUGGING( | |
25069 | + "pfkey_sa_parse: NULL pointer passed in.\n"); | |
25070 | + SENDERR(EINVAL); | |
25071 | + } | |
25072 | + | |
25073 | + if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) { | |
25074 | + DEBUGGING( | |
25075 | + "pfkey_sa_parse: length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n", | |
25076 | + pfkey_sa->sadb_sa_len, | |
25077 | + sizeof(struct sadb_sa)); | |
25078 | + SENDERR(EINVAL); | |
25079 | + } | |
25080 | + | |
25081 | + if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) { | |
25082 | + DEBUGGING( | |
25083 | + "pfkey_sa_parse: pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n", | |
25084 | + pfkey_sa->sadb_sa_encrypt, | |
25085 | + SADB_EALG_MAX); | |
25086 | + SENDERR(EINVAL); | |
25087 | + } | |
25088 | + | |
25089 | + if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) { | |
25090 | + DEBUGGING( | |
25091 | + "pfkey_sa_parse: pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n", | |
25092 | + pfkey_sa->sadb_sa_auth, | |
25093 | + SADB_AALG_MAX); | |
25094 | + SENDERR(EINVAL); | |
25095 | + } | |
25096 | + | |
25097 | + if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) { | |
25098 | + DEBUGGING( | |
25099 | + "pfkey_sa_parse: state=%d exceeds MAX=%d.\n", | |
25100 | + pfkey_sa->sadb_sa_state, | |
25101 | + SADB_SASTATE_MAX); | |
25102 | + SENDERR(EINVAL); | |
25103 | + } | |
25104 | + | |
25105 | + if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) { | |
25106 | + DEBUGGING( | |
25107 | + "pfkey_sa_parse: state=%d is DEAD=%d.\n", | |
25108 | + pfkey_sa->sadb_sa_state, | |
25109 | + SADB_SASTATE_DEAD); | |
25110 | + SENDERR(EINVAL); | |
25111 | + } | |
25112 | + | |
25113 | + if(pfkey_sa->sadb_sa_replay > 64) { | |
25114 | + DEBUGGING( | |
25115 | + "pfkey_sa_parse: replay window size: %d" | |
25116 | + " -- must be 0 <= size <= 64\n", | |
25117 | + pfkey_sa->sadb_sa_replay); | |
25118 | + SENDERR(EINVAL); | |
25119 | + } | |
25120 | + | |
25121 | + if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) || | |
25122 | + (pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2))) | |
25123 | + { | |
25124 | + DEBUGGING( | |
25125 | + "pfkey_sa_parse: unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n", | |
25126 | + pfkey_sa->sadb_sa_exttype, | |
25127 | + SADB_EXT_SA, | |
25128 | + SADB_X_EXT_SA2); | |
25129 | + SENDERR(EINVAL); | |
25130 | + } | |
25131 | + DEBUGGING( | |
25132 | + "pfkey_sa_parse: successfully found len=%d exttype=%d spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d.\n", | |
25133 | + pfkey_sa->sadb_sa_len, | |
25134 | + pfkey_sa->sadb_sa_exttype, | |
25135 | + (long unsigned int)ntohl(pfkey_sa->sadb_sa_spi), | |
25136 | + pfkey_sa->sadb_sa_replay, | |
25137 | + pfkey_sa->sadb_sa_state, | |
25138 | + pfkey_sa->sadb_sa_auth, | |
25139 | + pfkey_sa->sadb_sa_encrypt, | |
25140 | + pfkey_sa->sadb_sa_flags); | |
25141 | + | |
25142 | + errlab: | |
25143 | + return error; | |
25144 | +} | |
25145 | + | |
25146 | +DEBUG_NO_STATIC int | |
25147 | +pfkey_lifetime_parse(struct sadb_ext *pfkey_ext) | |
25148 | +{ | |
25149 | + int error = 0; | |
25150 | + struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext; | |
25151 | + | |
25152 | + DEBUGGING( | |
25153 | + "pfkey_lifetime_parse:\n"); | |
25154 | + /* sanity checks... */ | |
25155 | + if(!pfkey_lifetime) { | |
25156 | + DEBUGGING( | |
25157 | + "pfkey_lifetime_parse: NULL pointer passed in.\n"); | |
25158 | + SENDERR(EINVAL); | |
25159 | + } | |
25160 | + | |
25161 | + if(pfkey_lifetime->sadb_lifetime_len != | |
25162 | + sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) { | |
25163 | + DEBUGGING( | |
25164 | + "pfkey_lifetime_parse: length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n", | |
25165 | + pfkey_lifetime->sadb_lifetime_len, | |
25166 | + sizeof(struct sadb_lifetime)); | |
25167 | + SENDERR(EINVAL); | |
25168 | + } | |
25169 | + | |
25170 | + if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) && | |
25171 | + (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) && | |
25172 | + (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) { | |
25173 | + DEBUGGING( | |
25174 | + "pfkey_lifetime_parse: unexpected ext_type=%d.\n", | |
25175 | + pfkey_lifetime->sadb_lifetime_exttype); | |
25176 | + SENDERR(EINVAL); | |
25177 | + } | |
25178 | + | |
25179 | +errlab: | |
25180 | + return error; | |
25181 | +} | |
25182 | + | |
25183 | +DEBUG_NO_STATIC int | |
25184 | +pfkey_address_parse(struct sadb_ext *pfkey_ext) | |
25185 | +{ | |
25186 | + int error = 0; | |
25187 | + int saddr_len = 0; | |
25188 | + struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext; | |
25189 | + struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address)); | |
25190 | + char ipaddr_txt[ADDRTOT_BUF]; | |
25191 | + | |
25192 | + DEBUGGING( | |
25193 | + "pfkey_address_parse:\n"); | |
25194 | + /* sanity checks... */ | |
25195 | + if(!pfkey_address) { | |
25196 | + DEBUGGING( | |
25197 | + "pfkey_address_parse: NULL pointer passed in.\n"); | |
25198 | + SENDERR(EINVAL); | |
25199 | + } | |
25200 | + | |
25201 | + if(pfkey_address->sadb_address_len < | |
25202 | + (sizeof(struct sadb_address) + sizeof(struct sockaddr))/ | |
25203 | + IPSEC_PFKEYv2_ALIGN) { | |
25204 | + DEBUGGING( | |
25205 | + "pfkey_address_parse: size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", | |
25206 | + pfkey_address->sadb_address_len, | |
25207 | + sizeof(struct sadb_address), | |
25208 | + sizeof(struct sockaddr)); | |
25209 | + SENDERR(EINVAL); | |
25210 | + } | |
25211 | + | |
25212 | + if(pfkey_address->sadb_address_reserved) { | |
25213 | + DEBUGGING( | |
25214 | + "pfkey_address_parse: res=%d, must be zero.\n", | |
25215 | + pfkey_address->sadb_address_reserved); | |
25216 | + SENDERR(EINVAL); | |
25217 | + } | |
25218 | + | |
25219 | + switch(pfkey_address->sadb_address_exttype) { | |
25220 | + case SADB_EXT_ADDRESS_SRC: | |
25221 | + case SADB_EXT_ADDRESS_DST: | |
25222 | + case SADB_EXT_ADDRESS_PROXY: | |
25223 | + case SADB_X_EXT_ADDRESS_DST2: | |
25224 | + case SADB_X_EXT_ADDRESS_SRC_FLOW: | |
25225 | + case SADB_X_EXT_ADDRESS_DST_FLOW: | |
25226 | + case SADB_X_EXT_ADDRESS_SRC_MASK: | |
25227 | + case SADB_X_EXT_ADDRESS_DST_MASK: | |
25228 | + break; | |
25229 | + default: | |
25230 | + DEBUGGING( | |
25231 | + "pfkey_address_parse: unexpected ext_type=%d.\n", | |
25232 | + pfkey_address->sadb_address_exttype); | |
25233 | + SENDERR(EINVAL); | |
25234 | + } | |
25235 | + | |
25236 | + switch(s->sa_family) { | |
25237 | + case AF_INET: | |
25238 | + DEBUGGING( | |
25239 | + "pfkey_address_parse: found address family=%d, AF_INET.\n", | |
25240 | + s->sa_family); | |
25241 | + saddr_len = sizeof(struct sockaddr_in); | |
25242 | + sprintf(ipaddr_txt, "%d.%d.%d.%d" | |
25243 | + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 0) & 0xFF | |
25244 | + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 8) & 0xFF | |
25245 | + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF | |
25246 | + , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF); | |
25247 | + DEBUGGING( | |
25248 | + "pfkey_address_parse: found address=%s.\n", | |
25249 | + ipaddr_txt); | |
25250 | + break; | |
25251 | + case AF_INET6: | |
25252 | + DEBUGGING( | |
25253 | + "pfkey_address_parse: found address family=%d, AF_INET6.\n", | |
25254 | + s->sa_family); | |
25255 | + saddr_len = sizeof(struct sockaddr_in6); | |
25256 | + sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x" | |
25257 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[0]) | |
25258 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[1]) | |
25259 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[2]) | |
25260 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[3]) | |
25261 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[4]) | |
25262 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[5]) | |
25263 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[6]) | |
25264 | + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[7])); | |
25265 | + DEBUGGING( | |
25266 | + "pfkey_address_parse: found address=%s.\n", | |
25267 | + ipaddr_txt); | |
25268 | + break; | |
25269 | + default: | |
25270 | + DEBUGGING( | |
25271 | + "pfkey_address_parse: s->sa_family=%d not supported.\n", | |
25272 | + s->sa_family); | |
25273 | + SENDERR(EPFNOSUPPORT); | |
25274 | + } | |
25275 | + | |
25276 | + if(pfkey_address->sadb_address_len != | |
25277 | + DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) { | |
25278 | + DEBUGGING( | |
25279 | + "pfkey_address_parse: size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", | |
25280 | + pfkey_address->sadb_address_len, | |
25281 | + sizeof(struct sadb_address), | |
25282 | + saddr_len); | |
25283 | + SENDERR(EINVAL); | |
25284 | + } | |
25285 | + | |
25286 | + if(pfkey_address->sadb_address_prefixlen != 0) { | |
25287 | + DEBUGGING( | |
25288 | + "pfkey_address_parse: address prefixes not supported yet.\n"); | |
25289 | + SENDERR(EAFNOSUPPORT); /* not supported yet */ | |
25290 | + } | |
25291 | + | |
25292 | + /* XXX check if port!=0 */ | |
25293 | + | |
25294 | + DEBUGGING( | |
25295 | + "pfkey_address_parse: successful.\n"); | |
25296 | + errlab: | |
25297 | + return error; | |
25298 | +} | |
25299 | + | |
25300 | +DEBUG_NO_STATIC int | |
25301 | +pfkey_key_parse(struct sadb_ext *pfkey_ext) | |
25302 | +{ | |
25303 | + int error = 0; | |
25304 | + struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext; | |
25305 | + | |
25306 | + DEBUGGING( | |
25307 | + "pfkey_key_parse:\n"); | |
25308 | + /* sanity checks... */ | |
25309 | + | |
25310 | + if(!pfkey_key) { | |
25311 | + DEBUGGING( | |
25312 | + "pfkey_key_parse: NULL pointer passed in.\n"); | |
25313 | + SENDERR(EINVAL); | |
25314 | + } | |
25315 | + | |
25316 | + if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) { | |
25317 | + DEBUGGING( | |
25318 | + "pfkey_key_parse: size wrong ext_len=%d, key_ext_len=%d.\n", | |
25319 | + pfkey_key->sadb_key_len, | |
25320 | + sizeof(struct sadb_key)); | |
25321 | + SENDERR(EINVAL); | |
25322 | + } | |
25323 | + | |
25324 | + if(!pfkey_key->sadb_key_bits) { | |
25325 | + DEBUGGING( | |
25326 | + "pfkey_key_parse: key length set to zero, must be non-zero.\n"); | |
25327 | + SENDERR(EINVAL); | |
25328 | + } | |
25329 | + | |
25330 | + if(pfkey_key->sadb_key_len != | |
25331 | + DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits, | |
25332 | + PFKEYBITS)) { | |
25333 | + DEBUGGING( | |
25334 | + "pfkey_key_parse: key length=%d does not agree with extension length=%d.\n", | |
25335 | + pfkey_key->sadb_key_bits, | |
25336 | + pfkey_key->sadb_key_len); | |
25337 | + SENDERR(EINVAL); | |
25338 | + } | |
25339 | + | |
25340 | + if(pfkey_key->sadb_key_reserved) { | |
25341 | + DEBUGGING( | |
25342 | + "pfkey_key_parse: res=%d, must be zero.\n", | |
25343 | + pfkey_key->sadb_key_reserved); | |
25344 | + SENDERR(EINVAL); | |
25345 | + } | |
25346 | + | |
25347 | + if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) || | |
25348 | + (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) { | |
25349 | + DEBUGGING( | |
25350 | + "pfkey_key_parse: expecting extension type AUTH or ENCRYPT, got %d.\n", | |
25351 | + pfkey_key->sadb_key_exttype); | |
25352 | + SENDERR(EINVAL); | |
25353 | + } | |
25354 | + | |
25355 | + DEBUGGING( | |
25356 | + "pfkey_key_parse: success, found len=%d exttype=%d bits=%d reserved=%d.\n", | |
25357 | + pfkey_key->sadb_key_len, | |
25358 | + pfkey_key->sadb_key_exttype, | |
25359 | + pfkey_key->sadb_key_bits, | |
25360 | + pfkey_key->sadb_key_reserved); | |
25361 | + | |
25362 | +errlab: | |
25363 | + return error; | |
25364 | +} | |
25365 | + | |
25366 | +DEBUG_NO_STATIC int | |
25367 | +pfkey_ident_parse(struct sadb_ext *pfkey_ext) | |
25368 | +{ | |
25369 | + int error = 0; | |
25370 | + struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext; | |
25371 | + | |
25372 | + /* sanity checks... */ | |
25373 | + if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { | |
25374 | + DEBUGGING( | |
25375 | + "pfkey_ident_parse: size wrong ext_len=%d, key_ext_len=%d.\n", | |
25376 | + pfkey_ident->sadb_ident_len, | |
25377 | + sizeof(struct sadb_ident)); | |
25378 | + SENDERR(EINVAL); | |
25379 | + } | |
25380 | + | |
25381 | + if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) { | |
25382 | + DEBUGGING( | |
25383 | + "pfkey_ident_parse: ident_type=%d out of range, must be less than %d.\n", | |
25384 | + pfkey_ident->sadb_ident_type, | |
25385 | + SADB_IDENTTYPE_MAX); | |
25386 | + SENDERR(EINVAL); | |
25387 | + } | |
25388 | + | |
25389 | + if(pfkey_ident->sadb_ident_reserved) { | |
25390 | + DEBUGGING( | |
25391 | + "pfkey_ident_parse: res=%d, must be zero.\n", | |
25392 | + pfkey_ident->sadb_ident_reserved); | |
25393 | + SENDERR(EINVAL); | |
25394 | + } | |
25395 | + | |
25396 | + /* string terminator/padding must be zero */ | |
25397 | + if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { | |
25398 | + if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) { | |
25399 | + DEBUGGING( | |
25400 | + "pfkey_ident_parse: string padding must be zero, last is 0x%02x.\n", | |
25401 | + *((char*)pfkey_ident + | |
25402 | + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)); | |
25403 | + SENDERR(EINVAL); | |
25404 | + } | |
25405 | + } | |
25406 | + | |
25407 | + if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) || | |
25408 | + (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) { | |
25409 | + DEBUGGING( | |
25410 | + "pfkey_key_parse: expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n", | |
25411 | + pfkey_ident->sadb_ident_exttype); | |
25412 | + SENDERR(EINVAL); | |
25413 | + } | |
25414 | + | |
25415 | +errlab: | |
25416 | + return error; | |
25417 | +} | |
25418 | + | |
25419 | +DEBUG_NO_STATIC int | |
25420 | +pfkey_sens_parse(struct sadb_ext *pfkey_ext) | |
25421 | +{ | |
25422 | + int error = 0; | |
25423 | + struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext; | |
25424 | + | |
25425 | + /* sanity checks... */ | |
25426 | + if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) { | |
25427 | + DEBUGGING( | |
25428 | + "pfkey_sens_parse: size wrong ext_len=%d, key_ext_len=%d.\n", | |
25429 | + pfkey_sens->sadb_sens_len, | |
25430 | + sizeof(struct sadb_sens)); | |
25431 | + SENDERR(EINVAL); | |
25432 | + } | |
25433 | + | |
25434 | + DEBUGGING( | |
25435 | + "pfkey_sens_parse: Sorry, I can't parse exttype=%d yet.\n", | |
25436 | + pfkey_ext->sadb_ext_type); | |
25437 | +#if 0 | |
25438 | + SENDERR(EINVAL); /* don't process these yet */ | |
25439 | +#endif | |
25440 | + | |
25441 | +errlab: | |
25442 | + return error; | |
25443 | +} | |
25444 | + | |
25445 | +DEBUG_NO_STATIC int | |
25446 | +pfkey_prop_parse(struct sadb_ext *pfkey_ext) | |
25447 | +{ | |
25448 | + int error = 0; | |
25449 | + int i, num_comb; | |
25450 | + struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext; | |
25451 | + struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop)); | |
25452 | + | |
25453 | + /* sanity checks... */ | |
25454 | + if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) || | |
25455 | + (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) { | |
25456 | + DEBUGGING( | |
25457 | + "pfkey_prop_parse: size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n", | |
25458 | + pfkey_prop->sadb_prop_len, | |
25459 | + sizeof(struct sadb_prop), | |
25460 | + sizeof(struct sadb_comb)); | |
25461 | + SENDERR(EINVAL); | |
25462 | + } | |
25463 | + | |
25464 | + if(pfkey_prop->sadb_prop_replay > 64) { | |
25465 | + DEBUGGING( | |
25466 | + "pfkey_prop_parse: replay window size: %d" | |
25467 | + " -- must be 0 <= size <= 64\n", | |
25468 | + pfkey_prop->sadb_prop_replay); | |
25469 | + SENDERR(EINVAL); | |
25470 | + } | |
25471 | + | |
25472 | + for(i=0; i<3; i++) { | |
25473 | + if(pfkey_prop->sadb_prop_reserved[i]) { | |
25474 | + DEBUGGING( | |
25475 | + "pfkey_prop_parse: res[%d]=%d, must be zero.\n", | |
25476 | + i, pfkey_prop->sadb_prop_reserved[i]); | |
25477 | + SENDERR(EINVAL); | |
25478 | + } | |
25479 | + } | |
25480 | + | |
25481 | + num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb); | |
25482 | + | |
25483 | + for(i = 0; i < num_comb; i++) { | |
25484 | + if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) { | |
25485 | + DEBUGGING( | |
25486 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n", | |
25487 | + i, | |
25488 | + pfkey_comb->sadb_comb_auth, | |
25489 | + SADB_AALG_MAX); | |
25490 | + SENDERR(EINVAL); | |
25491 | + } | |
25492 | + | |
25493 | + if(pfkey_comb->sadb_comb_auth) { | |
25494 | + if(!pfkey_comb->sadb_comb_auth_minbits) { | |
25495 | + DEBUGGING( | |
25496 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n", | |
25497 | + i); | |
25498 | + SENDERR(EINVAL); | |
25499 | + } | |
25500 | + if(!pfkey_comb->sadb_comb_auth_maxbits) { | |
25501 | + DEBUGGING( | |
25502 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n", | |
25503 | + i); | |
25504 | + SENDERR(EINVAL); | |
25505 | + } | |
25506 | + if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) { | |
25507 | + DEBUGGING( | |
25508 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n", | |
25509 | + i, | |
25510 | + pfkey_comb->sadb_comb_auth_minbits, | |
25511 | + pfkey_comb->sadb_comb_auth_maxbits); | |
25512 | + SENDERR(EINVAL); | |
25513 | + } | |
25514 | + } else { | |
25515 | + if(pfkey_comb->sadb_comb_auth_minbits) { | |
25516 | + DEBUGGING( | |
25517 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n", | |
25518 | + i, | |
25519 | + pfkey_comb->sadb_comb_auth_minbits); | |
25520 | + SENDERR(EINVAL); | |
25521 | + } | |
25522 | + if(pfkey_comb->sadb_comb_auth_maxbits) { | |
25523 | + DEBUGGING( | |
25524 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n", | |
25525 | + i, | |
25526 | + pfkey_comb->sadb_comb_auth_maxbits); | |
25527 | + SENDERR(EINVAL); | |
25528 | + } | |
25529 | + } | |
25530 | + | |
25531 | + if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) { | |
25532 | + DEBUGGING( | |
25533 | + "pfkey_comb_parse: pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n", | |
25534 | + i, | |
25535 | + pfkey_comb->sadb_comb_encrypt, | |
25536 | + SADB_EALG_MAX); | |
25537 | + SENDERR(EINVAL); | |
25538 | + } | |
25539 | + | |
25540 | + if(pfkey_comb->sadb_comb_encrypt) { | |
25541 | + if(!pfkey_comb->sadb_comb_encrypt_minbits) { | |
25542 | + DEBUGGING( | |
25543 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n", | |
25544 | + i); | |
25545 | + SENDERR(EINVAL); | |
25546 | + } | |
25547 | + if(!pfkey_comb->sadb_comb_encrypt_maxbits) { | |
25548 | + DEBUGGING( | |
25549 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n", | |
25550 | + i); | |
25551 | + SENDERR(EINVAL); | |
25552 | + } | |
25553 | + if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) { | |
25554 | + DEBUGGING( | |
25555 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n", | |
25556 | + i, | |
25557 | + pfkey_comb->sadb_comb_encrypt_minbits, | |
25558 | + pfkey_comb->sadb_comb_encrypt_maxbits); | |
25559 | + SENDERR(EINVAL); | |
25560 | + } | |
25561 | + } else { | |
25562 | + if(pfkey_comb->sadb_comb_encrypt_minbits) { | |
25563 | + DEBUGGING( | |
25564 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n", | |
25565 | + i, | |
25566 | + pfkey_comb->sadb_comb_encrypt_minbits); | |
25567 | + SENDERR(EINVAL); | |
25568 | + } | |
25569 | + if(pfkey_comb->sadb_comb_encrypt_maxbits) { | |
25570 | + DEBUGGING( | |
25571 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n", | |
25572 | + i, | |
25573 | + pfkey_comb->sadb_comb_encrypt_maxbits); | |
25574 | + SENDERR(EINVAL); | |
25575 | + } | |
25576 | + } | |
25577 | + | |
25578 | + /* XXX do sanity check on flags */ | |
25579 | + | |
25580 | + if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) { | |
25581 | + DEBUGGING( | |
25582 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n", | |
25583 | + i, | |
25584 | + pfkey_comb->sadb_comb_soft_allocations, | |
25585 | + pfkey_comb->sadb_comb_hard_allocations); | |
25586 | + SENDERR(EINVAL); | |
25587 | + } | |
25588 | + | |
25589 | + if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) { | |
25590 | + DEBUGGING( | |
25591 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n", | |
25592 | + i, | |
25593 | + pfkey_comb->sadb_comb_soft_bytes, | |
25594 | + pfkey_comb->sadb_comb_hard_bytes); | |
25595 | + SENDERR(EINVAL); | |
25596 | + } | |
25597 | + | |
25598 | + if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) { | |
25599 | + DEBUGGING( | |
25600 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n", | |
25601 | + i, | |
25602 | + pfkey_comb->sadb_comb_soft_addtime, | |
25603 | + pfkey_comb->sadb_comb_hard_addtime); | |
25604 | + SENDERR(EINVAL); | |
25605 | + } | |
25606 | + | |
25607 | + if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) { | |
25608 | + DEBUGGING( | |
25609 | + "pfkey_prop_parse: pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n", | |
25610 | + i, | |
25611 | + pfkey_comb->sadb_comb_soft_usetime, | |
25612 | + pfkey_comb->sadb_comb_hard_usetime); | |
25613 | + SENDERR(EINVAL); | |
25614 | + } | |
25615 | + | |
25616 | + if(pfkey_comb->sadb_comb_reserved) { | |
25617 | + DEBUGGING( | |
25618 | + "pfkey_prop_parse: comb[%d].res=%d, must be zero.\n", | |
25619 | + i, | |
25620 | + pfkey_comb->sadb_comb_reserved); | |
25621 | + SENDERR(EINVAL); | |
25622 | + } | |
25623 | + pfkey_comb++; | |
25624 | + } | |
25625 | + | |
25626 | +errlab: | |
25627 | + return error; | |
25628 | +} | |
25629 | + | |
25630 | +DEBUG_NO_STATIC int | |
25631 | +pfkey_supported_parse(struct sadb_ext *pfkey_ext) | |
25632 | +{ | |
25633 | + int error = 0; | |
25634 | + unsigned int i, num_alg; | |
25635 | + struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext; | |
25636 | + struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported)); | |
25637 | + | |
25638 | + /* sanity checks... */ | |
25639 | + if((pfkey_supported->sadb_supported_len < | |
25640 | + sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) || | |
25641 | + (((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - | |
25642 | + sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) { | |
25643 | + | |
25644 | + DEBUGGING( | |
25645 | + "pfkey_supported_parse: size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n", | |
25646 | + pfkey_supported->sadb_supported_len, | |
25647 | + sizeof(struct sadb_supported), | |
25648 | + sizeof(struct sadb_alg)); | |
25649 | + SENDERR(EINVAL); | |
25650 | + } | |
25651 | + | |
25652 | + if(pfkey_supported->sadb_supported_reserved) { | |
25653 | + DEBUGGING( | |
25654 | + "pfkey_supported_parse: res=%d, must be zero.\n", | |
25655 | + pfkey_supported->sadb_supported_reserved); | |
25656 | + SENDERR(EINVAL); | |
25657 | + } | |
25658 | + | |
25659 | + num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg); | |
25660 | + | |
25661 | + for(i = 0; i < num_alg; i++) { | |
25662 | + /* process algo description */ | |
25663 | + if(pfkey_alg->sadb_alg_reserved) { | |
25664 | + DEBUGGING( | |
25665 | + "pfkey_supported_parse: alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n", | |
25666 | + i, | |
25667 | + pfkey_alg->sadb_alg_id, | |
25668 | + pfkey_alg->sadb_alg_ivlen, | |
25669 | + pfkey_alg->sadb_alg_minbits, | |
25670 | + pfkey_alg->sadb_alg_maxbits, | |
25671 | + pfkey_alg->sadb_alg_reserved); | |
25672 | + SENDERR(EINVAL); | |
25673 | + } | |
25674 | + | |
25675 | + /* XXX can alg_id auth/enc be determined from info given? | |
25676 | + Yes, but OpenBSD's method does not iteroperate with rfc2367. | |
25677 | + rgb, 2000-04-06 */ | |
25678 | + | |
25679 | + switch(pfkey_supported->sadb_supported_exttype) { | |
25680 | + case SADB_EXT_SUPPORTED_AUTH: | |
25681 | + if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) { | |
25682 | + DEBUGGING( | |
25683 | + "pfkey_supported_parse: alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n", | |
25684 | + i, | |
25685 | + pfkey_alg->sadb_alg_id, | |
25686 | + SADB_AALG_MAX); | |
25687 | + SENDERR(EINVAL); | |
25688 | + } | |
25689 | + break; | |
25690 | + case SADB_EXT_SUPPORTED_ENCRYPT: | |
25691 | + if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) { | |
25692 | + DEBUGGING( | |
25693 | + "pfkey_supported_parse: alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", | |
25694 | + i, | |
25695 | + pfkey_alg->sadb_alg_id, | |
25696 | + SADB_EALG_MAX); | |
25697 | + SENDERR(EINVAL); | |
25698 | + } | |
25699 | + break; | |
25700 | + default: | |
25701 | + DEBUGGING( | |
25702 | + "pfkey_supported_parse: alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", | |
25703 | + i, | |
25704 | + pfkey_alg->sadb_alg_id, | |
25705 | + SADB_EALG_MAX); | |
25706 | + SENDERR(EINVAL); | |
25707 | + } | |
25708 | + pfkey_alg++; | |
25709 | + } | |
25710 | + | |
25711 | + errlab: | |
25712 | + return error; | |
25713 | +} | |
25714 | + | |
25715 | +DEBUG_NO_STATIC int | |
25716 | +pfkey_spirange_parse(struct sadb_ext *pfkey_ext) | |
25717 | +{ | |
25718 | + int error = 0; | |
25719 | + struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext; | |
25720 | + | |
25721 | + /* sanity checks... */ | |
25722 | + if(pfkey_spirange->sadb_spirange_len != | |
25723 | + sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) { | |
25724 | + DEBUGGING( | |
25725 | + "pfkey_spirange_parse: size wrong ext_len=%d, key_ext_len=%d.\n", | |
25726 | + pfkey_spirange->sadb_spirange_len, | |
25727 | + sizeof(struct sadb_spirange)); | |
25728 | + SENDERR(EINVAL); | |
25729 | + } | |
25730 | + | |
25731 | + if(pfkey_spirange->sadb_spirange_reserved) { | |
25732 | + DEBUGGING( | |
25733 | + " pfkey_spirange_parse: reserved=%d must be set to zero.\n", | |
25734 | + pfkey_spirange->sadb_spirange_reserved); | |
25735 | + SENDERR(EINVAL); | |
25736 | + } | |
25737 | + | |
25738 | + if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) { | |
25739 | + DEBUGGING( | |
25740 | + " pfkey_spirange_parse: minspi=%08x must be < maxspi=%08x.\n", | |
25741 | + ntohl(pfkey_spirange->sadb_spirange_min), | |
25742 | + ntohl(pfkey_spirange->sadb_spirange_max)); | |
25743 | + SENDERR(EINVAL); | |
25744 | + } | |
25745 | + | |
25746 | + if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) { | |
25747 | + DEBUGGING( | |
25748 | + " pfkey_spirange_parse: minspi=%08x must be > 255.\n", | |
25749 | + ntohl(pfkey_spirange->sadb_spirange_min)); | |
25750 | + SENDERR(EEXIST); | |
25751 | + } | |
25752 | + | |
25753 | + errlab: | |
25754 | + return error; | |
25755 | +} | |
25756 | + | |
25757 | +DEBUG_NO_STATIC int | |
25758 | +pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext) | |
25759 | +{ | |
25760 | + int error = 0; | |
25761 | + struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext; | |
25762 | + | |
25763 | + /* sanity checks... */ | |
25764 | + if(pfkey_x_kmprivate->sadb_x_kmprivate_len < | |
25765 | + sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) { | |
25766 | + DEBUGGING( | |
25767 | + "pfkey_x_kmprivate_parse: size wrong ext_len=%d, key_ext_len=%d.\n", | |
25768 | + pfkey_x_kmprivate->sadb_x_kmprivate_len, | |
25769 | + sizeof(struct sadb_x_kmprivate)); | |
25770 | + SENDERR(EINVAL); | |
25771 | + } | |
25772 | + | |
25773 | + if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) { | |
25774 | + DEBUGGING( | |
25775 | + " pfkey_x_kmprivate_parse: reserved=%d must be set to zero.\n", | |
25776 | + pfkey_x_kmprivate->sadb_x_kmprivate_reserved); | |
25777 | + SENDERR(EINVAL); | |
25778 | + } | |
25779 | + | |
25780 | + DEBUGGING( | |
25781 | + "pfkey_x_kmprivate_parse: Sorry, I can't parse exttype=%d yet.\n", | |
25782 | + pfkey_ext->sadb_ext_type); | |
25783 | + SENDERR(EINVAL); /* don't process these yet */ | |
25784 | + | |
25785 | +errlab: | |
25786 | + return error; | |
25787 | +} | |
25788 | + | |
25789 | +DEBUG_NO_STATIC int | |
25790 | +pfkey_x_satype_parse(struct sadb_ext *pfkey_ext) | |
25791 | +{ | |
25792 | + int error = 0; | |
25793 | + int i; | |
25794 | + struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext; | |
25795 | + | |
25796 | + DEBUGGING( | |
25797 | + "pfkey_x_satype_parse:\n"); | |
25798 | + /* sanity checks... */ | |
25799 | + if(pfkey_x_satype->sadb_x_satype_len != | |
25800 | + sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) { | |
25801 | + DEBUGGING( | |
25802 | + "pfkey_x_satype_parse: size wrong ext_len=%d, key_ext_len=%d.\n", | |
25803 | + pfkey_x_satype->sadb_x_satype_len, | |
25804 | + sizeof(struct sadb_x_satype)); | |
25805 | + SENDERR(EINVAL); | |
25806 | + } | |
25807 | + | |
25808 | + if(!pfkey_x_satype->sadb_x_satype_satype) { | |
25809 | + DEBUGGING( | |
25810 | + "pfkey_x_satype_parse: satype is zero, must be non-zero.\n"); | |
25811 | + SENDERR(EINVAL); | |
25812 | + } | |
25813 | + | |
25814 | + if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) { | |
25815 | + DEBUGGING( | |
25816 | + "pfkey_x_satype_parse: satype %d > max %d\n", | |
25817 | + pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX); | |
25818 | + SENDERR(EINVAL); | |
25819 | + } | |
25820 | + | |
25821 | + if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) { | |
25822 | + DEBUGGING( | |
25823 | + "pfkey_x_satype_parse: proto lookup from satype=%d failed.\n", | |
25824 | + pfkey_x_satype->sadb_x_satype_satype); | |
25825 | + SENDERR(EINVAL); | |
25826 | + } | |
25827 | + | |
25828 | + for(i = 0; i < 3; i++) { | |
25829 | + if(pfkey_x_satype->sadb_x_satype_reserved[i]) { | |
25830 | + DEBUGGING( | |
25831 | + " pfkey_x_satype_parse: reserved[%d]=%d must be set to zero.\n", | |
25832 | + i, pfkey_x_satype->sadb_x_satype_reserved[i]); | |
25833 | + SENDERR(EINVAL); | |
25834 | + } | |
25835 | + } | |
25836 | + | |
25837 | +errlab: | |
25838 | + return error; | |
25839 | +} | |
25840 | + | |
25841 | +DEBUG_NO_STATIC int | |
25842 | +pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext) | |
25843 | +{ | |
25844 | + int error = 0; | |
25845 | + int i; | |
25846 | + struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext; | |
25847 | + | |
25848 | + DEBUGGING( | |
25849 | + "pfkey_x_debug_parse:\n"); | |
25850 | + /* sanity checks... */ | |
25851 | + if(pfkey_x_debug->sadb_x_debug_len != | |
25852 | + sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) { | |
25853 | + DEBUGGING( | |
25854 | + "pfkey_x_debug_parse: size wrong ext_len=%d, key_ext_len=%d.\n", | |
25855 | + pfkey_x_debug->sadb_x_debug_len, | |
25856 | + sizeof(struct sadb_x_debug)); | |
25857 | + SENDERR(EINVAL); | |
25858 | + } | |
25859 | + | |
25860 | + for(i = 0; i < 4; i++) { | |
25861 | + if(pfkey_x_debug->sadb_x_debug_reserved[i]) { | |
25862 | + DEBUGGING( | |
25863 | + " pfkey_x_debug_parse: reserved[%d]=%d must be set to zero.\n", | |
25864 | + i, pfkey_x_debug->sadb_x_debug_reserved[i]); | |
25865 | + SENDERR(EINVAL); | |
25866 | + } | |
25867 | + } | |
25868 | + | |
25869 | +errlab: | |
25870 | + return error; | |
25871 | +} | |
25872 | + | |
25873 | +int (*ext_default_parsers[SADB_EXT_MAX +1])(struct sadb_ext*) = | |
25874 | +{ | |
25875 | + NULL, /* pfkey_msg_parse, */ | |
25876 | + pfkey_sa_parse, | |
25877 | + pfkey_lifetime_parse, | |
25878 | + pfkey_lifetime_parse, | |
25879 | + pfkey_lifetime_parse, | |
25880 | + pfkey_address_parse, | |
25881 | + pfkey_address_parse, | |
25882 | + pfkey_address_parse, | |
25883 | + pfkey_key_parse, | |
25884 | + pfkey_key_parse, | |
25885 | + pfkey_ident_parse, | |
25886 | + pfkey_ident_parse, | |
25887 | + pfkey_sens_parse, | |
25888 | + pfkey_prop_parse, | |
25889 | + pfkey_supported_parse, | |
25890 | + pfkey_supported_parse, | |
25891 | + pfkey_spirange_parse, | |
25892 | + pfkey_x_kmprivate_parse, | |
25893 | + pfkey_x_satype_parse, | |
25894 | + pfkey_sa_parse, | |
25895 | + pfkey_address_parse, | |
25896 | + pfkey_address_parse, | |
25897 | + pfkey_address_parse, | |
25898 | + pfkey_address_parse, | |
25899 | + pfkey_address_parse, | |
25900 | + pfkey_x_ext_debug_parse | |
25901 | +}; | |
25902 | + | |
25903 | +int | |
25904 | +pfkey_msg_parse(struct sadb_msg *pfkey_msg, | |
25905 | + int (*ext_parsers[])(struct sadb_ext*), | |
25906 | + struct sadb_ext *extensions[], | |
25907 | + int dir) | |
25908 | +{ | |
25909 | + int error = 0; | |
25910 | + int remain; | |
25911 | + struct sadb_ext *pfkey_ext; | |
25912 | + int extensions_seen = 0; | |
25913 | + | |
25914 | + DEBUGGING( | |
25915 | + "pfkey_msg_parse: parsing message " | |
25916 | + "ver=%d, type=%d, errno=%d, satype=%d, len=%d, res=%d, seq=%d, pid=%d.\n", | |
25917 | + pfkey_msg->sadb_msg_version, | |
25918 | + pfkey_msg->sadb_msg_type, | |
25919 | + pfkey_msg->sadb_msg_errno, | |
25920 | + pfkey_msg->sadb_msg_satype, | |
25921 | + pfkey_msg->sadb_msg_len, | |
25922 | + pfkey_msg->sadb_msg_reserved, | |
25923 | + pfkey_msg->sadb_msg_seq, | |
25924 | + pfkey_msg->sadb_msg_pid); | |
25925 | + | |
25926 | + if(ext_parsers == NULL) ext_parsers = ext_default_parsers; | |
25927 | + | |
25928 | + pfkey_extensions_init(extensions); | |
25929 | + | |
25930 | + remain = pfkey_msg->sadb_msg_len; | |
25931 | + remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; | |
25932 | + | |
25933 | + pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg + | |
25934 | + sizeof(struct sadb_msg)); | |
25935 | + | |
25936 | + extensions[0] = (struct sadb_ext *) pfkey_msg; | |
25937 | + | |
25938 | + | |
25939 | + if(pfkey_msg->sadb_msg_version != PF_KEY_V2) { | |
25940 | + DEBUGGING( | |
25941 | + "pfkey_msg_parse: " | |
25942 | + "not PF_KEY_V2 msg, found %d, should be %d.\n", | |
25943 | + pfkey_msg->sadb_msg_version, | |
25944 | + PF_KEY_V2); | |
25945 | + SENDERR(EINVAL); | |
25946 | + } | |
25947 | + | |
25948 | + if(!pfkey_msg->sadb_msg_type) { | |
25949 | + DEBUGGING( | |
25950 | + "pfkey_msg_parse: msg type not set, must be non-zero..\n"); | |
25951 | + SENDERR(EINVAL); | |
25952 | + } | |
25953 | + | |
25954 | + if(pfkey_msg->sadb_msg_type > SADB_MAX) { | |
25955 | + DEBUGGING( | |
25956 | + "pfkey_msg_parse: msg type=%d > max=%d.\n", | |
25957 | + pfkey_msg->sadb_msg_type, | |
25958 | + SADB_MAX); | |
25959 | + SENDERR(EINVAL); | |
25960 | + } | |
25961 | + | |
25962 | + switch(pfkey_msg->sadb_msg_type) { | |
25963 | + case SADB_GETSPI: | |
25964 | + case SADB_UPDATE: | |
25965 | + case SADB_ADD: | |
25966 | + case SADB_DELETE: | |
25967 | + case SADB_GET: | |
25968 | + case SADB_ACQUIRE: | |
25969 | + case SADB_REGISTER: | |
25970 | + case SADB_EXPIRE: | |
25971 | +#if 0 | |
25972 | + case SADB_X_PROMISC: | |
25973 | + case SADB_X_PCHANGE: | |
25974 | +#endif | |
25975 | + case SADB_X_GRPSA: | |
25976 | + if(!pfkey_msg->sadb_msg_satype) { | |
25977 | + DEBUGGING( | |
25978 | + "pfkey_msg_parse: satype is zero, must be non-zero for msg_type %d.\n", pfkey_msg->sadb_msg_type); | |
25979 | + SENDERR(EINVAL); | |
25980 | + } | |
25981 | + switch(pfkey_msg->sadb_msg_satype) { | |
25982 | + case SADB_SATYPE_ESP: | |
25983 | + case SADB_SATYPE_AH: | |
25984 | + case SADB_X_SATYPE_IPIP: | |
25985 | + case SADB_X_SATYPE_COMP: | |
25986 | + break; | |
25987 | + default: | |
25988 | + DEBUGGING( | |
25989 | + "pfkey_msg_parse: " | |
25990 | + "satype=%d is not supported yet.\n", | |
25991 | + pfkey_msg->sadb_msg_satype); | |
25992 | + SENDERR(EINVAL); | |
25993 | + } | |
25994 | + break; | |
25995 | + default: | |
25996 | + } | |
25997 | + | |
25998 | + /* errno must not be set in downward messages */ | |
25999 | + /* this is not entirely true... a response to an ACQUIRE could return an error */ | |
26000 | + if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) { | |
26001 | + DEBUGGING( | |
26002 | + "pfkey_msg_parse: " | |
26003 | + "errno set to %d.\n", | |
26004 | + pfkey_msg->sadb_msg_errno); | |
26005 | + SENDERR(EINVAL); | |
26006 | + } | |
26007 | + | |
26008 | + DEBUGGING( | |
26009 | + "pfkey_msg_parse: remain=%d, ext_type=%d, ext_len=%d.\n", | |
26010 | + remain, pfkey_ext->sadb_ext_type, pfkey_ext->sadb_ext_len); | |
26011 | + | |
26012 | + DEBUGGING( | |
26013 | + "pfkey_msg_parse: extensions " | |
26014 | + "permitted=%08x, required=%08x.\n", | |
26015 | + extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], | |
26016 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); | |
26017 | + | |
26018 | + extensions_seen = 1; | |
26019 | + | |
26020 | + while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) { | |
26021 | + /* Is there enough message left to support another extension header? */ | |
26022 | + if(remain < pfkey_ext->sadb_ext_len) { | |
26023 | + DEBUGGING( | |
26024 | + "pfkey_msg_parse: remain %d less than ext len %d.\n", | |
26025 | + remain, pfkey_ext->sadb_ext_len); | |
26026 | + SENDERR(EINVAL); | |
26027 | + } | |
26028 | + | |
26029 | + DEBUGGING( | |
26030 | + "pfkey_msg_parse: parsing ext type=%d remain=%d.\n", | |
26031 | + pfkey_ext->sadb_ext_type, | |
26032 | + remain); | |
26033 | + | |
26034 | + /* Is the extension header type valid? */ | |
26035 | + if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) { | |
26036 | + DEBUGGING( | |
26037 | + "pfkey_msg_parse: ext type %d invalid, SADB_EXT_MAX=%d.\n", | |
26038 | + pfkey_ext->sadb_ext_type, SADB_EXT_MAX); | |
26039 | + SENDERR(EINVAL); | |
26040 | + } | |
26041 | + | |
26042 | + /* Have we already seen this type of extension? */ | |
26043 | + if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0) | |
26044 | + { | |
26045 | + DEBUGGING( | |
26046 | + "pfkey_msg_parse: ext type %d already seen.\n", | |
26047 | + pfkey_ext->sadb_ext_type); | |
26048 | + SENDERR(EINVAL); | |
26049 | + } | |
26050 | + | |
26051 | + /* Do I even know about this type of extension? */ | |
26052 | + if(!(ext_parsers[pfkey_ext->sadb_ext_type])) { | |
26053 | + DEBUGGING( | |
26054 | + "pfkey_msg_parse: ext type %d unknown, ignoring.\n", | |
26055 | + pfkey_ext->sadb_ext_type); | |
26056 | + goto next_ext; | |
26057 | + } | |
26058 | + | |
26059 | + /* Is this type of extension permitted for this type of message? */ | |
26060 | + if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] & | |
26061 | + 1<<pfkey_ext->sadb_ext_type)) { | |
26062 | + DEBUGGING( | |
26063 | + "pfkey_msg_parse: ext type %d not permitted, exts_perm_in=%08x, 1<<type=%08x\n", | |
26064 | + pfkey_ext->sadb_ext_type, | |
26065 | + extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], | |
26066 | + 1<<pfkey_ext->sadb_ext_type); | |
26067 | + SENDERR(EINVAL); | |
26068 | + } | |
26069 | + | |
26070 | + DEBUGGING( | |
26071 | + "pfkey_msg_parse: About to parse extension %d %p with parser %p.\n", | |
26072 | + pfkey_ext->sadb_ext_type, | |
26073 | + pfkey_ext, | |
26074 | + ext_parsers[pfkey_ext->sadb_ext_type]); | |
26075 | + /* Parse the extension */ | |
26076 | + if((error = ext_parsers[pfkey_ext->sadb_ext_type](pfkey_ext))) { | |
26077 | + DEBUGGING( | |
26078 | + "pfkey_msg_parse: extension parsing for type %d failed with error %d.\n", | |
26079 | + pfkey_ext->sadb_ext_type, error); | |
26080 | + SENDERR(-error); | |
26081 | + } | |
26082 | + DEBUGGING( | |
26083 | + "pfkey_msg_parse: Extension %d parsed.\n", | |
26084 | + pfkey_ext->sadb_ext_type); | |
26085 | + | |
26086 | + /* Mark that we have seen this extension and remember the header location */ | |
26087 | + extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type ); | |
26088 | + extensions[pfkey_ext->sadb_ext_type] = pfkey_ext; | |
26089 | + | |
26090 | + next_ext: | |
26091 | + /* Calculate how much message remains */ | |
26092 | + remain -= pfkey_ext->sadb_ext_len; | |
26093 | + | |
26094 | + if(!remain) { | |
26095 | + break; | |
26096 | + } | |
26097 | + /* Find the next extension header */ | |
26098 | + pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext + | |
26099 | + pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); | |
26100 | + } | |
26101 | + | |
26102 | + if(remain) { | |
26103 | + DEBUGGING( | |
26104 | + "pfkey_msg_parse: unexpected remainder of %d.\n", | |
26105 | + remain); | |
26106 | + /* why is there still something remaining? */ | |
26107 | + SENDERR(EINVAL); | |
26108 | + } | |
26109 | + | |
26110 | + /* check required extensions */ | |
26111 | + DEBUGGING( | |
26112 | + "pfkey_msg_parse: extensions " | |
26113 | + "permitted=%08x, seen=%08x, required=%08x.\n", | |
26114 | + extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], | |
26115 | + extensions_seen, | |
26116 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); | |
26117 | + | |
26118 | + /* don't check further if it is an error return message since it | |
26119 | + may not have a body */ | |
26120 | + if(pfkey_msg->sadb_msg_errno) { | |
26121 | + return error; | |
26122 | + } | |
26123 | + | |
26124 | + if((extensions_seen & | |
26125 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) != | |
26126 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) { | |
26127 | + DEBUGGING( | |
26128 | + "pfkey_msg_parse: required extensions missing:%08x.\n", | |
26129 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] - | |
26130 | + (extensions_seen & | |
26131 | + extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type])); | |
26132 | + SENDERR(EINVAL); | |
26133 | + } | |
26134 | + | |
26135 | + if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW) | |
26136 | + && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW) | |
26137 | + != SADB_X_EXT_ADDRESS_DELFLOW) | |
26138 | + && (((extensions_seen & (1<<SADB_EXT_SA)) != (1<<SADB_EXT_SA)) | |
26139 | + || ((((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_flags | |
26140 | + & SADB_X_SAFLAGS_CLEARFLOW) | |
26141 | + != SADB_X_SAFLAGS_CLEARFLOW))) { | |
26142 | + DEBUGGING( | |
26143 | + "pfkey_msg_parse: " | |
26144 | + "required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n", | |
26145 | + SADB_X_EXT_ADDRESS_DELFLOW | |
26146 | + - (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW), | |
26147 | + (1<<SADB_EXT_SA) - (extensions_seen & (1<<SADB_EXT_SA))); | |
26148 | + SENDERR(EINVAL); | |
26149 | + } | |
26150 | + | |
26151 | + if((pfkey_msg->sadb_msg_type == SADB_ADD) || | |
26152 | + (pfkey_msg->sadb_msg_type == SADB_UPDATE)) { | |
26153 | + | |
26154 | + /* check maturity */ | |
26155 | + if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != | |
26156 | + SADB_SASTATE_MATURE) { | |
26157 | + DEBUGGING( | |
26158 | + "pfkey_msg_parse: " | |
26159 | + "state=%d for add or update should be MATURE=%d.\n", | |
26160 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, | |
26161 | + SADB_SASTATE_MATURE); | |
26162 | + SENDERR(EINVAL); | |
26163 | + } | |
26164 | + | |
26165 | + /* check AH and ESP */ | |
26166 | + if(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype == | |
26167 | + SADB_SATYPE_AH) { | |
26168 | + if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && | |
26169 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_auth != | |
26170 | + SADB_AALG_NONE)) { | |
26171 | + DEBUGGING( | |
26172 | + "pfkey_msg_parse: " | |
26173 | + "auth alg is zero, must be non-zero for AH SAs.\n"); | |
26174 | + SENDERR(EINVAL); | |
26175 | + } | |
26176 | + if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt != | |
26177 | + SADB_EALG_NONE) { | |
26178 | + DEBUGGING( | |
26179 | + "pfkey_msg_parse: " | |
26180 | + "AH handed encalg=%d, must be zero.\n", | |
26181 | + ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt); | |
26182 | + SENDERR(EINVAL); | |
26183 | + } | |
26184 | + } | |
26185 | + | |
26186 | + if(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype == | |
26187 | + SADB_SATYPE_ESP) { | |
26188 | + if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && | |
26189 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt != | |
26190 | + SADB_EALG_NONE)) { | |
26191 | + DEBUGGING( | |
26192 | + "pfkey_msg_parse: " | |
26193 | + "encrypt alg=%d is zero, must be non-zero for ESP=%d SAs.\n", | |
26194 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt, | |
26195 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); | |
26196 | + SENDERR(EINVAL); | |
26197 | + } | |
26198 | + if((((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt == | |
26199 | + SADB_EALG_NULL) && | |
26200 | + (((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth == | |
26201 | + SADB_AALG_NONE) ) { | |
26202 | + DEBUGGING( | |
26203 | + "pfkey_msg_parse: " | |
26204 | + "ESP handed encNULL+authNONE, illegal combination.\n"); | |
26205 | + SENDERR(EINVAL); | |
26206 | + } | |
26207 | + } | |
26208 | + } | |
26209 | +errlab: | |
26210 | + | |
26211 | + return error; | |
26212 | +} | |
26213 | + | |
26214 | +/* | |
26215 | + * $Log$ | |
26216 | + * Revision 1.30 2000/11/17 18:10:30 rgb | |
26217 | + * Fixed bugs mostly relating to spirange, to treat all spi variables as | |
26218 | + * network byte order since this is the way PF_KEYv2 stored spis. | |
26219 | + * | |
26220 | + * Revision 1.29 2000/10/12 00:02:39 rgb | |
26221 | + * Removed 'format, ##' nonsense from debug macros for RH7.0. | |
26222 | + * | |
26223 | + * Revision 1.28 2000/09/20 16:23:04 rgb | |
26224 | + * Remove over-paranoid extension check in the presence of sadb_msg_errno. | |
26225 | + * | |
26226 | + * Revision 1.27 2000/09/20 04:04:21 rgb | |
26227 | + * Changed static functions to DEBUG_NO_STATIC to reveal function names in | |
26228 | + * oopsen. | |
26229 | + * | |
26230 | + * Revision 1.26 2000/09/15 11:37:02 rgb | |
26231 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
26232 | + * IPCOMP zlib deflate code. | |
26233 | + * | |
26234 | + * Revision 1.25 2000/09/12 22:35:37 rgb | |
26235 | + * Restructured to remove unused extensions from CLEARFLOW messages. | |
26236 | + * | |
26237 | + * Revision 1.24 2000/09/12 18:59:54 rgb | |
26238 | + * Added Gerhard's IPv6 support to pfkey parts of libfreeswan. | |
26239 | + * | |
26240 | + * Revision 1.23 2000/09/12 03:27:00 rgb | |
26241 | + * Moved DEBUGGING definition to compile kernel with debug off. | |
26242 | + * | |
26243 | + * Revision 1.22 2000/09/09 06:39:27 rgb | |
26244 | + * Restrict pfkey errno check to downward messages only. | |
26245 | + * | |
26246 | + * Revision 1.21 2000/09/08 19:22:34 rgb | |
26247 | + * Enabled pfkey_sens_parse(). | |
26248 | + * Added check for errno on downward acquire messages only. | |
26249 | + * | |
26250 | + * Revision 1.20 2000/09/01 18:48:23 rgb | |
26251 | + * Fixed reserved check bug and added debug output in | |
26252 | + * pfkey_supported_parse(). | |
26253 | + * Fixed debug output label bug in pfkey_ident_parse(). | |
26254 | + * | |
26255 | + * Revision 1.19 2000/08/27 01:55:26 rgb | |
26256 | + * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code. | |
26257 | + * | |
26258 | + * Revision 1.18 2000/08/24 17:00:36 rgb | |
26259 | + * Ignore unknown extensions instead of failing. | |
26260 | + * | |
26261 | + * Revision 1.17 2000/06/02 22:54:14 rgb | |
26262 | + * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support. | |
26263 | + * | |
26264 | + * Revision 1.16 2000/05/10 19:25:11 rgb | |
26265 | + * Fleshed out proposal and supported extensions. | |
26266 | + * | |
26267 | + * Revision 1.15 2000/01/24 21:15:31 rgb | |
26268 | + * Added disabled pluto pfkey lib debug flag. | |
26269 | + * Added algo debugging reporting. | |
26270 | + * | |
26271 | + * Revision 1.14 2000/01/22 23:24:29 rgb | |
26272 | + * Added new functions proto2satype() and satype2proto() and lookup | |
26273 | + * table satype_tbl. Also added proto2name() since it was easy. | |
26274 | + * | |
26275 | + * Revision 1.13 2000/01/21 09:43:59 rgb | |
26276 | + * Cast ntohl(spi) as (unsigned long int) to shut up compiler. | |
26277 | + * | |
26278 | + * Revision 1.12 2000/01/21 06:28:19 rgb | |
26279 | + * Added address cases for eroute flows. | |
26280 | + * Indented compiler directives for readability. | |
26281 | + * Added klipsdebug switching capability. | |
26282 | + * | |
26283 | + * Revision 1.11 1999/12/29 21:14:59 rgb | |
26284 | + * Fixed debug text cut and paste typo. | |
26285 | + * | |
26286 | + * Revision 1.10 1999/12/10 17:45:24 rgb | |
26287 | + * Added address debugging. | |
26288 | + * | |
26289 | + * Revision 1.9 1999/12/09 23:11:42 rgb | |
26290 | + * Ditched <string.h> include since we no longer use memset(). | |
26291 | + * Use new pfkey_extensions_init() instead of memset(). | |
26292 | + * Added check for SATYPE in pfkey_msg_build(). | |
26293 | + * Tidy up comments and debugging comments. | |
26294 | + * | |
26295 | + * Revision 1.8 1999/12/07 19:55:26 rgb | |
26296 | + * Removed unused first argument from extension parsers. | |
26297 | + * Removed static pluto debug flag. | |
26298 | + * Moved message type and state checking to pfkey_msg_parse(). | |
26299 | + * Changed print[fk] type from lx to x to quiet compiler. | |
26300 | + * Removed redundant remain check. | |
26301 | + * Changed __u* types to uint* to avoid use of asm/types.h and | |
26302 | + * sys/types.h in userspace code. | |
26303 | + * | |
26304 | + * Revision 1.7 1999/12/01 22:20:51 rgb | |
26305 | + * Moved pfkey_lib_debug variable into the library. | |
26306 | + * Added pfkey version check into header parsing. | |
26307 | + * Added check for SATYPE only for those extensions that require a | |
26308 | + * non-zero value. | |
26309 | + * | |
26310 | + * Revision 1.6 1999/11/27 11:58:05 rgb | |
26311 | + * Added ipv6 headers. | |
26312 | + * Moved sadb_satype2proto protocol lookup table from | |
26313 | + * klips/net/ipsec/pfkey_v2_parser.c. | |
26314 | + * Enable lifetime_current checking. | |
26315 | + * Debugging error messages added. | |
26316 | + * Add argument to pfkey_msg_parse() for direction. | |
26317 | + * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. | |
26318 | + * Add CVS log entry to bottom of file. | |
26319 | + * Moved auth and enc alg check to pfkey_msg_parse(). | |
26320 | + * Enable accidentally disabled spirange parsing. | |
26321 | + * Moved protocol/algorithm checks from klips/net/ipsec/pfkey_v2_parser.c | |
26322 | + * | |
26323 | + */ | |
26324 | diff -druN linux-noipsec/net/ipsec/libfreeswan/pfkeyv2.h linux/net/ipsec/libfreeswan/pfkeyv2.h | |
26325 | --- linux-noipsec/net/ipsec/libfreeswan/pfkeyv2.h Thu Jan 1 01:00:00 1970 | |
26326 | +++ linux/net/ipsec/libfreeswan/pfkeyv2.h Tue Oct 10 22:10:20 2000 | |
26327 | @@ -0,0 +1,317 @@ | |
26328 | +/* | |
26329 | + * RCSID $Id$ | |
26330 | + */ | |
26331 | + | |
26332 | +/* | |
26333 | +This file defines structures and symbols for the PF_KEY Version 2 | |
26334 | +key management interface. It was written at the U.S. Naval Research | |
26335 | +Laboratory. This file is in the public domain. The authors ask that | |
26336 | +you leave this credit intact on any copies of this file. | |
26337 | +*/ | |
26338 | +#ifndef __PFKEY_V2_H | |
26339 | +#define __PFKEY_V2_H 1 | |
26340 | + | |
26341 | +#define PF_KEY_V2 2 | |
26342 | +#define PFKEYV2_REVISION 199806L | |
26343 | + | |
26344 | +#define SADB_RESERVED 0 | |
26345 | +#define SADB_GETSPI 1 | |
26346 | +#define SADB_UPDATE 2 | |
26347 | +#define SADB_ADD 3 | |
26348 | +#define SADB_DELETE 4 | |
26349 | +#define SADB_GET 5 | |
26350 | +#define SADB_ACQUIRE 6 | |
26351 | +#define SADB_REGISTER 7 | |
26352 | +#define SADB_EXPIRE 8 | |
26353 | +#define SADB_FLUSH 9 | |
26354 | +#define SADB_DUMP 10 | |
26355 | +#define SADB_X_PROMISC 11 | |
26356 | +#define SADB_X_PCHANGE 12 | |
26357 | +#define SADB_X_GRPSA 13 | |
26358 | +#define SADB_X_ADDFLOW 14 | |
26359 | +#define SADB_X_DELFLOW 15 | |
26360 | +#define SADB_X_DEBUG 16 | |
26361 | +#define SADB_MAX 16 | |
26362 | + | |
26363 | +struct sadb_msg { | |
26364 | + uint8_t sadb_msg_version; | |
26365 | + uint8_t sadb_msg_type; | |
26366 | + uint8_t sadb_msg_errno; | |
26367 | + uint8_t sadb_msg_satype; | |
26368 | + uint16_t sadb_msg_len; | |
26369 | + uint16_t sadb_msg_reserved; | |
26370 | + uint32_t sadb_msg_seq; | |
26371 | + uint32_t sadb_msg_pid; | |
26372 | +}; | |
26373 | + | |
26374 | +struct sadb_ext { | |
26375 | + uint16_t sadb_ext_len; | |
26376 | + uint16_t sadb_ext_type; | |
26377 | +}; | |
26378 | + | |
26379 | +struct sadb_sa { | |
26380 | + uint16_t sadb_sa_len; | |
26381 | + uint16_t sadb_sa_exttype; | |
26382 | + uint32_t sadb_sa_spi; | |
26383 | + uint8_t sadb_sa_replay; | |
26384 | + uint8_t sadb_sa_state; | |
26385 | + uint8_t sadb_sa_auth; | |
26386 | + uint8_t sadb_sa_encrypt; | |
26387 | + uint32_t sadb_sa_flags; | |
26388 | +}; | |
26389 | + | |
26390 | +struct sadb_lifetime { | |
26391 | + uint16_t sadb_lifetime_len; | |
26392 | + uint16_t sadb_lifetime_exttype; | |
26393 | + uint32_t sadb_lifetime_allocations; | |
26394 | + uint64_t sadb_lifetime_bytes; | |
26395 | + uint64_t sadb_lifetime_addtime; | |
26396 | + uint64_t sadb_lifetime_usetime; | |
26397 | +}; | |
26398 | + | |
26399 | +struct sadb_address { | |
26400 | + uint16_t sadb_address_len; | |
26401 | + uint16_t sadb_address_exttype; | |
26402 | + uint8_t sadb_address_proto; | |
26403 | + uint8_t sadb_address_prefixlen; | |
26404 | + uint16_t sadb_address_reserved; | |
26405 | +}; | |
26406 | + | |
26407 | +struct sadb_key { | |
26408 | + uint16_t sadb_key_len; | |
26409 | + uint16_t sadb_key_exttype; | |
26410 | + uint16_t sadb_key_bits; | |
26411 | + uint16_t sadb_key_reserved; | |
26412 | +}; | |
26413 | + | |
26414 | +struct sadb_ident { | |
26415 | + uint16_t sadb_ident_len; | |
26416 | + uint16_t sadb_ident_exttype; | |
26417 | + uint16_t sadb_ident_type; | |
26418 | + uint16_t sadb_ident_reserved; | |
26419 | + uint64_t sadb_ident_id; | |
26420 | +}; | |
26421 | + | |
26422 | +struct sadb_sens { | |
26423 | + uint16_t sadb_sens_len; | |
26424 | + uint16_t sadb_sens_exttype; | |
26425 | + uint32_t sadb_sens_dpd; | |
26426 | + uint8_t sadb_sens_sens_level; | |
26427 | + uint8_t sadb_sens_sens_len; | |
26428 | + uint8_t sadb_sens_integ_level; | |
26429 | + uint8_t sadb_sens_integ_len; | |
26430 | + uint32_t sadb_sens_reserved; | |
26431 | +}; | |
26432 | + | |
26433 | +struct sadb_prop { | |
26434 | + uint16_t sadb_prop_len; | |
26435 | + uint16_t sadb_prop_exttype; | |
26436 | + uint8_t sadb_prop_replay; | |
26437 | + uint8_t sadb_prop_reserved[3]; | |
26438 | +}; | |
26439 | + | |
26440 | +struct sadb_comb { | |
26441 | + uint8_t sadb_comb_auth; | |
26442 | + uint8_t sadb_comb_encrypt; | |
26443 | + uint16_t sadb_comb_flags; | |
26444 | + uint16_t sadb_comb_auth_minbits; | |
26445 | + uint16_t sadb_comb_auth_maxbits; | |
26446 | + uint16_t sadb_comb_encrypt_minbits; | |
26447 | + uint16_t sadb_comb_encrypt_maxbits; | |
26448 | + uint32_t sadb_comb_reserved; | |
26449 | + uint32_t sadb_comb_soft_allocations; | |
26450 | + uint32_t sadb_comb_hard_allocations; | |
26451 | + uint64_t sadb_comb_soft_bytes; | |
26452 | + uint64_t sadb_comb_hard_bytes; | |
26453 | + uint64_t sadb_comb_soft_addtime; | |
26454 | + uint64_t sadb_comb_hard_addtime; | |
26455 | + uint64_t sadb_comb_soft_usetime; | |
26456 | + uint64_t sadb_comb_hard_usetime; | |
26457 | +}; | |
26458 | + | |
26459 | +struct sadb_supported { | |
26460 | + uint16_t sadb_supported_len; | |
26461 | + uint16_t sadb_supported_exttype; | |
26462 | + uint32_t sadb_supported_reserved; | |
26463 | +}; | |
26464 | + | |
26465 | +struct sadb_alg { | |
26466 | + uint8_t sadb_alg_id; | |
26467 | + uint8_t sadb_alg_ivlen; | |
26468 | + uint16_t sadb_alg_minbits; | |
26469 | + uint16_t sadb_alg_maxbits; | |
26470 | + uint16_t sadb_alg_reserved; | |
26471 | +}; | |
26472 | + | |
26473 | +struct sadb_spirange { | |
26474 | + uint16_t sadb_spirange_len; | |
26475 | + uint16_t sadb_spirange_exttype; | |
26476 | + uint32_t sadb_spirange_min; | |
26477 | + uint32_t sadb_spirange_max; | |
26478 | + uint32_t sadb_spirange_reserved; | |
26479 | +}; | |
26480 | + | |
26481 | +struct sadb_x_kmprivate { | |
26482 | + uint16_t sadb_x_kmprivate_len; | |
26483 | + uint16_t sadb_x_kmprivate_exttype; | |
26484 | + uint32_t sadb_x_kmprivate_reserved; | |
26485 | +}; | |
26486 | + | |
26487 | +struct sadb_x_satype { | |
26488 | + uint16_t sadb_x_satype_len; | |
26489 | + uint16_t sadb_x_satype_exttype; | |
26490 | + uint8_t sadb_x_satype_satype; | |
26491 | + uint8_t sadb_x_satype_reserved[3]; | |
26492 | +}; | |
26493 | + | |
26494 | +struct sadb_x_debug { | |
26495 | + uint16_t sadb_x_debug_len; | |
26496 | + uint16_t sadb_x_debug_exttype; | |
26497 | + uint32_t sadb_x_debug_tunnel; | |
26498 | + uint32_t sadb_x_debug_netlink; | |
26499 | + uint32_t sadb_x_debug_xform; | |
26500 | + uint32_t sadb_x_debug_eroute; | |
26501 | + uint32_t sadb_x_debug_spi; | |
26502 | + uint32_t sadb_x_debug_radij; | |
26503 | + uint32_t sadb_x_debug_esp; | |
26504 | + uint32_t sadb_x_debug_ah; | |
26505 | + uint32_t sadb_x_debug_rcv; | |
26506 | + uint32_t sadb_x_debug_pfkey; | |
26507 | + uint32_t sadb_x_debug_ipcomp; | |
26508 | + uint32_t sadb_x_debug_verbose; | |
26509 | + uint8_t sadb_x_debug_reserved[4]; | |
26510 | +}; | |
26511 | + | |
26512 | +#define SADB_EXT_RESERVED 0 | |
26513 | +#define SADB_EXT_SA 1 | |
26514 | +#define SADB_EXT_LIFETIME_CURRENT 2 | |
26515 | +#define SADB_EXT_LIFETIME_HARD 3 | |
26516 | +#define SADB_EXT_LIFETIME_SOFT 4 | |
26517 | +#define SADB_EXT_ADDRESS_SRC 5 | |
26518 | +#define SADB_EXT_ADDRESS_DST 6 | |
26519 | +#define SADB_EXT_ADDRESS_PROXY 7 | |
26520 | +#define SADB_EXT_KEY_AUTH 8 | |
26521 | +#define SADB_EXT_KEY_ENCRYPT 9 | |
26522 | +#define SADB_EXT_IDENTITY_SRC 10 | |
26523 | +#define SADB_EXT_IDENTITY_DST 11 | |
26524 | +#define SADB_EXT_SENSITIVITY 12 | |
26525 | +#define SADB_EXT_PROPOSAL 13 | |
26526 | +#define SADB_EXT_SUPPORTED_AUTH 14 | |
26527 | +#define SADB_EXT_SUPPORTED_ENCRYPT 15 | |
26528 | +#define SADB_EXT_SPIRANGE 16 | |
26529 | +#define SADB_X_EXT_KMPRIVATE 17 | |
26530 | +#define SADB_X_EXT_SATYPE2 18 | |
26531 | +#define SADB_X_EXT_SA2 19 | |
26532 | +#define SADB_X_EXT_ADDRESS_DST2 20 | |
26533 | +#define SADB_X_EXT_ADDRESS_SRC_FLOW 21 | |
26534 | +#define SADB_X_EXT_ADDRESS_DST_FLOW 22 | |
26535 | +#define SADB_X_EXT_ADDRESS_SRC_MASK 23 | |
26536 | +#define SADB_X_EXT_ADDRESS_DST_MASK 24 | |
26537 | +#define SADB_X_EXT_DEBUG 25 | |
26538 | +#define SADB_EXT_MAX 25 | |
26539 | + | |
26540 | +/* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */ | |
26541 | +#define SADB_X_EXT_ADDRESS_DELFLOW \ | |
26542 | + ( (1<<SADB_X_EXT_ADDRESS_SRC_FLOW) \ | |
26543 | + | (1<<SADB_X_EXT_ADDRESS_DST_FLOW) \ | |
26544 | + | (1<<SADB_X_EXT_ADDRESS_SRC_MASK) \ | |
26545 | + | (1<<SADB_X_EXT_ADDRESS_DST_MASK)) | |
26546 | + | |
26547 | +#define SADB_SATYPE_UNSPEC 0 | |
26548 | +#define SADB_SATYPE_AH 2 | |
26549 | +#define SADB_SATYPE_ESP 3 | |
26550 | +#define SADB_SATYPE_RSVP 5 | |
26551 | +#define SADB_SATYPE_OSPFV2 6 | |
26552 | +#define SADB_SATYPE_RIPV2 7 | |
26553 | +#define SADB_SATYPE_MIP 8 | |
26554 | +#define SADB_X_SATYPE_IPIP 9 | |
26555 | +#define SADB_X_SATYPE_COMP 10 | |
26556 | +#define SADB_SATYPE_MAX 10 | |
26557 | + | |
26558 | +#define SADB_SASTATE_LARVAL 0 | |
26559 | +#define SADB_SASTATE_MATURE 1 | |
26560 | +#define SADB_SASTATE_DYING 2 | |
26561 | +#define SADB_SASTATE_DEAD 3 | |
26562 | +#define SADB_SASTATE_MAX 3 | |
26563 | + | |
26564 | +#define SADB_SAFLAGS_PFS 1 | |
26565 | +#define SADB_X_SAFLAGS_REPLACEFLOW 2 | |
26566 | +#define SADB_X_SAFLAGS_CLEARFLOW 4 | |
26567 | + | |
26568 | +#define SADB_AALG_NONE 0 | |
26569 | +#define SADB_AALG_MD5HMAC 2 | |
26570 | +#define SADB_AALG_SHA1HMAC 3 | |
26571 | +#define SADB_AALG_MAX 3 | |
26572 | + | |
26573 | +#define SADB_EALG_NONE 0 | |
26574 | +#define SADB_EALG_DESCBC 2 | |
26575 | +#define SADB_EALG_3DESCBC 3 | |
26576 | +#define SADB_EALG_NULL 11 | |
26577 | +#define SADB_EALG_MAX 11 | |
26578 | + | |
26579 | +#define SADB_X_CALG_NONE 0 | |
26580 | +#define SADB_X_CALG_OUI 1 | |
26581 | +#define SADB_X_CALG_DEFLATE 2 | |
26582 | +#define SADB_X_CALG_LZS 3 | |
26583 | +#define SADB_X_CALG_V42BIS 4 | |
26584 | +#define SADB_X_CALG_MAX 4 | |
26585 | + | |
26586 | +#define SADB_X_TALG_NONE 0 | |
26587 | +#define SADB_X_TALG_IPv4_in_IPv4 1 | |
26588 | +#define SADB_X_TALG_IPv6_in_IPv4 2 | |
26589 | +#define SADB_X_TALG_IPv4_in_IPv6 3 | |
26590 | +#define SADB_X_TALG_IPv6_in_IPv6 4 | |
26591 | +#define SADB_X_TALG_MAX 4 | |
26592 | + | |
26593 | + | |
26594 | +#define SADB_IDENTTYPE_RESERVED 0 | |
26595 | +#define SADB_IDENTTYPE_PREFIX 1 | |
26596 | +#define SADB_IDENTTYPE_FQDN 2 | |
26597 | +#define SADB_IDENTTYPE_USERFQDN 3 | |
26598 | +#define SADB_IDENTTYPE_MAX 3 | |
26599 | + | |
26600 | +#define SADB_KEY_FLAGS_MAX 0 | |
26601 | +#endif /* __PFKEY_V2_H */ | |
26602 | + | |
26603 | +/* | |
26604 | + * $Log$ | |
26605 | + * Revision 1.13 2000/10/10 20:10:20 rgb | |
26606 | + * Added support for debug_ipcomp and debug_verbose to klipsdebug. | |
26607 | + * | |
26608 | + * Revision 1.12 2000/09/15 06:41:50 rgb | |
26609 | + * Added V42BIS constant. | |
26610 | + * | |
26611 | + * Revision 1.11 2000/09/12 22:35:37 rgb | |
26612 | + * Restructured to remove unused extensions from CLEARFLOW messages. | |
26613 | + * | |
26614 | + * Revision 1.10 2000/09/12 18:50:09 rgb | |
26615 | + * Added IPIP tunnel types as algo support. | |
26616 | + * | |
26617 | + * Revision 1.9 2000/08/21 16:47:19 rgb | |
26618 | + * Added SADB_X_CALG_* macros for IPCOMP. | |
26619 | + * | |
26620 | + * Revision 1.8 2000/08/09 20:43:34 rgb | |
26621 | + * Fixed bitmask value for SADB_X_SAFLAGS_CLEAREROUTE. | |
26622 | + * | |
26623 | + * Revision 1.7 2000/01/21 06:28:37 rgb | |
26624 | + * Added flow add/delete message type macros. | |
26625 | + * Added flow address extension type macros. | |
26626 | + * Tidied up spacing. | |
26627 | + * Added klipsdebug switching capability. | |
26628 | + * | |
26629 | + * Revision 1.6 1999/11/27 11:56:08 rgb | |
26630 | + * Add SADB_X_SATYPE_COMP for compression, eventually. | |
26631 | + * | |
26632 | + * Revision 1.5 1999/11/23 22:23:16 rgb | |
26633 | + * This file has been moved in the distribution from klips/net/ipsec to | |
26634 | + * lib. | |
26635 | + * | |
26636 | + * Revision 1.4 1999/04/29 15:23:29 rgb | |
26637 | + * Add GRPSA support. | |
26638 | + * Add support for a second SATYPE, SA and DST_ADDRESS. | |
26639 | + * Add IPPROTO_IPIP support. | |
26640 | + * | |
26641 | + * Revision 1.3 1999/04/15 17:58:08 rgb | |
26642 | + * Add RCSID labels. | |
26643 | + * | |
26644 | + */ | |
26645 | diff -druN linux-noipsec/net/ipsec/libfreeswan/portof.c linux/net/ipsec/libfreeswan/portof.c | |
26646 | --- linux-noipsec/net/ipsec/libfreeswan/portof.c Thu Jan 1 01:00:00 1970 | |
26647 | +++ linux/net/ipsec/libfreeswan/portof.c Fri Sep 8 20:03:45 2000 | |
26648 | @@ -0,0 +1,96 @@ | |
26649 | +/* | |
26650 | + * low-level ip_address ugliness | |
26651 | + * Copyright (C) 2000 Henry Spencer. | |
26652 | + * | |
26653 | + * This library is free software; you can redistribute it and/or modify it | |
26654 | + * under the terms of the GNU Library General Public License as published by | |
26655 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
26656 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
26657 | + * | |
26658 | + * This library is distributed in the hope that it will be useful, but | |
26659 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
26660 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
26661 | + * License for more details. | |
26662 | + * | |
26663 | + * RCSID $Id$ | |
26664 | + */ | |
26665 | +#include "internal.h" | |
26666 | +#include "freeswan.h" | |
26667 | + | |
26668 | +/* | |
26669 | + - portof - get the port field of an ip_address | |
26670 | + */ | |
26671 | +int /* network order */ | |
26672 | +portof(src) | |
26673 | +const ip_address *src; | |
26674 | +{ | |
26675 | + switch (src->u.v4.sin_family) { | |
26676 | + case AF_INET: | |
26677 | + return src->u.v4.sin_port; | |
26678 | + break; | |
26679 | + case AF_INET6: | |
26680 | + return src->u.v6.sin6_port; | |
26681 | + break; | |
26682 | + default: | |
26683 | + return -1; /* "can't happen" */ | |
26684 | + break; | |
26685 | + } | |
26686 | +} | |
26687 | + | |
26688 | +/* | |
26689 | + - setportof - set the port field of an ip_address | |
26690 | + */ | |
26691 | +void | |
26692 | +setportof(port, dst) | |
26693 | +int port; /* network order */ | |
26694 | +ip_address *dst; | |
26695 | +{ | |
26696 | + switch (dst->u.v4.sin_family) { | |
26697 | + case AF_INET: | |
26698 | + dst->u.v4.sin_port = port; | |
26699 | + break; | |
26700 | + case AF_INET6: | |
26701 | + dst->u.v6.sin6_port = port; | |
26702 | + break; | |
26703 | + } | |
26704 | +} | |
26705 | + | |
26706 | +/* | |
26707 | + - sockaddrof - get a pointer to the sockaddr hiding inside an ip_address | |
26708 | + */ | |
26709 | +struct sockaddr * | |
26710 | +sockaddrof(src) | |
26711 | +ip_address *src; | |
26712 | +{ | |
26713 | + switch (src->u.v4.sin_family) { | |
26714 | + case AF_INET: | |
26715 | + return (struct sockaddr *)&src->u.v4; | |
26716 | + break; | |
26717 | + case AF_INET6: | |
26718 | + return (struct sockaddr *)&src->u.v6; | |
26719 | + break; | |
26720 | + default: | |
26721 | + return NULL; /* "can't happen" */ | |
26722 | + break; | |
26723 | + } | |
26724 | +} | |
26725 | + | |
26726 | +/* | |
26727 | + - sockaddrlenof - get length of the sockaddr hiding inside an ip_address | |
26728 | + */ | |
26729 | +size_t /* 0 for error */ | |
26730 | +sockaddrlenof(src) | |
26731 | +const ip_address *src; | |
26732 | +{ | |
26733 | + switch (src->u.v4.sin_family) { | |
26734 | + case AF_INET: | |
26735 | + return sizeof(src->u.v4); | |
26736 | + break; | |
26737 | + case AF_INET6: | |
26738 | + return sizeof(src->u.v6); | |
26739 | + break; | |
26740 | + default: | |
26741 | + return 0; | |
26742 | + break; | |
26743 | + } | |
26744 | +} | |
26745 | diff -druN linux-noipsec/net/ipsec/libfreeswan/rangetoa.c linux/net/ipsec/libfreeswan/rangetoa.c | |
26746 | --- linux-noipsec/net/ipsec/libfreeswan/rangetoa.c Thu Jan 1 01:00:00 1970 | |
26747 | +++ linux/net/ipsec/libfreeswan/rangetoa.c Sun Apr 11 01:24:21 1999 | |
26748 | @@ -0,0 +1,61 @@ | |
26749 | +/* | |
26750 | + * convert binary form of address range to ASCII | |
26751 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
26752 | + * | |
26753 | + * This library is free software; you can redistribute it and/or modify it | |
26754 | + * under the terms of the GNU Library General Public License as published by | |
26755 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
26756 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
26757 | + * | |
26758 | + * This library is distributed in the hope that it will be useful, but | |
26759 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
26760 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
26761 | + * License for more details. | |
26762 | + * | |
26763 | + * RCSID $Id$ | |
26764 | + */ | |
26765 | +#include "internal.h" | |
26766 | +#include "freeswan.h" | |
26767 | + | |
26768 | +/* | |
26769 | + - rangetoa - convert address range to ASCII | |
26770 | + */ | |
26771 | +size_t /* space needed for full conversion */ | |
26772 | +rangetoa(addrs, format, dst, dstlen) | |
26773 | +struct in_addr addrs[2]; | |
26774 | +int format; /* character */ | |
26775 | +char *dst; /* need not be valid if dstlen is 0 */ | |
26776 | +size_t dstlen; | |
26777 | +{ | |
26778 | + size_t len; | |
26779 | + size_t rest; | |
26780 | + int n; | |
26781 | + char *p; | |
26782 | + | |
26783 | + switch (format) { | |
26784 | + case 0: | |
26785 | + break; | |
26786 | + default: | |
26787 | + return 0; | |
26788 | + break; | |
26789 | + } | |
26790 | + | |
26791 | + len = addrtoa(addrs[0], 0, dst, dstlen); | |
26792 | + if (len < dstlen) | |
26793 | + for (p = dst + len - 1, n = 3; len < dstlen && n > 0; | |
26794 | + p++, len++, n--) | |
26795 | + *p = '.'; | |
26796 | + else | |
26797 | + p = NULL; | |
26798 | + if (len < dstlen) | |
26799 | + rest = dstlen - len; | |
26800 | + else { | |
26801 | + if (dstlen > 0) | |
26802 | + *(dst + dstlen - 1) = '\0'; | |
26803 | + rest = 0; | |
26804 | + } | |
26805 | + | |
26806 | + len += addrtoa(addrs[1], 0, p, rest); | |
26807 | + | |
26808 | + return len; | |
26809 | +} | |
26810 | diff -druN linux-noipsec/net/ipsec/libfreeswan/rangetosubnet.c linux/net/ipsec/libfreeswan/rangetosubnet.c | |
26811 | --- linux-noipsec/net/ipsec/libfreeswan/rangetosubnet.c Thu Jan 1 01:00:00 1970 | |
26812 | +++ linux/net/ipsec/libfreeswan/rangetosubnet.c Fri Sep 8 20:03:45 2000 | |
26813 | @@ -0,0 +1,228 @@ | |
26814 | +/* | |
26815 | + * express an address range as a subnet (if possible) | |
26816 | + * Copyright (C) 2000 Henry Spencer. | |
26817 | + * | |
26818 | + * This library is free software; you can redistribute it and/or modify it | |
26819 | + * under the terms of the GNU Library General Public License as published by | |
26820 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
26821 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
26822 | + * | |
26823 | + * This library is distributed in the hope that it will be useful, but | |
26824 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
26825 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
26826 | + * License for more details. | |
26827 | + * | |
26828 | + * RCSID $Id$ | |
26829 | + */ | |
26830 | +#include "internal.h" | |
26831 | +#include "freeswan.h" | |
26832 | + | |
26833 | +/* | |
26834 | + - rangetosubnet - turn an address range into a subnet, if possible | |
26835 | + * | |
26836 | + * A range which is a valid subnet will have a network part which is the | |
26837 | + * same in the from value and the to value, followed by a host part which | |
26838 | + * is all 0 in the from value and all 1 in the to value. | |
26839 | + */ | |
26840 | +err_t | |
26841 | +rangetosubnet(from, to, dst) | |
26842 | +const ip_address *from; | |
26843 | +const ip_address *to; | |
26844 | +ip_subnet *dst; | |
26845 | +{ | |
26846 | + unsigned const char *fp; | |
26847 | + unsigned const char *tp; | |
26848 | + unsigned fb; | |
26849 | + unsigned tb; | |
26850 | + unsigned const char *f; | |
26851 | + unsigned const char *t; | |
26852 | + size_t n; | |
26853 | + size_t n2; | |
26854 | + int i; | |
26855 | + int nnet; | |
26856 | + unsigned m; | |
26857 | + | |
26858 | + if (addrtypeof(from) != addrtypeof(to)) | |
26859 | + return "mismatched address types"; | |
26860 | + n = addrbytesptr(from, &fp); | |
26861 | + if (n == 0) | |
26862 | + return "unknown address type"; | |
26863 | + n2 = addrbytesptr(to, &tp); | |
26864 | + if (n != n2) | |
26865 | + return "internal size mismatch in rangetosubnet"; | |
26866 | + | |
26867 | + f = fp; | |
26868 | + t = tp; | |
26869 | + nnet = 0; | |
26870 | + for (i = n; i > 0 && *f == *t; i--, f++, t++) | |
26871 | + nnet += 8; | |
26872 | + if (i > 0 && !(*f == 0x00 && *t == 0xff)) { /* mid-byte bdry. */ | |
26873 | + fb = *f++; | |
26874 | + tb = *t++; | |
26875 | + i--; | |
26876 | + m = 0x80; | |
26877 | + while ((fb&m) == (tb&m)) { | |
26878 | + fb &= ~m; | |
26879 | + tb |= m; | |
26880 | + m >>= 1; | |
26881 | + nnet++; | |
26882 | + } | |
26883 | + if (fb != 0x00 || tb != 0xff) | |
26884 | + return "not a valid subnet"; | |
26885 | + } | |
26886 | + for (; i > 0 && *f == 0x00 && *t == 0xff; i--, f++, t++) | |
26887 | + continue; | |
26888 | + | |
26889 | + if (i != 0) | |
26890 | + return "invalid subnet"; | |
26891 | + | |
26892 | + return initsubnet(from, nnet, 'x', dst); | |
26893 | +} | |
26894 | + | |
26895 | + | |
26896 | + | |
26897 | +#ifdef RANGETOSUBNET_MAIN | |
26898 | + | |
26899 | +#include <stdio.h> | |
26900 | + | |
26901 | +void regress(); | |
26902 | + | |
26903 | +int | |
26904 | +main(argc, argv) | |
26905 | +int argc; | |
26906 | +char *argv[]; | |
26907 | +{ | |
26908 | + ip_address start; | |
26909 | + ip_address stop; | |
26910 | + ip_subnet sub; | |
26911 | + char buf[100]; | |
26912 | + const char *oops; | |
26913 | + size_t n; | |
26914 | + int af; | |
26915 | + int i; | |
26916 | + | |
26917 | + if (argc == 2 && strcmp(argv[1], "-r") == 0) { | |
26918 | + regress(); | |
26919 | + fprintf(stderr, "regress() returned?!?\n"); | |
26920 | + exit(1); | |
26921 | + } | |
26922 | + | |
26923 | + if (argc < 3) { | |
26924 | + fprintf(stderr, "Usage: %s [-6] start stop\n", argv[0]); | |
26925 | + fprintf(stderr, " or: %s -r\n", argv[0]); | |
26926 | + exit(2); | |
26927 | + } | |
26928 | + | |
26929 | + af = AF_INET; | |
26930 | + i = 1; | |
26931 | + if (strcmp(argv[i], "-6") == 0) { | |
26932 | + af = AF_INET6; | |
26933 | + i++; | |
26934 | + } | |
26935 | + | |
26936 | + oops = ttoaddr(argv[i], 0, af, &start); | |
26937 | + if (oops != NULL) { | |
26938 | + fprintf(stderr, "%s: start conversion failed: %s\n", argv[0], oops); | |
26939 | + exit(1); | |
26940 | + } | |
26941 | + oops = ttoaddr(argv[i+1], 0, af, &stop); | |
26942 | + if (oops != NULL) { | |
26943 | + fprintf(stderr, "%s: stop conversion failed: %s\n", argv[0], oops); | |
26944 | + exit(1); | |
26945 | + } | |
26946 | + oops = rangetosubnet(&start, &stop, &sub); | |
26947 | + if (oops != NULL) { | |
26948 | + fprintf(stderr, "%s: rangetosubnet failed: %s\n", argv[0], oops); | |
26949 | + exit(1); | |
26950 | + } | |
26951 | + n = subnettot(&sub, 0, buf, sizeof(buf)); | |
26952 | + if (n > sizeof(buf)) { | |
26953 | + fprintf(stderr, "%s: reverse conversion", argv[0]); | |
26954 | + fprintf(stderr, " failed: need %ld bytes, have only %ld\n", | |
26955 | + (long)n, (long)sizeof(buf)); | |
26956 | + exit(1); | |
26957 | + } | |
26958 | + printf("%s\n", buf); | |
26959 | + | |
26960 | + exit(0); | |
26961 | +} | |
26962 | + | |
26963 | +struct rtab { | |
26964 | + int family; | |
26965 | + char *start; | |
26966 | + char *stop; | |
26967 | + char *output; /* NULL means error expected */ | |
26968 | +} rtab[] = { | |
26969 | + 4, "1.2.3.0", "1.2.3.255", "1.2.3.0/24", | |
26970 | + 4, "1.2.3.0", "1.2.3.7", "1.2.3.0/29", | |
26971 | + 4, "1.2.3.240", "1.2.3.255", "1.2.3.240/28", | |
26972 | + 4, "0.0.0.0", "255.255.255.255", "0.0.0.0/0", | |
26973 | + 4, "1.2.3.4", "1.2.3.4", "1.2.3.4/32", | |
26974 | + 4, "1.2.3.0", "1.2.3.254", NULL, | |
26975 | + 4, "1.2.3.0", "1.2.3.126", NULL, | |
26976 | + 4, "1.2.3.0", "1.2.3.125", NULL, | |
26977 | + 4, "1.2.0.0", "1.2.255.255", "1.2.0.0/16", | |
26978 | + 4, "1.2.0.0", "1.2.0.255", "1.2.0.0/24", | |
26979 | + 4, "1.2.255.0", "1.2.255.255", "1.2.255.0/24", | |
26980 | + 4, "1.2.255.0", "1.2.254.255", NULL, | |
26981 | + 4, "1.2.255.1", "1.2.255.255", NULL, | |
26982 | + 4, "1.2.0.1", "1.2.255.255", NULL, | |
26983 | + 6, "1:2:3:4:5:6:7:0", "1:2:3:4:5:6:7:ffff", "1:2:3:4:5:6:7:0/112", | |
26984 | + 6, "1:2:3:4:5:6:7:0", "1:2:3:4:5:6:7:fff", "1:2:3:4:5:6:7:0/116", | |
26985 | + 6, "1:2:3:4:5:6:7:f0", "1:2:3:4:5:6:7:ff", "1:2:3:4:5:6:7:f0/124", | |
26986 | + 4, NULL, NULL, NULL, | |
26987 | +}; | |
26988 | + | |
26989 | +void | |
26990 | +regress() | |
26991 | +{ | |
26992 | + struct rtab *r; | |
26993 | + int status = 0; | |
26994 | + ip_address start; | |
26995 | + ip_address stop; | |
26996 | + ip_subnet sub; | |
26997 | + char buf[100]; | |
26998 | + const char *oops; | |
26999 | + size_t n; | |
27000 | + int af; | |
27001 | + | |
27002 | + for (r = rtab; r->start != NULL; r++) { | |
27003 | + af = (r->family == 4) ? AF_INET : AF_INET6; | |
27004 | + oops = ttoaddr(r->start, 0, af, &start); | |
27005 | + if (oops != NULL) { | |
27006 | + printf("surprise failure converting `%s'\n", r->start); | |
27007 | + exit(1); | |
27008 | + } | |
27009 | + oops = ttoaddr(r->stop, 0, af, &stop); | |
27010 | + if (oops != NULL) { | |
27011 | + printf("surprise failure converting `%s'\n", r->stop); | |
27012 | + exit(1); | |
27013 | + } | |
27014 | + oops = rangetosubnet(&start, &stop, &sub); | |
27015 | + if (oops != NULL && r->output == NULL) | |
27016 | + {} /* okay, error expected */ | |
27017 | + else if (oops != NULL) { | |
27018 | + printf("`%s'-`%s' rangetosubnet failed: %s\n", | |
27019 | + r->start, r->stop, oops); | |
27020 | + status = 1; | |
27021 | + } else if (r->output == NULL) { | |
27022 | + printf("`%s'-`%s' rangetosubnet succeeded unexpectedly\n", | |
27023 | + r->start, r->stop); | |
27024 | + status = 1; | |
27025 | + } else { | |
27026 | + n = subnettot(&sub, 0, buf, sizeof(buf)); | |
27027 | + if (n > sizeof(buf)) { | |
27028 | + printf("`%s'-`%s' subnettot failed: need %ld\n", | |
27029 | + r->start, r->stop, (long)n); | |
27030 | + status = 1; | |
27031 | + } else if (strcmp(r->output, buf) != 0) { | |
27032 | + printf("`%s'-`%s' gave `%s', expected `%s'\n", | |
27033 | + r->start, r->stop, buf, r->output); | |
27034 | + status = 1; | |
27035 | + } | |
27036 | + } | |
27037 | + } | |
27038 | + exit(status); | |
27039 | +} | |
27040 | + | |
27041 | +#endif /* RANGETOSUBNET_MAIN */ | |
27042 | diff -druN linux-noipsec/net/ipsec/libfreeswan/sameaddr.c linux/net/ipsec/libfreeswan/sameaddr.c | |
27043 | --- linux-noipsec/net/ipsec/libfreeswan/sameaddr.c Thu Jan 1 01:00:00 1970 | |
27044 | +++ linux/net/ipsec/libfreeswan/sameaddr.c Wed Nov 29 17:34:01 2000 | |
27045 | @@ -0,0 +1,190 @@ | |
27046 | +/* | |
27047 | + * comparisons | |
27048 | + * Copyright (C) 2000 Henry Spencer. | |
27049 | + * | |
27050 | + * This library is free software; you can redistribute it and/or modify it | |
27051 | + * under the terms of the GNU Library General Public License as published by | |
27052 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
27053 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
27054 | + * | |
27055 | + * This library is distributed in the hope that it will be useful, but | |
27056 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
27057 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
27058 | + * License for more details. | |
27059 | + * | |
27060 | + * RCSID $Id$ | |
27061 | + */ | |
27062 | +#include "internal.h" | |
27063 | +#include "freeswan.h" | |
27064 | + | |
27065 | +static int samenbits(const ip_address *a, const ip_address *b, int n); | |
27066 | + | |
27067 | +/* | |
27068 | + - addrcmp - compare two addresses | |
27069 | + * Caution, the order of the tests is subtle: doing type test before | |
27070 | + * size test can yield cases where a<b, b<c, but a>c. | |
27071 | + */ | |
27072 | +int /* like memcmp */ | |
27073 | +addrcmp(a, b) | |
27074 | +const ip_address *a; | |
27075 | +const ip_address *b; | |
27076 | +{ | |
27077 | + int at = addrtypeof(a); | |
27078 | + int bt = addrtypeof(b); | |
27079 | + const unsigned char *ap; | |
27080 | + const unsigned char *bp; | |
27081 | + size_t as = addrbytesptr(a, &ap); | |
27082 | + size_t bs = addrbytesptr(b, &bp); | |
27083 | + size_t n = (as < bs) ? as : bs; /* min(as, bs) */ | |
27084 | + int c = memcmp(ap, bp, n); | |
27085 | + | |
27086 | + if (c != 0) /* bytes differ */ | |
27087 | + return (c < 0) ? -1 : 1; | |
27088 | + if (as != bs) /* comparison incomplete: lexical order */ | |
27089 | + return (as < bs) ? -1 : 1; | |
27090 | + if (at != bt) /* bytes same but not same type: break tie */ | |
27091 | + return (at < bt) ? -1 : 1; | |
27092 | + return 0; | |
27093 | +} | |
27094 | + | |
27095 | +/* | |
27096 | + - sameaddr - are two addresses the same? | |
27097 | + */ | |
27098 | +int | |
27099 | +sameaddr(a, b) | |
27100 | +const ip_address *a; | |
27101 | +const ip_address *b; | |
27102 | +{ | |
27103 | + return (addrcmp(a, b) == 0) ? 1 : 0; | |
27104 | +} | |
27105 | + | |
27106 | +/* | |
27107 | + - samesubnet - are two subnets the same? | |
27108 | + */ | |
27109 | +int | |
27110 | +samesubnet(a, b) | |
27111 | +const ip_subnet *a; | |
27112 | +const ip_subnet *b; | |
27113 | +{ | |
27114 | + if (!sameaddr(&a->addr, &b->addr)) /* also does type check */ | |
27115 | + return 0; | |
27116 | + if (a->maskbits != b->maskbits) | |
27117 | + return 0; | |
27118 | + return 1; | |
27119 | +} | |
27120 | + | |
27121 | +/* | |
27122 | + - subnetishost - is a subnet in fact a single host? | |
27123 | + */ | |
27124 | +int | |
27125 | +subnetishost(a) | |
27126 | +const ip_subnet *a; | |
27127 | +{ | |
27128 | + return (a->maskbits == addrlenof(&a->addr)*8) ? 1 : 0; | |
27129 | +} | |
27130 | + | |
27131 | +/* | |
27132 | + - samesaid - are two SA IDs the same? | |
27133 | + */ | |
27134 | +int | |
27135 | +samesaid(a, b) | |
27136 | +const ip_said *a; | |
27137 | +const ip_said *b; | |
27138 | +{ | |
27139 | + if (a->spi != b->spi) /* test first, most likely to be different */ | |
27140 | + return 0; | |
27141 | + if (!sameaddr(&a->dst, &b->dst)) | |
27142 | + return 0; | |
27143 | + if (a->proto != b->proto) | |
27144 | + return 0; | |
27145 | + return 1; | |
27146 | +} | |
27147 | + | |
27148 | +/* | |
27149 | + - sameaddrtype - do two addresses have the same type? | |
27150 | + */ | |
27151 | +int | |
27152 | +sameaddrtype(a, b) | |
27153 | +const ip_address *a; | |
27154 | +const ip_address *b; | |
27155 | +{ | |
27156 | + return (addrtypeof(a) == addrtypeof(b)) ? 1 : 0; | |
27157 | +} | |
27158 | + | |
27159 | +/* | |
27160 | + - samesubnettype - do two subnets have the same type? | |
27161 | + */ | |
27162 | +int | |
27163 | +samesubnettype(a, b) | |
27164 | +const ip_subnet *a; | |
27165 | +const ip_subnet *b; | |
27166 | +{ | |
27167 | + return (subnettypeof(a) == subnettypeof(b)) ? 1 : 0; | |
27168 | +} | |
27169 | + | |
27170 | +/* | |
27171 | + - addrinsubnet - is this address in this subnet? | |
27172 | + */ | |
27173 | +int | |
27174 | +addrinsubnet(a, s) | |
27175 | +const ip_address *a; | |
27176 | +const ip_subnet *s; | |
27177 | +{ | |
27178 | + if (addrtypeof(a) != subnettypeof(s)) | |
27179 | + return 0; | |
27180 | + if (!samenbits(a, &s->addr, s->maskbits)) | |
27181 | + return 0; | |
27182 | + return 1; | |
27183 | +} | |
27184 | + | |
27185 | +/* | |
27186 | + - subnetinsubnet - is one subnet within another? | |
27187 | + */ | |
27188 | +int | |
27189 | +subnetinsubnet(a, b) | |
27190 | +const ip_subnet *a; | |
27191 | +const ip_subnet *b; | |
27192 | +{ | |
27193 | + if (subnettypeof(a) != subnettypeof(b)) | |
27194 | + return 0; | |
27195 | + if (a->maskbits < b->maskbits) /* a is bigger than b */ | |
27196 | + return 0; | |
27197 | + if (!samenbits(&a->addr, &b->addr, b->maskbits)) | |
27198 | + return 0; | |
27199 | + return 1; | |
27200 | +} | |
27201 | + | |
27202 | +/* | |
27203 | + - samenbits - do two addresses have the same first n bits? | |
27204 | + */ | |
27205 | +static int | |
27206 | +samenbits(a, b, nbits) | |
27207 | +const ip_address *a; | |
27208 | +const ip_address *b; | |
27209 | +int nbits; | |
27210 | +{ | |
27211 | + const unsigned char *ap; | |
27212 | + const unsigned char *bp; | |
27213 | + size_t n; | |
27214 | + int m; | |
27215 | + | |
27216 | + if (addrtypeof(a) != addrtypeof(b)) | |
27217 | + return 0; /* arbitrary */ | |
27218 | + n = addrbytesptr(a, &ap); | |
27219 | + if (n == 0) | |
27220 | + return 0; /* arbitrary */ | |
27221 | + (void) addrbytesptr(b, &bp); | |
27222 | + if (nbits > n*8) | |
27223 | + return 0; /* "can't happen" */ | |
27224 | + | |
27225 | + for (; nbits >= 8 && *ap == *bp; nbits -= 8, ap++, bp++) | |
27226 | + continue; | |
27227 | + if (nbits >= 8) | |
27228 | + return 0; | |
27229 | + if (nbits > 0) { /* partial byte */ | |
27230 | + m = ~(0xff >> nbits); | |
27231 | + if ((*ap & m) != (*bp & m)) | |
27232 | + return 0; | |
27233 | + } | |
27234 | + return 1; | |
27235 | +} | |
27236 | diff -druN linux-noipsec/net/ipsec/libfreeswan/satoa.c linux/net/ipsec/libfreeswan/satoa.c | |
27237 | --- linux-noipsec/net/ipsec/libfreeswan/satoa.c Thu Jan 1 01:00:00 1970 | |
27238 | +++ linux/net/ipsec/libfreeswan/satoa.c Sat Sep 16 08:43:47 2000 | |
27239 | @@ -0,0 +1,83 @@ | |
27240 | +/* | |
27241 | + * convert from binary form of SA ID to ASCII | |
27242 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
27243 | + * | |
27244 | + * This library is free software; you can redistribute it and/or modify it | |
27245 | + * under the terms of the GNU Library General Public License as published by | |
27246 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
27247 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
27248 | + * | |
27249 | + * This library is distributed in the hope that it will be useful, but | |
27250 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
27251 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
27252 | + * License for more details. | |
27253 | + * | |
27254 | + * RCSID $Id$ | |
27255 | + */ | |
27256 | +#include "internal.h" | |
27257 | +#include "freeswan.h" | |
27258 | + | |
27259 | +static struct typename { | |
27260 | + char type; | |
27261 | + char *name; | |
27262 | +} typenames[] = { | |
27263 | + { SA_AH, "ah" }, | |
27264 | + { SA_ESP, "esp" }, | |
27265 | + { SA_IPIP, "tun" }, | |
27266 | + { SA_COMP, "comp" }, | |
27267 | + { 0, NULL } | |
27268 | +}; | |
27269 | + | |
27270 | +/* | |
27271 | + - satoa - convert SA to ASCII "ah507@1.2.3.4" | |
27272 | + */ | |
27273 | +size_t /* space needed for full conversion */ | |
27274 | +satoa(sa, format, dst, dstlen) | |
27275 | +struct sa_id sa; | |
27276 | +int format; /* character */ | |
27277 | +char *dst; /* need not be valid if dstlen is 0 */ | |
27278 | +size_t dstlen; | |
27279 | +{ | |
27280 | + size_t len; | |
27281 | + int base; | |
27282 | + struct typename *tn; | |
27283 | + char buf[30+ADDRTOA_BUF]; | |
27284 | + | |
27285 | + switch (format) { | |
27286 | + case 0: | |
27287 | + base = 16; /* temporarily at least */ | |
27288 | + break; | |
27289 | + case 'd': | |
27290 | + base = 10; | |
27291 | + break; | |
27292 | + default: | |
27293 | + return 0; | |
27294 | + break; | |
27295 | + } | |
27296 | + | |
27297 | + for (tn = typenames; tn->name != NULL; tn++) | |
27298 | + if (sa.proto == tn->type) | |
27299 | + break; | |
27300 | + if (tn->name == NULL) | |
27301 | + return 0; | |
27302 | + | |
27303 | + if (strcmp(tn->name, PASSTHROUGHTYPE) == 0 && | |
27304 | + sa.spi == PASSTHROUGHSPI && | |
27305 | + sa.dst.s_addr == PASSTHROUGHDST) { | |
27306 | + strcpy(buf, PASSTHROUGHNAME); | |
27307 | + len = strlen(buf); | |
27308 | + } else { | |
27309 | + strcpy(buf, tn->name); | |
27310 | + len = strlen(buf); | |
27311 | + len += ultoa(ntohl(sa.spi), base, buf+len, sizeof(buf)-len); | |
27312 | + *(buf+len-1) = '@'; | |
27313 | + len += addrtoa(sa.dst, 0, buf+len, sizeof(buf)-len); | |
27314 | + } | |
27315 | + | |
27316 | + if (dst != NULL) { | |
27317 | + if (len > dstlen) | |
27318 | + *(buf+dstlen-1) = '\0'; | |
27319 | + strcpy(dst, buf); | |
27320 | + } | |
27321 | + return len; | |
27322 | +} | |
27323 | diff -druN linux-noipsec/net/ipsec/libfreeswan/satot.c linux/net/ipsec/libfreeswan/satot.c | |
27324 | --- linux-noipsec/net/ipsec/libfreeswan/satot.c Thu Jan 1 01:00:00 1970 | |
27325 | +++ linux/net/ipsec/libfreeswan/satot.c Fri Sep 15 19:02:52 2000 | |
27326 | @@ -0,0 +1,102 @@ | |
27327 | +/* | |
27328 | + * convert from binary form of SA ID to text | |
27329 | + * Copyright (C) 2000 Henry Spencer. | |
27330 | + * | |
27331 | + * This library is free software; you can redistribute it and/or modify it | |
27332 | + * under the terms of the GNU Library General Public License as published by | |
27333 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
27334 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
27335 | + * | |
27336 | + * This library is distributed in the hope that it will be useful, but | |
27337 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
27338 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
27339 | + * License for more details. | |
27340 | + * | |
27341 | + * RCSID $Id$ | |
27342 | + */ | |
27343 | +#include "internal.h" | |
27344 | +#include "freeswan.h" | |
27345 | + | |
27346 | +static struct typename { | |
27347 | + char type; | |
27348 | + char *name; | |
27349 | +} typenames[] = { | |
27350 | + { SA_AH, "ah" }, | |
27351 | + { SA_ESP, "esp" }, | |
27352 | + { SA_IPIP, "tun" }, | |
27353 | + { SA_COMP, "comp" }, | |
27354 | + { 0, NULL } | |
27355 | +}; | |
27356 | + | |
27357 | +/* | |
27358 | + - satot - convert SA to text "ah507@1.2.3.4" | |
27359 | + */ | |
27360 | +size_t /* space needed for full conversion */ | |
27361 | +satot(sa, format, dst, dstlen) | |
27362 | +const ip_said *sa; | |
27363 | +int format; /* character */ | |
27364 | +char *dst; /* need not be valid if dstlen is 0 */ | |
27365 | +size_t dstlen; | |
27366 | +{ | |
27367 | + size_t len; | |
27368 | + int base; | |
27369 | + int showversion; /* use delimiter to show IP version? */ | |
27370 | + struct typename *tn; | |
27371 | + char buf[3+1+ULTOT_BUF+ADDRTOT_BUF]; | |
27372 | + | |
27373 | + switch (format) { | |
27374 | + case 0: | |
27375 | + base = 16; | |
27376 | + showversion = 1; | |
27377 | + break; | |
27378 | + case 'f': | |
27379 | + base = 17; | |
27380 | + showversion = 1; | |
27381 | + break; | |
27382 | + case 'x': | |
27383 | + base = 'x'; | |
27384 | + showversion = 0; | |
27385 | + break; | |
27386 | + case 'd': | |
27387 | + base = 10; | |
27388 | + showversion = 0; | |
27389 | + break; | |
27390 | + default: | |
27391 | + return 0; | |
27392 | + break; | |
27393 | + } | |
27394 | + | |
27395 | + for (tn = typenames; tn->name != NULL; tn++) | |
27396 | + if (sa->proto == tn->type) | |
27397 | + break; | |
27398 | + if (tn->name == NULL) | |
27399 | + return 0; | |
27400 | + | |
27401 | + if (strcmp(tn->name, PASSTHROUGHTYPE) == 0 && | |
27402 | + sa->spi == PASSTHROUGHSPI && | |
27403 | + isunspecaddr(&sa->dst)) { | |
27404 | + strcpy(buf, (addrtypeof(&sa->dst) == AF_INET) ? | |
27405 | + PASSTHROUGH4NAME : | |
27406 | + PASSTHROUGH6NAME); | |
27407 | + len = strlen(buf); | |
27408 | + } else { | |
27409 | + strcpy(buf, tn->name); | |
27410 | + len = strlen(buf); | |
27411 | + if (showversion) { | |
27412 | + *(buf+len) = (addrtypeof(&sa->dst) == AF_INET) ? '.' : | |
27413 | + ':'; | |
27414 | + len++; | |
27415 | + *(buf+len) = '\0'; | |
27416 | + } | |
27417 | + len += ultot(ntohl(sa->spi), base, buf+len, sizeof(buf)-len); | |
27418 | + *(buf+len-1) = '@'; | |
27419 | + len += addrtot(&sa->dst, 0, buf+len, sizeof(buf)-len); | |
27420 | + } | |
27421 | + | |
27422 | + if (dst != NULL) { | |
27423 | + if (len > dstlen) | |
27424 | + *(buf+dstlen-1) = '\0'; | |
27425 | + strcpy(dst, buf); | |
27426 | + } | |
27427 | + return len; | |
27428 | +} | |
27429 | diff -druN linux-noipsec/net/ipsec/libfreeswan/subnetof.c linux/net/ipsec/libfreeswan/subnetof.c | |
27430 | --- linux-noipsec/net/ipsec/libfreeswan/subnetof.c Thu Jan 1 01:00:00 1970 | |
27431 | +++ linux/net/ipsec/libfreeswan/subnetof.c Sun Apr 11 01:24:22 1999 | |
27432 | @@ -0,0 +1,60 @@ | |
27433 | +/* | |
27434 | + * minor network-address manipulation utilities | |
27435 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
27436 | + * | |
27437 | + * This library is free software; you can redistribute it and/or modify it | |
27438 | + * under the terms of the GNU Library General Public License as published by | |
27439 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
27440 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
27441 | + * | |
27442 | + * This library is distributed in the hope that it will be useful, but | |
27443 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
27444 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
27445 | + * License for more details. | |
27446 | + * | |
27447 | + * RCSID $Id$ | |
27448 | + */ | |
27449 | +#include "internal.h" | |
27450 | +#include "freeswan.h" | |
27451 | + | |
27452 | +/* | |
27453 | + - subnetof - given address and mask, return subnet part | |
27454 | + */ | |
27455 | +struct in_addr | |
27456 | +subnetof(addr, mask) | |
27457 | +struct in_addr addr; | |
27458 | +struct in_addr mask; | |
27459 | +{ | |
27460 | + struct in_addr result; | |
27461 | + | |
27462 | + result.s_addr = addr.s_addr & mask.s_addr; | |
27463 | + return result; | |
27464 | +} | |
27465 | + | |
27466 | +/* | |
27467 | + - hostof - given address and mask, return host part | |
27468 | + */ | |
27469 | +struct in_addr | |
27470 | +hostof(addr, mask) | |
27471 | +struct in_addr addr; | |
27472 | +struct in_addr mask; | |
27473 | +{ | |
27474 | + struct in_addr result; | |
27475 | + | |
27476 | + result.s_addr = addr.s_addr & ~mask.s_addr; | |
27477 | + return result; | |
27478 | +} | |
27479 | + | |
27480 | +/* | |
27481 | + - broadcastof - given (network) address and mask, return broadcast address | |
27482 | + */ | |
27483 | +struct in_addr | |
27484 | +broadcastof(addr, mask) | |
27485 | +struct in_addr addr; | |
27486 | +struct in_addr mask; | |
27487 | +{ | |
27488 | + struct in_addr result; | |
27489 | + | |
27490 | + result.s_addr = addr.s_addr | ~mask.s_addr; | |
27491 | + return result; | |
27492 | +} | |
27493 | diff -druN linux-noipsec/net/ipsec/libfreeswan/subnettoa.c linux/net/ipsec/libfreeswan/subnettoa.c | |
27494 | --- linux-noipsec/net/ipsec/libfreeswan/subnettoa.c Thu Jan 1 01:00:00 1970 | |
27495 | +++ linux/net/ipsec/libfreeswan/subnettoa.c Sun Apr 11 01:24:22 1999 | |
27496 | @@ -0,0 +1,62 @@ | |
27497 | +/* | |
27498 | + * convert binary form of subnet description to ASCII | |
27499 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
27500 | + * | |
27501 | + * This library is free software; you can redistribute it and/or modify it | |
27502 | + * under the terms of the GNU Library General Public License as published by | |
27503 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
27504 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
27505 | + * | |
27506 | + * This library is distributed in the hope that it will be useful, but | |
27507 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
27508 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
27509 | + * License for more details. | |
27510 | + * | |
27511 | + * RCSID $Id$ | |
27512 | + */ | |
27513 | +#include "internal.h" | |
27514 | +#include "freeswan.h" | |
27515 | + | |
27516 | +/* | |
27517 | + - subnettoa - convert address and mask to ASCII "addr/mask" | |
27518 | + * Output expresses the mask as a bit count if possible, else dotted decimal. | |
27519 | + */ | |
27520 | +size_t /* space needed for full conversion */ | |
27521 | +subnettoa(addr, mask, format, dst, dstlen) | |
27522 | +struct in_addr addr; | |
27523 | +struct in_addr mask; | |
27524 | +int format; /* character */ | |
27525 | +char *dst; /* need not be valid if dstlen is 0 */ | |
27526 | +size_t dstlen; | |
27527 | +{ | |
27528 | + size_t len; | |
27529 | + size_t rest; | |
27530 | + int n; | |
27531 | + char *p; | |
27532 | + | |
27533 | + switch (format) { | |
27534 | + case 0: | |
27535 | + break; | |
27536 | + default: | |
27537 | + return 0; | |
27538 | + break; | |
27539 | + } | |
27540 | + | |
27541 | + len = addrtoa(addr, 0, dst, dstlen); | |
27542 | + if (len < dstlen) { | |
27543 | + dst[len - 1] = '/'; | |
27544 | + p = dst + len; | |
27545 | + rest = dstlen - len; | |
27546 | + } else { | |
27547 | + p = NULL; | |
27548 | + rest = 0; | |
27549 | + } | |
27550 | + | |
27551 | + n = masktobits(mask); | |
27552 | + if (n >= 0) | |
27553 | + len += ultoa((unsigned long)n, 10, p, rest); | |
27554 | + else | |
27555 | + len += addrtoa(mask, 0, p, rest); | |
27556 | + | |
27557 | + return len; | |
27558 | +} | |
27559 | diff -druN linux-noipsec/net/ipsec/libfreeswan/subnettot.c linux/net/ipsec/libfreeswan/subnettot.c | |
27560 | --- linux-noipsec/net/ipsec/libfreeswan/subnettot.c Thu Jan 1 01:00:00 1970 | |
27561 | +++ linux/net/ipsec/libfreeswan/subnettot.c Fri Sep 8 20:03:45 2000 | |
27562 | @@ -0,0 +1,56 @@ | |
27563 | +/* | |
27564 | + * convert binary form of subnet description to text | |
27565 | + * Copyright (C) 2000 Henry Spencer. | |
27566 | + * | |
27567 | + * This library is free software; you can redistribute it and/or modify it | |
27568 | + * under the terms of the GNU Library General Public License as published by | |
27569 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
27570 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
27571 | + * | |
27572 | + * This library is distributed in the hope that it will be useful, but | |
27573 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
27574 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
27575 | + * License for more details. | |
27576 | + * | |
27577 | + * RCSID $Id$ | |
27578 | + */ | |
27579 | +#include "internal.h" | |
27580 | +#include "freeswan.h" | |
27581 | + | |
27582 | +/* | |
27583 | + - subnettot - convert subnet to text "addr/bitcount" | |
27584 | + */ | |
27585 | +size_t /* space needed for full conversion */ | |
27586 | +subnettot(sub, format, dst, dstlen) | |
27587 | +const ip_subnet *sub; | |
27588 | +int format; /* character */ | |
27589 | +char *dst; /* need not be valid if dstlen is 0 */ | |
27590 | +size_t dstlen; | |
27591 | +{ | |
27592 | + size_t len; | |
27593 | + size_t rest; | |
27594 | + char *p; | |
27595 | + | |
27596 | + switch (format) { | |
27597 | + case 0: | |
27598 | + break; | |
27599 | + default: | |
27600 | + return 0; | |
27601 | + break; | |
27602 | + } | |
27603 | + | |
27604 | + len = addrtot(&sub->addr, format, dst, dstlen); | |
27605 | + if (len < dstlen) { | |
27606 | + dst[len - 1] = '/'; | |
27607 | + p = dst + len; | |
27608 | + rest = dstlen - len; | |
27609 | + } else { | |
27610 | + p = NULL; | |
27611 | + rest = 0; | |
27612 | + } | |
27613 | + | |
27614 | + | |
27615 | + len += ultoa((unsigned long)sub->maskbits, 10, p, rest); | |
27616 | + | |
27617 | + return len; | |
27618 | +} | |
27619 | diff -druN linux-noipsec/net/ipsec/libfreeswan/subnettypeof.c linux/net/ipsec/libfreeswan/subnettypeof.c | |
27620 | --- linux-noipsec/net/ipsec/libfreeswan/subnettypeof.c Thu Jan 1 01:00:00 1970 | |
27621 | +++ linux/net/ipsec/libfreeswan/subnettypeof.c Fri Sep 8 20:03:45 2000 | |
27622 | @@ -0,0 +1,109 @@ | |
27623 | +/* | |
27624 | + * extract parts of an ip_subnet, and related | |
27625 | + * Copyright (C) 2000 Henry Spencer. | |
27626 | + * | |
27627 | + * This library is free software; you can redistribute it and/or modify it | |
27628 | + * under the terms of the GNU Library General Public License as published by | |
27629 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
27630 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
27631 | + * | |
27632 | + * This library is distributed in the hope that it will be useful, but | |
27633 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
27634 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
27635 | + * License for more details. | |
27636 | + * | |
27637 | + * RCSID $Id$ | |
27638 | + */ | |
27639 | +#include "internal.h" | |
27640 | +#include "freeswan.h" | |
27641 | + | |
27642 | +/* | |
27643 | + - subnettypeof - get the address type of an ip_subnet | |
27644 | + */ | |
27645 | +int | |
27646 | +subnettypeof(src) | |
27647 | +const ip_subnet *src; | |
27648 | +{ | |
27649 | + return src->addr.u.v4.sin_family; | |
27650 | +} | |
27651 | + | |
27652 | +/* | |
27653 | + - networkof - get the network address of a subnet | |
27654 | + */ | |
27655 | +void | |
27656 | +networkof(src, dst) | |
27657 | +const ip_subnet *src; | |
27658 | +ip_address *dst; | |
27659 | +{ | |
27660 | + *dst = src->addr; | |
27661 | +} | |
27662 | + | |
27663 | +/* | |
27664 | + - maskof - get the mask of a subnet, as an address | |
27665 | + */ | |
27666 | +void | |
27667 | +maskof(src, dst) | |
27668 | +const ip_subnet *src; | |
27669 | +ip_address *dst; | |
27670 | +{ | |
27671 | + int b; | |
27672 | + unsigned char buf[16]; | |
27673 | + size_t n = addrlenof(&src->addr); | |
27674 | + unsigned char *p; | |
27675 | + | |
27676 | + if (src->maskbits > n*8 || n > sizeof(buf)) | |
27677 | + return; /* "can't happen" */ | |
27678 | + | |
27679 | + p = buf; | |
27680 | + for (b = src->maskbits; b >= 8; b -= 8) | |
27681 | + *p++ = 0xff; | |
27682 | + if (b != 0) | |
27683 | + *p++ = (0xff << (8 - b)) & 0xff; | |
27684 | + while (p - buf < n) | |
27685 | + *p++ = 0; | |
27686 | + | |
27687 | + (void) initaddr(buf, n, addrtypeof(&src->addr), dst); | |
27688 | +} | |
27689 | + | |
27690 | +/* | |
27691 | + - masktocount - convert a mask, expressed as an address, to a bit count | |
27692 | + */ | |
27693 | +int /* -1 if not valid mask */ | |
27694 | +masktocount(src) | |
27695 | +const ip_address *src; | |
27696 | +{ | |
27697 | + int b; | |
27698 | + unsigned const char *bp; | |
27699 | + size_t n; | |
27700 | + unsigned const char *p; | |
27701 | + unsigned const char *stop; | |
27702 | + | |
27703 | + n = addrbytesptr(src, &bp); | |
27704 | + if (n == 0) | |
27705 | + return -1; | |
27706 | + | |
27707 | + p = bp; | |
27708 | + stop = bp + n; | |
27709 | + | |
27710 | + n = 0; | |
27711 | + while (p < stop && *p == 0xff) { | |
27712 | + p++; | |
27713 | + n += 8; | |
27714 | + } | |
27715 | + if (p < stop && *p != 0) { /* boundary in mid-byte */ | |
27716 | + b = *p++; | |
27717 | + while (b&0x80) { | |
27718 | + b <<= 1; | |
27719 | + n++; | |
27720 | + } | |
27721 | + if ((b&0xff) != 0) | |
27722 | + return -1; /* bits not contiguous */ | |
27723 | + } | |
27724 | + while (p < stop && *p == 0) | |
27725 | + p++; | |
27726 | + | |
27727 | + if (p != stop) | |
27728 | + return -1; | |
27729 | + | |
27730 | + return n; | |
27731 | +} | |
27732 | diff -druN linux-noipsec/net/ipsec/libfreeswan/ttoaddr.c linux/net/ipsec/libfreeswan/ttoaddr.c | |
27733 | --- linux-noipsec/net/ipsec/libfreeswan/ttoaddr.c Thu Jan 1 01:00:00 1970 | |
27734 | +++ linux/net/ipsec/libfreeswan/ttoaddr.c Mon Oct 2 23:57:20 2000 | |
27735 | @@ -0,0 +1,397 @@ | |
27736 | +/* | |
27737 | + * conversion from text forms of addresses to internal ones | |
27738 | + * Copyright (C) 2000 Henry Spencer. | |
27739 | + * | |
27740 | + * This library is free software; you can redistribute it and/or modify it | |
27741 | + * under the terms of the GNU Library General Public License as published by | |
27742 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
27743 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
27744 | + * | |
27745 | + * This library is distributed in the hope that it will be useful, but | |
27746 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
27747 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
27748 | + * License for more details. | |
27749 | + * | |
27750 | + * RCSID $Id$ | |
27751 | + */ | |
27752 | +#include "internal.h" | |
27753 | +#include "freeswan.h" | |
27754 | + | |
27755 | +/* | |
27756 | + * Legal ASCII characters in a domain name. Underscore technically is not, | |
27757 | + * but is a common misunderstanding. Non-ASCII characters are simply | |
27758 | + * exempted from checking at the moment, to allow for UTF-8 encoded stuff; | |
27759 | + * the purpose of this check is merely to catch blatant errors. | |
27760 | + */ | |
27761 | +static const char namechars[] = "abcdefghijklmnopqrstuvwxyz0123456789" | |
27762 | + "ABCDEFGHIJKLMNOPQRSTUVWXYZ-_."; | |
27763 | +#define ISASCII(c) (((c) & 0x80) == 0) | |
27764 | + | |
27765 | +static err_t tryname(const char *, size_t, int, int, ip_address *); | |
27766 | +static err_t tryhex(const char *, size_t, int, ip_address *); | |
27767 | +static err_t trydotted(const char *, size_t, ip_address *); | |
27768 | +static err_t getbyte(const char **, const char *, int *); | |
27769 | +static err_t colon(const char *, size_t, ip_address *); | |
27770 | +static err_t getpiece(const char **, const char *, unsigned *); | |
27771 | + | |
27772 | +/* | |
27773 | + - ttoaddr - convert text name or dotted-decimal address to binary address | |
27774 | + */ | |
27775 | +err_t /* NULL for success, else string literal */ | |
27776 | +ttoaddr(src, srclen, af, dst) | |
27777 | +const char *src; | |
27778 | +size_t srclen; /* 0 means "apply strlen" */ | |
27779 | +int af; /* address family */ | |
27780 | +ip_address *dst; | |
27781 | +{ | |
27782 | + err_t oops; | |
27783 | +# define HEXLEN 10 /* strlen("0x11223344") */ | |
27784 | + int nultermd; | |
27785 | + | |
27786 | + if (srclen == 0) { | |
27787 | + srclen = strlen(src); | |
27788 | + if (srclen == 0) | |
27789 | + return "empty string"; | |
27790 | + nultermd = 1; | |
27791 | + } else | |
27792 | + nultermd = 0; /* at least, not *known* to be terminated */ | |
27793 | + | |
27794 | + if (af == AF_INET && srclen == HEXLEN && *src == '0') { | |
27795 | + if (*(src+1) == 'x' || *(src+1) == 'X') | |
27796 | + return tryhex(src+2, srclen-2, 'x', dst); | |
27797 | + if (*(src+1) == 'h' || *(src+1) == 'H') | |
27798 | + return tryhex(src+2, srclen-2, 'h', dst); | |
27799 | + } | |
27800 | + | |
27801 | + if (memchr(src, ':', srclen) != NULL) { | |
27802 | + if (af != AF_INET6) | |
27803 | + return "non-ipv6 address may not contain `:'"; | |
27804 | + return colon(src, srclen, dst); | |
27805 | + } | |
27806 | + | |
27807 | + if (af == AF_INET) { | |
27808 | + oops = trydotted(src, srclen, dst); | |
27809 | + if (oops == NULL) | |
27810 | + return NULL; /* it worked */ | |
27811 | + if (*oops != '?') | |
27812 | + return oops; /* probably meant as d-d */ | |
27813 | + } | |
27814 | + | |
27815 | + return tryname(src, srclen, nultermd, af, dst); | |
27816 | +} | |
27817 | + | |
27818 | +/* | |
27819 | + - tnatoaddr - convert text numeric address (only) to binary address | |
27820 | + */ | |
27821 | +err_t /* NULL for success, else string literal */ | |
27822 | +tnatoaddr(src, srclen, af, dst) | |
27823 | +const char *src; | |
27824 | +size_t srclen; /* 0 means "apply strlen" */ | |
27825 | +int af; /* address family */ | |
27826 | +ip_address *dst; | |
27827 | +{ | |
27828 | + err_t oops; | |
27829 | + | |
27830 | + if (srclen == 0) { | |
27831 | + srclen = strlen(src); | |
27832 | + if (srclen == 0) | |
27833 | + return "empty string"; | |
27834 | + } | |
27835 | + | |
27836 | + switch (af) { | |
27837 | + case AF_INET6: | |
27838 | + return colon(src, srclen, dst); | |
27839 | + break; | |
27840 | + case AF_INET: | |
27841 | + oops = trydotted(src, srclen, dst); | |
27842 | + if (oops == NULL) | |
27843 | + return NULL; /* it worked */ | |
27844 | + if (*oops != '?') | |
27845 | + return oops; /* probably meant as d-d */ | |
27846 | + return "does not appear to be numeric address"; | |
27847 | + break; | |
27848 | + default: | |
27849 | + return "unknown address family in tnatoaddr"; | |
27850 | + break; | |
27851 | + } | |
27852 | +} | |
27853 | + | |
27854 | +/* | |
27855 | + - tryname - try it as a name | |
27856 | + * Slightly complicated by lack of reliable NUL termination in source. | |
27857 | + */ | |
27858 | +static err_t | |
27859 | +tryname(src, srclen, nultermd, af, dst) | |
27860 | +const char *src; | |
27861 | +size_t srclen; | |
27862 | +int nultermd; /* is it known to be NUL-terminated? */ | |
27863 | +int af; | |
27864 | +ip_address *dst; | |
27865 | +{ | |
27866 | + struct hostent *h; | |
27867 | + struct netent *ne = NULL; | |
27868 | + char namebuf[100]; /* enough for most DNS names */ | |
27869 | + const char *cp; | |
27870 | + char *p = namebuf; | |
27871 | + size_t n; | |
27872 | + | |
27873 | + for (cp = src, n = srclen; n > 0; cp++, n--) | |
27874 | + if (ISASCII(*cp) && strchr(namechars, *cp) == NULL) | |
27875 | + return "illegal (non-DNS-name) character in name"; | |
27876 | + | |
27877 | + if (nultermd) | |
27878 | + cp = src; | |
27879 | + else { | |
27880 | + if (srclen+1 > sizeof(namebuf)) { | |
27881 | + p = (char *) MALLOC(srclen+1); | |
27882 | + if (p == NULL) | |
27883 | + return "unable to get temporary space for name"; | |
27884 | + } | |
27885 | + p[0] = '\0'; /* strncpy semantics are wrong */ | |
27886 | + strncat(p, src, srclen); | |
27887 | + cp = (const char *)p; | |
27888 | + } | |
27889 | + | |
27890 | + h = gethostbyname2(cp, af); | |
27891 | + if (h == NULL && af == AF_INET) | |
27892 | + ne = getnetbyname(cp); | |
27893 | + if (p != namebuf) | |
27894 | + FREE(p); | |
27895 | + if (h == NULL && ne == NULL) | |
27896 | + return "does not look numeric and name lookup failed"; | |
27897 | + | |
27898 | + if (h != NULL) { | |
27899 | + if (h->h_addrtype != af) | |
27900 | + return "address-type mismatch from gethostbyname2!!!"; | |
27901 | + return initaddr((unsigned char *)h->h_addr, h->h_length, af, dst); | |
27902 | + } else { | |
27903 | + if (ne->n_addrtype != af) | |
27904 | + return "address-type mismatch from getnetbyname!!!"; | |
27905 | + ne->n_net = htonl(ne->n_net); | |
27906 | + return initaddr((unsigned char *)&ne->n_net, sizeof(ne->n_net), | |
27907 | + af, dst); | |
27908 | + } | |
27909 | +} | |
27910 | + | |
27911 | +/* | |
27912 | + - tryhex - try conversion as an eight-digit hex number (AF_INET only) | |
27913 | + */ | |
27914 | +static err_t | |
27915 | +tryhex(src, srclen, flavor, dst) | |
27916 | +const char *src; | |
27917 | +size_t srclen; /* should be 8 */ | |
27918 | +int flavor; /* 'x' for network order, 'h' for host order */ | |
27919 | +ip_address *dst; | |
27920 | +{ | |
27921 | + err_t oops; | |
27922 | + unsigned long ul; | |
27923 | + union { | |
27924 | + uint32_t addr; | |
27925 | + unsigned char buf[4]; | |
27926 | + } u; | |
27927 | + | |
27928 | + if (srclen != 8) | |
27929 | + return "internal error, tryhex called with bad length"; | |
27930 | + | |
27931 | + oops = ttoul(src, srclen, 16, &ul); | |
27932 | + if (oops != NULL) | |
27933 | + return oops; | |
27934 | + | |
27935 | + u.addr = (flavor == 'h') ? ul : htonl(ul); | |
27936 | + return initaddr(u.buf, sizeof(u.buf), AF_INET, dst); | |
27937 | +} | |
27938 | + | |
27939 | +/* | |
27940 | + - trydotted - try conversion as dotted decimal (AF_INET only) | |
27941 | + * | |
27942 | + * If the first char of a complaint is '?', that means "didn't look like | |
27943 | + * dotted decimal at all". | |
27944 | + */ | |
27945 | +static err_t | |
27946 | +trydotted(src, srclen, dst) | |
27947 | +const char *src; | |
27948 | +size_t srclen; | |
27949 | +ip_address *dst; | |
27950 | +{ | |
27951 | + const char *stop = src + srclen; /* just past end */ | |
27952 | + int byte; | |
27953 | + err_t oops; | |
27954 | +# define NBYTES 4 | |
27955 | + unsigned char buf[NBYTES]; | |
27956 | + int i; | |
27957 | + | |
27958 | + memset(buf, 0, sizeof(buf)); | |
27959 | + for (i = 0; i < NBYTES && src < stop; i++) { | |
27960 | + oops = getbyte(&src, stop, &byte); | |
27961 | + if (oops != NULL) { | |
27962 | + if (*oops != '?') | |
27963 | + return oops; /* bad number */ | |
27964 | + if (i > 1) | |
27965 | + return oops+1; /* failed number */ | |
27966 | + return oops; /* with leading '?' */ | |
27967 | + } | |
27968 | + buf[i] = byte; | |
27969 | + if (i < 3 && src < stop && *src++ != '.') { | |
27970 | + if (i == 0) | |
27971 | + return "?syntax error in dotted-decimal address"; | |
27972 | + else | |
27973 | + return "syntax error in dotted-decimal address"; | |
27974 | + } | |
27975 | + } | |
27976 | + if (src != stop) | |
27977 | + return "extra garbage on end of dotted-decimal address"; | |
27978 | + | |
27979 | + return initaddr(buf, sizeof(buf), AF_INET, dst); | |
27980 | +} | |
27981 | + | |
27982 | +/* | |
27983 | + - getbyte - try to scan a byte in dotted decimal | |
27984 | + * A subtlety here is that all this arithmetic on ASCII digits really is | |
27985 | + * highly portable -- ANSI C guarantees that digits 0-9 are contiguous. | |
27986 | + * It's easier to just do it ourselves than set up for a call to ttoul(). | |
27987 | + * | |
27988 | + * If the first char of a complaint is '?', that means "didn't look like a | |
27989 | + * number at all". | |
27990 | + */ | |
27991 | +err_t | |
27992 | +getbyte(srcp, stop, retp) | |
27993 | +const char **srcp; /* *srcp is updated */ | |
27994 | +const char *stop; /* first untouchable char */ | |
27995 | +int *retp; /* return-value pointer */ | |
27996 | +{ | |
27997 | + char c; | |
27998 | + const char *p; | |
27999 | + int no; | |
28000 | + | |
28001 | + if (*srcp >= stop) | |
28002 | + return "?empty number in dotted-decimal address"; | |
28003 | + | |
28004 | + no = 0; | |
28005 | + p = *srcp; | |
28006 | + while (p < stop && no <= 255 && (c = *p) >= '0' && c <= '9') { | |
28007 | + no = no*10 + (c - '0'); | |
28008 | + p++; | |
28009 | + } | |
28010 | + if (p == *srcp) | |
28011 | + return "?non-numeric component in dotted-decimal address"; | |
28012 | + *srcp = p; | |
28013 | + if (no > 255) | |
28014 | + return "byte overflow in dotted-decimal address"; | |
28015 | + *retp = no; | |
28016 | + return NULL; | |
28017 | +} | |
28018 | + | |
28019 | +/* | |
28020 | + - colon - convert IPv6 "numeric" address | |
28021 | + */ | |
28022 | +static err_t | |
28023 | +colon(src, srclen, dst) | |
28024 | +const char *src; | |
28025 | +size_t srclen; /* known to be >0 */ | |
28026 | +ip_address *dst; | |
28027 | +{ | |
28028 | + const char *stop = src + srclen; /* just past end */ | |
28029 | + unsigned piece; | |
28030 | + int gapat; /* where was empty piece seen */ | |
28031 | + err_t oops; | |
28032 | +# define NPIECES 8 | |
28033 | + unsigned char buf[NPIECES*2]; /* short may have wrong byte order */ | |
28034 | + int i; | |
28035 | + int j; | |
28036 | +# define IT "IPv6 numeric address" | |
28037 | + int naftergap; | |
28038 | + | |
28039 | + /* leading or trailing :: becomes single empty field */ | |
28040 | + if (*src == ':') { /* legal only if leading :: */ | |
28041 | + if (srclen == 1 || *(src+1) != ':') | |
28042 | + return "illegal leading `:' in " IT; | |
28043 | + if (srclen == 2) { | |
28044 | + unspecaddr(AF_INET6, dst); | |
28045 | + return NULL; | |
28046 | + } | |
28047 | + src++; /* past first but not second */ | |
28048 | + srclen--; | |
28049 | + } | |
28050 | + if (*(stop-1) == ':') { /* legal only if trailing :: */ | |
28051 | + if (srclen == 1 || *(stop-2) != ':') | |
28052 | + return "illegal trailing `:' in " IT; | |
28053 | + srclen--; /* leave one */ | |
28054 | + } | |
28055 | + | |
28056 | + gapat = -1; | |
28057 | + for (i = 0; i < NPIECES && src < stop; i++) { | |
28058 | + oops = getpiece(&src, stop, &piece); | |
28059 | + if (oops != NULL && *oops == ':') { /* empty field */ | |
28060 | + if (gapat >= 0) | |
28061 | + return "more than one :: in " IT; | |
28062 | + gapat = i; | |
28063 | + } else if (oops != NULL) | |
28064 | + return oops; | |
28065 | + buf[2*i] = piece >> 8; | |
28066 | + buf[2*i + 1] = piece & 0xff; | |
28067 | + if (i < NPIECES-1) { /* there should be more input */ | |
28068 | + if (src == stop && gapat < 0) | |
28069 | + return IT " ends prematurely"; | |
28070 | + if (src != stop && *src++ != ':') | |
28071 | + return "syntax error in " IT; | |
28072 | + } | |
28073 | + } | |
28074 | + if (src != stop) | |
28075 | + return "extra garbage on end of " IT; | |
28076 | + | |
28077 | + if (gapat < 0 && i < NPIECES) /* should have been caught earlier */ | |
28078 | + return "incomplete " IT " (internal error)"; | |
28079 | + if (gapat >= 0 && i == NPIECES) | |
28080 | + return "non-abbreviating empty field in " IT; | |
28081 | + if (gapat >= 0) { | |
28082 | + naftergap = i - (gapat + 1); | |
28083 | + for (i--, j = NPIECES-1; naftergap > 0; i--, j--, naftergap--) { | |
28084 | + buf[2*j] = buf[2*i]; | |
28085 | + buf[2*j + 1] = buf[2*i + 1]; | |
28086 | + } | |
28087 | + for (; j >= gapat; j--) | |
28088 | + buf[2*j] = buf[2*j + 1] = 0; | |
28089 | + } | |
28090 | + | |
28091 | + return initaddr(buf, sizeof(buf), AF_INET6, dst); | |
28092 | +} | |
28093 | + | |
28094 | +/* | |
28095 | + - getpiece - try to scan one 16-bit piece of an IPv6 address | |
28096 | + */ | |
28097 | +err_t /* ":" means "empty field seen" */ | |
28098 | +getpiece(srcp, stop, retp) | |
28099 | +const char **srcp; /* *srcp is updated */ | |
28100 | +const char *stop; /* first untouchable char */ | |
28101 | +unsigned *retp; /* return-value pointer */ | |
28102 | +{ | |
28103 | + const char *p; | |
28104 | +# define NDIG 4 | |
28105 | + int d; | |
28106 | + unsigned long ret; | |
28107 | + err_t oops; | |
28108 | + | |
28109 | + if (*srcp >= stop || **srcp == ':') { /* empty field */ | |
28110 | + *retp = 0; | |
28111 | + return ":"; | |
28112 | + } | |
28113 | + | |
28114 | + p = *srcp; | |
28115 | + d = 0; | |
28116 | + while (p < stop && d < NDIG && isxdigit(*p)) { | |
28117 | + p++; | |
28118 | + d++; | |
28119 | + } | |
28120 | + if (d == 0) | |
28121 | + return "non-hex field in IPv6 numeric address"; | |
28122 | + if (p < stop && d == NDIG && isxdigit(*p)) | |
28123 | + return "field in IPv6 numeric address longer than 4 hex digits"; | |
28124 | + | |
28125 | + oops = ttoul(*srcp, d, 16, &ret); | |
28126 | + if (oops != NULL) /* shouldn't happen, really... */ | |
28127 | + return oops; | |
28128 | + | |
28129 | + *srcp = p; | |
28130 | + *retp = ret; | |
28131 | + return NULL; | |
28132 | +} | |
28133 | diff -druN linux-noipsec/net/ipsec/libfreeswan/ttodata.c linux/net/ipsec/libfreeswan/ttodata.c | |
28134 | --- linux-noipsec/net/ipsec/libfreeswan/ttodata.c Thu Jan 1 01:00:00 1970 | |
28135 | +++ linux/net/ipsec/libfreeswan/ttodata.c Fri Aug 18 17:09:07 2000 | |
28136 | @@ -0,0 +1,576 @@ | |
28137 | +/* | |
28138 | + * convert from text form of arbitrary data (e.g., keys) to binary | |
28139 | + * Copyright (C) 2000 Henry Spencer. | |
28140 | + * | |
28141 | + * This library is free software; you can redistribute it and/or modify it | |
28142 | + * under the terms of the GNU Library General Public License as published by | |
28143 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
28144 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
28145 | + * | |
28146 | + * This library is distributed in the hope that it will be useful, but | |
28147 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
28148 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
28149 | + * License for more details. | |
28150 | + * | |
28151 | + * RCSID $Id$ | |
28152 | + */ | |
28153 | +#include "internal.h" | |
28154 | +#include "freeswan.h" | |
28155 | + | |
28156 | +/* converters */ | |
28157 | +static int unhex(const char *, char *, size_t); | |
28158 | +static int unb64(const char *, char *, size_t); | |
28159 | +static int untext(const char *, char *, size_t); | |
28160 | + | |
28161 | +/* internal error codes for converters */ | |
28162 | +#define BADCHAR (-1) /* invalid character */ | |
28163 | +#define SHORT (-2) /* string ended prematurely */ | |
28164 | +#define BADPAD (-3) /* bad base64 padding */ | |
28165 | + | |
28166 | +/* | |
28167 | + - ttodata - convert text to data | |
28168 | + * If some of this looks slightly odd, it's because it has changed | |
28169 | + * repeatedly (from the original atodata()) without a major rewrite. | |
28170 | + */ | |
28171 | +const char * /* NULL for success, else string literal */ | |
28172 | +ttodata(src, srclen, base, dst, dstlen, lenp) | |
28173 | +const char *src; | |
28174 | +size_t srclen; /* 0 means apply strlen() */ | |
28175 | +int base; /* 0 means figure it out */ | |
28176 | +char *dst; /* need not be valid if dstlen is 0 */ | |
28177 | +size_t dstlen; | |
28178 | +size_t *lenp; /* where to record length (NULL is nowhere) */ | |
28179 | +{ | |
28180 | + size_t ingroup; /* number of input bytes converted at once */ | |
28181 | + char buf[4]; /* output from conversion */ | |
28182 | + int nbytes; /* size of output */ | |
28183 | + int (*decode)(const char *, char *, size_t); | |
28184 | + char *stop; | |
28185 | + int ndone; | |
28186 | + int i; | |
28187 | + int underscoreok; | |
28188 | + | |
28189 | + if (srclen == 0) | |
28190 | + srclen = strlen(src); | |
28191 | + if (dstlen == 0) | |
28192 | + dst = buf; /* point it somewhere valid */ | |
28193 | + stop = dst + dstlen; | |
28194 | + | |
28195 | + if (base == 0) { | |
28196 | + if (srclen < 2) | |
28197 | + return "input too short to be valid"; | |
28198 | + if (*src++ != '0') | |
28199 | + return "input does not begin with format prefix"; | |
28200 | + switch (*src++) { | |
28201 | + case 'x': | |
28202 | + case 'X': | |
28203 | + base = 16; | |
28204 | + break; | |
28205 | + case 's': | |
28206 | + case 'S': | |
28207 | + base = 64; | |
28208 | + break; | |
28209 | + case 't': | |
28210 | + case 'T': | |
28211 | + base = 256; | |
28212 | + break; | |
28213 | + default: | |
28214 | + return "unknown format prefix"; | |
28215 | + break; | |
28216 | + } | |
28217 | + srclen -= 2; | |
28218 | + } | |
28219 | + switch (base) { | |
28220 | + case 16: | |
28221 | + ingroup = 2; | |
28222 | + decode = unhex; | |
28223 | + underscoreok = 1; | |
28224 | + break; | |
28225 | + case 64: | |
28226 | + ingroup = 4; | |
28227 | + decode = unb64; | |
28228 | + underscoreok = 0; | |
28229 | + break; | |
28230 | + case 256: | |
28231 | + ingroup = 1; | |
28232 | + decode = untext; | |
28233 | + underscoreok = 0; | |
28234 | + break; | |
28235 | + default: | |
28236 | + return "unknown base"; | |
28237 | + break; | |
28238 | + } | |
28239 | + | |
28240 | + /* proceed */ | |
28241 | + ndone = 0; | |
28242 | + while (srclen >= ingroup) { | |
28243 | + nbytes = (*decode)(src, buf, sizeof(buf)); | |
28244 | + switch (nbytes) { | |
28245 | + case BADCHAR: | |
28246 | + return "unknown character in input"; | |
28247 | + break; | |
28248 | + case SHORT: | |
28249 | + return "input ends prematurely, perhaps truncated"; | |
28250 | + break; | |
28251 | + case BADPAD: | |
28252 | + return "non-zero padding in base64 input"; | |
28253 | + break; | |
28254 | + } | |
28255 | + if (nbytes <= 0) | |
28256 | + return "unknown internal error"; | |
28257 | + for (i = 0; i < nbytes; i++) { | |
28258 | + if (dst < stop) | |
28259 | + *dst++ = buf[i]; | |
28260 | + ndone++; | |
28261 | + } | |
28262 | + src += ingroup; | |
28263 | + srclen -= ingroup; | |
28264 | + if (underscoreok && srclen > 1 && *src == '_') { | |
28265 | + /* srclen > 1 means not last character */ | |
28266 | + src++; | |
28267 | + srclen--; | |
28268 | + } | |
28269 | + } | |
28270 | + if (srclen != 0) | |
28271 | + return "input ends in mid-byte, perhaps truncated"; | |
28272 | + if (ndone == 0) | |
28273 | + return "no data bytes specified by input"; | |
28274 | + if (lenp != NULL) | |
28275 | + *lenp = ndone; | |
28276 | + return NULL; | |
28277 | +} | |
28278 | + | |
28279 | +/* | |
28280 | + - atodata - convert ASCII to data | |
28281 | + * backward-compatibility interface | |
28282 | + */ | |
28283 | +size_t /* 0 for failure, true length for success */ | |
28284 | +atodata(src, srclen, dst, dstlen) | |
28285 | +const char *src; | |
28286 | +size_t srclen; | |
28287 | +char *dst; | |
28288 | +size_t dstlen; | |
28289 | +{ | |
28290 | + size_t len; | |
28291 | + const char *err; | |
28292 | + | |
28293 | + err = ttodata(src, srclen, 0, dst, dstlen, &len); | |
28294 | + if (err != NULL) | |
28295 | + return 0; | |
28296 | + return len; | |
28297 | +} | |
28298 | + | |
28299 | +/* | |
28300 | + - atobytes - convert ASCII to data bytes | |
28301 | + * another backward-compatibility interface | |
28302 | + */ | |
28303 | +const char * | |
28304 | +atobytes(src, srclen, dst, dstlen, lenp) | |
28305 | +const char *src; | |
28306 | +size_t srclen; | |
28307 | +char *dst; | |
28308 | +size_t dstlen; | |
28309 | +size_t *lenp; | |
28310 | +{ | |
28311 | + return ttodata(src, srclen, 0, dst, dstlen, lenp); | |
28312 | +} | |
28313 | + | |
28314 | +/* | |
28315 | + - unhex - convert two ASCII hex digits to byte | |
28316 | + */ | |
28317 | +static int /* number of result bytes, or error code */ | |
28318 | +unhex(src, dst, dstlen) | |
28319 | +const char *src; /* known to be full length */ | |
28320 | +char *dst; | |
28321 | +size_t dstlen; /* not large enough is a failure */ | |
28322 | +{ | |
28323 | + char *p; | |
28324 | + unsigned byte; | |
28325 | + static char hex[] = "0123456789abcdef"; | |
28326 | + | |
28327 | + if (dstlen < 1) | |
28328 | + return SHORT; | |
28329 | + | |
28330 | + p = strchr(hex, *src); | |
28331 | + if (p == NULL) | |
28332 | + p = strchr(hex, tolower(*src)); | |
28333 | + if (p == NULL) | |
28334 | + return BADCHAR; | |
28335 | + byte = (p - hex) << 4; | |
28336 | + src++; | |
28337 | + | |
28338 | + p = strchr(hex, *src); | |
28339 | + if (p == NULL) | |
28340 | + p = strchr(hex, tolower(*src)); | |
28341 | + if (p == NULL) | |
28342 | + return BADCHAR; | |
28343 | + byte |= (p - hex); | |
28344 | + | |
28345 | + *dst = byte; | |
28346 | + return 1; | |
28347 | +} | |
28348 | + | |
28349 | +/* | |
28350 | + - unb64 - convert four ASCII base64 digits to three bytes | |
28351 | + * Note that a base64 digit group is padded out with '=' if it represents | |
28352 | + * less than three bytes: one byte is dd==, two is ddd=, three is dddd. | |
28353 | + */ | |
28354 | +static int /* number of result bytes, or error code */ | |
28355 | +unb64(src, dst, dstlen) | |
28356 | +const char *src; /* known to be full length */ | |
28357 | +char *dst; | |
28358 | +size_t dstlen; | |
28359 | +{ | |
28360 | + char *p; | |
28361 | + unsigned byte1; | |
28362 | + unsigned byte2; | |
28363 | + static char base64[] = | |
28364 | + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | |
28365 | + | |
28366 | + if (dstlen < 3) | |
28367 | + return SHORT; | |
28368 | + | |
28369 | + p = strchr(base64, *src++); | |
28370 | + if (p == NULL) | |
28371 | + return BADCHAR; | |
28372 | + byte1 = (p - base64) << 2; /* first six bits */ | |
28373 | + | |
28374 | + p = strchr(base64, *src++); | |
28375 | + if (p == NULL) | |
28376 | + return BADCHAR; | |
28377 | + byte2 = p - base64; /* next six: two plus four */ | |
28378 | + *dst++ = byte1 | (byte2 >> 4); | |
28379 | + byte1 = (byte2 & 0xf) << 4; | |
28380 | + | |
28381 | + p = strchr(base64, *src++); | |
28382 | + if (p == NULL) { | |
28383 | + if (*(src-1) == '=' && *src == '=') { | |
28384 | + if (byte1 != 0) /* bad padding */ | |
28385 | + return BADPAD; | |
28386 | + return 1; | |
28387 | + } | |
28388 | + return BADCHAR; | |
28389 | + } | |
28390 | + byte2 = p - base64; /* next six: four plus two */ | |
28391 | + *dst++ = byte1 | (byte2 >> 2); | |
28392 | + byte1 = (byte2 & 0x3) << 6; | |
28393 | + | |
28394 | + p = strchr(base64, *src++); | |
28395 | + if (p == NULL) { | |
28396 | + if (*(src-1) == '=') { | |
28397 | + if (byte1 != 0) /* bad padding */ | |
28398 | + return BADPAD; | |
28399 | + return 2; | |
28400 | + } | |
28401 | + return BADCHAR; | |
28402 | + } | |
28403 | + byte2 = p - base64; /* last six */ | |
28404 | + *dst++ = byte1 | byte2; | |
28405 | + return 3; | |
28406 | +} | |
28407 | + | |
28408 | +/* | |
28409 | + - untext - convert one ASCII character to byte | |
28410 | + */ | |
28411 | +static int /* number of result bytes, or error code */ | |
28412 | +untext(src, dst, dstlen) | |
28413 | +const char *src; /* known to be full length */ | |
28414 | +char *dst; | |
28415 | +size_t dstlen; /* not large enough is a failure */ | |
28416 | +{ | |
28417 | + if (dstlen < 1) | |
28418 | + return SHORT; | |
28419 | + | |
28420 | + *dst = *src; | |
28421 | + return 1; | |
28422 | +} | |
28423 | + | |
28424 | + | |
28425 | + | |
28426 | +#ifdef TTODATA_MAIN | |
28427 | + | |
28428 | +#include <stdio.h> | |
28429 | + | |
28430 | +void regress(); | |
28431 | +void hexout(); | |
28432 | + | |
28433 | +/* | |
28434 | + - main - convert first argument to hex, or run regression | |
28435 | + */ | |
28436 | +int | |
28437 | +main(argc, argv) | |
28438 | +int argc; | |
28439 | +char *argv[]; | |
28440 | +{ | |
28441 | + char buf[1024]; | |
28442 | + char buf2[1024]; | |
28443 | + size_t n; | |
28444 | + size_t i; | |
28445 | + char *p = buf; | |
28446 | + char *p2 = buf2; | |
28447 | + char *pgm = argv[0]; | |
28448 | + const char *oops; | |
28449 | + | |
28450 | + if (argc < 2) { | |
28451 | + fprintf(stderr, "Usage: %s {0x<hex>|0s<base64>|-r}\n", pgm); | |
28452 | + exit(2); | |
28453 | + } | |
28454 | + | |
28455 | + if (strcmp(argv[1], "-r") == 0) { | |
28456 | + regress(pgm); /* should not return */ | |
28457 | + fprintf(stderr, "%s: regress() returned?!?\n", pgm); | |
28458 | + exit(1); | |
28459 | + } | |
28460 | + | |
28461 | + oops = ttodata(argv[1], 0, 0, buf, sizeof(buf), &n); | |
28462 | + if (oops != NULL) { | |
28463 | + fprintf(stderr, "%s: ttodata error `%s' in `%s'\n", pgm, | |
28464 | + oops, argv[1]); | |
28465 | + exit(1); | |
28466 | + } | |
28467 | + | |
28468 | + if (n > sizeof(buf)) { | |
28469 | + p = (char *)malloc((size_t)n); | |
28470 | + if (p == NULL) { | |
28471 | + fprintf(stderr, | |
28472 | + "%s: unable to malloc %d bytes for result\n", | |
28473 | + pgm, n); | |
28474 | + exit(1); | |
28475 | + } | |
28476 | + oops = ttodata(argv[1], 0, 0, p, n, &n); | |
28477 | + if (oops != NULL) { | |
28478 | + fprintf(stderr, "%s: error `%s' in ttodata retry?!?\n", | |
28479 | + pgm, oops); | |
28480 | + exit(1); | |
28481 | + } | |
28482 | + } | |
28483 | + | |
28484 | + hexout(p, n, stdout); | |
28485 | + printf("\n"); | |
28486 | + | |
28487 | + i = datatot(buf, n, 'h', buf2, sizeof(buf2)); | |
28488 | + if (i == 0) { | |
28489 | + fprintf(stderr, "%s: datatot reports error in `%s'\n", pgm, | |
28490 | + argv[1]); | |
28491 | + exit(1); | |
28492 | + } | |
28493 | + | |
28494 | + if (i > sizeof(buf2)) { | |
28495 | + p2 = (char *)malloc((size_t)i); | |
28496 | + if (p == NULL) { | |
28497 | + fprintf(stderr, | |
28498 | + "%s: unable to malloc %d bytes for result\n", | |
28499 | + pgm, i); | |
28500 | + exit(1); | |
28501 | + } | |
28502 | + i = datatot(buf, n, 'h', p2, i); | |
28503 | + if (i == 0) { | |
28504 | + fprintf(stderr, "%s: error in datatoa retry?!?\n", pgm); | |
28505 | + exit(1); | |
28506 | + } | |
28507 | + } | |
28508 | + | |
28509 | + printf("%s\n", p2); | |
28510 | + | |
28511 | + exit(0); | |
28512 | +} | |
28513 | + | |
28514 | +/* | |
28515 | + - hexout - output an arbitrary-length string in hex | |
28516 | + */ | |
28517 | +void | |
28518 | +hexout(s, len, f) | |
28519 | +const char *s; | |
28520 | +size_t len; | |
28521 | +FILE *f; | |
28522 | +{ | |
28523 | + size_t i; | |
28524 | + | |
28525 | + fprintf(f, "0x"); | |
28526 | + for (i = 0; i < len; i++) | |
28527 | + fprintf(f, "%02x", (unsigned char)s[i]); | |
28528 | +} | |
28529 | + | |
28530 | +struct artab { | |
28531 | + int base; | |
28532 | + char *ascii; /* NULL for end */ | |
28533 | + char *data; /* NULL for error expected */ | |
28534 | +} atodatatab[] = { | |
28535 | + 0, "", NULL, | |
28536 | + 0, "0", NULL, | |
28537 | + 0, "0x", NULL, | |
28538 | + 0, "0xa", NULL, | |
28539 | + 0, "0xab", "\xab", | |
28540 | + 0, "0xabc", NULL, | |
28541 | + 0, "0xabcd", "\xab\xcd", | |
28542 | + 0, "0x0123456789", "\x01\x23\x45\x67\x89", | |
28543 | + 0, "0x01x", NULL, | |
28544 | + 0, "0xabcdef", "\xab\xcd\xef", | |
28545 | + 0, "0xABCDEF", "\xab\xcd\xef", | |
28546 | + 0, "0XaBc0eEd81f", "\xab\xc0\xee\xd8\x1f", | |
28547 | + 0, "0XaBc0_eEd8", "\xab\xc0\xee\xd8", | |
28548 | + 0, "0XaBc0_", NULL, | |
28549 | + 0, "0X_aBc0", NULL, | |
28550 | + 0, "0Xa_Bc0", NULL, | |
28551 | + 16, "aBc0_eEd8", "\xab\xc0\xee\xd8", | |
28552 | + 0, "0s", NULL, | |
28553 | + 0, "0sA", NULL, | |
28554 | + 0, "0sBA", NULL, | |
28555 | + 0, "0sCBA", NULL, | |
28556 | + 0, "0sDCBA", "\x0c\x20\x40", | |
28557 | + 0, "0SDCBA", "\x0c\x20\x40", | |
28558 | + 0, "0sDA==", "\x0c", | |
28559 | + 0, "0sDC==", NULL, | |
28560 | + 0, "0sDCA=", "\x0c\x20", | |
28561 | + 0, "0sDCB=", NULL, | |
28562 | + 0, "0sDCAZ", "\x0c\x20\x19", | |
28563 | + 0, "0sDCAa", "\x0c\x20\x1a", | |
28564 | + 0, "0sDCAz", "\x0c\x20\x33", | |
28565 | + 0, "0sDCA0", "\x0c\x20\x34", | |
28566 | + 0, "0sDCA9", "\x0c\x20\x3d", | |
28567 | + 0, "0sDCA+", "\x0c\x20\x3e", | |
28568 | + 0, "0sDCA/", "\x0c\x20\x3f", | |
28569 | + 0, "0sAbraCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", | |
28570 | + 64, "AbraCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", | |
28571 | + 0, "0t", NULL, | |
28572 | + 0, "0tabc_xyz", "abc_xyz", | |
28573 | + 256, "abc_xyz", "abc_xyz", | |
28574 | + 0, NULL, NULL, | |
28575 | +}; | |
28576 | + | |
28577 | +struct drtab { | |
28578 | + char *data; /* input; NULL for end */ | |
28579 | + char format; | |
28580 | + int buflen; /* -1 means big buffer */ | |
28581 | + int outlen; /* -1 means strlen(ascii)+1 */ | |
28582 | + char *ascii; /* NULL for error expected */ | |
28583 | +} datatoatab[] = { | |
28584 | + "", 'x', -1, -1, NULL, | |
28585 | + "", 'X', -1, -1, NULL, | |
28586 | + "", 'n', -1, -1, NULL, | |
28587 | + "0", 'x', -1, -1, "0x30", | |
28588 | + "0", 'x', 0, 5, "---", | |
28589 | + "0", 'x', 1, 5, "", | |
28590 | + "0", 'x', 2, 5, "0", | |
28591 | + "0", 'x', 3, 5, "0x", | |
28592 | + "0", 'x', 4, 5, "0x3", | |
28593 | + "0", 'x', 5, 5, "0x30", | |
28594 | + "0", 'x', 6, 5, "0x30", | |
28595 | + "\xab\xcd", 'x', -1, -1, "0xabcd", | |
28596 | + "\x01\x23\x45\x67\x89", 'x', -1, -1, "0x0123456789", | |
28597 | + "\xab\xcd\xef", 'x', -1, -1, "0xabcdef", | |
28598 | + "\xab\xc0\xee\xd8\x1f", 'x', -1, -1, "0xabc0eed81f", | |
28599 | + "\x01\x02", 'h', -1, -1, "0x0102", | |
28600 | + "\x01\x02\x03\x04\x05\x06", 'h', -1, -1, "0x01020304_0506", | |
28601 | + "\xab\xc0\xee\xd8\x1f", 16, -1, -1, "abc0eed81f", | |
28602 | + "\x0c\x20\x40", 's', -1, -1, "0sDCBA", | |
28603 | + "\x0c\x20\x40", 's', 0, 7, "---", | |
28604 | + "\x0c\x20\x40", 's', 1, 7, "", | |
28605 | + "\x0c\x20\x40", 's', 2, 7, "0", | |
28606 | + "\x0c\x20\x40", 's', 3, 7, "0s", | |
28607 | + "\x0c\x20\x40", 's', 4, 7, "0sD", | |
28608 | + "\x0c\x20\x40", 's', 5, 7, "0sDC", | |
28609 | + "\x0c\x20\x40", 's', 6, 7, "0sDCB", | |
28610 | + "\x0c\x20\x40", 's', 7, 7, "0sDCBA", | |
28611 | + "\x0c\x20\x40", 's', 8, 7, "0sDCBA", | |
28612 | + "\x0c", 's', -1, -1, "0sDA==", | |
28613 | + "\x0c\x20", 's', -1, -1, "0sDCA=", | |
28614 | + "\x0c\x20\x19", 's', -1, -1, "0sDCAZ", | |
28615 | + "\x0c\x20\x1a", 's', -1, -1, "0sDCAa", | |
28616 | + "\x0c\x20\x33", 's', -1, -1, "0sDCAz", | |
28617 | + "\x0c\x20\x34", 's', -1, -1, "0sDCA0", | |
28618 | + "\x0c\x20\x3d", 's', -1, -1, "0sDCA9", | |
28619 | + "\x0c\x20\x3e", 's', -1, -1, "0sDCA+", | |
28620 | + "\x0c\x20\x3f", 's', -1, -1, "0sDCA/", | |
28621 | + "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", 's', -1, -1, "0sAbraCadabra+", | |
28622 | + "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", 64, -1, -1, "AbraCadabra+", | |
28623 | + NULL, 'x', -1, -1, NULL, | |
28624 | +}; | |
28625 | + | |
28626 | +/* | |
28627 | + - regress - regression-test ttodata() and datatot() | |
28628 | + */ | |
28629 | +void /* should not return at all, in fact */ | |
28630 | +regress(pgm) | |
28631 | +char *pgm; | |
28632 | +{ | |
28633 | + struct artab *r; | |
28634 | + struct drtab *dr; | |
28635 | + char buf[100]; | |
28636 | + size_t n; | |
28637 | + int status = 0; | |
28638 | + size_t should; | |
28639 | + const char *oops; | |
28640 | + | |
28641 | + for (r = atodatatab; r->ascii != NULL; r++) { | |
28642 | + oops = ttodata(r->ascii, 0, r->base, buf, sizeof(buf), &n); | |
28643 | + if (oops != NULL && r->data == NULL) | |
28644 | + {} /* error expected */ | |
28645 | + else if (oops != NULL) { | |
28646 | + printf("`%s' gave error `%s', expecting %d `", r->ascii, | |
28647 | + oops, strlen(r->data)); | |
28648 | + hexout(r->data, strlen(r->data), stdout); | |
28649 | + printf("'\n"); | |
28650 | + status = 1; | |
28651 | + } else if (r->data == NULL) { | |
28652 | + printf("`%s' gave %d `", r->ascii, n); | |
28653 | + hexout(buf, n, stdout); | |
28654 | + printf("', expecting error\n"); | |
28655 | + status = 1; | |
28656 | + } else if (n != strlen(r->data)) { | |
28657 | + printf("length wrong in `%s': got %d `", r->ascii, n); | |
28658 | + hexout(buf, n, stdout); | |
28659 | + printf("', expecting %d `", strlen(r->data)); | |
28660 | + hexout(r->data, strlen(r->data), stdout); | |
28661 | + printf("'\n"); | |
28662 | + status = 1; | |
28663 | + } else if (memcmp(buf, r->data, n) != 0) { | |
28664 | + printf("`%s' gave %d `", r->ascii, n); | |
28665 | + hexout(buf, n, stdout); | |
28666 | + printf("', expecting %d `", strlen(r->data)); | |
28667 | + hexout(r->data, strlen(r->data), stdout); | |
28668 | + printf("'\n"); | |
28669 | + status = 1; | |
28670 | + } | |
28671 | + fflush(stdout); | |
28672 | + } | |
28673 | + for (dr = datatoatab; dr->data != NULL; dr++) { | |
28674 | + strcpy(buf, "---"); | |
28675 | + n = datatot(dr->data, strlen(dr->data), dr->format, buf, | |
28676 | + (dr->buflen == -1) ? sizeof(buf) : dr->buflen); | |
28677 | + should = (dr->ascii == NULL) ? 0 : strlen(dr->ascii) + 1; | |
28678 | + if (dr->outlen != -1) | |
28679 | + should = dr->outlen; | |
28680 | + if (n == 0 && dr->ascii == NULL) | |
28681 | + {} /* error expected */ | |
28682 | + else if (n == 0) { | |
28683 | + printf("`"); | |
28684 | + hexout(dr->data, strlen(dr->data), stdout); | |
28685 | + printf("' %c gave error, expecting %d `%s'\n", | |
28686 | + dr->format, should, dr->ascii); | |
28687 | + status = 1; | |
28688 | + } else if (dr->ascii == NULL) { | |
28689 | + printf("`"); | |
28690 | + hexout(dr->data, strlen(dr->data), stdout); | |
28691 | + printf("' %c gave %d `%.*s', expecting error\n", | |
28692 | + dr->format, n, n, buf); | |
28693 | + status = 1; | |
28694 | + } else if (n != should) { | |
28695 | + printf("length wrong in `"); | |
28696 | + hexout(dr->data, strlen(dr->data), stdout); | |
28697 | + printf("': got %d `%s'", n, buf); | |
28698 | + printf(", expecting %d `%s'\n", should, dr->ascii); | |
28699 | + status = 1; | |
28700 | + } else if (strcmp(buf, dr->ascii) != 0) { | |
28701 | + printf("`"); | |
28702 | + hexout(dr->data, strlen(dr->data), stdout); | |
28703 | + printf("' gave %d `%s'", n, buf); | |
28704 | + printf(", expecting %d `%s'\n", should, dr->ascii); | |
28705 | + status = 1; | |
28706 | + } | |
28707 | + fflush(stdout); | |
28708 | + } | |
28709 | + exit(status); | |
28710 | +} | |
28711 | + | |
28712 | +#endif /* TTODATA_MAIN */ | |
28713 | diff -druN linux-noipsec/net/ipsec/libfreeswan/ttosa.c linux/net/ipsec/libfreeswan/ttosa.c | |
28714 | --- linux-noipsec/net/ipsec/libfreeswan/ttosa.c Thu Jan 1 01:00:00 1970 | |
28715 | +++ linux/net/ipsec/libfreeswan/ttosa.c Fri Sep 15 21:20:33 2000 | |
28716 | @@ -0,0 +1,250 @@ | |
28717 | +/* | |
28718 | + * convert from text form of SA ID to binary | |
28719 | + * Copyright (C) 2000 Henry Spencer. | |
28720 | + * | |
28721 | + * This library is free software; you can redistribute it and/or modify it | |
28722 | + * under the terms of the GNU Library General Public License as published by | |
28723 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
28724 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
28725 | + * | |
28726 | + * This library is distributed in the hope that it will be useful, but | |
28727 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
28728 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
28729 | + * License for more details. | |
28730 | + * | |
28731 | + * RCSID $Id$ | |
28732 | + */ | |
28733 | +#include "internal.h" | |
28734 | +#include "freeswan.h" | |
28735 | + | |
28736 | +static struct satype { | |
28737 | + char *prefix; | |
28738 | + size_t prelen; /* strlen(prefix) */ | |
28739 | + int proto; | |
28740 | +} satypes[] = { | |
28741 | + { "ah", 2, SA_AH }, | |
28742 | + { "esp", 3, SA_ESP }, | |
28743 | + { "tun", 3, SA_IPIP }, | |
28744 | + { "comp", 4, SA_COMP }, | |
28745 | + { NULL, 0, 0, } | |
28746 | +}; | |
28747 | + | |
28748 | +/* | |
28749 | + - ttosa - convert text "ah507@10.0.0.1" to SA identifier | |
28750 | + */ | |
28751 | +err_t /* NULL for success, else string literal */ | |
28752 | +ttosa(src, srclen, sa) | |
28753 | +const char *src; | |
28754 | +size_t srclen; /* 0 means "apply strlen" */ | |
28755 | +ip_said *sa; | |
28756 | +{ | |
28757 | + const char *at; | |
28758 | + const char *addr; | |
28759 | + size_t alen; | |
28760 | + const char *spi = NULL; | |
28761 | + struct satype *sat; | |
28762 | + unsigned long ul; | |
28763 | + const char *oops; | |
28764 | +# define MINLEN 5 /* ah0@0 is as short as it can get */ | |
28765 | + static char ptname[] = PASSTHROUGHNAME; | |
28766 | +# define PTNLEN (sizeof(ptname)-1) /* -1 for NUL */ | |
28767 | + static char pt4name[] = PASSTHROUGH4NAME; | |
28768 | +# define PT4NLEN (sizeof(pt4name)-1) /* -1 for NUL */ | |
28769 | + static char pt6name[] = PASSTHROUGH6NAME; | |
28770 | +# define PT6NLEN (sizeof(pt6name)-1) /* -1 for NUL */ | |
28771 | + int af; | |
28772 | + int base; | |
28773 | + | |
28774 | + if (srclen == 0) | |
28775 | + srclen = strlen(src); | |
28776 | + if (srclen == 0) | |
28777 | + return "empty string"; | |
28778 | + if (srclen < MINLEN) | |
28779 | + return "string too short to be SA identifier"; | |
28780 | + if (srclen == PTNLEN && memcmp(src, ptname, PTNLEN) == 0) { | |
28781 | + src = PASSTHROUGH4IS; | |
28782 | + srclen = strlen(src); | |
28783 | + } else if (srclen == PT4NLEN && memcmp(src, pt4name, PT4NLEN) == 0) { | |
28784 | + src = PASSTHROUGH4IS; | |
28785 | + srclen = strlen(src); | |
28786 | + } else if (srclen == PT6NLEN && memcmp(src, pt6name, PT6NLEN) == 0) { | |
28787 | + src = PASSTHROUGH6IS; | |
28788 | + srclen = strlen(src); | |
28789 | + } | |
28790 | + | |
28791 | + at = memchr(src, '@', srclen); | |
28792 | + if (at == NULL) | |
28793 | + return "no @ in SA specifier"; | |
28794 | + | |
28795 | + for (sat = satypes; sat->prefix != NULL; sat++) | |
28796 | + if (sat->prelen < srclen && | |
28797 | + strncmp(src, sat->prefix, sat->prelen) == 0) { | |
28798 | + sa->proto = sat->proto; | |
28799 | + spi = src + sat->prelen; | |
28800 | + break; /* NOTE BREAK OUT */ | |
28801 | + } | |
28802 | + if (sat->prefix == NULL) | |
28803 | + return "SA specifier lacks valid protocol prefix"; | |
28804 | + | |
28805 | + if (spi >= at) | |
28806 | + return "no SPI in SA specifier"; | |
28807 | + switch (*spi) { | |
28808 | + case '.': | |
28809 | + af = AF_INET; | |
28810 | + spi++; | |
28811 | + base = 16; | |
28812 | + break; | |
28813 | + case ':': | |
28814 | + af = AF_INET6; | |
28815 | + spi++; | |
28816 | + base = 16; | |
28817 | + break; | |
28818 | + default: | |
28819 | + af = AF_UNSPEC; /* not known yet */ | |
28820 | + base = 0; | |
28821 | + break; | |
28822 | + } | |
28823 | + if (spi >= at) | |
28824 | + return "no SPI found in SA specifier"; | |
28825 | + oops = ttoul(spi, at - spi, base, &ul); | |
28826 | + if (oops != NULL) | |
28827 | + return oops; | |
28828 | + sa->spi = htonl(ul); | |
28829 | + | |
28830 | + addr = at + 1; | |
28831 | + alen = srclen - (addr - src); | |
28832 | + if (af == AF_UNSPEC) | |
28833 | + af = (memchr(addr, ':', alen) != NULL) ? AF_INET6 : AF_INET; | |
28834 | + oops = ttoaddr(addr, alen, af, &sa->dst); | |
28835 | + if (oops != NULL) | |
28836 | + return oops; | |
28837 | + | |
28838 | + return NULL; | |
28839 | +} | |
28840 | + | |
28841 | + | |
28842 | + | |
28843 | +#ifdef TTOSA_MAIN | |
28844 | + | |
28845 | +#include <stdio.h> | |
28846 | + | |
28847 | +void regress(); | |
28848 | + | |
28849 | +int | |
28850 | +main(argc, argv) | |
28851 | +int argc; | |
28852 | +char *argv[]; | |
28853 | +{ | |
28854 | + ip_said sa; | |
28855 | + char buf[100]; | |
28856 | + char buf2[100]; | |
28857 | + const char *oops; | |
28858 | + size_t n; | |
28859 | + | |
28860 | + if (argc < 2) { | |
28861 | + fprintf(stderr, "Usage: %s {ahnnn@aaa|-r}\n", argv[0]); | |
28862 | + exit(2); | |
28863 | + } | |
28864 | + | |
28865 | + if (strcmp(argv[1], "-r") == 0) { | |
28866 | + regress(); | |
28867 | + fprintf(stderr, "regress() returned?!?\n"); | |
28868 | + exit(1); | |
28869 | + } | |
28870 | + | |
28871 | + oops = ttosa(argv[1], 0, &sa); | |
28872 | + if (oops != NULL) { | |
28873 | + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); | |
28874 | + exit(1); | |
28875 | + } | |
28876 | + n = satot(&sa, 0, buf, sizeof(buf)); | |
28877 | + if (n > sizeof(buf)) { | |
28878 | + fprintf(stderr, "%s: reverse conv of `%d'", argv[0], sa.proto); | |
28879 | + fprintf(stderr, "%lx@", sa.spi); | |
28880 | + (void) addrtot(&sa.dst, 0, buf2, sizeof(buf2)); | |
28881 | + fprintf(stderr, "%s", buf2); | |
28882 | + fprintf(stderr, " failed: need %ld bytes, have only %ld\n", | |
28883 | + (long)n, (long)sizeof(buf)); | |
28884 | + exit(1); | |
28885 | + } | |
28886 | + printf("%s\n", buf); | |
28887 | + | |
28888 | + exit(0); | |
28889 | +} | |
28890 | + | |
28891 | +struct rtab { | |
28892 | + int format; | |
28893 | + char *input; | |
28894 | + char *output; /* NULL means error expected */ | |
28895 | +} rtab[] = { | |
28896 | + 0, "esp257@1.2.3.0", "esp.101@1.2.3.0", | |
28897 | + 0, "ah0x20@1.2.3.4", "ah.20@1.2.3.4", | |
28898 | + 0, "tun20@1.2.3.4", "tun.14@1.2.3.4", | |
28899 | + 0, "comp20@1.2.3.4", "comp.14@1.2.3.4", | |
28900 | + 0, "esp257@::1", "esp:101@::1", | |
28901 | + 0, "esp257@0bc:12de::1", "esp:101@bc:12de::1", | |
28902 | + 0, "esp78@1049:1::8007:2040", "esp:4e@1049:1::8007:2040", | |
28903 | + 0, "esp0x78@1049:1::8007:2040", "esp:78@1049:1::8007:2040", | |
28904 | + 0, "ah78@1049:1::8007:2040", "ah:4e@1049:1::8007:2040", | |
28905 | + 0, "ah0x78@1049:1::8007:2040", "ah:78@1049:1::8007:2040", | |
28906 | + 0, "tun78@1049:1::8007:2040", "tun:4e@1049:1::8007:2040", | |
28907 | + 0, "tun0x78@1049:1::8007:2040", "tun:78@1049:1::8007:2040", | |
28908 | + 0, "duk99@3ffe:370:400:ff::9001:3001", NULL, | |
28909 | + 0, "esp78x@1049:1::8007:2040", NULL, | |
28910 | + 0, "esp0x78@1049:1:0xfff::8007:2040", NULL, | |
28911 | + 0, "es78@1049:1::8007:2040", NULL, | |
28912 | + 0, "", NULL, | |
28913 | + 0, "_", NULL, | |
28914 | + 0, "ah2.2", NULL, | |
28915 | + 0, "goo2@1.2.3.4", NULL, | |
28916 | + 0, "esp9@1.2.3.4", "esp.9@1.2.3.4", | |
28917 | + 'f', "esp0xa9@1.2.3.4", "esp.000000a9@1.2.3.4", | |
28918 | + 0, "espp9@1.2.3.4", NULL, | |
28919 | + 0, "es9@1.2.3.4", NULL, | |
28920 | + 0, "ah@1.2.3.4", NULL, | |
28921 | + 0, "esp7x7@1.2.3.4", NULL, | |
28922 | + 0, "esp77@1.0x2.3.4", NULL, | |
28923 | + 0, PASSTHROUGHNAME, PASSTHROUGH4NAME, | |
28924 | + 0, NULL, NULL | |
28925 | +}; | |
28926 | + | |
28927 | +void | |
28928 | +regress() | |
28929 | +{ | |
28930 | + struct rtab *r; | |
28931 | + int status = 0; | |
28932 | + ip_said sa; | |
28933 | + char in[100]; | |
28934 | + char buf[100]; | |
28935 | + const char *oops; | |
28936 | + size_t n; | |
28937 | + | |
28938 | + for (r = rtab; r->input != NULL; r++) { | |
28939 | + strcpy(in, r->input); | |
28940 | + oops = ttosa(in, 0, &sa); | |
28941 | + if (oops != NULL && r->output == NULL) | |
28942 | + {} /* okay, error expected */ | |
28943 | + else if (oops != NULL) { | |
28944 | + printf("`%s' ttosa failed: %s\n", r->input, oops); | |
28945 | + status = 1; | |
28946 | + } else if (r->output == NULL) { | |
28947 | + printf("`%s' ttosa succeeded unexpectedly\n", | |
28948 | + r->input); | |
28949 | + status = 1; | |
28950 | + } else { | |
28951 | + n = satot(&sa, r->format, buf, sizeof(buf)); | |
28952 | + if (n > sizeof(buf)) { | |
28953 | + printf("`%s' satot failed: need %ld\n", | |
28954 | + r->input, (long)n); | |
28955 | + status = 1; | |
28956 | + } else if (strcmp(r->output, buf) != 0) { | |
28957 | + printf("`%s' gave `%s', expected `%s'\n", | |
28958 | + r->input, buf, r->output); | |
28959 | + status = 1; | |
28960 | + } | |
28961 | + } | |
28962 | + } | |
28963 | + exit(status); | |
28964 | +} | |
28965 | + | |
28966 | +#endif /* TTOSA_MAIN */ | |
28967 | diff -druN linux-noipsec/net/ipsec/libfreeswan/ttosubnet.c linux/net/ipsec/libfreeswan/ttosubnet.c | |
28968 | --- linux-noipsec/net/ipsec/libfreeswan/ttosubnet.c Thu Jan 1 01:00:00 1970 | |
28969 | +++ linux/net/ipsec/libfreeswan/ttosubnet.c Thu Aug 17 06:14:27 2000 | |
28970 | @@ -0,0 +1,275 @@ | |
28971 | +/* | |
28972 | + * convert from text form of subnet specification to binary | |
28973 | + * Copyright (C) 2000 Henry Spencer. | |
28974 | + * | |
28975 | + * This library is free software; you can redistribute it and/or modify it | |
28976 | + * under the terms of the GNU Library General Public License as published by | |
28977 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
28978 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
28979 | + * | |
28980 | + * This library is distributed in the hope that it will be useful, but | |
28981 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
28982 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
28983 | + * License for more details. | |
28984 | + * | |
28985 | + * RCSID $Id$ | |
28986 | + */ | |
28987 | +#include "internal.h" | |
28988 | +#include "freeswan.h" | |
28989 | + | |
28990 | +#ifndef DEFAULTSUBNET | |
28991 | +#define DEFAULTSUBNET "%default" | |
28992 | +#endif | |
28993 | + | |
28994 | +/* | |
28995 | + - ttosubnet - convert text "addr/mask" to address and mask | |
28996 | + * Mask can be integer bit count. | |
28997 | + */ | |
28998 | +err_t | |
28999 | +ttosubnet(src, srclen, af, dst) | |
29000 | +const char *src; | |
29001 | +size_t srclen; /* 0 means "apply strlen" */ | |
29002 | +int af; /* AF_INET or AF_INET6 */ | |
29003 | +ip_subnet *dst; | |
29004 | +{ | |
29005 | + const char *slash; | |
29006 | + const char *mask; | |
29007 | + size_t mlen; | |
29008 | + const char *oops; | |
29009 | + unsigned long bc; | |
29010 | + static char def[] = DEFAULTSUBNET; | |
29011 | +# define DEFLEN (sizeof(def) - 1) /* -1 for NUL */ | |
29012 | + static char defis4[] = "0/0"; | |
29013 | +# define DEFIS4LEN (sizeof(defis4) - 1) | |
29014 | + static char defis6[] = "::/0"; | |
29015 | +# define DEFIS6LEN (sizeof(defis6) - 1) | |
29016 | + ip_address addrtmp; | |
29017 | + ip_address masktmp; | |
29018 | + int nbits; | |
29019 | + int i; | |
29020 | + | |
29021 | + if (srclen == 0) | |
29022 | + srclen = strlen(src); | |
29023 | + if (srclen == 0) | |
29024 | + return "empty string"; | |
29025 | + | |
29026 | + switch (af) { | |
29027 | + case AF_INET: | |
29028 | + nbits = 32; | |
29029 | + break; | |
29030 | + case AF_INET6: | |
29031 | + nbits = 128; | |
29032 | + break; | |
29033 | + default: | |
29034 | + return "unknown address family in ttosubnet"; | |
29035 | + break; | |
29036 | + } | |
29037 | + | |
29038 | + if (srclen == DEFLEN && strncmp(src, def, srclen) == 0) { | |
29039 | + src = (af == AF_INET) ? defis4 : defis6; | |
29040 | + srclen = (af == AF_INET) ? DEFIS4LEN : DEFIS6LEN; | |
29041 | + } | |
29042 | + | |
29043 | + slash = memchr(src, '/', srclen); | |
29044 | + if (slash == NULL) | |
29045 | + return "no / in subnet specification"; | |
29046 | + mask = slash + 1; | |
29047 | + mlen = srclen - (mask - src); | |
29048 | + | |
29049 | + oops = ttoaddr(src, slash-src, af, &addrtmp); | |
29050 | + if (oops != NULL) | |
29051 | + return oops; | |
29052 | + | |
29053 | + oops = ttoul(mask, mlen, 10, &bc); | |
29054 | + if (oops == NULL) { | |
29055 | + /* ttoul succeeded, it's a bit-count mask */ | |
29056 | + if (bc > nbits) | |
29057 | + return "subnet mask bit count too large"; | |
29058 | + i = bc; | |
29059 | + } else { | |
29060 | + oops = ttoaddr(mask, mlen, af, &masktmp); | |
29061 | + if (oops != NULL) | |
29062 | + return oops; | |
29063 | + i = masktocount(&masktmp); | |
29064 | + if (i < 0) | |
29065 | + return "non-contiguous or otherwise erroneous mask"; | |
29066 | + } | |
29067 | + | |
29068 | + return initsubnet(&addrtmp, i, '0', dst); | |
29069 | +} | |
29070 | + | |
29071 | + | |
29072 | + | |
29073 | +#ifdef TTOSUBNET_MAIN | |
29074 | + | |
29075 | +#include <stdio.h> | |
29076 | + | |
29077 | +void regress(); | |
29078 | + | |
29079 | +int | |
29080 | +main(argc, argv) | |
29081 | +int argc; | |
29082 | +char *argv[]; | |
29083 | +{ | |
29084 | + ip_address a; | |
29085 | + ip_subnet s; | |
29086 | + char buf[100]; | |
29087 | + char buf2[100]; | |
29088 | + const char *oops; | |
29089 | + size_t n; | |
29090 | + int af; | |
29091 | + char *p; | |
29092 | + | |
29093 | + if (argc < 2) { | |
29094 | + fprintf(stderr, "Usage: %s [-6] addr/mask\n", argv[0]); | |
29095 | + fprintf(stderr, " or: %s -r\n", argv[0]); | |
29096 | + exit(2); | |
29097 | + } | |
29098 | + | |
29099 | + if (strcmp(argv[1], "-r") == 0) { | |
29100 | + regress(); | |
29101 | + fprintf(stderr, "regress() returned?!?\n"); | |
29102 | + exit(1); | |
29103 | + } | |
29104 | + | |
29105 | + af = AF_INET; | |
29106 | + p = argv[1]; | |
29107 | + if (strcmp(argv[1], "-6") == 0) { | |
29108 | + af = AF_INET6; | |
29109 | + p = argv[2]; | |
29110 | + } else if (strchr(argv[1], ':') != NULL) | |
29111 | + af = AF_INET6; | |
29112 | + | |
29113 | + oops = ttosubnet(p, 0, af, &s); | |
29114 | + if (oops != NULL) { | |
29115 | + fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); | |
29116 | + exit(1); | |
29117 | + } | |
29118 | + n = subnettot(&s, 0, buf, sizeof(buf)); | |
29119 | + if (n > sizeof(buf)) { | |
29120 | + fprintf(stderr, "%s: reverse conversion of ", argv[0]); | |
29121 | + (void) addrtot(&s.addr, 0, buf2, sizeof(buf2)); | |
29122 | + fprintf(stderr, "%s/", buf2); | |
29123 | + fprintf(stderr, "%d", s.maskbits); | |
29124 | + fprintf(stderr, " failed: need %ld bytes, have only %ld\n", | |
29125 | + (long)n, (long)sizeof(buf)); | |
29126 | + exit(1); | |
29127 | + } | |
29128 | + printf("%s\n", buf); | |
29129 | + | |
29130 | + exit(0); | |
29131 | +} | |
29132 | + | |
29133 | +struct rtab { | |
29134 | + int family; | |
29135 | + char *input; | |
29136 | + char *output; /* NULL means error expected */ | |
29137 | +} rtab[] = { | |
29138 | + 4, "1.2.3.0/255.255.255.0", "1.2.3.0/24", | |
29139 | + 4, "1.2.3.0/24", "1.2.3.0/24", | |
29140 | + 4, "1.2.3.1/255.255.255.240", "1.2.3.0/28", | |
29141 | + 4, "1.2.3.1/32", "1.2.3.1/32", | |
29142 | + 4, "1.2.3.1/0", "0.0.0.0/0", | |
29143 | +/* 4, "1.2.3.1/255.255.127.0", "1.2.3.0/255.255.127.0", */ | |
29144 | + 4, "1.2.3.1/255.255.127.0", NULL, | |
29145 | + 4, "128.009.000.032/32", "128.9.0.32/32", | |
29146 | + 4, "128.0x9.0.32/32", NULL, | |
29147 | + 4, "0x80090020/32", "128.9.0.32/32", | |
29148 | + 4, "0x800x0020/32", NULL, | |
29149 | + 4, "128.9.0.32/0xffFF0000", "128.9.0.0/16", | |
29150 | + 4, "128.9.0.32/0xff0000FF", NULL, | |
29151 | + 4, "128.9.0.32/0x0000ffFF", NULL, | |
29152 | + 4, "128.9.0.32/0x00ffFF0000", NULL, | |
29153 | + 4, "128.9.0.32/0xffFF", NULL, | |
29154 | + 4, "128.9.0.32.27/32", NULL, | |
29155 | + 4, "128.9.0k32/32", NULL, | |
29156 | + 4, "328.9.0.32/32", NULL, | |
29157 | + 4, "128.9..32/32", NULL, | |
29158 | + 4, "10/8", "10.0.0.0/8", | |
29159 | + 4, "10.0/8", "10.0.0.0/8", | |
29160 | + 4, "10.0.0/8", "10.0.0.0/8", | |
29161 | + 4, "10.0.1/24", "10.0.1.0/24", | |
29162 | + 4, "_", NULL, | |
29163 | + 4, "_/_", NULL, | |
29164 | + 4, "1.2.3.1", NULL, | |
29165 | + 4, "1.2.3.1/_", NULL, | |
29166 | + 4, "1.2.3.1/24._", NULL, | |
29167 | + 4, "1.2.3.1/99", NULL, | |
29168 | + 4, "localhost./32", "127.0.0.1/32", | |
29169 | + 4, "%default", "0.0.0.0/0", | |
29170 | + 6, "3049:1::8007:2040/0", "::/0", | |
29171 | + 6, "3049:1::8007:2040/128", "3049:1::8007:2040/128", | |
29172 | + 6, "3049:1::192.168.0.1/128", NULL, /*"3049:1::c0a8:1/128",*/ | |
29173 | + 6, "3049:1::8007::2040/128", NULL, | |
29174 | + 6, "3049:1::8007:2040/ffff::0", "3049::/16", | |
29175 | + 6, "3049:1::8007:2040/64", "3049:1::/64", | |
29176 | + 6, "3049:1::8007:2040/ffff::", "3049::/16", | |
29177 | + 6, "3049:1::8007:2040/0000:ffff::0", NULL, | |
29178 | + 6, "3049:1::8007:2040/ff1f::0", NULL, | |
29179 | + 6, "3049:1::8007:x:2040/128", NULL, | |
29180 | + 6, "3049:1t::8007:2040/128", NULL, | |
29181 | + 6, "3049:1::80071:2040/128", NULL, | |
29182 | + 6, "::/21", "::/21", | |
29183 | + 6, "::1/128", "::1/128", | |
29184 | + 6, "1::/21", "1::/21", | |
29185 | + 6, "1::2/128", "1::2/128", | |
29186 | + 6, "1:0:0:0:0:0:0:2/128", "1::2/128", | |
29187 | + 6, "1:0:0:0:3:0:0:2/128", "1::3:0:0:2/128", | |
29188 | + 6, "1:0:0:3:0:0:0:2/128", "1::3:0:0:0:2/128", | |
29189 | + 6, "1:0:3:0:0:0:0:2/128", "1:0:3::2/128", | |
29190 | + 6, "abcd:ef01:2345:6789:0:00a:000:20/128", "abcd:ef01:2345:6789:0:a:0:20/128", | |
29191 | + 6, "3049:1::8007:2040/ffff:ffff:", NULL, | |
29192 | + 6, "3049:1::8007:2040/ffff:88::", NULL, | |
29193 | + 6, "3049:12::9000:3200/ffff:fff0::", "3049:10::/28", | |
29194 | + 6, "3049:12::9000:3200/28", "3049:10::/28", | |
29195 | + 6, "3049:12::9000:3200/ff00:::", NULL, | |
29196 | + 6, "3049:12::9000:3200/ffff:::", NULL, | |
29197 | + 6, "3049:12::9000:3200/128_", NULL, | |
29198 | + 6, "3049:12::9000:3200/", NULL, | |
29199 | + 6, "%default", "::/0", | |
29200 | + 4, NULL, NULL | |
29201 | +}; | |
29202 | + | |
29203 | +void | |
29204 | +regress() | |
29205 | +{ | |
29206 | + struct rtab *r; | |
29207 | + int status = 0; | |
29208 | + ip_address a; | |
29209 | + ip_subnet s; | |
29210 | + char in[100]; | |
29211 | + char buf[100]; | |
29212 | + const char *oops; | |
29213 | + size_t n; | |
29214 | + int af; | |
29215 | + | |
29216 | + for (r = rtab; r->input != NULL; r++) { | |
29217 | + af = (r->family == 4) ? AF_INET : AF_INET6; | |
29218 | + strcpy(in, r->input); | |
29219 | + oops = ttosubnet(in, 0, af, &s); | |
29220 | + if (oops != NULL && r->output == NULL) | |
29221 | + {} /* okay, error expected */ | |
29222 | + else if (oops != NULL) { | |
29223 | + printf("`%s' ttosubnet failed: %s\n", r->input, oops); | |
29224 | + status = 1; | |
29225 | + } else if (r->output == NULL) { | |
29226 | + printf("`%s' ttosubnet succeeded unexpectedly\n", | |
29227 | + r->input); | |
29228 | + status = 1; | |
29229 | + } else { | |
29230 | + n = subnettot(&s, 0, buf, sizeof(buf)); | |
29231 | + if (n > sizeof(buf)) { | |
29232 | + printf("`%s' subnettot failed: need %ld\n", | |
29233 | + r->input, (long)n); | |
29234 | + status = 1; | |
29235 | + } else if (strcmp(r->output, buf) != 0) { | |
29236 | + printf("`%s' gave `%s', expected `%s'\n", | |
29237 | + r->input, buf, r->output); | |
29238 | + status = 1; | |
29239 | + } | |
29240 | + } | |
29241 | + } | |
29242 | + exit(status); | |
29243 | +} | |
29244 | + | |
29245 | +#endif /* TTOSUBNET_MAIN */ | |
29246 | diff -druN linux-noipsec/net/ipsec/libfreeswan/ttoul.c linux/net/ipsec/libfreeswan/ttoul.c | |
29247 | --- linux-noipsec/net/ipsec/libfreeswan/ttoul.c Thu Jan 1 01:00:00 1970 | |
29248 | +++ linux/net/ipsec/libfreeswan/ttoul.c Thu Aug 17 01:07:16 2000 | |
29249 | @@ -0,0 +1,91 @@ | |
29250 | +/* | |
29251 | + * convert from text form of unsigned long to binary | |
29252 | + * Copyright (C) 2000 Henry Spencer. | |
29253 | + * | |
29254 | + * This library is free software; you can redistribute it and/or modify it | |
29255 | + * under the terms of the GNU Library General Public License as published by | |
29256 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
29257 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
29258 | + * | |
29259 | + * This library is distributed in the hope that it will be useful, but | |
29260 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
29261 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
29262 | + * License for more details. | |
29263 | + * | |
29264 | + * RCSID $Id$ | |
29265 | + */ | |
29266 | +#include "internal.h" | |
29267 | +#include "freeswan.h" | |
29268 | + | |
29269 | +/* | |
29270 | + - ttoul - convert text substring to unsigned long number | |
29271 | + */ | |
29272 | +const char * /* NULL for success, else string literal */ | |
29273 | +ttoul(src, srclen, base, resultp) | |
29274 | +const char *src; | |
29275 | +size_t srclen; /* 0 means strlen(src) */ | |
29276 | +int base; /* 0 means figure it out */ | |
29277 | +unsigned long *resultp; | |
29278 | +{ | |
29279 | + const char *stop; | |
29280 | + static char hex[] = "0123456789abcdef"; | |
29281 | + static char uchex[] = "0123456789ABCDEF"; | |
29282 | + int d; | |
29283 | + char c; | |
29284 | + char *p; | |
29285 | + unsigned long r; | |
29286 | + unsigned long rlimit; | |
29287 | + int dlimit; | |
29288 | + | |
29289 | + if (srclen == 0) | |
29290 | + srclen = strlen(src); | |
29291 | + if (srclen == 0) | |
29292 | + return "empty string"; | |
29293 | + | |
29294 | + if (base == 0) { | |
29295 | + if (srclen > 2 && *src == '0' && | |
29296 | + (*(src+1) == 'x' || *(src+1) == 'X')) | |
29297 | + return ttoul(src+2, srclen-2, 16, resultp); | |
29298 | + if (srclen > 1 && *src == '0') | |
29299 | + return ttoul(src+1, srclen-1, 8, resultp); | |
29300 | + return ttoul(src, srclen, 10, resultp); | |
29301 | + } | |
29302 | + if (base != 8 && base != 10 && base != 16) | |
29303 | + return "unsupported number base"; | |
29304 | + | |
29305 | + r = 0; | |
29306 | + stop = src + srclen; | |
29307 | + if (base == 16) { | |
29308 | + while (src < stop) { | |
29309 | + c = *src++; | |
29310 | + p = strchr(hex, c); | |
29311 | + if (p != NULL) | |
29312 | + d = p - hex; | |
29313 | + else { | |
29314 | + p = strchr(uchex, c); | |
29315 | + if (p == NULL) | |
29316 | + return "non-hex digit in hex number"; | |
29317 | + d = p - uchex; | |
29318 | + } | |
29319 | + r = (r << 4) | d; | |
29320 | + } | |
29321 | + /* defer length check to catch invalid digits first */ | |
29322 | + if (srclen > sizeof(unsigned long) * 2) | |
29323 | + return "hex number too long"; | |
29324 | + } else { | |
29325 | + rlimit = ULONG_MAX / base; | |
29326 | + dlimit = (int)(ULONG_MAX - rlimit*base); | |
29327 | + while (src < stop) { | |
29328 | + c = *src++; | |
29329 | + d = c - '0'; | |
29330 | + if (d < 0 || d >= base) | |
29331 | + return "non-digit in number"; | |
29332 | + if (r > rlimit || (r == rlimit && d > dlimit)) | |
29333 | + return "unsigned-long overflow"; | |
29334 | + r = r*base + d; | |
29335 | + } | |
29336 | + } | |
29337 | + | |
29338 | + *resultp = r; | |
29339 | + return NULL; | |
29340 | +} | |
29341 | diff -druN linux-noipsec/net/ipsec/libfreeswan/ultoa.c linux/net/ipsec/libfreeswan/ultoa.c | |
29342 | --- linux-noipsec/net/ipsec/libfreeswan/ultoa.c Thu Jan 1 01:00:00 1970 | |
29343 | +++ linux/net/ipsec/libfreeswan/ultoa.c Wed Oct 13 20:09:06 1999 | |
29344 | @@ -0,0 +1,67 @@ | |
29345 | +/* | |
29346 | + * convert unsigned long to ASCII | |
29347 | + * Copyright (C) 1998, 1999 Henry Spencer. | |
29348 | + * | |
29349 | + * This library is free software; you can redistribute it and/or modify it | |
29350 | + * under the terms of the GNU Library General Public License as published by | |
29351 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
29352 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
29353 | + * | |
29354 | + * This library is distributed in the hope that it will be useful, but | |
29355 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
29356 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
29357 | + * License for more details. | |
29358 | + * | |
29359 | + * RCSID $Id$ | |
29360 | + */ | |
29361 | +#include "internal.h" | |
29362 | +#include "freeswan.h" | |
29363 | + | |
29364 | +/* | |
29365 | + - ultoa - convert unsigned long to decimal ASCII | |
29366 | + */ | |
29367 | +size_t /* length required for full conversion */ | |
29368 | +ultoa(n, base, dst, dstlen) | |
29369 | +unsigned long n; | |
29370 | +int base; | |
29371 | +char *dst; /* need not be valid if dstlen is 0 */ | |
29372 | +size_t dstlen; | |
29373 | +{ | |
29374 | + char buf[3*sizeof(unsigned long) + 1]; | |
29375 | + char *bufend = buf + sizeof(buf); | |
29376 | + size_t len; | |
29377 | + char *p; | |
29378 | + static char hex[] = "0123456789abcdef"; | |
29379 | + | |
29380 | + p = bufend; | |
29381 | + *--p = '\0'; | |
29382 | + if (base == 10) { | |
29383 | + do { | |
29384 | + *--p = n%10 + '0'; | |
29385 | + n /= 10; | |
29386 | + } while (n != 0); | |
29387 | + } else if (base == 16) { | |
29388 | + do { | |
29389 | + *--p = hex[n&0xf]; | |
29390 | + n >>= 4; | |
29391 | + } while (n != 0); | |
29392 | + *--p = 'x'; | |
29393 | + *--p = '0'; | |
29394 | + } else if (base == 8) { | |
29395 | + do { | |
29396 | + *--p = (n&07) + '0'; | |
29397 | + n >>= 3; | |
29398 | + } while (n != 0); | |
29399 | + *--p = '0'; | |
29400 | + } else | |
29401 | + *--p = '?'; | |
29402 | + | |
29403 | + len = bufend - p; | |
29404 | + | |
29405 | + if (dstlen > 0) { | |
29406 | + if (len > dstlen) | |
29407 | + *(p + dstlen - 1) = '\0'; | |
29408 | + strcpy(dst, p); | |
29409 | + } | |
29410 | + return len; | |
29411 | +} | |
29412 | diff -druN linux-noipsec/net/ipsec/libfreeswan/ultot.c linux/net/ipsec/libfreeswan/ultot.c | |
29413 | --- linux-noipsec/net/ipsec/libfreeswan/ultot.c Thu Jan 1 01:00:00 1970 | |
29414 | +++ linux/net/ipsec/libfreeswan/ultot.c Thu Aug 17 01:07:16 2000 | |
29415 | @@ -0,0 +1,83 @@ | |
29416 | +/* | |
29417 | + * convert unsigned long to text | |
29418 | + * Copyright (C) 2000 Henry Spencer. | |
29419 | + * | |
29420 | + * This library is free software; you can redistribute it and/or modify it | |
29421 | + * under the terms of the GNU Library General Public License as published by | |
29422 | + * the Free Software Foundation; either version 2 of the License, or (at your | |
29423 | + * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. | |
29424 | + * | |
29425 | + * This library is distributed in the hope that it will be useful, but | |
29426 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
29427 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public | |
29428 | + * License for more details. | |
29429 | + * | |
29430 | + * RCSID $Id$ | |
29431 | + */ | |
29432 | +#include "internal.h" | |
29433 | +#include "freeswan.h" | |
29434 | + | |
29435 | +/* | |
29436 | + - ultot - convert unsigned long to text | |
29437 | + */ | |
29438 | +size_t /* length required for full conversion */ | |
29439 | +ultot(n, base, dst, dstlen) | |
29440 | +unsigned long n; | |
29441 | +int base; | |
29442 | +char *dst; /* need not be valid if dstlen is 0 */ | |
29443 | +size_t dstlen; | |
29444 | +{ | |
29445 | + char buf[3*sizeof(unsigned long) + 1]; | |
29446 | + char *bufend = buf + sizeof(buf); | |
29447 | + size_t len; | |
29448 | + char *p; | |
29449 | + static char hex[] = "0123456789abcdef"; | |
29450 | +# define HEX32 (32/4) | |
29451 | + | |
29452 | + p = bufend; | |
29453 | + *--p = '\0'; | |
29454 | + switch (base) { | |
29455 | + case 10: | |
29456 | + case 'd': | |
29457 | + do { | |
29458 | + *--p = n%10 + '0'; | |
29459 | + n /= 10; | |
29460 | + } while (n != 0); | |
29461 | + break; | |
29462 | + case 16: | |
29463 | + case 17: | |
29464 | + case 'x': | |
29465 | + do { | |
29466 | + *--p = hex[n&0xf]; | |
29467 | + n >>= 4; | |
29468 | + } while (n != 0); | |
29469 | + if (base == 17) | |
29470 | + while (bufend - p < HEX32 + 1) | |
29471 | + *--p = '0'; | |
29472 | + if (base == 'x') { | |
29473 | + *--p = 'x'; | |
29474 | + *--p = '0'; | |
29475 | + } | |
29476 | + break; | |
29477 | + case 8: | |
29478 | + case 'o': | |
29479 | + do { | |
29480 | + *--p = (n&07) + '0'; | |
29481 | + n >>= 3; | |
29482 | + } while (n != 0); | |
29483 | + if (base == 'o') | |
29484 | + *--p = '0'; | |
29485 | + break; | |
29486 | + default: | |
29487 | + return 0; | |
29488 | + break; | |
29489 | + } | |
29490 | + | |
29491 | + len = bufend - p; | |
29492 | + if (dstlen > 0) { | |
29493 | + if (len > dstlen) | |
29494 | + *(p + dstlen - 1) = '\0'; | |
29495 | + strcpy(dst, p); | |
29496 | + } | |
29497 | + return len; | |
29498 | +} | |
29499 | diff -druN linux-noipsec/net/ipsec/pfkey_v2.c linux/net/ipsec/pfkey_v2.c | |
29500 | --- linux-noipsec/net/ipsec/pfkey_v2.c Thu Jan 1 01:00:00 1970 | |
29501 | +++ linux/net/ipsec/pfkey_v2.c Mon Nov 6 05:33:47 2000 | |
29502 | @@ -0,0 +1,1891 @@ | |
29503 | +/* | |
29504 | + * RFC2367 PF_KEYv2 Key management API domain socket I/F | |
29505 | + * Copyright (C) 1999, 2000 Richard Guy Briggs. | |
29506 | + * | |
29507 | + * This program is free software; you can redistribute it and/or modify it | |
29508 | + * under the terms of the GNU General Public License as published by the | |
29509 | + * Free Software Foundation; either version 2 of the License, or (at your | |
29510 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
29511 | + * | |
29512 | + * This program is distributed in the hope that it will be useful, but | |
29513 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
29514 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
29515 | + * for more details. | |
29516 | + * | |
29517 | + * RCSID $Id$ | |
29518 | + */ | |
29519 | + | |
29520 | +/* | |
29521 | + * Template from /usr/src/linux-2.0.36/net/unix/af_unix.c. | |
29522 | + * Hints from /usr/src/linux-2.0.36/net/ipv4/udp.c. | |
29523 | + */ | |
29524 | + | |
29525 | +#define __NO_VERSION__ | |
29526 | +#include <linux/module.h> | |
29527 | +#include <linux/version.h> | |
29528 | + | |
29529 | +#include <linux/config.h> | |
29530 | +#include <linux/kernel.h> | |
29531 | +#include <linux/major.h> | |
29532 | +#include <linux/signal.h> | |
29533 | +#include <linux/sched.h> | |
29534 | +#include <linux/errno.h> | |
29535 | +#include <linux/string.h> | |
29536 | +#include <linux/stat.h> | |
29537 | +#include <linux/socket.h> | |
29538 | +#include <linux/un.h> | |
29539 | +#include <linux/fcntl.h> | |
29540 | +#include <linux/termios.h> | |
29541 | +#include <linux/socket.h> | |
29542 | +#include <linux/sockios.h> | |
29543 | +#include <linux/net.h> /* struct socket */ | |
29544 | +#include <linux/in.h> | |
29545 | +#include <linux/fs.h> | |
29546 | +#include <linux/malloc.h> | |
29547 | +#include <asm/segment.h> | |
29548 | +#include <linux/skbuff.h> | |
29549 | +#include <linux/netdevice.h> | |
29550 | +#include <net/sock.h> /* struct sock */ | |
29551 | +/* #include <net/tcp.h> */ | |
29552 | +#include <net/af_unix.h> | |
29553 | +#ifdef CONFIG_PROC_FS | |
29554 | +#include <linux/proc_fs.h> | |
29555 | +#endif /* CONFIG_PROC_FS */ | |
29556 | + | |
29557 | +#include <linux/types.h> | |
29558 | + | |
29559 | +#include <freeswan.h> | |
29560 | +#ifdef NET_21 | |
29561 | +#include <asm/uaccess.h> | |
29562 | +#include <linux/in6.h> | |
29563 | +#endif /* NET_21 */ | |
29564 | +#include <pfkeyv2.h> | |
29565 | +#include <pfkey.h> | |
29566 | +#include "radij.h" | |
29567 | +#include "ipsec_encap.h" | |
29568 | +#include "ipsec_netlink.h" | |
29569 | + | |
29570 | +#ifdef CONFIG_IPSEC_DEBUG | |
29571 | +int debug_pfkey = 0; | |
29572 | +extern int sysctl_ipsec_debug_verbose; | |
29573 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
29574 | + | |
29575 | +#define min(a,b) (((a)<(b))?(a):(b)) | |
29576 | + | |
29577 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
29578 | + | |
29579 | +#ifndef SOCKOPS_WRAPPED | |
29580 | +#define SOCKOPS_WRAPPED(name) name | |
29581 | +#endif | |
29582 | + | |
29583 | +struct proto_ops SOCKOPS_WRAPPED(pfkey_ops); | |
29584 | +struct sock *pfkey_sock_list = NULL; | |
29585 | +struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1]; | |
29586 | + | |
29587 | +struct socket_list *pfkey_open_sockets = NULL; | |
29588 | +struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1]; | |
29589 | + | |
29590 | +int pfkey_msg_interp(struct sock *, struct sadb_msg *, struct sadb_msg **); | |
29591 | + | |
29592 | +int | |
29593 | +pfkey_list_remove_socket(struct socket *socketp, struct socket_list **sockets) | |
29594 | +{ | |
29595 | + struct socket_list *socket_listp,*prev; | |
29596 | + | |
29597 | + if(!socketp) { | |
29598 | + KLIPS_PRINT(debug_pfkey, | |
29599 | + "klips_debug:pfkey_list_remove_socket: " | |
29600 | + "NULL socketp handed in, failed.\n"); | |
29601 | + return -EINVAL; | |
29602 | + } | |
29603 | + | |
29604 | + if(!sockets) { | |
29605 | + KLIPS_PRINT(debug_pfkey, | |
29606 | + "klips_debug:pfkey_list_remove_socket: " | |
29607 | + "NULL sockets list handed in, failed.\n"); | |
29608 | + return -EINVAL; | |
29609 | + } | |
29610 | + | |
29611 | + socket_listp = *sockets; | |
29612 | + prev = NULL; | |
29613 | + | |
29614 | + KLIPS_PRINT(debug_pfkey, | |
29615 | + "klips_debug:pfkey_list_remove_socket: " | |
29616 | + "removing sock=%p\n", | |
29617 | + socketp); | |
29618 | + | |
29619 | + while(socket_listp != NULL) { | |
29620 | + if(socket_listp->socketp == socketp) { | |
29621 | + if(prev != NULL) { | |
29622 | + prev->next = socket_listp->next; | |
29623 | + } else { | |
29624 | + *sockets = socket_listp->next; | |
29625 | + } | |
29626 | + | |
29627 | + kfree((void*)socket_listp); | |
29628 | + | |
29629 | + break; | |
29630 | + } | |
29631 | + prev = socket_listp; | |
29632 | + socket_listp = socket_listp->next; | |
29633 | + } | |
29634 | + | |
29635 | + return 0; | |
29636 | +} | |
29637 | + | |
29638 | +int | |
29639 | +pfkey_list_insert_socket(struct socket *socketp, struct socket_list **sockets) | |
29640 | +{ | |
29641 | + struct socket_list *socket_listp; | |
29642 | + | |
29643 | + if(!socketp) { | |
29644 | + KLIPS_PRINT(debug_pfkey, | |
29645 | + "klips_debug:pfkey_list_insert_socket: " | |
29646 | + "NULL socketp handed in, failed.\n"); | |
29647 | + return -EINVAL; | |
29648 | + } | |
29649 | + | |
29650 | + if(!sockets) { | |
29651 | + KLIPS_PRINT(debug_pfkey, | |
29652 | + "klips_debug:pfkey_list_insert_socket: " | |
29653 | + "NULL sockets list handed in, failed.\n"); | |
29654 | + return -EINVAL; | |
29655 | + } | |
29656 | + | |
29657 | + KLIPS_PRINT(debug_pfkey, | |
29658 | + "klips_debug:pfkey_list_insert_socket: " | |
29659 | + "socketp=%p\n",socketp); | |
29660 | + | |
29661 | + if((socket_listp = (struct socket_list *)kmalloc(sizeof(struct socket_list), GFP_KERNEL)) == NULL) { | |
29662 | + KLIPS_PRINT(debug_pfkey, | |
29663 | + "klips_debug:pfkey_list_insert_socket: " | |
29664 | + "memory allocation error.\n"); | |
29665 | + return -ENOMEM; | |
29666 | + } | |
29667 | + | |
29668 | + socket_listp->socketp = socketp; | |
29669 | + socket_listp->next = *sockets; | |
29670 | + *sockets = socket_listp; | |
29671 | + | |
29672 | + return 0; | |
29673 | +} | |
29674 | + | |
29675 | +int | |
29676 | +pfkey_list_remove_supported(struct supported *supported, struct supported_list **supported_list) | |
29677 | +{ | |
29678 | + struct supported_list *supported_listp = *supported_list, *prev = NULL; | |
29679 | + | |
29680 | + if(!supported) { | |
29681 | + KLIPS_PRINT(debug_pfkey, | |
29682 | + "klips_debug:pfkey_list_remove_supported: " | |
29683 | + "NULL supported handed in, failed.\n"); | |
29684 | + return -EINVAL; | |
29685 | + } | |
29686 | + | |
29687 | + if(!supported_list) { | |
29688 | + KLIPS_PRINT(debug_pfkey, | |
29689 | + "klips_debug:pfkey_list_remove_supported: " | |
29690 | + "NULL supported_list handed in, failed.\n"); | |
29691 | + return -EINVAL; | |
29692 | + } | |
29693 | + | |
29694 | + KLIPS_PRINT(debug_pfkey, | |
29695 | + "klips_debug:pfkey_list_remove_supported: " | |
29696 | + "removing supported=%p\n", | |
29697 | + supported); | |
29698 | + | |
29699 | + while(supported_listp != NULL) { | |
29700 | + if(supported_listp->supportedp == supported) { | |
29701 | + if(prev != NULL) { | |
29702 | + prev->next = supported_listp->next; | |
29703 | + } else { | |
29704 | + *supported_list = supported_listp->next; | |
29705 | + } | |
29706 | + | |
29707 | + kfree((void*)supported_listp); | |
29708 | + | |
29709 | + break; | |
29710 | + } | |
29711 | + prev = supported_listp; | |
29712 | + supported_listp = supported_listp->next; | |
29713 | + } | |
29714 | + | |
29715 | + return 0; | |
29716 | +} | |
29717 | + | |
29718 | +int | |
29719 | +pfkey_list_insert_supported(struct supported *supported, struct supported_list **supported_list) | |
29720 | +{ | |
29721 | + struct supported_list *supported_listp; | |
29722 | + | |
29723 | + if(!supported) { | |
29724 | + KLIPS_PRINT(debug_pfkey, | |
29725 | + "klips_debug:pfkey_list_insert_supported: " | |
29726 | + "NULL supported handed in, failed.\n"); | |
29727 | + return -EINVAL; | |
29728 | + } | |
29729 | + | |
29730 | + if(!supported_list) { | |
29731 | + KLIPS_PRINT(debug_pfkey, | |
29732 | + "klips_debug:pfkey_list_insert_supported: " | |
29733 | + "NULL supported_list handed in, failed.\n"); | |
29734 | + return -EINVAL; | |
29735 | + } | |
29736 | + | |
29737 | + KLIPS_PRINT(debug_pfkey, | |
29738 | + "klips_debug:pfkey_list_insert_supported: " | |
29739 | + "incoming, supported=%p, supported_list=%p\n", | |
29740 | + supported, | |
29741 | + supported_list); | |
29742 | + | |
29743 | + supported_listp = (struct supported_list *)kmalloc(sizeof(struct supported_list), GFP_KERNEL); | |
29744 | + if(supported_listp == NULL) { | |
29745 | + KLIPS_PRINT(debug_pfkey, | |
29746 | + "klips_debug:pfkey_list_insert_supported: " | |
29747 | + "memory allocation error.\n"); | |
29748 | + return -ENOMEM; | |
29749 | + } | |
29750 | + | |
29751 | + supported_listp->supportedp = supported; | |
29752 | + supported_listp->next = *supported_list; | |
29753 | + *supported_list = supported_listp; | |
29754 | + KLIPS_PRINT(debug_pfkey, | |
29755 | + "klips_debug:pfkey_list_insert_supported: " | |
29756 | + "outgoing, supported=%p, supported_list=%p\n", | |
29757 | + supported, | |
29758 | + supported_list); | |
29759 | + | |
29760 | + return 0; | |
29761 | +} | |
29762 | + | |
29763 | +#ifndef NET_21 | |
29764 | +DEBUG_NO_STATIC void | |
29765 | +pfkey_state_change(struct sock *sk) | |
29766 | +{ | |
29767 | + KLIPS_PRINT(debug_pfkey, | |
29768 | + "klips_debug:pfkey_state_change: .\n"); | |
29769 | + if(!sk->dead) { | |
29770 | + wake_up_interruptible(sk->sleep); | |
29771 | + } | |
29772 | +} | |
29773 | +#endif /* !NET_21 */ | |
29774 | + | |
29775 | +#ifndef NET_21 | |
29776 | +DEBUG_NO_STATIC void | |
29777 | +pfkey_data_ready(struct sock *sk, int len) | |
29778 | +{ | |
29779 | + KLIPS_PRINT(debug_pfkey, | |
29780 | + "klips_debug:pfkey_data_ready: .sk=%p len=%d\n", sk, len); | |
29781 | + if(!sk->dead) { | |
29782 | + wake_up_interruptible(sk->sleep); | |
29783 | + sock_wake_async(sk->socket, 1); | |
29784 | + } | |
29785 | +} | |
29786 | + | |
29787 | +DEBUG_NO_STATIC void | |
29788 | +pfkey_write_space(struct sock *sk) | |
29789 | +{ | |
29790 | + KLIPS_PRINT(debug_pfkey, | |
29791 | + "klips_debug:pfkey_write_space: .\n"); | |
29792 | + if(!sk->dead) { | |
29793 | + wake_up_interruptible(sk->sleep); | |
29794 | + sock_wake_async(sk->socket, 2); | |
29795 | + } | |
29796 | +} | |
29797 | +#endif /* !NET_21 */ | |
29798 | + | |
29799 | +DEBUG_NO_STATIC void | |
29800 | +pfkey_insert_socket(struct sock *sk) | |
29801 | +{ | |
29802 | + KLIPS_PRINT(debug_pfkey, | |
29803 | + "klips_debug:pfkey_insert_socket: sk=%p\n", sk); | |
29804 | + cli(); | |
29805 | + sk->next=pfkey_sock_list; | |
29806 | + pfkey_sock_list=sk; | |
29807 | + sti(); | |
29808 | +} | |
29809 | + | |
29810 | +DEBUG_NO_STATIC void | |
29811 | +pfkey_remove_socket(struct sock *sk) | |
29812 | +{ | |
29813 | + struct sock **s; | |
29814 | + | |
29815 | + KLIPS_PRINT(debug_pfkey, | |
29816 | + "klips_debug:pfkey_remove_socket: .\n"); | |
29817 | + cli(); | |
29818 | + s=&pfkey_sock_list; | |
29819 | + | |
29820 | + while(*s!=NULL) { | |
29821 | + if(*s==sk) { | |
29822 | + *s=sk->next; | |
29823 | + sk->next=NULL; | |
29824 | + sti(); | |
29825 | + KLIPS_PRINT(debug_pfkey, | |
29826 | + "klips_debug:pfkey_remove_socket: succeeded.\n"); | |
29827 | + return; | |
29828 | + } | |
29829 | + s=&((*s)->next); | |
29830 | + } | |
29831 | + sti(); | |
29832 | + KLIPS_PRINT(debug_pfkey, | |
29833 | + "klips_debug:pfkey_remove_socket: not found.\n"); | |
29834 | + return; | |
29835 | +} | |
29836 | + | |
29837 | +DEBUG_NO_STATIC void | |
29838 | +pfkey_destroy_socket(struct sock *sk) | |
29839 | +{ | |
29840 | + struct sk_buff *skb; | |
29841 | + | |
29842 | + KLIPS_PRINT(debug_pfkey, | |
29843 | + "klips_debug:pfkey_destroy_socket: .\n"); | |
29844 | + pfkey_remove_socket(sk); | |
29845 | + KLIPS_PRINT(debug_pfkey, | |
29846 | + "klips_debug:pfkey_destroy_socket: pfkey_remove_socket called.\n"); | |
29847 | + | |
29848 | + KLIPS_PRINT(debug_pfkey, | |
29849 | + "klips_debug:pfkey_destroy_socket: " | |
29850 | + "sk(%p)->(&%p)receive_queue.{next=%p,prev=%p}.\n", | |
29851 | + sk, | |
29852 | + &(sk->receive_queue), | |
29853 | + sk->receive_queue.next, | |
29854 | + sk->receive_queue.prev); | |
29855 | + while(sk && ((skb=skb_dequeue(&(sk->receive_queue)))!=NULL)) { | |
29856 | +#ifdef NET_21 | |
29857 | +#ifdef CONFIG_IPSEC_DEBUG | |
29858 | + if(debug_pfkey && sysctl_ipsec_debug_verbose) { | |
29859 | + KLIPS_PRINT(debug_pfkey, | |
29860 | + "klips_debug:pfkey_destroy_socket: skb=%p dequeued.\n", skb); | |
29861 | + printk(KERN_INFO "klips_debug: pfkey_skb contents:"); | |
29862 | + printk(" next:%p", skb->next); | |
29863 | + printk(" prev:%p", skb->prev); | |
29864 | + printk(" list:%p", skb->list); | |
29865 | + printk(" sk:%p", skb->sk); | |
29866 | + printk(" stamp:%ld.%ld", skb->stamp.tv_sec, skb->stamp.tv_usec); | |
29867 | + printk(" dev:%p", skb->dev); | |
29868 | + if(skb->dev) { | |
29869 | + if(skb->dev->name) { | |
29870 | + printk(" dev->name:%s", skb->dev->name); | |
29871 | + } else { | |
29872 | + printk(" dev->name:NULL?"); | |
29873 | + } | |
29874 | + } else { | |
29875 | + printk(" dev:NULL"); | |
29876 | + } | |
29877 | + printk(" h:%p", skb->h.raw); | |
29878 | + printk(" nh:%p", skb->nh.raw); | |
29879 | + printk(" mac:%p", skb->mac.raw); | |
29880 | + printk(" dst:%p", skb->dst); | |
29881 | + if(sysctl_ipsec_debug_verbose) { | |
29882 | + int i; | |
29883 | + | |
29884 | + printk(" cb"); | |
29885 | + for(i=0; i<48; i++) { | |
29886 | + printk(":%2x", skb->cb[i]); | |
29887 | + } | |
29888 | + } | |
29889 | + printk(" len:%d", skb->len); | |
29890 | + printk(" csum:%d", skb->csum); | |
29891 | + printk(" used:%d", skb->used); | |
29892 | + printk(" is_clone:%d", skb->is_clone); | |
29893 | + printk(" cloned:%d", skb->cloned); | |
29894 | + printk(" pkt_type:%d", skb->pkt_type); | |
29895 | + printk(" ip_summed:%d", skb->ip_summed); | |
29896 | + printk(" priority:%d", skb->priority); | |
29897 | + printk(" protocol:%d", skb->protocol); | |
29898 | + printk(" security:%d", skb->security); | |
29899 | + printk(" truesize:%d", skb->truesize); | |
29900 | + printk(" head:%p", skb->head); | |
29901 | + printk(" data:%p", skb->data); | |
29902 | + printk(" tail:%p", skb->tail); | |
29903 | + printk(" end:%p", skb->end); | |
29904 | + if(sysctl_ipsec_debug_verbose) { | |
29905 | + unsigned int i; | |
29906 | + printk(" data"); | |
29907 | + for(i=(unsigned int)(skb->head); i<(unsigned int)(skb->end); i++) { | |
29908 | + printk(":%2x", (unsigned char)(*(char*)(i))); | |
29909 | + } | |
29910 | + } | |
29911 | + printk(" destructor:%p", skb->destructor); | |
29912 | + printk("\n"); | |
29913 | + } | |
29914 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
29915 | + KLIPS_PRINT(debug_pfkey, | |
29916 | + "klips_debug:pfkey_destroy_socket: skb=%p freed.\n", skb); | |
29917 | + kfree_skb(skb); | |
29918 | + | |
29919 | +#else /* NET_21 */ | |
29920 | + KLIPS_PRINT(debug_pfkey, | |
29921 | + "klips_debug:pfkey_destroy_socket: skb=%p dequeued and freed.\n", skb); | |
29922 | + kfree_skb(skb, FREE_WRITE); | |
29923 | + | |
29924 | +#endif /* NET_21 */ | |
29925 | + } | |
29926 | + | |
29927 | + sk->dead = 1; | |
29928 | + sk_free(sk); | |
29929 | + | |
29930 | + KLIPS_PRINT(debug_pfkey, | |
29931 | + "klips_debug:pfkey_destroy_socket: destroyed.\n"); | |
29932 | +} | |
29933 | + | |
29934 | +int | |
29935 | +pfkey_upmsg(struct socket *sock, struct sadb_msg *pfkey_msg) | |
29936 | +{ | |
29937 | + int error; | |
29938 | + struct sk_buff * skb = NULL; | |
29939 | + struct sock *sk; | |
29940 | + | |
29941 | + if(sock == NULL) { | |
29942 | + KLIPS_PRINT(debug_pfkey, | |
29943 | + "klips_debug:pfkey_upmsg: NULL socket passed in.\n"); | |
29944 | + return -EINVAL; | |
29945 | + } | |
29946 | + | |
29947 | + if(pfkey_msg == NULL) { | |
29948 | + KLIPS_PRINT(debug_pfkey, | |
29949 | + "klips_debug:pfkey_upmsg: NULL pfkey_msg passed in.\n"); | |
29950 | + return -EINVAL; | |
29951 | + } | |
29952 | + | |
29953 | +#ifdef NET_21 | |
29954 | + sk = sock->sk; | |
29955 | +#else /* NET_21 */ | |
29956 | + sk = sock->data; | |
29957 | +#endif /* NET_21 */ | |
29958 | + | |
29959 | + if(sk == NULL) { | |
29960 | + KLIPS_PRINT(debug_pfkey, | |
29961 | + "klips_debug:pfkey_upmsg: NULL sock passed in.\n"); | |
29962 | + return -EINVAL; | |
29963 | + } | |
29964 | + | |
29965 | + KLIPS_PRINT(debug_pfkey, | |
29966 | + "klips_debug:pfkey_upmsg: allocating %d bytes...\n", | |
29967 | + pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); | |
29968 | + if(!(skb = alloc_skb(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN, GFP_ATOMIC) )) { | |
29969 | + KLIPS_PRINT(debug_pfkey, | |
29970 | + "klips_debug:pfkey_upmsg: no buffers left to send up a message.\n"); | |
29971 | + return -ENOBUFS; | |
29972 | + } | |
29973 | + KLIPS_PRINT(debug_pfkey, | |
29974 | + "klips_debug:pfkey_upmsg: ...allocated at %p.\n", skb); | |
29975 | + | |
29976 | + skb->dev = NULL; | |
29977 | + | |
29978 | + if(skb_tailroom(skb) < pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) { | |
29979 | + printk(KERN_WARNING "klips_error:pfkey_upmsg: " | |
29980 | + "tried to skb_put %ld, %d available. " | |
29981 | + "This should never happen, please report.\n", | |
29982 | + (unsigned long int)pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN, | |
29983 | + skb_tailroom(skb)); | |
29984 | +#ifdef NET_21 | |
29985 | + kfree_skb(skb); | |
29986 | +#else /* NET_21 */ | |
29987 | + kfree_skb(skb, FREE_WRITE); | |
29988 | +#endif /* NET_21 */ | |
29989 | + return -ENOBUFS; | |
29990 | + } | |
29991 | + skb->h.raw = skb_put(skb, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); | |
29992 | + memcpy(skb->h.raw, pfkey_msg, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); | |
29993 | + | |
29994 | +#ifndef NET_21 | |
29995 | + skb->free = 1; | |
29996 | +#endif /* !NET_21 */ | |
29997 | + | |
29998 | + if((error = sock_queue_rcv_skb(sk, skb)) < 0) { | |
29999 | + skb->sk=NULL; | |
30000 | +#ifdef NET_21 | |
30001 | + kfree_skb(skb); | |
30002 | +#else /* NET_21 */ | |
30003 | + kfree_skb(skb, FREE_WRITE); | |
30004 | +#endif /* NET_21 */ | |
30005 | + KLIPS_PRINT(debug_pfkey, | |
30006 | + "klips_debug:pfkey_upmsg: " | |
30007 | + "error=%d calling sock_queue_rcv_skb with skb=%p.\n", | |
30008 | + error, skb); | |
30009 | + return error; | |
30010 | + } | |
30011 | + return 0; | |
30012 | +} | |
30013 | + | |
30014 | +DEBUG_NO_STATIC int | |
30015 | +pfkey_create(struct socket *sock, int protocol) | |
30016 | +{ | |
30017 | + struct sock *sk; | |
30018 | + | |
30019 | + if(sock == NULL) { | |
30020 | + KLIPS_PRINT(debug_pfkey, | |
30021 | + "klips_debug:pfkey_create: socket NULL.\n"); | |
30022 | + return -EINVAL; | |
30023 | + } | |
30024 | + | |
30025 | + KLIPS_PRINT(debug_pfkey, | |
30026 | + "klips_debug:pfkey_create: sock=%p type:%d state:%d flags:%ld protocol:%d\n", | |
30027 | + sock, | |
30028 | + sock->type, | |
30029 | + (unsigned int)(sock->state), | |
30030 | + sock->flags, protocol); | |
30031 | + | |
30032 | + if(sock->type != SOCK_RAW) { | |
30033 | + KLIPS_PRINT(debug_pfkey, | |
30034 | + "klips_debug:pfkey_create: only SOCK_RAW supported.\n"); | |
30035 | + return -ESOCKTNOSUPPORT; | |
30036 | + } | |
30037 | + | |
30038 | + if(protocol != PF_KEY_V2) { | |
30039 | + KLIPS_PRINT(debug_pfkey, | |
30040 | + "klips_debug:pfkey_create: protocol not PF_KEY_V2.\n"); | |
30041 | + return -EPROTONOSUPPORT; | |
30042 | + } | |
30043 | + | |
30044 | + if((current->uid != 0)) { | |
30045 | + KLIPS_PRINT(debug_pfkey, | |
30046 | + "klips_debug:pfkey_create: must be root to open pfkey sockets.\n"); | |
30047 | + return -EACCES; | |
30048 | + } | |
30049 | + | |
30050 | +#ifdef NET_21 | |
30051 | + sock->state = SS_UNCONNECTED; | |
30052 | +#endif /* NET_21 */ | |
30053 | + MOD_INC_USE_COUNT; | |
30054 | +#ifdef NET_21 | |
30055 | + if((sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1)) == NULL) | |
30056 | +#else /* NET_21 */ | |
30057 | + if((sk=(struct sock *)sk_alloc(GFP_KERNEL)) == NULL) | |
30058 | +#endif /* NET_21 */ | |
30059 | + { | |
30060 | + KLIPS_PRINT(debug_pfkey, | |
30061 | + "klips_debug:pfkey_create: Out of memory trying to allocate.\n"); | |
30062 | + MOD_DEC_USE_COUNT; | |
30063 | + return -ENOMEM; | |
30064 | + } | |
30065 | + | |
30066 | +#ifndef NET_21 | |
30067 | + memset(sk, 0, sizeof(*sk)); | |
30068 | +#endif /* !NET_21 */ | |
30069 | + | |
30070 | +#ifdef NET_21 | |
30071 | + sock_init_data(sock, sk); | |
30072 | + | |
30073 | + sk->destruct = NULL; | |
30074 | + sk->reuse = 1; | |
30075 | + sock->ops = &SOCKOPS_WRAPPED(pfkey_ops); | |
30076 | + | |
30077 | + sk->zapped=0; | |
30078 | + sk->family = PF_KEY; | |
30079 | +/* sk->num = protocol; */ | |
30080 | + sk->protocol = protocol; | |
30081 | + key_pid(sk) = current->pid; | |
30082 | + KLIPS_PRINT(debug_pfkey, | |
30083 | + "klips_debug:pfkey_create: sock->fasync_list=%p sk->sleep=%p.\n", | |
30084 | + sock->fasync_list, | |
30085 | + sk->sleep); | |
30086 | +#else /* NET_21 */ | |
30087 | + sk->type=sock->type; | |
30088 | + init_timer(&sk->timer); | |
30089 | + skb_queue_head_init(&sk->write_queue); | |
30090 | + skb_queue_head_init(&sk->receive_queue); | |
30091 | + skb_queue_head_init(&sk->back_log); | |
30092 | + sk->rcvbuf=SK_RMEM_MAX; | |
30093 | + sk->sndbuf=SK_WMEM_MAX; | |
30094 | + sk->allocation=GFP_KERNEL; | |
30095 | + sk->state=TCP_CLOSE; | |
30096 | + sk->priority=SOPRI_NORMAL; | |
30097 | + sk->state_change=pfkey_state_change; | |
30098 | + sk->data_ready=pfkey_data_ready; | |
30099 | + sk->write_space=pfkey_write_space; | |
30100 | + sk->error_report=pfkey_state_change; | |
30101 | + sk->mtu=4096; | |
30102 | + sk->socket=sock; | |
30103 | + sock->data=(void *)sk; | |
30104 | + sk->sleep=sock->wait; | |
30105 | +#endif /* NET_21 */ | |
30106 | + | |
30107 | + pfkey_insert_socket(sk); | |
30108 | + pfkey_list_insert_socket(sock, &pfkey_open_sockets); | |
30109 | + | |
30110 | + KLIPS_PRINT(debug_pfkey, | |
30111 | + "klips_debug:pfkey_create: Socket sock=%p sk=%p initialised.\n", sock, sk); | |
30112 | + return 0; | |
30113 | +} | |
30114 | + | |
30115 | +#ifndef NET_21 | |
30116 | +DEBUG_NO_STATIC int | |
30117 | +pfkey_dup(struct socket *newsock, struct socket *oldsock) | |
30118 | +{ | |
30119 | + struct sock *sk; | |
30120 | + | |
30121 | + if(newsock==NULL) { | |
30122 | + KLIPS_PRINT(debug_pfkey, | |
30123 | + "klips_debug:pfkey_dup: No new socket attached.\n"); | |
30124 | + return -EINVAL; | |
30125 | + } | |
30126 | + | |
30127 | + if(oldsock==NULL) { | |
30128 | + KLIPS_PRINT(debug_pfkey, | |
30129 | + "klips_debug:pfkey_dup: No old socket attached.\n"); | |
30130 | + return -EINVAL; | |
30131 | + } | |
30132 | + | |
30133 | +#ifdef NET_21 | |
30134 | + sk=oldsock->sk; | |
30135 | +#else /* NET_21 */ | |
30136 | + sk=oldsock->data; | |
30137 | +#endif /* NET_21 */ | |
30138 | + | |
30139 | + /* May not have data attached */ | |
30140 | + if(sk==NULL) { | |
30141 | + KLIPS_PRINT(debug_pfkey, | |
30142 | + "klips_debug:pfkey_dup: No sock attached to old socket.\n"); | |
30143 | + return -EINVAL; | |
30144 | + } | |
30145 | + | |
30146 | + KLIPS_PRINT(debug_pfkey, | |
30147 | + "klips_debug:pfkey_dup: .\n"); | |
30148 | + | |
30149 | + return pfkey_create(newsock, sk->protocol); | |
30150 | +} | |
30151 | +#endif /* !NET_21 */ | |
30152 | + | |
30153 | +DEBUG_NO_STATIC int | |
30154 | +#ifdef NETDEV_23 | |
30155 | +pfkey_release(struct socket *sock) | |
30156 | +#else | |
30157 | +pfkey_release(struct socket *sock, struct socket *peersock) | |
30158 | +#endif | |
30159 | +{ | |
30160 | + struct sock *sk; | |
30161 | + int i; | |
30162 | + | |
30163 | + if(sock==NULL) { | |
30164 | + KLIPS_PRINT(debug_pfkey, | |
30165 | + "klips_debug:pfkey_release: No socket attached.\n"); | |
30166 | + return 0; /* -EINVAL; */ | |
30167 | + } | |
30168 | + | |
30169 | +#ifdef NET_21 | |
30170 | + sk=sock->sk; | |
30171 | +#else /* NET_21 */ | |
30172 | + sk=sock->data; | |
30173 | +#endif /* NET_21 */ | |
30174 | + | |
30175 | + /* May not have data attached */ | |
30176 | + if(sk==NULL) { | |
30177 | + KLIPS_PRINT(debug_pfkey, | |
30178 | + "klips_debug:pfkey_release: No sk attached to sock=%p.\n", sock); | |
30179 | + return 0; /* -EINVAL; */ | |
30180 | + } | |
30181 | + | |
30182 | + KLIPS_PRINT(debug_pfkey, | |
30183 | + "klips_debug:pfkey_release: .sock=%p sk=%p\n", sock, sk); | |
30184 | + | |
30185 | +#ifdef NET_21 | |
30186 | + if(!sk->dead) | |
30187 | +#endif /* NET_21 */ | |
30188 | + if(sk->state_change) { | |
30189 | + sk->state_change(sk); | |
30190 | + } | |
30191 | + | |
30192 | +#ifdef NET_21 | |
30193 | + sock->sk = NULL; | |
30194 | +#else /* NET_21 */ | |
30195 | + sock->data = NULL; | |
30196 | +#endif /* NET_21 */ | |
30197 | + | |
30198 | + /* Try to flush out this socket. Throw out buffers at least */ | |
30199 | + pfkey_destroy_socket(sk); | |
30200 | + pfkey_list_remove_socket(sock, &pfkey_open_sockets); | |
30201 | + for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) { | |
30202 | + pfkey_list_remove_socket(sock, &(pfkey_registered_sockets[i])); | |
30203 | + } | |
30204 | + | |
30205 | + MOD_DEC_USE_COUNT; | |
30206 | + KLIPS_PRINT(debug_pfkey, | |
30207 | + "klips_debug:pfkey_release: succeeded.\n"); | |
30208 | + | |
30209 | + return 0; | |
30210 | +} | |
30211 | + | |
30212 | +#ifndef NET_21 | |
30213 | +DEBUG_NO_STATIC int | |
30214 | +pfkey_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) | |
30215 | +{ | |
30216 | + KLIPS_PRINT(debug_pfkey, | |
30217 | + "klips_debug:pfkey_bind: operation not supported.\n"); | |
30218 | + return -EINVAL; | |
30219 | +} | |
30220 | + | |
30221 | +DEBUG_NO_STATIC int | |
30222 | +pfkey_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags) | |
30223 | +{ | |
30224 | + KLIPS_PRINT(debug_pfkey, | |
30225 | + "klips_debug:pfkey_connect: operation not supported.\n"); | |
30226 | + return -EINVAL; | |
30227 | +} | |
30228 | + | |
30229 | +DEBUG_NO_STATIC int | |
30230 | +pfkey_socketpair(struct socket *a, struct socket *b) | |
30231 | +{ | |
30232 | + KLIPS_PRINT(debug_pfkey, | |
30233 | + "klips_debug:pfkey_socketpair: operation not supported.\n"); | |
30234 | + return -EINVAL; | |
30235 | +} | |
30236 | + | |
30237 | +DEBUG_NO_STATIC int | |
30238 | +pfkey_accept(struct socket *sock, struct socket *newsock, int flags) | |
30239 | +{ | |
30240 | + KLIPS_PRINT(debug_pfkey, | |
30241 | + "klips_debug:pfkey_aaccept: operation not supported.\n"); | |
30242 | + return -EINVAL; | |
30243 | +} | |
30244 | + | |
30245 | +DEBUG_NO_STATIC int | |
30246 | +pfkey_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, | |
30247 | + int peer) | |
30248 | +{ | |
30249 | + struct sockaddr *ska = (struct sockaddr*)uaddr; | |
30250 | + | |
30251 | + KLIPS_PRINT(debug_pfkey, | |
30252 | + "klips_debug:pfkey_getname: .\n"); | |
30253 | + ska->sa_family = PF_KEY; | |
30254 | + *uaddr_len = sizeof(*ska); | |
30255 | + return 0; | |
30256 | +} | |
30257 | + | |
30258 | +DEBUG_NO_STATIC int | |
30259 | +pfkey_select(struct socket *sock, int sel_type, select_table *wait) | |
30260 | +{ | |
30261 | + | |
30262 | + KLIPS_PRINT(debug_pfkey, | |
30263 | + "klips_debug:pfkey_select: .sock=%p sk=%p sel_type=%d\n", | |
30264 | + sock, | |
30265 | + sock->data, | |
30266 | + sel_type); | |
30267 | + if(sock == NULL) { | |
30268 | + KLIPS_PRINT(debug_pfkey, | |
30269 | + "klips_debug:pfkey_select: Null socket passed in.\n"); | |
30270 | + return -EINVAL; | |
30271 | + } | |
30272 | + return datagram_select(sock->data, sel_type, wait); | |
30273 | +} | |
30274 | + | |
30275 | +DEBUG_NO_STATIC int | |
30276 | +pfkey_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) | |
30277 | +{ | |
30278 | + KLIPS_PRINT(debug_pfkey, | |
30279 | + "klips_debug:pfkey_ioctl: not supported.\n"); | |
30280 | + return -EINVAL; | |
30281 | +} | |
30282 | + | |
30283 | +DEBUG_NO_STATIC int | |
30284 | +pfkey_listen(struct socket *sock, int backlog) | |
30285 | +{ | |
30286 | + KLIPS_PRINT(debug_pfkey, | |
30287 | + "klips_debug:pfkey_listen: not supported.\n"); | |
30288 | + return -EINVAL; | |
30289 | +} | |
30290 | +#endif /* !NET_21 */ | |
30291 | + | |
30292 | +DEBUG_NO_STATIC int | |
30293 | +pfkey_shutdown(struct socket *sock, int mode) | |
30294 | +{ | |
30295 | + struct sock *sk; | |
30296 | + | |
30297 | + if(sock == NULL) { | |
30298 | + KLIPS_PRINT(debug_pfkey, | |
30299 | + "klips_debug:pfkey_shutdown: NULL socket passed in.\n"); | |
30300 | + return -EINVAL; | |
30301 | + } | |
30302 | + | |
30303 | +#ifdef NET_21 | |
30304 | + sk=sock->sk; | |
30305 | +#else /* NET_21 */ | |
30306 | + sk=sock->data; | |
30307 | +#endif /* NET_21 */ | |
30308 | + | |
30309 | + if(sk == NULL) { | |
30310 | + KLIPS_PRINT(debug_pfkey, | |
30311 | + "klips_debug:pfkey_shutdown: No sock attached to socket.\n"); | |
30312 | + return -EINVAL; | |
30313 | + } | |
30314 | + | |
30315 | + KLIPS_PRINT(debug_pfkey, | |
30316 | + "klips_debug:pfkey_shutdown: mode=%x.\n", mode); | |
30317 | + mode++; | |
30318 | + | |
30319 | + if(mode&SEND_SHUTDOWN) { | |
30320 | + sk->shutdown|=SEND_SHUTDOWN; | |
30321 | + sk->state_change(sk); | |
30322 | + } | |
30323 | + | |
30324 | + if(mode&RCV_SHUTDOWN) { | |
30325 | + sk->shutdown|=RCV_SHUTDOWN; | |
30326 | + sk->state_change(sk); | |
30327 | + } | |
30328 | + return 0; | |
30329 | +} | |
30330 | + | |
30331 | +#ifndef NET_21 | |
30332 | +DEBUG_NO_STATIC int | |
30333 | +pfkey_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen) | |
30334 | +{ | |
30335 | +#ifndef NET_21 | |
30336 | + struct sock *sk; | |
30337 | + | |
30338 | + if(sock == NULL) { | |
30339 | + KLIPS_PRINT(debug_pfkey, | |
30340 | + "klips_debug:pfkey_setsockopt: Null socket passed in.\n"); | |
30341 | + return -EINVAL; | |
30342 | + } | |
30343 | + | |
30344 | + sk=sock->data; | |
30345 | + | |
30346 | + if(sk == NULL) { | |
30347 | + KLIPS_PRINT(debug_pfkey, | |
30348 | + "klips_debug:pfkey_setsockopt: Null sock passed in.\n"); | |
30349 | + return -EINVAL; | |
30350 | + } | |
30351 | +#endif /* !NET_21 */ | |
30352 | + | |
30353 | + KLIPS_PRINT(debug_pfkey, | |
30354 | + "klips_debug:pfkey_setsockopt: .\n"); | |
30355 | + if(level!=SOL_SOCKET) { | |
30356 | + return -EOPNOTSUPP; | |
30357 | + } | |
30358 | +#ifdef NET_21 | |
30359 | + return sock_setsockopt(sock, level, optname, optval, optlen); | |
30360 | +#else /* NET_21 */ | |
30361 | + return sock_setsockopt(sk, level, optname, optval, optlen); | |
30362 | +#endif /* NET_21 */ | |
30363 | +} | |
30364 | + | |
30365 | +DEBUG_NO_STATIC int | |
30366 | +pfkey_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen) | |
30367 | +{ | |
30368 | +#ifndef NET_21 | |
30369 | + struct sock *sk; | |
30370 | + | |
30371 | + if(sock == NULL) { | |
30372 | + KLIPS_PRINT(debug_pfkey, | |
30373 | + "klips_debug:pfkey_setsockopt: Null socket passed in.\n"); | |
30374 | + return -EINVAL; | |
30375 | + } | |
30376 | + | |
30377 | + sk=sock->data; | |
30378 | + | |
30379 | + if(sk == NULL) { | |
30380 | + KLIPS_PRINT(debug_pfkey, | |
30381 | + "klips_debug:pfkey_setsockopt: Null sock passed in.\n"); | |
30382 | + return -EINVAL; | |
30383 | + } | |
30384 | +#endif /* !NET_21 */ | |
30385 | + | |
30386 | + KLIPS_PRINT(debug_pfkey, | |
30387 | + "klips_debug:pfkey_getsockopt: .\n"); | |
30388 | + if(level!=SOL_SOCKET) { | |
30389 | + return -EOPNOTSUPP; | |
30390 | + } | |
30391 | +#ifdef NET_21 | |
30392 | + return sock_getsockopt(sock, level, optname, optval, optlen); | |
30393 | +#else /* NET_21 */ | |
30394 | + return sock_getsockopt(sk, level, optname, optval, optlen); | |
30395 | +#endif /* NET_21 */ | |
30396 | +} | |
30397 | + | |
30398 | +DEBUG_NO_STATIC int | |
30399 | +pfkey_fcntl(struct socket *sock, unsigned int cmd, unsigned long arg) | |
30400 | +{ | |
30401 | + KLIPS_PRINT(debug_pfkey, | |
30402 | + "klips_debug:pfkey_fcntl: " | |
30403 | + "not supported.\n"); | |
30404 | + return -EINVAL; | |
30405 | +} | |
30406 | +#endif /* !NET_21 */ | |
30407 | + | |
30408 | +/* | |
30409 | + * Send PF_KEY data down. | |
30410 | + */ | |
30411 | + | |
30412 | +DEBUG_NO_STATIC int | |
30413 | +#ifdef NET_21 | |
30414 | +pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm) | |
30415 | +#else /* NET_21 */ | |
30416 | +pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, int nonblock, int flags) | |
30417 | +#endif /* NET_21 */ | |
30418 | +{ | |
30419 | + struct sock *sk; | |
30420 | + int error = 0; | |
30421 | + struct sadb_msg *pfkey_msg = NULL, *pfkey_reply = NULL; | |
30422 | + | |
30423 | + if(sock == NULL) { | |
30424 | + KLIPS_PRINT(debug_pfkey, | |
30425 | + "klips_debug:pfkey_sendmsg: " | |
30426 | + "Null socket passed in.\n"); | |
30427 | + SENDERR(EINVAL); | |
30428 | + } | |
30429 | + | |
30430 | +#ifdef NET_21 | |
30431 | + sk = sock->sk; | |
30432 | +#else /* NET_21 */ | |
30433 | + sk = sock->data; | |
30434 | +#endif /* NET_21 */ | |
30435 | + | |
30436 | + if(sk == NULL) { | |
30437 | + KLIPS_PRINT(debug_pfkey, | |
30438 | + "klips_debug:pfkey_sendmsg: " | |
30439 | + "Null sock passed in.\n"); | |
30440 | + SENDERR(EINVAL); | |
30441 | + } | |
30442 | + | |
30443 | + if(msg == NULL) { | |
30444 | + KLIPS_PRINT(debug_pfkey, | |
30445 | + "klips_debug:pfkey_sendmsg: " | |
30446 | + "Null msghdr passed in.\n"); | |
30447 | + SENDERR(EINVAL); | |
30448 | + } | |
30449 | + | |
30450 | + KLIPS_PRINT(debug_pfkey, | |
30451 | + "klips_debug:pfkey_sendmsg: .\n"); | |
30452 | + if(sk->err) { | |
30453 | + error = sock_error(sk); | |
30454 | + KLIPS_PRINT(debug_pfkey, | |
30455 | + "klips_debug:pfkey_sendmsg: " | |
30456 | + "sk->err is non-zero, returns %d.\n", | |
30457 | + error); | |
30458 | + SENDERR(-error); | |
30459 | + } | |
30460 | + | |
30461 | + if((current->uid != 0)) { | |
30462 | + KLIPS_PRINT(debug_pfkey, | |
30463 | + "klips_debug:pfkey_sendmsg: " | |
30464 | + "must be root to send messages to pfkey sockets.\n"); | |
30465 | + SENDERR(EACCES); | |
30466 | + } | |
30467 | + | |
30468 | +#ifdef NET_21 | |
30469 | + if(msg->msg_control) | |
30470 | +#else /* NET_21 */ | |
30471 | + if(flags || msg->msg_control) | |
30472 | +#endif /* NET_21 */ | |
30473 | + { | |
30474 | + KLIPS_PRINT(debug_pfkey, | |
30475 | + "klips_debug:pfkey_sendmsg: " | |
30476 | + "can't set flags or set msg_control.\n"); | |
30477 | + SENDERR(EINVAL); | |
30478 | + } | |
30479 | + | |
30480 | + if(sk->shutdown & SEND_SHUTDOWN) { | |
30481 | + KLIPS_PRINT(debug_pfkey, | |
30482 | + "klips_debug:pfkey_sendmsg: " | |
30483 | + "shutdown.\n"); | |
30484 | + send_sig(SIGPIPE, current, 0); | |
30485 | + SENDERR(EPIPE); | |
30486 | + } | |
30487 | + | |
30488 | + if(len < sizeof(struct sadb_msg)) { | |
30489 | + KLIPS_PRINT(debug_pfkey, | |
30490 | + "klips_debug:pfkey_sendmsg: " | |
30491 | + "bogus msg len of %d, too small.\n", len); | |
30492 | + SENDERR(EMSGSIZE); | |
30493 | + } | |
30494 | + | |
30495 | + if((pfkey_msg = (struct sadb_msg*)kmalloc(len, GFP_KERNEL)) == NULL) { | |
30496 | + KLIPS_PRINT(debug_pfkey, | |
30497 | + "klips_debug:pfkey_sendmsg: " | |
30498 | + "memory allocation error.\n"); | |
30499 | + SENDERR(ENOBUFS); | |
30500 | + } | |
30501 | + | |
30502 | + memcpy_fromiovec((void *)pfkey_msg, msg->msg_iov, len); | |
30503 | + | |
30504 | + if(pfkey_msg->sadb_msg_version != PF_KEY_V2) { | |
30505 | + KLIPS_PRINT(1 || debug_pfkey, | |
30506 | + "klips_debug:pfkey_sendmsg: " | |
30507 | + "not PF_KEY_V2 msg, found %d, should be %d.\n", | |
30508 | + pfkey_msg->sadb_msg_version, | |
30509 | + PF_KEY_V2); | |
30510 | + kfree((void*)pfkey_msg); | |
30511 | + return -EINVAL; | |
30512 | + } | |
30513 | + | |
30514 | + if(len != pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) { | |
30515 | + KLIPS_PRINT(debug_pfkey, | |
30516 | + "klips_debug:pfkey_sendmsg: " | |
30517 | + "bogus msg len of %d, not %d byte aligned.\n", | |
30518 | + len, IPSEC_PFKEYv2_ALIGN); | |
30519 | + SENDERR(EMSGSIZE); | |
30520 | + } | |
30521 | + | |
30522 | + /* check PID */ | |
30523 | + if(pfkey_msg->sadb_msg_pid != current->pid) { | |
30524 | + KLIPS_PRINT(debug_pfkey, | |
30525 | + "klips_debug:pfkey_sendmsg: " | |
30526 | + "pid (%d) does not equal sending process pid (%d).\n", | |
30527 | + pfkey_msg->sadb_msg_pid, current->pid); | |
30528 | + SENDERR(EINVAL); | |
30529 | + } | |
30530 | + | |
30531 | + if(pfkey_msg->sadb_msg_reserved) { | |
30532 | + KLIPS_PRINT(debug_pfkey, | |
30533 | + "klips_debug:pfkey_sendmsg: " | |
30534 | + "reserved field must be zero, set to %d.\n", | |
30535 | + pfkey_msg->sadb_msg_reserved); | |
30536 | + SENDERR(EINVAL); | |
30537 | + } | |
30538 | + | |
30539 | + if((pfkey_msg->sadb_msg_type > SADB_MAX) || (!pfkey_msg->sadb_msg_type)){ | |
30540 | + KLIPS_PRINT(debug_pfkey, | |
30541 | + "klips_debug:pfkey_sendmsg: " | |
30542 | + "msg type too large or small:%d.\n", | |
30543 | + pfkey_msg->sadb_msg_type); | |
30544 | + SENDERR(EINVAL); | |
30545 | + } | |
30546 | + | |
30547 | + KLIPS_PRINT(debug_pfkey, | |
30548 | + "klips_debug:pfkey_sendmsg: " | |
30549 | + "msg sent for parsing.\n"); | |
30550 | + | |
30551 | + if((error = pfkey_msg_interp(sk, pfkey_msg, &pfkey_reply))) { | |
30552 | + struct socket_list *pfkey_socketsp; | |
30553 | + | |
30554 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " | |
30555 | + "pfkey_msg_parse returns %d.\n", | |
30556 | + error); | |
30557 | + | |
30558 | + if((pfkey_reply = (struct sadb_msg*)kmalloc(sizeof(struct sadb_msg), GFP_KERNEL)) == NULL) { | |
30559 | + KLIPS_PRINT(debug_pfkey, | |
30560 | + "klips_debug:pfkey_sendmsg: " | |
30561 | + "memory allocation error.\n"); | |
30562 | + SENDERR(ENOBUFS); | |
30563 | + } | |
30564 | + memcpy((void*)pfkey_reply, (void*)pfkey_msg, sizeof(struct sadb_msg)); | |
30565 | + pfkey_reply->sadb_msg_errno = -error; | |
30566 | + pfkey_reply->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; | |
30567 | + | |
30568 | + for(pfkey_socketsp = pfkey_open_sockets; | |
30569 | + pfkey_socketsp; | |
30570 | + pfkey_socketsp = pfkey_socketsp->next) { | |
30571 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " | |
30572 | + "sending up error=%d message=%p to socket=%p.\n", | |
30573 | + error, | |
30574 | + pfkey_reply, | |
30575 | + pfkey_socketsp->socketp); | |
30576 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
30577 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " | |
30578 | + "sending up error message to socket=%p failed with error=%d.\n", | |
30579 | + pfkey_socketsp->socketp, error); | |
30580 | + pfkey_msg_free(&pfkey_reply); | |
30581 | + goto errlab; | |
30582 | + } | |
30583 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " | |
30584 | + "sending up error message to socket=%p succeeded.\n", | |
30585 | + pfkey_socketsp->socketp); | |
30586 | + } | |
30587 | + | |
30588 | + pfkey_msg_free(&pfkey_reply); | |
30589 | + | |
30590 | + SENDERR(-error); | |
30591 | + } | |
30592 | + | |
30593 | + errlab: | |
30594 | + if (pfkey_msg) { | |
30595 | + kfree((void*)pfkey_msg); | |
30596 | + } | |
30597 | + | |
30598 | + if(error) { | |
30599 | + return error; | |
30600 | + } else { | |
30601 | + return len; | |
30602 | + } | |
30603 | +} | |
30604 | + | |
30605 | +/* | |
30606 | + * Receive PF_KEY data up. | |
30607 | + */ | |
30608 | + | |
30609 | +DEBUG_NO_STATIC int | |
30610 | +#ifdef NET_21 | |
30611 | +pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags, struct scm_cookie *scm) | |
30612 | +#else /* NET_21 */ | |
30613 | +pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int noblock, int flags, int *addr_len) | |
30614 | +#endif /* NET_21 */ | |
30615 | +{ | |
30616 | + struct sock *sk; | |
30617 | +#ifdef NET_21 | |
30618 | + int noblock = flags & MSG_DONTWAIT; | |
30619 | +#endif /* NET_21 */ | |
30620 | + struct sk_buff *skb; | |
30621 | + int error; | |
30622 | + | |
30623 | + if(sock == NULL) { | |
30624 | + KLIPS_PRINT(debug_pfkey, | |
30625 | + "klips_debug:pfkey_recvmsg: Null socket passed in.\n"); | |
30626 | + return -EINVAL; | |
30627 | + } | |
30628 | + | |
30629 | +#ifdef NET_21 | |
30630 | + sk = sock->sk; | |
30631 | +#else /* NET_21 */ | |
30632 | + sk = sock->data; | |
30633 | +#endif /* NET_21 */ | |
30634 | + | |
30635 | + if(sk == NULL) { | |
30636 | + KLIPS_PRINT(debug_pfkey, | |
30637 | + "klips_debug:pfkey_recvmsg: Null sock passed in for sock=%p.\n", sock); | |
30638 | + return -EINVAL; | |
30639 | + } | |
30640 | + | |
30641 | + if(msg == NULL) { | |
30642 | + KLIPS_PRINT(debug_pfkey, | |
30643 | + "klips_debug:pfkey_recvmsg: Null msghdr passed in for sock=%p, sk=%p.\n", | |
30644 | + sock, sk); | |
30645 | + return -EINVAL; | |
30646 | + } | |
30647 | + | |
30648 | + KLIPS_PRINT(debug_pfkey, | |
30649 | + "klips_debug:pfkey_recvmsg: sock=%p sk=%p msg=%p size=%d.\n", | |
30650 | + sock, sk, msg, size); | |
30651 | + if(flags & ~MSG_PEEK) { | |
30652 | + KLIPS_PRINT(debug_pfkey, | |
30653 | + "klips_debug:pfkey_sendmsg: flags (%d) other than MSG_PEEK not supported.\n", | |
30654 | + flags); | |
30655 | + return -EOPNOTSUPP; | |
30656 | + } | |
30657 | + | |
30658 | +#ifdef NET_21 | |
30659 | + msg->msg_namelen = 0; /* sizeof(*ska); */ | |
30660 | +#else /* NET_21 */ | |
30661 | + if(addr_len) { | |
30662 | + *addr_len = 0; /* sizeof(*ska); */ | |
30663 | + } | |
30664 | +#endif /* NET_21 */ | |
30665 | + | |
30666 | + if(sk->err) { | |
30667 | + KLIPS_PRINT(debug_pfkey, | |
30668 | + "klips_debug:pfkey_sendmsg: sk->err=%d.\n", sk->err); | |
30669 | + return sock_error(sk); | |
30670 | + } | |
30671 | + | |
30672 | + if((skb = skb_recv_datagram(sk, flags, noblock, &error) ) == NULL) { | |
30673 | + return error; | |
30674 | + } | |
30675 | + | |
30676 | + if(size > skb->len) { | |
30677 | + size = skb->len; | |
30678 | + } | |
30679 | +#ifdef NET_21 | |
30680 | + else if(size <skb->len) { | |
30681 | + msg->msg_flags |= MSG_TRUNC; | |
30682 | + } | |
30683 | +#endif /* NET_21 */ | |
30684 | + | |
30685 | + skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size); | |
30686 | + sk->stamp=skb->stamp; | |
30687 | + | |
30688 | + skb_free_datagram(sk, skb); | |
30689 | + return size; | |
30690 | +} | |
30691 | + | |
30692 | +#ifdef NET_21 | |
30693 | +struct net_proto_family pfkey_family_ops = { | |
30694 | + PF_KEY, | |
30695 | + pfkey_create | |
30696 | +}; | |
30697 | + | |
30698 | +struct proto_ops SOCKOPS_WRAPPED(pfkey_ops) = { | |
30699 | +#ifdef NETDEV_23 | |
30700 | + family: PF_KEY, | |
30701 | + release: pfkey_release, | |
30702 | + bind: sock_no_bind, | |
30703 | + connect: sock_no_connect, | |
30704 | + socketpair: sock_no_socketpair, | |
30705 | + accept: sock_no_accept, | |
30706 | + getname: sock_no_getname, | |
30707 | + poll: datagram_poll, | |
30708 | + ioctl: sock_no_ioctl, | |
30709 | + listen: sock_no_listen, | |
30710 | + shutdown: pfkey_shutdown, | |
30711 | + setsockopt: sock_no_setsockopt, | |
30712 | + getsockopt: sock_no_getsockopt, | |
30713 | + sendmsg: pfkey_sendmsg, | |
30714 | + recvmsg: pfkey_recvmsg, | |
30715 | + mmap: sock_no_mmap, | |
30716 | +#else | |
30717 | + PF_KEY, | |
30718 | + sock_no_dup, | |
30719 | + pfkey_release, | |
30720 | + sock_no_bind, | |
30721 | + sock_no_connect, | |
30722 | + sock_no_socketpair, | |
30723 | + sock_no_accept, | |
30724 | + sock_no_getname, | |
30725 | + datagram_poll, | |
30726 | + sock_no_ioctl, | |
30727 | + sock_no_listen, | |
30728 | + pfkey_shutdown, | |
30729 | + sock_no_setsockopt, | |
30730 | + sock_no_getsockopt, | |
30731 | + sock_no_fcntl, | |
30732 | + pfkey_sendmsg, | |
30733 | + pfkey_recvmsg | |
30734 | +#endif | |
30735 | +}; | |
30736 | + | |
30737 | +#ifdef NETDEV_23 | |
30738 | +#include <linux/smp_lock.h> | |
30739 | +SOCKOPS_WRAP(pfkey, PF_KEY); | |
30740 | +#endif | |
30741 | + | |
30742 | +#else /* NET_21 */ | |
30743 | +struct proto_ops pfkey_proto_ops = { | |
30744 | + PF_KEY, | |
30745 | + pfkey_create, | |
30746 | + pfkey_dup, | |
30747 | + pfkey_release, | |
30748 | + pfkey_bind, | |
30749 | + pfkey_connect, | |
30750 | + pfkey_socketpair, | |
30751 | + pfkey_accept, | |
30752 | + pfkey_getname, | |
30753 | + pfkey_select, | |
30754 | + pfkey_ioctl, | |
30755 | + pfkey_listen, | |
30756 | + pfkey_shutdown, | |
30757 | + pfkey_setsockopt, | |
30758 | + pfkey_getsockopt, | |
30759 | + pfkey_fcntl, | |
30760 | + pfkey_sendmsg, | |
30761 | + pfkey_recvmsg | |
30762 | +}; | |
30763 | +#endif /* NET_21 */ | |
30764 | + | |
30765 | +#ifdef CONFIG_PROC_FS | |
30766 | +#ifndef PROC_FS_2325 | |
30767 | +DEBUG_NO_STATIC | |
30768 | +#endif /* PROC_FS_2325 */ | |
30769 | +int | |
30770 | +pfkey_get_info(char *buffer, char **start, off_t offset, int length | |
30771 | +#ifndef PROC_NO_DUMMY | |
30772 | +, int dummy | |
30773 | +#endif /* !PROC_NO_DUMMY */ | |
30774 | +) | |
30775 | +{ | |
30776 | + off_t pos=0; | |
30777 | + off_t begin=0; | |
30778 | + int len=0; | |
30779 | + struct sock *sk=pfkey_sock_list; | |
30780 | + | |
30781 | +#ifdef CONFIG_IPSEC_DEBUG | |
30782 | + if(!sysctl_ipsec_debug_verbose) { | |
30783 | +#endif CONFIG_IPSEC_DEBUG | |
30784 | + len+= sprintf(buffer," sock pid socket next prev e n p sndbf Flags Type St\n"); | |
30785 | +#ifdef CONFIG_IPSEC_DEBUG | |
30786 | + } else { | |
30787 | + len+= sprintf(buffer," sock pid d sleep socket next prev e r z n p sndbf stamp Flags Type St\n"); | |
30788 | + } | |
30789 | +#endif CONFIG_IPSEC_DEBUG | |
30790 | + | |
30791 | + while(sk!=NULL) { | |
30792 | +#ifdef CONFIG_IPSEC_DEBUG | |
30793 | + if(!sysctl_ipsec_debug_verbose) { | |
30794 | +#endif CONFIG_IPSEC_DEBUG | |
30795 | + len+=sprintf(buffer+len,"%8p %5d %8p %8p %8p %d %d %d %5d %08lX %8X %2X\n", | |
30796 | + sk, | |
30797 | + key_pid(sk), | |
30798 | + sk->socket, | |
30799 | + sk->next, | |
30800 | + sk->prev, | |
30801 | + sk->err, | |
30802 | + sk->num, | |
30803 | + sk->protocol, | |
30804 | + sk->sndbuf, | |
30805 | + sk->socket->flags, | |
30806 | + sk->socket->type, | |
30807 | + sk->socket->state); | |
30808 | +#ifdef CONFIG_IPSEC_DEBUG | |
30809 | + } else { | |
30810 | + len+=sprintf(buffer+len,"%8p %5d %d %8p %8p %8p %8p %d %d %d %d %d %5d %d.%06d %08lX %8X %2X\n", | |
30811 | + sk, | |
30812 | + key_pid(sk), | |
30813 | + sk->dead, | |
30814 | + sk->sleep, | |
30815 | + sk->socket, | |
30816 | + sk->next, | |
30817 | + sk->prev, | |
30818 | + sk->err, | |
30819 | + sk->reuse, | |
30820 | + sk->zapped, | |
30821 | + sk->num, | |
30822 | + sk->protocol, | |
30823 | + sk->sndbuf, | |
30824 | + (unsigned int)sk->stamp.tv_sec, | |
30825 | + (unsigned int)sk->stamp.tv_usec, | |
30826 | + sk->socket->flags, | |
30827 | + sk->socket->type, | |
30828 | + sk->socket->state); | |
30829 | + } | |
30830 | +#endif CONFIG_IPSEC_DEBUG | |
30831 | + | |
30832 | + pos=begin+len; | |
30833 | + if(pos<offset) | |
30834 | + { | |
30835 | + len=0; | |
30836 | + begin=pos; | |
30837 | + } | |
30838 | + if(pos>offset+length) | |
30839 | + break; | |
30840 | + sk=sk->next; | |
30841 | + } | |
30842 | + *start=buffer+(offset-begin); | |
30843 | + len-=(offset-begin); | |
30844 | + if(len>length) | |
30845 | + len=length; | |
30846 | + return len; | |
30847 | +} | |
30848 | + | |
30849 | +#ifndef PROC_FS_2325 | |
30850 | +DEBUG_NO_STATIC | |
30851 | +#endif /* PROC_FS_2325 */ | |
30852 | +int | |
30853 | +pfkey_supported_get_info(char *buffer, char **start, off_t offset, int length | |
30854 | +#ifndef PROC_NO_DUMMY | |
30855 | +, int dummy | |
30856 | +#endif /* !PROC_NO_DUMMY */ | |
30857 | +) | |
30858 | +{ | |
30859 | + off_t pos=0; | |
30860 | + off_t begin=0; | |
30861 | + int len=0; | |
30862 | + int satype; | |
30863 | + struct supported_list *pfkey_supported_p; | |
30864 | + | |
30865 | + len+= sprintf(buffer,"satype exttype alg_id ivlen minbits maxbits\n"); | |
30866 | + | |
30867 | + for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) { | |
30868 | + pfkey_supported_p = pfkey_supported_list[satype]; | |
30869 | + while(pfkey_supported_p) { | |
30870 | + len+=sprintf(buffer+len," %2d %2d %2d %3d %3d %3d\n", | |
30871 | + satype, | |
30872 | + pfkey_supported_p->supportedp->supported_alg_exttype, | |
30873 | + pfkey_supported_p->supportedp->supported_alg_id, | |
30874 | + pfkey_supported_p->supportedp->supported_alg_ivlen, | |
30875 | + pfkey_supported_p->supportedp->supported_alg_minbits, | |
30876 | + pfkey_supported_p->supportedp->supported_alg_maxbits); | |
30877 | + | |
30878 | + pos=begin+len; | |
30879 | + if(pos<offset) { | |
30880 | + len=0; | |
30881 | + begin=pos; | |
30882 | + } | |
30883 | + if(pos>offset+length) | |
30884 | + break; | |
30885 | + pfkey_supported_p = pfkey_supported_p->next; | |
30886 | + } | |
30887 | + } | |
30888 | + *start=buffer+(offset-begin); | |
30889 | + len-=(offset-begin); | |
30890 | + if(len>length) | |
30891 | + len=length; | |
30892 | + return len; | |
30893 | +} | |
30894 | + | |
30895 | +#ifndef PROC_FS_2325 | |
30896 | +DEBUG_NO_STATIC | |
30897 | +#endif /* PROC_FS_2325 */ | |
30898 | +int | |
30899 | +pfkey_registered_get_info(char *buffer, char **start, off_t offset, int length | |
30900 | +#ifndef PROC_NO_DUMMY | |
30901 | +, int dummy | |
30902 | +#endif /* !PROC_NO_DUMMY */ | |
30903 | +) | |
30904 | +{ | |
30905 | + off_t pos=0; | |
30906 | + off_t begin=0; | |
30907 | + int len=0; | |
30908 | + int satype; | |
30909 | + struct socket_list *pfkey_sockets; | |
30910 | + | |
30911 | + len+= sprintf(buffer,"satype socket pid sk\n"); | |
30912 | + | |
30913 | + for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) { | |
30914 | + pfkey_sockets = pfkey_registered_sockets[satype]; | |
30915 | + while(pfkey_sockets) { | |
30916 | +#ifdef NET_21 | |
30917 | + len+=sprintf(buffer+len," %2d %8p %5d %8p\n", | |
30918 | + satype, | |
30919 | + pfkey_sockets->socketp, | |
30920 | + key_pid(pfkey_sockets->socketp->sk), | |
30921 | + pfkey_sockets->socketp->sk); | |
30922 | +#else /* NET_21 */ | |
30923 | + len+=sprintf(buffer+len," %2d %8p N/A %8p\n", | |
30924 | + satype, | |
30925 | + pfkey_sockets->socketp, | |
30926 | +#if 0 | |
30927 | + key_pid((pfkey_sockets->socketp)->data), | |
30928 | +#endif | |
30929 | + (pfkey_sockets->socketp)->data); | |
30930 | +#endif /* NET_21 */ | |
30931 | + | |
30932 | + pos=begin+len; | |
30933 | + if(pos<offset) { | |
30934 | + len=0; | |
30935 | + begin=pos; | |
30936 | + } | |
30937 | + if(pos>offset+length) | |
30938 | + break; | |
30939 | + pfkey_sockets = pfkey_sockets->next; | |
30940 | + } | |
30941 | + } | |
30942 | + *start=buffer+(offset-begin); | |
30943 | + len-=(offset-begin); | |
30944 | + if(len>length) | |
30945 | + len=length; | |
30946 | + return len; | |
30947 | +} | |
30948 | + | |
30949 | +#ifndef PROC_FS_2325 | |
30950 | +struct proc_dir_entry proc_net_pfkey = | |
30951 | +{ | |
30952 | + 0, | |
30953 | + 6, "pf_key", | |
30954 | + S_IFREG | S_IRUGO, 1, 0, 0, | |
30955 | + 0, &proc_net_inode_operations, | |
30956 | + pfkey_get_info | |
30957 | +}; | |
30958 | +struct proc_dir_entry proc_net_pfkey_supported = | |
30959 | +{ | |
30960 | + 0, | |
30961 | + 16, "pf_key_supported", | |
30962 | + S_IFREG | S_IRUGO, 1, 0, 0, | |
30963 | + 0, &proc_net_inode_operations, | |
30964 | + pfkey_supported_get_info | |
30965 | +}; | |
30966 | +struct proc_dir_entry proc_net_pfkey_registered = | |
30967 | +{ | |
30968 | + 0, | |
30969 | + 17, "pf_key_registered", | |
30970 | + S_IFREG | S_IRUGO, 1, 0, 0, | |
30971 | + 0, &proc_net_inode_operations, | |
30972 | + pfkey_registered_get_info | |
30973 | +}; | |
30974 | +#endif /* !PROC_FS_2325 */ | |
30975 | +#endif /* CONFIG_PROC_FS */ | |
30976 | + | |
30977 | +DEBUG_NO_STATIC int | |
30978 | +supported_add_all(int satype, struct supported supported[], int size) | |
30979 | +{ | |
30980 | + int i; | |
30981 | + int error = 0; | |
30982 | + | |
30983 | + KLIPS_PRINT(debug_pfkey, | |
30984 | + "klips_debug:init_pfkey: " | |
30985 | + "sizeof(supported_init_<satype=%d>)[%d]/sizeof(struct supported)[%d]=%d.\n", | |
30986 | + satype, | |
30987 | + size, | |
30988 | + sizeof(struct supported), | |
30989 | + size/sizeof(struct supported)); | |
30990 | + | |
30991 | + for(i = 0; i < size / sizeof(struct supported); i++) { | |
30992 | + | |
30993 | + KLIPS_PRINT(debug_pfkey, | |
30994 | + "klips_debug:init_pfkey: " | |
30995 | + "i=%d inserting satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n", | |
30996 | + i, | |
30997 | + satype, | |
30998 | + supported[i].supported_alg_exttype, | |
30999 | + supported[i].supported_alg_id, | |
31000 | + supported[i].supported_alg_ivlen, | |
31001 | + supported[i].supported_alg_minbits, | |
31002 | + supported[i].supported_alg_maxbits); | |
31003 | + | |
31004 | + error |= pfkey_list_insert_supported(&(supported[i]), | |
31005 | + &(pfkey_supported_list[satype])); | |
31006 | + } | |
31007 | + return error; | |
31008 | +} | |
31009 | + | |
31010 | +DEBUG_NO_STATIC int | |
31011 | +supported_remove_all(int satype) | |
31012 | +{ | |
31013 | + int error = 0; | |
31014 | + struct supported*supportedp; | |
31015 | + | |
31016 | + while(pfkey_supported_list[satype]) { | |
31017 | + supportedp = pfkey_supported_list[satype]->supportedp; | |
31018 | + KLIPS_PRINT(debug_pfkey, | |
31019 | + "klips_debug:init_pfkey: " | |
31020 | + "removing satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n", | |
31021 | + satype, | |
31022 | + supportedp->supported_alg_exttype, | |
31023 | + supportedp->supported_alg_id, | |
31024 | + supportedp->supported_alg_ivlen, | |
31025 | + supportedp->supported_alg_minbits, | |
31026 | + supportedp->supported_alg_maxbits); | |
31027 | + | |
31028 | + error |= pfkey_list_remove_supported(supportedp, | |
31029 | + &(pfkey_supported_list[satype])); | |
31030 | + } | |
31031 | + return error; | |
31032 | +} | |
31033 | + | |
31034 | +int | |
31035 | +pfkey_init(void) | |
31036 | +{ | |
31037 | + int error = 0; | |
31038 | + int i; | |
31039 | + | |
31040 | + static struct supported supported_init_ah[] = { | |
31041 | + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5HMAC, 0, 128, 128}, | |
31042 | + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1HMAC, 0, 160, 160} | |
31043 | + }; | |
31044 | + static struct supported supported_init_esp[] = { | |
31045 | + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5HMAC, 0, 128, 128}, | |
31046 | + {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1HMAC, 0, 160, 160}, | |
31047 | + {SADB_EXT_SUPPORTED_ENCRYPT, SADB_EALG_3DESCBC, 128, 168, 168} | |
31048 | + }; | |
31049 | + static struct supported supported_init_ipip[] = { | |
31050 | + {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv4, 0, 32, 32} | |
31051 | +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
31052 | + , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv4, 0, 128, 32} | |
31053 | + , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv6, 0, 32, 128} | |
31054 | + , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv6, 0, 128, 128} | |
31055 | +#endif | |
31056 | + }; | |
31057 | +#ifdef CONFIG_IPSEC_IPCOMP | |
31058 | + static struct supported supported_init_ipcomp[] = { | |
31059 | + {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_CALG_DEFLATE, 0, 1, 1} | |
31060 | + }; | |
31061 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
31062 | + | |
31063 | + printk(KERN_INFO "FreeS/WAN: initialising PF_KEY domain sockets.\n"); | |
31064 | + | |
31065 | + for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) { | |
31066 | + pfkey_registered_sockets[i] = NULL; | |
31067 | + pfkey_supported_list[i] = NULL; | |
31068 | + } | |
31069 | + | |
31070 | + supported_add_all(SADB_SATYPE_AH, supported_init_ah, sizeof(supported_init_ah)); | |
31071 | + supported_add_all(SADB_SATYPE_ESP, supported_init_esp, sizeof(supported_init_esp)); | |
31072 | +#ifdef CONFIG_IPSEC_IPCOMP | |
31073 | + supported_add_all(SADB_X_SATYPE_COMP, supported_init_ipcomp, sizeof(supported_init_ipcomp)); | |
31074 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
31075 | + supported_add_all(SADB_X_SATYPE_IPIP, supported_init_ipip, sizeof(supported_init_ipip)); | |
31076 | + | |
31077 | +#ifdef NET_21 | |
31078 | + sock_register(&pfkey_family_ops); | |
31079 | +#else /* NET_21 */ | |
31080 | + sock_register(pfkey_proto_ops.family, &pfkey_proto_ops); | |
31081 | +#endif /* NET_21 */ | |
31082 | + | |
31083 | +#ifdef CONFIG_PROC_FS | |
31084 | +# ifndef PROC_FS_2325 | |
31085 | +# ifdef PROC_FS_21 | |
31086 | + proc_register(proc_net, &proc_net_pfkey); | |
31087 | + proc_register(proc_net, &proc_net_pfkey_supported); | |
31088 | + proc_register(proc_net, &proc_net_pfkey_registered); | |
31089 | +# else /* PROC_FS_21 */ | |
31090 | + proc_register_dynamic(&proc_net, &proc_net_pfkey); | |
31091 | + proc_register_dynamic(&proc_net, &proc_net_pfkey_supported); | |
31092 | + proc_register_dynamic(&proc_net, &proc_net_pfkey_registered); | |
31093 | +# endif /* PROC_FS_21 */ | |
31094 | +# else /* !PROC_FS_2325 */ | |
31095 | + proc_net_create ("pf_key", 0, pfkey_get_info); | |
31096 | + proc_net_create ("pf_key_supported", 0, pfkey_supported_get_info); | |
31097 | + proc_net_create ("pf_key_registered", 0, pfkey_registered_get_info); | |
31098 | +# endif /* !PROC_FS_2325 */ | |
31099 | +#endif /* CONFIG_PROC_FS */ | |
31100 | + | |
31101 | + return error; | |
31102 | +} | |
31103 | + | |
31104 | +int | |
31105 | +pfkey_cleanup(void) | |
31106 | +{ | |
31107 | + int error = 0; | |
31108 | + | |
31109 | + printk(KERN_INFO "FreeS/WAN: shutting down PF_KEY domain sockets.\n"); | |
31110 | +#ifdef NET_21 | |
31111 | + sock_unregister(PF_KEY); | |
31112 | +#else /* NET_21 */ | |
31113 | + sock_unregister(pfkey_proto_ops.family); | |
31114 | +#endif /* NET_21 */ | |
31115 | + | |
31116 | + supported_remove_all(SADB_SATYPE_AH); | |
31117 | + supported_remove_all(SADB_SATYPE_ESP); | |
31118 | +#ifdef CONFIG_IPSEC_IPCOMP | |
31119 | + supported_remove_all(SADB_X_SATYPE_COMP); | |
31120 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
31121 | + supported_remove_all(SADB_X_SATYPE_IPIP); | |
31122 | + | |
31123 | +#ifdef CONFIG_PROC_FS | |
31124 | +# ifndef PROC_FS_2325 | |
31125 | + if (proc_net_unregister(proc_net_pfkey.low_ino) != 0) | |
31126 | + printk("klips_debug:pfkey_cleanup: cannot unregister /proc/net/pf_key\n"); | |
31127 | + if (proc_net_unregister(proc_net_pfkey_supported.low_ino) != 0) | |
31128 | + printk("klips_debug:pfkey_cleanup: cannot unregister /proc/net/pf_key_supported\n"); | |
31129 | + if (proc_net_unregister(proc_net_pfkey_registered.low_ino) != 0) | |
31130 | + printk("klips_debug:pfkey_cleanup: cannot unregister /proc/net/pf_key_registered\n"); | |
31131 | +# else /* !PROC_FS_2325 */ | |
31132 | + proc_net_remove ("pf_key"); | |
31133 | + proc_net_remove ("pf_key_supported"); | |
31134 | + proc_net_remove ("pf_key_registered"); | |
31135 | +# endif /* !PROC_FS_2325 */ | |
31136 | +#endif /* CONFIG_PROC_FS */ | |
31137 | + | |
31138 | + /* other module unloading cleanup happens here */ | |
31139 | + return error; | |
31140 | +} | |
31141 | + | |
31142 | +#ifdef MODULE | |
31143 | +#if 0 | |
31144 | +int | |
31145 | +init_module(void) | |
31146 | +{ | |
31147 | + pfkey_init(); | |
31148 | + return 0; | |
31149 | +} | |
31150 | + | |
31151 | +void | |
31152 | +cleanup_module(void) | |
31153 | +{ | |
31154 | + pfkey_cleanup(); | |
31155 | +} | |
31156 | +#endif /* 0 */ | |
31157 | +#else /* MODULE */ | |
31158 | +void | |
31159 | +pfkey_proto_init(struct net_proto *pro) | |
31160 | +{ | |
31161 | + pfkey_init(); | |
31162 | +} | |
31163 | +#endif /* MODULE */ | |
31164 | + | |
31165 | +/* | |
31166 | + * $Log$ | |
31167 | + * Revision 1.49 2000/11/06 04:33:47 rgb | |
31168 | + * Changed non-exported functions to DEBUG_NO_STATIC. | |
31169 | + * | |
31170 | + * Revision 1.48 2000/09/29 19:47:41 rgb | |
31171 | + * Update copyright. | |
31172 | + * | |
31173 | + * Revision 1.47 2000/09/22 04:23:04 rgb | |
31174 | + * Added more debugging to pfkey_upmsg() call from pfkey_sendmsg() error. | |
31175 | + * | |
31176 | + * Revision 1.46 2000/09/21 04:20:44 rgb | |
31177 | + * Fixed array size off-by-one error. (Thanks Svenning!) | |
31178 | + * | |
31179 | + * Revision 1.45 2000/09/20 04:01:26 rgb | |
31180 | + * Changed static functions to DEBUG_NO_STATIC for revealing function names | |
31181 | + * in oopsen. | |
31182 | + * | |
31183 | + * Revision 1.44 2000/09/19 00:33:17 rgb | |
31184 | + * 2.0 fixes. | |
31185 | + * | |
31186 | + * Revision 1.43 2000/09/16 01:28:13 rgb | |
31187 | + * Fixed use of 0 in p format warning. | |
31188 | + * | |
31189 | + * Revision 1.42 2000/09/16 01:09:41 rgb | |
31190 | + * Fixed debug format warning for pointers that was expecting ints. | |
31191 | + * | |
31192 | + * Revision 1.41 2000/09/13 15:54:00 rgb | |
31193 | + * Rewrote pfkey_get_info(), added pfkey_{supported,registered}_get_info(). | |
31194 | + * Moved supported algos add and remove to functions. | |
31195 | + * | |
31196 | + * Revision 1.40 2000/09/12 18:49:28 rgb | |
31197 | + * Added IPIP tunnel and IPCOMP register support. | |
31198 | + * | |
31199 | + * Revision 1.39 2000/09/12 03:23:49 rgb | |
31200 | + * Converted #if0 debugs to sysctl. | |
31201 | + * Removed debug_pfkey initialisations that prevented no_debug loading or | |
31202 | + * linking. | |
31203 | + * | |
31204 | + * Revision 1.38 2000/09/09 06:38:02 rgb | |
31205 | + * Return positive errno in pfkey_reply error message. | |
31206 | + * | |
31207 | + * Revision 1.37 2000/09/08 19:19:09 rgb | |
31208 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
31209 | + * Clean-up of long-unused crud... | |
31210 | + * Create pfkey error message on on failure. | |
31211 | + * Give pfkey_list_{insert,remove}_{socket,supported}() some error | |
31212 | + * checking. | |
31213 | + * | |
31214 | + * Revision 1.36 2000/09/01 18:49:38 rgb | |
31215 | + * Reap experimental NET_21_ bits. | |
31216 | + * Turned registered sockets list into an array of one list per satype. | |
31217 | + * Remove references to deprecated sklist_{insert,remove}_socket. | |
31218 | + * Removed leaking socket debugging code. | |
31219 | + * Removed duplicate pfkey_insert_socket in pfkey_create. | |
31220 | + * Removed all references to pfkey msg->msg_name, since it is not used for | |
31221 | + * pfkey. | |
31222 | + * Added a supported algorithms array lists, one per satype and registered | |
31223 | + * existing algorithms. | |
31224 | + * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to | |
31225 | + * list. | |
31226 | + * Only send pfkey_expire() messages to sockets registered for that satype. | |
31227 | + * | |
31228 | + * Revision 1.35 2000/08/24 17:03:00 rgb | |
31229 | + * Corrected message size error return code for PF_KEYv2. | |
31230 | + * Removed downward error prohibition. | |
31231 | + * | |
31232 | + * Revision 1.34 2000/08/21 16:32:26 rgb | |
31233 | + * Re-formatted for cosmetic consistency and readability. | |
31234 | + * | |
31235 | + * Revision 1.33 2000/08/20 21:38:24 rgb | |
31236 | + * Added a pfkey_reply parameter to pfkey_msg_interp(). (Momchil) | |
31237 | + * Extended the upward message initiation of pfkey_sendmsg(). (Momchil) | |
31238 | + * | |
31239 | + * Revision 1.32 2000/07/28 14:58:31 rgb | |
31240 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
31241 | + * | |
31242 | + * Revision 1.31 2000/05/16 03:04:00 rgb | |
31243 | + * Updates for 2.3.99pre8 from MB. | |
31244 | + * | |
31245 | + * Revision 1.30 2000/05/10 19:22:21 rgb | |
31246 | + * Use sklist private functions for 2.3.xx compatibility. | |
31247 | + * | |
31248 | + * Revision 1.29 2000/03/22 16:17:03 rgb | |
31249 | + * Fixed SOCKOPS_WRAPPED macro for SMP (MB). | |
31250 | + * | |
31251 | + * Revision 1.28 2000/02/21 19:30:45 rgb | |
31252 | + * Removed references to pkt_bridged for 2.3.47 compatibility. | |
31253 | + * | |
31254 | + * Revision 1.27 2000/02/14 21:07:00 rgb | |
31255 | + * Fixed /proc/net/pf-key legend spacing. | |
31256 | + * | |
31257 | + * Revision 1.26 2000/01/22 03:46:59 rgb | |
31258 | + * Fixed pfkey error return mechanism so that we are able to free the | |
31259 | + * local copy of the pfkey_msg, plugging a memory leak and silencing | |
31260 | + * the bad object free complaints. | |
31261 | + * | |
31262 | + * Revision 1.25 2000/01/21 06:19:44 rgb | |
31263 | + * Moved pfkey_list_remove_socket() calls to before MOD_USE_DEC_COUNT. | |
31264 | + * Added debugging to pfkey_upmsg. | |
31265 | + * | |
31266 | + * Revision 1.24 2000/01/10 16:38:23 rgb | |
31267 | + * MB fixups for 2.3.x. | |
31268 | + * | |
31269 | + * Revision 1.23 1999/12/09 23:22:16 rgb | |
31270 | + * Added more instrumentation for debugging 2.0 socket | |
31271 | + * selection/reading. | |
31272 | + * Removed erroneous 2.0 wait==NULL check bug in select. | |
31273 | + * | |
31274 | + * Revision 1.22 1999/12/08 20:32:16 rgb | |
31275 | + * Tidied up 2.0.xx support, after major pfkey work, eliminating | |
31276 | + * msg->msg_name twiddling in the process, since it is not defined | |
31277 | + * for PF_KEYv2. | |
31278 | + * | |
31279 | + * Revision 1.21 1999/12/01 22:17:19 rgb | |
31280 | + * Set skb->dev to zero on new skb in case it is a reused skb. | |
31281 | + * Added check for skb_put overflow and freeing to avoid upmsg on error. | |
31282 | + * Added check for wrong pfkey version and freeing to avoid upmsg on | |
31283 | + * error. | |
31284 | + * Shut off content dumping in pfkey_destroy. | |
31285 | + * Added debugging message for size of buffer allocated for upmsg. | |
31286 | + * | |
31287 | + * Revision 1.20 1999/11/27 12:11:00 rgb | |
31288 | + * Minor clean-up, enabling quiet operation of pfkey if desired. | |
31289 | + * | |
31290 | + * Revision 1.19 1999/11/25 19:04:21 rgb | |
31291 | + * Update proc_fs code for pfkey to use dynamic registration. | |
31292 | + * | |
31293 | + * Revision 1.18 1999/11/25 09:07:17 rgb | |
31294 | + * Implemented SENDERR macro for propagating error codes. | |
31295 | + * Fixed error return code bug. | |
31296 | + * | |
31297 | + * Revision 1.17 1999/11/23 23:07:20 rgb | |
31298 | + * Change name of pfkey_msg_parser to pfkey_msg_interp since it no longer | |
31299 | + * parses. (PJO) | |
31300 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
31301 | + * | |
31302 | + * Revision 1.16 1999/11/20 22:00:22 rgb | |
31303 | + * Moved socketlist type declarations and prototypes for shared use. | |
31304 | + * Renamed reformatted and generically extended for use by other socket | |
31305 | + * lists pfkey_{del,add}_open_socket to pfkey_list_{remove,insert}_socket. | |
31306 | + * | |
31307 | + * Revision 1.15 1999/11/18 04:15:09 rgb | |
31308 | + * Make pfkey_data_ready temporarily available for 2.2.x testing. | |
31309 | + * Clean up pfkey_destroy_socket() debugging statements. | |
31310 | + * Add Peter Onion's code to send messages up to all listening sockets. | |
31311 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
31312 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
31313 | + * klips/net/ipsec/Makefile. | |
31314 | + * Replaced all kernel version macros to shorter, readable form. | |
31315 | + * Added CONFIG_PROC_FS compiler directives in case it is shut off. | |
31316 | + * | |
31317 | + * Revision 1.14 1999/11/17 16:01:00 rgb | |
31318 | + * Make pfkey_data_ready temporarily available for 2.2.x testing. | |
31319 | + * Clean up pfkey_destroy_socket() debugging statements. | |
31320 | + * Add Peter Onion's code to send messages up to all listening sockets. | |
31321 | + * Changed #include "../../../lib/freeswan.h" to #include <freeswan.h> | |
31322 | + * which works due to -Ilibfreeswan in the klips/net/ipsec/Makefile. | |
31323 | + * | |
31324 | + * Revision 1.13 1999/10/27 19:59:51 rgb | |
31325 | + * Removed af_unix comments that are no longer relevant. | |
31326 | + * Added debug prink statements. | |
31327 | + * Added to the /proc output in pfkey_get_info. | |
31328 | + * Made most functions non-static to enable oops tracing. | |
31329 | + * Re-enable skb dequeueing and freeing. | |
31330 | + * Fix skb_alloc() and skb_put() size bug in pfkey_upmsg(). | |
31331 | + * | |
31332 | + * Revision 1.12 1999/10/26 17:05:42 rgb | |
31333 | + * Complete re-ordering based on proto_ops structure order. | |
31334 | + * Separated out proto_ops structures for 2.0.x and 2.2.x for clarity. | |
31335 | + * Simplification to use built-in socket ops where possible for 2.2.x. | |
31336 | + * Add shorter macros for compiler directives to visually clean-up. | |
31337 | + * Add lots of sk skb dequeueing debugging statements. | |
31338 | + * Added to the /proc output in pfkey_get_info. | |
31339 | + * | |
31340 | + * Revision 1.11 1999/09/30 02:55:10 rgb | |
31341 | + * Bogus skb detection. | |
31342 | + * Fix incorrect /proc/net/ipsec-eroute printk message. | |
31343 | + * | |
31344 | + * Revision 1.10 1999/09/21 15:22:13 rgb | |
31345 | + * Temporary fix while I figure out the right way to destroy sockets. | |
31346 | + * | |
31347 | + * Revision 1.9 1999/07/08 19:19:44 rgb | |
31348 | + * Fix pointer format warning. | |
31349 | + * Fix missing member error under 2.0.xx kernels. | |
31350 | + * | |
31351 | + * Revision 1.8 1999/06/13 07:24:04 rgb | |
31352 | + * Add more debugging. | |
31353 | + * | |
31354 | + * Revision 1.7 1999/06/10 05:24:17 rgb | |
31355 | + * Clarified compiler directives. | |
31356 | + * Renamed variables to reduce confusion. | |
31357 | + * Used sklist_*_socket() kernel functions to simplify 2.2.x socket support. | |
31358 | + * Added lots of sanity checking. | |
31359 | + * | |
31360 | + * Revision 1.6 1999/06/03 18:59:50 rgb | |
31361 | + * More updates to 2.2.x socket support. Almost works, oops at end of call. | |
31362 | + * | |
31363 | + * Revision 1.5 1999/05/25 22:44:05 rgb | |
31364 | + * Start fixing 2.2 sockets. | |
31365 | + * | |
31366 | + * Revision 1.4 1999/04/29 15:21:34 rgb | |
31367 | + * Move log to the end of the file. | |
31368 | + * Eliminate min/max redefinition in #include <net/tcp.h>. | |
31369 | + * Correct path for pfkey #includes | |
31370 | + * Standardise an error return method. | |
31371 | + * Add debugging instrumentation. | |
31372 | + * Move message type checking to pfkey_msg_parse(). | |
31373 | + * Add check for errno incorrectly set. | |
31374 | + * Add check for valid PID. | |
31375 | + * Add check for reserved illegally set. | |
31376 | + * Add check for message out of bounds. | |
31377 | + * | |
31378 | + * Revision 1.3 1999/04/15 17:58:07 rgb | |
31379 | + * Add RCSID labels. | |
31380 | + * | |
31381 | + * Revision 1.2 1999/04/15 15:37:26 rgb | |
31382 | + * Forward check changes from POST1_00 branch. | |
31383 | + * | |
31384 | + * Revision 1.1.2.2 1999/04/13 20:37:12 rgb | |
31385 | + * Header Title correction. | |
31386 | + * | |
31387 | + * Revision 1.1.2.1 1999/03/26 20:58:55 rgb | |
31388 | + * Add pfkeyv2 support to KLIPS. | |
31389 | + * | |
31390 | + * | |
31391 | + * RFC 2367 | |
31392 | + * PF_KEY_v2 Key Management API | |
31393 | + */ | |
31394 | diff -druN linux-noipsec/net/ipsec/pfkey_v2_parser.c linux/net/ipsec/pfkey_v2_parser.c | |
31395 | --- linux-noipsec/net/ipsec/pfkey_v2_parser.c Thu Jan 1 01:00:00 1970 | |
31396 | +++ linux/net/ipsec/pfkey_v2_parser.c Thu Nov 30 22:47:51 2000 | |
31397 | @@ -0,0 +1,3433 @@ | |
31398 | +/* | |
31399 | + * RFC2367 PF_KEYv2 Key management API message parser | |
31400 | + * Copyright (C) 1999 Richard Guy Briggs. | |
31401 | + * | |
31402 | + * This program is free software; you can redistribute it and/or modify it | |
31403 | + * under the terms of the GNU General Public License as published by the | |
31404 | + * Free Software Foundation; either version 2 of the License, or (at your | |
31405 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
31406 | + * | |
31407 | + * This program is distributed in the hope that it will be useful, but | |
31408 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
31409 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
31410 | + * for more details. | |
31411 | + * | |
31412 | + * RCSID $Id$ | |
31413 | + */ | |
31414 | + | |
31415 | +/* | |
31416 | + * Template from klips/net/ipsec/ipsec/ipsec_netlink.c. | |
31417 | + */ | |
31418 | + | |
31419 | +char pfkey_v2_parser_c_version[] = "$Id$"; | |
31420 | + | |
31421 | +#include <linux/config.h> | |
31422 | +#include <linux/version.h> | |
31423 | + | |
31424 | +#include <linux/kernel.h> /* printk() */ | |
31425 | +#include <linux/malloc.h> /* kmalloc() */ | |
31426 | +#include <linux/errno.h> /* error codes */ | |
31427 | +#include <linux/types.h> /* size_t */ | |
31428 | +#include <linux/interrupt.h> /* mark_bh */ | |
31429 | + | |
31430 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
31431 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
31432 | +#include <linux/ip.h> /* struct iphdr */ | |
31433 | +#include <linux/skbuff.h> | |
31434 | +#include <freeswan.h> | |
31435 | +#ifdef SPINLOCK | |
31436 | +#ifdef SPINLOCK_23 | |
31437 | +#include <linux/spinlock.h> /* *lock* */ | |
31438 | +#else /* SPINLOCK_23 */ | |
31439 | +#include <asm/spinlock.h> /* *lock* */ | |
31440 | +#endif /* SPINLOCK_23 */ | |
31441 | +#endif /* SPINLOCK */ | |
31442 | +#ifdef NET_21 | |
31443 | +#include <asm/uaccess.h> | |
31444 | +#include <linux/in6.h> | |
31445 | +#define ip_chk_addr inet_addr_type | |
31446 | +#define IS_MYADDR RTN_LOCAL | |
31447 | +#endif | |
31448 | +#include <asm/checksum.h> | |
31449 | +#include <net/ip.h> | |
31450 | +#ifdef NETLINK_SOCK | |
31451 | +#include <linux/netlink.h> | |
31452 | +#else | |
31453 | +#include <net/netlink.h> | |
31454 | +#endif | |
31455 | + | |
31456 | +#include <linux/random.h> /* get_random_bytes() */ | |
31457 | + | |
31458 | +#include "radij.h" | |
31459 | +#include "ipsec_encap.h" | |
31460 | +#include "ipsec_radij.h" | |
31461 | +#include "ipsec_netlink.h" | |
31462 | +#include "ipsec_xform.h" | |
31463 | +#include "ipsec_ah.h" | |
31464 | +#include "ipsec_esp.h" | |
31465 | +#include "ipsec_tunnel.h" | |
31466 | +#include "ipsec_rcv.h" | |
31467 | +#include "ipcomp.h" | |
31468 | + | |
31469 | +#include <pfkeyv2.h> | |
31470 | +#include <pfkey.h> | |
31471 | + | |
31472 | + | |
31473 | +#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) | |
31474 | + | |
31475 | +#ifndef min | |
31476 | +#define min(a,b) (((a)<(b))?(a):(b)) | |
31477 | +#endif | |
31478 | + | |
31479 | +extern int des_set_key(caddr_t, caddr_t); | |
31480 | + | |
31481 | +struct sklist_t { | |
31482 | + struct socket *sk; | |
31483 | + struct sklist_t* next; | |
31484 | +} pfkey_sklist_head, *pfkey_sklist, *pfkey_sklist_prev; | |
31485 | + | |
31486 | +__u32 pfkey_msg_seq = 0; | |
31487 | + | |
31488 | +DEBUG_NO_STATIC int | |
31489 | +pfkey_alloc_tdb(struct tdb** tdb) | |
31490 | +{ | |
31491 | + int error = 0; | |
31492 | + if(*tdb) { | |
31493 | + KLIPS_PRINT(debug_pfkey, | |
31494 | + "klips_debug:pfkey_alloc_tdb: tdb struct already allocated\n"); | |
31495 | + SENDERR(EEXIST); | |
31496 | + } | |
31497 | + | |
31498 | + if((*tdb = kmalloc(sizeof(**tdb), GFP_ATOMIC) ) == NULL) { | |
31499 | + KLIPS_PRINT(debug_pfkey, | |
31500 | + "klips_debug:pfkey_alloc_tdb: memory allocation error\n"); | |
31501 | + SENDERR(ENOMEM); | |
31502 | + } | |
31503 | + KLIPS_PRINT(debug_pfkey, | |
31504 | + "klips_debug:pfkey_alloc_tdb: " | |
31505 | + "allocated tdb struct=%p.\n", tdb); | |
31506 | + | |
31507 | + memset((caddr_t)*tdb, 0, sizeof(**tdb)); | |
31508 | + errlab: | |
31509 | + return(error); | |
31510 | +} | |
31511 | + | |
31512 | +DEBUG_NO_STATIC int | |
31513 | +pfkey_alloc_eroute(struct eroute** eroute) | |
31514 | +{ | |
31515 | + int error = 0; | |
31516 | + if(*eroute) { | |
31517 | + KLIPS_PRINT(debug_pfkey, | |
31518 | + "klips_debug:pfkey_alloc_eroute: eroute struct already allocated\n"); | |
31519 | + SENDERR(EEXIST); | |
31520 | + } | |
31521 | + | |
31522 | + if((*eroute = kmalloc(sizeof(**eroute), GFP_ATOMIC) ) == NULL) { | |
31523 | + KLIPS_PRINT(debug_pfkey, | |
31524 | + "klips_debug:pfkey_alloc_eroute: memory allocation error\n"); | |
31525 | + SENDERR(ENOMEM); | |
31526 | + } | |
31527 | + KLIPS_PRINT(debug_pfkey, | |
31528 | + "klips_debug:pfkey_alloc_eroute: " | |
31529 | + "allocated eroute struct=%p.\n", eroute); | |
31530 | + memset((caddr_t)*eroute, 0, sizeof(**eroute)); | |
31531 | + (*eroute)->er_eaddr.sen_len = | |
31532 | + (*eroute)->er_emask.sen_len = sizeof(struct sockaddr_encap); | |
31533 | + (*eroute)->er_eaddr.sen_family = | |
31534 | + (*eroute)->er_emask.sen_family = AF_ENCAP; | |
31535 | + (*eroute)->er_eaddr.sen_type = SENT_IP4; | |
31536 | + (*eroute)->er_emask.sen_type = 255; | |
31537 | + | |
31538 | + errlab: | |
31539 | + return(error); | |
31540 | +} | |
31541 | + | |
31542 | +DEBUG_NO_STATIC int | |
31543 | +pfkey_sa_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
31544 | +{ | |
31545 | + struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext; | |
31546 | + int error = 0; | |
31547 | + struct tdb* tdbp; | |
31548 | + | |
31549 | + KLIPS_PRINT(debug_pfkey, | |
31550 | + "klips_debug:pfkey_sa_process: .\n"); | |
31551 | + | |
31552 | + if(!extr || !extr->tdb) { | |
31553 | + KLIPS_PRINT(debug_pfkey, | |
31554 | + "klips_debug:pfkey_sa_process: " | |
31555 | + "extr or extr->tdb is NULL, fatal\n"); | |
31556 | + SENDERR(EINVAL); | |
31557 | + } | |
31558 | + | |
31559 | + switch(pfkey_ext->sadb_ext_type) { | |
31560 | + case SADB_EXT_SA: | |
31561 | + tdbp = extr->tdb; | |
31562 | + break; | |
31563 | + case SADB_X_EXT_SA2: | |
31564 | + if(pfkey_alloc_tdb(&(extr->tdb2)) == ENOMEM) { | |
31565 | + SENDERR(ENOMEM); | |
31566 | + } | |
31567 | + tdbp = extr->tdb2; | |
31568 | + break; | |
31569 | + default: | |
31570 | + KLIPS_PRINT(debug_pfkey, | |
31571 | + "klips_debug:pfkey_sa_process: invalid exttype=%d.\n", | |
31572 | + pfkey_ext->sadb_ext_type); | |
31573 | + SENDERR(EINVAL); | |
31574 | + } | |
31575 | + | |
31576 | + tdbp->tdb_said.spi = pfkey_sa->sadb_sa_spi; | |
31577 | + tdbp->tdb_replaywin = pfkey_sa->sadb_sa_replay; | |
31578 | + tdbp->tdb_state = pfkey_sa->sadb_sa_state; | |
31579 | + tdbp->tdb_flags = pfkey_sa->sadb_sa_flags; | |
31580 | + tdbp->tdb_replaywin_lastseq = tdbp->tdb_replaywin_bitmap = 0; | |
31581 | + | |
31582 | + switch(tdbp->tdb_said.proto) { | |
31583 | + case IPPROTO_AH: | |
31584 | + tdbp->tdb_authalg = pfkey_sa->sadb_sa_auth; | |
31585 | + tdbp->tdb_encalg = SADB_EALG_NONE; | |
31586 | + break; | |
31587 | + case IPPROTO_ESP: | |
31588 | + tdbp->tdb_authalg = pfkey_sa->sadb_sa_auth; | |
31589 | + tdbp->tdb_encalg = pfkey_sa->sadb_sa_encrypt; | |
31590 | + break; | |
31591 | + case IPPROTO_IPIP: | |
31592 | + tdbp->tdb_authalg = AH_NONE; | |
31593 | + tdbp->tdb_encalg = ESP_NONE; | |
31594 | + break; | |
31595 | +#ifdef CONFIG_IPSEC_IPCOMP | |
31596 | + case IPPROTO_COMP: | |
31597 | + tdbp->tdb_authalg = AH_NONE; | |
31598 | + tdbp->tdb_encalg = pfkey_sa->sadb_sa_encrypt; | |
31599 | + break; | |
31600 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
31601 | + case 0: | |
31602 | + break; | |
31603 | + default: | |
31604 | + KLIPS_PRINT(debug_pfkey, | |
31605 | + "klips_debug:pfkey_sa_process: " | |
31606 | + "unknown proto=%d.\n", | |
31607 | + tdbp->tdb_said.proto); | |
31608 | + SENDERR(EINVAL); | |
31609 | + } | |
31610 | + | |
31611 | +errlab: | |
31612 | + return error; | |
31613 | +} | |
31614 | + | |
31615 | +DEBUG_NO_STATIC int | |
31616 | +pfkey_lifetime_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
31617 | +{ | |
31618 | + int error = 0; | |
31619 | + struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext; | |
31620 | + | |
31621 | + KLIPS_PRINT(debug_pfkey, | |
31622 | + "klips_debug:pfkey_lifetime_process: .\n"); | |
31623 | + | |
31624 | + if(!extr || !extr->tdb) { | |
31625 | + KLIPS_PRINT(debug_pfkey, | |
31626 | + "klips_debug:pfkey_lifetime_process: " | |
31627 | + "extr or extr->tdb is NULL, fatal\n"); | |
31628 | + SENDERR(EINVAL); | |
31629 | + } | |
31630 | + | |
31631 | + switch(pfkey_lifetime->sadb_lifetime_exttype) { | |
31632 | + case SADB_EXT_LIFETIME_CURRENT: | |
31633 | + KLIPS_PRINT(debug_pfkey, | |
31634 | + "klips_debug:pfkey_lifetime_process: " | |
31635 | + "lifetime_current not supported yet.\n"); | |
31636 | + SENDERR(EINVAL); | |
31637 | + break; | |
31638 | + case SADB_EXT_LIFETIME_HARD: | |
31639 | + if(pfkey_lifetime->sadb_lifetime_allocations && | |
31640 | + (!extr->tdb->tdb_lifetime_allocations_h || | |
31641 | + (pfkey_lifetime->sadb_lifetime_allocations < extr->tdb->tdb_lifetime_allocations_h))) { | |
31642 | + extr->tdb->tdb_lifetime_allocations_h = | |
31643 | + pfkey_lifetime->sadb_lifetime_allocations; | |
31644 | + if(!extr->tdb->tdb_lifetime_allocations_s && | |
31645 | + (extr->tdb->tdb_lifetime_allocations_h < extr->tdb->tdb_lifetime_allocations_s)) { | |
31646 | + extr->tdb->tdb_lifetime_allocations_s = extr->tdb->tdb_lifetime_allocations_h; | |
31647 | + } | |
31648 | + } | |
31649 | + if(pfkey_lifetime->sadb_lifetime_bytes && | |
31650 | + (!extr->tdb->tdb_lifetime_bytes_h || | |
31651 | + (pfkey_lifetime->sadb_lifetime_bytes < extr->tdb->tdb_lifetime_bytes_h))) { | |
31652 | + extr->tdb->tdb_lifetime_bytes_h = | |
31653 | + pfkey_lifetime->sadb_lifetime_bytes; | |
31654 | + if(!extr->tdb->tdb_lifetime_bytes_s && | |
31655 | + (extr->tdb->tdb_lifetime_bytes_h < extr->tdb->tdb_lifetime_bytes_s)) { | |
31656 | + extr->tdb->tdb_lifetime_bytes_s = extr->tdb->tdb_lifetime_bytes_h; | |
31657 | + } | |
31658 | + } | |
31659 | + if(pfkey_lifetime->sadb_lifetime_addtime && | |
31660 | + (!extr->tdb->tdb_lifetime_addtime_h || | |
31661 | + (pfkey_lifetime->sadb_lifetime_addtime < extr->tdb->tdb_lifetime_addtime_h))) { | |
31662 | + extr->tdb->tdb_lifetime_addtime_h = | |
31663 | + pfkey_lifetime->sadb_lifetime_addtime; | |
31664 | + if(extr->tdb->tdb_lifetime_addtime_s && | |
31665 | + (extr->tdb->tdb_lifetime_addtime_h < extr->tdb->tdb_lifetime_addtime_s)) { | |
31666 | + extr->tdb->tdb_lifetime_addtime_s = extr->tdb->tdb_lifetime_addtime_h; | |
31667 | + } | |
31668 | + } | |
31669 | + if(pfkey_lifetime->sadb_lifetime_usetime && | |
31670 | + (!extr->tdb->tdb_lifetime_usetime_h || | |
31671 | + (pfkey_lifetime->sadb_lifetime_usetime < extr->tdb->tdb_lifetime_usetime_h))) { | |
31672 | + extr->tdb->tdb_lifetime_usetime_h = | |
31673 | + pfkey_lifetime->sadb_lifetime_usetime; | |
31674 | + if(extr->tdb->tdb_lifetime_usetime_s && | |
31675 | + (extr->tdb->tdb_lifetime_usetime_h < extr->tdb->tdb_lifetime_usetime_s)) { | |
31676 | + extr->tdb->tdb_lifetime_usetime_s = extr->tdb->tdb_lifetime_usetime_h; | |
31677 | + } | |
31678 | + } | |
31679 | + break; | |
31680 | + case SADB_EXT_LIFETIME_SOFT: | |
31681 | + if(pfkey_lifetime->sadb_lifetime_allocations && | |
31682 | + (!extr->tdb->tdb_lifetime_allocations_s || | |
31683 | + (pfkey_lifetime->sadb_lifetime_allocations < extr->tdb->tdb_lifetime_allocations_s))) { | |
31684 | + extr->tdb->tdb_lifetime_allocations_s = | |
31685 | + pfkey_lifetime->sadb_lifetime_allocations; | |
31686 | + if(extr->tdb->tdb_lifetime_allocations_h && | |
31687 | + (extr->tdb->tdb_lifetime_allocations_h < extr->tdb->tdb_lifetime_allocations_s)) { | |
31688 | + extr->tdb->tdb_lifetime_allocations_s = extr->tdb->tdb_lifetime_allocations_h; | |
31689 | + } | |
31690 | + } | |
31691 | + if(pfkey_lifetime->sadb_lifetime_bytes && | |
31692 | + (!extr->tdb->tdb_lifetime_bytes_s || | |
31693 | + (pfkey_lifetime->sadb_lifetime_bytes < extr->tdb->tdb_lifetime_bytes_s))) { | |
31694 | + extr->tdb->tdb_lifetime_bytes_s = | |
31695 | + pfkey_lifetime->sadb_lifetime_bytes; | |
31696 | + if(extr->tdb->tdb_lifetime_bytes_h && | |
31697 | + (extr->tdb->tdb_lifetime_bytes_h < extr->tdb->tdb_lifetime_bytes_s)) { | |
31698 | + extr->tdb->tdb_lifetime_bytes_s = extr->tdb->tdb_lifetime_bytes_h; | |
31699 | + } | |
31700 | + } | |
31701 | + if(pfkey_lifetime->sadb_lifetime_addtime && | |
31702 | + (!extr->tdb->tdb_lifetime_addtime_s || | |
31703 | + (pfkey_lifetime->sadb_lifetime_addtime < extr->tdb->tdb_lifetime_addtime_s))) { | |
31704 | + extr->tdb->tdb_lifetime_addtime_s = | |
31705 | + pfkey_lifetime->sadb_lifetime_addtime; | |
31706 | + if(extr->tdb->tdb_lifetime_addtime_h && | |
31707 | + (extr->tdb->tdb_lifetime_addtime_h < extr->tdb->tdb_lifetime_addtime_s)) { | |
31708 | + extr->tdb->tdb_lifetime_addtime_s = extr->tdb->tdb_lifetime_addtime_h; | |
31709 | + } | |
31710 | + } | |
31711 | + if(pfkey_lifetime->sadb_lifetime_usetime && | |
31712 | + (!extr->tdb->tdb_lifetime_usetime_s || | |
31713 | + (pfkey_lifetime->sadb_lifetime_usetime < extr->tdb->tdb_lifetime_usetime_s))) { | |
31714 | + extr->tdb->tdb_lifetime_usetime_s = | |
31715 | + pfkey_lifetime->sadb_lifetime_usetime; | |
31716 | + if(extr->tdb->tdb_lifetime_usetime_h && | |
31717 | + (extr->tdb->tdb_lifetime_usetime_h < extr->tdb->tdb_lifetime_usetime_s)) { | |
31718 | + extr->tdb->tdb_lifetime_usetime_s = extr->tdb->tdb_lifetime_usetime_h; | |
31719 | + } | |
31720 | + } | |
31721 | + break; | |
31722 | + default: | |
31723 | + KLIPS_PRINT(debug_pfkey, | |
31724 | + "klips_debug: pfkey_lifetime_process: invalid exttype=%d.\n", | |
31725 | + pfkey_ext->sadb_ext_type); | |
31726 | + SENDERR(EINVAL); | |
31727 | + } | |
31728 | + | |
31729 | +errlab: | |
31730 | + return error; | |
31731 | +} | |
31732 | + | |
31733 | +DEBUG_NO_STATIC int | |
31734 | +pfkey_address_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
31735 | +{ | |
31736 | + int error = 0; | |
31737 | + int saddr_len = 0; | |
31738 | + char ipaddr_txt[ADDRTOA_BUF]; | |
31739 | + unsigned char **sap; | |
31740 | + struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext; | |
31741 | + struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address)); | |
31742 | + struct tdb* tdbp; | |
31743 | + | |
31744 | + KLIPS_PRINT(debug_pfkey, | |
31745 | + "klips_debug:pfkey_address_process:\n"); | |
31746 | + | |
31747 | + if(!extr || !extr->tdb) { | |
31748 | + KLIPS_PRINT(debug_pfkey, | |
31749 | + "klips_debug:pfkey_address_process:\n" | |
31750 | + "extr or extr->tdb is NULL, fatal\n"); | |
31751 | + SENDERR(EINVAL); | |
31752 | + } | |
31753 | + | |
31754 | + switch(s->sa_family) { | |
31755 | + case AF_INET: | |
31756 | + saddr_len = sizeof(struct sockaddr_in); | |
31757 | + addrtoa(((struct sockaddr_in*)s)->sin_addr, 0, ipaddr_txt, sizeof(ipaddr_txt)); | |
31758 | + KLIPS_PRINT(debug_pfkey, | |
31759 | + "klips_debug:pfkey_address_process: found address family=%d, AF_INET, %s.\n", | |
31760 | + s->sa_family, ipaddr_txt); | |
31761 | + break; | |
31762 | +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | |
31763 | + case AF_INET6: | |
31764 | + saddr_len = sizeof(struct sockaddr_in6); | |
31765 | + break; | |
31766 | +#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ | |
31767 | + default: | |
31768 | + KLIPS_PRINT(debug_pfkey, | |
31769 | + "klips_debug:pfkey_address_process: s->sa_family=%d not supported.\n", | |
31770 | + s->sa_family); | |
31771 | + SENDERR(EPFNOSUPPORT); | |
31772 | + } | |
31773 | + | |
31774 | + switch(pfkey_address->sadb_address_exttype) { | |
31775 | + case SADB_EXT_ADDRESS_SRC: | |
31776 | + KLIPS_PRINT(debug_pfkey, | |
31777 | + "klips_debug:pfkey_address_process: found src address.\n"); | |
31778 | + sap = (unsigned char **)&(extr->tdb->tdb_addr_s); | |
31779 | + extr->tdb->tdb_addr_s_size = saddr_len; | |
31780 | + break; | |
31781 | + case SADB_EXT_ADDRESS_DST: | |
31782 | + KLIPS_PRINT(debug_pfkey, | |
31783 | + "klips_debug:pfkey_address_process: found dst address.\n"); | |
31784 | + sap = (unsigned char **)&(extr->tdb->tdb_addr_d); | |
31785 | + extr->tdb->tdb_addr_d_size = saddr_len; | |
31786 | + break; | |
31787 | + case SADB_EXT_ADDRESS_PROXY: | |
31788 | + KLIPS_PRINT(debug_pfkey, | |
31789 | + "klips_debug:pfkey_address_process: found proxy address.\n"); | |
31790 | + sap = (unsigned char **)&(extr->tdb->tdb_addr_p); | |
31791 | + extr->tdb->tdb_addr_p_size = saddr_len; | |
31792 | + break; | |
31793 | + case SADB_X_EXT_ADDRESS_DST2: | |
31794 | + KLIPS_PRINT(debug_pfkey, | |
31795 | + "klips_debug:pfkey_address_process: found 2nd dst address.\n"); | |
31796 | + if(pfkey_alloc_tdb(&(extr->tdb2)) == ENOMEM) { | |
31797 | + SENDERR(ENOMEM); | |
31798 | + } | |
31799 | + sap = (unsigned char **)&(extr->tdb2->tdb_addr_d); | |
31800 | + extr->tdb2->tdb_addr_d_size = saddr_len; | |
31801 | + break; | |
31802 | + case SADB_X_EXT_ADDRESS_SRC_FLOW: | |
31803 | + KLIPS_PRINT(debug_pfkey, | |
31804 | + "klips_debug:pfkey_address_process: found src flow address.\n"); | |
31805 | + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { | |
31806 | + SENDERR(ENOMEM); | |
31807 | + } | |
31808 | + sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_src); | |
31809 | + break; | |
31810 | + case SADB_X_EXT_ADDRESS_DST_FLOW: | |
31811 | + KLIPS_PRINT(debug_pfkey, | |
31812 | + "klips_debug:pfkey_address_process: found dst flow address.\n"); | |
31813 | + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { | |
31814 | + SENDERR(ENOMEM); | |
31815 | + } | |
31816 | + sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_dst); | |
31817 | + break; | |
31818 | + case SADB_X_EXT_ADDRESS_SRC_MASK: | |
31819 | + KLIPS_PRINT(debug_pfkey, | |
31820 | + "klips_debug:pfkey_address_process: found src mask address.\n"); | |
31821 | + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { | |
31822 | + SENDERR(ENOMEM); | |
31823 | + } | |
31824 | + sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_src); | |
31825 | + break; | |
31826 | + case SADB_X_EXT_ADDRESS_DST_MASK: | |
31827 | + KLIPS_PRINT(debug_pfkey, | |
31828 | + "klips_debug:pfkey_address_process: found dst mask address.\n"); | |
31829 | + if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { | |
31830 | + SENDERR(ENOMEM); | |
31831 | + } | |
31832 | + sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_dst); | |
31833 | + break; | |
31834 | + default: | |
31835 | + KLIPS_PRINT(debug_pfkey, | |
31836 | + "klips_debug:pfkey_address_process: unrecognised ext_type=%d.\n", | |
31837 | + pfkey_address->sadb_address_exttype); | |
31838 | + SENDERR(EINVAL); | |
31839 | + } | |
31840 | + | |
31841 | + switch(pfkey_address->sadb_address_exttype) { | |
31842 | + case SADB_EXT_ADDRESS_SRC: | |
31843 | + case SADB_EXT_ADDRESS_DST: | |
31844 | + case SADB_EXT_ADDRESS_PROXY: | |
31845 | + case SADB_X_EXT_ADDRESS_DST2: | |
31846 | + if(!(*sap = kmalloc(saddr_len, GFP_KERNEL))) { | |
31847 | + SENDERR(ENOMEM); | |
31848 | + } | |
31849 | + memcpy(*sap, s, saddr_len); | |
31850 | + break; | |
31851 | + default: | |
31852 | + if(s->sa_family != AF_INET) { | |
31853 | + KLIPS_PRINT(debug_pfkey, | |
31854 | + "klips_debug:pfkey_address_process: s->sa_family=%d not supported.\n", | |
31855 | + s->sa_family); | |
31856 | + SENDERR(EPFNOSUPPORT); | |
31857 | + } | |
31858 | + (unsigned int)(*sap) = ((struct sockaddr_in*)s)->sin_addr.s_addr; | |
31859 | +#ifdef CONFIG_IPSEC_DEBUG | |
31860 | + if(extr->eroute) { | |
31861 | + char buf1[64], buf2[64]; | |
31862 | + if (debug_pfkey) { | |
31863 | + subnettoa(extr->eroute->er_eaddr.sen_ip_src, | |
31864 | + extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); | |
31865 | + subnettoa(extr->eroute->er_eaddr.sen_ip_dst, | |
31866 | + extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); | |
31867 | + KLIPS_PRINT(debug_pfkey, | |
31868 | + "klips_debug:pfkey_address_parse: " | |
31869 | + "extr->eroute set to %s->%s\n", | |
31870 | + buf1, buf2); | |
31871 | + } | |
31872 | + } | |
31873 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
31874 | + } | |
31875 | + | |
31876 | + tdbp = extr->tdb; | |
31877 | + switch(pfkey_address->sadb_address_exttype) { | |
31878 | + case SADB_X_EXT_ADDRESS_DST2: | |
31879 | + tdbp = extr->tdb2; | |
31880 | + case SADB_EXT_ADDRESS_DST: | |
31881 | + if(s->sa_family == AF_INET) { | |
31882 | + tdbp->tdb_said.dst.s_addr = ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr.s_addr; | |
31883 | + KLIPS_PRINT(debug_pfkey, | |
31884 | + "klips_debug:pfkey_address_process: tdbp->tdb_said.dst.s_addr=%08x,\n" | |
31885 | + "klips_debug: ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr.s_addr=%08x,\n", | |
31886 | + tdbp->tdb_said.dst.s_addr, | |
31887 | + ((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr.s_addr | |
31888 | + ); | |
31889 | + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr, | |
31890 | + 0, | |
31891 | + ipaddr_txt, | |
31892 | + sizeof(ipaddr_txt)); | |
31893 | + KLIPS_PRINT(debug_pfkey, | |
31894 | + "klips_debug:pfkey_address_process: tdb_said.dst set to %s.\n", | |
31895 | + ipaddr_txt); | |
31896 | + } else { | |
31897 | + KLIPS_PRINT(debug_pfkey, | |
31898 | + "klips_debug:pfkey_address_process: " | |
31899 | + "uh, tdb_said.dst doesn't do address family=%d yet, " | |
31900 | + "said will be invalid.\n", | |
31901 | + s->sa_family); | |
31902 | + } | |
31903 | + default: | |
31904 | + } | |
31905 | + | |
31906 | + /* XXX check if port!=0 */ | |
31907 | + | |
31908 | + KLIPS_PRINT(debug_pfkey, | |
31909 | + "klips_debug:pfkey_address_process: successful.\n"); | |
31910 | + errlab: | |
31911 | + return error; | |
31912 | +} | |
31913 | + | |
31914 | +DEBUG_NO_STATIC int | |
31915 | +pfkey_key_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
31916 | +{ | |
31917 | + int error = 0; | |
31918 | + struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext; | |
31919 | + | |
31920 | + KLIPS_PRINT(debug_pfkey, | |
31921 | + "klips_debug:pfkey_key_process: .\n"); | |
31922 | + | |
31923 | + if(!extr || !extr->tdb) { | |
31924 | + KLIPS_PRINT(debug_pfkey, | |
31925 | + "klips_debug:pfkey_key_process: " | |
31926 | + "extr or extr->tdb is NULL, fatal\n"); | |
31927 | + SENDERR(EINVAL); | |
31928 | + } | |
31929 | + | |
31930 | + switch(pfkey_key->sadb_key_exttype) { | |
31931 | + case SADB_EXT_KEY_AUTH: | |
31932 | + extr->tdb->tdb_key_bits_a = pfkey_key->sadb_key_bits; | |
31933 | + if(!(extr->tdb->tdb_key_a = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) { | |
31934 | + KLIPS_PRINT(debug_pfkey, | |
31935 | + "klips_debug:pfkey_key_process: memory allocation error.\n"); | |
31936 | + SENDERR(ENOMEM); | |
31937 | + } | |
31938 | + memcpy(extr->tdb->tdb_key_a, | |
31939 | + (char*)pfkey_key + sizeof(struct sadb_key), | |
31940 | + DIVUP(pfkey_key->sadb_key_bits, 8)); | |
31941 | + break; | |
31942 | + case SADB_EXT_KEY_ENCRYPT: /* Key(s) */ | |
31943 | + extr->tdb->tdb_key_bits_e = pfkey_key->sadb_key_bits; | |
31944 | + if(!(extr->tdb->tdb_key_e = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) { | |
31945 | + KLIPS_PRINT(debug_pfkey, | |
31946 | + "klips_debug:pfkey_key_process: memory allocation error.\n"); | |
31947 | + SENDERR(ENOMEM); | |
31948 | + } | |
31949 | + memcpy(extr->tdb->tdb_key_e, | |
31950 | + (char*)pfkey_key + sizeof(struct sadb_key), | |
31951 | + DIVUP(pfkey_key->sadb_key_bits, 8)); | |
31952 | + break; | |
31953 | + default: | |
31954 | + SENDERR(EINVAL); | |
31955 | + } | |
31956 | + | |
31957 | + KLIPS_PRINT(debug_pfkey, | |
31958 | + "klips_debug:pfkey_key_process: success.\n"); | |
31959 | +errlab: | |
31960 | + return error; | |
31961 | +} | |
31962 | + | |
31963 | +DEBUG_NO_STATIC int | |
31964 | +pfkey_ident_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
31965 | +{ | |
31966 | + int error = 0; | |
31967 | + struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext; | |
31968 | + | |
31969 | + KLIPS_PRINT(debug_pfkey, | |
31970 | + "klips_debug:pfkey_ident_process: .\n"); | |
31971 | + | |
31972 | + if(!extr || !extr->tdb) { | |
31973 | + KLIPS_PRINT(debug_pfkey, | |
31974 | + "klips_debug:pfkey_ident_process: " | |
31975 | + "extr or extr->tdb is NULL, fatal\n"); | |
31976 | + SENDERR(EINVAL); | |
31977 | + } | |
31978 | + | |
31979 | + switch(pfkey_ident->sadb_ident_exttype) { | |
31980 | + case SADB_EXT_IDENTITY_SRC: | |
31981 | + extr->tdb->tdb_ident_type_s = pfkey_ident->sadb_ident_type; | |
31982 | + extr->tdb->tdb_ident_id_s = pfkey_ident->sadb_ident_id; | |
31983 | + extr->tdb->tdb_ident_len_s = pfkey_ident->sadb_ident_len - | |
31984 | + (sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN); | |
31985 | + if(extr->tdb->tdb_ident_len_s) { | |
31986 | + if(!(extr->tdb->tdb_ident_data_s | |
31987 | + = kmalloc(pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN, | |
31988 | + GFP_KERNEL))) { | |
31989 | + SENDERR(ENOMEM); | |
31990 | + } | |
31991 | + memcpy(extr->tdb->tdb_ident_data_s, | |
31992 | + (char*)pfkey_ident + sizeof(struct sadb_ident), | |
31993 | + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN); | |
31994 | + } else { | |
31995 | + extr->tdb->tdb_ident_data_s = NULL; | |
31996 | + } | |
31997 | + break; | |
31998 | + case SADB_EXT_IDENTITY_DST: /* Identity(ies) */ | |
31999 | + extr->tdb->tdb_ident_type_d = pfkey_ident->sadb_ident_type; | |
32000 | + extr->tdb->tdb_ident_id_d = pfkey_ident->sadb_ident_id; | |
32001 | + extr->tdb->tdb_ident_len_d = pfkey_ident->sadb_ident_len - | |
32002 | + sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN; | |
32003 | + if(extr->tdb->tdb_ident_len_d) { | |
32004 | + if(!(extr->tdb->tdb_ident_data_d | |
32005 | + = kmalloc(pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN, | |
32006 | + GFP_KERNEL))) { | |
32007 | + SENDERR(ENOMEM); | |
32008 | + } | |
32009 | + memcpy(extr->tdb->tdb_ident_data_d, | |
32010 | + (char*)pfkey_ident + sizeof(struct sadb_ident), | |
32011 | + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN); | |
32012 | + } else { | |
32013 | + extr->tdb->tdb_ident_data_d = NULL; | |
32014 | + } | |
32015 | + break; | |
32016 | + default: | |
32017 | + SENDERR(EINVAL); | |
32018 | + } | |
32019 | +errlab: | |
32020 | + return error; | |
32021 | +} | |
32022 | + | |
32023 | +DEBUG_NO_STATIC int | |
32024 | +pfkey_sens_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
32025 | +{ | |
32026 | + int error = 0; | |
32027 | + | |
32028 | + KLIPS_PRINT(debug_pfkey, | |
32029 | + "klips_debug: pfkey_sens_process: Sorry, I can't process exttype=%d yet.\n", | |
32030 | + pfkey_ext->sadb_ext_type); | |
32031 | + SENDERR(EINVAL); /* don't process these yet */ | |
32032 | + errlab: | |
32033 | + return error; | |
32034 | +} | |
32035 | + | |
32036 | +DEBUG_NO_STATIC int | |
32037 | +pfkey_prop_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
32038 | +{ | |
32039 | + int error = 0; | |
32040 | + | |
32041 | + KLIPS_PRINT(debug_pfkey, | |
32042 | + "klips_debug: pfkey_prop_process: Sorry, I can't process exttype=%d yet.\n", | |
32043 | + pfkey_ext->sadb_ext_type); | |
32044 | + SENDERR(EINVAL); /* don't process these yet */ | |
32045 | + | |
32046 | + errlab: | |
32047 | + return error; | |
32048 | +} | |
32049 | + | |
32050 | +DEBUG_NO_STATIC int | |
32051 | +pfkey_supported_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
32052 | +{ | |
32053 | + int error = 0; | |
32054 | + | |
32055 | + KLIPS_PRINT(debug_pfkey, | |
32056 | + "klips_debug: pfkey_supported_process: Sorry, I can't process exttype=%d yet.\n", | |
32057 | + pfkey_ext->sadb_ext_type); | |
32058 | + SENDERR(EINVAL); /* don't process these yet */ | |
32059 | + | |
32060 | +errlab: | |
32061 | + return error; | |
32062 | +} | |
32063 | + | |
32064 | +DEBUG_NO_STATIC int | |
32065 | +pfkey_spirange_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
32066 | +{ | |
32067 | + int error = 0; | |
32068 | + | |
32069 | + KLIPS_PRINT(debug_pfkey, | |
32070 | + "klips_debug: pfkey_spirange_process: .\n"); | |
32071 | +/* errlab: */ | |
32072 | + return error; | |
32073 | +} | |
32074 | + | |
32075 | +DEBUG_NO_STATIC int | |
32076 | +pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
32077 | +{ | |
32078 | + int error = 0; | |
32079 | + | |
32080 | + KLIPS_PRINT(debug_pfkey, | |
32081 | + "klips_debug: pfkey_x_kmprivate_process: Sorry, I can't process exttype=%d yet.\n", | |
32082 | + pfkey_ext->sadb_ext_type); | |
32083 | + SENDERR(EINVAL); /* don't process these yet */ | |
32084 | + | |
32085 | +errlab: | |
32086 | + return error; | |
32087 | +} | |
32088 | + | |
32089 | +DEBUG_NO_STATIC int | |
32090 | +pfkey_x_satype_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
32091 | +{ | |
32092 | + int error = 0; | |
32093 | + struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext; | |
32094 | + | |
32095 | + KLIPS_PRINT(debug_pfkey, | |
32096 | + "klips_debug: pfkey_x_satype_process: .\n"); | |
32097 | + | |
32098 | + if(!extr || !extr->tdb) { | |
32099 | + KLIPS_PRINT(debug_pfkey, | |
32100 | + "klips_debug: pfkey_x_satype_process: " | |
32101 | + "extr or extr->tdb is NULL, fatal\n"); | |
32102 | + SENDERR(EINVAL); | |
32103 | + } | |
32104 | + | |
32105 | + if(pfkey_alloc_tdb(&(extr->tdb2)) == ENOMEM) { | |
32106 | + SENDERR(ENOMEM); | |
32107 | + } | |
32108 | + if(!(extr->tdb2->tdb_said.proto = satype2proto(pfkey_x_satype->sadb_x_satype_satype))) { | |
32109 | + KLIPS_PRINT(debug_pfkey, | |
32110 | + "klips_debug: pfkey_x_satype_process: proto lookup from satype=%d failed.\n", | |
32111 | + pfkey_x_satype->sadb_x_satype_satype); | |
32112 | + SENDERR(EINVAL); | |
32113 | + } | |
32114 | + | |
32115 | +errlab: | |
32116 | + return error; | |
32117 | +} | |
32118 | + | |
32119 | +DEBUG_NO_STATIC int | |
32120 | +pfkey_x_debug_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) | |
32121 | +{ | |
32122 | + int error = 0; | |
32123 | + struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext; | |
32124 | + | |
32125 | + if(!pfkey_x_debug) { | |
32126 | + printk("klips_debug:pfkey_x_debug_process: null pointer passed in\n"); | |
32127 | + SENDERR(EINVAL); | |
32128 | + } | |
32129 | + | |
32130 | + KLIPS_PRINT(debug_pfkey, | |
32131 | + "klips_debug:pfkey_x_debug_process: .\n"); | |
32132 | + | |
32133 | +#ifdef CONFIG_IPSEC_DEBUG | |
32134 | + if(pfkey_x_debug->sadb_x_debug_netlink >> | |
32135 | + (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 - 1)) { | |
32136 | + pfkey_x_debug->sadb_x_debug_netlink &= | |
32137 | + ~(1 << (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 -1)); | |
32138 | + debug_tunnel |= pfkey_x_debug->sadb_x_debug_tunnel; | |
32139 | + debug_netlink |= pfkey_x_debug->sadb_x_debug_netlink; | |
32140 | + debug_xform |= pfkey_x_debug->sadb_x_debug_xform; | |
32141 | + debug_eroute |= pfkey_x_debug->sadb_x_debug_eroute; | |
32142 | + debug_spi |= pfkey_x_debug->sadb_x_debug_spi; | |
32143 | + debug_radij |= pfkey_x_debug->sadb_x_debug_radij; | |
32144 | + debug_esp |= pfkey_x_debug->sadb_x_debug_esp; | |
32145 | + debug_ah |= pfkey_x_debug->sadb_x_debug_ah; | |
32146 | + debug_rcv |= pfkey_x_debug->sadb_x_debug_rcv; | |
32147 | + debug_pfkey |= pfkey_x_debug->sadb_x_debug_pfkey; | |
32148 | +#ifdef CONFIG_IPSEC_IPCOMP | |
32149 | + sysctl_ipsec_debug_ipcomp |= pfkey_x_debug->sadb_x_debug_ipcomp; | |
32150 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
32151 | + sysctl_ipsec_debug_verbose |= pfkey_x_debug->sadb_x_debug_verbose; | |
32152 | + if(debug_netlink) | |
32153 | + printk("klips_debug:pfkey_x_debug_process: set\n"); | |
32154 | + } else { | |
32155 | + if(debug_netlink) | |
32156 | + printk("klips_debug:pfkey_x_debug_process: unset\n"); | |
32157 | + debug_tunnel &= pfkey_x_debug->sadb_x_debug_tunnel; | |
32158 | + debug_netlink &= pfkey_x_debug->sadb_x_debug_netlink; | |
32159 | + debug_xform &= pfkey_x_debug->sadb_x_debug_xform; | |
32160 | + debug_eroute &= pfkey_x_debug->sadb_x_debug_eroute; | |
32161 | + debug_spi &= pfkey_x_debug->sadb_x_debug_spi; | |
32162 | + debug_radij &= pfkey_x_debug->sadb_x_debug_radij; | |
32163 | + debug_esp &= pfkey_x_debug->sadb_x_debug_esp; | |
32164 | + debug_ah &= pfkey_x_debug->sadb_x_debug_ah; | |
32165 | + debug_rcv &= pfkey_x_debug->sadb_x_debug_rcv; | |
32166 | + debug_pfkey &= pfkey_x_debug->sadb_x_debug_pfkey; | |
32167 | +#ifdef CONFIG_IPSEC_IPCOMP | |
32168 | + sysctl_ipsec_debug_ipcomp &= pfkey_x_debug->sadb_x_debug_ipcomp; | |
32169 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
32170 | + sysctl_ipsec_debug_verbose &= pfkey_x_debug->sadb_x_debug_verbose; | |
32171 | + } | |
32172 | +#else /* CONFIG_IPSEC_DEBUG */ | |
32173 | + printk("klips_debug:pfkey_x_debug_process: debugging not enabled\n"); | |
32174 | + SENDERR(EINVAL); | |
32175 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
32176 | + | |
32177 | +errlab: | |
32178 | + return error; | |
32179 | +} | |
32180 | + | |
32181 | + | |
32182 | +DEBUG_NO_STATIC int | |
32183 | +pfkey_tdb_init(struct tdb *tdbp, struct sadb_ext **extensions) | |
32184 | +{ | |
32185 | + int i; | |
32186 | + int error = 0; | |
32187 | + char sa[SATOA_BUF]; | |
32188 | + char ipaddr_txt[ADDRTOA_BUF]; | |
32189 | + char ipaddr2_txt[ADDRTOA_BUF]; | |
32190 | + unsigned char kb[AHMD596_BLKLEN]; | |
32191 | + | |
32192 | + if(!tdbp) { | |
32193 | + KLIPS_PRINT(debug_pfkey, | |
32194 | + "klips_debug:pfkey_tdb_init: " | |
32195 | + "tdbp is NULL, fatal\n"); | |
32196 | + SENDERR(EINVAL); | |
32197 | + } | |
32198 | + | |
32199 | + satoa(tdbp->tdb_said, 0, sa, SATOA_BUF); | |
32200 | + | |
32201 | + KLIPS_PRINT(debug_pfkey, | |
32202 | + "klips_debug:pfkey_tdb_init: (pfkey defined) called for SA:%s\n", sa); | |
32203 | + | |
32204 | + KLIPS_PRINT(debug_pfkey, | |
32205 | + "klips_debug:pfkey_tdb_init: calling init routine of %s%s%s\n", | |
32206 | + TDB_XFORM_NAME(tdbp)); | |
32207 | + | |
32208 | + switch(tdbp->tdb_said.proto) { | |
32209 | + | |
32210 | +#ifdef CONFIG_IPSEC_IPIP | |
32211 | + case IPPROTO_IPIP: { | |
32212 | + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_s))->sin_addr, | |
32213 | + 0, | |
32214 | + ipaddr_txt, sizeof(ipaddr_txt)); | |
32215 | + addrtoa(((struct sockaddr_in*)(tdbp->tdb_addr_d))->sin_addr, | |
32216 | + 0, | |
32217 | + ipaddr2_txt, sizeof(ipaddr_txt)); | |
32218 | + KLIPS_PRINT(debug_pfkey, | |
32219 | + "klips_debug:pfkey_tdb_init: " | |
32220 | + "(pfkey defined) IPIP tdb set for %s->%s.\n", | |
32221 | + ipaddr_txt, | |
32222 | + ipaddr2_txt); | |
32223 | + } | |
32224 | + break; | |
32225 | +#endif /* !CONFIG_IPSEC_IPIP */ | |
32226 | +#ifdef CONFIG_IPSEC_AH | |
32227 | + case IPPROTO_AH: | |
32228 | + switch(tdbp->tdb_authalg) { | |
32229 | +# ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
32230 | + case AH_MD5: { | |
32231 | + unsigned char *akp; | |
32232 | + MD5_CTX *ictx; | |
32233 | + MD5_CTX *octx; | |
32234 | + | |
32235 | + if(tdbp->tdb_key_bits_a != (AHMD596_KLEN * 8)) { | |
32236 | + KLIPS_PRINT(debug_pfkey, | |
32237 | + "klips_debug:pfkey_tdb_init: incorrect key size: %d bits" | |
32238 | + "-- must be %d bits\n"/*octets (bytes)\n"*/, | |
32239 | + tdbp->tdb_key_bits_a, AHMD596_KLEN * 8); | |
32240 | + SENDERR(EINVAL); | |
32241 | + } | |
32242 | + | |
32243 | +# if 0 /* we don't really want to print these unless there are really big problems */ | |
32244 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
32245 | + "klips_debug:pfkey_tdb_init: hmac md5-96 key is 0x%08lx %08lx %08lx %08lx\n", | |
32246 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+0)), | |
32247 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+1)), | |
32248 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+2)), | |
32249 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+3))); | |
32250 | +# endif | |
32251 | + | |
32252 | + tdbp->tdb_auth_bits = AHMD596_ALEN * 8; | |
32253 | + | |
32254 | + /* save the pointer to the key material */ | |
32255 | + akp = tdbp->tdb_key_a; | |
32256 | + | |
32257 | + if((tdbp->tdb_key_a = (caddr_t) | |
32258 | + kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)), | |
32259 | + GFP_ATOMIC)) == NULL) { | |
32260 | + SENDERR(ENOMEM); | |
32261 | + } | |
32262 | + | |
32263 | + for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) { | |
32264 | + kb[i] = akp[i] ^ HMAC_IPAD; | |
32265 | + } | |
32266 | + for (; i < AHMD596_BLKLEN; i++) { | |
32267 | + kb[i] = HMAC_IPAD; | |
32268 | + } | |
32269 | + | |
32270 | + ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx); | |
32271 | + MD5Init(ictx); | |
32272 | + MD5Update(ictx, kb, AHMD596_BLKLEN); | |
32273 | + | |
32274 | + for (i = 0; i < AHMD596_BLKLEN; i++) { | |
32275 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
32276 | + } | |
32277 | + | |
32278 | + octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx); | |
32279 | + MD5Init(octx); | |
32280 | + MD5Update(octx, kb, AHMD596_BLKLEN); | |
32281 | + | |
32282 | +# if 0 /* we don't really want to print these unless there are really big problems */ | |
32283 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
32284 | + "klips_debug:pfkey_tdb_init: MD5 ictx=0x%08x %08x %08x %08x" | |
32285 | + " octx=0x%08x %08x %08x %08x\n", | |
32286 | + ((__u32*)ictx)[0], | |
32287 | + ((__u32*)ictx)[1], | |
32288 | + ((__u32*)ictx)[2], | |
32289 | + ((__u32*)ictx)[3], | |
32290 | + ((__u32*)octx)[0], | |
32291 | + ((__u32*)octx)[1], | |
32292 | + ((__u32*)octx)[2], | |
32293 | + ((__u32*)octx)[3] ); | |
32294 | +# endif | |
32295 | + | |
32296 | + /* zero key buffer -- paranoid */ | |
32297 | + memset(akp, 0, DIVUP(tdbp->tdb_key_bits_a, BITS_PER_OCTET)); | |
32298 | + } | |
32299 | + break; | |
32300 | +# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
32301 | +# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
32302 | + case AH_SHA: { | |
32303 | + | |
32304 | + unsigned char *akp; | |
32305 | + SHA1_CTX *ictx; | |
32306 | + SHA1_CTX *octx; | |
32307 | + | |
32308 | + if(tdbp->tdb_key_bits_a != (AHSHA196_KLEN * 8)) { | |
32309 | + KLIPS_PRINT(debug_pfkey, | |
32310 | + "klips_debug:pfkey_tdb_init: incorrect key size: %d bits" | |
32311 | + "-- must be %d bits\n"/*octets (bytes)\n"*/, | |
32312 | + tdbp->tdb_key_bits_a, AHSHA196_KLEN * 8); | |
32313 | + SENDERR(EINVAL); | |
32314 | + } | |
32315 | + | |
32316 | +# if 0 /* we don't really want to print these unless there are really big problems */ | |
32317 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
32318 | + "klips_debug:pfkey_tdb_init: hmac sha1-96 key is 0x%08lx %08lx %08lx %08lx\n", | |
32319 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+0)), | |
32320 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+1)), | |
32321 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+2)), | |
32322 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+3))); | |
32323 | +# endif | |
32324 | + | |
32325 | + tdbp->tdb_auth_bits = AHSHA196_ALEN * 8; | |
32326 | + | |
32327 | + /* save the pointer to the key material */ | |
32328 | + akp = tdbp->tdb_key_a; | |
32329 | + | |
32330 | + if((tdbp->tdb_key_a = (caddr_t) | |
32331 | + kmalloc((tdbp->tdb_key_a_size = sizeof(struct sha1_ctx)), | |
32332 | + GFP_ATOMIC)) == NULL) { | |
32333 | + SENDERR(ENOMEM); | |
32334 | + } | |
32335 | + | |
32336 | + for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) { | |
32337 | + kb[i] = akp[i] ^ HMAC_IPAD; | |
32338 | + } | |
32339 | + for (; i < AHMD596_BLKLEN; i++) { | |
32340 | + kb[i] = HMAC_IPAD; | |
32341 | + } | |
32342 | + | |
32343 | + ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx); | |
32344 | + SHA1Init(ictx); | |
32345 | + SHA1Update(ictx, kb, AHSHA196_BLKLEN); | |
32346 | + | |
32347 | + for (i = 0; i < AHSHA196_BLKLEN; i++) { | |
32348 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
32349 | + } | |
32350 | + | |
32351 | + octx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->octx); | |
32352 | + SHA1Init(octx); | |
32353 | + SHA1Update(octx, kb, AHSHA196_BLKLEN); | |
32354 | + | |
32355 | +# if 0 /* we don't really want to print these unless there are really big problems */ | |
32356 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
32357 | + "klips_debug:pfkey_tdb_init: SHA1 ictx=0x%08x %08x %08x %08x" | |
32358 | + " octx=0x%08x %08x %08x %08x\n", | |
32359 | + ((__u32*)ictx)[0], | |
32360 | + ((__u32*)ictx)[1], | |
32361 | + ((__u32*)ictx)[2], | |
32362 | + ((__u32*)ictx)[3], | |
32363 | + ((__u32*)octx)[0], | |
32364 | + ((__u32*)octx)[1], | |
32365 | + ((__u32*)octx)[2], | |
32366 | + ((__u32*)octx)[3] ); | |
32367 | +# endif | |
32368 | + /* zero key buffer -- paranoid */ | |
32369 | + memset(akp, 0, DIVUP(tdbp->tdb_key_bits_a, BITS_PER_OCTET)); | |
32370 | + } | |
32371 | + break; | |
32372 | +# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
32373 | + default: | |
32374 | + KLIPS_PRINT(debug_pfkey, | |
32375 | + "klips_debug:pfkey_tdb_init: " | |
32376 | + "authalg=%d support not available in the kernel", | |
32377 | + tdbp->tdb_authalg); | |
32378 | + SENDERR(EINVAL); | |
32379 | + } | |
32380 | + break; | |
32381 | +#endif /* CONFIG_IPSEC_AH */ | |
32382 | +#ifdef CONFIG_IPSEC_ESP | |
32383 | + case IPPROTO_ESP: { | |
32384 | + unsigned char *akp, *ekp; | |
32385 | + | |
32386 | + switch(tdbp->tdb_encalg) { | |
32387 | +# ifdef CONFIG_IPSEC_ENC_3DES | |
32388 | + case ESP_3DES: | |
32389 | +# endif /* CONFIG_IPSEC_ENC_3DES */ | |
32390 | +# if defined(CONFIG_IPSEC_ENC_3DES) | |
32391 | + if((tdbp->tdb_iv = (caddr_t) | |
32392 | + kmalloc((tdbp->tdb_iv_size = EMT_ESPDES_IV_SZ), GFP_ATOMIC)) == NULL) { | |
32393 | + SENDERR(ENOMEM); | |
32394 | + } | |
32395 | + get_random_bytes((void *)tdbp->tdb_iv, EMT_ESPDES_IV_SZ); | |
32396 | + tdbp->tdb_iv_bits = tdbp->tdb_iv_size * 8; | |
32397 | + break; | |
32398 | +# endif /* defined(CONFIG_IPSEC_ENC_3DES) */ | |
32399 | + case ESP_NONE: | |
32400 | +# ifdef CONFIG_IPSEC_ENC_NULL | |
32401 | + case ESP_NULL: | |
32402 | +# endif /* CONFIG_IPSEC_ENC_NULL */ | |
32403 | + break; | |
32404 | + default: | |
32405 | + KLIPS_PRINT(debug_pfkey, | |
32406 | + "klips_debug:pfkey_tdb_init: " | |
32407 | + "encalg=%d support not available in the kernel", | |
32408 | + tdbp->tdb_encalg); | |
32409 | + SENDERR(EINVAL); | |
32410 | + } | |
32411 | + | |
32412 | + switch(tdbp->tdb_encalg) { | |
32413 | +# ifdef CONFIG_IPSEC_ENC_3DES | |
32414 | + case ESP_3DES: | |
32415 | + if(tdbp->tdb_key_bits_e != (EMT_ESP3DES_KEY_SZ * 8)) { | |
32416 | + KLIPS_PRINT(debug_pfkey, | |
32417 | + "klips_debug:pfkey_tdb_init: incorrect encryption" | |
32418 | + "key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, | |
32419 | + tdbp->tdb_key_bits_e, EMT_ESP3DES_KEY_SZ * 8); | |
32420 | + SENDERR(EINVAL); | |
32421 | + } | |
32422 | + | |
32423 | + /* save encryption key pointer */ | |
32424 | + ekp = tdbp->tdb_key_e; | |
32425 | + | |
32426 | + if((tdbp->tdb_key_e = (caddr_t) | |
32427 | + kmalloc((tdbp->tdb_key_e_size = 3 * sizeof(struct des_eks)), | |
32428 | + GFP_ATOMIC)) == NULL) { | |
32429 | + SENDERR(ENOMEM); | |
32430 | + } | |
32431 | + | |
32432 | + for(i = 0; i < 3; i++) { | |
32433 | +# if 0 /* we don't really want to print these unless there are really big problems */ | |
32434 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
32435 | + "klips_debug:pfkey_tdb_init: 3des key %d/3 is 0x%08lx%08lx\n", | |
32436 | + i + 1, | |
32437 | + ntohl(*((__u32 *)tdbp->tdb_key_e + i * 2)), | |
32438 | + ntohl(*((__u32 *)tdbp->tdb_key_e + i * 2 + 1))); | |
32439 | +# endif | |
32440 | + error = des_set_key((caddr_t)ekp + EMT_ESPDES_KEY_SZ * i, | |
32441 | + (caddr_t)&((struct des_eks*)(tdbp->tdb_key_e))[i]); | |
32442 | + if (error == -1) | |
32443 | + printk("klips_debug:pfkey_tdb_init: parity error in des key %d/3\n", i + 1); | |
32444 | + else if (error == -2) | |
32445 | + printk("klips_debug:pfkey_tdb_init: illegal weak des key %d/3\n", i + 1); | |
32446 | + if (error) { | |
32447 | + memset(tdbp->tdb_key_e, 0, 3 * sizeof(struct des_eks)); | |
32448 | + kfree(tdbp->tdb_key_e); | |
32449 | + memset(ekp, 0, DIVUP(tdbp->tdb_key_bits_e, BITS_PER_OCTET)); | |
32450 | + SENDERR(EINVAL); | |
32451 | + } | |
32452 | + } | |
32453 | + | |
32454 | + /* paranoid */ | |
32455 | + memset(ekp, 0, DIVUP(tdbp->tdb_key_bits_e, BITS_PER_OCTET)); | |
32456 | + | |
32457 | + break; | |
32458 | +# endif /* CONFIG_IPSEC_ENC_3DES */ | |
32459 | +# ifdef CONFIG_IPSEC_ENC_NULL | |
32460 | + case ESP_NULL: | |
32461 | +# endif /* CONFIG_IPSEC_ENC_NULL */ | |
32462 | + case ESP_NONE: | |
32463 | + break; | |
32464 | + default: | |
32465 | + KLIPS_PRINT(debug_pfkey, | |
32466 | + "klips_debug:pfkey_tdb_init: " | |
32467 | + "encalg=%d support not available in the kernel", | |
32468 | + tdbp->tdb_encalg); | |
32469 | + SENDERR(EINVAL); | |
32470 | + } | |
32471 | + | |
32472 | + switch(tdbp->tdb_authalg) { | |
32473 | +# ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 | |
32474 | + case AH_MD5: { | |
32475 | + MD5_CTX *ictx; | |
32476 | + MD5_CTX *octx; | |
32477 | + | |
32478 | + if(tdbp->tdb_key_bits_a != (AHMD596_KLEN * 8)) { | |
32479 | + KLIPS_PRINT(debug_pfkey, | |
32480 | + "klips_debug:pfkey_tdb_init: incorrect authorisation" | |
32481 | + " key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, | |
32482 | + tdbp->tdb_key_bits_a, AHMD596_KLEN * 8); | |
32483 | + SENDERR(EINVAL); | |
32484 | + } | |
32485 | + | |
32486 | +# if 0 /* we don't really want to print these unless there are really big problems */ | |
32487 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
32488 | + "klips_debug:pfkey_tdb_init: hmac md5-96 key is 0x%08lx %08lx %08lx %08lx\n", | |
32489 | + ntohl(*(((__u32 *)(tdbp->tdb_key_a))+0)), | |
32490 | + ntohl(*(((__u32 *)(tdbp->tdb_key_a))+1)), | |
32491 | + ntohl(*(((__u32 *)(tdbp->tdb_key_a))+2)), | |
32492 | + ntohl(*(((__u32 *)(tdbp->tdb_key_a))+3))); | |
32493 | +# endif | |
32494 | + tdbp->tdb_auth_bits = AHMD596_ALEN * 8; | |
32495 | + | |
32496 | + /* save the pointer to the key material */ | |
32497 | + akp = tdbp->tdb_key_a; | |
32498 | + | |
32499 | + if((tdbp->tdb_key_a = (caddr_t) | |
32500 | + kmalloc((tdbp->tdb_key_a_size = sizeof(struct md5_ctx)), | |
32501 | + GFP_ATOMIC)) == NULL) { | |
32502 | + SENDERR(ENOMEM); | |
32503 | + } | |
32504 | + | |
32505 | + for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) { | |
32506 | + kb[i] = akp[i] ^ HMAC_IPAD; | |
32507 | + } | |
32508 | + for (; i < AHMD596_BLKLEN; i++) { | |
32509 | + kb[i] = HMAC_IPAD; | |
32510 | + } | |
32511 | + | |
32512 | + ictx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->ictx); | |
32513 | + MD5Init(ictx); | |
32514 | + MD5Update(ictx, kb, AHMD596_BLKLEN); | |
32515 | + | |
32516 | + for (i = 0; i < AHMD596_BLKLEN; i++) { | |
32517 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
32518 | + } | |
32519 | + | |
32520 | + octx = &(((struct md5_ctx*)(tdbp->tdb_key_a))->octx); | |
32521 | + MD5Init(octx); | |
32522 | + MD5Update(octx, kb, AHMD596_BLKLEN); | |
32523 | + | |
32524 | +# if 0 /* we don't really want to print these unless there are really big problems */ | |
32525 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
32526 | + "klips_debug:pfkey_tdb_init: MD5 ictx=0x%08x %08x %08x %08x" | |
32527 | + " octx=0x%08x %08x %08x %08x\n", | |
32528 | + ((__u32*)ictx)[0], | |
32529 | + ((__u32*)ictx)[1], | |
32530 | + ((__u32*)ictx)[2], | |
32531 | + ((__u32*)ictx)[3], | |
32532 | + ((__u32*)octx)[0], | |
32533 | + ((__u32*)octx)[1], | |
32534 | + ((__u32*)octx)[2], | |
32535 | + ((__u32*)octx)[3] ); | |
32536 | +# endif | |
32537 | + /* paranoid */ | |
32538 | + memset(akp, 0, DIVUP(tdbp->tdb_key_bits_a, BITS_PER_OCTET)); | |
32539 | + break; | |
32540 | + } | |
32541 | +# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ | |
32542 | +# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 | |
32543 | + case AH_SHA: { | |
32544 | + SHA1_CTX *ictx; | |
32545 | + SHA1_CTX *octx; | |
32546 | + | |
32547 | + if(tdbp->tdb_key_bits_a != (AHSHA196_KLEN * 8)) { | |
32548 | + KLIPS_PRINT(debug_pfkey, | |
32549 | + "klips_debug:pfkey_tdb_init: incorrect authorisation" | |
32550 | + " key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, | |
32551 | + tdbp->tdb_key_bits_a, AHSHA196_KLEN * 8); | |
32552 | + SENDERR(EINVAL); | |
32553 | + } | |
32554 | + | |
32555 | +# if 0 /* we don't really want to print these unless there are really big problems */ | |
32556 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
32557 | + "klips_debug:pfkey_tdb_init: hmac sha1-96 key is 0x%08lx %08lx %08lx %08lx\n", | |
32558 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+0)), | |
32559 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+1)), | |
32560 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+2)), | |
32561 | + ntohl(*(((__u32 *)tdbp->tdb_key_a)+3))); | |
32562 | +# endif | |
32563 | + tdbp->tdb_auth_bits = AHSHA196_ALEN * 8; | |
32564 | + | |
32565 | + /* save the pointer to the key material */ | |
32566 | + akp = tdbp->tdb_key_a; | |
32567 | + | |
32568 | + if((tdbp->tdb_key_a = (caddr_t) | |
32569 | + kmalloc((tdbp->tdb_key_a_size = sizeof(struct sha1_ctx)), | |
32570 | + GFP_ATOMIC)) == NULL) { | |
32571 | + SENDERR(ENOMEM); | |
32572 | + } | |
32573 | + | |
32574 | + for (i = 0; i < DIVUP(tdbp->tdb_key_bits_a, 8); i++) { | |
32575 | + kb[i] = akp[i] ^ HMAC_IPAD; | |
32576 | + } | |
32577 | + for (; i < AHMD596_BLKLEN; i++) { | |
32578 | + kb[i] = HMAC_IPAD; | |
32579 | + } | |
32580 | + | |
32581 | + ictx = &(((struct sha1_ctx*)(tdbp->tdb_key_a))->ictx); | |
32582 | + SHA1Init(ictx); | |
32583 | + SHA1Update(ictx, kb, AHSHA196_BLKLEN); | |
32584 | + | |
32585 | + for (i = 0; i < AHSHA196_BLKLEN; i++) { | |
32586 | + kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); | |
32587 | + } | |
32588 | + | |
32589 | + octx = &((struct sha1_ctx*)(tdbp->tdb_key_a))->octx; | |
32590 | + SHA1Init(octx); | |
32591 | + SHA1Update(octx, kb, AHSHA196_BLKLEN); | |
32592 | + | |
32593 | +# if 0 /* we don't really want to print these unless there are really big problems */ | |
32594 | + KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, | |
32595 | + "klips_debug:pfkey_tdb_init: SHA1 ictx=0x%08x %08x %08x %08x" | |
32596 | + " octx=0x%08x %08x %08x %08x\n", | |
32597 | + ((__u32*)ictx)[0], | |
32598 | + ((__u32*)ictx)[1], | |
32599 | + ((__u32*)ictx)[2], | |
32600 | + ((__u32*)ictx)[3], | |
32601 | + ((__u32*)octx)[0], | |
32602 | + ((__u32*)octx)[1], | |
32603 | + ((__u32*)octx)[2], | |
32604 | + ((__u32*)octx)[3] ); | |
32605 | +# endif | |
32606 | + memset(akp, 0, DIVUP(tdbp->tdb_key_bits_a, BITS_PER_OCTET)); | |
32607 | + break; | |
32608 | + } | |
32609 | +# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ | |
32610 | + case AH_NONE: | |
32611 | + break; | |
32612 | + default: | |
32613 | + KLIPS_PRINT(debug_pfkey, | |
32614 | + "klips_debug:pfkey_tdb_init: " | |
32615 | + "authalg=%d support not available in the kernel.\n", | |
32616 | + tdbp->tdb_authalg); | |
32617 | + SENDERR(EINVAL); | |
32618 | + } | |
32619 | + } | |
32620 | + break; | |
32621 | +#endif /* !CONFIG_IPSEC_ESP */ | |
32622 | +#ifdef CONFIG_IPSEC_IPCOMP | |
32623 | + case IPPROTO_COMP: | |
32624 | + tdbp->tdb_comp_adapt_tries = 0; | |
32625 | + tdbp->tdb_comp_adapt_skip = 0; | |
32626 | + tdbp->tdb_comp_ratio_cbytes = 0; | |
32627 | + tdbp->tdb_comp_ratio_dbytes = 0; | |
32628 | + break; | |
32629 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
32630 | + default: | |
32631 | + KLIPS_PRINT(debug_pfkey, | |
32632 | + "klips_debug:pfkey_tdb_init: " | |
32633 | + "proto=%d unknown.\n", | |
32634 | + tdbp->tdb_said.proto); | |
32635 | + SENDERR(EINVAL); | |
32636 | + } | |
32637 | + | |
32638 | + errlab: | |
32639 | + return(error); | |
32640 | +} | |
32641 | + | |
32642 | + | |
32643 | +int | |
32644 | +pfkey_safe_build(int error, struct sadb_ext *extensions[SADB_MAX+1]) | |
32645 | +{ | |
32646 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build: error=%d\n", error); | |
32647 | + if (!error) { | |
32648 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build:" | |
32649 | + "success.\n"); | |
32650 | + return 1; | |
32651 | + } else { | |
32652 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build:" | |
32653 | + "caught error %d\n", error); | |
32654 | + pfkey_extensions_free(extensions); | |
32655 | + return 0; | |
32656 | + } | |
32657 | +} | |
32658 | + | |
32659 | + | |
32660 | +DEBUG_NO_STATIC int | |
32661 | +pfkey_getspi_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
32662 | +{ | |
32663 | + int error = 0; | |
32664 | + ipsec_spi_t minspi = htonl(256), maxspi = htonl(-1L); | |
32665 | + int found_avail = 0; | |
32666 | + struct tdb *tdbq; | |
32667 | + char sa[SATOA_BUF]; | |
32668 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
32669 | + struct sadb_msg *pfkey_reply = NULL; | |
32670 | + struct socket_list *pfkey_socketsp; | |
32671 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
32672 | + | |
32673 | + KLIPS_PRINT(debug_pfkey, | |
32674 | + "klips_debug:pfkey_getspi_parse: .\n"); | |
32675 | + | |
32676 | + pfkey_extensions_init(extensions_reply); | |
32677 | + | |
32678 | + if(!extr || !extr->tdb) { | |
32679 | + KLIPS_PRINT(debug_pfkey, | |
32680 | + "klips_debug:pfkey_getspi_parse: error, extr or extr->tdb pointer NULL\n"); | |
32681 | + SENDERR(EINVAL); | |
32682 | + } | |
32683 | + | |
32684 | + if(extensions[SADB_EXT_SPIRANGE]) { | |
32685 | + minspi = ((struct sadb_spirange *)extensions[SADB_EXT_SPIRANGE])->sadb_spirange_min; | |
32686 | + maxspi = ((struct sadb_spirange *)extensions[SADB_EXT_SPIRANGE])->sadb_spirange_max; | |
32687 | + } | |
32688 | + | |
32689 | + if(maxspi == minspi) { | |
32690 | + extr->tdb->tdb_said.spi = maxspi; | |
32691 | + if((tdbq = gettdb(&(extr->tdb->tdb_said)))) { | |
32692 | + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF); | |
32693 | + KLIPS_PRINT(debug_pfkey, | |
32694 | + "klips_debug: pfkey_getspi_parse: EMT_GETSPI found an old Tunnel Descriptor Block\n" | |
32695 | + "klips_debug: for SA: %s, delete it first.\n", sa); | |
32696 | + SENDERR(EEXIST); | |
32697 | + } else { | |
32698 | + found_avail = 1; | |
32699 | + } | |
32700 | + } else { | |
32701 | + int i = 0; | |
32702 | + __u32 rand_val; | |
32703 | + __u32 spi_diff; | |
32704 | + while( ( i < (spi_diff = (ntohl(maxspi) - ntohl(minspi)))) && !found_avail ) { | |
32705 | + get_random_bytes((void*) &(rand_val), | |
32706 | + /* sizeof(extr->tdb->tdb_said.spi) */ | |
32707 | + ( (spi_diff < (2^8)) ? 1 : | |
32708 | + ( (spi_diff < (2^16)) ? 2 : | |
32709 | + ( (spi_diff < (2^24)) ? 3 : | |
32710 | + 4 ) ) ) ); | |
32711 | + extr->tdb->tdb_said.spi = htonl(ntohl(minspi) + | |
32712 | + (rand_val % | |
32713 | + (spi_diff + 1))); | |
32714 | + i++; | |
32715 | + tdbq = gettdb(&(extr->tdb->tdb_said)); | |
32716 | + if(!tdbq) { | |
32717 | + found_avail = 1; | |
32718 | + } | |
32719 | + } | |
32720 | + } | |
32721 | + | |
32722 | + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF); | |
32723 | + | |
32724 | + if (!found_avail) { | |
32725 | + KLIPS_PRINT(debug_pfkey, | |
32726 | + "klips_debug: pfkey_getspi_parse: found an old Tunnel Descriptor Block\n" | |
32727 | + "klips_debug: for SA: %s, delete it first.\n", sa); | |
32728 | + SENDERR(EEXIST); | |
32729 | + } | |
32730 | + | |
32731 | + if(ip_chk_addr((unsigned long)extr->tdb->tdb_said.dst.s_addr) == IS_MYADDR) { | |
32732 | + extr->tdb->tdb_flags |= EMT_INBOUND; | |
32733 | + } | |
32734 | + | |
32735 | + KLIPS_PRINT(debug_pfkey, | |
32736 | + "klips_debug: pfkey_getspi_parse: existing Tunnel Descriptor Block not found (this\n" | |
32737 | + "klips_debug: is good) for SA: %s, %s-bound, allocating.\n", | |
32738 | + sa, extr->tdb->tdb_flags & EMT_INBOUND ? "in" : "out"); | |
32739 | + | |
32740 | + /* XXX extr->tdb->tdb_rcvif = &(enc_softc[em->em_if].enc_if);*/ | |
32741 | + extr->tdb->tdb_rcvif = NULL; | |
32742 | + extr->tdb->tdb_lifetime_addtime_c = jiffies/HZ; | |
32743 | + | |
32744 | + extr->tdb->tdb_state = SADB_SASTATE_LARVAL; | |
32745 | + | |
32746 | + if(!extr->tdb->tdb_lifetime_allocations_c) { | |
32747 | + extr->tdb->tdb_lifetime_allocations_c += 1; | |
32748 | + } | |
32749 | + | |
32750 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
32751 | + SADB_GETSPI, | |
32752 | + satype, | |
32753 | + 0, | |
32754 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
32755 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
32756 | + extensions_reply) && | |
32757 | + pfkey_safe_build(pfkey_sa_build(&extensions_reply[SADB_EXT_SA], | |
32758 | + SADB_EXT_SA, | |
32759 | + extr->tdb->tdb_said.spi, | |
32760 | + 0, | |
32761 | + SADB_SASTATE_LARVAL, | |
32762 | + 0, | |
32763 | + 0, | |
32764 | + 0), | |
32765 | + extensions_reply) && | |
32766 | + pfkey_safe_build(pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
32767 | + SADB_EXT_ADDRESS_SRC, | |
32768 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
32769 | + 0, | |
32770 | + extr->tdb->tdb_addr_s), | |
32771 | + extensions_reply) && | |
32772 | + pfkey_safe_build(pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
32773 | + SADB_EXT_ADDRESS_DST, | |
32774 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
32775 | + 0, | |
32776 | + extr->tdb->tdb_addr_d), | |
32777 | + extensions_reply) )) { | |
32778 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
32779 | + "failed to build the getspi reply message extensions\n"); | |
32780 | + goto errlab; | |
32781 | + } | |
32782 | + | |
32783 | + if((error = puttdb(extr->tdb))) { | |
32784 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
32785 | + "failed to add the larval SA with error=%d.\n", | |
32786 | + error); | |
32787 | + goto errlab; | |
32788 | + } | |
32789 | + | |
32790 | + KLIPS_PRINT(debug_pfkey, | |
32791 | + "klips_debug:pfkey_getspi_parse: successful for SA: %s\n", sa); | |
32792 | + | |
32793 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
32794 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
32795 | + "failed to build the getspi reply message\n"); | |
32796 | + goto errlab; | |
32797 | + } | |
32798 | + for(pfkey_socketsp = pfkey_open_sockets; | |
32799 | + pfkey_socketsp; | |
32800 | + pfkey_socketsp = pfkey_socketsp->next) { | |
32801 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
32802 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
32803 | + "sending up getspi reply message for satype=%d to socket=%p failed with error=%d.\n", | |
32804 | + satype, pfkey_socketsp->socketp, error); | |
32805 | + goto errlab; | |
32806 | + } | |
32807 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " | |
32808 | + "sending up getspi reply message for satype=%d to socket=%p succeeded.\n", | |
32809 | + satype, pfkey_socketsp->socketp); | |
32810 | + } | |
32811 | + | |
32812 | + errlab: | |
32813 | + if (pfkey_reply) { | |
32814 | + pfkey_msg_free(&pfkey_reply); | |
32815 | + } | |
32816 | + pfkey_extensions_free(extensions_reply); | |
32817 | + return error; | |
32818 | +} | |
32819 | + | |
32820 | +DEBUG_NO_STATIC int | |
32821 | +pfkey_update_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
32822 | +{ | |
32823 | + int error = 0; | |
32824 | + struct tdb* tdbq; | |
32825 | + char sa[SATOA_BUF]; | |
32826 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
32827 | + struct sadb_msg *pfkey_reply = NULL; | |
32828 | + struct socket_list *pfkey_socketsp; | |
32829 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
32830 | + | |
32831 | + KLIPS_PRINT(debug_pfkey, | |
32832 | + "klips_debug:pfkey_update_parse: .\n"); | |
32833 | + | |
32834 | + pfkey_extensions_init(extensions_reply); | |
32835 | + | |
32836 | + if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { | |
32837 | + KLIPS_PRINT(debug_pfkey, | |
32838 | + "klips_debug:pfkey_update_parse: " | |
32839 | + "error, sa_state=%d must be MATURE=%d\n", | |
32840 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, | |
32841 | + SADB_SASTATE_MATURE); | |
32842 | + SENDERR(EINVAL); | |
32843 | + } | |
32844 | + | |
32845 | + if(!extr || !extr->tdb) { | |
32846 | + KLIPS_PRINT(debug_pfkey, | |
32847 | + "klips_debug:pfkey_update_parse: error, extr or extr->tdb pointer NULL\n"); | |
32848 | + SENDERR(EINVAL); | |
32849 | + } | |
32850 | + | |
32851 | + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF); | |
32852 | + | |
32853 | + spin_lock_bh(&tdb_lock); | |
32854 | + | |
32855 | + tdbq = gettdb(&(extr->tdb->tdb_said)); | |
32856 | + if (!tdbq) { | |
32857 | + spin_unlock_bh(&tdb_lock); | |
32858 | + KLIPS_PRINT(debug_pfkey, | |
32859 | + "klips_debug: pfkey_update_parse: reserved Tunnel Descriptor Block\n" | |
32860 | + "klips_debug: for SA: %s not found. Call SADB_GETSPI first or call SADB_ADD instead.\n", sa); | |
32861 | + SENDERR(EEXIST); | |
32862 | + } | |
32863 | + | |
32864 | + if(ip_chk_addr((unsigned long)extr->tdb->tdb_said.dst.s_addr) == IS_MYADDR) { | |
32865 | + extr->tdb->tdb_flags |= EMT_INBOUND; | |
32866 | + } | |
32867 | + | |
32868 | + KLIPS_PRINT(debug_pfkey, | |
32869 | + "klips_debug: pfkey_update_parse: existing Tunnel Descriptor Block found (this\n" | |
32870 | + "klips_debug: is good) for SA: %s, %s-bound, updating.\n", | |
32871 | + sa, extr->tdb->tdb_flags & EMT_INBOUND ? "in" : "out"); | |
32872 | + | |
32873 | + /* XXX extr->tdb->tdb_rcvif = &(enc_softc[em->em_if].enc_if);*/ | |
32874 | + extr->tdb->tdb_rcvif = NULL; | |
32875 | + if ((error = pfkey_tdb_init(extr->tdb, extensions))) { | |
32876 | + spin_unlock_bh(&tdb_lock); | |
32877 | + KLIPS_PRINT(debug_pfkey, | |
32878 | + "klips_debug:pfkey_update_parse: " | |
32879 | + "not successful for SA: %s, deleting.\n", sa); | |
32880 | + ipsec_tdbwipe(extr->tdb); | |
32881 | + SENDERR(-error); | |
32882 | + } | |
32883 | + | |
32884 | + extr->tdb->tdb_lifetime_addtime_c = tdbq->tdb_lifetime_addtime_c; | |
32885 | + if((error = deltdbchain(tdbq))) { | |
32886 | + spin_unlock_bh(&tdb_lock); | |
32887 | + KLIPS_PRINT(debug_pfkey, | |
32888 | + "klips_debug:pfkey_update_parse: " | |
32889 | + "error=%d, trouble deleting intermediate tdb for SA=%s.\n", | |
32890 | + error, sa); | |
32891 | + SENDERR(-error); | |
32892 | + } | |
32893 | + | |
32894 | + spin_unlock_bh(&tdb_lock); | |
32895 | + | |
32896 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
32897 | + SADB_UPDATE, | |
32898 | + satype, | |
32899 | + 0, | |
32900 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
32901 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
32902 | + extensions_reply) | |
32903 | + && pfkey_safe_build(error = pfkey_sa_build(&extensions_reply[SADB_EXT_SA], | |
32904 | + SADB_EXT_SA, | |
32905 | + extr->tdb->tdb_said.spi, | |
32906 | + extr->tdb->tdb_replaywin, | |
32907 | + extr->tdb->tdb_state, | |
32908 | + extr->tdb->tdb_authalg, | |
32909 | + extr->tdb->tdb_encalg, | |
32910 | + extr->tdb->tdb_flags), | |
32911 | + extensions_reply) | |
32912 | + /* FIXME: The 3 lifetime extentions should only be sent if | |
32913 | + non-zero. */ | |
32914 | + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT], | |
32915 | + SADB_EXT_LIFETIME_CURRENT, | |
32916 | + extr->tdb->tdb_lifetime_allocations_c, | |
32917 | + extr->tdb->tdb_lifetime_bytes_c, | |
32918 | + extr->tdb->tdb_lifetime_addtime_c, | |
32919 | + extr->tdb->tdb_lifetime_usetime_c), | |
32920 | + extensions) | |
32921 | + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD], | |
32922 | + SADB_EXT_LIFETIME_HARD, | |
32923 | + extr->tdb->tdb_lifetime_allocations_h, | |
32924 | + extr->tdb->tdb_lifetime_bytes_h, | |
32925 | + extr->tdb->tdb_lifetime_addtime_h, | |
32926 | + extr->tdb->tdb_lifetime_usetime_h), | |
32927 | + extensions) | |
32928 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
32929 | + SADB_EXT_ADDRESS_SRC, | |
32930 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
32931 | + 0, | |
32932 | + extr->tdb->tdb_addr_s), | |
32933 | + extensions_reply) | |
32934 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
32935 | + SADB_EXT_ADDRESS_DST, | |
32936 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
32937 | + 0, | |
32938 | + extr->tdb->tdb_addr_d), | |
32939 | + extensions_reply) | |
32940 | +#if 0 | |
32941 | + /* FIXME: This won't work yet because I have not finished | |
32942 | + it. */ | |
32943 | + && extr->tdb->tdb_ident_data_s ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC], | |
32944 | + SADB_EXT_IDENTITY_SRC, | |
32945 | + SADB_IDENTTYPE_PREFIX, | |
32946 | + 0, | |
32947 | + extr->tdb->tdb_ident_data_s), | |
32948 | + extensions_reply) : 1 | |
32949 | + /* FIXME: This won't work yet because I have not finished | |
32950 | + it. */ | |
32951 | + && extr->tdb->tdb_ident_data_d ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST], | |
32952 | + SADB_EXT_IDENTITY_DST, | |
32953 | + SADB_IDENTTYPE_PREFIX, | |
32954 | + 0, | |
32955 | + extr->tdb->tdb_ident_data_d), | |
32956 | + extensions_reply) : 1 | |
32957 | + /* FIXME: This won't work yet because I have not finished | |
32958 | + it. */ | |
32959 | + && extr->tdb->tdb_sens_ ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY], | |
32960 | + extr->tdb->tdb_sens_dpd, | |
32961 | + extr->tdb->tdb_sens_sens_level, | |
32962 | + extr->tdb->tdb_sens_sens_len, | |
32963 | + extr->tdb->tdb_sens_sens_bitmap, | |
32964 | + extr->tdb->tdb_sens_integ_level, | |
32965 | + extr->tdb->tdb_sens_integ_len, | |
32966 | + extr->tdb->tdb_sens_integ_bitmap), | |
32967 | + extensions_reply) : 1 | |
32968 | +#endif | |
32969 | + )) { | |
32970 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
32971 | + "failed to build the update reply message extensions\n"); | |
32972 | + goto errlab; | |
32973 | + } | |
32974 | + | |
32975 | + if((error = puttdb(extr->tdb))) { | |
32976 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
32977 | + "failed to add the mature SA with error=%d.\n", | |
32978 | + error); | |
32979 | + goto errlab; | |
32980 | + } | |
32981 | + | |
32982 | + KLIPS_PRINT(debug_pfkey, | |
32983 | + "klips_debug:pfkey_update_parse: successful for SA: %s\n", sa); | |
32984 | + | |
32985 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
32986 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
32987 | + "failed to build the update reply message\n"); | |
32988 | + goto errlab; | |
32989 | + } | |
32990 | + for(pfkey_socketsp = pfkey_open_sockets; | |
32991 | + pfkey_socketsp; | |
32992 | + pfkey_socketsp = pfkey_socketsp->next) { | |
32993 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
32994 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
32995 | + "sending up update reply message for satype=%d to socket=%p failed with error=%d.\n", | |
32996 | + satype, pfkey_socketsp->socketp, error); | |
32997 | + goto errlab; | |
32998 | + } | |
32999 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " | |
33000 | + "sending up update reply message for satype=%d to socket=%p succeeded.\n", | |
33001 | + satype, pfkey_socketsp->socketp); | |
33002 | + } | |
33003 | + | |
33004 | + errlab: | |
33005 | + if (pfkey_reply) { | |
33006 | + pfkey_msg_free(&pfkey_reply); | |
33007 | + } | |
33008 | + pfkey_extensions_free(extensions_reply); | |
33009 | + return error; | |
33010 | +} | |
33011 | + | |
33012 | +DEBUG_NO_STATIC int | |
33013 | +pfkey_add_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33014 | +{ | |
33015 | + int error = 0; | |
33016 | + struct tdb* tdbq; | |
33017 | + char sa[SATOA_BUF]; | |
33018 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
33019 | + struct sadb_msg *pfkey_reply = NULL; | |
33020 | + struct socket_list *pfkey_socketsp; | |
33021 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
33022 | + | |
33023 | + KLIPS_PRINT(debug_pfkey, | |
33024 | + "klips_debug:pfkey_add_parse: parsing add message\n"); | |
33025 | + | |
33026 | + pfkey_extensions_init(extensions_reply); | |
33027 | + | |
33028 | + if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { | |
33029 | + KLIPS_PRINT(debug_pfkey, | |
33030 | + "klips_debug:pfkey_add_parse: " | |
33031 | + "error, sa_state=%d must be MATURE=%d\n", | |
33032 | + ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, | |
33033 | + SADB_SASTATE_MATURE); | |
33034 | + SENDERR(EINVAL); | |
33035 | + } | |
33036 | + | |
33037 | + if(!extr || !extr->tdb) { | |
33038 | + KLIPS_PRINT(debug_pfkey, | |
33039 | + "klips_debug:pfkey_add_parse: extr or extr->tdb pointer NULL\n"); | |
33040 | + SENDERR(EINVAL); | |
33041 | + } | |
33042 | + | |
33043 | + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF); | |
33044 | + | |
33045 | + tdbq = gettdb(&(extr->tdb->tdb_said)); | |
33046 | + if (tdbq) { | |
33047 | + KLIPS_PRINT(debug_pfkey, | |
33048 | + "klips_debug:pfkey_add_parse: found an old Tunnel Descriptor Block\n" | |
33049 | + "klips_debug: for SA: %s, delete it first.\n", sa); | |
33050 | + SENDERR(EEXIST); | |
33051 | + } | |
33052 | + | |
33053 | + if(ip_chk_addr((unsigned long)extr->tdb->tdb_said.dst.s_addr) == IS_MYADDR) { | |
33054 | + extr->tdb->tdb_flags |= EMT_INBOUND; | |
33055 | + } | |
33056 | + | |
33057 | + KLIPS_PRINT(debug_pfkey, | |
33058 | + "klips_debug:pfkey_add_parse: existing Tunnel Descriptor Block not found (this\n" | |
33059 | + "klips_debug: is good) for SA: %s, %s-bound, allocating.\n", | |
33060 | + sa, extr->tdb->tdb_flags & EMT_INBOUND ? "in" : "out"); | |
33061 | + | |
33062 | + /* XXX extr->tdb->tdb_rcvif = &(enc_softc[em->em_if].enc_if);*/ | |
33063 | + extr->tdb->tdb_rcvif = NULL; | |
33064 | + | |
33065 | + if ((error = pfkey_tdb_init(extr->tdb, extensions))) { | |
33066 | + KLIPS_PRINT(debug_pfkey, | |
33067 | + "klips_debug:pfkey_add_parse: not successful for SA: %s, deleting.\n", sa); | |
33068 | + ipsec_tdbwipe(extr->tdb); | |
33069 | + goto errlab; | |
33070 | + } | |
33071 | + | |
33072 | + extr->tdb->tdb_lifetime_addtime_c = jiffies / HZ; | |
33073 | + if(!extr->tdb->tdb_lifetime_allocations_c) { | |
33074 | + extr->tdb->tdb_lifetime_allocations_c += 1; | |
33075 | + } | |
33076 | + | |
33077 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
33078 | + SADB_ADD, | |
33079 | + satype, | |
33080 | + 0, | |
33081 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
33082 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
33083 | + extensions_reply) | |
33084 | + && pfkey_safe_build(error = pfkey_sa_build(&extensions_reply[SADB_EXT_SA], | |
33085 | + SADB_EXT_SA, | |
33086 | + extr->tdb->tdb_said.spi, | |
33087 | + extr->tdb->tdb_replaywin, | |
33088 | + extr->tdb->tdb_state, | |
33089 | + extr->tdb->tdb_authalg, | |
33090 | + extr->tdb->tdb_encalg, | |
33091 | + extr->tdb->tdb_flags), | |
33092 | + extensions_reply) | |
33093 | + /* FIXME: The 3 lifetime extentions should only be sent if | |
33094 | + non-zero. */ | |
33095 | + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT], | |
33096 | + SADB_EXT_LIFETIME_CURRENT, | |
33097 | + extr->tdb->tdb_lifetime_allocations_c, | |
33098 | + extr->tdb->tdb_lifetime_bytes_c, | |
33099 | + extr->tdb->tdb_lifetime_addtime_c, | |
33100 | + extr->tdb->tdb_lifetime_usetime_c), | |
33101 | + extensions) | |
33102 | + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD], | |
33103 | + SADB_EXT_LIFETIME_HARD, | |
33104 | + extr->tdb->tdb_lifetime_allocations_h, | |
33105 | + extr->tdb->tdb_lifetime_bytes_h, | |
33106 | + extr->tdb->tdb_lifetime_addtime_h, | |
33107 | + extr->tdb->tdb_lifetime_usetime_h), | |
33108 | + extensions) | |
33109 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
33110 | + SADB_EXT_ADDRESS_SRC, | |
33111 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
33112 | + 0, | |
33113 | + extr->tdb->tdb_addr_s), | |
33114 | + extensions_reply) | |
33115 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
33116 | + SADB_EXT_ADDRESS_DST, | |
33117 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
33118 | + 0, | |
33119 | + extr->tdb->tdb_addr_d), | |
33120 | + extensions_reply) | |
33121 | +#if 0 | |
33122 | + /* FIXME: This won't work yet because I have not finished | |
33123 | + it. */ | |
33124 | + && extr->tdb->tdb_ident_data_s ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC], | |
33125 | + SADB_EXT_IDENTITY_SRC, | |
33126 | + SADB_IDENTTYPE_PREFIX, | |
33127 | + 0, | |
33128 | + extr->tdb->tdb_ident_data_s), | |
33129 | + extensions_reply) : 1 | |
33130 | + /* FIXME: This won't work yet because I have not finished | |
33131 | + it. */ | |
33132 | + && extr->tdb->tdb_ident_data_d ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST], | |
33133 | + SADB_EXT_IDENTITY_DST, | |
33134 | + SADB_IDENTTYPE_PREFIX, | |
33135 | + 0, | |
33136 | + extr->tdb->tdb_ident_data_d), | |
33137 | + extensions_reply) : 1 | |
33138 | + /* FIXME: This won't work yet because I have not finished | |
33139 | + it. */ | |
33140 | + && extr->tdb->tdb_sens_ ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY], | |
33141 | + extr->tdb->tdb_sens_dpd, | |
33142 | + extr->tdb->tdb_sens_sens_level, | |
33143 | + extr->tdb->tdb_sens_sens_len, | |
33144 | + extr->tdb->tdb_sens_sens_bitmap, | |
33145 | + extr->tdb->tdb_sens_integ_level, | |
33146 | + extr->tdb->tdb_sens_integ_len, | |
33147 | + extr->tdb->tdb_sens_integ_bitmap), | |
33148 | + extensions_reply) : 1 | |
33149 | +#endif | |
33150 | + )) { | |
33151 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
33152 | + "failed to build the add reply message extensions\n"); | |
33153 | + goto errlab; | |
33154 | + } | |
33155 | + | |
33156 | + if((error = puttdb(extr->tdb))) { | |
33157 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
33158 | + "failed to add the mature SA with error=%d.\n", | |
33159 | + error); | |
33160 | + goto errlab; | |
33161 | + } | |
33162 | + | |
33163 | + KLIPS_PRINT(debug_pfkey, | |
33164 | + "klips_debug:pfkey_add_parse: successful for SA: %s\n", sa); | |
33165 | + | |
33166 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
33167 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
33168 | + "failed to build the add reply message\n"); | |
33169 | + goto errlab; | |
33170 | + } | |
33171 | + for(pfkey_socketsp = pfkey_open_sockets; | |
33172 | + pfkey_socketsp; | |
33173 | + pfkey_socketsp = pfkey_socketsp->next) { | |
33174 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
33175 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
33176 | + "sending up add reply message for satype=%d to socket=%p failed with error=%d.\n", | |
33177 | + satype, pfkey_socketsp->socketp, error); | |
33178 | + goto errlab; | |
33179 | + } | |
33180 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " | |
33181 | + "sending up add reply message for satype=%d to socket=%p succeeded.\n", | |
33182 | + satype, pfkey_socketsp->socketp); | |
33183 | + } | |
33184 | + | |
33185 | + errlab: | |
33186 | + if (pfkey_reply) { | |
33187 | + pfkey_msg_free(&pfkey_reply); | |
33188 | + } | |
33189 | + pfkey_extensions_free(extensions_reply); | |
33190 | + return error; | |
33191 | +} | |
33192 | + | |
33193 | +DEBUG_NO_STATIC int | |
33194 | +pfkey_delete_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33195 | +{ | |
33196 | + struct tdb *tdbp; | |
33197 | + char sa[SATOA_BUF]; | |
33198 | + int error = 0; | |
33199 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
33200 | + struct sadb_msg *pfkey_reply = NULL; | |
33201 | + struct socket_list *pfkey_socketsp; | |
33202 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
33203 | + | |
33204 | + KLIPS_PRINT(debug_pfkey, | |
33205 | + "klips_debug:pfkey_delete_parse: .\n"); | |
33206 | + | |
33207 | + pfkey_extensions_init(extensions_reply); | |
33208 | + | |
33209 | + if(!extr || !extr->tdb) { | |
33210 | + KLIPS_PRINT(debug_pfkey, | |
33211 | + "klips_debug:pfkey_delete_parse: " | |
33212 | + "extr or extr->tdb pointer NULL, fatal\n"); | |
33213 | + SENDERR(EINVAL); | |
33214 | + } | |
33215 | + | |
33216 | + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF); | |
33217 | + | |
33218 | + spin_lock_bh(&tdb_lock); | |
33219 | + | |
33220 | + tdbp = gettdb(&(extr->tdb->tdb_said)); | |
33221 | + if (tdbp == NULL) { | |
33222 | + spin_unlock_bh(&tdb_lock); | |
33223 | + KLIPS_PRINT(debug_pfkey, | |
33224 | + "klips_debug:pfkey_delete_parse: " | |
33225 | + "Tunnel Descriptor Block not found for SA:%s, could not delete.\n", | |
33226 | + sa); | |
33227 | + SENDERR(ESRCH); | |
33228 | + } | |
33229 | + | |
33230 | + if((error = deltdbchain(tdbp))) { | |
33231 | + spin_unlock_bh(&tdb_lock); | |
33232 | + KLIPS_PRINT(debug_pfkey, | |
33233 | + "klips_debug:pfkey_delete_parse: " | |
33234 | + "error=%d returned trying to delete Tunnel Descriptor Block for SA:%s.\n", | |
33235 | + error, sa); | |
33236 | + SENDERR(-error); | |
33237 | + } | |
33238 | + spin_unlock_bh(&tdb_lock); | |
33239 | + | |
33240 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
33241 | + SADB_DELETE, | |
33242 | + satype, | |
33243 | + 0, | |
33244 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
33245 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
33246 | + extensions_reply) | |
33247 | + && pfkey_safe_build(error = pfkey_sa_build(&extensions_reply[SADB_EXT_SA], | |
33248 | + SADB_EXT_SA, | |
33249 | + extr->tdb->tdb_said.spi, | |
33250 | + 0, | |
33251 | + 0, | |
33252 | + 0, | |
33253 | + 0, | |
33254 | + 0), | |
33255 | + extensions_reply) | |
33256 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
33257 | + SADB_EXT_ADDRESS_SRC, | |
33258 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
33259 | + 0, | |
33260 | + extr->tdb->tdb_addr_s), | |
33261 | + extensions_reply) | |
33262 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
33263 | + SADB_EXT_ADDRESS_DST, | |
33264 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
33265 | + 0, | |
33266 | + extr->tdb->tdb_addr_d), | |
33267 | + extensions_reply) | |
33268 | + )) { | |
33269 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " | |
33270 | + "failed to build the delete reply message extensions\n"); | |
33271 | + goto errlab; | |
33272 | + } | |
33273 | + | |
33274 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
33275 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " | |
33276 | + "failed to build the delete reply message\n"); | |
33277 | + goto errlab; | |
33278 | + } | |
33279 | + for(pfkey_socketsp = pfkey_open_sockets; | |
33280 | + pfkey_socketsp; | |
33281 | + pfkey_socketsp = pfkey_socketsp->next) { | |
33282 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
33283 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " | |
33284 | + "sending up delete reply message for satype=%d to socket=%p failed with error=%d.\n", | |
33285 | + satype, pfkey_socketsp->socketp, error); | |
33286 | + goto errlab; | |
33287 | + } | |
33288 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " | |
33289 | + "sending up delete reply message for satype=%d to socket=%p succeeded.\n", | |
33290 | + satype, pfkey_socketsp->socketp); | |
33291 | + } | |
33292 | + | |
33293 | + errlab: | |
33294 | + ipsec_tdbwipe(extr->tdb); | |
33295 | + | |
33296 | + if (pfkey_reply) { | |
33297 | + pfkey_msg_free(&pfkey_reply); | |
33298 | + } | |
33299 | + pfkey_extensions_free(extensions_reply); | |
33300 | + return error; | |
33301 | +} | |
33302 | + | |
33303 | +DEBUG_NO_STATIC int | |
33304 | +pfkey_get_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33305 | +{ | |
33306 | + int error = 0; | |
33307 | + struct tdb *tdbp; | |
33308 | + char sa[SATOA_BUF]; | |
33309 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
33310 | + struct sadb_msg *pfkey_reply = NULL; | |
33311 | + | |
33312 | + KLIPS_PRINT(debug_pfkey, | |
33313 | + "klips_debug:pfkey_get_parse: .\n"); | |
33314 | + | |
33315 | + pfkey_extensions_init(extensions_reply); | |
33316 | + | |
33317 | + if(!extr || !extr->tdb) { | |
33318 | + KLIPS_PRINT(debug_pfkey, | |
33319 | + "klips_debug:pfkey_get_parse: " | |
33320 | + "extr or extr->tdb pointer NULL, fatal\n"); | |
33321 | + SENDERR(EINVAL); | |
33322 | + } | |
33323 | + | |
33324 | + satoa(extr->tdb->tdb_said, 0, sa, SATOA_BUF); | |
33325 | + | |
33326 | + spin_lock_bh(&tdb_lock); | |
33327 | + | |
33328 | + tdbp = gettdb(&(extr->tdb->tdb_said)); | |
33329 | + if (tdbp == NULL) { | |
33330 | + spin_unlock_bh(&tdb_lock); | |
33331 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
33332 | + "Tunnel Descriptor Block not found for SA=%s, could not get.\n", | |
33333 | + sa); | |
33334 | + SENDERR(ESRCH); | |
33335 | + } | |
33336 | + | |
33337 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
33338 | + SADB_GET, | |
33339 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype, | |
33340 | + 0, | |
33341 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
33342 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
33343 | + extensions_reply) | |
33344 | + && pfkey_safe_build(error = pfkey_sa_build(&extensions_reply[SADB_EXT_SA], | |
33345 | + SADB_EXT_SA, | |
33346 | + extr->tdb->tdb_said.spi, | |
33347 | + extr->tdb->tdb_replaywin, | |
33348 | + extr->tdb->tdb_state, | |
33349 | + extr->tdb->tdb_authalg, | |
33350 | + extr->tdb->tdb_encalg, | |
33351 | + extr->tdb->tdb_flags), | |
33352 | + extensions_reply) | |
33353 | + /* FIXME: The 3 lifetime extentions should only be sent if | |
33354 | + non-zero. */ | |
33355 | + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT], | |
33356 | + SADB_EXT_LIFETIME_CURRENT, | |
33357 | + tdbp->tdb_lifetime_allocations_c, | |
33358 | + tdbp->tdb_lifetime_bytes_c, | |
33359 | + tdbp->tdb_lifetime_addtime_c, | |
33360 | + tdbp->tdb_lifetime_usetime_c), | |
33361 | + extensions) | |
33362 | + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD], | |
33363 | + SADB_EXT_LIFETIME_HARD, | |
33364 | + tdbp->tdb_lifetime_allocations_h, | |
33365 | + tdbp->tdb_lifetime_bytes_h, | |
33366 | + tdbp->tdb_lifetime_addtime_h, | |
33367 | + tdbp->tdb_lifetime_usetime_h), | |
33368 | + extensions) | |
33369 | + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_SOFT], | |
33370 | + SADB_EXT_LIFETIME_SOFT, | |
33371 | + tdbp->tdb_lifetime_allocations_s, | |
33372 | + tdbp->tdb_lifetime_bytes_s, | |
33373 | + tdbp->tdb_lifetime_addtime_s, | |
33374 | + tdbp->tdb_lifetime_usetime_s), | |
33375 | + extensions) | |
33376 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], | |
33377 | + SADB_EXT_ADDRESS_SRC, | |
33378 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
33379 | + 0, | |
33380 | + extr->tdb->tdb_addr_s), | |
33381 | + extensions_reply) | |
33382 | + && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], | |
33383 | + SADB_EXT_ADDRESS_DST, | |
33384 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
33385 | + 0, | |
33386 | + extr->tdb->tdb_addr_d), | |
33387 | + extensions_reply) | |
33388 | + && extr->tdb->tdb_addr_d ? pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_PROXY], | |
33389 | + SADB_EXT_ADDRESS_PROXY, | |
33390 | + 0, /*extr->tdb->tdb_said.proto,*/ | |
33391 | + 0, | |
33392 | + extr->tdb->tdb_addr_p), | |
33393 | + extensions_reply) : 1 | |
33394 | +#if 0 | |
33395 | + /* FIXME: This won't work yet because the keys are not | |
33396 | + stored directly in the tdb. They are stored as | |
33397 | + contexts. */ | |
33398 | + && extr->tdb->tdb_key_a_size ? pfkey_safe_build(error = pfkey_key_build(&extensions_reply[SADB_EXT_KEY_AUTH], | |
33399 | + SADB_EXT_KEY_AUTH, | |
33400 | + extr->tdb->tdb_key_a_size * 8, | |
33401 | + extr->tdb->tdb_key_a), | |
33402 | + extensions_reply) | |
33403 | + /* FIXME: This won't work yet because the keys are not | |
33404 | + stored directly in the tdb. They are stored as | |
33405 | + key schedules. */ | |
33406 | + && extr->tdb->tdb_key_e_size ? pfkey_safe_build(error = pfkey_key_build(&extensions_reply[SADB_EXT_KEY_ENCRYPT], | |
33407 | + SADB_EXT_KEY_ENCRYPT, | |
33408 | + extr->tdb->tdb_key_e_size * 8, | |
33409 | + extr->tdb->tdb_key_e), | |
33410 | + extensions_reply) : 1 | |
33411 | + /* FIXME: This won't work yet because I have not finished | |
33412 | + it. */ | |
33413 | + && extr->tdb->tdb_ident_data_s ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC], | |
33414 | + SADB_EXT_IDENTITY_SRC, | |
33415 | + SADB_IDENTTYPE_PREFIX, | |
33416 | + 0, | |
33417 | + extr->tdb->tdb_ident_data_s), | |
33418 | + extensions_reply) : 1 | |
33419 | + /* FIXME: This won't work yet because I have not finished | |
33420 | + it. */ | |
33421 | + && extr->tdb->tdb_ident_data_d ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST], | |
33422 | + SADB_EXT_IDENTITY_DST, | |
33423 | + SADB_IDENTTYPE_PREFIX, | |
33424 | + 0, | |
33425 | + extr->tdb->tdb_ident_data_d), | |
33426 | + extensions_reply) : 1 | |
33427 | + /* FIXME: This won't work yet because I have not finished | |
33428 | + it. */ | |
33429 | + && extr->tdb->tdb_sens_ ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY], | |
33430 | + extr->tdb->tdb_sens_dpd, | |
33431 | + extr->tdb->tdb_sens_sens_level, | |
33432 | + extr->tdb->tdb_sens_sens_len, | |
33433 | + extr->tdb->tdb_sens_sens_bitmap, | |
33434 | + extr->tdb->tdb_sens_integ_level, | |
33435 | + extr->tdb->tdb_sens_integ_len, | |
33436 | + extr->tdb->tdb_sens_integ_bitmap), | |
33437 | + extensions_reply) : 1 | |
33438 | +#endif | |
33439 | + )) { | |
33440 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
33441 | + "failed to build the get reply message extensions\n"); | |
33442 | + spin_unlock_bh(&tdb_lock); | |
33443 | + goto errlab; | |
33444 | + } | |
33445 | + | |
33446 | + spin_unlock_bh(&tdb_lock); | |
33447 | + | |
33448 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
33449 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
33450 | + "failed to build the get reply message\n"); | |
33451 | + goto errlab; | |
33452 | + } | |
33453 | + | |
33454 | + if((error = pfkey_upmsg(sk->socket, pfkey_reply))) { | |
33455 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
33456 | + "failed to send the get reply message\n"); | |
33457 | + goto errlab; | |
33458 | + } | |
33459 | + | |
33460 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " | |
33461 | + "succeeded in sending get reply message.\n"); | |
33462 | + | |
33463 | + errlab: | |
33464 | + if (pfkey_reply) { | |
33465 | + pfkey_msg_free(&pfkey_reply); | |
33466 | + } | |
33467 | + pfkey_extensions_free(extensions_reply); | |
33468 | + return error; | |
33469 | +} | |
33470 | + | |
33471 | +DEBUG_NO_STATIC int | |
33472 | +pfkey_acquire_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33473 | +{ | |
33474 | + int error = 0; | |
33475 | + struct socket_list *pfkey_socketsp; | |
33476 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
33477 | + | |
33478 | + KLIPS_PRINT(debug_pfkey, | |
33479 | + "klips_debug:pfkey_acquire_parse: .\n"); | |
33480 | + | |
33481 | + /* I don't know if we want an upper bound, since userspace may | |
33482 | + want to register itself for an satype > SADB_SATYPE_MAX. */ | |
33483 | + if((satype == 0) || (satype > SADB_SATYPE_MAX)) { | |
33484 | + KLIPS_PRINT(debug_pfkey, | |
33485 | + "klips_debug:pfkey_acquire_parse: " | |
33486 | + "SATYPE=%d invalid.\n", | |
33487 | + satype); | |
33488 | + SENDERR(EINVAL); | |
33489 | + } | |
33490 | + | |
33491 | + if(!(pfkey_registered_sockets[satype])) { | |
33492 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: " | |
33493 | + "no sockets registered for SAtype=%d.\n", | |
33494 | + satype); | |
33495 | + SENDERR(EPROTONOSUPPORT); | |
33496 | + } | |
33497 | + | |
33498 | + for(pfkey_socketsp = pfkey_registered_sockets[satype]; | |
33499 | + pfkey_socketsp; | |
33500 | + pfkey_socketsp = pfkey_socketsp->next) { | |
33501 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, | |
33502 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) { | |
33503 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: " | |
33504 | + "sending up acquire reply message for satype=%d to socket=%p failed with error=%d.\n", | |
33505 | + satype, pfkey_socketsp->socketp, error); | |
33506 | + goto errlab; | |
33507 | + } | |
33508 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: " | |
33509 | + "sending up acquire reply message for satype=%d to socket=%p succeeded.\n", | |
33510 | + satype, pfkey_socketsp->socketp); | |
33511 | + } | |
33512 | + | |
33513 | + errlab: | |
33514 | + return error; | |
33515 | +} | |
33516 | + | |
33517 | +DEBUG_NO_STATIC int | |
33518 | +pfkey_register_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33519 | +{ | |
33520 | + unsigned int alg_num_a = 0, alg_num_e = 0; | |
33521 | + struct sadb_alg *alg_a = NULL, *alg_e = NULL, *alg_ap = NULL, *alg_ep = NULL; | |
33522 | + struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; | |
33523 | + struct sadb_msg *pfkey_reply = NULL; | |
33524 | + struct supported_list *pfkey_supported_listp; | |
33525 | + struct socket_list *pfkey_socketsp; | |
33526 | + int error = 0; | |
33527 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
33528 | + | |
33529 | + KLIPS_PRINT(debug_pfkey, | |
33530 | + "klips_debug:pfkey_register_parse: .\n"); | |
33531 | + | |
33532 | + pfkey_extensions_init(extensions_reply); | |
33533 | + | |
33534 | + /* I don't know if we want an upper bound, since userspace may | |
33535 | + want to register itself for an satype > SADB_SATYPE_MAX. */ | |
33536 | + if((satype == 0) || (satype > SADB_SATYPE_MAX)) { | |
33537 | + KLIPS_PRINT(debug_pfkey, | |
33538 | + "klips_debug:pfkey_register_parse: " | |
33539 | + "SATYPE=%d invalid.\n", | |
33540 | + satype); | |
33541 | + SENDERR(EINVAL); | |
33542 | + } | |
33543 | + | |
33544 | + if(!pfkey_list_insert_socket(sk->socket, | |
33545 | + &(pfkey_registered_sockets[satype]))) { | |
33546 | + KLIPS_PRINT(1 || debug_pfkey, | |
33547 | + "klips_debug:pfkey_register_parse: " | |
33548 | + "SATYPE=%02d successfully registered by KMd on pid=%d.\n", | |
33549 | + satype, key_pid(sk)); | |
33550 | + }; | |
33551 | + | |
33552 | + /* send up register msg with supported SATYPE algos */ | |
33553 | + pfkey_supported_listp = pfkey_supported_list[satype]; | |
33554 | + KLIPS_PRINT(debug_pfkey, | |
33555 | + "klips_debug:pfkey_register_parse: " | |
33556 | + "pfkey_supported_list[%d]=%p\n", | |
33557 | + satype, | |
33558 | + pfkey_supported_list[satype]); | |
33559 | + while(pfkey_supported_listp) { | |
33560 | + KLIPS_PRINT(debug_pfkey, | |
33561 | + "klips_debug:pfkey_register_parse: " | |
33562 | + "checking supported=%p\n", | |
33563 | + pfkey_supported_listp); | |
33564 | + if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_AUTH) { | |
33565 | + KLIPS_PRINT(debug_pfkey, | |
33566 | + "klips_debug:pfkey_register_parse: " | |
33567 | + "adding auth alg.\n"); | |
33568 | + alg_num_a++; | |
33569 | + } | |
33570 | + if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_ENCRYPT) { | |
33571 | + KLIPS_PRINT(debug_pfkey, | |
33572 | + "klips_debug:pfkey_register_parse: " | |
33573 | + "adding encrypt alg.\n"); | |
33574 | + alg_num_e++; | |
33575 | + } | |
33576 | + pfkey_supported_listp = pfkey_supported_listp->next; | |
33577 | + } | |
33578 | + | |
33579 | + if(alg_num_a) { | |
33580 | + if((alg_a = kmalloc(alg_num_a * sizeof(struct sadb_alg), GFP_ATOMIC) ) == NULL) { | |
33581 | + KLIPS_PRINT(debug_pfkey, | |
33582 | + "klips_debug:pfkey_register_parse: auth alg memory allocation error\n"); | |
33583 | + SENDERR(ENOMEM); | |
33584 | + } | |
33585 | + alg_ap = alg_a; | |
33586 | + } | |
33587 | + | |
33588 | + if(alg_num_e) { | |
33589 | + if((alg_e = kmalloc(alg_num_e * sizeof(struct sadb_alg), GFP_ATOMIC) ) == NULL) { | |
33590 | + KLIPS_PRINT(debug_pfkey, | |
33591 | + "klips_debug:pfkey_register_parse: enc alg memory allocation error\n"); | |
33592 | + SENDERR(ENOMEM); | |
33593 | + } | |
33594 | + alg_ep = alg_e; | |
33595 | + } | |
33596 | + | |
33597 | + pfkey_supported_listp = pfkey_supported_list[satype]; | |
33598 | + while(pfkey_supported_listp) { | |
33599 | + if(alg_num_a) { | |
33600 | + if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_AUTH) { | |
33601 | + alg_ap->sadb_alg_id = pfkey_supported_listp->supportedp->supported_alg_id; | |
33602 | + alg_ap->sadb_alg_ivlen = pfkey_supported_listp->supportedp->supported_alg_ivlen; | |
33603 | + alg_ap->sadb_alg_minbits = pfkey_supported_listp->supportedp->supported_alg_minbits; | |
33604 | + alg_ap->sadb_alg_maxbits = pfkey_supported_listp->supportedp->supported_alg_maxbits; | |
33605 | + alg_ap->sadb_alg_reserved = 0; | |
33606 | + KLIPS_PRINT(debug_pfkey, | |
33607 | + "klips_debug:pfkey_register_parse: " | |
33608 | + "adding auth=%p\n", | |
33609 | + alg_ap); | |
33610 | + alg_ap++; | |
33611 | + } | |
33612 | + } | |
33613 | + if(alg_num_e) { | |
33614 | + if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_ENCRYPT) { | |
33615 | + alg_ep->sadb_alg_id = pfkey_supported_listp->supportedp->supported_alg_id; | |
33616 | + alg_ep->sadb_alg_ivlen = pfkey_supported_listp->supportedp->supported_alg_ivlen; | |
33617 | + alg_ep->sadb_alg_minbits = pfkey_supported_listp->supportedp->supported_alg_minbits; | |
33618 | + alg_ep->sadb_alg_maxbits = pfkey_supported_listp->supportedp->supported_alg_maxbits; | |
33619 | + alg_ep->sadb_alg_reserved = 0; | |
33620 | + KLIPS_PRINT(debug_pfkey, | |
33621 | + "klips_debug:pfkey_register_parse: " | |
33622 | + "adding encrypt=%p\n", | |
33623 | + alg_ep); | |
33624 | + alg_ep++; | |
33625 | + } | |
33626 | + } | |
33627 | + KLIPS_PRINT(debug_pfkey, | |
33628 | + "klips_debug:pfkey_register_parse: " | |
33629 | + "found satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n", | |
33630 | + satype, | |
33631 | + pfkey_supported_listp->supportedp->supported_alg_exttype, | |
33632 | + pfkey_supported_listp->supportedp->supported_alg_id, | |
33633 | + pfkey_supported_listp->supportedp->supported_alg_ivlen, | |
33634 | + pfkey_supported_listp->supportedp->supported_alg_minbits, | |
33635 | + pfkey_supported_listp->supportedp->supported_alg_maxbits); | |
33636 | + pfkey_supported_listp = pfkey_supported_listp->next; | |
33637 | + } | |
33638 | + | |
33639 | + if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], | |
33640 | + SADB_REGISTER, | |
33641 | + satype, | |
33642 | + 0, | |
33643 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, | |
33644 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), | |
33645 | + extensions_reply) && | |
33646 | + (alg_num_a ? pfkey_safe_build(error = pfkey_supported_build(&extensions_reply[SADB_EXT_SUPPORTED_AUTH], | |
33647 | + SADB_EXT_SUPPORTED_AUTH, | |
33648 | + alg_num_a, | |
33649 | + alg_a), | |
33650 | + extensions_reply) : 1) && | |
33651 | + (alg_num_e ? pfkey_safe_build(error = pfkey_supported_build(&extensions_reply[SADB_EXT_SUPPORTED_ENCRYPT], | |
33652 | + SADB_EXT_SUPPORTED_ENCRYPT, | |
33653 | + alg_num_e, | |
33654 | + alg_e), | |
33655 | + extensions_reply) : 1))) { | |
33656 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_parse: " | |
33657 | + "failed to build the register message extensions\n"); | |
33658 | + goto errlab; | |
33659 | + } | |
33660 | + | |
33661 | + if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { | |
33662 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_parse: " | |
33663 | + "failed to build the register message\n"); | |
33664 | + goto errlab; | |
33665 | + } | |
33666 | + for(pfkey_socketsp = pfkey_registered_sockets[satype]; | |
33667 | + pfkey_socketsp; | |
33668 | + pfkey_socketsp = pfkey_socketsp->next) { | |
33669 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { | |
33670 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_parse: " | |
33671 | + "sending up register reply message for satype=%d to socket=%p failed with error=%d.\n", | |
33672 | + satype, pfkey_socketsp->socketp, error); | |
33673 | + goto errlab; | |
33674 | + } | |
33675 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_parse: " | |
33676 | + "sending up register reply message for satype=%d to socket=%p succeeded.\n", | |
33677 | + satype, pfkey_socketsp->socketp); | |
33678 | + } | |
33679 | + | |
33680 | + errlab: | |
33681 | + if (pfkey_reply) { | |
33682 | + pfkey_msg_free(&pfkey_reply); | |
33683 | + } | |
33684 | + pfkey_extensions_free(extensions_reply); | |
33685 | + return error; | |
33686 | +} | |
33687 | + | |
33688 | +DEBUG_NO_STATIC int | |
33689 | +pfkey_expire_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33690 | +{ | |
33691 | + int error = 0; | |
33692 | + struct socket_list *pfkey_socketsp; | |
33693 | +#ifdef CONFIG_IPSEC_DEBUG | |
33694 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
33695 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
33696 | + | |
33697 | + KLIPS_PRINT(debug_pfkey, | |
33698 | + "klips_debug:pfkey_expire_parse: .\n"); | |
33699 | + | |
33700 | + if(pfkey_open_sockets) { | |
33701 | + for(pfkey_socketsp = pfkey_open_sockets; | |
33702 | + pfkey_socketsp; | |
33703 | + pfkey_socketsp = pfkey_socketsp->next) { | |
33704 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, | |
33705 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) { | |
33706 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire_parse: " | |
33707 | + "sending up expire reply message for satype=%d to socket=%p failed with error=%d.\n", | |
33708 | + satype, pfkey_socketsp->socketp, error); | |
33709 | + goto errlab; | |
33710 | + } | |
33711 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire_parse: " | |
33712 | + "sending up expire reply message for satype=%d to socket=%p succeeded.\n", | |
33713 | + satype, pfkey_socketsp->socketp); | |
33714 | + } | |
33715 | + } | |
33716 | + | |
33717 | + errlab: | |
33718 | + return error; | |
33719 | +} | |
33720 | + | |
33721 | +DEBUG_NO_STATIC int | |
33722 | +pfkey_flush_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33723 | +{ | |
33724 | + int error = 0; | |
33725 | + struct socket_list *pfkey_socketsp; | |
33726 | + uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; | |
33727 | + | |
33728 | + KLIPS_PRINT(debug_pfkey, | |
33729 | + "klips_debug:pfkey_flush_parse: " | |
33730 | + "flushing type %d SAs\n", | |
33731 | + satype); | |
33732 | + | |
33733 | + if ((error = ipsec_tdbcleanup(satype))) | |
33734 | + SENDERR(-error); | |
33735 | + | |
33736 | + if(pfkey_open_sockets) { | |
33737 | + for(pfkey_socketsp = pfkey_open_sockets; | |
33738 | + pfkey_socketsp; | |
33739 | + pfkey_socketsp = pfkey_socketsp->next) { | |
33740 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, | |
33741 | + ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) { | |
33742 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_flush_parse: " | |
33743 | + "sending up flush reply message for satype=%d to socket=%p failed with error=%d.\n", | |
33744 | + satype, | |
33745 | + pfkey_socketsp->socketp, | |
33746 | + error); | |
33747 | + goto errlab; | |
33748 | + } | |
33749 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_flush_parse: " | |
33750 | + "sending up flush reply message for satype=%d to socket=%p succeeded.\n", | |
33751 | + satype, | |
33752 | + pfkey_socketsp->socketp); | |
33753 | + } | |
33754 | + } | |
33755 | + | |
33756 | + errlab: | |
33757 | + return error; | |
33758 | +} | |
33759 | + | |
33760 | +DEBUG_NO_STATIC int | |
33761 | +pfkey_dump_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33762 | +{ | |
33763 | + int error = 0; | |
33764 | + | |
33765 | + KLIPS_PRINT(debug_pfkey, | |
33766 | + "klips_debug:pfkey_dump_parse: .\n"); | |
33767 | + | |
33768 | + SENDERR(ENOSYS); | |
33769 | + errlab: | |
33770 | + return error; | |
33771 | +} | |
33772 | + | |
33773 | +DEBUG_NO_STATIC int | |
33774 | +pfkey_x_promisc_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33775 | +{ | |
33776 | + int error = 0; | |
33777 | + | |
33778 | + KLIPS_PRINT(debug_pfkey, | |
33779 | + "klips_debug:pfkey_promisc_parse: .\n"); | |
33780 | + | |
33781 | + SENDERR(ENOSYS); | |
33782 | + errlab: | |
33783 | + return error; | |
33784 | +} | |
33785 | + | |
33786 | +DEBUG_NO_STATIC int | |
33787 | +pfkey_x_pchange_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33788 | +{ | |
33789 | + int error = 0; | |
33790 | + | |
33791 | + KLIPS_PRINT(debug_pfkey, | |
33792 | + "klips_debug:pfkey_x_pchange_parse: .\n"); | |
33793 | + | |
33794 | + SENDERR(ENOSYS); | |
33795 | + errlab: | |
33796 | + return error; | |
33797 | +} | |
33798 | + | |
33799 | +DEBUG_NO_STATIC int | |
33800 | +pfkey_x_grpsa_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33801 | +{ | |
33802 | + struct tdb *tdb1p, *tdb2p, *tdbp; | |
33803 | + char sa1[SATOA_BUF], sa2[SATOA_BUF]; | |
33804 | + int error = 0; | |
33805 | + | |
33806 | + KLIPS_PRINT(debug_pfkey, | |
33807 | + "klips_debug:pfkey_x_grpsa_parse: .\n"); | |
33808 | + | |
33809 | + spin_lock_bh(&tdb_lock); | |
33810 | + | |
33811 | + if(!extr || !extr->tdb) { | |
33812 | + KLIPS_PRINT(debug_pfkey, | |
33813 | + "klips_debug:pfkey_x_grpsa_parse: " | |
33814 | + "extr or extr->tdb is NULL, fatal.\n"); | |
33815 | + SENDERR(EINVAL); | |
33816 | + } | |
33817 | + | |
33818 | + satoa(extr->tdb->tdb_said, 0, sa1, SATOA_BUF); | |
33819 | + if(extr->tdb2) { | |
33820 | + satoa(extr->tdb2->tdb_said, 0, sa2, SATOA_BUF); | |
33821 | + } | |
33822 | + | |
33823 | + if(!(tdb1p = gettdb(&(extr->tdb->tdb_said)))) { | |
33824 | + KLIPS_PRINT(debug_pfkey, | |
33825 | + "klips_debug: pfkey_x_grpsa_parse: reserved Tunnel Descriptor Block\n" | |
33826 | + "klips_debug: for SA: %s not found. Call SADB_ADD/UPDATE first.\n", sa1); | |
33827 | + SENDERR(EEXIST); | |
33828 | + } | |
33829 | + if(extr->tdb2) { /* GRPSA */ | |
33830 | + if(!(tdb2p = gettdb(&(extr->tdb2->tdb_said)))) { | |
33831 | + KLIPS_PRINT(debug_pfkey, | |
33832 | + "klips_debug: pfkey_x_grpsa_parse: reserved Tunnel Descriptor Block\n" | |
33833 | + "klips_debug: for SA: %s not found. Call SADB_ADD/UPDATE first.\n", sa2); | |
33834 | + SENDERR(EEXIST); | |
33835 | + } | |
33836 | + | |
33837 | + /* Is either one already linked? */ | |
33838 | + if(tdb1p->tdb_onext) { | |
33839 | + KLIPS_PRINT(debug_pfkey, | |
33840 | + "klips_debug: pfkey_x_grpsa_parse: Tunnel Descriptor Block\n" | |
33841 | + "klips_debug: for SA: %s is already linked.\n", sa1); | |
33842 | + SENDERR(EEXIST); | |
33843 | + } | |
33844 | + if(tdb2p->tdb_inext) { | |
33845 | + KLIPS_PRINT(debug_pfkey, | |
33846 | + "klips_debug: pfkey_x_grpsa_parse: Tunnel Descriptor Block\n" | |
33847 | + "klips_debug: for SA: %s is already linked.\n", sa2); | |
33848 | + SENDERR(EEXIST); | |
33849 | + } | |
33850 | + | |
33851 | + /* Is extr->tdb already linked to extr->tdb2? */ | |
33852 | + tdbp = tdb2p; | |
33853 | + while(tdbp) { | |
33854 | + if(tdbp == tdb1p) { | |
33855 | + SENDERR(EEXIST); | |
33856 | + } | |
33857 | + tdbp = tdb2p->tdb_onext; | |
33858 | + } | |
33859 | + | |
33860 | + /* link 'em */ | |
33861 | + tdb1p->tdb_onext = tdb2p; | |
33862 | + tdb2p->tdb_inext = tdb1p; | |
33863 | + } else { /* UNGRPSA */ | |
33864 | + while(tdb1p->tdb_onext) { | |
33865 | + tdb1p = tdb1p->tdb_onext; | |
33866 | + } | |
33867 | + while(tdb1p->tdb_inext) { | |
33868 | + tdbp = tdb1p; | |
33869 | + tdb1p = tdb1p->tdb_inext; | |
33870 | + tdbp->tdb_inext = NULL; | |
33871 | + tdb1p->tdb_onext = NULL; | |
33872 | + } | |
33873 | + } | |
33874 | + | |
33875 | + errlab: | |
33876 | + spin_unlock_bh(&tdb_lock); | |
33877 | + | |
33878 | + ipsec_tdbwipe(extr->tdb); | |
33879 | + if(extr->tdb2) { | |
33880 | + ipsec_tdbwipe(extr->tdb2); | |
33881 | + } | |
33882 | + | |
33883 | + return error; | |
33884 | +} | |
33885 | + | |
33886 | +DEBUG_NO_STATIC int | |
33887 | +pfkey_x_addflow_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33888 | +{ | |
33889 | + int error = 0; | |
33890 | +#ifdef CONFIG_IPSEC_DEBUG | |
33891 | + char buf1[64], buf2[64]; | |
33892 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
33893 | + | |
33894 | + KLIPS_PRINT(debug_pfkey, | |
33895 | + "klips_debug:pfkey_x_addflow_parse: .\n"); | |
33896 | + | |
33897 | + if(!extr || !(extr->tdb) || !(extr->eroute)) { | |
33898 | + KLIPS_PRINT(debug_pfkey, | |
33899 | + "klips_debug:pfkey_x_addflow_parse: " | |
33900 | + "missing extr, tdb or eroute data.\n"); | |
33901 | + SENDERR(EINVAL); | |
33902 | + } | |
33903 | + | |
33904 | +#ifdef CONFIG_IPSEC_DEBUG | |
33905 | + if (debug_pfkey) { | |
33906 | + subnettoa(extr->eroute->er_eaddr.sen_ip_src, | |
33907 | + extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); | |
33908 | + subnettoa(extr->eroute->er_eaddr.sen_ip_dst, | |
33909 | + extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); | |
33910 | + KLIPS_PRINT(debug_pfkey, | |
33911 | + "klips_debug:pfkey_x_addflow_parse: " | |
33912 | + "calling breakeroute and/or makeroute for %s->%s\n", | |
33913 | + buf1, buf2); | |
33914 | + } | |
33915 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
33916 | + if(extr->tdb->tdb_flags & SADB_X_SAFLAGS_REPLACEFLOW) { | |
33917 | + KLIPS_PRINT(debug_pfkey, | |
33918 | + "klips_debug:pfkey_x_addflow_parse: " | |
33919 | + "REPLACEFLOW flag set, calling breakeroute.\n"); | |
33920 | + if ((error = ipsec_breakroute(&(extr->eroute->er_eaddr), | |
33921 | + &(extr->eroute->er_emask))) == EINVAL) { | |
33922 | + KLIPS_PRINT(debug_pfkey, | |
33923 | + "klips_debug:pfkey_x_addflow_parse: " | |
33924 | + "breakeroute returned %d.\n", error); | |
33925 | + SENDERR(-error); | |
33926 | + } | |
33927 | + } | |
33928 | + | |
33929 | + KLIPS_PRINT(debug_pfkey, | |
33930 | + "klips_debug:pfkey_x_addflow_parse: " | |
33931 | + "calling makeroute.\n"); | |
33932 | + | |
33933 | + if ((error = ipsec_makeroute(&(extr->eroute->er_eaddr), | |
33934 | + &(extr->eroute->er_emask), | |
33935 | + extr->tdb->tdb_said))) { | |
33936 | + KLIPS_PRINT(debug_pfkey, | |
33937 | + "klips_debug:pfkey_x_addflow_parse: " | |
33938 | + "makeroute returned %d.\n", error); | |
33939 | + SENDERR(-error); | |
33940 | + } | |
33941 | + | |
33942 | + KLIPS_PRINT(debug_pfkey, | |
33943 | + "klips_debug:pfkey_x_addflow_parse: " | |
33944 | + "makeroute call successful.\n"); | |
33945 | + | |
33946 | + ipsec_tdbwipe(extr->tdb); | |
33947 | + | |
33948 | + KLIPS_PRINT(debug_pfkey, | |
33949 | + "klips_debug:pfkey_x_addflow_parse: " | |
33950 | + "extr->tdb cleaned up and freed.\n"); | |
33951 | + | |
33952 | + errlab: | |
33953 | + return error; | |
33954 | +} | |
33955 | + | |
33956 | +DEBUG_NO_STATIC int | |
33957 | +pfkey_x_delflow_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
33958 | +{ | |
33959 | + int error = 0; | |
33960 | +#ifdef CONFIG_IPSEC_DEBUG | |
33961 | + char buf1[64], buf2[64]; | |
33962 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
33963 | + | |
33964 | + KLIPS_PRINT(debug_pfkey, | |
33965 | + "klips_debug:pfkey_x_delflow_parse: .\n"); | |
33966 | + | |
33967 | + if(!extr || !(extr->tdb)) { | |
33968 | + KLIPS_PRINT(debug_pfkey, | |
33969 | + "klips_debug:pfkey_x_delflow_parse: " | |
33970 | + "extr, or extr->tdb is NULL, fatal\n"); | |
33971 | + SENDERR(EINVAL); | |
33972 | + } | |
33973 | + | |
33974 | + if(extr->tdb->tdb_flags & SADB_X_SAFLAGS_CLEARFLOW) { | |
33975 | + KLIPS_PRINT(debug_pfkey, | |
33976 | + "klips_debug:pfkey_x_delflow_parse: " | |
33977 | + "CLEARFLOW flag set, calling cleareroutes.\n"); | |
33978 | + if ((error = ipsec_cleareroutes())) | |
33979 | + KLIPS_PRINT(debug_pfkey, | |
33980 | + "klips_debug:pfkey_x_delflow_parse: " | |
33981 | + "cleareroutes returned %d.\n", error); | |
33982 | + SENDERR(-error); | |
33983 | + } else { | |
33984 | + if(!(extr->eroute)) { | |
33985 | + KLIPS_PRINT(debug_pfkey, | |
33986 | + "klips_debug:pfkey_x_delflow_parse: " | |
33987 | + "extr->eroute is NULL, fatal.\n"); | |
33988 | + SENDERR(EINVAL); | |
33989 | + } | |
33990 | + | |
33991 | +#ifdef CONFIG_IPSEC_DEBUG | |
33992 | + if (debug_pfkey) { | |
33993 | + subnettoa(extr->eroute->er_eaddr.sen_ip_src, | |
33994 | + extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); | |
33995 | + subnettoa(extr->eroute->er_eaddr.sen_ip_dst, | |
33996 | + extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); | |
33997 | + KLIPS_PRINT(debug_pfkey, | |
33998 | + "klips_debug:pfkey_x_delflow_parse: " | |
33999 | + "calling breakeroute for %s->%s\n", | |
34000 | + buf1, buf2); | |
34001 | + } | |
34002 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
34003 | + if((error = ipsec_breakroute(&(extr->eroute->er_eaddr), | |
34004 | + &(extr->eroute->er_emask)))) { | |
34005 | + KLIPS_PRINT(debug_pfkey, | |
34006 | + "klips_debug:pfkey_x_delflow_parse: " | |
34007 | + "breakeroute returned %d.\n", error); | |
34008 | + SENDERR(-error); | |
34009 | + } | |
34010 | + } | |
34011 | + | |
34012 | + ipsec_tdbwipe(extr->tdb); | |
34013 | + | |
34014 | + KLIPS_PRINT(debug_pfkey, | |
34015 | + "klips_debug:pfkey_x_delflow_parse: " | |
34016 | + "extr->tdb cleaned up and freed.\n"); | |
34017 | + | |
34018 | + errlab: | |
34019 | + return error; | |
34020 | +} | |
34021 | + | |
34022 | +DEBUG_NO_STATIC int | |
34023 | +pfkey_x_msg_debug_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) | |
34024 | +{ | |
34025 | + int error = 0; | |
34026 | + | |
34027 | + KLIPS_PRINT(debug_pfkey, | |
34028 | + "klips_debug:pfkey_x_msg_debug_parse: .\n"); | |
34029 | + | |
34030 | +/* errlab:*/ | |
34031 | + return error; | |
34032 | +} | |
34033 | + | |
34034 | + | |
34035 | +int | |
34036 | +pfkey_expire(struct tdb *tdbp, int hard) | |
34037 | +{ | |
34038 | + struct sadb_ext *extensions[SADB_EXT_MAX+1]; | |
34039 | + struct sadb_msg *pfkey_msg = NULL; | |
34040 | + struct socket_list *pfkey_socketsp; | |
34041 | + int error = 0; | |
34042 | + uint8_t satype = proto2satype(tdbp->tdb_said.proto); | |
34043 | + | |
34044 | + pfkey_extensions_init(extensions); | |
34045 | + | |
34046 | + if(!pfkey_open_sockets) { | |
34047 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " | |
34048 | + "no sockets listening.\n"); | |
34049 | + SENDERR(EPROTONOSUPPORT); | |
34050 | + } | |
34051 | + | |
34052 | + spin_lock(&tdb_lock); | |
34053 | + if (!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions[0], | |
34054 | + SADB_EXPIRE, | |
34055 | + satype, | |
34056 | + 0, | |
34057 | + ++pfkey_msg_seq, | |
34058 | + 0), | |
34059 | + extensions) | |
34060 | + && pfkey_safe_build(error = pfkey_sa_build(&extensions[SADB_EXT_SA], | |
34061 | + SADB_EXT_SA, | |
34062 | + tdbp->tdb_said.spi, | |
34063 | + tdbp->tdb_replaywin, | |
34064 | + tdbp->tdb_state, | |
34065 | + tdbp->tdb_authalg, | |
34066 | + tdbp->tdb_encalg, | |
34067 | + tdbp->tdb_flags), | |
34068 | + extensions) | |
34069 | + && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT], | |
34070 | + SADB_EXT_LIFETIME_CURRENT, | |
34071 | + tdbp->tdb_lifetime_allocations_c, | |
34072 | + tdbp->tdb_lifetime_bytes_c, | |
34073 | + tdbp->tdb_lifetime_addtime_c, | |
34074 | + tdbp->tdb_lifetime_usetime_c), | |
34075 | + extensions) | |
34076 | + && (hard ? | |
34077 | + pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD], | |
34078 | + SADB_EXT_LIFETIME_HARD, | |
34079 | + tdbp->tdb_lifetime_allocations_h, | |
34080 | + tdbp->tdb_lifetime_bytes_h, | |
34081 | + tdbp->tdb_lifetime_addtime_h, | |
34082 | + tdbp->tdb_lifetime_usetime_h), | |
34083 | + extensions) | |
34084 | + : pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_SOFT], | |
34085 | + SADB_EXT_LIFETIME_SOFT, | |
34086 | + tdbp->tdb_lifetime_allocations_s, | |
34087 | + tdbp->tdb_lifetime_bytes_s, | |
34088 | + tdbp->tdb_lifetime_addtime_s, | |
34089 | + tdbp->tdb_lifetime_usetime_s), | |
34090 | + extensions)) | |
34091 | + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], | |
34092 | + SADB_EXT_ADDRESS_SRC, | |
34093 | + 0, /* tdbp->tdb_said.proto, */ | |
34094 | + 0, | |
34095 | + tdbp->tdb_addr_s), | |
34096 | + extensions) | |
34097 | + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], | |
34098 | + SADB_EXT_ADDRESS_DST, | |
34099 | + 0, /* tdbp->tdb_said.proto, */ | |
34100 | + 0, | |
34101 | + tdbp->tdb_addr_d), | |
34102 | + extensions))) { | |
34103 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: failed to " | |
34104 | + "build the expire message extensions\n"); | |
34105 | + spin_unlock(&tdb_lock); | |
34106 | + goto errlab; | |
34107 | + } | |
34108 | + | |
34109 | + spin_unlock(&tdb_lock); | |
34110 | + | |
34111 | + if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) { | |
34112 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: failed to " | |
34113 | + "build the expire message\n"); | |
34114 | + goto errlab; | |
34115 | + } | |
34116 | + | |
34117 | + for(pfkey_socketsp = pfkey_open_sockets; | |
34118 | + pfkey_socketsp; | |
34119 | + pfkey_socketsp = pfkey_socketsp->next) { | |
34120 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) { | |
34121 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " | |
34122 | + "sending up expire message for satype=%d to socket=%p failed with error=%d.\n", | |
34123 | + satype, pfkey_socketsp->socketp, error); | |
34124 | + goto errlab; | |
34125 | + } | |
34126 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " | |
34127 | + "sending up expire message for satype=%d to socket=%p succeeded.\n", | |
34128 | + satype, pfkey_socketsp->socketp); | |
34129 | + } | |
34130 | + | |
34131 | + errlab: | |
34132 | + if (pfkey_msg) { | |
34133 | + pfkey_msg_free(&pfkey_msg); | |
34134 | + } | |
34135 | + pfkey_extensions_free(extensions); | |
34136 | + return error; | |
34137 | +} | |
34138 | + | |
34139 | +int | |
34140 | +pfkey_acquire(struct tdb *tdbp) | |
34141 | +{ | |
34142 | + struct sadb_ext *extensions[SADB_EXT_MAX+1]; | |
34143 | + struct sadb_msg *pfkey_msg = NULL; | |
34144 | + struct socket_list *pfkey_socketsp; | |
34145 | + int error = 0; | |
34146 | + struct sadb_comb comb[] = { | |
34147 | + /* auth; encrypt; flags; */ | |
34148 | + /* auth_minbits; auth_maxbits; encrypt_minbits; encrypt_maxbits; */ | |
34149 | + /* reserved; soft_allocations; hard_allocations; soft_bytes; hard_bytes; */ | |
34150 | + /* soft_addtime; hard_addtime; soft_usetime; hard_usetime; */ | |
34151 | + { SADB_AALG_MD5HMAC, SADB_EALG_3DESCBC, SADB_SAFLAGS_PFS, | |
34152 | + 128, 128, 168, 168, | |
34153 | + 0, 0, 0, 0, 0, | |
34154 | + 57600, 86400, 57600, 86400 }, | |
34155 | + { SADB_AALG_SHA1HMAC, SADB_EALG_3DESCBC, SADB_SAFLAGS_PFS, | |
34156 | + 160, 160, 168, 168, | |
34157 | + 0, 0, 0, 0, 0, | |
34158 | + 57600, 86400, 57600, 86400 } | |
34159 | + }; | |
34160 | + | |
34161 | + /* This should not be hard-coded. It should be taken from the spdb */ | |
34162 | + uint8_t satype = SADB_SATYPE_ESP; | |
34163 | + | |
34164 | + pfkey_extensions_init(extensions); | |
34165 | + | |
34166 | + if((satype == 0) || (satype > SADB_SATYPE_MAX)) { | |
34167 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: " | |
34168 | + "SAtype=%d unspecified or unknown.\n", | |
34169 | + satype); | |
34170 | + SENDERR(EINVAL); | |
34171 | + } | |
34172 | + | |
34173 | + if(!(pfkey_registered_sockets[satype])) { | |
34174 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: " | |
34175 | + "no sockets registered for SAtype=%d.\n", | |
34176 | + satype); | |
34177 | + SENDERR(EPROTONOSUPPORT); | |
34178 | + } | |
34179 | + | |
34180 | + if (!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions[0], | |
34181 | + SADB_ACQUIRE, | |
34182 | + satype, | |
34183 | + 0, | |
34184 | + ++pfkey_msg_seq, | |
34185 | + 0), | |
34186 | + extensions) | |
34187 | + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], | |
34188 | + SADB_EXT_ADDRESS_SRC, | |
34189 | + tdbp->tdb_said.proto, | |
34190 | + 0, | |
34191 | + tdbp->tdb_addr_s), | |
34192 | + extensions) | |
34193 | + && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], | |
34194 | + SADB_EXT_ADDRESS_DST, | |
34195 | + tdbp->tdb_said.proto, | |
34196 | + 0, | |
34197 | + tdbp->tdb_addr_d), | |
34198 | + extensions) | |
34199 | +#if 0 | |
34200 | + && tdbp->tdb_addr_p ? pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_PROXY], | |
34201 | + SADB_EXT_ADDRESS_PROXY, | |
34202 | + tdbp->tdb_said.proto, | |
34203 | + 0, | |
34204 | + tdbp->tdb_addr_p), | |
34205 | + extensions) : 1 | |
34206 | + /* FIXME: This won't work yet because I have not finished | |
34207 | + it. */ | |
34208 | + && tdbp->tdb_ident_data_s ? pfkey_safe_build(error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_SRC], | |
34209 | + SADB_EXT_IDENTITY_SRC, | |
34210 | + SADB_IDENTTYPE_PREFIX, | |
34211 | + 0, | |
34212 | + tdbp->tdb_ident_data_s), | |
34213 | + extensions) : 1 | |
34214 | + /* FIXME: This won't work yet because I have not finished | |
34215 | + it. */ | |
34216 | + && tdbp->tdb_ident_data_d ? pfkey_safe_build(error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_DST], | |
34217 | + SADB_EXT_IDENTITY_DST, | |
34218 | + SADB_IDENTTYPE_PREFIX, | |
34219 | + 0, | |
34220 | + tdbp->tdb_ident_data_d), | |
34221 | + extensions) : 1 | |
34222 | + /* FIXME: This won't work yet because I have not finished | |
34223 | + it. */ | |
34224 | + && tdbp->tdb_sens_ ? pfkey_safe_build(error = pfkey_sens_build(&extensions[SADB_EXT_SENSITIVITY], | |
34225 | + tdbp->tdb_sens_dpd, | |
34226 | + tdbp->tdb_sens_sens_level, | |
34227 | + tdbp->tdb_sens_sens_len, | |
34228 | + tdbp->tdb_sens_sens_bitmap, | |
34229 | + tdbp->tdb_sens_integ_level, | |
34230 | + tdbp->tdb_sens_integ_len, | |
34231 | + tdbp->tdb_sens_integ_bitmap), | |
34232 | + extensions) : 1 | |
34233 | +#endif | |
34234 | + && pfkey_safe_build(error = pfkey_prop_build(&extensions[SADB_EXT_PROPOSAL], | |
34235 | + 64, /* replay */ | |
34236 | + sizeof(comb)/sizeof(struct sadb_comb), | |
34237 | + &(comb[0])), | |
34238 | + extensions) | |
34239 | + )) { | |
34240 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: failed to " | |
34241 | + "build the acquire message extensions\n"); | |
34242 | + goto errlab; | |
34243 | + } | |
34244 | + | |
34245 | + if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) { | |
34246 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: failed to " | |
34247 | + "build the acquire message\n"); | |
34248 | + goto errlab; | |
34249 | + } | |
34250 | + | |
34251 | + /* this should go to all registered sockets for that satype only */ | |
34252 | + for(pfkey_socketsp = pfkey_registered_sockets[satype]; | |
34253 | + pfkey_socketsp; | |
34254 | + pfkey_socketsp = pfkey_socketsp->next) { | |
34255 | + if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) { | |
34256 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: " | |
34257 | + "sending up acquire message for satype=%d to socket=%p failed with error=%d.\n", | |
34258 | + satype, pfkey_socketsp->socketp, error); | |
34259 | + goto errlab; | |
34260 | + } | |
34261 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: " | |
34262 | + "sending up acquire message for satype=%d to socket=%p succeeded.\n", | |
34263 | + satype, pfkey_socketsp->socketp); | |
34264 | + } | |
34265 | + | |
34266 | + errlab: | |
34267 | + if (pfkey_msg) { | |
34268 | + pfkey_msg_free(&pfkey_msg); | |
34269 | + } | |
34270 | + pfkey_extensions_free(extensions); | |
34271 | + return error; | |
34272 | +} | |
34273 | + | |
34274 | + | |
34275 | +DEBUG_NO_STATIC int (*ext_processors[SADB_EXT_MAX+1])(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) = | |
34276 | +{ | |
34277 | + NULL, /* pfkey_msg_process, */ | |
34278 | + pfkey_sa_process, | |
34279 | + pfkey_lifetime_process, | |
34280 | + pfkey_lifetime_process, | |
34281 | + pfkey_lifetime_process, | |
34282 | + pfkey_address_process, | |
34283 | + pfkey_address_process, | |
34284 | + pfkey_address_process, | |
34285 | + pfkey_key_process, | |
34286 | + pfkey_key_process, | |
34287 | + pfkey_ident_process, | |
34288 | + pfkey_ident_process, | |
34289 | + pfkey_sens_process, | |
34290 | + pfkey_prop_process, | |
34291 | + pfkey_supported_process, | |
34292 | + pfkey_supported_process, | |
34293 | + pfkey_spirange_process, | |
34294 | + pfkey_x_kmprivate_process, | |
34295 | + pfkey_x_satype_process, | |
34296 | + pfkey_sa_process, | |
34297 | + pfkey_address_process, | |
34298 | + pfkey_address_process, | |
34299 | + pfkey_address_process, | |
34300 | + pfkey_address_process, | |
34301 | + pfkey_address_process, | |
34302 | + pfkey_x_debug_process | |
34303 | +}; | |
34304 | + | |
34305 | + | |
34306 | +DEBUG_NO_STATIC int (*msg_parsers[SADB_MAX +1])(struct sock *sk, struct sadb_ext *extensions[], struct pfkey_extracted_data* extr) | |
34307 | + = | |
34308 | +{ | |
34309 | + NULL, /* RESERVED */ | |
34310 | + pfkey_getspi_parse, | |
34311 | + pfkey_update_parse, | |
34312 | + pfkey_add_parse, | |
34313 | + pfkey_delete_parse, | |
34314 | + pfkey_get_parse, | |
34315 | + pfkey_acquire_parse, | |
34316 | + pfkey_register_parse, | |
34317 | + pfkey_expire_parse, | |
34318 | + pfkey_flush_parse, | |
34319 | + pfkey_dump_parse, | |
34320 | + pfkey_x_promisc_parse, | |
34321 | + pfkey_x_pchange_parse, | |
34322 | + pfkey_x_grpsa_parse, | |
34323 | + pfkey_x_addflow_parse, | |
34324 | + pfkey_x_delflow_parse, | |
34325 | + pfkey_x_msg_debug_parse | |
34326 | +}; | |
34327 | + | |
34328 | +int | |
34329 | +pfkey_build_reply(struct sadb_msg *pfkey_msg, struct pfkey_extracted_data *extr, | |
34330 | + struct sadb_msg **pfkey_reply) | |
34331 | +{ | |
34332 | + struct sadb_ext *extensions[SADB_EXT_MAX+1]; | |
34333 | + int error = 0; | |
34334 | + int msg_type = pfkey_msg->sadb_msg_type; | |
34335 | + int seq = pfkey_msg->sadb_msg_seq; | |
34336 | + | |
34337 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: building reply" | |
34338 | + " with type: %d\n", msg_type); | |
34339 | + pfkey_extensions_init(extensions); | |
34340 | + if (!extr || !extr->tdb) { | |
34341 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: bad TDB" | |
34342 | + "passed\n"); | |
34343 | + return EINVAL; | |
34344 | + } | |
34345 | + error = pfkey_safe_build(pfkey_msg_hdr_build(&extensions[0], | |
34346 | + msg_type, | |
34347 | + proto2satype(extr->tdb->tdb_said.proto), | |
34348 | + 0, | |
34349 | + seq, | |
34350 | + pfkey_msg->sadb_msg_pid), | |
34351 | + extensions) && | |
34352 | + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & | |
34353 | + 1 << SADB_EXT_SA) | |
34354 | + || pfkey_safe_build(pfkey_sa_build(&extensions[SADB_EXT_SA], | |
34355 | + SADB_EXT_SA, | |
34356 | + extr->tdb->tdb_said.spi, | |
34357 | + extr->tdb->tdb_replaywin, | |
34358 | + extr->tdb->tdb_state, | |
34359 | + extr->tdb->tdb_authalg, | |
34360 | + extr->tdb->tdb_encalg, | |
34361 | + extr->tdb->tdb_flags), | |
34362 | + extensions)) && | |
34363 | + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & | |
34364 | + 1 << SADB_EXT_LIFETIME_CURRENT) | |
34365 | + || pfkey_safe_build(pfkey_lifetime_build(&extensions | |
34366 | + [SADB_EXT_LIFETIME_CURRENT], | |
34367 | + SADB_EXT_LIFETIME_CURRENT, | |
34368 | + extr->tdb->tdb_lifetime_allocations_c, | |
34369 | + extr->tdb->tdb_lifetime_bytes_c, | |
34370 | + extr->tdb->tdb_lifetime_addtime_c, | |
34371 | + extr->tdb->tdb_lifetime_usetime_c), | |
34372 | + extensions)) && | |
34373 | + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & | |
34374 | + 1 << SADB_EXT_ADDRESS_SRC) | |
34375 | + || pfkey_safe_build(pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], | |
34376 | + SADB_EXT_ADDRESS_SRC, | |
34377 | + extr->tdb->tdb_said.proto, | |
34378 | + 0, | |
34379 | + extr->tdb->tdb_addr_s), | |
34380 | + extensions)) && | |
34381 | + (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & | |
34382 | + 1 << SADB_EXT_ADDRESS_DST) | |
34383 | + || pfkey_safe_build(pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], | |
34384 | + SADB_EXT_ADDRESS_DST, | |
34385 | + extr->tdb->tdb_said.proto, | |
34386 | + 0, | |
34387 | + extr->tdb->tdb_addr_d), | |
34388 | + extensions)); | |
34389 | + | |
34390 | + if (error == 0) { | |
34391 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: " | |
34392 | + "building extensions failed\n"); | |
34393 | + return EINVAL; | |
34394 | + } | |
34395 | + | |
34396 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: built extensions" | |
34397 | + ", proceed to build the message\n"); | |
34398 | + KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: extensions[1]=" | |
34399 | + " %p\n", extensions[1]); | |
34400 | + error = pfkey_msg_build(pfkey_reply, extensions, EXT_BITS_OUT); | |
34401 | + pfkey_extensions_free(extensions); | |
34402 | + | |
34403 | + return error; | |
34404 | +} | |
34405 | + | |
34406 | +int | |
34407 | +pfkey_msg_interp(struct sock *sk, struct sadb_msg *pfkey_msg, | |
34408 | + struct sadb_msg **pfkey_reply) | |
34409 | +{ | |
34410 | + int error = 0; | |
34411 | + int i; | |
34412 | + struct sadb_ext *extensions[SADB_EXT_MAX+1]; | |
34413 | + struct pfkey_extracted_data extr = {NULL, NULL, NULL}; | |
34414 | + | |
34415 | + pfkey_extensions_init(extensions); | |
34416 | + KLIPS_PRINT(debug_pfkey, | |
34417 | + "klips_debug:pfkey_msg_interp: parsing message " | |
34418 | + "ver=%d, type=%d, errno=%d, satype=%d, len=%d, res=%d, seq=%d, pid=%d.\n", | |
34419 | + pfkey_msg->sadb_msg_version, | |
34420 | + pfkey_msg->sadb_msg_type, | |
34421 | + pfkey_msg->sadb_msg_errno, | |
34422 | + pfkey_msg->sadb_msg_satype, | |
34423 | + pfkey_msg->sadb_msg_len, | |
34424 | + pfkey_msg->sadb_msg_reserved, | |
34425 | + pfkey_msg->sadb_msg_seq, | |
34426 | + pfkey_msg->sadb_msg_pid); | |
34427 | + | |
34428 | + if((error = pfkey_alloc_tdb(&(extr.tdb)))) { | |
34429 | + KLIPS_PRINT(debug_pfkey, | |
34430 | + "klips_debug:pfkey_msg_interp: " | |
34431 | + "something's really wrong, extr.tdb=%p should be NULL.\n", extr.tdb); | |
34432 | + SENDERR(-error); | |
34433 | + } | |
34434 | + | |
34435 | + KLIPS_PRINT(debug_pfkey, | |
34436 | + "klips_debug:pfkey_msg_interp: " | |
34437 | + "allocated extr->tdb=%p.\n", extr.tdb); | |
34438 | + | |
34439 | + if(pfkey_msg->sadb_msg_satype > SADB_SATYPE_MAX) { | |
34440 | + KLIPS_PRINT(debug_pfkey, | |
34441 | + "klips_debug:pfkey_msg_interp: satype %d > max %d\n", | |
34442 | + pfkey_msg->sadb_msg_satype, SADB_SATYPE_MAX); | |
34443 | + SENDERR(EINVAL); | |
34444 | + } | |
34445 | + | |
34446 | + switch(pfkey_msg->sadb_msg_type) { | |
34447 | + case SADB_GETSPI: | |
34448 | + case SADB_UPDATE: | |
34449 | + case SADB_ADD: | |
34450 | + case SADB_DELETE: | |
34451 | + case SADB_X_GRPSA: | |
34452 | + if(!(extr.tdb->tdb_said.proto = satype2proto(pfkey_msg->sadb_msg_satype))) { | |
34453 | + KLIPS_PRINT(debug_pfkey, | |
34454 | + "klips_debug:pfkey_msg_interp: satype %d lookup failed.\n", | |
34455 | + pfkey_msg->sadb_msg_satype); | |
34456 | + SENDERR(EINVAL); | |
34457 | + } | |
34458 | + break; | |
34459 | + case SADB_X_ADDFLOW: | |
34460 | + extr.tdb->tdb_said.proto = satype2proto(pfkey_msg->sadb_msg_satype); | |
34461 | + break; | |
34462 | + default: | |
34463 | + } | |
34464 | + | |
34465 | + /* The NULL below causes the default extension parsers to be used */ | |
34466 | + /* Parse the extensions */ | |
34467 | + if((error = pfkey_msg_parse(pfkey_msg, NULL, extensions, EXT_BITS_IN))) | |
34468 | + { | |
34469 | + KLIPS_PRINT(debug_pfkey, | |
34470 | + "klips_debug:pfkey_msg_interp: message parsing failed with error %d.\n", | |
34471 | + error); | |
34472 | + SENDERR(-error); | |
34473 | + } | |
34474 | + | |
34475 | + /* Process the extensions */ | |
34476 | + for(i=1; i <= SADB_EXT_MAX;i++) { | |
34477 | + if(extensions[i] != NULL) { | |
34478 | + KLIPS_PRINT(debug_pfkey, | |
34479 | + "klips_debug:pfkey_msg_interp: " | |
34480 | + "processing ext %d %p with processor %p.\n", | |
34481 | + i, extensions[i], ext_processors[i]); | |
34482 | + if((error = ext_processors[i](extensions[i], &extr))) { | |
34483 | + KLIPS_PRINT(debug_pfkey, | |
34484 | + "klips_debug:pfkey_msg_interp: extension processing for type %d failed with error %d.\n", | |
34485 | + i,error); | |
34486 | + SENDERR(-error); | |
34487 | + } | |
34488 | + | |
34489 | + } | |
34490 | + | |
34491 | + } | |
34492 | + | |
34493 | + /* Parse the message types */ | |
34494 | + KLIPS_PRINT(debug_pfkey, | |
34495 | + "klips_debug:pfkey_msg_interp: " | |
34496 | + "parsing message type %d with msg_parser %p.\n", | |
34497 | + pfkey_msg->sadb_msg_type, | |
34498 | + msg_parsers[pfkey_msg->sadb_msg_type]); | |
34499 | + if((error = msg_parsers[pfkey_msg->sadb_msg_type](sk, extensions, &extr))) { | |
34500 | + KLIPS_PRINT(debug_pfkey, | |
34501 | + "klips_debug:pfkey_msg_interp: message parsing failed with error %d.\n", | |
34502 | + error); | |
34503 | + SENDERR(-error); | |
34504 | + } | |
34505 | + | |
34506 | +#if 0 | |
34507 | + error = pfkey_build_reply(pfkey_msg, &extr, pfkey_reply); | |
34508 | + if (error) { | |
34509 | + *pfkey_reply = NULL; | |
34510 | + } | |
34511 | +#endif | |
34512 | + errlab: | |
34513 | + return(error); | |
34514 | +} | |
34515 | + | |
34516 | +/* | |
34517 | + * $Log$ | |
34518 | + * Revision 1.62 2000/11/30 21:47:51 rgb | |
34519 | + * Fix error return bug after returning from pfkey_tdb_init(). | |
34520 | + * | |
34521 | + * Revision 1.61 2000/11/17 18:10:29 rgb | |
34522 | + * Fixed bugs mostly relating to spirange, to treat all spi variables as | |
34523 | + * network byte order since this is the way PF_KEYv2 stored spis. | |
34524 | + * | |
34525 | + * Revision 1.60 2000/11/06 04:34:53 rgb | |
34526 | + * Changed non-exported functions to DEBUG_NO_STATIC. | |
34527 | + * Add Svenning's adaptive content compression. | |
34528 | + * Ditched spin_lock_irqsave in favour of spin_lock/_bh. | |
34529 | + * Fixed double unlock bug (Svenning). | |
34530 | + * Fixed pfkey_msg uninitialized bug in pfkey_{expire,acquire}(). | |
34531 | + * Fixed incorrect extension type (prop) in pfkey)acquire(). | |
34532 | + * | |
34533 | + * Revision 1.59 2000/10/11 15:25:12 rgb | |
34534 | + * Fixed IPCOMP disabled compile bug. | |
34535 | + * | |
34536 | + * Revision 1.58 2000/10/11 14:54:03 rgb | |
34537 | + * Fixed pfkey_acquire() satype to SADB_SATYPE_ESP and removed pfkey | |
34538 | + * protocol violations of setting pfkey_address_build() protocol parameter | |
34539 | + * to non-zero except in the case of pfkey_acquire(). | |
34540 | + * | |
34541 | + * Revision 1.57 2000/10/10 20:10:18 rgb | |
34542 | + * Added support for debug_ipcomp and debug_verbose to klipsdebug. | |
34543 | + * | |
34544 | + * Revision 1.56 2000/10/06 20:24:36 rgb | |
34545 | + * Fixes to pfkey_acquire to initialize extensions[] and use correct | |
34546 | + * ipproto. | |
34547 | + * | |
34548 | + * Revision 1.55 2000/10/03 03:20:57 rgb | |
34549 | + * Added brackets to get a?b:c scope right for pfkey_register reply. | |
34550 | + * | |
34551 | + * Revision 1.54 2000/09/29 19:49:30 rgb | |
34552 | + * As-yet-unused-bits cleanup. | |
34553 | + * | |
34554 | + * Revision 1.53 2000/09/28 00:35:45 rgb | |
34555 | + * Padded SATYPE printout in pfkey_register for vertical alignment. | |
34556 | + * | |
34557 | + * Revision 1.52 2000/09/20 16:21:58 rgb | |
34558 | + * Cleaned up ident string alloc/free. | |
34559 | + * | |
34560 | + * Revision 1.51 2000/09/20 04:04:20 rgb | |
34561 | + * Changed static functions to DEBUG_NO_STATIC to reveal function names in | |
34562 | + * oopsen. | |
34563 | + * | |
34564 | + * Revision 1.50 2000/09/16 01:10:53 rgb | |
34565 | + * Fixed unused var warning with debug off. | |
34566 | + * | |
34567 | + * Revision 1.49 2000/09/15 11:37:02 rgb | |
34568 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
34569 | + * IPCOMP zlib deflate code. | |
34570 | + * | |
34571 | + * Revision 1.48 2000/09/15 04:57:57 rgb | |
34572 | + * Cleaned up existing IPCOMP code before svenning addition. | |
34573 | + * Initialize pfkey_reply and extensions_reply in case of early error in | |
34574 | + * message parsing functions (thanks Kai!). | |
34575 | + * | |
34576 | + * Revision 1.47 2000/09/13 08:02:56 rgb | |
34577 | + * Added KMd registration notification. | |
34578 | + * | |
34579 | + * Revision 1.46 2000/09/12 22:35:36 rgb | |
34580 | + * Restructured to remove unused extensions from CLEARFLOW messages. | |
34581 | + * | |
34582 | + * Revision 1.45 2000/09/12 03:24:23 rgb | |
34583 | + * Converted #if0 debugs to sysctl. | |
34584 | + * | |
34585 | + * Revision 1.44 2000/09/09 06:38:39 rgb | |
34586 | + * Correct SADB message type for update, add and delete. | |
34587 | + * | |
34588 | + * Revision 1.43 2000/09/08 19:19:56 rgb | |
34589 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
34590 | + * Removed all references to CONFIG_IPSEC_PFKEYv2. | |
34591 | + * Put in sanity checks in most msg type parsers to catch invalid satypes | |
34592 | + * and empty socket lists. | |
34593 | + * Moved spin-locks in pfkey_get_parse() to simplify. | |
34594 | + * Added pfkey_acquire(). | |
34595 | + * Added upwards messages to update, add, delete, acquire_parse, | |
34596 | + * expire_parse and flush. | |
34597 | + * Fix pfkey_prop_build() parameter to be only single indirection. | |
34598 | + * Changed all replies to use pfkey_reply. | |
34599 | + * Check return code on puttdb() and deltdbchain() in getspi, update, | |
34600 | + * add, delete. | |
34601 | + * Fixed up all pfkey replies to open and registered sockets. | |
34602 | + * | |
34603 | + * Revision 1.42 2000/09/01 18:50:26 rgb | |
34604 | + * Added a supported algorithms array lists, one per satype and registered | |
34605 | + * existing algorithms. | |
34606 | + * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to | |
34607 | + * list. | |
34608 | + * Only send pfkey_expire() messages to sockets registered for that satype. | |
34609 | + * Added reply to pfkey_getspi_parse(). | |
34610 | + * Added reply to pfkey_get_parse(). | |
34611 | + * Fixed debug output label bug in pfkey_lifetime_process(). | |
34612 | + * Cleaned up pfkey_sa_process a little. | |
34613 | + * Moved pfkey_safe_build() above message type parsers to make it available | |
34614 | + * for creating replies. | |
34615 | + * Added comments for future work in pfkey_acquire_parse(). | |
34616 | + * Fleshed out guts of pfkey_register_parse(). | |
34617 | + * | |
34618 | + * Revision 1.41 2000/08/24 16:58:11 rgb | |
34619 | + * Fixed key debugging variables. | |
34620 | + * Fixed error return code for a failed search. | |
34621 | + * Changed order of pfkey_get operations. | |
34622 | + * | |
34623 | + * Revision 1.40 2000/08/21 16:32:27 rgb | |
34624 | + * Re-formatted for cosmetic consistency and readability. | |
34625 | + * | |
34626 | + * Revision 1.39 2000/08/20 21:38:57 rgb | |
34627 | + * Bugfixes to as-yet-unused pfkey_update_parse() and | |
34628 | + * pfkey_register_parse(). (Momchil) | |
34629 | + * Added functions pfkey_safe_build(), pfkey_expire() and | |
34630 | + * pfkey_build_reply(). (Momchil) | |
34631 | + * Added a pfkey_reply parameter to pfkey_msg_interp(). (Momchil) | |
34632 | + * | |
34633 | + * Revision 1.38 2000/08/18 21:30:41 rgb | |
34634 | + * Purged all tdb_spi, tdb_proto and tdb_dst macros. They are unclear. | |
34635 | + * | |
34636 | + * Revision 1.37 2000/08/18 18:18:02 rgb | |
34637 | + * Cosmetic and descriptive changes made to debug test. | |
34638 | + * getspi and update fixes from Momchil. | |
34639 | + * | |
34640 | + * Revision 1.36 2000/08/15 15:41:55 rgb | |
34641 | + * Fixed the (as yet unused and untested) pfkey_getspi() routine. | |
34642 | + * | |
34643 | + * Revision 1.35 2000/08/01 14:51:52 rgb | |
34644 | + * Removed _all_ remaining traces of DES. | |
34645 | + * | |
34646 | + * Revision 1.34 2000/07/28 14:58:32 rgb | |
34647 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
34648 | + * | |
34649 | + * Revision 1.33 2000/06/28 05:50:11 rgb | |
34650 | + * Actually set iv_bits. | |
34651 | + * | |
34652 | + * Revision 1.32 2000/05/30 18:36:56 rgb | |
34653 | + * Fix AH auth hash setup bug. This breaks interop with previous PF_KEY | |
34654 | + * FreeS/WAN, but fixes interop with other implementations. | |
34655 | + * | |
34656 | + * Revision 1.31 2000/03/16 14:05:48 rgb | |
34657 | + * Fixed brace scope preventing non-debug compile. | |
34658 | + * Added null parameter check for pfkey_x_debug(). | |
34659 | + * | |
34660 | + * Revision 1.30 2000/01/22 23:21:13 rgb | |
34661 | + * Use new function satype2proto(). | |
34662 | + * | |
34663 | + * Revision 1.29 2000/01/22 08:40:21 rgb | |
34664 | + * Invert condition to known value to avoid AF_INET6 in 2.0.36. | |
34665 | + * | |
34666 | + * Revision 1.28 2000/01/22 07:58:57 rgb | |
34667 | + * Fixed REPLACEFLOW bug, missing braces around KLIPS_PRINT *and* SENDERR. | |
34668 | + * | |
34669 | + * Revision 1.27 2000/01/22 03:48:01 rgb | |
34670 | + * Added extr pointer component debugging. | |
34671 | + * | |
34672 | + * Revision 1.26 2000/01/21 09:41:25 rgb | |
34673 | + * Changed a (void*) to (char*) cast to do proper pointer math. | |
34674 | + * Don't call tdbwipe if tdb2 is NULL. | |
34675 | + * | |
34676 | + * Revision 1.25 2000/01/21 06:21:01 rgb | |
34677 | + * Added address cases for eroute flows. | |
34678 | + * Tidied up compiler directive indentation for readability. | |
34679 | + * Added ictx,octx vars for simplification. | |
34680 | + * Added macros for HMAC padding magic numbers. | |
34681 | + * Converted from double tdb arguments to one structure (extr) | |
34682 | + * containing pointers to all temporary information structures | |
34683 | + * and checking for valid arguments to all ext processors and | |
34684 | + * msg type parsers. | |
34685 | + * Added spiungrp'ing. | |
34686 | + * Added klipsdebug switching capability. | |
34687 | + * Removed sa_process() check for zero protocol. | |
34688 | + * Added address case for DST2 for grouping. | |
34689 | + * Added/changed minor debugging instrumentation. | |
34690 | + * Fixed spigrp for single said, ungrouping case. | |
34691 | + * Added code to parse addflow and delflow messages. | |
34692 | + * Removed redundant statements duplicating tdbwipe() functionality | |
34693 | + * and causing double kfrees. | |
34694 | + * Permit addflow to have a protocol of 0. | |
34695 | + * | |
34696 | + * Revision 1.24 1999/12/09 23:23:00 rgb | |
34697 | + * Added check to pfkey_sa_process() to do eroutes. | |
34698 | + * Converted to DIVUP() macro. | |
34699 | + * Converted if() to switch() in pfkey_register_parse(). | |
34700 | + * Use new pfkey_extensions_init() instead of memset(). | |
34701 | + * | |
34702 | + * Revision 1.23 1999/12/01 22:18:13 rgb | |
34703 | + * Preset minspi and maxspi values in case and spirange extension is not | |
34704 | + * included and check for the presence of an spirange extension before | |
34705 | + * using it. Initialise tdb_sastate to LARVAL. | |
34706 | + * Fixed debugging output typo. | |
34707 | + * Fixed authentication context initialisation bugs (4 places). | |
34708 | + * | |
34709 | + * Revision 1.22 1999/11/27 11:53:08 rgb | |
34710 | + * Moved pfkey_msg_parse prototype to pfkey.h | |
34711 | + * Moved exts_permitted/required prototype to pfkey.h. | |
34712 | + * Moved sadb_satype2proto protocol lookup table to lib/pfkey_v2_parse.c. | |
34713 | + * Deleted SADB_X_EXT_SA2 code from pfkey_sa_process() since it will never | |
34714 | + * be called. | |
34715 | + * Moved protocol/algorithm checks to lib/pfkey_v2_parse.c | |
34716 | + * Debugging error messages added. | |
34717 | + * Enable lifetime_current checking. | |
34718 | + * Remove illegal requirement for SA extension to be present in an | |
34719 | + * originating GETSPI call. | |
34720 | + * Re-instate requirement for UPDATE or ADD message to be MATURE. | |
34721 | + * Add argument to pfkey_msg_parse() for direction. | |
34722 | + * Fixed IPIP dst address bug and purged redundant, leaky code. | |
34723 | + * | |
34724 | + * Revision 1.21 1999/11/24 05:24:20 rgb | |
34725 | + * hanged 'void*extensions' to 'struct sadb_ext*extensions'. | |
34726 | + * Fixed indention. | |
34727 | + * Ditched redundant replay check. | |
34728 | + * Fixed debug message text from 'parse' to 'process'. | |
34729 | + * Added more debug output. | |
34730 | + * Forgot to zero extensions array causing bug, fixed. | |
34731 | + * | |
34732 | + * Revision 1.20 1999/11/23 23:08:13 rgb | |
34733 | + * Move all common parsing code to lib/pfkey_v2_parse.c and rename | |
34734 | + * remaining bits to *_process. (PJO) | |
34735 | + * Add macros for dealing with alignment and rounding up more opaquely. | |
34736 | + * Use provided macro ADDRTOA_BUF instead of hardcoded value. | |
34737 | + * Sort out pfkey and freeswan headers, putting them in a library path. | |
34738 | + * Corrected a couple of bugs in as-yet-inactive code. | |
34739 | + * | |
34740 | + * Revision 1.19 1999/11/20 22:01:10 rgb | |
34741 | + * Add more descriptive error messages for non-zero reserved fields. | |
34742 | + * Add more descriptive error message for spirange parsing. | |
34743 | + * Start on supported extension parsing. | |
34744 | + * Start on register and get message parsing. | |
34745 | + * | |
34746 | + * Revision 1.18 1999/11/18 04:09:20 rgb | |
34747 | + * Replaced all kernel version macros to shorter, readable form. | |
34748 | + * | |
34749 | + * Revision 1.17 1999/11/17 15:53:41 rgb | |
34750 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
34751 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
34752 | + * klips/net/ipsec/Makefile. | |
34753 | + * | |
34754 | + * Revision 1.16 1999/10/26 16:57:43 rgb | |
34755 | + * Add shorter macros for compiler directives to visually clean-up. | |
34756 | + * Give ipv6 code meaningful compiler directive. | |
34757 | + * Add comments to other #if 0 debug code. | |
34758 | + * Remove unused *_bh_atomic() calls. | |
34759 | + * Fix mis-placed spinlock. | |
34760 | + * | |
34761 | + * Revision 1.15 1999/10/16 18:27:10 rgb | |
34762 | + * Clean-up unused cruft. | |
34763 | + * Fix-up lifetime_allocations_c and lifetime_addtime_c initialisations. | |
34764 | + * | |
34765 | + * Revision 1.14 1999/10/08 18:37:34 rgb | |
34766 | + * Fix end-of-line spacing to sate whining PHMs. | |
34767 | + * | |
34768 | + * Revision 1.13 1999/10/03 18:49:12 rgb | |
34769 | + * Spinlock fixes for 2.0.xx and 2.3.xx. | |
34770 | + * | |
34771 | + * Revision 1.12 1999/10/01 15:44:54 rgb | |
34772 | + * Move spinlock header include to 2.1> scope. | |
34773 | + * | |
34774 | + * Revision 1.11 1999/10/01 00:05:45 rgb | |
34775 | + * Added tdb structure locking. | |
34776 | + * Use 'jiffies' instead of do_get_timeofday(). | |
34777 | + * Fix lifetime assignments. | |
34778 | + * | |
34779 | + * Revision 1.10 1999/09/21 15:24:45 rgb | |
34780 | + * Rework spirange code to save entropy and prevent endless loops. | |
34781 | + * | |
34782 | + * Revision 1.9 1999/09/16 12:10:21 rgb | |
34783 | + * Minor fixes to random spi selection for correctness and entropy conservation. | |
34784 | + * | |
34785 | + * Revision 1.8 1999/05/25 22:54:46 rgb | |
34786 | + * Fix comparison that should be an assignment in an if. | |
34787 | + * | |
34788 | + * Revision 1.7 1999/05/09 03:25:37 rgb | |
34789 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
34790 | + * | |
34791 | + * Revision 1.6 1999/05/08 21:32:30 rgb | |
34792 | + * Fix error return reporting. | |
34793 | + * | |
34794 | + * Revision 1.5 1999/05/05 22:02:33 rgb | |
34795 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
34796 | + * | |
34797 | + * Revision 1.4 1999/04/29 15:22:40 rgb | |
34798 | + * Standardise an error return method. | |
34799 | + * Add debugging instrumentation. | |
34800 | + * Add check for existence of macros min/max. | |
34801 | + * Add extensions permitted/required in/out filters. | |
34802 | + * Add satype-to-protocol table. | |
34803 | + * Add a second tdb pointer to each parser to accomodate GRPSA. | |
34804 | + * Move AH & no_algo_set to GETSPI, UPDATE and ADD. | |
34805 | + * Add OOO window check. | |
34806 | + * Add support for IPPROTO_IPIP and hooks for IPPROTO_COMP. | |
34807 | + * Add timestamp to lifetime parse. | |
34808 | + * Fix address structure length checking bug. | |
34809 | + * Fix address structure allocation bug (forgot to kmalloc!). | |
34810 | + * Add checks for extension lengths. | |
34811 | + * Add checks for extension reserved illegal values. | |
34812 | + * Add check for spirange legal values. | |
34813 | + * Add an extension type for parsing a second satype, SA and | |
34814 | + * DST_ADDRESS. | |
34815 | + * Make changes to tdb_init() template to get pfkey_tdb_init(), | |
34816 | + * eliminating any mention of xformsw. | |
34817 | + * Implement getspi, update and grpsa (not tested). | |
34818 | + * Add stubs for as yet unimplemented message types. | |
34819 | + * Add table of message parsers to substitute for msg_parse switch. | |
34820 | + * | |
34821 | + * Revision 1.3 1999/04/15 17:58:07 rgb | |
34822 | + * Add RCSID labels. | |
34823 | + * | |
34824 | + * Revision 1.2 1999/04/15 15:37:26 rgb | |
34825 | + * Forward check changes from POST1_00 branch. | |
34826 | + * | |
34827 | + * Revision 1.1.2.1 1999/03/26 20:58:56 rgb | |
34828 | + * Add pfkeyv2 support to KLIPS. | |
34829 | + * | |
34830 | + */ | |
34831 | diff -druN linux-noipsec/net/ipsec/radij.c linux/net/ipsec/radij.c | |
34832 | --- linux-noipsec/net/ipsec/radij.c Thu Jan 1 01:00:00 1970 | |
34833 | +++ linux/net/ipsec/radij.c Mon Nov 6 05:35:21 2000 | |
34834 | @@ -0,0 +1,1113 @@ | |
34835 | +char radij_c_version[] = "RCSID $Id$"; | |
34836 | + | |
34837 | +/* | |
34838 | + * This file is defived from ${SRC}/sys/net/radix.c of BSD 4.4lite | |
34839 | + * | |
34840 | + * Variable and procedure names have been modified so that they don't | |
34841 | + * conflict with the original BSD code, as a small number of modifications | |
34842 | + * have been introduced and we may want to reuse this code in BSD. | |
34843 | + * | |
34844 | + * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek | |
34845 | + * chi or a German ch sound (as `doch', not as in `milch'), or even a | |
34846 | + * spanish j as in Juan. It is not as far back in the throat like | |
34847 | + * the corresponding Hebrew sound, nor is it a soft breath like the English h. | |
34848 | + * It has nothing to do with the Dutch ij sound. | |
34849 | + * | |
34850 | + * Here is the appropriate copyright notice: | |
34851 | + */ | |
34852 | + | |
34853 | +/* | |
34854 | + * Copyright (c) 1988, 1989, 1993 | |
34855 | + * The Regents of the University of California. All rights reserved. | |
34856 | + * | |
34857 | + * Redistribution and use in source and binary forms, with or without | |
34858 | + * modification, are permitted provided that the following conditions | |
34859 | + * are met: | |
34860 | + * 1. Redistributions of source code must retain the above copyright | |
34861 | + * notice, this list of conditions and the following disclaimer. | |
34862 | + * 2. Redistributions in binary form must reproduce the above copyright | |
34863 | + * notice, this list of conditions and the following disclaimer in the | |
34864 | + * documentation and/or other materials provided with the distribution. | |
34865 | + * 3. All advertising materials mentioning features or use of this software | |
34866 | + * must display the following acknowledgement: | |
34867 | + * This product includes software developed by the University of | |
34868 | + * California, Berkeley and its contributors. | |
34869 | + * 4. Neither the name of the University nor the names of its contributors | |
34870 | + * may be used to endorse or promote products derived from this software | |
34871 | + * without specific prior written permission. | |
34872 | + * | |
34873 | + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
34874 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
34875 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
34876 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
34877 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
34878 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
34879 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
34880 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
34881 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
34882 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
34883 | + * SUCH DAMAGE. | |
34884 | + * | |
34885 | + * @(#)radix.c 8.2 (Berkeley) 1/4/94 | |
34886 | + */ | |
34887 | + | |
34888 | +/* | |
34889 | + * Routines to build and maintain radix trees for routing lookups. | |
34890 | + */ | |
34891 | + | |
34892 | +#include <linux/config.h> | |
34893 | +#include <linux/version.h> | |
34894 | + | |
34895 | +#include <linux/kernel.h> /* printk() */ | |
34896 | +#include <linux/malloc.h> /* kmalloc() */ | |
34897 | +#include <linux/errno.h> /* error codes */ | |
34898 | +#include <linux/types.h> /* size_t */ | |
34899 | +#include <linux/interrupt.h> /* mark_bh */ | |
34900 | + | |
34901 | +#include <linux/netdevice.h> /* struct device, and other headers */ | |
34902 | +#include <linux/etherdevice.h> /* eth_type_trans */ | |
34903 | +#include <linux/ip.h> /* struct iphdr */ | |
34904 | +#include <linux/skbuff.h> | |
34905 | +#include <freeswan.h> | |
34906 | +#ifdef NET_21 | |
34907 | +#include <asm/uaccess.h> | |
34908 | +#include <linux/in6.h> | |
34909 | +#endif /* NET_21 */ | |
34910 | +#include <asm/checksum.h> | |
34911 | +#include <net/ip.h> | |
34912 | + | |
34913 | +#include "radij.h" | |
34914 | +#include "ipsec_encap.h" | |
34915 | +#include "ipsec_radij.h" | |
34916 | +#include "ipsec_netlink.h" | |
34917 | + | |
34918 | +int maj_keylen; | |
34919 | +struct radij_mask *rj_mkfreelist; | |
34920 | +struct radij_node_head *mask_rjhead; | |
34921 | +static int gotOddMasks; | |
34922 | +static char *maskedKey; | |
34923 | +static char *rj_zeroes, *rj_ones; | |
34924 | + | |
34925 | +#define rj_masktop (mask_rjhead->rnh_treetop) | |
34926 | +#ifdef Bcmp | |
34927 | +#undef Bcmp | |
34928 | +#endif /* Bcmp */ | |
34929 | +#define Bcmp(a, b, l) (l == 0 ? 0 : memcmp((caddr_t)(b), (caddr_t)(a), (size_t)l)) | |
34930 | +/* | |
34931 | + * The data structure for the keys is a radix tree with one way | |
34932 | + * branching removed. The index rj_b at an internal node n represents a bit | |
34933 | + * position to be tested. The tree is arranged so that all descendants | |
34934 | + * of a node n have keys whose bits all agree up to position rj_b - 1. | |
34935 | + * (We say the index of n is rj_b.) | |
34936 | + * | |
34937 | + * There is at least one descendant which has a one bit at position rj_b, | |
34938 | + * and at least one with a zero there. | |
34939 | + * | |
34940 | + * A route is determined by a pair of key and mask. We require that the | |
34941 | + * bit-wise logical and of the key and mask to be the key. | |
34942 | + * We define the index of a route to associated with the mask to be | |
34943 | + * the first bit number in the mask where 0 occurs (with bit number 0 | |
34944 | + * representing the highest order bit). | |
34945 | + * | |
34946 | + * We say a mask is normal if every bit is 0, past the index of the mask. | |
34947 | + * If a node n has a descendant (k, m) with index(m) == index(n) == rj_b, | |
34948 | + * and m is a normal mask, then the route applies to every descendant of n. | |
34949 | + * If the index(m) < rj_b, this implies the trailing last few bits of k | |
34950 | + * before bit b are all 0, (and hence consequently true of every descendant | |
34951 | + * of n), so the route applies to all descendants of the node as well. | |
34952 | + * | |
34953 | + * The present version of the code makes no use of normal routes, | |
34954 | + * but similar logic shows that a non-normal mask m such that | |
34955 | + * index(m) <= index(n) could potentially apply to many children of n. | |
34956 | + * Thus, for each non-host route, we attach its mask to a list at an internal | |
34957 | + * node as high in the tree as we can go. | |
34958 | + */ | |
34959 | + | |
34960 | +struct radij_node * | |
34961 | +rj_search(v_arg, head) | |
34962 | + void *v_arg; | |
34963 | + struct radij_node *head; | |
34964 | +{ | |
34965 | + register struct radij_node *x; | |
34966 | + register caddr_t v; | |
34967 | + | |
34968 | + for (x = head, v = v_arg; x->rj_b >= 0;) { | |
34969 | + if (x->rj_bmask & v[x->rj_off]) | |
34970 | + x = x->rj_r; | |
34971 | + else | |
34972 | + x = x->rj_l; | |
34973 | + } | |
34974 | + return (x); | |
34975 | +}; | |
34976 | + | |
34977 | +struct radij_node * | |
34978 | +rj_search_m(v_arg, head, m_arg) | |
34979 | + struct radij_node *head; | |
34980 | + void *v_arg, *m_arg; | |
34981 | +{ | |
34982 | + register struct radij_node *x; | |
34983 | + register caddr_t v = v_arg, m = m_arg; | |
34984 | + | |
34985 | + for (x = head; x->rj_b >= 0;) { | |
34986 | + if ((x->rj_bmask & m[x->rj_off]) && | |
34987 | + (x->rj_bmask & v[x->rj_off])) | |
34988 | + x = x->rj_r; | |
34989 | + else | |
34990 | + x = x->rj_l; | |
34991 | + } | |
34992 | + return x; | |
34993 | +}; | |
34994 | + | |
34995 | +int | |
34996 | +rj_refines(m_arg, n_arg) | |
34997 | + void *m_arg, *n_arg; | |
34998 | +{ | |
34999 | + register caddr_t m = m_arg, n = n_arg; | |
35000 | + register caddr_t lim, lim2 = lim = n + *(u_char *)n; | |
35001 | + int longer = (*(u_char *)n++) - (int)(*(u_char *)m++); | |
35002 | + int masks_are_equal = 1; | |
35003 | + | |
35004 | + if (longer > 0) | |
35005 | + lim -= longer; | |
35006 | + while (n < lim) { | |
35007 | + if (*n & ~(*m)) | |
35008 | + return 0; | |
35009 | + if (*n++ != *m++) | |
35010 | + masks_are_equal = 0; | |
35011 | + | |
35012 | + } | |
35013 | + while (n < lim2) | |
35014 | + if (*n++) | |
35015 | + return 0; | |
35016 | + if (masks_are_equal && (longer < 0)) | |
35017 | + for (lim2 = m - longer; m < lim2; ) | |
35018 | + if (*m++) | |
35019 | + return 1; | |
35020 | + return (!masks_are_equal); | |
35021 | +} | |
35022 | + | |
35023 | + | |
35024 | +struct radij_node * | |
35025 | +rj_match(v_arg, head) | |
35026 | + void *v_arg; | |
35027 | + struct radij_node_head *head; | |
35028 | +{ | |
35029 | + caddr_t v = v_arg; | |
35030 | + register struct radij_node *t = head->rnh_treetop, *x; | |
35031 | + register caddr_t cp = v, cp2, cp3; | |
35032 | + caddr_t cplim, mstart; | |
35033 | + struct radij_node *saved_t, *top = t; | |
35034 | + int off = t->rj_off, vlen = *(u_char *)cp, matched_off; | |
35035 | + | |
35036 | + /* | |
35037 | + * Open code rj_search(v, top) to avoid overhead of extra | |
35038 | + * subroutine call. | |
35039 | + */ | |
35040 | + for (; t->rj_b >= 0; ) { | |
35041 | + if (t->rj_bmask & cp[t->rj_off]) | |
35042 | + t = t->rj_r; | |
35043 | + else | |
35044 | + t = t->rj_l; | |
35045 | + } | |
35046 | + /* | |
35047 | + * See if we match exactly as a host destination | |
35048 | + */ | |
35049 | + KLIPS_PRINT(debug_radij, | |
35050 | + "klips_debug:rj_match: * See if we match exactly as a host destination\n"); | |
35051 | + | |
35052 | + cp += off; cp2 = t->rj_key + off; cplim = v + vlen; | |
35053 | + for (; cp < cplim; cp++, cp2++) | |
35054 | + if (*cp != *cp2) | |
35055 | + goto on1; | |
35056 | + /* | |
35057 | + * This extra grot is in case we are explicitly asked | |
35058 | + * to look up the default. Ugh! | |
35059 | + */ | |
35060 | + if ((t->rj_flags & RJF_ROOT) && t->rj_dupedkey) | |
35061 | + t = t->rj_dupedkey; | |
35062 | + return t; | |
35063 | +on1: | |
35064 | + matched_off = cp - v; | |
35065 | + saved_t = t; | |
35066 | + KLIPS_PRINT(debug_radij, | |
35067 | + "klips_debug:rj_match: ** try to match a leaf, t=0x%p\n", t); | |
35068 | + do { | |
35069 | + if (t->rj_mask) { | |
35070 | + /* | |
35071 | + * Even if we don't match exactly as a hosts; | |
35072 | + * we may match if the leaf we wound up at is | |
35073 | + * a route to a net. | |
35074 | + */ | |
35075 | + cp3 = matched_off + t->rj_mask; | |
35076 | + cp2 = matched_off + t->rj_key; | |
35077 | + for (; cp < cplim; cp++) | |
35078 | + if ((*cp2++ ^ *cp) & *cp3++) | |
35079 | + break; | |
35080 | + if (cp == cplim) | |
35081 | + return t; | |
35082 | + cp = matched_off + v; | |
35083 | + } | |
35084 | + } while ((t = t->rj_dupedkey)); | |
35085 | + t = saved_t; | |
35086 | + /* start searching up the tree */ | |
35087 | + KLIPS_PRINT(debug_radij, | |
35088 | + "klips_debug:rj_match: *** start searching up the tree, t=0x%p\n", t); | |
35089 | + do { | |
35090 | + register struct radij_mask *m; | |
35091 | + | |
35092 | + t = t->rj_p; | |
35093 | + KLIPS_PRINT(debug_radij, | |
35094 | + "klips_debug:rj_match: **** t=0x%p\n", t); | |
35095 | + if ((m = t->rj_mklist)) { | |
35096 | + /* | |
35097 | + * After doing measurements here, it may | |
35098 | + * turn out to be faster to open code | |
35099 | + * rj_search_m here instead of always | |
35100 | + * copying and masking. | |
35101 | + */ | |
35102 | + off = min(t->rj_off, matched_off); | |
35103 | + mstart = maskedKey + off; | |
35104 | + do { | |
35105 | + cp2 = mstart; | |
35106 | + cp3 = m->rm_mask + off; | |
35107 | + KLIPS_PRINT(debug_radij, | |
35108 | + "klips_debug:rj_match: ***** cp2=0x%p cp3=0x%p\n", cp2, cp3); | |
35109 | + for (cp = v + off; cp < cplim;) | |
35110 | + *cp2++ = *cp++ & *cp3++; | |
35111 | + x = rj_search(maskedKey, t); | |
35112 | + while (x && x->rj_mask != m->rm_mask) | |
35113 | + x = x->rj_dupedkey; | |
35114 | + if (x && | |
35115 | + (Bcmp(mstart, x->rj_key + off, | |
35116 | + vlen - off) == 0)) | |
35117 | + return x; | |
35118 | + } while ((m = m->rm_mklist)); | |
35119 | + } | |
35120 | + } while (t != top); | |
35121 | + KLIPS_PRINT(debug_radij, | |
35122 | + "klips_debug:rj_match: ***** not found.\n"); | |
35123 | + return 0; | |
35124 | +}; | |
35125 | + | |
35126 | +#ifdef RJ_DEBUG | |
35127 | +int rj_nodenum; | |
35128 | +struct radij_node *rj_clist; | |
35129 | +int rj_saveinfo; | |
35130 | +DEBUG_NO_STATIC void traverse(struct radij_node *); | |
35131 | +#ifdef RJ_DEBUG2 | |
35132 | +int rj_debug = 1; | |
35133 | +#else | |
35134 | +int rj_debug = 0; | |
35135 | +#endif /* RJ_DEBUG2 */ | |
35136 | +#endif /* RJ_DEBUG */ | |
35137 | + | |
35138 | +struct radij_node * | |
35139 | +rj_newpair(v, b, nodes) | |
35140 | + void *v; | |
35141 | + int b; | |
35142 | + struct radij_node nodes[2]; | |
35143 | +{ | |
35144 | + register struct radij_node *tt = nodes, *t = tt + 1; | |
35145 | + t->rj_b = b; t->rj_bmask = 0x80 >> (b & 7); | |
35146 | + t->rj_l = tt; t->rj_off = b >> 3; | |
35147 | + tt->rj_b = -1; tt->rj_key = (caddr_t)v; tt->rj_p = t; | |
35148 | + tt->rj_flags = t->rj_flags = RJF_ACTIVE; | |
35149 | +#ifdef RJ_DEBUG | |
35150 | + tt->rj_info = rj_nodenum++; t->rj_info = rj_nodenum++; | |
35151 | + tt->rj_twin = t; tt->rj_ybro = rj_clist; rj_clist = tt; | |
35152 | +#endif /* RJ_DEBUG */ | |
35153 | + return t; | |
35154 | +} | |
35155 | + | |
35156 | +struct radij_node * | |
35157 | +rj_insert(v_arg, head, dupentry, nodes) | |
35158 | + void *v_arg; | |
35159 | + struct radij_node_head *head; | |
35160 | + int *dupentry; | |
35161 | + struct radij_node nodes[2]; | |
35162 | +{ | |
35163 | + caddr_t v = v_arg; | |
35164 | + struct radij_node *top = head->rnh_treetop; | |
35165 | + int head_off = top->rj_off, vlen = (int)*((u_char *)v); | |
35166 | + register struct radij_node *t = rj_search(v_arg, top); | |
35167 | + register caddr_t cp = v + head_off; | |
35168 | + register int b; | |
35169 | + struct radij_node *tt; | |
35170 | + /* | |
35171 | + *find first bit at which v and t->rj_key differ | |
35172 | + */ | |
35173 | + { | |
35174 | + register caddr_t cp2 = t->rj_key + head_off; | |
35175 | + register int cmp_res; | |
35176 | + caddr_t cplim = v + vlen; | |
35177 | + | |
35178 | + while (cp < cplim) | |
35179 | + if (*cp2++ != *cp++) | |
35180 | + goto on1; | |
35181 | + *dupentry = 1; | |
35182 | + return t; | |
35183 | +on1: | |
35184 | + *dupentry = 0; | |
35185 | + cmp_res = (cp[-1] ^ cp2[-1]) & 0xff; | |
35186 | + for (b = (cp - v) << 3; cmp_res; b--) | |
35187 | + cmp_res >>= 1; | |
35188 | + } | |
35189 | + { | |
35190 | + register struct radij_node *p, *x = top; | |
35191 | + cp = v; | |
35192 | + do { | |
35193 | + p = x; | |
35194 | + if (cp[x->rj_off] & x->rj_bmask) | |
35195 | + x = x->rj_r; | |
35196 | + else x = x->rj_l; | |
35197 | + } while (b > (unsigned) x->rj_b); /* x->rj_b < b && x->rj_b >= 0 */ | |
35198 | +#ifdef RJ_DEBUG | |
35199 | + if (rj_debug) | |
35200 | + printk("klips_debug:Going In:\n"), traverse(p); | |
35201 | +#endif /* RJ_DEBUG */ | |
35202 | + t = rj_newpair(v_arg, b, nodes); tt = t->rj_l; | |
35203 | + if ((cp[p->rj_off] & p->rj_bmask) == 0) | |
35204 | + p->rj_l = t; | |
35205 | + else | |
35206 | + p->rj_r = t; | |
35207 | + x->rj_p = t; t->rj_p = p; /* frees x, p as temp vars below */ | |
35208 | + if ((cp[t->rj_off] & t->rj_bmask) == 0) { | |
35209 | + t->rj_r = x; | |
35210 | + } else { | |
35211 | + t->rj_r = tt; t->rj_l = x; | |
35212 | + } | |
35213 | +#ifdef RJ_DEBUG | |
35214 | + if (rj_debug) | |
35215 | + printk("klips_debug:Coming out:\n"), traverse(p); | |
35216 | +#endif /* RJ_DEBUG */ | |
35217 | + } | |
35218 | + return (tt); | |
35219 | +} | |
35220 | + | |
35221 | +struct radij_node * | |
35222 | +rj_addmask(n_arg, search, skip) | |
35223 | + int search, skip; | |
35224 | + void *n_arg; | |
35225 | +{ | |
35226 | + caddr_t netmask = (caddr_t)n_arg; | |
35227 | + register struct radij_node *x; | |
35228 | + register caddr_t cp, cplim; | |
35229 | + register int b, mlen, j; | |
35230 | + int maskduplicated; | |
35231 | + | |
35232 | + mlen = *(u_char *)netmask; | |
35233 | + if (search) { | |
35234 | + x = rj_search(netmask, rj_masktop); | |
35235 | + mlen = *(u_char *)netmask; | |
35236 | + if (Bcmp(netmask, x->rj_key, mlen) == 0) | |
35237 | + return (x); | |
35238 | + } | |
35239 | + R_Malloc(x, struct radij_node *, maj_keylen + 2 * sizeof (*x)); | |
35240 | + if (x == 0) | |
35241 | + return (0); | |
35242 | + Bzero(x, maj_keylen + 2 * sizeof (*x)); | |
35243 | + cp = (caddr_t)(x + 2); | |
35244 | + Bcopy(netmask, cp, mlen); | |
35245 | + netmask = cp; | |
35246 | + x = rj_insert(netmask, mask_rjhead, &maskduplicated, x); | |
35247 | + /* | |
35248 | + * Calculate index of mask. | |
35249 | + */ | |
35250 | + cplim = netmask + mlen; | |
35251 | + for (cp = netmask + skip; cp < cplim; cp++) | |
35252 | + if (*(u_char *)cp != 0xff) | |
35253 | + break; | |
35254 | + b = (cp - netmask) << 3; | |
35255 | + if (cp != cplim) { | |
35256 | + if (*cp != 0) { | |
35257 | + gotOddMasks = 1; | |
35258 | + for (j = 0x80; j; b++, j >>= 1) | |
35259 | + if ((j & *cp) == 0) | |
35260 | + break; | |
35261 | + } | |
35262 | + } | |
35263 | + x->rj_b = -1 - b; | |
35264 | + return (x); | |
35265 | +} | |
35266 | + | |
35267 | +#if 0 | |
35268 | +struct radij_node * | |
35269 | +#endif | |
35270 | +int | |
35271 | +rj_addroute(v_arg, n_arg, head, treenodes) | |
35272 | + void *v_arg, *n_arg; | |
35273 | + struct radij_node_head *head; | |
35274 | + struct radij_node treenodes[2]; | |
35275 | +{ | |
35276 | + caddr_t v = (caddr_t)v_arg, netmask = (caddr_t)n_arg; | |
35277 | + register struct radij_node *t, *x=NULL, *tt; | |
35278 | + struct radij_node *saved_tt, *top = head->rnh_treetop; | |
35279 | + short b = 0, b_leaf; | |
35280 | + int mlen, keyduplicated; | |
35281 | + caddr_t cplim; | |
35282 | + struct radij_mask *m, **mp; | |
35283 | + | |
35284 | + /* | |
35285 | + * In dealing with non-contiguous masks, there may be | |
35286 | + * many different routes which have the same mask. | |
35287 | + * We will find it useful to have a unique pointer to | |
35288 | + * the mask to speed avoiding duplicate references at | |
35289 | + * nodes and possibly save time in calculating indices. | |
35290 | + */ | |
35291 | + if (netmask) { | |
35292 | + x = rj_search(netmask, rj_masktop); | |
35293 | + mlen = *(u_char *)netmask; | |
35294 | + if (Bcmp(netmask, x->rj_key, mlen) != 0) { | |
35295 | + x = rj_addmask(netmask, 0, top->rj_off); | |
35296 | + if (x == 0) | |
35297 | + return /* (0) rgb */ ENOMEM; | |
35298 | + } | |
35299 | + netmask = x->rj_key; | |
35300 | + b = -1 - x->rj_b; | |
35301 | + } | |
35302 | + /* | |
35303 | + * Deal with duplicated keys: attach node to previous instance | |
35304 | + */ | |
35305 | + saved_tt = tt = rj_insert(v, head, &keyduplicated, treenodes); | |
35306 | + if (keyduplicated) { | |
35307 | + do { | |
35308 | + if (tt->rj_mask == netmask) | |
35309 | + return /* (0) rgb */ ENXIO; | |
35310 | + t = tt; | |
35311 | + if (netmask == 0 || | |
35312 | + (tt->rj_mask && rj_refines(netmask, tt->rj_mask))) | |
35313 | + break; | |
35314 | + } while ((tt = tt->rj_dupedkey)); | |
35315 | + /* | |
35316 | + * If the mask is not duplicated, we wouldn't | |
35317 | + * find it among possible duplicate key entries | |
35318 | + * anyway, so the above test doesn't hurt. | |
35319 | + * | |
35320 | + * We sort the masks for a duplicated key the same way as | |
35321 | + * in a masklist -- most specific to least specific. | |
35322 | + * This may require the unfortunate nuisance of relocating | |
35323 | + * the head of the list. | |
35324 | + */ | |
35325 | + if (tt && t == saved_tt) { | |
35326 | + struct radij_node *xx = x; | |
35327 | + /* link in at head of list */ | |
35328 | + (tt = treenodes)->rj_dupedkey = t; | |
35329 | + tt->rj_flags = t->rj_flags; | |
35330 | + tt->rj_p = x = t->rj_p; | |
35331 | + if (x->rj_l == t) x->rj_l = tt; else x->rj_r = tt; | |
35332 | + saved_tt = tt; x = xx; | |
35333 | + } else { | |
35334 | + (tt = treenodes)->rj_dupedkey = t->rj_dupedkey; | |
35335 | + t->rj_dupedkey = tt; | |
35336 | + } | |
35337 | +#ifdef RJ_DEBUG | |
35338 | + t=tt+1; tt->rj_info = rj_nodenum++; t->rj_info = rj_nodenum++; | |
35339 | + tt->rj_twin = t; tt->rj_ybro = rj_clist; rj_clist = tt; | |
35340 | +#endif /* RJ_DEBUG */ | |
35341 | + t = saved_tt; | |
35342 | + tt->rj_key = (caddr_t) v; | |
35343 | + tt->rj_b = -1; | |
35344 | + tt->rj_flags = t->rj_flags & ~RJF_ROOT; | |
35345 | + } | |
35346 | + /* | |
35347 | + * Put mask in tree. | |
35348 | + */ | |
35349 | + if (netmask) { | |
35350 | + tt->rj_mask = netmask; | |
35351 | + tt->rj_b = x->rj_b; | |
35352 | + } | |
35353 | + t = saved_tt->rj_p; | |
35354 | + b_leaf = -1 - t->rj_b; | |
35355 | + if (t->rj_r == saved_tt) x = t->rj_l; else x = t->rj_r; | |
35356 | + /* Promote general routes from below */ | |
35357 | + if (x->rj_b < 0) { | |
35358 | + if (x->rj_mask && (x->rj_b >= b_leaf) && x->rj_mklist == 0) { | |
35359 | + MKGet(m); | |
35360 | + if (m) { | |
35361 | + Bzero(m, sizeof *m); | |
35362 | + m->rm_b = x->rj_b; | |
35363 | + m->rm_mask = x->rj_mask; | |
35364 | + x->rj_mklist = t->rj_mklist = m; | |
35365 | + } | |
35366 | + } | |
35367 | + } else if (x->rj_mklist) { | |
35368 | + /* | |
35369 | + * Skip over masks whose index is > that of new node | |
35370 | + */ | |
35371 | + for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) | |
35372 | + if (m->rm_b >= b_leaf) | |
35373 | + break; | |
35374 | + t->rj_mklist = m; *mp = 0; | |
35375 | + } | |
35376 | + /* Add new route to highest possible ancestor's list */ | |
35377 | + if ((netmask == 0) || (b > t->rj_b )) | |
35378 | + return /* tt rgb */ 0; /* can't lift at all */ | |
35379 | + b_leaf = tt->rj_b; | |
35380 | + do { | |
35381 | + x = t; | |
35382 | + t = t->rj_p; | |
35383 | + } while (b <= t->rj_b && x != top); | |
35384 | + /* | |
35385 | + * Search through routes associated with node to | |
35386 | + * insert new route according to index. | |
35387 | + * For nodes of equal index, place more specific | |
35388 | + * masks first. | |
35389 | + */ | |
35390 | + cplim = netmask + mlen; | |
35391 | + for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) { | |
35392 | + if (m->rm_b < b_leaf) | |
35393 | + continue; | |
35394 | + if (m->rm_b > b_leaf) | |
35395 | + break; | |
35396 | + if (m->rm_mask == netmask) { | |
35397 | + m->rm_refs++; | |
35398 | + tt->rj_mklist = m; | |
35399 | + return /* tt rgb */ 0; | |
35400 | + } | |
35401 | + if (rj_refines(netmask, m->rm_mask)) | |
35402 | + break; | |
35403 | + } | |
35404 | + MKGet(m); | |
35405 | + if (m == 0) { | |
35406 | + printk("klips_debug:Mask for route not entered\n"); | |
35407 | + return /* (tt) rgb */ 0; | |
35408 | + } | |
35409 | + Bzero(m, sizeof *m); | |
35410 | + m->rm_b = b_leaf; | |
35411 | + m->rm_mask = netmask; | |
35412 | + m->rm_mklist = *mp; | |
35413 | + *mp = m; | |
35414 | + tt->rj_mklist = m; | |
35415 | + return /* tt rgb */ 0; | |
35416 | +} | |
35417 | + | |
35418 | +int | |
35419 | +rj_delete(v_arg, netmask_arg, head, node) | |
35420 | + void *v_arg, *netmask_arg; | |
35421 | + struct radij_node_head *head; | |
35422 | + struct radij_node **node; | |
35423 | +{ | |
35424 | + register struct radij_node *t, *p, *x, *tt; | |
35425 | + struct radij_mask *m, *saved_m, **mp; | |
35426 | + struct radij_node *dupedkey, *saved_tt, *top; | |
35427 | + caddr_t v, netmask; | |
35428 | + int b, head_off, vlen; | |
35429 | + | |
35430 | + v = v_arg; | |
35431 | + netmask = netmask_arg; | |
35432 | + x = head->rnh_treetop; | |
35433 | + tt = rj_search(v, x); | |
35434 | + head_off = x->rj_off; | |
35435 | + vlen = *(u_char *)v; | |
35436 | + saved_tt = tt; | |
35437 | + top = x; | |
35438 | + if (tt == 0 || | |
35439 | + Bcmp(v + head_off, tt->rj_key + head_off, vlen - head_off)) | |
35440 | + return /* (0) rgb */ -EFAULT; | |
35441 | + /* | |
35442 | + * Delete our route from mask lists. | |
35443 | + */ | |
35444 | + if ((dupedkey = tt->rj_dupedkey)) { | |
35445 | + if (netmask) | |
35446 | + netmask = rj_search(netmask, rj_masktop)->rj_key; | |
35447 | + while (tt->rj_mask != netmask) | |
35448 | + if ((tt = tt->rj_dupedkey) == 0) | |
35449 | + return /* (0) rgb */ -ENXIO; | |
35450 | + } | |
35451 | + if (tt->rj_mask == 0 || (saved_m = m = tt->rj_mklist) == 0) | |
35452 | + goto on1; | |
35453 | + if (m->rm_mask != tt->rj_mask) { | |
35454 | + printk("klips_debug:rj_delete: inconsistent annotation\n"); | |
35455 | + goto on1; | |
35456 | + } | |
35457 | + if (--m->rm_refs >= 0) | |
35458 | + goto on1; | |
35459 | + b = -1 - tt->rj_b; | |
35460 | + t = saved_tt->rj_p; | |
35461 | + if (b > t->rj_b) | |
35462 | + goto on1; /* Wasn't lifted at all */ | |
35463 | + do { | |
35464 | + x = t; | |
35465 | + t = t->rj_p; | |
35466 | + } while (b <= t->rj_b && x != top); | |
35467 | + for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) | |
35468 | + if (m == saved_m) { | |
35469 | + *mp = m->rm_mklist; | |
35470 | + MKFree(m); | |
35471 | + break; | |
35472 | + } | |
35473 | + if (m == 0) | |
35474 | + printk("klips_debug:rj_delete: couldn't find our annotation\n"); | |
35475 | +on1: | |
35476 | + /* | |
35477 | + * Eliminate us from tree | |
35478 | + */ | |
35479 | + if (tt->rj_flags & RJF_ROOT) | |
35480 | + return /* (0) rgb */ -EFAULT; | |
35481 | +#ifdef RJ_DEBUG | |
35482 | + /* Get us out of the creation list */ | |
35483 | + for (t = rj_clist; t && t->rj_ybro != tt; t = t->rj_ybro) {} | |
35484 | + if (t) t->rj_ybro = tt->rj_ybro; | |
35485 | +#endif /* RJ_DEBUG */ | |
35486 | + t = tt->rj_p; | |
35487 | + if (dupedkey) { | |
35488 | + if (tt == saved_tt) { | |
35489 | + x = dupedkey; x->rj_p = t; | |
35490 | + if (t->rj_l == tt) t->rj_l = x; else t->rj_r = x; | |
35491 | + } else { | |
35492 | + for (x = p = saved_tt; p && p->rj_dupedkey != tt;) | |
35493 | + p = p->rj_dupedkey; | |
35494 | + if (p) p->rj_dupedkey = tt->rj_dupedkey; | |
35495 | + else printk("klips_debug:rj_delete: couldn't find us\n"); | |
35496 | + } | |
35497 | + t = tt + 1; | |
35498 | + if (t->rj_flags & RJF_ACTIVE) { | |
35499 | +#ifndef RJ_DEBUG | |
35500 | + *++x = *t; p = t->rj_p; | |
35501 | +#else | |
35502 | + b = t->rj_info; *++x = *t; t->rj_info = b; p = t->rj_p; | |
35503 | +#endif /* RJ_DEBUG */ | |
35504 | + if (p->rj_l == t) p->rj_l = x; else p->rj_r = x; | |
35505 | + x->rj_l->rj_p = x; x->rj_r->rj_p = x; | |
35506 | + } | |
35507 | + goto out; | |
35508 | + } | |
35509 | + if (t->rj_l == tt) x = t->rj_r; else x = t->rj_l; | |
35510 | + p = t->rj_p; | |
35511 | + if (p->rj_r == t) p->rj_r = x; else p->rj_l = x; | |
35512 | + x->rj_p = p; | |
35513 | + /* | |
35514 | + * Demote routes attached to us. | |
35515 | + */ | |
35516 | + if (t->rj_mklist) { | |
35517 | + if (x->rj_b >= 0) { | |
35518 | + for (mp = &x->rj_mklist; (m = *mp);) | |
35519 | + mp = &m->rm_mklist; | |
35520 | + *mp = t->rj_mklist; | |
35521 | + } else { | |
35522 | + for (m = t->rj_mklist; m;) { | |
35523 | + struct radij_mask *mm = m->rm_mklist; | |
35524 | + if (m == x->rj_mklist && (--(m->rm_refs) < 0)) { | |
35525 | + x->rj_mklist = 0; | |
35526 | + MKFree(m); | |
35527 | + } else | |
35528 | + printk("klips_debug:%s %p at %p\n", | |
35529 | + "rj_delete: Orphaned Mask", m, x); | |
35530 | + m = mm; | |
35531 | + } | |
35532 | + } | |
35533 | + } | |
35534 | + /* | |
35535 | + * We may be holding an active internal node in the tree. | |
35536 | + */ | |
35537 | + x = tt + 1; | |
35538 | + if (t != x) { | |
35539 | +#ifndef RJ_DEBUG | |
35540 | + *t = *x; | |
35541 | +#else | |
35542 | + b = t->rj_info; *t = *x; t->rj_info = b; | |
35543 | +#endif /* RJ_DEBUG */ | |
35544 | + t->rj_l->rj_p = t; t->rj_r->rj_p = t; | |
35545 | + p = x->rj_p; | |
35546 | + if (p->rj_l == x) p->rj_l = t; else p->rj_r = t; | |
35547 | + } | |
35548 | +out: | |
35549 | + tt->rj_flags &= ~RJF_ACTIVE; | |
35550 | + tt[1].rj_flags &= ~RJF_ACTIVE; | |
35551 | + *node = tt; | |
35552 | + return /* (tt) rgb */ 0; | |
35553 | +} | |
35554 | + | |
35555 | +int | |
35556 | +rj_walktree(h, f, w) | |
35557 | + struct radij_node_head *h; | |
35558 | + register int (*f)(struct radij_node *,void *); | |
35559 | + void *w; | |
35560 | +{ | |
35561 | + int error; | |
35562 | + struct radij_node *base, *next; | |
35563 | + register struct radij_node *rn; | |
35564 | + | |
35565 | + if(!h || !f /* || !w */) { | |
35566 | + return -1; | |
35567 | + } | |
35568 | + | |
35569 | + rn = h->rnh_treetop; | |
35570 | + /* | |
35571 | + * This gets complicated because we may delete the node | |
35572 | + * while applying the function f to it, so we need to calculate | |
35573 | + * the successor node in advance. | |
35574 | + */ | |
35575 | + /* First time through node, go left */ | |
35576 | + while (rn->rj_b >= 0) | |
35577 | + rn = rn->rj_l; | |
35578 | + for (;;) { | |
35579 | +#ifdef CONFIG_IPSEC_DEBUG | |
35580 | + if(debug_radij) { | |
35581 | + printk("klips_debug:RN_WALKTREE: for: rn=%p rj_b=%d rj_flags=%x", rn, rn->rj_b, rn->rj_flags); | |
35582 | + rn->rj_b >= 0 ? | |
35583 | + printk(" node off=%x\n", rn->rj_off) : | |
35584 | + printk(" leaf key = %08x->%08x\n", | |
35585 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), | |
35586 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)) | |
35587 | + ; | |
35588 | + } | |
35589 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
35590 | + base = rn; | |
35591 | + /* If at right child go back up, otherwise, go right */ | |
35592 | + while (rn->rj_p->rj_r == rn && (rn->rj_flags & RJF_ROOT) == 0) | |
35593 | + rn = rn->rj_p; | |
35594 | + /* Find the next *leaf* since next node might vanish, too */ | |
35595 | + for (rn = rn->rj_p->rj_r; rn->rj_b >= 0;) | |
35596 | + rn = rn->rj_l; | |
35597 | + next = rn; | |
35598 | +#ifdef CONFIG_IPSEC_DEBUG | |
35599 | + if(debug_radij) { | |
35600 | + printk("klips_debug:RN_WALKTREE: processing leaves, rn=%p rj_b=%d rj_flags=%x", rn, rn->rj_b, rn->rj_flags); | |
35601 | + rn->rj_b >= 0 ? | |
35602 | + printk(" node off=%x\n", rn->rj_off) : | |
35603 | + printk(" leaf key = %08x->%08x\n", | |
35604 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), | |
35605 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)) | |
35606 | + ; | |
35607 | + } | |
35608 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
35609 | + /* Process leaves */ | |
35610 | + while ((rn = base)) { | |
35611 | + base = rn->rj_dupedkey; | |
35612 | +#ifdef CONFIG_IPSEC_DEBUG | |
35613 | + if(debug_radij) { | |
35614 | + printk("klips_debug:RN_WALKTREE: while: base=%p rn=%p rj_b=%d rj_flags=%x", | |
35615 | + base, rn, rn->rj_b, rn->rj_flags); | |
35616 | + rn->rj_b >= 0 ? | |
35617 | + printk(" node off=%x\n", rn->rj_off) : | |
35618 | + printk(" leaf key = %08x->%08x\n", | |
35619 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), | |
35620 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)) | |
35621 | + ; | |
35622 | + } | |
35623 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
35624 | + if (!(rn->rj_flags & RJF_ROOT) && (error = (*f)(rn, w))) | |
35625 | + return (-error); | |
35626 | + } | |
35627 | + rn = next; | |
35628 | + if (rn->rj_flags & RJF_ROOT) | |
35629 | + return (0); | |
35630 | + } | |
35631 | + /* NOTREACHED */ | |
35632 | +} | |
35633 | + | |
35634 | +int | |
35635 | +rj_inithead(head, off) | |
35636 | + void **head; | |
35637 | + int off; | |
35638 | +{ | |
35639 | + register struct radij_node_head *rnh; | |
35640 | + register struct radij_node *t, *tt, *ttt; | |
35641 | + if (*head) | |
35642 | + return (1); | |
35643 | + R_Malloc(rnh, struct radij_node_head *, sizeof (*rnh)); | |
35644 | + if (rnh == 0) | |
35645 | + return (0); | |
35646 | + Bzero(rnh, sizeof (*rnh)); | |
35647 | + *head = rnh; | |
35648 | + t = rj_newpair(rj_zeroes, off, rnh->rnh_nodes); | |
35649 | + ttt = rnh->rnh_nodes + 2; | |
35650 | + t->rj_r = ttt; | |
35651 | + t->rj_p = t; | |
35652 | + tt = t->rj_l; | |
35653 | + tt->rj_flags = t->rj_flags = RJF_ROOT | RJF_ACTIVE; | |
35654 | + tt->rj_b = -1 - off; | |
35655 | + *ttt = *tt; | |
35656 | + ttt->rj_key = rj_ones; | |
35657 | + rnh->rnh_addaddr = rj_addroute; | |
35658 | + rnh->rnh_deladdr = rj_delete; | |
35659 | + rnh->rnh_matchaddr = rj_match; | |
35660 | + rnh->rnh_walktree = rj_walktree; | |
35661 | + rnh->rnh_treetop = t; | |
35662 | + return (1); | |
35663 | +} | |
35664 | + | |
35665 | +void | |
35666 | +rj_init() | |
35667 | +{ | |
35668 | + char *cp, *cplim; | |
35669 | + | |
35670 | + if (maj_keylen == 0) { | |
35671 | + printk("klips_debug:rj_init: radij functions require maj_keylen be set\n"); | |
35672 | + return; | |
35673 | + } | |
35674 | + R_Malloc(rj_zeroes, char *, 3 * maj_keylen); | |
35675 | + if (rj_zeroes == NULL) | |
35676 | + panic("rj_init"); | |
35677 | + Bzero(rj_zeroes, 3 * maj_keylen); | |
35678 | + rj_ones = cp = rj_zeroes + maj_keylen; | |
35679 | + maskedKey = cplim = rj_ones + maj_keylen; | |
35680 | + while (cp < cplim) | |
35681 | + *cp++ = -1; | |
35682 | + if (rj_inithead((void **)&mask_rjhead, 0) == 0) | |
35683 | + panic("rj_init 2"); | |
35684 | +} | |
35685 | + | |
35686 | +void | |
35687 | +rj_preorder(struct radij_node *rn, int l) | |
35688 | +{ | |
35689 | + int i; | |
35690 | + | |
35691 | + if (rn == NULL){ | |
35692 | + printk("klips_debug:rj_preorder: NULL pointer\n"); | |
35693 | + return; | |
35694 | + } | |
35695 | + | |
35696 | + if (rn->rj_b >= 0){ | |
35697 | + rj_preorder(rn->rj_l, l+1); | |
35698 | + rj_preorder(rn->rj_r, l+1); | |
35699 | + printk("klips_debug:"); | |
35700 | + for (i=0; i<l; i++) | |
35701 | + printk("*"); | |
35702 | + printk(" off = %d\n", rn->rj_off); | |
35703 | + } else { | |
35704 | + printk("klips_debug:"); | |
35705 | + for (i=0; i<l; i++) | |
35706 | + printk("@"); | |
35707 | + printk(" flags = %x", (u_int)rn->rj_flags); | |
35708 | + if (rn->rj_flags & RJF_ACTIVE) { | |
35709 | + printk(" @key = %p", rn->rj_key); | |
35710 | + | |
35711 | + printk(" key = %08x->%08x", | |
35712 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), | |
35713 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)); | |
35714 | + | |
35715 | + printk(" @mask = %p", rn->rj_mask); | |
35716 | + if (rn->rj_mask) | |
35717 | + printk(" mask = %08x->%08x", | |
35718 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_mask)->sen_ip_src.s_addr), | |
35719 | + (u_int)ntohl(((struct sockaddr_encap *)rn->rj_mask)->sen_ip_dst.s_addr)); | |
35720 | + | |
35721 | + if (rn->rj_dupedkey) | |
35722 | + printk(" dupedkey = %08x", (u_int)rn->rj_dupedkey); | |
35723 | + } | |
35724 | + printk("\n"); | |
35725 | + } | |
35726 | +} | |
35727 | + | |
35728 | +#ifdef RJ_DEBUG | |
35729 | +DEBUG_NO_STATIC void traverse(struct radij_node *p) | |
35730 | +{ | |
35731 | + rj_preorder(p, 0); | |
35732 | +} | |
35733 | +#endif /* RJ_DEBUG */ | |
35734 | + | |
35735 | +void | |
35736 | +rj_dumptrees(void) | |
35737 | +{ | |
35738 | + rj_preorder(rnh->rnh_treetop, 0); | |
35739 | +} | |
35740 | + | |
35741 | +void | |
35742 | +rj_free_mkfreelist(void) | |
35743 | +{ | |
35744 | + struct radij_mask *mknp, *mknp2; | |
35745 | + | |
35746 | + mknp = rj_mkfreelist; | |
35747 | + while(mknp) | |
35748 | + { | |
35749 | + mknp2 = mknp; | |
35750 | + mknp = mknp->rm_mklist; | |
35751 | + kfree(mknp2); | |
35752 | + } | |
35753 | +} | |
35754 | + | |
35755 | +int | |
35756 | +radijcleartree(void) | |
35757 | +{ | |
35758 | + return rj_walktree(rnh, ipsec_rj_walker_delete, NULL); | |
35759 | +} | |
35760 | + | |
35761 | +int | |
35762 | +radijcleanup(void) | |
35763 | +{ | |
35764 | + int error = 0; | |
35765 | + | |
35766 | + error = radijcleartree(); | |
35767 | + | |
35768 | + rj_free_mkfreelist(); | |
35769 | + | |
35770 | +/* rj_walktree(mask_rjhead, ipsec_rj_walker_delete, NULL); */ | |
35771 | + if(mask_rjhead) { | |
35772 | + kfree(mask_rjhead); | |
35773 | + } | |
35774 | + | |
35775 | + if(rj_zeroes) { | |
35776 | + kfree(rj_zeroes); | |
35777 | + } | |
35778 | + | |
35779 | + if(rnh) { | |
35780 | + kfree(rnh); | |
35781 | + } | |
35782 | + | |
35783 | + return error; | |
35784 | +} | |
35785 | + | |
35786 | +/* | |
35787 | + * $Log$ | |
35788 | + * Revision 1.31 2000/11/06 04:35:21 rgb | |
35789 | + * Clear table *before* releasing other items in radijcleanup. | |
35790 | + * | |
35791 | + * Revision 1.30 2000/09/20 04:07:40 rgb | |
35792 | + * Changed static functions to DEBUG_NO_STATIC to reveal function names in | |
35793 | + * oopsen. | |
35794 | + * | |
35795 | + * Revision 1.29 2000/09/12 03:25:02 rgb | |
35796 | + * Moved radij_c_version printing to ipsec_version_get_info(). | |
35797 | + * | |
35798 | + * Revision 1.28 2000/09/08 19:12:56 rgb | |
35799 | + * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. | |
35800 | + * | |
35801 | + * Revision 1.27 2000/07/28 14:58:32 rgb | |
35802 | + * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. | |
35803 | + * | |
35804 | + * Revision 1.26 2000/05/10 23:11:37 rgb | |
35805 | + * Comment out most of the startup version information. | |
35806 | + * | |
35807 | + * Revision 1.25 2000/01/21 06:21:47 rgb | |
35808 | + * Change return codes to negative on error. | |
35809 | + * | |
35810 | + * Revision 1.24 1999/11/18 04:09:20 rgb | |
35811 | + * Replaced all kernel version macros to shorter, readable form. | |
35812 | + * | |
35813 | + * Revision 1.23 1999/11/17 15:53:41 rgb | |
35814 | + * Changed all occurrences of #include "../../../lib/freeswan.h" | |
35815 | + * to #include <freeswan.h> which works due to -Ilibfreeswan in the | |
35816 | + * klips/net/ipsec/Makefile. | |
35817 | + * | |
35818 | + * Revision 1.22 1999/10/15 22:17:28 rgb | |
35819 | + * Modify radijcleanup() to call radijcleartree(). | |
35820 | + * | |
35821 | + * Revision 1.21 1999/10/08 18:37:34 rgb | |
35822 | + * Fix end-of-line spacing to sate whining PHMs. | |
35823 | + * | |
35824 | + * Revision 1.20 1999/10/01 15:44:54 rgb | |
35825 | + * Move spinlock header include to 2.1> scope. | |
35826 | + * | |
35827 | + * Revision 1.19 1999/10/01 08:35:52 rgb | |
35828 | + * Add spinlock include to shut up compiler for 2.0.38. | |
35829 | + * | |
35830 | + * Revision 1.18 1999/09/23 18:02:52 rgb | |
35831 | + * De-alarm the search failure message so it doesn't sound so grave. | |
35832 | + * | |
35833 | + * Revision 1.17 1999/05/25 21:26:01 rgb | |
35834 | + * Fix rj_walktree() sanity checking bug. | |
35835 | + * | |
35836 | + * Revision 1.16 1999/05/09 03:25:38 rgb | |
35837 | + * Fix bug introduced by 2.2 quick-and-dirty patch. | |
35838 | + * | |
35839 | + * Revision 1.15 1999/05/05 22:02:33 rgb | |
35840 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
35841 | + * | |
35842 | + * Revision 1.14 1999/04/29 15:24:15 rgb | |
35843 | + * Add sanity checking for null pointer arguments. | |
35844 | + * Standardise an error return method. | |
35845 | + * | |
35846 | + * Revision 1.13 1999/04/11 00:29:02 henry | |
35847 | + * GPL boilerplate | |
35848 | + * | |
35849 | + * Revision 1.12 1999/04/06 04:54:28 rgb | |
35850 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
35851 | + * patch shell fixes. | |
35852 | + * | |
35853 | + * Revision 1.11 1999/02/17 16:52:53 rgb | |
35854 | + * Convert DEBUG_IPSEC to KLIPS_PRINT | |
35855 | + * Clean out unused cruft. | |
35856 | + * | |
35857 | + * Revision 1.10 1999/01/22 06:30:05 rgb | |
35858 | + * Cruft clean-out. | |
35859 | + * 64-bit clean-up. | |
35860 | + * | |
35861 | + * Revision 1.9 1998/12/01 13:22:04 rgb | |
35862 | + * Added support for debug printing of version info. | |
35863 | + * | |
35864 | + * Revision 1.8 1998/11/30 13:22:55 rgb | |
35865 | + * Rationalised all the klips kernel file headers. They are much shorter | |
35866 | + * now and won't conflict under RH5.2. | |
35867 | + * | |
35868 | + * Revision 1.7 1998/10/25 02:43:26 rgb | |
35869 | + * Change return type on rj_addroute and rj_delete and add and argument | |
35870 | + * to the latter to be able to transmit more infomation about errors. | |
35871 | + * | |
35872 | + * Revision 1.6 1998/10/19 14:30:06 rgb | |
35873 | + * Added inclusion of freeswan.h. | |
35874 | + * | |
35875 | + * Revision 1.5 1998/10/09 04:33:27 rgb | |
35876 | + * Added 'klips_debug' prefix to all klips printk debug statements. | |
35877 | + * Fixed output formatting slightly. | |
35878 | + * | |
35879 | + * Revision 1.4 1998/07/28 00:06:59 rgb | |
35880 | + * Add debug detail to tree traversing. | |
35881 | + * | |
35882 | + * Revision 1.3 1998/07/14 18:07:58 rgb | |
35883 | + * Add a routine to clear the eroute tree. | |
35884 | + * | |
35885 | + * Revision 1.2 1998/06/25 20:03:22 rgb | |
35886 | + * Cleanup #endif comments. Debug output for rj_init. | |
35887 | + * | |
35888 | + * Revision 1.1 1998/06/18 21:30:22 henry | |
35889 | + * move sources from klips/src to klips/net/ipsec to keep stupid kernel | |
35890 | + * build scripts happier about symlinks | |
35891 | + * | |
35892 | + * Revision 1.8 1998/05/25 20:34:15 rgb | |
35893 | + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. | |
35894 | + * | |
35895 | + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and | |
35896 | + * add ipsec_rj_walker_delete. | |
35897 | + * | |
35898 | + * Recover memory for eroute table on unload of module. | |
35899 | + * | |
35900 | + * Revision 1.7 1998/05/21 12:58:58 rgb | |
35901 | + * Moved 'extern' definitions to ipsec_radij.h to support /proc 3k limit fix. | |
35902 | + * | |
35903 | + * Revision 1.6 1998/04/23 20:57:29 rgb | |
35904 | + * Cleaned up compiler warnings for unused debugging functions. | |
35905 | + * | |
35906 | + * Revision 1.5 1998/04/22 16:51:38 rgb | |
35907 | + * Tidy up radij debug code from recent rash of modifications to debug code. | |
35908 | + * | |
35909 | + * Revision 1.4 1998/04/21 21:28:56 rgb | |
35910 | + * Rearrange debug switches to change on the fly debug output from user | |
35911 | + * space. Only kernel changes checked in at this time. radij.c was also | |
35912 | + * changed to temporarily remove buggy debugging code in rj_delete causing | |
35913 | + * an OOPS and hence, netlink device open errors. | |
35914 | + * | |
35915 | + * Revision 1.3 1998/04/14 17:30:37 rgb | |
35916 | + * Fix up compiling errors for radij tree memory reclamation. | |
35917 | + * | |
35918 | + * Revision 1.2 1998/04/12 22:03:25 rgb | |
35919 | + * Updated ESP-3DES-HMAC-MD5-96, | |
35920 | + * ESP-DES-HMAC-MD5-96, | |
35921 | + * AH-HMAC-MD5-96, | |
35922 | + * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository | |
35923 | + * from old standards (RFC182[5-9] to new (as of March 1998) drafts. | |
35924 | + * | |
35925 | + * Fixed eroute references in /proc/net/ipsec*. | |
35926 | + * | |
35927 | + * Started to patch module unloading memory leaks in ipsec_netlink and | |
35928 | + * radij tree unloading. | |
35929 | + * | |
35930 | + * Revision 1.1 1998/04/09 03:06:15 henry | |
35931 | + * sources moved up from linux/net/ipsec | |
35932 | + * | |
35933 | + * Revision 1.1.1.1 1998/04/08 05:35:03 henry | |
35934 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
35935 | + * | |
35936 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
35937 | + * No changes. | |
35938 | + * | |
35939 | + * Revision 0.3 1996/11/20 14:39:04 ji | |
35940 | + * Minor cleanups. | |
35941 | + * Rationalized debugging code. | |
35942 | + * | |
35943 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
35944 | + * First limited release. | |
35945 | + * | |
35946 | + * | |
35947 | + */ | |
35948 | diff -druN linux-noipsec/net/ipsec/radij.h linux/net/ipsec/radij.h | |
35949 | --- linux-noipsec/net/ipsec/radij.h Thu Jan 1 01:00:00 1970 | |
35950 | +++ linux/net/ipsec/radij.h Thu Nov 18 05:09:20 1999 | |
35951 | @@ -0,0 +1,291 @@ | |
35952 | +/* | |
35953 | + * RCSID $Id$ | |
35954 | + */ | |
35955 | + | |
35956 | +/* | |
35957 | + * This file is defived from ${SRC}/sys/net/radix.h of BSD 4.4lite | |
35958 | + * | |
35959 | + * Variable and procedure names have been modified so that they don't | |
35960 | + * conflict with the original BSD code, as a small number of modifications | |
35961 | + * have been introduced and we may want to reuse this code in BSD. | |
35962 | + * | |
35963 | + * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek | |
35964 | + * chi or a German ch sound (as `doch', not as in `milch'), or even a | |
35965 | + * spanish j as in Juan. It is not as far back in the throat like | |
35966 | + * the corresponding Hebrew sound, nor is it a soft breath like the English h. | |
35967 | + * It has nothing to do with the Dutch ij sound. | |
35968 | + * | |
35969 | + * Here is the appropriate copyright notice: | |
35970 | + */ | |
35971 | + | |
35972 | +/* | |
35973 | + * Copyright (c) 1988, 1989, 1993 | |
35974 | + * The Regents of the University of California. All rights reserved. | |
35975 | + * | |
35976 | + * Redistribution and use in source and binary forms, with or without | |
35977 | + * modification, are permitted provided that the following conditions | |
35978 | + * are met: | |
35979 | + * 1. Redistributions of source code must retain the above copyright | |
35980 | + * notice, this list of conditions and the following disclaimer. | |
35981 | + * 2. Redistributions in binary form must reproduce the above copyright | |
35982 | + * notice, this list of conditions and the following disclaimer in the | |
35983 | + * documentation and/or other materials provided with the distribution. | |
35984 | + * 3. All advertising materials mentioning features or use of this software | |
35985 | + * must display the following acknowledgement: | |
35986 | + * This product includes software developed by the University of | |
35987 | + * California, Berkeley and its contributors. | |
35988 | + * 4. Neither the name of the University nor the names of its contributors | |
35989 | + * may be used to endorse or promote products derived from this software | |
35990 | + * without specific prior written permission. | |
35991 | + * | |
35992 | + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
35993 | + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
35994 | + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
35995 | + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
35996 | + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
35997 | + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
35998 | + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
35999 | + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
36000 | + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
36001 | + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
36002 | + * SUCH DAMAGE. | |
36003 | + * | |
36004 | + * @(#)radix.h 8.1 (Berkeley) 6/10/93 | |
36005 | + */ | |
36006 | + | |
36007 | +#ifndef _RADIJ_H_ | |
36008 | +#define _RADIJ_H_ | |
36009 | + | |
36010 | +/* | |
36011 | +#define RJ_DEBUG | |
36012 | +*/ | |
36013 | + | |
36014 | +#ifdef __KERNEL__ | |
36015 | + | |
36016 | +#ifndef __P | |
36017 | +#ifdef __STDC__ | |
36018 | +#define __P(x) x | |
36019 | +#else | |
36020 | +#define __P(x) () | |
36021 | +#endif | |
36022 | +#endif | |
36023 | + | |
36024 | +#ifndef NET_21 | |
36025 | +#ifndef min | |
36026 | +static __inline__ int min(unsigned int a, unsigned int b) | |
36027 | +{ | |
36028 | + if (a > b) | |
36029 | + a = b; | |
36030 | + return a; | |
36031 | +} | |
36032 | +#endif /* !min */ | |
36033 | + | |
36034 | +#ifndef max | |
36035 | +static __inline__ int max(unsigned int a, unsigned int b) | |
36036 | +{ | |
36037 | + if (a < b) | |
36038 | + a = b; | |
36039 | + return a; | |
36040 | +} | |
36041 | +#endif /* !max */ | |
36042 | +#endif /* NET_21 */ | |
36043 | + | |
36044 | +/* | |
36045 | + * Radix search tree node layout. | |
36046 | + */ | |
36047 | + | |
36048 | +struct radij_node | |
36049 | +{ | |
36050 | + struct radij_mask *rj_mklist; /* list of masks contained in subtree */ | |
36051 | + struct radij_node *rj_p; /* parent */ | |
36052 | + short rj_b; /* bit offset; -1-index(netmask) */ | |
36053 | + char rj_bmask; /* node: mask for bit test*/ | |
36054 | + u_char rj_flags; /* enumerated next */ | |
36055 | +#define RJF_NORMAL 1 /* leaf contains normal route */ | |
36056 | +#define RJF_ROOT 2 /* leaf is root leaf for tree */ | |
36057 | +#define RJF_ACTIVE 4 /* This node is alive (for rtfree) */ | |
36058 | + union { | |
36059 | + struct { /* leaf only data: */ | |
36060 | + caddr_t rj_Key; /* object of search */ | |
36061 | + caddr_t rj_Mask; /* netmask, if present */ | |
36062 | + struct radij_node *rj_Dupedkey; | |
36063 | + } rj_leaf; | |
36064 | + struct { /* node only data: */ | |
36065 | + int rj_Off; /* where to start compare */ | |
36066 | + struct radij_node *rj_L;/* progeny */ | |
36067 | + struct radij_node *rj_R;/* progeny */ | |
36068 | + }rj_node; | |
36069 | + } rj_u; | |
36070 | +#ifdef RJ_DEBUG | |
36071 | + int rj_info; | |
36072 | + struct radij_node *rj_twin; | |
36073 | + struct radij_node *rj_ybro; | |
36074 | +#endif | |
36075 | +}; | |
36076 | + | |
36077 | +#define rj_dupedkey rj_u.rj_leaf.rj_Dupedkey | |
36078 | +#define rj_key rj_u.rj_leaf.rj_Key | |
36079 | +#define rj_mask rj_u.rj_leaf.rj_Mask | |
36080 | +#define rj_off rj_u.rj_node.rj_Off | |
36081 | +#define rj_l rj_u.rj_node.rj_L | |
36082 | +#define rj_r rj_u.rj_node.rj_R | |
36083 | + | |
36084 | +/* | |
36085 | + * Annotations to tree concerning potential routes applying to subtrees. | |
36086 | + */ | |
36087 | + | |
36088 | +extern struct radij_mask { | |
36089 | + short rm_b; /* bit offset; -1-index(netmask) */ | |
36090 | + char rm_unused; /* cf. rj_bmask */ | |
36091 | + u_char rm_flags; /* cf. rj_flags */ | |
36092 | + struct radij_mask *rm_mklist; /* more masks to try */ | |
36093 | + caddr_t rm_mask; /* the mask */ | |
36094 | + int rm_refs; /* # of references to this struct */ | |
36095 | +} *rj_mkfreelist; | |
36096 | + | |
36097 | +#define MKGet(m) {\ | |
36098 | + if (rj_mkfreelist) {\ | |
36099 | + m = rj_mkfreelist; \ | |
36100 | + rj_mkfreelist = (m)->rm_mklist; \ | |
36101 | + } else \ | |
36102 | + R_Malloc(m, struct radij_mask *, sizeof (*(m))); }\ | |
36103 | + | |
36104 | +#define MKFree(m) { (m)->rm_mklist = rj_mkfreelist; rj_mkfreelist = (m);} | |
36105 | + | |
36106 | +struct radij_node_head { | |
36107 | + struct radij_node *rnh_treetop; | |
36108 | + int rnh_addrsize; /* permit, but not require fixed keys */ | |
36109 | + int rnh_pktsize; /* permit, but not require fixed keys */ | |
36110 | +#if 0 | |
36111 | + struct radij_node *(*rnh_addaddr) /* add based on sockaddr */ | |
36112 | + __P((void *v, void *mask, | |
36113 | + struct radij_node_head *head, struct radij_node nodes[])); | |
36114 | +#endif | |
36115 | + int (*rnh_addaddr) /* add based on sockaddr */ | |
36116 | + __P((void *v, void *mask, | |
36117 | + struct radij_node_head *head, struct radij_node nodes[])); | |
36118 | + struct radij_node *(*rnh_addpkt) /* add based on packet hdr */ | |
36119 | + __P((void *v, void *mask, | |
36120 | + struct radij_node_head *head, struct radij_node nodes[])); | |
36121 | +#if 0 | |
36122 | + struct radij_node *(*rnh_deladdr) /* remove based on sockaddr */ | |
36123 | + __P((void *v, void *mask, struct radij_node_head *head)); | |
36124 | +#endif | |
36125 | + int (*rnh_deladdr) /* remove based on sockaddr */ | |
36126 | + __P((void *v, void *mask, struct radij_node_head *head, struct radij_node **node)); | |
36127 | + struct radij_node *(*rnh_delpkt) /* remove based on packet hdr */ | |
36128 | + __P((void *v, void *mask, struct radij_node_head *head)); | |
36129 | + struct radij_node *(*rnh_matchaddr) /* locate based on sockaddr */ | |
36130 | + __P((void *v, struct radij_node_head *head)); | |
36131 | + struct radij_node *(*rnh_matchpkt) /* locate based on packet hdr */ | |
36132 | + __P((void *v, struct radij_node_head *head)); | |
36133 | + int (*rnh_walktree) /* traverse tree */ | |
36134 | + __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w)); | |
36135 | + struct radij_node rnh_nodes[3]; /* empty tree for common case */ | |
36136 | +}; | |
36137 | + | |
36138 | + | |
36139 | +#define Bcmp(a, b, n) memcmp(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) | |
36140 | +#define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) | |
36141 | +#define Bzero(p, n) memset((caddr_t)(p), 0, (unsigned)(n)) | |
36142 | +#define R_Malloc(p, t, n) ((p = (t) kmalloc((size_t)(n), GFP_ATOMIC)), Bzero((p),(n))) | |
36143 | +#define Free(p) kfree((caddr_t)p); | |
36144 | + | |
36145 | +void rj_init __P((void)); | |
36146 | +int rj_inithead __P((void **, int)); | |
36147 | +int rj_refines __P((void *, void *)); | |
36148 | +int rj_walktree __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w)); | |
36149 | +struct radij_node | |
36150 | + *rj_addmask __P((void *, int, int)) /* , rgb */ ; | |
36151 | +int /* * */ rj_addroute __P((void *, void *, struct radij_node_head *, | |
36152 | + struct radij_node [2])) /* , rgb */ ; | |
36153 | +int /* * */ rj_delete __P((void *, void *, struct radij_node_head *, struct radij_node **)) /* , rgb */ ; | |
36154 | +struct radij_node /* rgb */ | |
36155 | + *rj_insert __P((void *, struct radij_node_head *, int *, | |
36156 | + struct radij_node [2])), | |
36157 | + *rj_match __P((void *, struct radij_node_head *)), | |
36158 | + *rj_newpair __P((void *, int, struct radij_node[2])), | |
36159 | + *rj_search __P((void *, struct radij_node *)), | |
36160 | + *rj_search_m __P((void *, struct radij_node *, void *)); | |
36161 | + | |
36162 | +void rj_deltree(struct radij_node_head *); | |
36163 | +void rj_delnodes(struct radij_node *); | |
36164 | +void rj_free_mkfreelist(void); | |
36165 | +int radijcleartree(void); | |
36166 | +int radijcleanup(void); | |
36167 | + | |
36168 | +extern struct radij_node_head *mask_rjhead; | |
36169 | +extern int maj_keylen; | |
36170 | +#endif /* __KERNEL__ */ | |
36171 | + | |
36172 | +#endif /* _RADIJ_H_ */ | |
36173 | + | |
36174 | + | |
36175 | +/* | |
36176 | + * $Log$ | |
36177 | + * Revision 1.10 1999/11/18 04:09:20 rgb | |
36178 | + * Replaced all kernel version macros to shorter, readable form. | |
36179 | + * | |
36180 | + * Revision 1.9 1999/05/05 22:02:33 rgb | |
36181 | + * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>. | |
36182 | + * | |
36183 | + * Revision 1.8 1999/04/29 15:24:58 rgb | |
36184 | + * Add check for existence of macros min/max. | |
36185 | + * | |
36186 | + * Revision 1.7 1999/04/11 00:29:02 henry | |
36187 | + * GPL boilerplate | |
36188 | + * | |
36189 | + * Revision 1.6 1999/04/06 04:54:29 rgb | |
36190 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
36191 | + * patch shell fixes. | |
36192 | + * | |
36193 | + * Revision 1.5 1999/01/22 06:30:32 rgb | |
36194 | + * 64-bit clean-up. | |
36195 | + * | |
36196 | + * Revision 1.4 1998/11/30 13:22:55 rgb | |
36197 | + * Rationalised all the klips kernel file headers. They are much shorter | |
36198 | + * now and won't conflict under RH5.2. | |
36199 | + * | |
36200 | + * Revision 1.3 1998/10/25 02:43:27 rgb | |
36201 | + * Change return type on rj_addroute and rj_delete and add and argument | |
36202 | + * to the latter to be able to transmit more infomation about errors. | |
36203 | + * | |
36204 | + * Revision 1.2 1998/07/14 18:09:51 rgb | |
36205 | + * Add a routine to clear eroute table. | |
36206 | + * Added #ifdef __KERNEL__ directives to restrict scope of header. | |
36207 | + * | |
36208 | + * Revision 1.1 1998/06/18 21:30:22 henry | |
36209 | + * move sources from klips/src to klips/net/ipsec to keep stupid kernel | |
36210 | + * build scripts happier about symlinks | |
36211 | + * | |
36212 | + * Revision 1.4 1998/05/25 20:34:16 rgb | |
36213 | + * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. | |
36214 | + * | |
36215 | + * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and | |
36216 | + * add ipsec_rj_walker_delete. | |
36217 | + * | |
36218 | + * Recover memory for eroute table on unload of module. | |
36219 | + * | |
36220 | + * Revision 1.3 1998/04/22 16:51:37 rgb | |
36221 | + * Tidy up radij debug code from recent rash of modifications to debug code. | |
36222 | + * | |
36223 | + * Revision 1.2 1998/04/14 17:30:38 rgb | |
36224 | + * Fix up compiling errors for radij tree memory reclamation. | |
36225 | + * | |
36226 | + * Revision 1.1 1998/04/09 03:06:16 henry | |
36227 | + * sources moved up from linux/net/ipsec | |
36228 | + * | |
36229 | + * Revision 1.1.1.1 1998/04/08 05:35:04 henry | |
36230 | + * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 | |
36231 | + * | |
36232 | + * Revision 0.4 1997/01/15 01:28:15 ji | |
36233 | + * No changes. | |
36234 | + * | |
36235 | + * Revision 0.3 1996/11/20 14:44:45 ji | |
36236 | + * Release update only. | |
36237 | + * | |
36238 | + * Revision 0.2 1996/11/02 00:18:33 ji | |
36239 | + * First limited release. | |
36240 | + * | |
36241 | + * | |
36242 | + */ | |
36243 | diff -druN linux-noipsec/net/ipsec/sysctl_net_ipsec.c linux/net/ipsec/sysctl_net_ipsec.c | |
36244 | --- linux-noipsec/net/ipsec/sysctl_net_ipsec.c Thu Jan 1 01:00:00 1970 | |
36245 | +++ linux/net/ipsec/sysctl_net_ipsec.c Sat Sep 16 03:50:15 2000 | |
36246 | @@ -0,0 +1,174 @@ | |
36247 | +/* | |
36248 | + * sysctl interface to net IPSEC subsystem. | |
36249 | + * Copyright (C) 1998, 1999, 2000 Richard Guy Briggs. | |
36250 | + * | |
36251 | + * This program is free software; you can redistribute it and/or modify it | |
36252 | + * under the terms of the GNU General Public License as published by the | |
36253 | + * Free Software Foundation; either version 2 of the License, or (at your | |
36254 | + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
36255 | + * | |
36256 | + * This program is distributed in the hope that it will be useful, but | |
36257 | + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
36258 | + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
36259 | + * for more details. | |
36260 | + * | |
36261 | + * RCSID $Id$ | |
36262 | + */ | |
36263 | + | |
36264 | +/* -*- linux-c -*- | |
36265 | + * | |
36266 | + * Initiated April 3, 1998, Richard Guy Briggs <rgb@conscoop.ottawa.on.ca> | |
36267 | + */ | |
36268 | + | |
36269 | +#include <linux/mm.h> | |
36270 | +#include <linux/sysctl.h> | |
36271 | + | |
36272 | +#ifdef CONFIG_SYSCTL | |
36273 | + | |
36274 | +#define NET_IPSEC 2112 /* Random number */ | |
36275 | +#ifdef CONFIG_IPSEC_DEBUG | |
36276 | +extern int debug_ah; | |
36277 | +extern int debug_esp; | |
36278 | +extern int debug_tunnel; | |
36279 | +extern int debug_eroute; | |
36280 | +extern int debug_spi; | |
36281 | +extern int debug_radij; | |
36282 | +extern int debug_netlink; | |
36283 | +extern int debug_xform; | |
36284 | +extern int debug_rcv; | |
36285 | +extern int debug_pfkey; | |
36286 | +extern int sysctl_ipsec_debug_verbose; | |
36287 | +#ifdef CONFIG_IPSEC_IPCOMP | |
36288 | +extern int sysctl_ipsec_debug_ipcomp; | |
36289 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
36290 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
36291 | + | |
36292 | +extern int sysctl_ipsec_icmp; | |
36293 | +extern int sysctl_ipsec_no_eroute_pass; | |
36294 | +extern int sysctl_ipsec_inbound_policy_check; | |
36295 | +extern int sysctl_ipsec_opportunistic; | |
36296 | +extern int sysctl_ipsec_tos; | |
36297 | + | |
36298 | +enum { | |
36299 | +#ifdef CONFIG_IPSEC_DEBUG | |
36300 | + NET_IPSEC_DEBUG_AH=1, | |
36301 | + NET_IPSEC_DEBUG_ESP=2, | |
36302 | + NET_IPSEC_DEBUG_TUNNEL=3, | |
36303 | + NET_IPSEC_DEBUG_EROUTE=4, | |
36304 | + NET_IPSEC_DEBUG_SPI=5, | |
36305 | + NET_IPSEC_DEBUG_RADIJ=6, | |
36306 | + NET_IPSEC_DEBUG_NETLINK=7, | |
36307 | + NET_IPSEC_DEBUG_XFORM=8, | |
36308 | + NET_IPSEC_DEBUG_RCV=9, | |
36309 | + NET_IPSEC_DEBUG_PFKEY=10, | |
36310 | + NET_IPSEC_DEBUG_VERBOSE=11, | |
36311 | + NET_IPSEC_DEBUG_IPCOMP=12, | |
36312 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
36313 | + NET_IPSEC_ICMP=13, | |
36314 | + NET_IPSEC_NO_EROUTE_PASS=14, | |
36315 | + NET_IPSEC_INBOUND_POLICY_CHECK=15, | |
36316 | + NET_IPSEC_OPPORTUNISTIC=16, | |
36317 | + NET_IPSEC_TOS=17 | |
36318 | +}; | |
36319 | + | |
36320 | +static ctl_table ipsec_table[] = { | |
36321 | +#ifdef CONFIG_IPSEC_DEBUG | |
36322 | + { NET_IPSEC_DEBUG_AH, "debug_ah", &debug_ah, | |
36323 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36324 | + { NET_IPSEC_DEBUG_ESP, "debug_esp", &debug_esp, | |
36325 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36326 | + { NET_IPSEC_DEBUG_TUNNEL, "debug_tunnel", &debug_tunnel, | |
36327 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36328 | + { NET_IPSEC_DEBUG_EROUTE, "debug_eroute", &debug_eroute, | |
36329 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36330 | + { NET_IPSEC_DEBUG_SPI, "debug_spi", &debug_spi, | |
36331 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36332 | + { NET_IPSEC_DEBUG_RADIJ, "debug_radij", &debug_radij, | |
36333 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36334 | + { NET_IPSEC_DEBUG_NETLINK, "debug_netlink", &debug_netlink, | |
36335 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36336 | + { NET_IPSEC_DEBUG_XFORM, "debug_xform", &debug_xform, | |
36337 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36338 | + { NET_IPSEC_DEBUG_RCV, "debug_rcv", &debug_rcv, | |
36339 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36340 | + { NET_IPSEC_DEBUG_PFKEY, "debug_pfkey", &debug_pfkey, | |
36341 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36342 | + { NET_IPSEC_DEBUG_VERBOSE, "debug_verbose",&sysctl_ipsec_debug_verbose, | |
36343 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36344 | +#ifdef CONFIG_IPSEC_IPCOMP | |
36345 | + { NET_IPSEC_DEBUG_IPCOMP, "debug_ipcomp", &sysctl_ipsec_debug_ipcomp, | |
36346 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36347 | +#endif /* CONFIG_IPSEC_IPCOMP */ | |
36348 | +#endif /* CONFIG_IPSEC_DEBUG */ | |
36349 | + { NET_IPSEC_ICMP, "icmp", &sysctl_ipsec_icmp, | |
36350 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36351 | + { NET_IPSEC_NO_EROUTE_PASS, "no_eroute_pass", &sysctl_ipsec_no_eroute_pass, | |
36352 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36353 | + { NET_IPSEC_INBOUND_POLICY_CHECK, "inbound_policy_check", &sysctl_ipsec_inbound_policy_check, | |
36354 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36355 | + { NET_IPSEC_OPPORTUNISTIC, "opportunistic", &sysctl_ipsec_opportunistic, | |
36356 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36357 | + { NET_IPSEC_TOS, "tos", &sysctl_ipsec_tos, | |
36358 | + sizeof(int), 0644, NULL, &proc_dointvec}, | |
36359 | + {0} | |
36360 | +}; | |
36361 | + | |
36362 | +static ctl_table ipsec_net_table[] = { | |
36363 | + { NET_IPSEC, "ipsec", NULL, 0, 0555, ipsec_table }, | |
36364 | + { 0 } | |
36365 | +}; | |
36366 | + | |
36367 | +static ctl_table ipsec_root_table[] = { | |
36368 | + { CTL_NET, "net", NULL, 0, 0555, ipsec_net_table }, | |
36369 | + { 0 } | |
36370 | +}; | |
36371 | + | |
36372 | +static struct ctl_table_header *ipsec_table_header; | |
36373 | + | |
36374 | +int ipsec_sysctl_register(void) | |
36375 | +{ | |
36376 | + ipsec_table_header = register_sysctl_table(ipsec_root_table, 0); | |
36377 | + if (!ipsec_table_header) { | |
36378 | + return -ENOMEM; | |
36379 | + } | |
36380 | + return 0; | |
36381 | +} | |
36382 | + | |
36383 | +void ipsec_sysctl_unregister(void) | |
36384 | +{ | |
36385 | + unregister_sysctl_table(ipsec_table_header); | |
36386 | +} | |
36387 | + | |
36388 | +#endif /* CONFIG_SYSCTL */ | |
36389 | + | |
36390 | +/* | |
36391 | + * $Log$ | |
36392 | + * Revision 1.10 2000/09/16 01:50:15 rgb | |
36393 | + * Protect sysctl_ipsec_debug_ipcomp with compiler defines too so that the | |
36394 | + * linker won't blame rj_delete() for missing symbols. ;-> Damn statics... | |
36395 | + * | |
36396 | + * Revision 1.9 2000/09/15 23:17:51 rgb | |
36397 | + * Moved stuff around to compile with debug off. | |
36398 | + * | |
36399 | + * Revision 1.8 2000/09/15 11:37:02 rgb | |
36400 | + * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk> | |
36401 | + * IPCOMP zlib deflate code. | |
36402 | + * | |
36403 | + * Revision 1.7 2000/09/15 07:37:15 rgb | |
36404 | + * Munged silly log comment that was causing a warning. | |
36405 | + * | |
36406 | + * Revision 1.6 2000/09/15 04:58:23 rgb | |
36407 | + * Added tos runtime switch. | |
36408 | + * Removed 'sysctl_ipsec_' prefix from /proc/sys/net/ipsec/ filenames. | |
36409 | + * | |
36410 | + * Revision 1.5 2000/09/12 03:25:28 rgb | |
36411 | + * Filled in and implemented sysctl. | |
36412 | + * | |
36413 | + * Revision 1.4 1999/04/11 00:29:03 henry | |
36414 | + * GPL boilerplate | |
36415 | + * | |
36416 | + * Revision 1.3 1999/04/06 04:54:29 rgb | |
36417 | + * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes | |
36418 | + * patch shell fixes. | |
36419 | + * | |
36420 | + */ | |
36421 | diff -druN linux-noipsec/net/ipsec/version.c linux/net/ipsec/version.c | |
36422 | --- linux-noipsec/net/ipsec/version.c Thu Jan 1 01:00:00 1970 | |
36423 | +++ linux/net/ipsec/version.c Thu Nov 30 06:02:51 2000 | |
36424 | @@ -0,0 +1,2 @@ | |
36425 | +/* silly pointless RCSID $Id$ */ | |
36426 | +static const char freeswan_version[] = "1.8"; | |
36427 | diff -druN linux-noipsec/net/ipsec/zlib/Makefile linux/net/ipsec/zlib/Makefile | |
36428 | --- linux-noipsec/net/ipsec/zlib/Makefile Thu Jan 1 01:00:00 1970 | |
36429 | +++ linux/net/ipsec/zlib/Makefile Fri Sep 29 20:51:33 2000 | |
36430 | @@ -0,0 +1,74 @@ | |
36431 | +# Makefile for IPCOMP zlib deflate code | |
36432 | +# Copyright (C) 1998, 1999, 2000 Richard Guy Briggs. | |
36433 | +# Copyright (C) 2000 Svenning Soerensen | |
36434 | +# | |
36435 | +# This program is free software; you can redistribute it and/or modify it | |
36436 | +# under the terms of the GNU General Public License as published by the | |
36437 | +# Free Software Foundation; either version 2 of the License, or (at your | |
36438 | +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
36439 | +# | |
36440 | +# This program is distributed in the hope that it will be useful, but | |
36441 | +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
36442 | +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
36443 | +# for more details. | |
36444 | +# | |
36445 | +# RCSID $Id$ | |
36446 | +# | |
36447 | + | |
36448 | +ifndef TOPDIR | |
36449 | +TOPDIR := /usr/src/linux | |
36450 | +endif | |
36451 | + | |
36452 | + | |
36453 | +L_TARGET := zlib.a | |
36454 | +L_OBJS := adler32.o deflate.o infblock.o infcodes.o inffast.o inflate.o inftrees.o infutil.o trees.o zutil.o | |
36455 | + | |
36456 | + | |
36457 | +ifeq ($(CONFIG_IPSEC_DEBUG),y) | |
36458 | +override CFLAGS += -g | |
36459 | +endif | |
36460 | + | |
36461 | +override CFLAGS += -Wall | |
36462 | +#override CFLAGS += -Wconversion | |
36463 | +#override CFLAGS += -Wmissing-prototypes | |
36464 | +override CFLAGS += -Wpointer-arith | |
36465 | +#override CFLAGS += -Wcast-qual | |
36466 | +#override CFLAGS += -Wmissing-declarations | |
36467 | +override CFLAGS += -Wstrict-prototypes | |
36468 | +#override CFLAGS += -pedantic | |
36469 | +#override CFLAGS += -O3 | |
36470 | +#override CFLAGS += -W | |
36471 | +#override CFLAGS += -Wwrite-strings | |
36472 | +override CFLAGS += -Wbad-function-cast | |
36473 | +override CFLAGS += -DIPCOMP_PREFIX | |
36474 | + | |
36475 | +.S.o: | |
36476 | + $(CC) -D__ASSEMBLY__ -DNO_UNDERLINE -traditional -c $< -o $*.o | |
36477 | + | |
36478 | +ifdef CONFIG_M586 | |
36479 | + L_OBJS += match586.o | |
36480 | + override CFLAGS += -DASMV | |
36481 | +endif | |
36482 | +ifdef CONFIG_M586TSC | |
36483 | + L_OBJS += match586.o | |
36484 | + override CFLAGS += -DASMV | |
36485 | +endif | |
36486 | +ifdef CONFIG_M686 | |
36487 | + L_OBJS += match686.o | |
36488 | + override CFLAGS += -DASMV | |
36489 | +endif | |
36490 | + | |
36491 | + | |
36492 | +include $(TOPDIR)/Rules.make | |
36493 | + | |
36494 | +$(L_OBJS): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h | |
36495 | + | |
36496 | +clean: | |
36497 | + -rm -f *.o *.a | |
36498 | + | |
36499 | +# | |
36500 | +# $Log$ | |
36501 | +# Revision 1.1.1.1 2000/09/29 18:51:33 rgb | |
36502 | +# zlib_beginnings | |
36503 | +# | |
36504 | +# | |
36505 | diff -druN linux-noipsec/net/ipsec/zlib/adler32.c linux/net/ipsec/zlib/adler32.c | |
36506 | --- linux-noipsec/net/ipsec/zlib/adler32.c Thu Jan 1 01:00:00 1970 | |
36507 | +++ linux/net/ipsec/zlib/adler32.c Fri Sep 29 20:51:33 2000 | |
36508 | @@ -0,0 +1,48 @@ | |
36509 | +/* adler32.c -- compute the Adler-32 checksum of a data stream | |
36510 | + * Copyright (C) 1995-1998 Mark Adler | |
36511 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
36512 | + */ | |
36513 | + | |
36514 | +/* @(#) $Id$ */ | |
36515 | + | |
36516 | +#include "zlib.h" | |
36517 | + | |
36518 | +#define BASE 65521L /* largest prime smaller than 65536 */ | |
36519 | +#define NMAX 5552 | |
36520 | +/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */ | |
36521 | + | |
36522 | +#define DO1(buf,i) {s1 += buf[i]; s2 += s1;} | |
36523 | +#define DO2(buf,i) DO1(buf,i); DO1(buf,i+1); | |
36524 | +#define DO4(buf,i) DO2(buf,i); DO2(buf,i+2); | |
36525 | +#define DO8(buf,i) DO4(buf,i); DO4(buf,i+4); | |
36526 | +#define DO16(buf) DO8(buf,0); DO8(buf,8); | |
36527 | + | |
36528 | +/* ========================================================================= */ | |
36529 | +uLong ZEXPORT adler32(adler, buf, len) | |
36530 | + uLong adler; | |
36531 | + const Bytef *buf; | |
36532 | + uInt len; | |
36533 | +{ | |
36534 | + unsigned long s1 = adler & 0xffff; | |
36535 | + unsigned long s2 = (adler >> 16) & 0xffff; | |
36536 | + int k; | |
36537 | + | |
36538 | + if (buf == Z_NULL) return 1L; | |
36539 | + | |
36540 | + while (len > 0) { | |
36541 | + k = len < NMAX ? len : NMAX; | |
36542 | + len -= k; | |
36543 | + while (k >= 16) { | |
36544 | + DO16(buf); | |
36545 | + buf += 16; | |
36546 | + k -= 16; | |
36547 | + } | |
36548 | + if (k != 0) do { | |
36549 | + s1 += *buf++; | |
36550 | + s2 += s1; | |
36551 | + } while (--k); | |
36552 | + s1 %= BASE; | |
36553 | + s2 %= BASE; | |
36554 | + } | |
36555 | + return (s2 << 16) | s1; | |
36556 | +} | |
36557 | diff -druN linux-noipsec/net/ipsec/zlib/deflate.c linux/net/ipsec/zlib/deflate.c | |
36558 | --- linux-noipsec/net/ipsec/zlib/deflate.c Thu Jan 1 01:00:00 1970 | |
36559 | +++ linux/net/ipsec/zlib/deflate.c Fri Sep 29 20:51:33 2000 | |
36560 | @@ -0,0 +1,1351 @@ | |
36561 | +/* deflate.c -- compress data using the deflation algorithm | |
36562 | + * Copyright (C) 1995-1998 Jean-loup Gailly. | |
36563 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
36564 | + */ | |
36565 | + | |
36566 | +/* | |
36567 | + * ALGORITHM | |
36568 | + * | |
36569 | + * The "deflation" process depends on being able to identify portions | |
36570 | + * of the input text which are identical to earlier input (within a | |
36571 | + * sliding window trailing behind the input currently being processed). | |
36572 | + * | |
36573 | + * The most straightforward technique turns out to be the fastest for | |
36574 | + * most input files: try all possible matches and select the longest. | |
36575 | + * The key feature of this algorithm is that insertions into the string | |
36576 | + * dictionary are very simple and thus fast, and deletions are avoided | |
36577 | + * completely. Insertions are performed at each input character, whereas | |
36578 | + * string matches are performed only when the previous match ends. So it | |
36579 | + * is preferable to spend more time in matches to allow very fast string | |
36580 | + * insertions and avoid deletions. The matching algorithm for small | |
36581 | + * strings is inspired from that of Rabin & Karp. A brute force approach | |
36582 | + * is used to find longer strings when a small match has been found. | |
36583 | + * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze | |
36584 | + * (by Leonid Broukhis). | |
36585 | + * A previous version of this file used a more sophisticated algorithm | |
36586 | + * (by Fiala and Greene) which is guaranteed to run in linear amortized | |
36587 | + * time, but has a larger average cost, uses more memory and is patented. | |
36588 | + * However the F&G algorithm may be faster for some highly redundant | |
36589 | + * files if the parameter max_chain_length (described below) is too large. | |
36590 | + * | |
36591 | + * ACKNOWLEDGEMENTS | |
36592 | + * | |
36593 | + * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and | |
36594 | + * I found it in 'freeze' written by Leonid Broukhis. | |
36595 | + * Thanks to many people for bug reports and testing. | |
36596 | + * | |
36597 | + * REFERENCES | |
36598 | + * | |
36599 | + * Deutsch, L.P.,"DEFLATE Compressed Data Format Specification". | |
36600 | + * Available in ftp://ds.internic.net/rfc/rfc1951.txt | |
36601 | + * | |
36602 | + * A description of the Rabin and Karp algorithm is given in the book | |
36603 | + * "Algorithms" by R. Sedgewick, Addison-Wesley, p252. | |
36604 | + * | |
36605 | + * Fiala,E.R., and Greene,D.H. | |
36606 | + * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595 | |
36607 | + * | |
36608 | + */ | |
36609 | + | |
36610 | +/* @(#) $Id$ */ | |
36611 | + | |
36612 | +#include "deflate.h" | |
36613 | + | |
36614 | +local const char deflate_copyright[] = | |
36615 | + " deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly "; | |
36616 | +/* | |
36617 | + If you use the zlib library in a product, an acknowledgment is welcome | |
36618 | + in the documentation of your product. If for some reason you cannot | |
36619 | + include such an acknowledgment, I would appreciate that you keep this | |
36620 | + copyright string in the executable of your product. | |
36621 | + */ | |
36622 | + | |
36623 | +/* =========================================================================== | |
36624 | + * Function prototypes. | |
36625 | + */ | |
36626 | +typedef enum { | |
36627 | + need_more, /* block not completed, need more input or more output */ | |
36628 | + block_done, /* block flush performed */ | |
36629 | + finish_started, /* finish started, need only more output at next deflate */ | |
36630 | + finish_done /* finish done, accept no more input or output */ | |
36631 | +} block_state; | |
36632 | + | |
36633 | +typedef block_state (*compress_func) OF((deflate_state *s, int flush)); | |
36634 | +/* Compression function. Returns the block state after the call. */ | |
36635 | + | |
36636 | +local void fill_window OF((deflate_state *s)); | |
36637 | +local block_state deflate_stored OF((deflate_state *s, int flush)); | |
36638 | +local block_state deflate_fast OF((deflate_state *s, int flush)); | |
36639 | +local block_state deflate_slow OF((deflate_state *s, int flush)); | |
36640 | +local void lm_init OF((deflate_state *s)); | |
36641 | +local void putShortMSB OF((deflate_state *s, uInt b)); | |
36642 | +local void flush_pending OF((z_streamp strm)); | |
36643 | +local int read_buf OF((z_streamp strm, Bytef *buf, unsigned size)); | |
36644 | +#ifdef ASMV | |
36645 | + void match_init OF((void)); /* asm code initialization */ | |
36646 | + uInt longest_match OF((deflate_state *s, IPos cur_match)); | |
36647 | +#else | |
36648 | +local uInt longest_match OF((deflate_state *s, IPos cur_match)); | |
36649 | +#endif | |
36650 | + | |
36651 | +#ifdef DEBUG | |
36652 | +local void check_match OF((deflate_state *s, IPos start, IPos match, | |
36653 | + int length)); | |
36654 | +#endif | |
36655 | + | |
36656 | +/* =========================================================================== | |
36657 | + * Local data | |
36658 | + */ | |
36659 | + | |
36660 | +#define NIL 0 | |
36661 | +/* Tail of hash chains */ | |
36662 | + | |
36663 | +#ifndef TOO_FAR | |
36664 | +# define TOO_FAR 4096 | |
36665 | +#endif | |
36666 | +/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */ | |
36667 | + | |
36668 | +#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) | |
36669 | +/* Minimum amount of lookahead, except at the end of the input file. | |
36670 | + * See deflate.c for comments about the MIN_MATCH+1. | |
36671 | + */ | |
36672 | + | |
36673 | +/* Values for max_lazy_match, good_match and max_chain_length, depending on | |
36674 | + * the desired pack level (0..9). The values given below have been tuned to | |
36675 | + * exclude worst case performance for pathological files. Better values may be | |
36676 | + * found for specific files. | |
36677 | + */ | |
36678 | +typedef struct config_s { | |
36679 | + ush good_length; /* reduce lazy search above this match length */ | |
36680 | + ush max_lazy; /* do not perform lazy search above this match length */ | |
36681 | + ush nice_length; /* quit search above this match length */ | |
36682 | + ush max_chain; | |
36683 | + compress_func func; | |
36684 | +} config; | |
36685 | + | |
36686 | +local const config configuration_table[10] = { | |
36687 | +/* good lazy nice chain */ | |
36688 | +/* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */ | |
36689 | +/* 1 */ {4, 4, 8, 4, deflate_fast}, /* maximum speed, no lazy matches */ | |
36690 | +/* 2 */ {4, 5, 16, 8, deflate_fast}, | |
36691 | +/* 3 */ {4, 6, 32, 32, deflate_fast}, | |
36692 | + | |
36693 | +/* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */ | |
36694 | +/* 5 */ {8, 16, 32, 32, deflate_slow}, | |
36695 | +/* 6 */ {8, 16, 128, 128, deflate_slow}, | |
36696 | +/* 7 */ {8, 32, 128, 256, deflate_slow}, | |
36697 | +/* 8 */ {32, 128, 258, 1024, deflate_slow}, | |
36698 | +/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* maximum compression */ | |
36699 | + | |
36700 | +/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4 | |
36701 | + * For deflate_fast() (levels <= 3) good is ignored and lazy has a different | |
36702 | + * meaning. | |
36703 | + */ | |
36704 | + | |
36705 | +#define EQUAL 0 | |
36706 | +/* result of memcmp for equal strings */ | |
36707 | + | |
36708 | +struct static_tree_desc_s {int dummy;}; /* for buggy compilers */ | |
36709 | + | |
36710 | +/* =========================================================================== | |
36711 | + * Update a hash value with the given input byte | |
36712 | + * IN assertion: all calls to to UPDATE_HASH are made with consecutive | |
36713 | + * input characters, so that a running hash key can be computed from the | |
36714 | + * previous key instead of complete recalculation each time. | |
36715 | + */ | |
36716 | +#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask) | |
36717 | + | |
36718 | + | |
36719 | +/* =========================================================================== | |
36720 | + * Insert string str in the dictionary and set match_head to the previous head | |
36721 | + * of the hash chain (the most recent string with same hash key). Return | |
36722 | + * the previous length of the hash chain. | |
36723 | + * If this file is compiled with -DFASTEST, the compression level is forced | |
36724 | + * to 1, and no hash chains are maintained. | |
36725 | + * IN assertion: all calls to to INSERT_STRING are made with consecutive | |
36726 | + * input characters and the first MIN_MATCH bytes of str are valid | |
36727 | + * (except for the last MIN_MATCH-1 bytes of the input file). | |
36728 | + */ | |
36729 | +#ifdef FASTEST | |
36730 | +#define INSERT_STRING(s, str, match_head) \ | |
36731 | + (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ | |
36732 | + match_head = s->head[s->ins_h], \ | |
36733 | + s->head[s->ins_h] = (Pos)(str)) | |
36734 | +#else | |
36735 | +#define INSERT_STRING(s, str, match_head) \ | |
36736 | + (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ | |
36737 | + s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \ | |
36738 | + s->head[s->ins_h] = (Pos)(str)) | |
36739 | +#endif | |
36740 | + | |
36741 | +/* =========================================================================== | |
36742 | + * Initialize the hash table (avoiding 64K overflow for 16 bit systems). | |
36743 | + * prev[] will be initialized on the fly. | |
36744 | + */ | |
36745 | +#define CLEAR_HASH(s) \ | |
36746 | + s->head[s->hash_size-1] = NIL; \ | |
36747 | + zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); | |
36748 | + | |
36749 | +/* ========================================================================= */ | |
36750 | +int ZEXPORT deflateInit_(strm, level, version, stream_size) | |
36751 | + z_streamp strm; | |
36752 | + int level; | |
36753 | + const char *version; | |
36754 | + int stream_size; | |
36755 | +{ | |
36756 | + return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, | |
36757 | + Z_DEFAULT_STRATEGY, version, stream_size); | |
36758 | + /* To do: ignore strm->next_in if we use it as window */ | |
36759 | +} | |
36760 | + | |
36761 | +/* ========================================================================= */ | |
36762 | +int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, | |
36763 | + version, stream_size) | |
36764 | + z_streamp strm; | |
36765 | + int level; | |
36766 | + int method; | |
36767 | + int windowBits; | |
36768 | + int memLevel; | |
36769 | + int strategy; | |
36770 | + const char *version; | |
36771 | + int stream_size; | |
36772 | +{ | |
36773 | + deflate_state *s; | |
36774 | + int noheader = 0; | |
36775 | + static const char* my_version = ZLIB_VERSION; | |
36776 | + | |
36777 | + ushf *overlay; | |
36778 | + /* We overlay pending_buf and d_buf+l_buf. This works since the average | |
36779 | + * output size for (length,distance) codes is <= 24 bits. | |
36780 | + */ | |
36781 | + | |
36782 | + if (version == Z_NULL || version[0] != my_version[0] || | |
36783 | + stream_size != sizeof(z_stream)) { | |
36784 | + return Z_VERSION_ERROR; | |
36785 | + } | |
36786 | + if (strm == Z_NULL) return Z_STREAM_ERROR; | |
36787 | + | |
36788 | + strm->msg = Z_NULL; | |
36789 | + if (strm->zalloc == Z_NULL) { | |
36790 | + return Z_STREAM_ERROR; | |
36791 | +/* strm->zalloc = zcalloc; | |
36792 | + strm->opaque = (voidpf)0;*/ | |
36793 | + } | |
36794 | + if (strm->zfree == Z_NULL) return Z_STREAM_ERROR; /* strm->zfree = zcfree; */ | |
36795 | + | |
36796 | + if (level == Z_DEFAULT_COMPRESSION) level = 6; | |
36797 | +#ifdef FASTEST | |
36798 | + level = 1; | |
36799 | +#endif | |
36800 | + | |
36801 | + if (windowBits < 0) { /* undocumented feature: suppress zlib header */ | |
36802 | + noheader = 1; | |
36803 | + windowBits = -windowBits; | |
36804 | + } | |
36805 | + if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED || | |
36806 | + windowBits < 8 || windowBits > 15 || level < 0 || level > 9 || | |
36807 | + strategy < 0 || strategy > Z_HUFFMAN_ONLY) { | |
36808 | + return Z_STREAM_ERROR; | |
36809 | + } | |
36810 | + s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state)); | |
36811 | + if (s == Z_NULL) return Z_MEM_ERROR; | |
36812 | + strm->state = (struct internal_state FAR *)s; | |
36813 | + s->strm = strm; | |
36814 | + | |
36815 | + s->noheader = noheader; | |
36816 | + s->w_bits = windowBits; | |
36817 | + s->w_size = 1 << s->w_bits; | |
36818 | + s->w_mask = s->w_size - 1; | |
36819 | + | |
36820 | + s->hash_bits = memLevel + 7; | |
36821 | + s->hash_size = 1 << s->hash_bits; | |
36822 | + s->hash_mask = s->hash_size - 1; | |
36823 | + s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH); | |
36824 | + | |
36825 | + s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte)); | |
36826 | + s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos)); | |
36827 | + s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos)); | |
36828 | + | |
36829 | + s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ | |
36830 | + | |
36831 | + overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); | |
36832 | + s->pending_buf = (uchf *) overlay; | |
36833 | + s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); | |
36834 | + | |
36835 | + if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || | |
36836 | + s->pending_buf == Z_NULL) { | |
36837 | + strm->msg = ERR_MSG(Z_MEM_ERROR); | |
36838 | + deflateEnd (strm); | |
36839 | + return Z_MEM_ERROR; | |
36840 | + } | |
36841 | + s->d_buf = overlay + s->lit_bufsize/sizeof(ush); | |
36842 | + s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; | |
36843 | + | |
36844 | + s->level = level; | |
36845 | + s->strategy = strategy; | |
36846 | + s->method = (Byte)method; | |
36847 | + | |
36848 | + return deflateReset(strm); | |
36849 | +} | |
36850 | + | |
36851 | +/* ========================================================================= */ | |
36852 | +int ZEXPORT deflateSetDictionary (strm, dictionary, dictLength) | |
36853 | + z_streamp strm; | |
36854 | + const Bytef *dictionary; | |
36855 | + uInt dictLength; | |
36856 | +{ | |
36857 | + deflate_state *s; | |
36858 | + uInt length = dictLength; | |
36859 | + uInt n; | |
36860 | + IPos hash_head = 0; | |
36861 | + | |
36862 | + if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL || | |
36863 | + strm->state->status != INIT_STATE) return Z_STREAM_ERROR; | |
36864 | + | |
36865 | + s = strm->state; | |
36866 | + strm->adler = adler32(strm->adler, dictionary, dictLength); | |
36867 | + | |
36868 | + if (length < MIN_MATCH) return Z_OK; | |
36869 | + if (length > MAX_DIST(s)) { | |
36870 | + length = MAX_DIST(s); | |
36871 | +#ifndef USE_DICT_HEAD | |
36872 | + dictionary += dictLength - length; /* use the tail of the dictionary */ | |
36873 | +#endif | |
36874 | + } | |
36875 | + zmemcpy(s->window, dictionary, length); | |
36876 | + s->strstart = length; | |
36877 | + s->block_start = (long)length; | |
36878 | + | |
36879 | + /* Insert all strings in the hash table (except for the last two bytes). | |
36880 | + * s->lookahead stays null, so s->ins_h will be recomputed at the next | |
36881 | + * call of fill_window. | |
36882 | + */ | |
36883 | + s->ins_h = s->window[0]; | |
36884 | + UPDATE_HASH(s, s->ins_h, s->window[1]); | |
36885 | + for (n = 0; n <= length - MIN_MATCH; n++) { | |
36886 | + INSERT_STRING(s, n, hash_head); | |
36887 | + } | |
36888 | + if (hash_head) hash_head = 0; /* to make compiler happy */ | |
36889 | + return Z_OK; | |
36890 | +} | |
36891 | + | |
36892 | +/* ========================================================================= */ | |
36893 | +int ZEXPORT deflateReset (strm) | |
36894 | + z_streamp strm; | |
36895 | +{ | |
36896 | + deflate_state *s; | |
36897 | + | |
36898 | + if (strm == Z_NULL || strm->state == Z_NULL || | |
36899 | + strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR; | |
36900 | + | |
36901 | + strm->total_in = strm->total_out = 0; | |
36902 | + strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */ | |
36903 | + strm->data_type = Z_UNKNOWN; | |
36904 | + | |
36905 | + s = (deflate_state *)strm->state; | |
36906 | + s->pending = 0; | |
36907 | + s->pending_out = s->pending_buf; | |
36908 | + | |
36909 | + if (s->noheader < 0) { | |
36910 | + s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */ | |
36911 | + } | |
36912 | + s->status = s->noheader ? BUSY_STATE : INIT_STATE; | |
36913 | + strm->adler = 1; | |
36914 | + s->last_flush = Z_NO_FLUSH; | |
36915 | + | |
36916 | + _tr_init(s); | |
36917 | + lm_init(s); | |
36918 | + | |
36919 | + return Z_OK; | |
36920 | +} | |
36921 | + | |
36922 | +/* ========================================================================= */ | |
36923 | +int ZEXPORT deflateParams(strm, level, strategy) | |
36924 | + z_streamp strm; | |
36925 | + int level; | |
36926 | + int strategy; | |
36927 | +{ | |
36928 | + deflate_state *s; | |
36929 | + compress_func func; | |
36930 | + int err = Z_OK; | |
36931 | + | |
36932 | + if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; | |
36933 | + s = strm->state; | |
36934 | + | |
36935 | + if (level == Z_DEFAULT_COMPRESSION) { | |
36936 | + level = 6; | |
36937 | + } | |
36938 | + if (level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) { | |
36939 | + return Z_STREAM_ERROR; | |
36940 | + } | |
36941 | + func = configuration_table[s->level].func; | |
36942 | + | |
36943 | + if (func != configuration_table[level].func && strm->total_in != 0) { | |
36944 | + /* Flush the last buffer: */ | |
36945 | + err = deflate(strm, Z_PARTIAL_FLUSH); | |
36946 | + } | |
36947 | + if (s->level != level) { | |
36948 | + s->level = level; | |
36949 | + s->max_lazy_match = configuration_table[level].max_lazy; | |
36950 | + s->good_match = configuration_table[level].good_length; | |
36951 | + s->nice_match = configuration_table[level].nice_length; | |
36952 | + s->max_chain_length = configuration_table[level].max_chain; | |
36953 | + } | |
36954 | + s->strategy = strategy; | |
36955 | + return err; | |
36956 | +} | |
36957 | + | |
36958 | +/* ========================================================================= | |
36959 | + * Put a short in the pending buffer. The 16-bit value is put in MSB order. | |
36960 | + * IN assertion: the stream state is correct and there is enough room in | |
36961 | + * pending_buf. | |
36962 | + */ | |
36963 | +local void putShortMSB (s, b) | |
36964 | + deflate_state *s; | |
36965 | + uInt b; | |
36966 | +{ | |
36967 | + put_byte(s, (Byte)(b >> 8)); | |
36968 | + put_byte(s, (Byte)(b & 0xff)); | |
36969 | +} | |
36970 | + | |
36971 | +/* ========================================================================= | |
36972 | + * Flush as much pending output as possible. All deflate() output goes | |
36973 | + * through this function so some applications may wish to modify it | |
36974 | + * to avoid allocating a large strm->next_out buffer and copying into it. | |
36975 | + * (See also read_buf()). | |
36976 | + */ | |
36977 | +local void flush_pending(strm) | |
36978 | + z_streamp strm; | |
36979 | +{ | |
36980 | + unsigned len = strm->state->pending; | |
36981 | + | |
36982 | + if (len > strm->avail_out) len = strm->avail_out; | |
36983 | + if (len == 0) return; | |
36984 | + | |
36985 | + zmemcpy(strm->next_out, strm->state->pending_out, len); | |
36986 | + strm->next_out += len; | |
36987 | + strm->state->pending_out += len; | |
36988 | + strm->total_out += len; | |
36989 | + strm->avail_out -= len; | |
36990 | + strm->state->pending -= len; | |
36991 | + if (strm->state->pending == 0) { | |
36992 | + strm->state->pending_out = strm->state->pending_buf; | |
36993 | + } | |
36994 | +} | |
36995 | + | |
36996 | +/* ========================================================================= */ | |
36997 | +int ZEXPORT deflate (strm, flush) | |
36998 | + z_streamp strm; | |
36999 | + int flush; | |
37000 | +{ | |
37001 | + int old_flush; /* value of flush param for previous deflate call */ | |
37002 | + deflate_state *s; | |
37003 | + | |
37004 | + if (strm == Z_NULL || strm->state == Z_NULL || | |
37005 | + flush > Z_FINISH || flush < 0) { | |
37006 | + return Z_STREAM_ERROR; | |
37007 | + } | |
37008 | + s = strm->state; | |
37009 | + | |
37010 | + if (strm->next_out == Z_NULL || | |
37011 | + (strm->next_in == Z_NULL && strm->avail_in != 0) || | |
37012 | + (s->status == FINISH_STATE && flush != Z_FINISH)) { | |
37013 | + ERR_RETURN(strm, Z_STREAM_ERROR); | |
37014 | + } | |
37015 | + if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR); | |
37016 | + | |
37017 | + s->strm = strm; /* just in case */ | |
37018 | + old_flush = s->last_flush; | |
37019 | + s->last_flush = flush; | |
37020 | + | |
37021 | + /* Write the zlib header */ | |
37022 | + if (s->status == INIT_STATE) { | |
37023 | + | |
37024 | + uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8; | |
37025 | + uInt level_flags = (s->level-1) >> 1; | |
37026 | + | |
37027 | + if (level_flags > 3) level_flags = 3; | |
37028 | + header |= (level_flags << 6); | |
37029 | + if (s->strstart != 0) header |= PRESET_DICT; | |
37030 | + header += 31 - (header % 31); | |
37031 | + | |
37032 | + s->status = BUSY_STATE; | |
37033 | + putShortMSB(s, header); | |
37034 | + | |
37035 | + /* Save the adler32 of the preset dictionary: */ | |
37036 | + if (s->strstart != 0) { | |
37037 | + putShortMSB(s, (uInt)(strm->adler >> 16)); | |
37038 | + putShortMSB(s, (uInt)(strm->adler & 0xffff)); | |
37039 | + } | |
37040 | + strm->adler = 1L; | |
37041 | + } | |
37042 | + | |
37043 | + /* Flush as much pending output as possible */ | |
37044 | + if (s->pending != 0) { | |
37045 | + flush_pending(strm); | |
37046 | + if (strm->avail_out == 0) { | |
37047 | + /* Since avail_out is 0, deflate will be called again with | |
37048 | + * more output space, but possibly with both pending and | |
37049 | + * avail_in equal to zero. There won't be anything to do, | |
37050 | + * but this is not an error situation so make sure we | |
37051 | + * return OK instead of BUF_ERROR at next call of deflate: | |
37052 | + */ | |
37053 | + s->last_flush = -1; | |
37054 | + return Z_OK; | |
37055 | + } | |
37056 | + | |
37057 | + /* Make sure there is something to do and avoid duplicate consecutive | |
37058 | + * flushes. For repeated and useless calls with Z_FINISH, we keep | |
37059 | + * returning Z_STREAM_END instead of Z_BUFF_ERROR. | |
37060 | + */ | |
37061 | + } else if (strm->avail_in == 0 && flush <= old_flush && | |
37062 | + flush != Z_FINISH) { | |
37063 | + ERR_RETURN(strm, Z_BUF_ERROR); | |
37064 | + } | |
37065 | + | |
37066 | + /* User must not provide more input after the first FINISH: */ | |
37067 | + if (s->status == FINISH_STATE && strm->avail_in != 0) { | |
37068 | + ERR_RETURN(strm, Z_BUF_ERROR); | |
37069 | + } | |
37070 | + | |
37071 | + /* Start a new block or continue the current one. | |
37072 | + */ | |
37073 | + if (strm->avail_in != 0 || s->lookahead != 0 || | |
37074 | + (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) { | |
37075 | + block_state bstate; | |
37076 | + | |
37077 | + bstate = (*(configuration_table[s->level].func))(s, flush); | |
37078 | + | |
37079 | + if (bstate == finish_started || bstate == finish_done) { | |
37080 | + s->status = FINISH_STATE; | |
37081 | + } | |
37082 | + if (bstate == need_more || bstate == finish_started) { | |
37083 | + if (strm->avail_out == 0) { | |
37084 | + s->last_flush = -1; /* avoid BUF_ERROR next call, see above */ | |
37085 | + } | |
37086 | + return Z_OK; | |
37087 | + /* If flush != Z_NO_FLUSH && avail_out == 0, the next call | |
37088 | + * of deflate should use the same flush parameter to make sure | |
37089 | + * that the flush is complete. So we don't have to output an | |
37090 | + * empty block here, this will be done at next call. This also | |
37091 | + * ensures that for a very small output buffer, we emit at most | |
37092 | + * one empty block. | |
37093 | + */ | |
37094 | + } | |
37095 | + if (bstate == block_done) { | |
37096 | + if (flush == Z_PARTIAL_FLUSH) { | |
37097 | + _tr_align(s); | |
37098 | + } else { /* FULL_FLUSH or SYNC_FLUSH */ | |
37099 | + _tr_stored_block(s, (char*)0, 0L, 0); | |
37100 | + /* For a full flush, this empty block will be recognized | |
37101 | + * as a special marker by inflate_sync(). | |
37102 | + */ | |
37103 | + if (flush == Z_FULL_FLUSH) { | |
37104 | + CLEAR_HASH(s); /* forget history */ | |
37105 | + } | |
37106 | + } | |
37107 | + flush_pending(strm); | |
37108 | + if (strm->avail_out == 0) { | |
37109 | + s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */ | |
37110 | + return Z_OK; | |
37111 | + } | |
37112 | + } | |
37113 | + } | |
37114 | + Assert(strm->avail_out > 0, "bug2"); | |
37115 | + | |
37116 | + if (flush != Z_FINISH) return Z_OK; | |
37117 | + if (s->noheader) return Z_STREAM_END; | |
37118 | + | |
37119 | + /* Write the zlib trailer (adler32) */ | |
37120 | + putShortMSB(s, (uInt)(strm->adler >> 16)); | |
37121 | + putShortMSB(s, (uInt)(strm->adler & 0xffff)); | |
37122 | + flush_pending(strm); | |
37123 | + /* If avail_out is zero, the application will call deflate again | |
37124 | + * to flush the rest. | |
37125 | + */ | |
37126 | + s->noheader = -1; /* write the trailer only once! */ | |
37127 | + return s->pending != 0 ? Z_OK : Z_STREAM_END; | |
37128 | +} | |
37129 | + | |
37130 | +/* ========================================================================= */ | |
37131 | +int ZEXPORT deflateEnd (strm) | |
37132 | + z_streamp strm; | |
37133 | +{ | |
37134 | + int status; | |
37135 | + | |
37136 | + if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; | |
37137 | + | |
37138 | + status = strm->state->status; | |
37139 | + if (status != INIT_STATE && status != BUSY_STATE && | |
37140 | + status != FINISH_STATE) { | |
37141 | + return Z_STREAM_ERROR; | |
37142 | + } | |
37143 | + | |
37144 | + /* Deallocate in reverse order of allocations: */ | |
37145 | + TRY_FREE(strm, strm->state->pending_buf); | |
37146 | + TRY_FREE(strm, strm->state->head); | |
37147 | + TRY_FREE(strm, strm->state->prev); | |
37148 | + TRY_FREE(strm, strm->state->window); | |
37149 | + | |
37150 | + ZFREE(strm, strm->state); | |
37151 | + strm->state = Z_NULL; | |
37152 | + | |
37153 | + return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK; | |
37154 | +} | |
37155 | + | |
37156 | +/* ========================================================================= | |
37157 | + * Copy the source state to the destination state. | |
37158 | + * To simplify the source, this is not supported for 16-bit MSDOS (which | |
37159 | + * doesn't have enough memory anyway to duplicate compression states). | |
37160 | + */ | |
37161 | +int ZEXPORT deflateCopy (dest, source) | |
37162 | + z_streamp dest; | |
37163 | + z_streamp source; | |
37164 | +{ | |
37165 | +#ifdef MAXSEG_64K | |
37166 | + return Z_STREAM_ERROR; | |
37167 | +#else | |
37168 | + deflate_state *ds; | |
37169 | + deflate_state *ss; | |
37170 | + ushf *overlay; | |
37171 | + | |
37172 | + | |
37173 | + if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) { | |
37174 | + return Z_STREAM_ERROR; | |
37175 | + } | |
37176 | + | |
37177 | + ss = source->state; | |
37178 | + | |
37179 | + *dest = *source; | |
37180 | + | |
37181 | + ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state)); | |
37182 | + if (ds == Z_NULL) return Z_MEM_ERROR; | |
37183 | + dest->state = (struct internal_state FAR *) ds; | |
37184 | + *ds = *ss; | |
37185 | + ds->strm = dest; | |
37186 | + | |
37187 | + ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); | |
37188 | + ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); | |
37189 | + ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); | |
37190 | + overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); | |
37191 | + ds->pending_buf = (uchf *) overlay; | |
37192 | + | |
37193 | + if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || | |
37194 | + ds->pending_buf == Z_NULL) { | |
37195 | + deflateEnd (dest); | |
37196 | + return Z_MEM_ERROR; | |
37197 | + } | |
37198 | + /* following zmemcpy do not work for 16-bit MSDOS */ | |
37199 | + zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte)); | |
37200 | + zmemcpy(ds->prev, ss->prev, ds->w_size * sizeof(Pos)); | |
37201 | + zmemcpy(ds->head, ss->head, ds->hash_size * sizeof(Pos)); | |
37202 | + zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); | |
37203 | + | |
37204 | + ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); | |
37205 | + ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); | |
37206 | + ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; | |
37207 | + | |
37208 | + ds->l_desc.dyn_tree = ds->dyn_ltree; | |
37209 | + ds->d_desc.dyn_tree = ds->dyn_dtree; | |
37210 | + ds->bl_desc.dyn_tree = ds->bl_tree; | |
37211 | + | |
37212 | + return Z_OK; | |
37213 | +#endif | |
37214 | +} | |
37215 | + | |
37216 | +/* =========================================================================== | |
37217 | + * Read a new buffer from the current input stream, update the adler32 | |
37218 | + * and total number of bytes read. All deflate() input goes through | |
37219 | + * this function so some applications may wish to modify it to avoid | |
37220 | + * allocating a large strm->next_in buffer and copying from it. | |
37221 | + * (See also flush_pending()). | |
37222 | + */ | |
37223 | +local int read_buf(strm, buf, size) | |
37224 | + z_streamp strm; | |
37225 | + Bytef *buf; | |
37226 | + unsigned size; | |
37227 | +{ | |
37228 | + unsigned len = strm->avail_in; | |
37229 | + | |
37230 | + if (len > size) len = size; | |
37231 | + if (len == 0) return 0; | |
37232 | + | |
37233 | + strm->avail_in -= len; | |
37234 | + | |
37235 | + if (!strm->state->noheader) { | |
37236 | + strm->adler = adler32(strm->adler, strm->next_in, len); | |
37237 | + } | |
37238 | + zmemcpy(buf, strm->next_in, len); | |
37239 | + strm->next_in += len; | |
37240 | + strm->total_in += len; | |
37241 | + | |
37242 | + return (int)len; | |
37243 | +} | |
37244 | + | |
37245 | +/* =========================================================================== | |
37246 | + * Initialize the "longest match" routines for a new zlib stream | |
37247 | + */ | |
37248 | +local void lm_init (s) | |
37249 | + deflate_state *s; | |
37250 | +{ | |
37251 | + s->window_size = (ulg)2L*s->w_size; | |
37252 | + | |
37253 | + CLEAR_HASH(s); | |
37254 | + | |
37255 | + /* Set the default configuration parameters: | |
37256 | + */ | |
37257 | + s->max_lazy_match = configuration_table[s->level].max_lazy; | |
37258 | + s->good_match = configuration_table[s->level].good_length; | |
37259 | + s->nice_match = configuration_table[s->level].nice_length; | |
37260 | + s->max_chain_length = configuration_table[s->level].max_chain; | |
37261 | + | |
37262 | + s->strstart = 0; | |
37263 | + s->block_start = 0L; | |
37264 | + s->lookahead = 0; | |
37265 | + s->match_length = s->prev_length = MIN_MATCH-1; | |
37266 | + s->match_available = 0; | |
37267 | + s->ins_h = 0; | |
37268 | +#ifdef ASMV | |
37269 | + match_init(); /* initialize the asm code */ | |
37270 | +#endif | |
37271 | +} | |
37272 | + | |
37273 | +/* =========================================================================== | |
37274 | + * Set match_start to the longest match starting at the given string and | |
37275 | + * return its length. Matches shorter or equal to prev_length are discarded, | |
37276 | + * in which case the result is equal to prev_length and match_start is | |
37277 | + * garbage. | |
37278 | + * IN assertions: cur_match is the head of the hash chain for the current | |
37279 | + * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 | |
37280 | + * OUT assertion: the match length is not greater than s->lookahead. | |
37281 | + */ | |
37282 | +#ifndef ASMV | |
37283 | +/* For 80x86 and 680x0, an optimized version will be provided in match.asm or | |
37284 | + * match.S. The code will be functionally equivalent. | |
37285 | + */ | |
37286 | +#ifndef FASTEST | |
37287 | +local uInt longest_match(s, cur_match) | |
37288 | + deflate_state *s; | |
37289 | + IPos cur_match; /* current match */ | |
37290 | +{ | |
37291 | + unsigned chain_length = s->max_chain_length;/* max hash chain length */ | |
37292 | + register Bytef *scan = s->window + s->strstart; /* current string */ | |
37293 | + register Bytef *match; /* matched string */ | |
37294 | + register int len; /* length of current match */ | |
37295 | + int best_len = s->prev_length; /* best match length so far */ | |
37296 | + int nice_match = s->nice_match; /* stop if match long enough */ | |
37297 | + IPos limit = s->strstart > (IPos)MAX_DIST(s) ? | |
37298 | + s->strstart - (IPos)MAX_DIST(s) : NIL; | |
37299 | + /* Stop when cur_match becomes <= limit. To simplify the code, | |
37300 | + * we prevent matches with the string of window index 0. | |
37301 | + */ | |
37302 | + Posf *prev = s->prev; | |
37303 | + uInt wmask = s->w_mask; | |
37304 | + | |
37305 | +#ifdef UNALIGNED_OK | |
37306 | + /* Compare two bytes at a time. Note: this is not always beneficial. | |
37307 | + * Try with and without -DUNALIGNED_OK to check. | |
37308 | + */ | |
37309 | + register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1; | |
37310 | + register ush scan_start = *(ushf*)scan; | |
37311 | + register ush scan_end = *(ushf*)(scan+best_len-1); | |
37312 | +#else | |
37313 | + register Bytef *strend = s->window + s->strstart + MAX_MATCH; | |
37314 | + register Byte scan_end1 = scan[best_len-1]; | |
37315 | + register Byte scan_end = scan[best_len]; | |
37316 | +#endif | |
37317 | + | |
37318 | + /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. | |
37319 | + * It is easy to get rid of this optimization if necessary. | |
37320 | + */ | |
37321 | + Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); | |
37322 | + | |
37323 | + /* Do not waste too much time if we already have a good match: */ | |
37324 | + if (s->prev_length >= s->good_match) { | |
37325 | + chain_length >>= 2; | |
37326 | + } | |
37327 | + /* Do not look for matches beyond the end of the input. This is necessary | |
37328 | + * to make deflate deterministic. | |
37329 | + */ | |
37330 | + if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; | |
37331 | + | |
37332 | + Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); | |
37333 | + | |
37334 | + do { | |
37335 | + Assert(cur_match < s->strstart, "no future"); | |
37336 | + match = s->window + cur_match; | |
37337 | + | |
37338 | + /* Skip to next match if the match length cannot increase | |
37339 | + * or if the match length is less than 2: | |
37340 | + */ | |
37341 | +#if (defined(UNALIGNED_OK) && MAX_MATCH == 258) | |
37342 | + /* This code assumes sizeof(unsigned short) == 2. Do not use | |
37343 | + * UNALIGNED_OK if your compiler uses a different size. | |
37344 | + */ | |
37345 | + if (*(ushf*)(match+best_len-1) != scan_end || | |
37346 | + *(ushf*)match != scan_start) continue; | |
37347 | + | |
37348 | + /* It is not necessary to compare scan[2] and match[2] since they are | |
37349 | + * always equal when the other bytes match, given that the hash keys | |
37350 | + * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at | |
37351 | + * strstart+3, +5, ... up to strstart+257. We check for insufficient | |
37352 | + * lookahead only every 4th comparison; the 128th check will be made | |
37353 | + * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is | |
37354 | + * necessary to put more guard bytes at the end of the window, or | |
37355 | + * to check more often for insufficient lookahead. | |
37356 | + */ | |
37357 | + Assert(scan[2] == match[2], "scan[2]?"); | |
37358 | + scan++, match++; | |
37359 | + do { | |
37360 | + } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) && | |
37361 | + *(ushf*)(scan+=2) == *(ushf*)(match+=2) && | |
37362 | + *(ushf*)(scan+=2) == *(ushf*)(match+=2) && | |
37363 | + *(ushf*)(scan+=2) == *(ushf*)(match+=2) && | |
37364 | + scan < strend); | |
37365 | + /* The funny "do {}" generates better code on most compilers */ | |
37366 | + | |
37367 | + /* Here, scan <= window+strstart+257 */ | |
37368 | + Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); | |
37369 | + if (*scan == *match) scan++; | |
37370 | + | |
37371 | + len = (MAX_MATCH - 1) - (int)(strend-scan); | |
37372 | + scan = strend - (MAX_MATCH-1); | |
37373 | + | |
37374 | +#else /* UNALIGNED_OK */ | |
37375 | + | |
37376 | + if (match[best_len] != scan_end || | |
37377 | + match[best_len-1] != scan_end1 || | |
37378 | + *match != *scan || | |
37379 | + *++match != scan[1]) continue; | |
37380 | + | |
37381 | + /* The check at best_len-1 can be removed because it will be made | |
37382 | + * again later. (This heuristic is not always a win.) | |
37383 | + * It is not necessary to compare scan[2] and match[2] since they | |
37384 | + * are always equal when the other bytes match, given that | |
37385 | + * the hash keys are equal and that HASH_BITS >= 8. | |
37386 | + */ | |
37387 | + scan += 2, match++; | |
37388 | + Assert(*scan == *match, "match[2]?"); | |
37389 | + | |
37390 | + /* We check for insufficient lookahead only every 8th comparison; | |
37391 | + * the 256th check will be made at strstart+258. | |
37392 | + */ | |
37393 | + do { | |
37394 | + } while (*++scan == *++match && *++scan == *++match && | |
37395 | + *++scan == *++match && *++scan == *++match && | |
37396 | + *++scan == *++match && *++scan == *++match && | |
37397 | + *++scan == *++match && *++scan == *++match && | |
37398 | + scan < strend); | |
37399 | + | |
37400 | + Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); | |
37401 | + | |
37402 | + len = MAX_MATCH - (int)(strend - scan); | |
37403 | + scan = strend - MAX_MATCH; | |
37404 | + | |
37405 | +#endif /* UNALIGNED_OK */ | |
37406 | + | |
37407 | + if (len > best_len) { | |
37408 | + s->match_start = cur_match; | |
37409 | + best_len = len; | |
37410 | + if (len >= nice_match) break; | |
37411 | +#ifdef UNALIGNED_OK | |
37412 | + scan_end = *(ushf*)(scan+best_len-1); | |
37413 | +#else | |
37414 | + scan_end1 = scan[best_len-1]; | |
37415 | + scan_end = scan[best_len]; | |
37416 | +#endif | |
37417 | + } | |
37418 | + } while ((cur_match = prev[cur_match & wmask]) > limit | |
37419 | + && --chain_length != 0); | |
37420 | + | |
37421 | + if ((uInt)best_len <= s->lookahead) return (uInt)best_len; | |
37422 | + return s->lookahead; | |
37423 | +} | |
37424 | + | |
37425 | +#else /* FASTEST */ | |
37426 | +/* --------------------------------------------------------------------------- | |
37427 | + * Optimized version for level == 1 only | |
37428 | + */ | |
37429 | +local uInt longest_match(s, cur_match) | |
37430 | + deflate_state *s; | |
37431 | + IPos cur_match; /* current match */ | |
37432 | +{ | |
37433 | + register Bytef *scan = s->window + s->strstart; /* current string */ | |
37434 | + register Bytef *match; /* matched string */ | |
37435 | + register int len; /* length of current match */ | |
37436 | + register Bytef *strend = s->window + s->strstart + MAX_MATCH; | |
37437 | + | |
37438 | + /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. | |
37439 | + * It is easy to get rid of this optimization if necessary. | |
37440 | + */ | |
37441 | + Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); | |
37442 | + | |
37443 | + Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); | |
37444 | + | |
37445 | + Assert(cur_match < s->strstart, "no future"); | |
37446 | + | |
37447 | + match = s->window + cur_match; | |
37448 | + | |
37449 | + /* Return failure if the match length is less than 2: | |
37450 | + */ | |
37451 | + if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1; | |
37452 | + | |
37453 | + /* The check at best_len-1 can be removed because it will be made | |
37454 | + * again later. (This heuristic is not always a win.) | |
37455 | + * It is not necessary to compare scan[2] and match[2] since they | |
37456 | + * are always equal when the other bytes match, given that | |
37457 | + * the hash keys are equal and that HASH_BITS >= 8. | |
37458 | + */ | |
37459 | + scan += 2, match += 2; | |
37460 | + Assert(*scan == *match, "match[2]?"); | |
37461 | + | |
37462 | + /* We check for insufficient lookahead only every 8th comparison; | |
37463 | + * the 256th check will be made at strstart+258. | |
37464 | + */ | |
37465 | + do { | |
37466 | + } while (*++scan == *++match && *++scan == *++match && | |
37467 | + *++scan == *++match && *++scan == *++match && | |
37468 | + *++scan == *++match && *++scan == *++match && | |
37469 | + *++scan == *++match && *++scan == *++match && | |
37470 | + scan < strend); | |
37471 | + | |
37472 | + Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); | |
37473 | + | |
37474 | + len = MAX_MATCH - (int)(strend - scan); | |
37475 | + | |
37476 | + if (len < MIN_MATCH) return MIN_MATCH - 1; | |
37477 | + | |
37478 | + s->match_start = cur_match; | |
37479 | + return len <= s->lookahead ? len : s->lookahead; | |
37480 | +} | |
37481 | +#endif /* FASTEST */ | |
37482 | +#endif /* ASMV */ | |
37483 | + | |
37484 | +#ifdef DEBUG | |
37485 | +/* =========================================================================== | |
37486 | + * Check that the match at match_start is indeed a match. | |
37487 | + */ | |
37488 | +local void check_match(s, start, match, length) | |
37489 | + deflate_state *s; | |
37490 | + IPos start, match; | |
37491 | + int length; | |
37492 | +{ | |
37493 | + /* check that the match is indeed a match */ | |
37494 | + if (zmemcmp(s->window + match, | |
37495 | + s->window + start, length) != EQUAL) { | |
37496 | + fprintf(stderr, " start %u, match %u, length %d\n", | |
37497 | + start, match, length); | |
37498 | + do { | |
37499 | + fprintf(stderr, "%c%c", s->window[match++], s->window[start++]); | |
37500 | + } while (--length != 0); | |
37501 | + z_error("invalid match"); | |
37502 | + } | |
37503 | + if (z_verbose > 1) { | |
37504 | + fprintf(stderr,"\\[%d,%d]", start-match, length); | |
37505 | + do { putc(s->window[start++], stderr); } while (--length != 0); | |
37506 | + } | |
37507 | +} | |
37508 | +#else | |
37509 | +# define check_match(s, start, match, length) | |
37510 | +#endif | |
37511 | + | |
37512 | +/* =========================================================================== | |
37513 | + * Fill the window when the lookahead becomes insufficient. | |
37514 | + * Updates strstart and lookahead. | |
37515 | + * | |
37516 | + * IN assertion: lookahead < MIN_LOOKAHEAD | |
37517 | + * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD | |
37518 | + * At least one byte has been read, or avail_in == 0; reads are | |
37519 | + * performed for at least two bytes (required for the zip translate_eol | |
37520 | + * option -- not supported here). | |
37521 | + */ | |
37522 | +local void fill_window(s) | |
37523 | + deflate_state *s; | |
37524 | +{ | |
37525 | + register unsigned n, m; | |
37526 | + register Posf *p; | |
37527 | + unsigned more; /* Amount of free space at the end of the window. */ | |
37528 | + uInt wsize = s->w_size; | |
37529 | + | |
37530 | + do { | |
37531 | + more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart); | |
37532 | + | |
37533 | + /* Deal with !@#$% 64K limit: */ | |
37534 | + if (more == 0 && s->strstart == 0 && s->lookahead == 0) { | |
37535 | + more = wsize; | |
37536 | + | |
37537 | + } else if (more == (unsigned)(-1)) { | |
37538 | + /* Very unlikely, but possible on 16 bit machine if strstart == 0 | |
37539 | + * and lookahead == 1 (input done one byte at time) | |
37540 | + */ | |
37541 | + more--; | |
37542 | + | |
37543 | + /* If the window is almost full and there is insufficient lookahead, | |
37544 | + * move the upper half to the lower one to make room in the upper half. | |
37545 | + */ | |
37546 | + } else if (s->strstart >= wsize+MAX_DIST(s)) { | |
37547 | + | |
37548 | + zmemcpy(s->window, s->window+wsize, (unsigned)wsize); | |
37549 | + s->match_start -= wsize; | |
37550 | + s->strstart -= wsize; /* we now have strstart >= MAX_DIST */ | |
37551 | + s->block_start -= (long) wsize; | |
37552 | + | |
37553 | + /* Slide the hash table (could be avoided with 32 bit values | |
37554 | + at the expense of memory usage). We slide even when level == 0 | |
37555 | + to keep the hash table consistent if we switch back to level > 0 | |
37556 | + later. (Using level 0 permanently is not an optimal usage of | |
37557 | + zlib, so we don't care about this pathological case.) | |
37558 | + */ | |
37559 | + n = s->hash_size; | |
37560 | + p = &s->head[n]; | |
37561 | + do { | |
37562 | + m = *--p; | |
37563 | + *p = (Pos)(m >= wsize ? m-wsize : NIL); | |
37564 | + } while (--n); | |
37565 | + | |
37566 | + n = wsize; | |
37567 | +#ifndef FASTEST | |
37568 | + p = &s->prev[n]; | |
37569 | + do { | |
37570 | + m = *--p; | |
37571 | + *p = (Pos)(m >= wsize ? m-wsize : NIL); | |
37572 | + /* If n is not on any hash chain, prev[n] is garbage but | |
37573 | + * its value will never be used. | |
37574 | + */ | |
37575 | + } while (--n); | |
37576 | +#endif | |
37577 | + more += wsize; | |
37578 | + } | |
37579 | + if (s->strm->avail_in == 0) return; | |
37580 | + | |
37581 | + /* If there was no sliding: | |
37582 | + * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && | |
37583 | + * more == window_size - lookahead - strstart | |
37584 | + * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) | |
37585 | + * => more >= window_size - 2*WSIZE + 2 | |
37586 | + * In the BIG_MEM or MMAP case (not yet supported), | |
37587 | + * window_size == input_size + MIN_LOOKAHEAD && | |
37588 | + * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. | |
37589 | + * Otherwise, window_size == 2*WSIZE so more >= 2. | |
37590 | + * If there was sliding, more >= WSIZE. So in all cases, more >= 2. | |
37591 | + */ | |
37592 | + Assert(more >= 2, "more < 2"); | |
37593 | + | |
37594 | + n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more); | |
37595 | + s->lookahead += n; | |
37596 | + | |
37597 | + /* Initialize the hash value now that we have some input: */ | |
37598 | + if (s->lookahead >= MIN_MATCH) { | |
37599 | + s->ins_h = s->window[s->strstart]; | |
37600 | + UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); | |
37601 | +#if MIN_MATCH != 3 | |
37602 | + Call UPDATE_HASH() MIN_MATCH-3 more times | |
37603 | +#endif | |
37604 | + } | |
37605 | + /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, | |
37606 | + * but this is not important since only literal bytes will be emitted. | |
37607 | + */ | |
37608 | + | |
37609 | + } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0); | |
37610 | +} | |
37611 | + | |
37612 | +/* =========================================================================== | |
37613 | + * Flush the current block, with given end-of-file flag. | |
37614 | + * IN assertion: strstart is set to the end of the current match. | |
37615 | + */ | |
37616 | +#define FLUSH_BLOCK_ONLY(s, eof) { \ | |
37617 | + _tr_flush_block(s, (s->block_start >= 0L ? \ | |
37618 | + (charf *)&s->window[(unsigned)s->block_start] : \ | |
37619 | + (charf *)Z_NULL), \ | |
37620 | + (ulg)((long)s->strstart - s->block_start), \ | |
37621 | + (eof)); \ | |
37622 | + s->block_start = s->strstart; \ | |
37623 | + flush_pending(s->strm); \ | |
37624 | + Tracev((stderr,"[FLUSH]")); \ | |
37625 | +} | |
37626 | + | |
37627 | +/* Same but force premature exit if necessary. */ | |
37628 | +#define FLUSH_BLOCK(s, eof) { \ | |
37629 | + FLUSH_BLOCK_ONLY(s, eof); \ | |
37630 | + if (s->strm->avail_out == 0) return (eof) ? finish_started : need_more; \ | |
37631 | +} | |
37632 | + | |
37633 | +/* =========================================================================== | |
37634 | + * Copy without compression as much as possible from the input stream, return | |
37635 | + * the current block state. | |
37636 | + * This function does not insert new strings in the dictionary since | |
37637 | + * uncompressible data is probably not useful. This function is used | |
37638 | + * only for the level=0 compression option. | |
37639 | + * NOTE: this function should be optimized to avoid extra copying from | |
37640 | + * window to pending_buf. | |
37641 | + */ | |
37642 | +local block_state deflate_stored(s, flush) | |
37643 | + deflate_state *s; | |
37644 | + int flush; | |
37645 | +{ | |
37646 | + /* Stored blocks are limited to 0xffff bytes, pending_buf is limited | |
37647 | + * to pending_buf_size, and each stored block has a 5 byte header: | |
37648 | + */ | |
37649 | + ulg max_block_size = 0xffff; | |
37650 | + ulg max_start; | |
37651 | + | |
37652 | + if (max_block_size > s->pending_buf_size - 5) { | |
37653 | + max_block_size = s->pending_buf_size - 5; | |
37654 | + } | |
37655 | + | |
37656 | + /* Copy as much as possible from input to output: */ | |
37657 | + for (;;) { | |
37658 | + /* Fill the window as much as possible: */ | |
37659 | + if (s->lookahead <= 1) { | |
37660 | + | |
37661 | + Assert(s->strstart < s->w_size+MAX_DIST(s) || | |
37662 | + s->block_start >= (long)s->w_size, "slide too late"); | |
37663 | + | |
37664 | + fill_window(s); | |
37665 | + if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more; | |
37666 | + | |
37667 | + if (s->lookahead == 0) break; /* flush the current block */ | |
37668 | + } | |
37669 | + Assert(s->block_start >= 0L, "block gone"); | |
37670 | + | |
37671 | + s->strstart += s->lookahead; | |
37672 | + s->lookahead = 0; | |
37673 | + | |
37674 | + /* Emit a stored block if pending_buf will be full: */ | |
37675 | + max_start = s->block_start + max_block_size; | |
37676 | + if (s->strstart == 0 || (ulg)s->strstart >= max_start) { | |
37677 | + /* strstart == 0 is possible when wraparound on 16-bit machine */ | |
37678 | + s->lookahead = (uInt)(s->strstart - max_start); | |
37679 | + s->strstart = (uInt)max_start; | |
37680 | + FLUSH_BLOCK(s, 0); | |
37681 | + } | |
37682 | + /* Flush if we may have to slide, otherwise block_start may become | |
37683 | + * negative and the data will be gone: | |
37684 | + */ | |
37685 | + if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) { | |
37686 | + FLUSH_BLOCK(s, 0); | |
37687 | + } | |
37688 | + } | |
37689 | + FLUSH_BLOCK(s, flush == Z_FINISH); | |
37690 | + return flush == Z_FINISH ? finish_done : block_done; | |
37691 | +} | |
37692 | + | |
37693 | +/* =========================================================================== | |
37694 | + * Compress as much as possible from the input stream, return the current | |
37695 | + * block state. | |
37696 | + * This function does not perform lazy evaluation of matches and inserts | |
37697 | + * new strings in the dictionary only for unmatched strings or for short | |
37698 | + * matches. It is used only for the fast compression options. | |
37699 | + */ | |
37700 | +local block_state deflate_fast(s, flush) | |
37701 | + deflate_state *s; | |
37702 | + int flush; | |
37703 | +{ | |
37704 | + IPos hash_head = NIL; /* head of the hash chain */ | |
37705 | + int bflush; /* set if current block must be flushed */ | |
37706 | + | |
37707 | + for (;;) { | |
37708 | + /* Make sure that we always have enough lookahead, except | |
37709 | + * at the end of the input file. We need MAX_MATCH bytes | |
37710 | + * for the next match, plus MIN_MATCH bytes to insert the | |
37711 | + * string following the next match. | |
37712 | + */ | |
37713 | + if (s->lookahead < MIN_LOOKAHEAD) { | |
37714 | + fill_window(s); | |
37715 | + if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { | |
37716 | + return need_more; | |
37717 | + } | |
37718 | + if (s->lookahead == 0) break; /* flush the current block */ | |
37719 | + } | |
37720 | + | |
37721 | + /* Insert the string window[strstart .. strstart+2] in the | |
37722 | + * dictionary, and set hash_head to the head of the hash chain: | |
37723 | + */ | |
37724 | + if (s->lookahead >= MIN_MATCH) { | |
37725 | + INSERT_STRING(s, s->strstart, hash_head); | |
37726 | + } | |
37727 | + | |
37728 | + /* Find the longest match, discarding those <= prev_length. | |
37729 | + * At this point we have always match_length < MIN_MATCH | |
37730 | + */ | |
37731 | + if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) { | |
37732 | + /* To simplify the code, we prevent matches with the string | |
37733 | + * of window index 0 (in particular we have to avoid a match | |
37734 | + * of the string with itself at the start of the input file). | |
37735 | + */ | |
37736 | + if (s->strategy != Z_HUFFMAN_ONLY) { | |
37737 | + s->match_length = longest_match (s, hash_head); | |
37738 | + } | |
37739 | + /* longest_match() sets match_start */ | |
37740 | + } | |
37741 | + if (s->match_length >= MIN_MATCH) { | |
37742 | + check_match(s, s->strstart, s->match_start, s->match_length); | |
37743 | + | |
37744 | + _tr_tally_dist(s, s->strstart - s->match_start, | |
37745 | + s->match_length - MIN_MATCH, bflush); | |
37746 | + | |
37747 | + s->lookahead -= s->match_length; | |
37748 | + | |
37749 | + /* Insert new strings in the hash table only if the match length | |
37750 | + * is not too large. This saves time but degrades compression. | |
37751 | + */ | |
37752 | +#ifndef FASTEST | |
37753 | + if (s->match_length <= s->max_insert_length && | |
37754 | + s->lookahead >= MIN_MATCH) { | |
37755 | + s->match_length--; /* string at strstart already in hash table */ | |
37756 | + do { | |
37757 | + s->strstart++; | |
37758 | + INSERT_STRING(s, s->strstart, hash_head); | |
37759 | + /* strstart never exceeds WSIZE-MAX_MATCH, so there are | |
37760 | + * always MIN_MATCH bytes ahead. | |
37761 | + */ | |
37762 | + } while (--s->match_length != 0); | |
37763 | + s->strstart++; | |
37764 | + } else | |
37765 | +#endif | |
37766 | + { | |
37767 | + s->strstart += s->match_length; | |
37768 | + s->match_length = 0; | |
37769 | + s->ins_h = s->window[s->strstart]; | |
37770 | + UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); | |
37771 | +#if MIN_MATCH != 3 | |
37772 | + Call UPDATE_HASH() MIN_MATCH-3 more times | |
37773 | +#endif | |
37774 | + /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not | |
37775 | + * matter since it will be recomputed at next deflate call. | |
37776 | + */ | |
37777 | + } | |
37778 | + } else { | |
37779 | + /* No match, output a literal byte */ | |
37780 | + Tracevv((stderr,"%c", s->window[s->strstart])); | |
37781 | + _tr_tally_lit (s, s->window[s->strstart], bflush); | |
37782 | + s->lookahead--; | |
37783 | + s->strstart++; | |
37784 | + } | |
37785 | + if (bflush) FLUSH_BLOCK(s, 0); | |
37786 | + } | |
37787 | + FLUSH_BLOCK(s, flush == Z_FINISH); | |
37788 | + return flush == Z_FINISH ? finish_done : block_done; | |
37789 | +} | |
37790 | + | |
37791 | +/* =========================================================================== | |
37792 | + * Same as above, but achieves better compression. We use a lazy | |
37793 | + * evaluation for matches: a match is finally adopted only if there is | |
37794 | + * no better match at the next window position. | |
37795 | + */ | |
37796 | +local block_state deflate_slow(s, flush) | |
37797 | + deflate_state *s; | |
37798 | + int flush; | |
37799 | +{ | |
37800 | + IPos hash_head = NIL; /* head of hash chain */ | |
37801 | + int bflush; /* set if current block must be flushed */ | |
37802 | + | |
37803 | + /* Process the input block. */ | |
37804 | + for (;;) { | |
37805 | + /* Make sure that we always have enough lookahead, except | |
37806 | + * at the end of the input file. We need MAX_MATCH bytes | |
37807 | + * for the next match, plus MIN_MATCH bytes to insert the | |
37808 | + * string following the next match. | |
37809 | + */ | |
37810 | + if (s->lookahead < MIN_LOOKAHEAD) { | |
37811 | + fill_window(s); | |
37812 | + if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { | |
37813 | + return need_more; | |
37814 | + } | |
37815 | + if (s->lookahead == 0) break; /* flush the current block */ | |
37816 | + } | |
37817 | + | |
37818 | + /* Insert the string window[strstart .. strstart+2] in the | |
37819 | + * dictionary, and set hash_head to the head of the hash chain: | |
37820 | + */ | |
37821 | + if (s->lookahead >= MIN_MATCH) { | |
37822 | + INSERT_STRING(s, s->strstart, hash_head); | |
37823 | + } | |
37824 | + | |
37825 | + /* Find the longest match, discarding those <= prev_length. | |
37826 | + */ | |
37827 | + s->prev_length = s->match_length, s->prev_match = s->match_start; | |
37828 | + s->match_length = MIN_MATCH-1; | |
37829 | + | |
37830 | + if (hash_head != NIL && s->prev_length < s->max_lazy_match && | |
37831 | + s->strstart - hash_head <= MAX_DIST(s)) { | |
37832 | + /* To simplify the code, we prevent matches with the string | |
37833 | + * of window index 0 (in particular we have to avoid a match | |
37834 | + * of the string with itself at the start of the input file). | |
37835 | + */ | |
37836 | + if (s->strategy != Z_HUFFMAN_ONLY) { | |
37837 | + s->match_length = longest_match (s, hash_head); | |
37838 | + } | |
37839 | + /* longest_match() sets match_start */ | |
37840 | + | |
37841 | + if (s->match_length <= 5 && (s->strategy == Z_FILTERED || | |
37842 | + (s->match_length == MIN_MATCH && | |
37843 | + s->strstart - s->match_start > TOO_FAR))) { | |
37844 | + | |
37845 | + /* If prev_match is also MIN_MATCH, match_start is garbage | |
37846 | + * but we will ignore the current match anyway. | |
37847 | + */ | |
37848 | + s->match_length = MIN_MATCH-1; | |
37849 | + } | |
37850 | + } | |
37851 | + /* If there was a match at the previous step and the current | |
37852 | + * match is not better, output the previous match: | |
37853 | + */ | |
37854 | + if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) { | |
37855 | + uInt max_insert = s->strstart + s->lookahead - MIN_MATCH; | |
37856 | + /* Do not insert strings in hash table beyond this. */ | |
37857 | + | |
37858 | + check_match(s, s->strstart-1, s->prev_match, s->prev_length); | |
37859 | + | |
37860 | + _tr_tally_dist(s, s->strstart -1 - s->prev_match, | |
37861 | + s->prev_length - MIN_MATCH, bflush); | |
37862 | + | |
37863 | + /* Insert in hash table all strings up to the end of the match. | |
37864 | + * strstart-1 and strstart are already inserted. If there is not | |
37865 | + * enough lookahead, the last two strings are not inserted in | |
37866 | + * the hash table. | |
37867 | + */ | |
37868 | + s->lookahead -= s->prev_length-1; | |
37869 | + s->prev_length -= 2; | |
37870 | + do { | |
37871 | + if (++s->strstart <= max_insert) { | |
37872 | + INSERT_STRING(s, s->strstart, hash_head); | |
37873 | + } | |
37874 | + } while (--s->prev_length != 0); | |
37875 | + s->match_available = 0; | |
37876 | + s->match_length = MIN_MATCH-1; | |
37877 | + s->strstart++; | |
37878 | + | |
37879 | + if (bflush) FLUSH_BLOCK(s, 0); | |
37880 | + | |
37881 | + } else if (s->match_available) { | |
37882 | + /* If there was no match at the previous position, output a | |
37883 | + * single literal. If there was a match but the current match | |
37884 | + * is longer, truncate the previous match to a single literal. | |
37885 | + */ | |
37886 | + Tracevv((stderr,"%c", s->window[s->strstart-1])); | |
37887 | + _tr_tally_lit(s, s->window[s->strstart-1], bflush); | |
37888 | + if (bflush) { | |
37889 | + FLUSH_BLOCK_ONLY(s, 0); | |
37890 | + } | |
37891 | + s->strstart++; | |
37892 | + s->lookahead--; | |
37893 | + if (s->strm->avail_out == 0) return need_more; | |
37894 | + } else { | |
37895 | + /* There is no previous match to compare with, wait for | |
37896 | + * the next step to decide. | |
37897 | + */ | |
37898 | + s->match_available = 1; | |
37899 | + s->strstart++; | |
37900 | + s->lookahead--; | |
37901 | + } | |
37902 | + } | |
37903 | + Assert (flush != Z_NO_FLUSH, "no flush?"); | |
37904 | + if (s->match_available) { | |
37905 | + Tracevv((stderr,"%c", s->window[s->strstart-1])); | |
37906 | + _tr_tally_lit(s, s->window[s->strstart-1], bflush); | |
37907 | + s->match_available = 0; | |
37908 | + } | |
37909 | + FLUSH_BLOCK(s, flush == Z_FINISH); | |
37910 | + return flush == Z_FINISH ? finish_done : block_done; | |
37911 | +} | |
37912 | diff -druN linux-noipsec/net/ipsec/zlib/deflate.h linux/net/ipsec/zlib/deflate.h | |
37913 | --- linux-noipsec/net/ipsec/zlib/deflate.h Thu Jan 1 01:00:00 1970 | |
37914 | +++ linux/net/ipsec/zlib/deflate.h Fri Sep 29 20:51:34 2000 | |
37915 | @@ -0,0 +1,318 @@ | |
37916 | +/* deflate.h -- internal compression state | |
37917 | + * Copyright (C) 1995-1998 Jean-loup Gailly | |
37918 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
37919 | + */ | |
37920 | + | |
37921 | +/* WARNING: this file should *not* be used by applications. It is | |
37922 | + part of the implementation of the compression library and is | |
37923 | + subject to change. Applications should only use zlib.h. | |
37924 | + */ | |
37925 | + | |
37926 | +/* @(#) $Id$ */ | |
37927 | + | |
37928 | +#ifndef _DEFLATE_H | |
37929 | +#define _DEFLATE_H | |
37930 | + | |
37931 | +#include "zutil.h" | |
37932 | + | |
37933 | +/* =========================================================================== | |
37934 | + * Internal compression state. | |
37935 | + */ | |
37936 | + | |
37937 | +#define LENGTH_CODES 29 | |
37938 | +/* number of length codes, not counting the special END_BLOCK code */ | |
37939 | + | |
37940 | +#define LITERALS 256 | |
37941 | +/* number of literal bytes 0..255 */ | |
37942 | + | |
37943 | +#define L_CODES (LITERALS+1+LENGTH_CODES) | |
37944 | +/* number of Literal or Length codes, including the END_BLOCK code */ | |
37945 | + | |
37946 | +#define D_CODES 30 | |
37947 | +/* number of distance codes */ | |
37948 | + | |
37949 | +#define BL_CODES 19 | |
37950 | +/* number of codes used to transfer the bit lengths */ | |
37951 | + | |
37952 | +#define HEAP_SIZE (2*L_CODES+1) | |
37953 | +/* maximum heap size */ | |
37954 | + | |
37955 | +#define MAX_BITS 15 | |
37956 | +/* All codes must not exceed MAX_BITS bits */ | |
37957 | + | |
37958 | +#define INIT_STATE 42 | |
37959 | +#define BUSY_STATE 113 | |
37960 | +#define FINISH_STATE 666 | |
37961 | +/* Stream status */ | |
37962 | + | |
37963 | + | |
37964 | +/* Data structure describing a single value and its code string. */ | |
37965 | +typedef struct ct_data_s { | |
37966 | + union { | |
37967 | + ush freq; /* frequency count */ | |
37968 | + ush code; /* bit string */ | |
37969 | + } fc; | |
37970 | + union { | |
37971 | + ush dad; /* father node in Huffman tree */ | |
37972 | + ush len; /* length of bit string */ | |
37973 | + } dl; | |
37974 | +} FAR ct_data; | |
37975 | + | |
37976 | +#define Freq fc.freq | |
37977 | +#define Code fc.code | |
37978 | +#define Dad dl.dad | |
37979 | +#define Len dl.len | |
37980 | + | |
37981 | +typedef struct static_tree_desc_s static_tree_desc; | |
37982 | + | |
37983 | +typedef struct tree_desc_s { | |
37984 | + ct_data *dyn_tree; /* the dynamic tree */ | |
37985 | + int max_code; /* largest code with non zero frequency */ | |
37986 | + static_tree_desc *stat_desc; /* the corresponding static tree */ | |
37987 | +} FAR tree_desc; | |
37988 | + | |
37989 | +typedef ush Pos; | |
37990 | +typedef Pos FAR Posf; | |
37991 | +typedef unsigned IPos; | |
37992 | + | |
37993 | +/* A Pos is an index in the character window. We use short instead of int to | |
37994 | + * save space in the various tables. IPos is used only for parameter passing. | |
37995 | + */ | |
37996 | + | |
37997 | +typedef struct internal_state { | |
37998 | + z_streamp strm; /* pointer back to this zlib stream */ | |
37999 | + int status; /* as the name implies */ | |
38000 | + Bytef *pending_buf; /* output still pending */ | |
38001 | + ulg pending_buf_size; /* size of pending_buf */ | |
38002 | + Bytef *pending_out; /* next pending byte to output to the stream */ | |
38003 | + int pending; /* nb of bytes in the pending buffer */ | |
38004 | + int noheader; /* suppress zlib header and adler32 */ | |
38005 | + Byte data_type; /* UNKNOWN, BINARY or ASCII */ | |
38006 | + Byte method; /* STORED (for zip only) or DEFLATED */ | |
38007 | + int last_flush; /* value of flush param for previous deflate call */ | |
38008 | + | |
38009 | + /* used by deflate.c: */ | |
38010 | + | |
38011 | + uInt w_size; /* LZ77 window size (32K by default) */ | |
38012 | + uInt w_bits; /* log2(w_size) (8..16) */ | |
38013 | + uInt w_mask; /* w_size - 1 */ | |
38014 | + | |
38015 | + Bytef *window; | |
38016 | + /* Sliding window. Input bytes are read into the second half of the window, | |
38017 | + * and move to the first half later to keep a dictionary of at least wSize | |
38018 | + * bytes. With this organization, matches are limited to a distance of | |
38019 | + * wSize-MAX_MATCH bytes, but this ensures that IO is always | |
38020 | + * performed with a length multiple of the block size. Also, it limits | |
38021 | + * the window size to 64K, which is quite useful on MSDOS. | |
38022 | + * To do: use the user input buffer as sliding window. | |
38023 | + */ | |
38024 | + | |
38025 | + ulg window_size; | |
38026 | + /* Actual size of window: 2*wSize, except when the user input buffer | |
38027 | + * is directly used as sliding window. | |
38028 | + */ | |
38029 | + | |
38030 | + Posf *prev; | |
38031 | + /* Link to older string with same hash index. To limit the size of this | |
38032 | + * array to 64K, this link is maintained only for the last 32K strings. | |
38033 | + * An index in this array is thus a window index modulo 32K. | |
38034 | + */ | |
38035 | + | |
38036 | + Posf *head; /* Heads of the hash chains or NIL. */ | |
38037 | + | |
38038 | + uInt ins_h; /* hash index of string to be inserted */ | |
38039 | + uInt hash_size; /* number of elements in hash table */ | |
38040 | + uInt hash_bits; /* log2(hash_size) */ | |
38041 | + uInt hash_mask; /* hash_size-1 */ | |
38042 | + | |
38043 | + uInt hash_shift; | |
38044 | + /* Number of bits by which ins_h must be shifted at each input | |
38045 | + * step. It must be such that after MIN_MATCH steps, the oldest | |
38046 | + * byte no longer takes part in the hash key, that is: | |
38047 | + * hash_shift * MIN_MATCH >= hash_bits | |
38048 | + */ | |
38049 | + | |
38050 | + long block_start; | |
38051 | + /* Window position at the beginning of the current output block. Gets | |
38052 | + * negative when the window is moved backwards. | |
38053 | + */ | |
38054 | + | |
38055 | + uInt match_length; /* length of best match */ | |
38056 | + IPos prev_match; /* previous match */ | |
38057 | + int match_available; /* set if previous match exists */ | |
38058 | + uInt strstart; /* start of string to insert */ | |
38059 | + uInt match_start; /* start of matching string */ | |
38060 | + uInt lookahead; /* number of valid bytes ahead in window */ | |
38061 | + | |
38062 | + uInt prev_length; | |
38063 | + /* Length of the best match at previous step. Matches not greater than this | |
38064 | + * are discarded. This is used in the lazy match evaluation. | |
38065 | + */ | |
38066 | + | |
38067 | + uInt max_chain_length; | |
38068 | + /* To speed up deflation, hash chains are never searched beyond this | |
38069 | + * length. A higher limit improves compression ratio but degrades the | |
38070 | + * speed. | |
38071 | + */ | |
38072 | + | |
38073 | + uInt max_lazy_match; | |
38074 | + /* Attempt to find a better match only when the current match is strictly | |
38075 | + * smaller than this value. This mechanism is used only for compression | |
38076 | + * levels >= 4. | |
38077 | + */ | |
38078 | +# define max_insert_length max_lazy_match | |
38079 | + /* Insert new strings in the hash table only if the match length is not | |
38080 | + * greater than this length. This saves time but degrades compression. | |
38081 | + * max_insert_length is used only for compression levels <= 3. | |
38082 | + */ | |
38083 | + | |
38084 | + int level; /* compression level (1..9) */ | |
38085 | + int strategy; /* favor or force Huffman coding*/ | |
38086 | + | |
38087 | + uInt good_match; | |
38088 | + /* Use a faster search when the previous match is longer than this */ | |
38089 | + | |
38090 | + int nice_match; /* Stop searching when current match exceeds this */ | |
38091 | + | |
38092 | + /* used by trees.c: */ | |
38093 | + /* Didn't use ct_data typedef below to supress compiler warning */ | |
38094 | + struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ | |
38095 | + struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ | |
38096 | + struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ | |
38097 | + | |
38098 | + struct tree_desc_s l_desc; /* desc. for literal tree */ | |
38099 | + struct tree_desc_s d_desc; /* desc. for distance tree */ | |
38100 | + struct tree_desc_s bl_desc; /* desc. for bit length tree */ | |
38101 | + | |
38102 | + ush bl_count[MAX_BITS+1]; | |
38103 | + /* number of codes at each bit length for an optimal tree */ | |
38104 | + | |
38105 | + int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ | |
38106 | + int heap_len; /* number of elements in the heap */ | |
38107 | + int heap_max; /* element of largest frequency */ | |
38108 | + /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. | |
38109 | + * The same heap array is used to build all trees. | |
38110 | + */ | |
38111 | + | |
38112 | + uch depth[2*L_CODES+1]; | |
38113 | + /* Depth of each subtree used as tie breaker for trees of equal frequency | |
38114 | + */ | |
38115 | + | |
38116 | + uchf *l_buf; /* buffer for literals or lengths */ | |
38117 | + | |
38118 | + uInt lit_bufsize; | |
38119 | + /* Size of match buffer for literals/lengths. There are 4 reasons for | |
38120 | + * limiting lit_bufsize to 64K: | |
38121 | + * - frequencies can be kept in 16 bit counters | |
38122 | + * - if compression is not successful for the first block, all input | |
38123 | + * data is still in the window so we can still emit a stored block even | |
38124 | + * when input comes from standard input. (This can also be done for | |
38125 | + * all blocks if lit_bufsize is not greater than 32K.) | |
38126 | + * - if compression is not successful for a file smaller than 64K, we can | |
38127 | + * even emit a stored file instead of a stored block (saving 5 bytes). | |
38128 | + * This is applicable only for zip (not gzip or zlib). | |
38129 | + * - creating new Huffman trees less frequently may not provide fast | |
38130 | + * adaptation to changes in the input data statistics. (Take for | |
38131 | + * example a binary file with poorly compressible code followed by | |
38132 | + * a highly compressible string table.) Smaller buffer sizes give | |
38133 | + * fast adaptation but have of course the overhead of transmitting | |
38134 | + * trees more frequently. | |
38135 | + * - I can't count above 4 | |
38136 | + */ | |
38137 | + | |
38138 | + uInt last_lit; /* running index in l_buf */ | |
38139 | + | |
38140 | + ushf *d_buf; | |
38141 | + /* Buffer for distances. To simplify the code, d_buf and l_buf have | |
38142 | + * the same number of elements. To use different lengths, an extra flag | |
38143 | + * array would be necessary. | |
38144 | + */ | |
38145 | + | |
38146 | + ulg opt_len; /* bit length of current block with optimal trees */ | |
38147 | + ulg static_len; /* bit length of current block with static trees */ | |
38148 | + uInt matches; /* number of string matches in current block */ | |
38149 | + int last_eob_len; /* bit length of EOB code for last block */ | |
38150 | + | |
38151 | +#ifdef DEBUG | |
38152 | + ulg compressed_len; /* total bit length of compressed file mod 2^32 */ | |
38153 | + ulg bits_sent; /* bit length of compressed data sent mod 2^32 */ | |
38154 | +#endif | |
38155 | + | |
38156 | + ush bi_buf; | |
38157 | + /* Output buffer. bits are inserted starting at the bottom (least | |
38158 | + * significant bits). | |
38159 | + */ | |
38160 | + int bi_valid; | |
38161 | + /* Number of valid bits in bi_buf. All bits above the last valid bit | |
38162 | + * are always zero. | |
38163 | + */ | |
38164 | + | |
38165 | +} FAR deflate_state; | |
38166 | + | |
38167 | +/* Output a byte on the stream. | |
38168 | + * IN assertion: there is enough room in pending_buf. | |
38169 | + */ | |
38170 | +#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);} | |
38171 | + | |
38172 | + | |
38173 | +#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) | |
38174 | +/* Minimum amount of lookahead, except at the end of the input file. | |
38175 | + * See deflate.c for comments about the MIN_MATCH+1. | |
38176 | + */ | |
38177 | + | |
38178 | +#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD) | |
38179 | +/* In order to simplify the code, particularly on 16 bit machines, match | |
38180 | + * distances are limited to MAX_DIST instead of WSIZE. | |
38181 | + */ | |
38182 | + | |
38183 | + /* in trees.c */ | |
38184 | +void _tr_init OF((deflate_state *s)); | |
38185 | +int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc)); | |
38186 | +void _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len, | |
38187 | + int eof)); | |
38188 | +void _tr_align OF((deflate_state *s)); | |
38189 | +void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len, | |
38190 | + int eof)); | |
38191 | + | |
38192 | +#define d_code(dist) \ | |
38193 | + ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)]) | |
38194 | +/* Mapping from a distance to a distance code. dist is the distance - 1 and | |
38195 | + * must not have side effects. _dist_code[256] and _dist_code[257] are never | |
38196 | + * used. | |
38197 | + */ | |
38198 | + | |
38199 | +#ifndef DEBUG | |
38200 | +/* Inline versions of _tr_tally for speed: */ | |
38201 | + | |
38202 | +#if defined(GEN_TREES_H) || !defined(STDC) | |
38203 | + extern uch _length_code[]; | |
38204 | + extern uch _dist_code[]; | |
38205 | +#else | |
38206 | + extern const uch _length_code[]; | |
38207 | + extern const uch _dist_code[]; | |
38208 | +#endif | |
38209 | + | |
38210 | +# define _tr_tally_lit(s, c, flush) \ | |
38211 | + { uch cc = (c); \ | |
38212 | + s->d_buf[s->last_lit] = 0; \ | |
38213 | + s->l_buf[s->last_lit++] = cc; \ | |
38214 | + s->dyn_ltree[cc].Freq++; \ | |
38215 | + flush = (s->last_lit == s->lit_bufsize-1); \ | |
38216 | + } | |
38217 | +# define _tr_tally_dist(s, distance, length, flush) \ | |
38218 | + { uch len = (length); \ | |
38219 | + ush dist = (distance); \ | |
38220 | + s->d_buf[s->last_lit] = dist; \ | |
38221 | + s->l_buf[s->last_lit++] = len; \ | |
38222 | + dist--; \ | |
38223 | + s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ | |
38224 | + s->dyn_dtree[d_code(dist)].Freq++; \ | |
38225 | + flush = (s->last_lit == s->lit_bufsize-1); \ | |
38226 | + } | |
38227 | +#else | |
38228 | +# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) | |
38229 | +# define _tr_tally_dist(s, distance, length, flush) \ | |
38230 | + flush = _tr_tally(s, distance, length) | |
38231 | +#endif | |
38232 | + | |
38233 | +#endif /* _DEFLATE_H */ | |
38234 | diff -druN linux-noipsec/net/ipsec/zlib/infblock.c linux/net/ipsec/zlib/infblock.c | |
38235 | --- linux-noipsec/net/ipsec/zlib/infblock.c Thu Jan 1 01:00:00 1970 | |
38236 | +++ linux/net/ipsec/zlib/infblock.c Fri Sep 29 20:51:34 2000 | |
38237 | @@ -0,0 +1,398 @@ | |
38238 | +/* infblock.c -- interpret and process block types to last block | |
38239 | + * Copyright (C) 1995-1998 Mark Adler | |
38240 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
38241 | + */ | |
38242 | + | |
38243 | +#include "zutil.h" | |
38244 | +#include "infblock.h" | |
38245 | +#include "inftrees.h" | |
38246 | +#include "infcodes.h" | |
38247 | +#include "infutil.h" | |
38248 | + | |
38249 | +struct inflate_codes_state {int dummy;}; /* for buggy compilers */ | |
38250 | + | |
38251 | +/* simplify the use of the inflate_huft type with some defines */ | |
38252 | +#define exop word.what.Exop | |
38253 | +#define bits word.what.Bits | |
38254 | + | |
38255 | +/* Table for deflate from PKZIP's appnote.txt. */ | |
38256 | +local const uInt border[] = { /* Order of the bit length code lengths */ | |
38257 | + 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; | |
38258 | + | |
38259 | +/* | |
38260 | + Notes beyond the 1.93a appnote.txt: | |
38261 | + | |
38262 | + 1. Distance pointers never point before the beginning of the output | |
38263 | + stream. | |
38264 | + 2. Distance pointers can point back across blocks, up to 32k away. | |
38265 | + 3. There is an implied maximum of 7 bits for the bit length table and | |
38266 | + 15 bits for the actual data. | |
38267 | + 4. If only one code exists, then it is encoded using one bit. (Zero | |
38268 | + would be more efficient, but perhaps a little confusing.) If two | |
38269 | + codes exist, they are coded using one bit each (0 and 1). | |
38270 | + 5. There is no way of sending zero distance codes--a dummy must be | |
38271 | + sent if there are none. (History: a pre 2.0 version of PKZIP would | |
38272 | + store blocks with no distance codes, but this was discovered to be | |
38273 | + too harsh a criterion.) Valid only for 1.93a. 2.04c does allow | |
38274 | + zero distance codes, which is sent as one code of zero bits in | |
38275 | + length. | |
38276 | + 6. There are up to 286 literal/length codes. Code 256 represents the | |
38277 | + end-of-block. Note however that the static length tree defines | |
38278 | + 288 codes just to fill out the Huffman codes. Codes 286 and 287 | |
38279 | + cannot be used though, since there is no length base or extra bits | |
38280 | + defined for them. Similarily, there are up to 30 distance codes. | |
38281 | + However, static trees define 32 codes (all 5 bits) to fill out the | |
38282 | + Huffman codes, but the last two had better not show up in the data. | |
38283 | + 7. Unzip can check dynamic Huffman blocks for complete code sets. | |
38284 | + The exception is that a single code would not be complete (see #4). | |
38285 | + 8. The five bits following the block type is really the number of | |
38286 | + literal codes sent minus 257. | |
38287 | + 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits | |
38288 | + (1+6+6). Therefore, to output three times the length, you output | |
38289 | + three codes (1+1+1), whereas to output four times the same length, | |
38290 | + you only need two codes (1+3). Hmm. | |
38291 | + 10. In the tree reconstruction algorithm, Code = Code + Increment | |
38292 | + only if BitLength(i) is not zero. (Pretty obvious.) | |
38293 | + 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) | |
38294 | + 12. Note: length code 284 can represent 227-258, but length code 285 | |
38295 | + really is 258. The last length deserves its own, short code | |
38296 | + since it gets used a lot in very redundant files. The length | |
38297 | + 258 is special since 258 - 3 (the min match length) is 255. | |
38298 | + 13. The literal/length and distance code bit lengths are read as a | |
38299 | + single stream of lengths. It is possible (and advantageous) for | |
38300 | + a repeat code (16, 17, or 18) to go across the boundary between | |
38301 | + the two sets of lengths. | |
38302 | + */ | |
38303 | + | |
38304 | + | |
38305 | +void inflate_blocks_reset(s, z, c) | |
38306 | +inflate_blocks_statef *s; | |
38307 | +z_streamp z; | |
38308 | +uLongf *c; | |
38309 | +{ | |
38310 | + if (c != Z_NULL) | |
38311 | + *c = s->check; | |
38312 | + if (s->mode == BTREE || s->mode == DTREE) | |
38313 | + ZFREE(z, s->sub.trees.blens); | |
38314 | + if (s->mode == CODES) | |
38315 | + inflate_codes_free(s->sub.decode.codes, z); | |
38316 | + s->mode = TYPE; | |
38317 | + s->bitk = 0; | |
38318 | + s->bitb = 0; | |
38319 | + s->read = s->write = s->window; | |
38320 | + if (s->checkfn != Z_NULL) | |
38321 | + z->adler = s->check = (*s->checkfn)(0L, (const Bytef *)Z_NULL, 0); | |
38322 | + Tracev((stderr, "inflate: blocks reset\n")); | |
38323 | +} | |
38324 | + | |
38325 | + | |
38326 | +inflate_blocks_statef *inflate_blocks_new(z, c, w) | |
38327 | +z_streamp z; | |
38328 | +check_func c; | |
38329 | +uInt w; | |
38330 | +{ | |
38331 | + inflate_blocks_statef *s; | |
38332 | + | |
38333 | + if ((s = (inflate_blocks_statef *)ZALLOC | |
38334 | + (z,1,sizeof(struct inflate_blocks_state))) == Z_NULL) | |
38335 | + return s; | |
38336 | + if ((s->hufts = | |
38337 | + (inflate_huft *)ZALLOC(z, sizeof(inflate_huft), MANY)) == Z_NULL) | |
38338 | + { | |
38339 | + ZFREE(z, s); | |
38340 | + return Z_NULL; | |
38341 | + } | |
38342 | + if ((s->window = (Bytef *)ZALLOC(z, 1, w)) == Z_NULL) | |
38343 | + { | |
38344 | + ZFREE(z, s->hufts); | |
38345 | + ZFREE(z, s); | |
38346 | + return Z_NULL; | |
38347 | + } | |
38348 | + s->end = s->window + w; | |
38349 | + s->checkfn = c; | |
38350 | + s->mode = TYPE; | |
38351 | + Tracev((stderr, "inflate: blocks allocated\n")); | |
38352 | + inflate_blocks_reset(s, z, Z_NULL); | |
38353 | + return s; | |
38354 | +} | |
38355 | + | |
38356 | + | |
38357 | +int inflate_blocks(s, z, r) | |
38358 | +inflate_blocks_statef *s; | |
38359 | +z_streamp z; | |
38360 | +int r; | |
38361 | +{ | |
38362 | + uInt t; /* temporary storage */ | |
38363 | + uLong b; /* bit buffer */ | |
38364 | + uInt k; /* bits in bit buffer */ | |
38365 | + Bytef *p; /* input data pointer */ | |
38366 | + uInt n; /* bytes available there */ | |
38367 | + Bytef *q; /* output window write pointer */ | |
38368 | + uInt m; /* bytes to end of window or read pointer */ | |
38369 | + | |
38370 | + /* copy input/output information to locals (UPDATE macro restores) */ | |
38371 | + LOAD | |
38372 | + | |
38373 | + /* process input based on current state */ | |
38374 | + while (1) switch (s->mode) | |
38375 | + { | |
38376 | + case TYPE: | |
38377 | + NEEDBITS(3) | |
38378 | + t = (uInt)b & 7; | |
38379 | + s->last = t & 1; | |
38380 | + switch (t >> 1) | |
38381 | + { | |
38382 | + case 0: /* stored */ | |
38383 | + Tracev((stderr, "inflate: stored block%s\n", | |
38384 | + s->last ? " (last)" : "")); | |
38385 | + DUMPBITS(3) | |
38386 | + t = k & 7; /* go to byte boundary */ | |
38387 | + DUMPBITS(t) | |
38388 | + s->mode = LENS; /* get length of stored block */ | |
38389 | + break; | |
38390 | + case 1: /* fixed */ | |
38391 | + Tracev((stderr, "inflate: fixed codes block%s\n", | |
38392 | + s->last ? " (last)" : "")); | |
38393 | + { | |
38394 | + uInt bl, bd; | |
38395 | + inflate_huft *tl, *td; | |
38396 | + | |
38397 | + inflate_trees_fixed(&bl, &bd, &tl, &td, z); | |
38398 | + s->sub.decode.codes = inflate_codes_new(bl, bd, tl, td, z); | |
38399 | + if (s->sub.decode.codes == Z_NULL) | |
38400 | + { | |
38401 | + r = Z_MEM_ERROR; | |
38402 | + LEAVE | |
38403 | + } | |
38404 | + } | |
38405 | + DUMPBITS(3) | |
38406 | + s->mode = CODES; | |
38407 | + break; | |
38408 | + case 2: /* dynamic */ | |
38409 | + Tracev((stderr, "inflate: dynamic codes block%s\n", | |
38410 | + s->last ? " (last)" : "")); | |
38411 | + DUMPBITS(3) | |
38412 | + s->mode = TABLE; | |
38413 | + break; | |
38414 | + case 3: /* illegal */ | |
38415 | + DUMPBITS(3) | |
38416 | + s->mode = BAD; | |
38417 | + z->msg = (char*)"invalid block type"; | |
38418 | + r = Z_DATA_ERROR; | |
38419 | + LEAVE | |
38420 | + } | |
38421 | + break; | |
38422 | + case LENS: | |
38423 | + NEEDBITS(32) | |
38424 | + if ((((~b) >> 16) & 0xffff) != (b & 0xffff)) | |
38425 | + { | |
38426 | + s->mode = BAD; | |
38427 | + z->msg = (char*)"invalid stored block lengths"; | |
38428 | + r = Z_DATA_ERROR; | |
38429 | + LEAVE | |
38430 | + } | |
38431 | + s->sub.left = (uInt)b & 0xffff; | |
38432 | + b = k = 0; /* dump bits */ | |
38433 | + Tracev((stderr, "inflate: stored length %u\n", s->sub.left)); | |
38434 | + s->mode = s->sub.left ? STORED : (s->last ? DRY : TYPE); | |
38435 | + break; | |
38436 | + case STORED: | |
38437 | + if (n == 0) | |
38438 | + LEAVE | |
38439 | + NEEDOUT | |
38440 | + t = s->sub.left; | |
38441 | + if (t > n) t = n; | |
38442 | + if (t > m) t = m; | |
38443 | + zmemcpy(q, p, t); | |
38444 | + p += t; n -= t; | |
38445 | + q += t; m -= t; | |
38446 | + if ((s->sub.left -= t) != 0) | |
38447 | + break; | |
38448 | + Tracev((stderr, "inflate: stored end, %lu total out\n", | |
38449 | + z->total_out + (q >= s->read ? q - s->read : | |
38450 | + (s->end - s->read) + (q - s->window)))); | |
38451 | + s->mode = s->last ? DRY : TYPE; | |
38452 | + break; | |
38453 | + case TABLE: | |
38454 | + NEEDBITS(14) | |
38455 | + s->sub.trees.table = t = (uInt)b & 0x3fff; | |
38456 | +#ifndef PKZIP_BUG_WORKAROUND | |
38457 | + if ((t & 0x1f) > 29 || ((t >> 5) & 0x1f) > 29) | |
38458 | + { | |
38459 | + s->mode = BAD; | |
38460 | + z->msg = (char*)"too many length or distance symbols"; | |
38461 | + r = Z_DATA_ERROR; | |
38462 | + LEAVE | |
38463 | + } | |
38464 | +#endif | |
38465 | + t = 258 + (t & 0x1f) + ((t >> 5) & 0x1f); | |
38466 | + if ((s->sub.trees.blens = (uIntf*)ZALLOC(z, t, sizeof(uInt))) == Z_NULL) | |
38467 | + { | |
38468 | + r = Z_MEM_ERROR; | |
38469 | + LEAVE | |
38470 | + } | |
38471 | + DUMPBITS(14) | |
38472 | + s->sub.trees.index = 0; | |
38473 | + Tracev((stderr, "inflate: table sizes ok\n")); | |
38474 | + s->mode = BTREE; | |
38475 | + case BTREE: | |
38476 | + while (s->sub.trees.index < 4 + (s->sub.trees.table >> 10)) | |
38477 | + { | |
38478 | + NEEDBITS(3) | |
38479 | + s->sub.trees.blens[border[s->sub.trees.index++]] = (uInt)b & 7; | |
38480 | + DUMPBITS(3) | |
38481 | + } | |
38482 | + while (s->sub.trees.index < 19) | |
38483 | + s->sub.trees.blens[border[s->sub.trees.index++]] = 0; | |
38484 | + s->sub.trees.bb = 7; | |
38485 | + t = inflate_trees_bits(s->sub.trees.blens, &s->sub.trees.bb, | |
38486 | + &s->sub.trees.tb, s->hufts, z); | |
38487 | + if (t != Z_OK) | |
38488 | + { | |
38489 | + ZFREE(z, s->sub.trees.blens); | |
38490 | + r = t; | |
38491 | + if (r == Z_DATA_ERROR) | |
38492 | + s->mode = BAD; | |
38493 | + LEAVE | |
38494 | + } | |
38495 | + s->sub.trees.index = 0; | |
38496 | + Tracev((stderr, "inflate: bits tree ok\n")); | |
38497 | + s->mode = DTREE; | |
38498 | + case DTREE: | |
38499 | + while (t = s->sub.trees.table, | |
38500 | + s->sub.trees.index < 258 + (t & 0x1f) + ((t >> 5) & 0x1f)) | |
38501 | + { | |
38502 | + inflate_huft *h; | |
38503 | + uInt i, j, c; | |
38504 | + | |
38505 | + t = s->sub.trees.bb; | |
38506 | + NEEDBITS(t) | |
38507 | + h = s->sub.trees.tb + ((uInt)b & inflate_mask[t]); | |
38508 | + t = h->bits; | |
38509 | + c = h->base; | |
38510 | + if (c < 16) | |
38511 | + { | |
38512 | + DUMPBITS(t) | |
38513 | + s->sub.trees.blens[s->sub.trees.index++] = c; | |
38514 | + } | |
38515 | + else /* c == 16..18 */ | |
38516 | + { | |
38517 | + i = c == 18 ? 7 : c - 14; | |
38518 | + j = c == 18 ? 11 : 3; | |
38519 | + NEEDBITS(t + i) | |
38520 | + DUMPBITS(t) | |
38521 | + j += (uInt)b & inflate_mask[i]; | |
38522 | + DUMPBITS(i) | |
38523 | + i = s->sub.trees.index; | |
38524 | + t = s->sub.trees.table; | |
38525 | + if (i + j > 258 + (t & 0x1f) + ((t >> 5) & 0x1f) || | |
38526 | + (c == 16 && i < 1)) | |
38527 | + { | |
38528 | + ZFREE(z, s->sub.trees.blens); | |
38529 | + s->mode = BAD; | |
38530 | + z->msg = (char*)"invalid bit length repeat"; | |
38531 | + r = Z_DATA_ERROR; | |
38532 | + LEAVE | |
38533 | + } | |
38534 | + c = c == 16 ? s->sub.trees.blens[i - 1] : 0; | |
38535 | + do { | |
38536 | + s->sub.trees.blens[i++] = c; | |
38537 | + } while (--j); | |
38538 | + s->sub.trees.index = i; | |
38539 | + } | |
38540 | + } | |
38541 | + s->sub.trees.tb = Z_NULL; | |
38542 | + { | |
38543 | + uInt bl, bd; | |
38544 | + inflate_huft *tl, *td; | |
38545 | + inflate_codes_statef *c; | |
38546 | + | |
38547 | + bl = 9; /* must be <= 9 for lookahead assumptions */ | |
38548 | + bd = 6; /* must be <= 9 for lookahead assumptions */ | |
38549 | + t = s->sub.trees.table; | |
38550 | + t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f), | |
38551 | + s->sub.trees.blens, &bl, &bd, &tl, &td, | |
38552 | + s->hufts, z); | |
38553 | + ZFREE(z, s->sub.trees.blens); | |
38554 | + if (t != Z_OK) | |
38555 | + { | |
38556 | + if (t == (uInt)Z_DATA_ERROR) | |
38557 | + s->mode = BAD; | |
38558 | + r = t; | |
38559 | + LEAVE | |
38560 | + } | |
38561 | + Tracev((stderr, "inflate: trees ok\n")); | |
38562 | + if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL) | |
38563 | + { | |
38564 | + r = Z_MEM_ERROR; | |
38565 | + LEAVE | |
38566 | + } | |
38567 | + s->sub.decode.codes = c; | |
38568 | + } | |
38569 | + s->mode = CODES; | |
38570 | + case CODES: | |
38571 | + UPDATE | |
38572 | + if ((r = inflate_codes(s, z, r)) != Z_STREAM_END) | |
38573 | + return inflate_flush(s, z, r); | |
38574 | + r = Z_OK; | |
38575 | + inflate_codes_free(s->sub.decode.codes, z); | |
38576 | + LOAD | |
38577 | + Tracev((stderr, "inflate: codes end, %lu total out\n", | |
38578 | + z->total_out + (q >= s->read ? q - s->read : | |
38579 | + (s->end - s->read) + (q - s->window)))); | |
38580 | + if (!s->last) | |
38581 | + { | |
38582 | + s->mode = TYPE; | |
38583 | + break; | |
38584 | + } | |
38585 | + s->mode = DRY; | |
38586 | + case DRY: | |
38587 | + FLUSH | |
38588 | + if (s->read != s->write) | |
38589 | + LEAVE | |
38590 | + s->mode = DONE; | |
38591 | + case DONE: | |
38592 | + r = Z_STREAM_END; | |
38593 | + LEAVE | |
38594 | + case BAD: | |
38595 | + r = Z_DATA_ERROR; | |
38596 | + LEAVE | |
38597 | + default: | |
38598 | + r = Z_STREAM_ERROR; | |
38599 | + LEAVE | |
38600 | + } | |
38601 | +} | |
38602 | + | |
38603 | + | |
38604 | +int inflate_blocks_free(s, z) | |
38605 | +inflate_blocks_statef *s; | |
38606 | +z_streamp z; | |
38607 | +{ | |
38608 | + inflate_blocks_reset(s, z, Z_NULL); | |
38609 | + ZFREE(z, s->window); | |
38610 | + ZFREE(z, s->hufts); | |
38611 | + ZFREE(z, s); | |
38612 | + Tracev((stderr, "inflate: blocks freed\n")); | |
38613 | + return Z_OK; | |
38614 | +} | |
38615 | + | |
38616 | + | |
38617 | +void inflate_set_dictionary(s, d, n) | |
38618 | +inflate_blocks_statef *s; | |
38619 | +const Bytef *d; | |
38620 | +uInt n; | |
38621 | +{ | |
38622 | + zmemcpy(s->window, d, n); | |
38623 | + s->read = s->write = s->window + n; | |
38624 | +} | |
38625 | + | |
38626 | + | |
38627 | +/* Returns true if inflate is currently at the end of a block generated | |
38628 | + * by Z_SYNC_FLUSH or Z_FULL_FLUSH. | |
38629 | + * IN assertion: s != Z_NULL | |
38630 | + */ | |
38631 | +int inflate_blocks_sync_point(s) | |
38632 | +inflate_blocks_statef *s; | |
38633 | +{ | |
38634 | + return s->mode == LENS; | |
38635 | +} | |
38636 | diff -druN linux-noipsec/net/ipsec/zlib/infblock.h linux/net/ipsec/zlib/infblock.h | |
38637 | --- linux-noipsec/net/ipsec/zlib/infblock.h Thu Jan 1 01:00:00 1970 | |
38638 | +++ linux/net/ipsec/zlib/infblock.h Fri Sep 29 20:51:34 2000 | |
38639 | @@ -0,0 +1,39 @@ | |
38640 | +/* infblock.h -- header to use infblock.c | |
38641 | + * Copyright (C) 1995-1998 Mark Adler | |
38642 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
38643 | + */ | |
38644 | + | |
38645 | +/* WARNING: this file should *not* be used by applications. It is | |
38646 | + part of the implementation of the compression library and is | |
38647 | + subject to change. Applications should only use zlib.h. | |
38648 | + */ | |
38649 | + | |
38650 | +struct inflate_blocks_state; | |
38651 | +typedef struct inflate_blocks_state FAR inflate_blocks_statef; | |
38652 | + | |
38653 | +extern inflate_blocks_statef * inflate_blocks_new OF(( | |
38654 | + z_streamp z, | |
38655 | + check_func c, /* check function */ | |
38656 | + uInt w)); /* window size */ | |
38657 | + | |
38658 | +extern int inflate_blocks OF(( | |
38659 | + inflate_blocks_statef *, | |
38660 | + z_streamp , | |
38661 | + int)); /* initial return code */ | |
38662 | + | |
38663 | +extern void inflate_blocks_reset OF(( | |
38664 | + inflate_blocks_statef *, | |
38665 | + z_streamp , | |
38666 | + uLongf *)); /* check value on output */ | |
38667 | + | |
38668 | +extern int inflate_blocks_free OF(( | |
38669 | + inflate_blocks_statef *, | |
38670 | + z_streamp)); | |
38671 | + | |
38672 | +extern void inflate_set_dictionary OF(( | |
38673 | + inflate_blocks_statef *s, | |
38674 | + const Bytef *d, /* dictionary */ | |
38675 | + uInt n)); /* dictionary length */ | |
38676 | + | |
38677 | +extern int inflate_blocks_sync_point OF(( | |
38678 | + inflate_blocks_statef *s)); | |
38679 | diff -druN linux-noipsec/net/ipsec/zlib/infcodes.c linux/net/ipsec/zlib/infcodes.c | |
38680 | --- linux-noipsec/net/ipsec/zlib/infcodes.c Thu Jan 1 01:00:00 1970 | |
38681 | +++ linux/net/ipsec/zlib/infcodes.c Fri Sep 29 20:51:34 2000 | |
38682 | @@ -0,0 +1,257 @@ | |
38683 | +/* infcodes.c -- process literals and length/distance pairs | |
38684 | + * Copyright (C) 1995-1998 Mark Adler | |
38685 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
38686 | + */ | |
38687 | + | |
38688 | +#include "zutil.h" | |
38689 | +#include "inftrees.h" | |
38690 | +#include "infblock.h" | |
38691 | +#include "infcodes.h" | |
38692 | +#include "infutil.h" | |
38693 | +#include "inffast.h" | |
38694 | + | |
38695 | +/* simplify the use of the inflate_huft type with some defines */ | |
38696 | +#define exop word.what.Exop | |
38697 | +#define bits word.what.Bits | |
38698 | + | |
38699 | +typedef enum { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */ | |
38700 | + START, /* x: set up for LEN */ | |
38701 | + LEN, /* i: get length/literal/eob next */ | |
38702 | + LENEXT, /* i: getting length extra (have base) */ | |
38703 | + DIST, /* i: get distance next */ | |
38704 | + DISTEXT, /* i: getting distance extra */ | |
38705 | + COPY, /* o: copying bytes in window, waiting for space */ | |
38706 | + LIT, /* o: got literal, waiting for output space */ | |
38707 | + WASH, /* o: got eob, possibly still output waiting */ | |
38708 | + END, /* x: got eob and all data flushed */ | |
38709 | + BADCODE} /* x: got error */ | |
38710 | +inflate_codes_mode; | |
38711 | + | |
38712 | +/* inflate codes private state */ | |
38713 | +struct inflate_codes_state { | |
38714 | + | |
38715 | + /* mode */ | |
38716 | + inflate_codes_mode mode; /* current inflate_codes mode */ | |
38717 | + | |
38718 | + /* mode dependent information */ | |
38719 | + uInt len; | |
38720 | + union { | |
38721 | + struct { | |
38722 | + inflate_huft *tree; /* pointer into tree */ | |
38723 | + uInt need; /* bits needed */ | |
38724 | + } code; /* if LEN or DIST, where in tree */ | |
38725 | + uInt lit; /* if LIT, literal */ | |
38726 | + struct { | |
38727 | + uInt get; /* bits to get for extra */ | |
38728 | + uInt dist; /* distance back to copy from */ | |
38729 | + } copy; /* if EXT or COPY, where and how much */ | |
38730 | + } sub; /* submode */ | |
38731 | + | |
38732 | + /* mode independent information */ | |
38733 | + Byte lbits; /* ltree bits decoded per branch */ | |
38734 | + Byte dbits; /* dtree bits decoder per branch */ | |
38735 | + inflate_huft *ltree; /* literal/length/eob tree */ | |
38736 | + inflate_huft *dtree; /* distance tree */ | |
38737 | + | |
38738 | +}; | |
38739 | + | |
38740 | + | |
38741 | +inflate_codes_statef *inflate_codes_new(bl, bd, tl, td, z) | |
38742 | +uInt bl, bd; | |
38743 | +inflate_huft *tl; | |
38744 | +inflate_huft *td; /* need separate declaration for Borland C++ */ | |
38745 | +z_streamp z; | |
38746 | +{ | |
38747 | + inflate_codes_statef *c; | |
38748 | + | |
38749 | + if ((c = (inflate_codes_statef *) | |
38750 | + ZALLOC(z,1,sizeof(struct inflate_codes_state))) != Z_NULL) | |
38751 | + { | |
38752 | + c->mode = START; | |
38753 | + c->lbits = (Byte)bl; | |
38754 | + c->dbits = (Byte)bd; | |
38755 | + c->ltree = tl; | |
38756 | + c->dtree = td; | |
38757 | + Tracev((stderr, "inflate: codes new\n")); | |
38758 | + } | |
38759 | + return c; | |
38760 | +} | |
38761 | + | |
38762 | + | |
38763 | +int inflate_codes(s, z, r) | |
38764 | +inflate_blocks_statef *s; | |
38765 | +z_streamp z; | |
38766 | +int r; | |
38767 | +{ | |
38768 | + uInt j; /* temporary storage */ | |
38769 | + inflate_huft *t; /* temporary pointer */ | |
38770 | + uInt e; /* extra bits or operation */ | |
38771 | + uLong b; /* bit buffer */ | |
38772 | + uInt k; /* bits in bit buffer */ | |
38773 | + Bytef *p; /* input data pointer */ | |
38774 | + uInt n; /* bytes available there */ | |
38775 | + Bytef *q; /* output window write pointer */ | |
38776 | + uInt m; /* bytes to end of window or read pointer */ | |
38777 | + Bytef *f; /* pointer to copy strings from */ | |
38778 | + inflate_codes_statef *c = s->sub.decode.codes; /* codes state */ | |
38779 | + | |
38780 | + /* copy input/output information to locals (UPDATE macro restores) */ | |
38781 | + LOAD | |
38782 | + | |
38783 | + /* process input and output based on current state */ | |
38784 | + while (1) switch (c->mode) | |
38785 | + { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */ | |
38786 | + case START: /* x: set up for LEN */ | |
38787 | +#ifndef SLOW | |
38788 | + if (m >= 258 && n >= 10) | |
38789 | + { | |
38790 | + UPDATE | |
38791 | + r = inflate_fast(c->lbits, c->dbits, c->ltree, c->dtree, s, z); | |
38792 | + LOAD | |
38793 | + if (r != Z_OK) | |
38794 | + { | |
38795 | + c->mode = r == Z_STREAM_END ? WASH : BADCODE; | |
38796 | + break; | |
38797 | + } | |
38798 | + } | |
38799 | +#endif /* !SLOW */ | |
38800 | + c->sub.code.need = c->lbits; | |
38801 | + c->sub.code.tree = c->ltree; | |
38802 | + c->mode = LEN; | |
38803 | + case LEN: /* i: get length/literal/eob next */ | |
38804 | + j = c->sub.code.need; | |
38805 | + NEEDBITS(j) | |
38806 | + t = c->sub.code.tree + ((uInt)b & inflate_mask[j]); | |
38807 | + DUMPBITS(t->bits) | |
38808 | + e = (uInt)(t->exop); | |
38809 | + if (e == 0) /* literal */ | |
38810 | + { | |
38811 | + c->sub.lit = t->base; | |
38812 | + Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? | |
38813 | + "inflate: literal '%c'\n" : | |
38814 | + "inflate: literal 0x%02x\n", t->base)); | |
38815 | + c->mode = LIT; | |
38816 | + break; | |
38817 | + } | |
38818 | + if (e & 16) /* length */ | |
38819 | + { | |
38820 | + c->sub.copy.get = e & 15; | |
38821 | + c->len = t->base; | |
38822 | + c->mode = LENEXT; | |
38823 | + break; | |
38824 | + } | |
38825 | + if ((e & 64) == 0) /* next table */ | |
38826 | + { | |
38827 | + c->sub.code.need = e; | |
38828 | + c->sub.code.tree = t + t->base; | |
38829 | + break; | |
38830 | + } | |
38831 | + if (e & 32) /* end of block */ | |
38832 | + { | |
38833 | + Tracevv((stderr, "inflate: end of block\n")); | |
38834 | + c->mode = WASH; | |
38835 | + break; | |
38836 | + } | |
38837 | + c->mode = BADCODE; /* invalid code */ | |
38838 | + z->msg = (char*)"invalid literal/length code"; | |
38839 | + r = Z_DATA_ERROR; | |
38840 | + LEAVE | |
38841 | + case LENEXT: /* i: getting length extra (have base) */ | |
38842 | + j = c->sub.copy.get; | |
38843 | + NEEDBITS(j) | |
38844 | + c->len += (uInt)b & inflate_mask[j]; | |
38845 | + DUMPBITS(j) | |
38846 | + c->sub.code.need = c->dbits; | |
38847 | + c->sub.code.tree = c->dtree; | |
38848 | + Tracevv((stderr, "inflate: length %u\n", c->len)); | |
38849 | + c->mode = DIST; | |
38850 | + case DIST: /* i: get distance next */ | |
38851 | + j = c->sub.code.need; | |
38852 | + NEEDBITS(j) | |
38853 | + t = c->sub.code.tree + ((uInt)b & inflate_mask[j]); | |
38854 | + DUMPBITS(t->bits) | |
38855 | + e = (uInt)(t->exop); | |
38856 | + if (e & 16) /* distance */ | |
38857 | + { | |
38858 | + c->sub.copy.get = e & 15; | |
38859 | + c->sub.copy.dist = t->base; | |
38860 | + c->mode = DISTEXT; | |
38861 | + break; | |
38862 | + } | |
38863 | + if ((e & 64) == 0) /* next table */ | |
38864 | + { | |
38865 | + c->sub.code.need = e; | |
38866 | + c->sub.code.tree = t + t->base; | |
38867 | + break; | |
38868 | + } | |
38869 | + c->mode = BADCODE; /* invalid code */ | |
38870 | + z->msg = (char*)"invalid distance code"; | |
38871 | + r = Z_DATA_ERROR; | |
38872 | + LEAVE | |
38873 | + case DISTEXT: /* i: getting distance extra */ | |
38874 | + j = c->sub.copy.get; | |
38875 | + NEEDBITS(j) | |
38876 | + c->sub.copy.dist += (uInt)b & inflate_mask[j]; | |
38877 | + DUMPBITS(j) | |
38878 | + Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist)); | |
38879 | + c->mode = COPY; | |
38880 | + case COPY: /* o: copying bytes in window, waiting for space */ | |
38881 | +#ifndef __TURBOC__ /* Turbo C bug for following expression */ | |
38882 | + f = (uInt)(q - s->window) < c->sub.copy.dist ? | |
38883 | + s->end - (c->sub.copy.dist - (q - s->window)) : | |
38884 | + q - c->sub.copy.dist; | |
38885 | +#else | |
38886 | + f = q - c->sub.copy.dist; | |
38887 | + if ((uInt)(q - s->window) < c->sub.copy.dist) | |
38888 | + f = s->end - (c->sub.copy.dist - (uInt)(q - s->window)); | |
38889 | +#endif | |
38890 | + while (c->len) | |
38891 | + { | |
38892 | + NEEDOUT | |
38893 | + OUTBYTE(*f++) | |
38894 | + if (f == s->end) | |
38895 | + f = s->window; | |
38896 | + c->len--; | |
38897 | + } | |
38898 | + c->mode = START; | |
38899 | + break; | |
38900 | + case LIT: /* o: got literal, waiting for output space */ | |
38901 | + NEEDOUT | |
38902 | + OUTBYTE(c->sub.lit) | |
38903 | + c->mode = START; | |
38904 | + break; | |
38905 | + case WASH: /* o: got eob, possibly more output */ | |
38906 | + if (k > 7) /* return unused byte, if any */ | |
38907 | + { | |
38908 | + Assert(k < 16, "inflate_codes grabbed too many bytes") | |
38909 | + k -= 8; | |
38910 | + n++; | |
38911 | + p--; /* can always return one */ | |
38912 | + } | |
38913 | + FLUSH | |
38914 | + if (s->read != s->write) | |
38915 | + LEAVE | |
38916 | + c->mode = END; | |
38917 | + case END: | |
38918 | + r = Z_STREAM_END; | |
38919 | + LEAVE | |
38920 | + case BADCODE: /* x: got error */ | |
38921 | + r = Z_DATA_ERROR; | |
38922 | + LEAVE | |
38923 | + default: | |
38924 | + r = Z_STREAM_ERROR; | |
38925 | + LEAVE | |
38926 | + } | |
38927 | +#ifdef NEED_DUMMY_RETURN | |
38928 | + return Z_STREAM_ERROR; /* Some dumb compilers complain without this */ | |
38929 | +#endif | |
38930 | +} | |
38931 | + | |
38932 | + | |
38933 | +void inflate_codes_free(c, z) | |
38934 | +inflate_codes_statef *c; | |
38935 | +z_streamp z; | |
38936 | +{ | |
38937 | + ZFREE(z, c); | |
38938 | + Tracev((stderr, "inflate: codes free\n")); | |
38939 | +} | |
38940 | diff -druN linux-noipsec/net/ipsec/zlib/infcodes.h linux/net/ipsec/zlib/infcodes.h | |
38941 | --- linux-noipsec/net/ipsec/zlib/infcodes.h Thu Jan 1 01:00:00 1970 | |
38942 | +++ linux/net/ipsec/zlib/infcodes.h Fri Sep 29 20:51:34 2000 | |
38943 | @@ -0,0 +1,31 @@ | |
38944 | +/* infcodes.h -- header to use infcodes.c | |
38945 | + * Copyright (C) 1995-1998 Mark Adler | |
38946 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
38947 | + */ | |
38948 | + | |
38949 | +/* WARNING: this file should *not* be used by applications. It is | |
38950 | + part of the implementation of the compression library and is | |
38951 | + subject to change. Applications should only use zlib.h. | |
38952 | + */ | |
38953 | + | |
38954 | +#ifndef _INFCODES_H | |
38955 | +#define _INFCODES_H | |
38956 | + | |
38957 | +struct inflate_codes_state; | |
38958 | +typedef struct inflate_codes_state FAR inflate_codes_statef; | |
38959 | + | |
38960 | +extern inflate_codes_statef *inflate_codes_new OF(( | |
38961 | + uInt, uInt, | |
38962 | + inflate_huft *, inflate_huft *, | |
38963 | + z_streamp )); | |
38964 | + | |
38965 | +extern int inflate_codes OF(( | |
38966 | + inflate_blocks_statef *, | |
38967 | + z_streamp , | |
38968 | + int)); | |
38969 | + | |
38970 | +extern void inflate_codes_free OF(( | |
38971 | + inflate_codes_statef *, | |
38972 | + z_streamp )); | |
38973 | + | |
38974 | +#endif /* _INFCODES_H */ | |
38975 | diff -druN linux-noipsec/net/ipsec/zlib/inffast.c linux/net/ipsec/zlib/inffast.c | |
38976 | --- linux-noipsec/net/ipsec/zlib/inffast.c Thu Jan 1 01:00:00 1970 | |
38977 | +++ linux/net/ipsec/zlib/inffast.c Fri Sep 29 20:51:34 2000 | |
38978 | @@ -0,0 +1,170 @@ | |
38979 | +/* inffast.c -- process literals and length/distance pairs fast | |
38980 | + * Copyright (C) 1995-1998 Mark Adler | |
38981 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
38982 | + */ | |
38983 | + | |
38984 | +#include "zutil.h" | |
38985 | +#include "inftrees.h" | |
38986 | +#include "infblock.h" | |
38987 | +#include "infcodes.h" | |
38988 | +#include "infutil.h" | |
38989 | +#include "inffast.h" | |
38990 | + | |
38991 | +struct inflate_codes_state {int dummy;}; /* for buggy compilers */ | |
38992 | + | |
38993 | +/* simplify the use of the inflate_huft type with some defines */ | |
38994 | +#define exop word.what.Exop | |
38995 | +#define bits word.what.Bits | |
38996 | + | |
38997 | +/* macros for bit input with no checking and for returning unused bytes */ | |
38998 | +#define GRABBITS(j) {while(k<(j)){b|=((uLong)NEXTBYTE)<<k;k+=8;}} | |
38999 | +#define UNGRAB {c=z->avail_in-n;c=(k>>3)<c?k>>3:c;n+=c;p-=c;k-=c<<3;} | |
39000 | + | |
39001 | +/* Called with number of bytes left to write in window at least 258 | |
39002 | + (the maximum string length) and number of input bytes available | |
39003 | + at least ten. The ten bytes are six bytes for the longest length/ | |
39004 | + distance pair plus four bytes for overloading the bit buffer. */ | |
39005 | + | |
39006 | +int inflate_fast(bl, bd, tl, td, s, z) | |
39007 | +uInt bl, bd; | |
39008 | +inflate_huft *tl; | |
39009 | +inflate_huft *td; /* need separate declaration for Borland C++ */ | |
39010 | +inflate_blocks_statef *s; | |
39011 | +z_streamp z; | |
39012 | +{ | |
39013 | + inflate_huft *t; /* temporary pointer */ | |
39014 | + uInt e; /* extra bits or operation */ | |
39015 | + uLong b; /* bit buffer */ | |
39016 | + uInt k; /* bits in bit buffer */ | |
39017 | + Bytef *p; /* input data pointer */ | |
39018 | + uInt n; /* bytes available there */ | |
39019 | + Bytef *q; /* output window write pointer */ | |
39020 | + uInt m; /* bytes to end of window or read pointer */ | |
39021 | + uInt ml; /* mask for literal/length tree */ | |
39022 | + uInt md; /* mask for distance tree */ | |
39023 | + uInt c; /* bytes to copy */ | |
39024 | + uInt d; /* distance back to copy from */ | |
39025 | + Bytef *r; /* copy source pointer */ | |
39026 | + | |
39027 | + /* load input, output, bit values */ | |
39028 | + LOAD | |
39029 | + | |
39030 | + /* initialize masks */ | |
39031 | + ml = inflate_mask[bl]; | |
39032 | + md = inflate_mask[bd]; | |
39033 | + | |
39034 | + /* do until not enough input or output space for fast loop */ | |
39035 | + do { /* assume called with m >= 258 && n >= 10 */ | |
39036 | + /* get literal/length code */ | |
39037 | + GRABBITS(20) /* max bits for literal/length code */ | |
39038 | + if ((e = (t = tl + ((uInt)b & ml))->exop) == 0) | |
39039 | + { | |
39040 | + DUMPBITS(t->bits) | |
39041 | + Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? | |
39042 | + "inflate: * literal '%c'\n" : | |
39043 | + "inflate: * literal 0x%02x\n", t->base)); | |
39044 | + *q++ = (Byte)t->base; | |
39045 | + m--; | |
39046 | + continue; | |
39047 | + } | |
39048 | + do { | |
39049 | + DUMPBITS(t->bits) | |
39050 | + if (e & 16) | |
39051 | + { | |
39052 | + /* get extra bits for length */ | |
39053 | + e &= 15; | |
39054 | + c = t->base + ((uInt)b & inflate_mask[e]); | |
39055 | + DUMPBITS(e) | |
39056 | + Tracevv((stderr, "inflate: * length %u\n", c)); | |
39057 | + | |
39058 | + /* decode distance base of block to copy */ | |
39059 | + GRABBITS(15); /* max bits for distance code */ | |
39060 | + e = (t = td + ((uInt)b & md))->exop; | |
39061 | + do { | |
39062 | + DUMPBITS(t->bits) | |
39063 | + if (e & 16) | |
39064 | + { | |
39065 | + /* get extra bits to add to distance base */ | |
39066 | + e &= 15; | |
39067 | + GRABBITS(e) /* get extra bits (up to 13) */ | |
39068 | + d = t->base + ((uInt)b & inflate_mask[e]); | |
39069 | + DUMPBITS(e) | |
39070 | + Tracevv((stderr, "inflate: * distance %u\n", d)); | |
39071 | + | |
39072 | + /* do the copy */ | |
39073 | + m -= c; | |
39074 | + if ((uInt)(q - s->window) >= d) /* offset before dest */ | |
39075 | + { /* just copy */ | |
39076 | + r = q - d; | |
39077 | + *q++ = *r++; c--; /* minimum count is three, */ | |
39078 | + *q++ = *r++; c--; /* so unroll loop a little */ | |
39079 | + } | |
39080 | + else /* else offset after destination */ | |
39081 | + { | |
39082 | + e = d - (uInt)(q - s->window); /* bytes from offset to end */ | |
39083 | + r = s->end - e; /* pointer to offset */ | |
39084 | + if (c > e) /* if source crosses, */ | |
39085 | + { | |
39086 | + c -= e; /* copy to end of window */ | |
39087 | + do { | |
39088 | + *q++ = *r++; | |
39089 | + } while (--e); | |
39090 | + r = s->window; /* copy rest from start of window */ | |
39091 | + } | |
39092 | + } | |
39093 | + do { /* copy all or what's left */ | |
39094 | + *q++ = *r++; | |
39095 | + } while (--c); | |
39096 | + break; | |
39097 | + } | |
39098 | + else if ((e & 64) == 0) | |
39099 | + { | |
39100 | + t += t->base; | |
39101 | + e = (t += ((uInt)b & inflate_mask[e]))->exop; | |
39102 | + } | |
39103 | + else | |
39104 | + { | |
39105 | + z->msg = (char*)"invalid distance code"; | |
39106 | + UNGRAB | |
39107 | + UPDATE | |
39108 | + return Z_DATA_ERROR; | |
39109 | + } | |
39110 | + } while (1); | |
39111 | + break; | |
39112 | + } | |
39113 | + if ((e & 64) == 0) | |
39114 | + { | |
39115 | + t += t->base; | |
39116 | + if ((e = (t += ((uInt)b & inflate_mask[e]))->exop) == 0) | |
39117 | + { | |
39118 | + DUMPBITS(t->bits) | |
39119 | + Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? | |
39120 | + "inflate: * literal '%c'\n" : | |
39121 | + "inflate: * literal 0x%02x\n", t->base)); | |
39122 | + *q++ = (Byte)t->base; | |
39123 | + m--; | |
39124 | + break; | |
39125 | + } | |
39126 | + } | |
39127 | + else if (e & 32) | |
39128 | + { | |
39129 | + Tracevv((stderr, "inflate: * end of block\n")); | |
39130 | + UNGRAB | |
39131 | + UPDATE | |
39132 | + return Z_STREAM_END; | |
39133 | + } | |
39134 | + else | |
39135 | + { | |
39136 | + z->msg = (char*)"invalid literal/length code"; | |
39137 | + UNGRAB | |
39138 | + UPDATE | |
39139 | + return Z_DATA_ERROR; | |
39140 | + } | |
39141 | + } while (1); | |
39142 | + } while (m >= 258 && n >= 10); | |
39143 | + | |
39144 | + /* not enough input or output--restore pointers and return */ | |
39145 | + UNGRAB | |
39146 | + UPDATE | |
39147 | + return Z_OK; | |
39148 | +} | |
39149 | diff -druN linux-noipsec/net/ipsec/zlib/inffast.h linux/net/ipsec/zlib/inffast.h | |
39150 | --- linux-noipsec/net/ipsec/zlib/inffast.h Thu Jan 1 01:00:00 1970 | |
39151 | +++ linux/net/ipsec/zlib/inffast.h Fri Sep 29 20:51:34 2000 | |
39152 | @@ -0,0 +1,22 @@ | |
39153 | +/* inffast.h -- header to use inffast.c | |
39154 | + * Copyright (C) 1995-1998 Mark Adler | |
39155 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
39156 | + */ | |
39157 | + | |
39158 | +/* WARNING: this file should *not* be used by applications. It is | |
39159 | + part of the implementation of the compression library and is | |
39160 | + subject to change. Applications should only use zlib.h. | |
39161 | + */ | |
39162 | + | |
39163 | +#ifndef _INFFAST_H | |
39164 | +#define _INFFAST_H | |
39165 | + | |
39166 | +extern int inflate_fast OF(( | |
39167 | + uInt, | |
39168 | + uInt, | |
39169 | + inflate_huft *, | |
39170 | + inflate_huft *, | |
39171 | + inflate_blocks_statef *, | |
39172 | + z_streamp )); | |
39173 | + | |
39174 | +#endif /* _INFFAST_H */ | |
39175 | diff -druN linux-noipsec/net/ipsec/zlib/inffixed.h linux/net/ipsec/zlib/inffixed.h | |
39176 | --- linux-noipsec/net/ipsec/zlib/inffixed.h Thu Jan 1 01:00:00 1970 | |
39177 | +++ linux/net/ipsec/zlib/inffixed.h Fri Sep 29 20:51:34 2000 | |
39178 | @@ -0,0 +1,151 @@ | |
39179 | +/* inffixed.h -- table for decoding fixed codes | |
39180 | + * Generated automatically by the maketree.c program | |
39181 | + */ | |
39182 | + | |
39183 | +/* WARNING: this file should *not* be used by applications. It is | |
39184 | + part of the implementation of the compression library and is | |
39185 | + subject to change. Applications should only use zlib.h. | |
39186 | + */ | |
39187 | + | |
39188 | +local uInt fixed_bl = 9; | |
39189 | +local uInt fixed_bd = 5; | |
39190 | +local inflate_huft fixed_tl[] = { | |
39191 | + {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115}, | |
39192 | + {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},192}, | |
39193 | + {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},160}, | |
39194 | + {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},224}, | |
39195 | + {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},144}, | |
39196 | + {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},208}, | |
39197 | + {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},176}, | |
39198 | + {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},240}, | |
39199 | + {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227}, | |
39200 | + {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},200}, | |
39201 | + {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},168}, | |
39202 | + {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},232}, | |
39203 | + {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},152}, | |
39204 | + {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},216}, | |
39205 | + {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},184}, | |
39206 | + {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},248}, | |
39207 | + {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163}, | |
39208 | + {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},196}, | |
39209 | + {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},164}, | |
39210 | + {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},228}, | |
39211 | + {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},148}, | |
39212 | + {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},212}, | |
39213 | + {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},180}, | |
39214 | + {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},244}, | |
39215 | + {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0}, | |
39216 | + {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},204}, | |
39217 | + {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},172}, | |
39218 | + {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},236}, | |
39219 | + {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},156}, | |
39220 | + {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},220}, | |
39221 | + {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},188}, | |
39222 | + {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},252}, | |
39223 | + {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131}, | |
39224 | + {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},194}, | |
39225 | + {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},162}, | |
39226 | + {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},226}, | |
39227 | + {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},146}, | |
39228 | + {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},210}, | |
39229 | + {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},178}, | |
39230 | + {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},242}, | |
39231 | + {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258}, | |
39232 | + {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},202}, | |
39233 | + {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},170}, | |
39234 | + {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},234}, | |
39235 | + {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},154}, | |
39236 | + {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},218}, | |
39237 | + {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},186}, | |
39238 | + {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},250}, | |
39239 | + {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195}, | |
39240 | + {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},198}, | |
39241 | + {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},166}, | |
39242 | + {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},230}, | |
39243 | + {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},150}, | |
39244 | + {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},214}, | |
39245 | + {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},182}, | |
39246 | + {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},246}, | |
39247 | + {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0}, | |
39248 | + {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},206}, | |
39249 | + {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},174}, | |
39250 | + {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},238}, | |
39251 | + {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},158}, | |
39252 | + {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},222}, | |
39253 | + {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},190}, | |
39254 | + {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},254}, | |
39255 | + {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115}, | |
39256 | + {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},193}, | |
39257 | + {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},161}, | |
39258 | + {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},225}, | |
39259 | + {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},145}, | |
39260 | + {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},209}, | |
39261 | + {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},177}, | |
39262 | + {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},241}, | |
39263 | + {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227}, | |
39264 | + {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},201}, | |
39265 | + {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},169}, | |
39266 | + {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},233}, | |
39267 | + {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},153}, | |
39268 | + {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},217}, | |
39269 | + {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},185}, | |
39270 | + {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},249}, | |
39271 | + {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163}, | |
39272 | + {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},197}, | |
39273 | + {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},165}, | |
39274 | + {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},229}, | |
39275 | + {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},149}, | |
39276 | + {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},213}, | |
39277 | + {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},181}, | |
39278 | + {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},245}, | |
39279 | + {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0}, | |
39280 | + {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},205}, | |
39281 | + {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},173}, | |
39282 | + {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},237}, | |
39283 | + {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},157}, | |
39284 | + {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},221}, | |
39285 | + {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},189}, | |
39286 | + {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},253}, | |
39287 | + {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131}, | |
39288 | + {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},195}, | |
39289 | + {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},163}, | |
39290 | + {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},227}, | |
39291 | + {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},147}, | |
39292 | + {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},211}, | |
39293 | + {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},179}, | |
39294 | + {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},243}, | |
39295 | + {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258}, | |
39296 | + {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},203}, | |
39297 | + {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},171}, | |
39298 | + {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},235}, | |
39299 | + {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},155}, | |
39300 | + {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},219}, | |
39301 | + {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},187}, | |
39302 | + {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},251}, | |
39303 | + {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195}, | |
39304 | + {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},199}, | |
39305 | + {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},167}, | |
39306 | + {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},231}, | |
39307 | + {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},151}, | |
39308 | + {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},215}, | |
39309 | + {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},183}, | |
39310 | + {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},247}, | |
39311 | + {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0}, | |
39312 | + {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},207}, | |
39313 | + {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},175}, | |
39314 | + {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},239}, | |
39315 | + {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},159}, | |
39316 | + {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},223}, | |
39317 | + {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},191}, | |
39318 | + {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},255} | |
39319 | + }; | |
39320 | +local inflate_huft fixed_td[] = { | |
39321 | + {{{80,5}},1}, {{{87,5}},257}, {{{83,5}},17}, {{{91,5}},4097}, | |
39322 | + {{{81,5}},5}, {{{89,5}},1025}, {{{85,5}},65}, {{{93,5}},16385}, | |
39323 | + {{{80,5}},3}, {{{88,5}},513}, {{{84,5}},33}, {{{92,5}},8193}, | |
39324 | + {{{82,5}},9}, {{{90,5}},2049}, {{{86,5}},129}, {{{192,5}},24577}, | |
39325 | + {{{80,5}},2}, {{{87,5}},385}, {{{83,5}},25}, {{{91,5}},6145}, | |
39326 | + {{{81,5}},7}, {{{89,5}},1537}, {{{85,5}},97}, {{{93,5}},24577}, | |
39327 | + {{{80,5}},4}, {{{88,5}},769}, {{{84,5}},49}, {{{92,5}},12289}, | |
39328 | + {{{82,5}},13}, {{{90,5}},3073}, {{{86,5}},193}, {{{192,5}},24577} | |
39329 | + }; | |
39330 | diff -druN linux-noipsec/net/ipsec/zlib/inflate.c linux/net/ipsec/zlib/inflate.c | |
39331 | --- linux-noipsec/net/ipsec/zlib/inflate.c Thu Jan 1 01:00:00 1970 | |
39332 | +++ linux/net/ipsec/zlib/inflate.c Fri Sep 29 20:51:34 2000 | |
39333 | @@ -0,0 +1,368 @@ | |
39334 | +/* inflate.c -- zlib interface to inflate modules | |
39335 | + * Copyright (C) 1995-1998 Mark Adler | |
39336 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
39337 | + */ | |
39338 | + | |
39339 | +#include "zutil.h" | |
39340 | +#include "infblock.h" | |
39341 | + | |
39342 | +struct inflate_blocks_state {int dummy;}; /* for buggy compilers */ | |
39343 | + | |
39344 | +typedef enum { | |
39345 | + METHOD, /* waiting for method byte */ | |
39346 | + FLAG, /* waiting for flag byte */ | |
39347 | + DICT4, /* four dictionary check bytes to go */ | |
39348 | + DICT3, /* three dictionary check bytes to go */ | |
39349 | + DICT2, /* two dictionary check bytes to go */ | |
39350 | + DICT1, /* one dictionary check byte to go */ | |
39351 | + DICT0, /* waiting for inflateSetDictionary */ | |
39352 | + BLOCKS, /* decompressing blocks */ | |
39353 | + CHECK4, /* four check bytes to go */ | |
39354 | + CHECK3, /* three check bytes to go */ | |
39355 | + CHECK2, /* two check bytes to go */ | |
39356 | + CHECK1, /* one check byte to go */ | |
39357 | + DONE, /* finished check, done */ | |
39358 | + BAD} /* got an error--stay here */ | |
39359 | +inflate_mode; | |
39360 | + | |
39361 | +/* inflate private state */ | |
39362 | +struct internal_state { | |
39363 | + | |
39364 | + /* mode */ | |
39365 | + inflate_mode mode; /* current inflate mode */ | |
39366 | + | |
39367 | + /* mode dependent information */ | |
39368 | + union { | |
39369 | + uInt method; /* if FLAGS, method byte */ | |
39370 | + struct { | |
39371 | + uLong was; /* computed check value */ | |
39372 | + uLong need; /* stream check value */ | |
39373 | + } check; /* if CHECK, check values to compare */ | |
39374 | + uInt marker; /* if BAD, inflateSync's marker bytes count */ | |
39375 | + } sub; /* submode */ | |
39376 | + | |
39377 | + /* mode independent information */ | |
39378 | + int nowrap; /* flag for no wrapper */ | |
39379 | + uInt wbits; /* log2(window size) (8..15, defaults to 15) */ | |
39380 | + inflate_blocks_statef | |
39381 | + *blocks; /* current inflate_blocks state */ | |
39382 | + | |
39383 | +}; | |
39384 | + | |
39385 | + | |
39386 | +int ZEXPORT inflateReset(z) | |
39387 | +z_streamp z; | |
39388 | +{ | |
39389 | + if (z == Z_NULL || z->state == Z_NULL) | |
39390 | + return Z_STREAM_ERROR; | |
39391 | + z->total_in = z->total_out = 0; | |
39392 | + z->msg = Z_NULL; | |
39393 | + z->state->mode = z->state->nowrap ? BLOCKS : METHOD; | |
39394 | + inflate_blocks_reset(z->state->blocks, z, Z_NULL); | |
39395 | + Tracev((stderr, "inflate: reset\n")); | |
39396 | + return Z_OK; | |
39397 | +} | |
39398 | + | |
39399 | + | |
39400 | +int ZEXPORT inflateEnd(z) | |
39401 | +z_streamp z; | |
39402 | +{ | |
39403 | + if (z == Z_NULL || z->state == Z_NULL || z->zfree == Z_NULL) | |
39404 | + return Z_STREAM_ERROR; | |
39405 | + if (z->state->blocks != Z_NULL) | |
39406 | + inflate_blocks_free(z->state->blocks, z); | |
39407 | + ZFREE(z, z->state); | |
39408 | + z->state = Z_NULL; | |
39409 | + Tracev((stderr, "inflate: end\n")); | |
39410 | + return Z_OK; | |
39411 | +} | |
39412 | + | |
39413 | + | |
39414 | +int ZEXPORT inflateInit2_(z, w, version, stream_size) | |
39415 | +z_streamp z; | |
39416 | +int w; | |
39417 | +const char *version; | |
39418 | +int stream_size; | |
39419 | +{ | |
39420 | + if (version == Z_NULL || version[0] != ZLIB_VERSION[0] || | |
39421 | + stream_size != sizeof(z_stream)) | |
39422 | + return Z_VERSION_ERROR; | |
39423 | + | |
39424 | + /* initialize state */ | |
39425 | + if (z == Z_NULL) | |
39426 | + return Z_STREAM_ERROR; | |
39427 | + z->msg = Z_NULL; | |
39428 | + if (z->zalloc == Z_NULL) | |
39429 | + { | |
39430 | + return Z_STREAM_ERROR; | |
39431 | +/* z->zalloc = zcalloc; | |
39432 | + z->opaque = (voidpf)0; | |
39433 | +*/ | |
39434 | + } | |
39435 | + if (z->zfree == Z_NULL) return Z_STREAM_ERROR; /* z->zfree = zcfree; */ | |
39436 | + if ((z->state = (struct internal_state FAR *) | |
39437 | + ZALLOC(z,1,sizeof(struct internal_state))) == Z_NULL) | |
39438 | + return Z_MEM_ERROR; | |
39439 | + z->state->blocks = Z_NULL; | |
39440 | + | |
39441 | + /* handle undocumented nowrap option (no zlib header or check) */ | |
39442 | + z->state->nowrap = 0; | |
39443 | + if (w < 0) | |
39444 | + { | |
39445 | + w = - w; | |
39446 | + z->state->nowrap = 1; | |
39447 | + } | |
39448 | + | |
39449 | + /* set window size */ | |
39450 | + if (w < 8 || w > 15) | |
39451 | + { | |
39452 | + inflateEnd(z); | |
39453 | + return Z_STREAM_ERROR; | |
39454 | + } | |
39455 | + z->state->wbits = (uInt)w; | |
39456 | + | |
39457 | + /* create inflate_blocks state */ | |
39458 | + if ((z->state->blocks = | |
39459 | + inflate_blocks_new(z, z->state->nowrap ? Z_NULL : adler32, (uInt)1 << w)) | |
39460 | + == Z_NULL) | |
39461 | + { | |
39462 | + inflateEnd(z); | |
39463 | + return Z_MEM_ERROR; | |
39464 | + } | |
39465 | + Tracev((stderr, "inflate: allocated\n")); | |
39466 | + | |
39467 | + /* reset state */ | |
39468 | + inflateReset(z); | |
39469 | + return Z_OK; | |
39470 | +} | |
39471 | + | |
39472 | + | |
39473 | +int ZEXPORT inflateInit_(z, version, stream_size) | |
39474 | +z_streamp z; | |
39475 | +const char *version; | |
39476 | +int stream_size; | |
39477 | +{ | |
39478 | + return inflateInit2_(z, DEF_WBITS, version, stream_size); | |
39479 | +} | |
39480 | + | |
39481 | + | |
39482 | +#define NEEDBYTE {if(z->avail_in==0)return r;r=f;} | |
39483 | +#define NEXTBYTE (z->avail_in--,z->total_in++,*z->next_in++) | |
39484 | + | |
39485 | +int ZEXPORT inflate(z, f) | |
39486 | +z_streamp z; | |
39487 | +int f; | |
39488 | +{ | |
39489 | + int r; | |
39490 | + uInt b; | |
39491 | + | |
39492 | + if (z == Z_NULL || z->state == Z_NULL || z->next_in == Z_NULL) | |
39493 | + return Z_STREAM_ERROR; | |
39494 | + f = f == Z_FINISH ? Z_BUF_ERROR : Z_OK; | |
39495 | + r = Z_BUF_ERROR; | |
39496 | + while (1) switch (z->state->mode) | |
39497 | + { | |
39498 | + case METHOD: | |
39499 | + NEEDBYTE | |
39500 | + if (((z->state->sub.method = NEXTBYTE) & 0xf) != Z_DEFLATED) | |
39501 | + { | |
39502 | + z->state->mode = BAD; | |
39503 | + z->msg = (char*)"unknown compression method"; | |
39504 | + z->state->sub.marker = 5; /* can't try inflateSync */ | |
39505 | + break; | |
39506 | + } | |
39507 | + if ((z->state->sub.method >> 4) + 8 > z->state->wbits) | |
39508 | + { | |
39509 | + z->state->mode = BAD; | |
39510 | + z->msg = (char*)"invalid window size"; | |
39511 | + z->state->sub.marker = 5; /* can't try inflateSync */ | |
39512 | + break; | |
39513 | + } | |
39514 | + z->state->mode = FLAG; | |
39515 | + case FLAG: | |
39516 | + NEEDBYTE | |
39517 | + b = NEXTBYTE; | |
39518 | + if (((z->state->sub.method << 8) + b) % 31) | |
39519 | + { | |
39520 | + z->state->mode = BAD; | |
39521 | + z->msg = (char*)"incorrect header check"; | |
39522 | + z->state->sub.marker = 5; /* can't try inflateSync */ | |
39523 | + break; | |
39524 | + } | |
39525 | + Tracev((stderr, "inflate: zlib header ok\n")); | |
39526 | + if (!(b & PRESET_DICT)) | |
39527 | + { | |
39528 | + z->state->mode = BLOCKS; | |
39529 | + break; | |
39530 | + } | |
39531 | + z->state->mode = DICT4; | |
39532 | + case DICT4: | |
39533 | + NEEDBYTE | |
39534 | + z->state->sub.check.need = (uLong)NEXTBYTE << 24; | |
39535 | + z->state->mode = DICT3; | |
39536 | + case DICT3: | |
39537 | + NEEDBYTE | |
39538 | + z->state->sub.check.need += (uLong)NEXTBYTE << 16; | |
39539 | + z->state->mode = DICT2; | |
39540 | + case DICT2: | |
39541 | + NEEDBYTE | |
39542 | + z->state->sub.check.need += (uLong)NEXTBYTE << 8; | |
39543 | + z->state->mode = DICT1; | |
39544 | + case DICT1: | |
39545 | + NEEDBYTE | |
39546 | + z->state->sub.check.need += (uLong)NEXTBYTE; | |
39547 | + z->adler = z->state->sub.check.need; | |
39548 | + z->state->mode = DICT0; | |
39549 | + return Z_NEED_DICT; | |
39550 | + case DICT0: | |
39551 | + z->state->mode = BAD; | |
39552 | + z->msg = (char*)"need dictionary"; | |
39553 | + z->state->sub.marker = 0; /* can try inflateSync */ | |
39554 | + return Z_STREAM_ERROR; | |
39555 | + case BLOCKS: | |
39556 | + r = inflate_blocks(z->state->blocks, z, r); | |
39557 | + if (r == Z_DATA_ERROR) | |
39558 | + { | |
39559 | + z->state->mode = BAD; | |
39560 | + z->state->sub.marker = 0; /* can try inflateSync */ | |
39561 | + break; | |
39562 | + } | |
39563 | + if (r == Z_OK) | |
39564 | + r = f; | |
39565 | + if (r != Z_STREAM_END) | |
39566 | + return r; | |
39567 | + r = f; | |
39568 | + inflate_blocks_reset(z->state->blocks, z, &z->state->sub.check.was); | |
39569 | + if (z->state->nowrap) | |
39570 | + { | |
39571 | + z->state->mode = DONE; | |
39572 | + break; | |
39573 | + } | |
39574 | + z->state->mode = CHECK4; | |
39575 | + case CHECK4: | |
39576 | + NEEDBYTE | |
39577 | + z->state->sub.check.need = (uLong)NEXTBYTE << 24; | |
39578 | + z->state->mode = CHECK3; | |
39579 | + case CHECK3: | |
39580 | + NEEDBYTE | |
39581 | + z->state->sub.check.need += (uLong)NEXTBYTE << 16; | |
39582 | + z->state->mode = CHECK2; | |
39583 | + case CHECK2: | |
39584 | + NEEDBYTE | |
39585 | + z->state->sub.check.need += (uLong)NEXTBYTE << 8; | |
39586 | + z->state->mode = CHECK1; | |
39587 | + case CHECK1: | |
39588 | + NEEDBYTE | |
39589 | + z->state->sub.check.need += (uLong)NEXTBYTE; | |
39590 | + | |
39591 | + if (z->state->sub.check.was != z->state->sub.check.need) | |
39592 | + { | |
39593 | + z->state->mode = BAD; | |
39594 | + z->msg = (char*)"incorrect data check"; | |
39595 | + z->state->sub.marker = 5; /* can't try inflateSync */ | |
39596 | + break; | |
39597 | + } | |
39598 | + Tracev((stderr, "inflate: zlib check ok\n")); | |
39599 | + z->state->mode = DONE; | |
39600 | + case DONE: | |
39601 | + return Z_STREAM_END; | |
39602 | + case BAD: | |
39603 | + return Z_DATA_ERROR; | |
39604 | + default: | |
39605 | + return Z_STREAM_ERROR; | |
39606 | + } | |
39607 | +#ifdef NEED_DUMMY_RETURN | |
39608 | + return Z_STREAM_ERROR; /* Some dumb compilers complain without this */ | |
39609 | +#endif | |
39610 | +} | |
39611 | + | |
39612 | + | |
39613 | +int ZEXPORT inflateSetDictionary(z, dictionary, dictLength) | |
39614 | +z_streamp z; | |
39615 | +const Bytef *dictionary; | |
39616 | +uInt dictLength; | |
39617 | +{ | |
39618 | + uInt length = dictLength; | |
39619 | + | |
39620 | + if (z == Z_NULL || z->state == Z_NULL || z->state->mode != DICT0) | |
39621 | + return Z_STREAM_ERROR; | |
39622 | + | |
39623 | + if (adler32(1L, dictionary, dictLength) != z->adler) return Z_DATA_ERROR; | |
39624 | + z->adler = 1L; | |
39625 | + | |
39626 | + if (length >= ((uInt)1<<z->state->wbits)) | |
39627 | + { | |
39628 | + length = (1<<z->state->wbits)-1; | |
39629 | + dictionary += dictLength - length; | |
39630 | + } | |
39631 | + inflate_set_dictionary(z->state->blocks, dictionary, length); | |
39632 | + z->state->mode = BLOCKS; | |
39633 | + return Z_OK; | |
39634 | +} | |
39635 | + | |
39636 | + | |
39637 | +int ZEXPORT inflateSync(z) | |
39638 | +z_streamp z; | |
39639 | +{ | |
39640 | + uInt n; /* number of bytes to look at */ | |
39641 | + Bytef *p; /* pointer to bytes */ | |
39642 | + uInt m; /* number of marker bytes found in a row */ | |
39643 | + uLong r, w; /* temporaries to save total_in and total_out */ | |
39644 | + | |
39645 | + /* set up */ | |
39646 | + if (z == Z_NULL || z->state == Z_NULL) | |
39647 | + return Z_STREAM_ERROR; | |
39648 | + if (z->state->mode != BAD) | |
39649 | + { | |
39650 | + z->state->mode = BAD; | |
39651 | + z->state->sub.marker = 0; | |
39652 | + } | |
39653 | + if ((n = z->avail_in) == 0) | |
39654 | + return Z_BUF_ERROR; | |
39655 | + p = z->next_in; | |
39656 | + m = z->state->sub.marker; | |
39657 | + | |
39658 | + /* search */ | |
39659 | + while (n && m < 4) | |
39660 | + { | |
39661 | + static const Byte mark[4] = {0, 0, 0xff, 0xff}; | |
39662 | + if (*p == mark[m]) | |
39663 | + m++; | |
39664 | + else if (*p) | |
39665 | + m = 0; | |
39666 | + else | |
39667 | + m = 4 - m; | |
39668 | + p++, n--; | |
39669 | + } | |
39670 | + | |
39671 | + /* restore */ | |
39672 | + z->total_in += p - z->next_in; | |
39673 | + z->next_in = p; | |
39674 | + z->avail_in = n; | |
39675 | + z->state->sub.marker = m; | |
39676 | + | |
39677 | + /* return no joy or set up to restart on a new block */ | |
39678 | + if (m != 4) | |
39679 | + return Z_DATA_ERROR; | |
39680 | + r = z->total_in; w = z->total_out; | |
39681 | + inflateReset(z); | |
39682 | + z->total_in = r; z->total_out = w; | |
39683 | + z->state->mode = BLOCKS; | |
39684 | + return Z_OK; | |
39685 | +} | |
39686 | + | |
39687 | + | |
39688 | +/* Returns true if inflate is currently at the end of a block generated | |
39689 | + * by Z_SYNC_FLUSH or Z_FULL_FLUSH. This function is used by one PPP | |
39690 | + * implementation to provide an additional safety check. PPP uses Z_SYNC_FLUSH | |
39691 | + * but removes the length bytes of the resulting empty stored block. When | |
39692 | + * decompressing, PPP checks that at the end of input packet, inflate is | |
39693 | + * waiting for these length bytes. | |
39694 | + */ | |
39695 | +int ZEXPORT inflateSyncPoint(z) | |
39696 | +z_streamp z; | |
39697 | +{ | |
39698 | + if (z == Z_NULL || z->state == Z_NULL || z->state->blocks == Z_NULL) | |
39699 | + return Z_STREAM_ERROR; | |
39700 | + return inflate_blocks_sync_point(z->state->blocks); | |
39701 | +} | |
39702 | diff -druN linux-noipsec/net/ipsec/zlib/inftrees.c linux/net/ipsec/zlib/inftrees.c | |
39703 | --- linux-noipsec/net/ipsec/zlib/inftrees.c Thu Jan 1 01:00:00 1970 | |
39704 | +++ linux/net/ipsec/zlib/inftrees.c Fri Sep 29 20:51:34 2000 | |
39705 | @@ -0,0 +1,455 @@ | |
39706 | +/* inftrees.c -- generate Huffman trees for efficient decoding | |
39707 | + * Copyright (C) 1995-1998 Mark Adler | |
39708 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
39709 | + */ | |
39710 | + | |
39711 | +#include "zutil.h" | |
39712 | +#include "inftrees.h" | |
39713 | + | |
39714 | +#if !defined(BUILDFIXED) && !defined(STDC) | |
39715 | +# define BUILDFIXED /* non ANSI compilers may not accept inffixed.h */ | |
39716 | +#endif | |
39717 | + | |
39718 | +local const char inflate_copyright[] = | |
39719 | + " inflate 1.1.3 Copyright 1995-1998 Mark Adler "; | |
39720 | +/* | |
39721 | + If you use the zlib library in a product, an acknowledgment is welcome | |
39722 | + in the documentation of your product. If for some reason you cannot | |
39723 | + include such an acknowledgment, I would appreciate that you keep this | |
39724 | + copyright string in the executable of your product. | |
39725 | + */ | |
39726 | +struct internal_state {int dummy;}; /* for buggy compilers */ | |
39727 | + | |
39728 | +/* simplify the use of the inflate_huft type with some defines */ | |
39729 | +#define exop word.what.Exop | |
39730 | +#define bits word.what.Bits | |
39731 | + | |
39732 | + | |
39733 | +local int huft_build OF(( | |
39734 | + uIntf *, /* code lengths in bits */ | |
39735 | + uInt, /* number of codes */ | |
39736 | + uInt, /* number of "simple" codes */ | |
39737 | + const uIntf *, /* list of base values for non-simple codes */ | |
39738 | + const uIntf *, /* list of extra bits for non-simple codes */ | |
39739 | + inflate_huft * FAR*,/* result: starting table */ | |
39740 | + uIntf *, /* maximum lookup bits (returns actual) */ | |
39741 | + inflate_huft *, /* space for trees */ | |
39742 | + uInt *, /* hufts used in space */ | |
39743 | + uIntf * )); /* space for values */ | |
39744 | + | |
39745 | +/* Tables for deflate from PKZIP's appnote.txt. */ | |
39746 | +local const uInt cplens[31] = { /* Copy lengths for literal codes 257..285 */ | |
39747 | + 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, | |
39748 | + 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; | |
39749 | + /* see note #13 above about 258 */ | |
39750 | +local const uInt cplext[31] = { /* Extra bits for literal codes 257..285 */ | |
39751 | + 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, | |
39752 | + 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 112, 112}; /* 112==invalid */ | |
39753 | +local const uInt cpdist[30] = { /* Copy offsets for distance codes 0..29 */ | |
39754 | + 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, | |
39755 | + 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, | |
39756 | + 8193, 12289, 16385, 24577}; | |
39757 | +local const uInt cpdext[30] = { /* Extra bits for distance codes */ | |
39758 | + 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, | |
39759 | + 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, | |
39760 | + 12, 12, 13, 13}; | |
39761 | + | |
39762 | +/* | |
39763 | + Huffman code decoding is performed using a multi-level table lookup. | |
39764 | + The fastest way to decode is to simply build a lookup table whose | |
39765 | + size is determined by the longest code. However, the time it takes | |
39766 | + to build this table can also be a factor if the data being decoded | |
39767 | + is not very long. The most common codes are necessarily the | |
39768 | + shortest codes, so those codes dominate the decoding time, and hence | |
39769 | + the speed. The idea is you can have a shorter table that decodes the | |
39770 | + shorter, more probable codes, and then point to subsidiary tables for | |
39771 | + the longer codes. The time it costs to decode the longer codes is | |
39772 | + then traded against the time it takes to make longer tables. | |
39773 | + | |
39774 | + This results of this trade are in the variables lbits and dbits | |
39775 | + below. lbits is the number of bits the first level table for literal/ | |
39776 | + length codes can decode in one step, and dbits is the same thing for | |
39777 | + the distance codes. Subsequent tables are also less than or equal to | |
39778 | + those sizes. These values may be adjusted either when all of the | |
39779 | + codes are shorter than that, in which case the longest code length in | |
39780 | + bits is used, or when the shortest code is *longer* than the requested | |
39781 | + table size, in which case the length of the shortest code in bits is | |
39782 | + used. | |
39783 | + | |
39784 | + There are two different values for the two tables, since they code a | |
39785 | + different number of possibilities each. The literal/length table | |
39786 | + codes 286 possible values, or in a flat code, a little over eight | |
39787 | + bits. The distance table codes 30 possible values, or a little less | |
39788 | + than five bits, flat. The optimum values for speed end up being | |
39789 | + about one bit more than those, so lbits is 8+1 and dbits is 5+1. | |
39790 | + The optimum values may differ though from machine to machine, and | |
39791 | + possibly even between compilers. Your mileage may vary. | |
39792 | + */ | |
39793 | + | |
39794 | + | |
39795 | +/* If BMAX needs to be larger than 16, then h and x[] should be uLong. */ | |
39796 | +#define BMAX 15 /* maximum bit length of any code */ | |
39797 | + | |
39798 | +local int huft_build(b, n, s, d, e, t, m, hp, hn, v) | |
39799 | +uIntf *b; /* code lengths in bits (all assumed <= BMAX) */ | |
39800 | +uInt n; /* number of codes (assumed <= 288) */ | |
39801 | +uInt s; /* number of simple-valued codes (0..s-1) */ | |
39802 | +const uIntf *d; /* list of base values for non-simple codes */ | |
39803 | +const uIntf *e; /* list of extra bits for non-simple codes */ | |
39804 | +inflate_huft * FAR *t; /* result: starting table */ | |
39805 | +uIntf *m; /* maximum lookup bits, returns actual */ | |
39806 | +inflate_huft *hp; /* space for trees */ | |
39807 | +uInt *hn; /* hufts used in space */ | |
39808 | +uIntf *v; /* working area: values in order of bit length */ | |
39809 | +/* Given a list of code lengths and a maximum table size, make a set of | |
39810 | + tables to decode that set of codes. Return Z_OK on success, Z_BUF_ERROR | |
39811 | + if the given code set is incomplete (the tables are still built in this | |
39812 | + case), Z_DATA_ERROR if the input is invalid (an over-subscribed set of | |
39813 | + lengths), or Z_MEM_ERROR if not enough memory. */ | |
39814 | +{ | |
39815 | + | |
39816 | + uInt a; /* counter for codes of length k */ | |
39817 | + uInt c[BMAX+1]; /* bit length count table */ | |
39818 | + uInt f; /* i repeats in table every f entries */ | |
39819 | + int g; /* maximum code length */ | |
39820 | + int h; /* table level */ | |
39821 | + register uInt i; /* counter, current code */ | |
39822 | + register uInt j; /* counter */ | |
39823 | + register int k; /* number of bits in current code */ | |
39824 | + int l; /* bits per table (returned in m) */ | |
39825 | + uInt mask; /* (1 << w) - 1, to avoid cc -O bug on HP */ | |
39826 | + register uIntf *p; /* pointer into c[], b[], or v[] */ | |
39827 | + inflate_huft *q; /* points to current table */ | |
39828 | + struct inflate_huft_s r; /* table entry for structure assignment */ | |
39829 | + inflate_huft *u[BMAX]; /* table stack */ | |
39830 | + register int w; /* bits before this table == (l * h) */ | |
39831 | + uInt x[BMAX+1]; /* bit offsets, then code stack */ | |
39832 | + uIntf *xp; /* pointer into x */ | |
39833 | + int y; /* number of dummy codes added */ | |
39834 | + uInt z; /* number of entries in current table */ | |
39835 | + | |
39836 | + | |
39837 | + /* Generate counts for each bit length */ | |
39838 | + p = c; | |
39839 | +#define C0 *p++ = 0; | |
39840 | +#define C2 C0 C0 C0 C0 | |
39841 | +#define C4 C2 C2 C2 C2 | |
39842 | + C4 /* clear c[]--assume BMAX+1 is 16 */ | |
39843 | + p = b; i = n; | |
39844 | + do { | |
39845 | + c[*p++]++; /* assume all entries <= BMAX */ | |
39846 | + } while (--i); | |
39847 | + if (c[0] == n) /* null input--all zero length codes */ | |
39848 | + { | |
39849 | + *t = (inflate_huft *)Z_NULL; | |
39850 | + *m = 0; | |
39851 | + return Z_OK; | |
39852 | + } | |
39853 | + | |
39854 | + | |
39855 | + /* Find minimum and maximum length, bound *m by those */ | |
39856 | + l = *m; | |
39857 | + for (j = 1; j <= BMAX; j++) | |
39858 | + if (c[j]) | |
39859 | + break; | |
39860 | + k = j; /* minimum code length */ | |
39861 | + if ((uInt)l < j) | |
39862 | + l = j; | |
39863 | + for (i = BMAX; i; i--) | |
39864 | + if (c[i]) | |
39865 | + break; | |
39866 | + g = i; /* maximum code length */ | |
39867 | + if ((uInt)l > i) | |
39868 | + l = i; | |
39869 | + *m = l; | |
39870 | + | |
39871 | + | |
39872 | + /* Adjust last length count to fill out codes, if needed */ | |
39873 | + for (y = 1 << j; j < i; j++, y <<= 1) | |
39874 | + if ((y -= c[j]) < 0) | |
39875 | + return Z_DATA_ERROR; | |
39876 | + if ((y -= c[i]) < 0) | |
39877 | + return Z_DATA_ERROR; | |
39878 | + c[i] += y; | |
39879 | + | |
39880 | + | |
39881 | + /* Generate starting offsets into the value table for each length */ | |
39882 | + x[1] = j = 0; | |
39883 | + p = c + 1; xp = x + 2; | |
39884 | + while (--i) { /* note that i == g from above */ | |
39885 | + *xp++ = (j += *p++); | |
39886 | + } | |
39887 | + | |
39888 | + | |
39889 | + /* Make a table of values in order of bit lengths */ | |
39890 | + p = b; i = 0; | |
39891 | + do { | |
39892 | + if ((j = *p++) != 0) | |
39893 | + v[x[j]++] = i; | |
39894 | + } while (++i < n); | |
39895 | + n = x[g]; /* set n to length of v */ | |
39896 | + | |
39897 | + | |
39898 | + /* Generate the Huffman codes and for each, make the table entries */ | |
39899 | + x[0] = i = 0; /* first Huffman code is zero */ | |
39900 | + p = v; /* grab values in bit order */ | |
39901 | + h = -1; /* no tables yet--level -1 */ | |
39902 | + w = -l; /* bits decoded == (l * h) */ | |
39903 | + u[0] = (inflate_huft *)Z_NULL; /* just to keep compilers happy */ | |
39904 | + q = (inflate_huft *)Z_NULL; /* ditto */ | |
39905 | + z = 0; /* ditto */ | |
39906 | + | |
39907 | + /* go through the bit lengths (k already is bits in shortest code) */ | |
39908 | + for (; k <= g; k++) | |
39909 | + { | |
39910 | + a = c[k]; | |
39911 | + while (a--) | |
39912 | + { | |
39913 | + /* here i is the Huffman code of length k bits for value *p */ | |
39914 | + /* make tables up to required level */ | |
39915 | + while (k > w + l) | |
39916 | + { | |
39917 | + h++; | |
39918 | + w += l; /* previous table always l bits */ | |
39919 | + | |
39920 | + /* compute minimum size table less than or equal to l bits */ | |
39921 | + z = g - w; | |
39922 | + z = z > (uInt)l ? l : z; /* table size upper limit */ | |
39923 | + if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */ | |
39924 | + { /* too few codes for k-w bit table */ | |
39925 | + f -= a + 1; /* deduct codes from patterns left */ | |
39926 | + xp = c + k; | |
39927 | + if (j < z) | |
39928 | + while (++j < z) /* try smaller tables up to z bits */ | |
39929 | + { | |
39930 | + if ((f <<= 1) <= *++xp) | |
39931 | + break; /* enough codes to use up j bits */ | |
39932 | + f -= *xp; /* else deduct codes from patterns */ | |
39933 | + } | |
39934 | + } | |
39935 | + z = 1 << j; /* table entries for j-bit table */ | |
39936 | + | |
39937 | + /* allocate new table */ | |
39938 | + if (*hn + z > MANY) /* (note: doesn't matter for fixed) */ | |
39939 | + return Z_MEM_ERROR; /* not enough memory */ | |
39940 | + u[h] = q = hp + *hn; | |
39941 | + *hn += z; | |
39942 | + | |
39943 | + /* connect to last table, if there is one */ | |
39944 | + if (h) | |
39945 | + { | |
39946 | + x[h] = i; /* save pattern for backing up */ | |
39947 | + r.bits = (Byte)l; /* bits to dump before this table */ | |
39948 | + r.exop = (Byte)j; /* bits in this table */ | |
39949 | + j = i >> (w - l); | |
39950 | + r.base = (uInt)(q - u[h-1] - j); /* offset to this table */ | |
39951 | + u[h-1][j] = r; /* connect to last table */ | |
39952 | + } | |
39953 | + else | |
39954 | + *t = q; /* first table is returned result */ | |
39955 | + } | |
39956 | + | |
39957 | + /* set up table entry in r */ | |
39958 | + r.bits = (Byte)(k - w); | |
39959 | + if (p >= v + n) | |
39960 | + r.exop = 128 + 64; /* out of values--invalid code */ | |
39961 | + else if (*p < s) | |
39962 | + { | |
39963 | + r.exop = (Byte)(*p < 256 ? 0 : 32 + 64); /* 256 is end-of-block */ | |
39964 | + r.base = *p++; /* simple code is just the value */ | |
39965 | + } | |
39966 | + else | |
39967 | + { | |
39968 | + r.exop = (Byte)(e[*p - s] + 16 + 64);/* non-simple--look up in lists */ | |
39969 | + r.base = d[*p++ - s]; | |
39970 | + } | |
39971 | + | |
39972 | + /* fill code-like entries with r */ | |
39973 | + f = 1 << (k - w); | |
39974 | + for (j = i >> w; j < z; j += f) | |
39975 | + q[j] = r; | |
39976 | + | |
39977 | + /* backwards increment the k-bit code i */ | |
39978 | + for (j = 1 << (k - 1); i & j; j >>= 1) | |
39979 | + i ^= j; | |
39980 | + i ^= j; | |
39981 | + | |
39982 | + /* backup over finished tables */ | |
39983 | + mask = (1 << w) - 1; /* needed on HP, cc -O bug */ | |
39984 | + while ((i & mask) != x[h]) | |
39985 | + { | |
39986 | + h--; /* don't need to update q */ | |
39987 | + w -= l; | |
39988 | + mask = (1 << w) - 1; | |
39989 | + } | |
39990 | + } | |
39991 | + } | |
39992 | + | |
39993 | + | |
39994 | + /* Return Z_BUF_ERROR if we were given an incomplete table */ | |
39995 | + return y != 0 && g != 1 ? Z_BUF_ERROR : Z_OK; | |
39996 | +} | |
39997 | + | |
39998 | + | |
39999 | +int inflate_trees_bits(c, bb, tb, hp, z) | |
40000 | +uIntf *c; /* 19 code lengths */ | |
40001 | +uIntf *bb; /* bits tree desired/actual depth */ | |
40002 | +inflate_huft * FAR *tb; /* bits tree result */ | |
40003 | +inflate_huft *hp; /* space for trees */ | |
40004 | +z_streamp z; /* for messages */ | |
40005 | +{ | |
40006 | + int r; | |
40007 | + uInt hn = 0; /* hufts used in space */ | |
40008 | + uIntf *v; /* work area for huft_build */ | |
40009 | + | |
40010 | + if ((v = (uIntf*)ZALLOC(z, 19, sizeof(uInt))) == Z_NULL) | |
40011 | + return Z_MEM_ERROR; | |
40012 | + r = huft_build(c, 19, 19, (uIntf*)Z_NULL, (uIntf*)Z_NULL, | |
40013 | + tb, bb, hp, &hn, v); | |
40014 | + if (r == Z_DATA_ERROR) | |
40015 | + z->msg = (char*)"oversubscribed dynamic bit lengths tree"; | |
40016 | + else if (r == Z_BUF_ERROR || *bb == 0) | |
40017 | + { | |
40018 | + z->msg = (char*)"incomplete dynamic bit lengths tree"; | |
40019 | + r = Z_DATA_ERROR; | |
40020 | + } | |
40021 | + ZFREE(z, v); | |
40022 | + return r; | |
40023 | +} | |
40024 | + | |
40025 | + | |
40026 | +int inflate_trees_dynamic(nl, nd, c, bl, bd, tl, td, hp, z) | |
40027 | +uInt nl; /* number of literal/length codes */ | |
40028 | +uInt nd; /* number of distance codes */ | |
40029 | +uIntf *c; /* that many (total) code lengths */ | |
40030 | +uIntf *bl; /* literal desired/actual bit depth */ | |
40031 | +uIntf *bd; /* distance desired/actual bit depth */ | |
40032 | +inflate_huft * FAR *tl; /* literal/length tree result */ | |
40033 | +inflate_huft * FAR *td; /* distance tree result */ | |
40034 | +inflate_huft *hp; /* space for trees */ | |
40035 | +z_streamp z; /* for messages */ | |
40036 | +{ | |
40037 | + int r; | |
40038 | + uInt hn = 0; /* hufts used in space */ | |
40039 | + uIntf *v; /* work area for huft_build */ | |
40040 | + | |
40041 | + /* allocate work area */ | |
40042 | + if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL) | |
40043 | + return Z_MEM_ERROR; | |
40044 | + | |
40045 | + /* build literal/length tree */ | |
40046 | + r = huft_build(c, nl, 257, cplens, cplext, tl, bl, hp, &hn, v); | |
40047 | + if (r != Z_OK || *bl == 0) | |
40048 | + { | |
40049 | + if (r == Z_DATA_ERROR) | |
40050 | + z->msg = (char*)"oversubscribed literal/length tree"; | |
40051 | + else if (r != Z_MEM_ERROR) | |
40052 | + { | |
40053 | + z->msg = (char*)"incomplete literal/length tree"; | |
40054 | + r = Z_DATA_ERROR; | |
40055 | + } | |
40056 | + ZFREE(z, v); | |
40057 | + return r; | |
40058 | + } | |
40059 | + | |
40060 | + /* build distance tree */ | |
40061 | + r = huft_build(c + nl, nd, 0, cpdist, cpdext, td, bd, hp, &hn, v); | |
40062 | + if (r != Z_OK || (*bd == 0 && nl > 257)) | |
40063 | + { | |
40064 | + if (r == Z_DATA_ERROR) | |
40065 | + z->msg = (char*)"oversubscribed distance tree"; | |
40066 | + else if (r == Z_BUF_ERROR) { | |
40067 | +#ifdef PKZIP_BUG_WORKAROUND | |
40068 | + r = Z_OK; | |
40069 | + } | |
40070 | +#else | |
40071 | + z->msg = (char*)"incomplete distance tree"; | |
40072 | + r = Z_DATA_ERROR; | |
40073 | + } | |
40074 | + else if (r != Z_MEM_ERROR) | |
40075 | + { | |
40076 | + z->msg = (char*)"empty distance tree with lengths"; | |
40077 | + r = Z_DATA_ERROR; | |
40078 | + } | |
40079 | + ZFREE(z, v); | |
40080 | + return r; | |
40081 | +#endif | |
40082 | + } | |
40083 | + | |
40084 | + /* done */ | |
40085 | + ZFREE(z, v); | |
40086 | + return Z_OK; | |
40087 | +} | |
40088 | + | |
40089 | + | |
40090 | +/* build fixed tables only once--keep them here */ | |
40091 | +#ifdef BUILDFIXED | |
40092 | +local int fixed_built = 0; | |
40093 | +#define FIXEDH 544 /* number of hufts used by fixed tables */ | |
40094 | +local inflate_huft fixed_mem[FIXEDH]; | |
40095 | +local uInt fixed_bl; | |
40096 | +local uInt fixed_bd; | |
40097 | +local inflate_huft *fixed_tl; | |
40098 | +local inflate_huft *fixed_td; | |
40099 | +#else | |
40100 | +#include "inffixed.h" | |
40101 | +#endif | |
40102 | + | |
40103 | + | |
40104 | +int inflate_trees_fixed(bl, bd, tl, td, z) | |
40105 | +uIntf *bl; /* literal desired/actual bit depth */ | |
40106 | +uIntf *bd; /* distance desired/actual bit depth */ | |
40107 | +inflate_huft * FAR *tl; /* literal/length tree result */ | |
40108 | +inflate_huft * FAR *td; /* distance tree result */ | |
40109 | +z_streamp z; /* for memory allocation */ | |
40110 | +{ | |
40111 | +#ifdef BUILDFIXED | |
40112 | + /* build fixed tables if not already */ | |
40113 | + if (!fixed_built) | |
40114 | + { | |
40115 | + int k; /* temporary variable */ | |
40116 | + uInt f = 0; /* number of hufts used in fixed_mem */ | |
40117 | + uIntf *c; /* length list for huft_build */ | |
40118 | + uIntf *v; /* work area for huft_build */ | |
40119 | + | |
40120 | + /* allocate memory */ | |
40121 | + if ((c = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL) | |
40122 | + return Z_MEM_ERROR; | |
40123 | + if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL) | |
40124 | + { | |
40125 | + ZFREE(z, c); | |
40126 | + return Z_MEM_ERROR; | |
40127 | + } | |
40128 | + | |
40129 | + /* literal table */ | |
40130 | + for (k = 0; k < 144; k++) | |
40131 | + c[k] = 8; | |
40132 | + for (; k < 256; k++) | |
40133 | + c[k] = 9; | |
40134 | + for (; k < 280; k++) | |
40135 | + c[k] = 7; | |
40136 | + for (; k < 288; k++) | |
40137 | + c[k] = 8; | |
40138 | + fixed_bl = 9; | |
40139 | + huft_build(c, 288, 257, cplens, cplext, &fixed_tl, &fixed_bl, | |
40140 | + fixed_mem, &f, v); | |
40141 | + | |
40142 | + /* distance table */ | |
40143 | + for (k = 0; k < 30; k++) | |
40144 | + c[k] = 5; | |
40145 | + fixed_bd = 5; | |
40146 | + huft_build(c, 30, 0, cpdist, cpdext, &fixed_td, &fixed_bd, | |
40147 | + fixed_mem, &f, v); | |
40148 | + | |
40149 | + /* done */ | |
40150 | + ZFREE(z, v); | |
40151 | + ZFREE(z, c); | |
40152 | + fixed_built = 1; | |
40153 | + } | |
40154 | +#endif | |
40155 | + *bl = fixed_bl; | |
40156 | + *bd = fixed_bd; | |
40157 | + *tl = fixed_tl; | |
40158 | + *td = fixed_td; | |
40159 | + return Z_OK; | |
40160 | +} | |
40161 | diff -druN linux-noipsec/net/ipsec/zlib/inftrees.h linux/net/ipsec/zlib/inftrees.h | |
40162 | --- linux-noipsec/net/ipsec/zlib/inftrees.h Thu Jan 1 01:00:00 1970 | |
40163 | +++ linux/net/ipsec/zlib/inftrees.h Fri Sep 29 20:51:34 2000 | |
40164 | @@ -0,0 +1,63 @@ | |
40165 | +/* inftrees.h -- header to use inftrees.c | |
40166 | + * Copyright (C) 1995-1998 Mark Adler | |
40167 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
40168 | + */ | |
40169 | + | |
40170 | +/* WARNING: this file should *not* be used by applications. It is | |
40171 | + part of the implementation of the compression library and is | |
40172 | + subject to change. Applications should only use zlib.h. | |
40173 | + */ | |
40174 | + | |
40175 | +/* Huffman code lookup table entry--this entry is four bytes for machines | |
40176 | + that have 16-bit pointers (e.g. PC's in the small or medium model). */ | |
40177 | + | |
40178 | +#ifndef _INFTREES_H | |
40179 | +#define _INFTREES_H | |
40180 | + | |
40181 | +typedef struct inflate_huft_s FAR inflate_huft; | |
40182 | + | |
40183 | +struct inflate_huft_s { | |
40184 | + union { | |
40185 | + struct { | |
40186 | + Byte Exop; /* number of extra bits or operation */ | |
40187 | + Byte Bits; /* number of bits in this code or subcode */ | |
40188 | + } what; | |
40189 | + uInt pad; /* pad structure to a power of 2 (4 bytes for */ | |
40190 | + } word; /* 16-bit, 8 bytes for 32-bit int's) */ | |
40191 | + uInt base; /* literal, length base, distance base, | |
40192 | + or table offset */ | |
40193 | +}; | |
40194 | + | |
40195 | +/* Maximum size of dynamic tree. The maximum found in a long but non- | |
40196 | + exhaustive search was 1004 huft structures (850 for length/literals | |
40197 | + and 154 for distances, the latter actually the result of an | |
40198 | + exhaustive search). The actual maximum is not known, but the | |
40199 | + value below is more than safe. */ | |
40200 | +#define MANY 1440 | |
40201 | + | |
40202 | +extern int inflate_trees_bits OF(( | |
40203 | + uIntf *, /* 19 code lengths */ | |
40204 | + uIntf *, /* bits tree desired/actual depth */ | |
40205 | + inflate_huft * FAR *, /* bits tree result */ | |
40206 | + inflate_huft *, /* space for trees */ | |
40207 | + z_streamp)); /* for messages */ | |
40208 | + | |
40209 | +extern int inflate_trees_dynamic OF(( | |
40210 | + uInt, /* number of literal/length codes */ | |
40211 | + uInt, /* number of distance codes */ | |
40212 | + uIntf *, /* that many (total) code lengths */ | |
40213 | + uIntf *, /* literal desired/actual bit depth */ | |
40214 | + uIntf *, /* distance desired/actual bit depth */ | |
40215 | + inflate_huft * FAR *, /* literal/length tree result */ | |
40216 | + inflate_huft * FAR *, /* distance tree result */ | |
40217 | + inflate_huft *, /* space for trees */ | |
40218 | + z_streamp)); /* for messages */ | |
40219 | + | |
40220 | +extern int inflate_trees_fixed OF(( | |
40221 | + uIntf *, /* literal desired/actual bit depth */ | |
40222 | + uIntf *, /* distance desired/actual bit depth */ | |
40223 | + inflate_huft * FAR *, /* literal/length tree result */ | |
40224 | + inflate_huft * FAR *, /* distance tree result */ | |
40225 | + z_streamp)); /* for memory allocation */ | |
40226 | + | |
40227 | +#endif /* _INFTREES_H */ | |
40228 | diff -druN linux-noipsec/net/ipsec/zlib/infutil.c linux/net/ipsec/zlib/infutil.c | |
40229 | --- linux-noipsec/net/ipsec/zlib/infutil.c Thu Jan 1 01:00:00 1970 | |
40230 | +++ linux/net/ipsec/zlib/infutil.c Fri Sep 29 20:51:34 2000 | |
40231 | @@ -0,0 +1,87 @@ | |
40232 | +/* inflate_util.c -- data and routines common to blocks and codes | |
40233 | + * Copyright (C) 1995-1998 Mark Adler | |
40234 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
40235 | + */ | |
40236 | + | |
40237 | +#include "zutil.h" | |
40238 | +#include "infblock.h" | |
40239 | +#include "inftrees.h" | |
40240 | +#include "infcodes.h" | |
40241 | +#include "infutil.h" | |
40242 | + | |
40243 | +struct inflate_codes_state {int dummy;}; /* for buggy compilers */ | |
40244 | + | |
40245 | +/* And'ing with mask[n] masks the lower n bits */ | |
40246 | +uInt inflate_mask[17] = { | |
40247 | + 0x0000, | |
40248 | + 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff, | |
40249 | + 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff | |
40250 | +}; | |
40251 | + | |
40252 | + | |
40253 | +/* copy as much as possible from the sliding window to the output area */ | |
40254 | +int inflate_flush(s, z, r) | |
40255 | +inflate_blocks_statef *s; | |
40256 | +z_streamp z; | |
40257 | +int r; | |
40258 | +{ | |
40259 | + uInt n; | |
40260 | + Bytef *p; | |
40261 | + Bytef *q; | |
40262 | + | |
40263 | + /* local copies of source and destination pointers */ | |
40264 | + p = z->next_out; | |
40265 | + q = s->read; | |
40266 | + | |
40267 | + /* compute number of bytes to copy as far as end of window */ | |
40268 | + n = (uInt)((q <= s->write ? s->write : s->end) - q); | |
40269 | + if (n > z->avail_out) n = z->avail_out; | |
40270 | + if (n && r == Z_BUF_ERROR) r = Z_OK; | |
40271 | + | |
40272 | + /* update counters */ | |
40273 | + z->avail_out -= n; | |
40274 | + z->total_out += n; | |
40275 | + | |
40276 | + /* update check information */ | |
40277 | + if (s->checkfn != Z_NULL) | |
40278 | + z->adler = s->check = (*s->checkfn)(s->check, q, n); | |
40279 | + | |
40280 | + /* copy as far as end of window */ | |
40281 | + zmemcpy(p, q, n); | |
40282 | + p += n; | |
40283 | + q += n; | |
40284 | + | |
40285 | + /* see if more to copy at beginning of window */ | |
40286 | + if (q == s->end) | |
40287 | + { | |
40288 | + /* wrap pointers */ | |
40289 | + q = s->window; | |
40290 | + if (s->write == s->end) | |
40291 | + s->write = s->window; | |
40292 | + | |
40293 | + /* compute bytes to copy */ | |
40294 | + n = (uInt)(s->write - q); | |
40295 | + if (n > z->avail_out) n = z->avail_out; | |
40296 | + if (n && r == Z_BUF_ERROR) r = Z_OK; | |
40297 | + | |
40298 | + /* update counters */ | |
40299 | + z->avail_out -= n; | |
40300 | + z->total_out += n; | |
40301 | + | |
40302 | + /* update check information */ | |
40303 | + if (s->checkfn != Z_NULL) | |
40304 | + z->adler = s->check = (*s->checkfn)(s->check, q, n); | |
40305 | + | |
40306 | + /* copy */ | |
40307 | + zmemcpy(p, q, n); | |
40308 | + p += n; | |
40309 | + q += n; | |
40310 | + } | |
40311 | + | |
40312 | + /* update pointers */ | |
40313 | + z->next_out = p; | |
40314 | + s->read = q; | |
40315 | + | |
40316 | + /* done */ | |
40317 | + return r; | |
40318 | +} | |
40319 | diff -druN linux-noipsec/net/ipsec/zlib/infutil.h linux/net/ipsec/zlib/infutil.h | |
40320 | --- linux-noipsec/net/ipsec/zlib/infutil.h Thu Jan 1 01:00:00 1970 | |
40321 | +++ linux/net/ipsec/zlib/infutil.h Fri Sep 29 20:51:34 2000 | |
40322 | @@ -0,0 +1,98 @@ | |
40323 | +/* infutil.h -- types and macros common to blocks and codes | |
40324 | + * Copyright (C) 1995-1998 Mark Adler | |
40325 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
40326 | + */ | |
40327 | + | |
40328 | +/* WARNING: this file should *not* be used by applications. It is | |
40329 | + part of the implementation of the compression library and is | |
40330 | + subject to change. Applications should only use zlib.h. | |
40331 | + */ | |
40332 | + | |
40333 | +#ifndef _INFUTIL_H | |
40334 | +#define _INFUTIL_H | |
40335 | + | |
40336 | +typedef enum { | |
40337 | + TYPE, /* get type bits (3, including end bit) */ | |
40338 | + LENS, /* get lengths for stored */ | |
40339 | + STORED, /* processing stored block */ | |
40340 | + TABLE, /* get table lengths */ | |
40341 | + BTREE, /* get bit lengths tree for a dynamic block */ | |
40342 | + DTREE, /* get length, distance trees for a dynamic block */ | |
40343 | + CODES, /* processing fixed or dynamic block */ | |
40344 | + DRY, /* output remaining window bytes */ | |
40345 | + DONE, /* finished last block, done */ | |
40346 | + BAD} /* got a data error--stuck here */ | |
40347 | +inflate_block_mode; | |
40348 | + | |
40349 | +/* inflate blocks semi-private state */ | |
40350 | +struct inflate_blocks_state { | |
40351 | + | |
40352 | + /* mode */ | |
40353 | + inflate_block_mode mode; /* current inflate_block mode */ | |
40354 | + | |
40355 | + /* mode dependent information */ | |
40356 | + union { | |
40357 | + uInt left; /* if STORED, bytes left to copy */ | |
40358 | + struct { | |
40359 | + uInt table; /* table lengths (14 bits) */ | |
40360 | + uInt index; /* index into blens (or border) */ | |
40361 | + uIntf *blens; /* bit lengths of codes */ | |
40362 | + uInt bb; /* bit length tree depth */ | |
40363 | + inflate_huft *tb; /* bit length decoding tree */ | |
40364 | + } trees; /* if DTREE, decoding info for trees */ | |
40365 | + struct { | |
40366 | + inflate_codes_statef | |
40367 | + *codes; | |
40368 | + } decode; /* if CODES, current state */ | |
40369 | + } sub; /* submode */ | |
40370 | + uInt last; /* true if this block is the last block */ | |
40371 | + | |
40372 | + /* mode independent information */ | |
40373 | + uInt bitk; /* bits in bit buffer */ | |
40374 | + uLong bitb; /* bit buffer */ | |
40375 | + inflate_huft *hufts; /* single malloc for tree space */ | |
40376 | + Bytef *window; /* sliding window */ | |
40377 | + Bytef *end; /* one byte after sliding window */ | |
40378 | + Bytef *read; /* window read pointer */ | |
40379 | + Bytef *write; /* window write pointer */ | |
40380 | + check_func checkfn; /* check function */ | |
40381 | + uLong check; /* check on output */ | |
40382 | + | |
40383 | +}; | |
40384 | + | |
40385 | + | |
40386 | +/* defines for inflate input/output */ | |
40387 | +/* update pointers and return */ | |
40388 | +#define UPDBITS {s->bitb=b;s->bitk=k;} | |
40389 | +#define UPDIN {z->avail_in=n;z->total_in+=p-z->next_in;z->next_in=p;} | |
40390 | +#define UPDOUT {s->write=q;} | |
40391 | +#define UPDATE {UPDBITS UPDIN UPDOUT} | |
40392 | +#define LEAVE {UPDATE return inflate_flush(s,z,r);} | |
40393 | +/* get bytes and bits */ | |
40394 | +#define LOADIN {p=z->next_in;n=z->avail_in;b=s->bitb;k=s->bitk;} | |
40395 | +#define NEEDBYTE {if(n)r=Z_OK;else LEAVE} | |
40396 | +#define NEXTBYTE (n--,*p++) | |
40397 | +#define NEEDBITS(j) {while(k<(j)){NEEDBYTE;b|=((uLong)NEXTBYTE)<<k;k+=8;}} | |
40398 | +#define DUMPBITS(j) {b>>=(j);k-=(j);} | |
40399 | +/* output bytes */ | |
40400 | +#define WAVAIL (uInt)(q<s->read?s->read-q-1:s->end-q) | |
40401 | +#define LOADOUT {q=s->write;m=(uInt)WAVAIL;} | |
40402 | +#define WRAP {if(q==s->end&&s->read!=s->window){q=s->window;m=(uInt)WAVAIL;}} | |
40403 | +#define FLUSH {UPDOUT r=inflate_flush(s,z,r); LOADOUT} | |
40404 | +#define NEEDOUT {if(m==0){WRAP if(m==0){FLUSH WRAP if(m==0) LEAVE}}r=Z_OK;} | |
40405 | +#define OUTBYTE(a) {*q++=(Byte)(a);m--;} | |
40406 | +/* load local pointers */ | |
40407 | +#define LOAD {LOADIN LOADOUT} | |
40408 | + | |
40409 | +/* masks for lower bits (size given to avoid silly warnings with Visual C++) */ | |
40410 | +extern uInt inflate_mask[17]; | |
40411 | + | |
40412 | +/* copy as much as possible from the sliding window to the output area */ | |
40413 | +extern int inflate_flush OF(( | |
40414 | + inflate_blocks_statef *, | |
40415 | + z_streamp , | |
40416 | + int)); | |
40417 | + | |
40418 | +struct internal_state {int dummy;}; /* for buggy compilers */ | |
40419 | + | |
40420 | +#endif /* _INFUTIL_H */ | |
40421 | diff -druN linux-noipsec/net/ipsec/zlib/match586.S linux/net/ipsec/zlib/match586.S | |
40422 | --- linux-noipsec/net/ipsec/zlib/match586.S Thu Jan 1 01:00:00 1970 | |
40423 | +++ linux/net/ipsec/zlib/match586.S Fri Sep 29 20:51:34 2000 | |
40424 | @@ -0,0 +1,357 @@ | |
40425 | +/* match.s -- Pentium-optimized version of longest_match() | |
40426 | + * Written for zlib 1.1.2 | |
40427 | + * Copyright (C) 1998 Brian Raiter <breadbox@muppetlabs.com> | |
40428 | + * | |
40429 | + * This is free software; you can redistribute it and/or modify it | |
40430 | + * under the terms of the GNU General Public License. | |
40431 | + */ | |
40432 | + | |
40433 | +#ifndef NO_UNDERLINE | |
40434 | +#define match_init _ipcomp_match_init | |
40435 | +#define longest_match _ipcomp_longest_match | |
40436 | +#else | |
40437 | +#define match_init ipcomp_match_init | |
40438 | +#define longest_match ipcomp_longest_match | |
40439 | +#endif | |
40440 | + | |
40441 | +#define MAX_MATCH (258) | |
40442 | +#define MIN_MATCH (3) | |
40443 | +#define MIN_LOOKAHEAD (MAX_MATCH + MIN_MATCH + 1) | |
40444 | +#define MAX_MATCH_8 ((MAX_MATCH + 7) & ~7) | |
40445 | + | |
40446 | +/* stack frame offsets */ | |
40447 | + | |
40448 | +#define wmask 0 /* local copy of s->wmask */ | |
40449 | +#define window 4 /* local copy of s->window */ | |
40450 | +#define windowbestlen 8 /* s->window + bestlen */ | |
40451 | +#define chainlenscanend 12 /* high word: current chain len */ | |
40452 | + /* low word: last bytes sought */ | |
40453 | +#define scanstart 16 /* first two bytes of string */ | |
40454 | +#define scanalign 20 /* dword-misalignment of string */ | |
40455 | +#define nicematch 24 /* a good enough match size */ | |
40456 | +#define bestlen 28 /* size of best match so far */ | |
40457 | +#define scan 32 /* ptr to string wanting match */ | |
40458 | + | |
40459 | +#define LocalVarsSize (36) | |
40460 | +/* saved ebx 36 */ | |
40461 | +/* saved edi 40 */ | |
40462 | +/* saved esi 44 */ | |
40463 | +/* saved ebp 48 */ | |
40464 | +/* return address 52 */ | |
40465 | +#define deflatestate 56 /* the function arguments */ | |
40466 | +#define curmatch 60 | |
40467 | + | |
40468 | +/* Offsets for fields in the deflate_state structure. These numbers | |
40469 | + * are calculated from the definition of deflate_state, with the | |
40470 | + * assumption that the compiler will dword-align the fields. (Thus, | |
40471 | + * changing the definition of deflate_state could easily cause this | |
40472 | + * program to crash horribly, without so much as a warning at | |
40473 | + * compile time. Sigh.) | |
40474 | + */ | |
40475 | +#define dsWSize 36 | |
40476 | +#define dsWMask 44 | |
40477 | +#define dsWindow 48 | |
40478 | +#define dsPrev 56 | |
40479 | +#define dsMatchLen 88 | |
40480 | +#define dsPrevMatch 92 | |
40481 | +#define dsStrStart 100 | |
40482 | +#define dsMatchStart 104 | |
40483 | +#define dsLookahead 108 | |
40484 | +#define dsPrevLen 112 | |
40485 | +#define dsMaxChainLen 116 | |
40486 | +#define dsGoodMatch 132 | |
40487 | +#define dsNiceMatch 136 | |
40488 | + | |
40489 | + | |
40490 | +.file "match.S" | |
40491 | + | |
40492 | +.globl match_init, longest_match | |
40493 | + | |
40494 | +.text | |
40495 | + | |
40496 | +/* uInt longest_match(deflate_state *deflatestate, IPos curmatch) */ | |
40497 | + | |
40498 | +longest_match: | |
40499 | + | |
40500 | +/* Save registers that the compiler may be using, and adjust %esp to */ | |
40501 | +/* make room for our stack frame. */ | |
40502 | + | |
40503 | + pushl %ebp | |
40504 | + pushl %edi | |
40505 | + pushl %esi | |
40506 | + pushl %ebx | |
40507 | + subl $LocalVarsSize, %esp | |
40508 | + | |
40509 | +/* Retrieve the function arguments. %ecx will hold cur_match */ | |
40510 | +/* throughout the entire function. %edx will hold the pointer to the */ | |
40511 | +/* deflate_state structure during the function's setup (before */ | |
40512 | +/* entering the main loop). */ | |
40513 | + | |
40514 | + movl deflatestate(%esp), %edx | |
40515 | + movl curmatch(%esp), %ecx | |
40516 | + | |
40517 | +/* if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; */ | |
40518 | + | |
40519 | + movl dsNiceMatch(%edx), %eax | |
40520 | + movl dsLookahead(%edx), %ebx | |
40521 | + cmpl %eax, %ebx | |
40522 | + jl LookaheadLess | |
40523 | + movl %eax, %ebx | |
40524 | +LookaheadLess: movl %ebx, nicematch(%esp) | |
40525 | + | |
40526 | +/* register Bytef *scan = s->window + s->strstart; */ | |
40527 | + | |
40528 | + movl dsWindow(%edx), %esi | |
40529 | + movl %esi, window(%esp) | |
40530 | + movl dsStrStart(%edx), %ebp | |
40531 | + lea (%esi,%ebp), %edi | |
40532 | + movl %edi, scan(%esp) | |
40533 | + | |
40534 | +/* Determine how many bytes the scan ptr is off from being */ | |
40535 | +/* dword-aligned. */ | |
40536 | + | |
40537 | + movl %edi, %eax | |
40538 | + negl %eax | |
40539 | + andl $3, %eax | |
40540 | + movl %eax, scanalign(%esp) | |
40541 | + | |
40542 | +/* IPos limit = s->strstart > (IPos)MAX_DIST(s) ? */ | |
40543 | +/* s->strstart - (IPos)MAX_DIST(s) : NIL; */ | |
40544 | + | |
40545 | + movl dsWSize(%edx), %eax | |
40546 | + subl $MIN_LOOKAHEAD, %eax | |
40547 | + subl %eax, %ebp | |
40548 | + jg LimitPositive | |
40549 | + xorl %ebp, %ebp | |
40550 | +LimitPositive: | |
40551 | + | |
40552 | +/* unsigned chain_length = s->max_chain_length; */ | |
40553 | +/* if (s->prev_length >= s->good_match) { */ | |
40554 | +/* chain_length >>= 2; */ | |
40555 | +/* } */ | |
40556 | + | |
40557 | + movl dsPrevLen(%edx), %eax | |
40558 | + movl dsGoodMatch(%edx), %ebx | |
40559 | + cmpl %ebx, %eax | |
40560 | + movl dsMaxChainLen(%edx), %ebx | |
40561 | + jl LastMatchGood | |
40562 | + shrl $2, %ebx | |
40563 | +LastMatchGood: | |
40564 | + | |
40565 | +/* chainlen is decremented once beforehand so that the function can */ | |
40566 | +/* use the sign flag instead of the zero flag for the exit test. */ | |
40567 | +/* It is then shifted into the high word, to make room for the scanend */ | |
40568 | +/* scanend value, which it will always accompany. */ | |
40569 | + | |
40570 | + decl %ebx | |
40571 | + shll $16, %ebx | |
40572 | + | |
40573 | +/* int best_len = s->prev_length; */ | |
40574 | + | |
40575 | + movl dsPrevLen(%edx), %eax | |
40576 | + movl %eax, bestlen(%esp) | |
40577 | + | |
40578 | +/* Store the sum of s->window + best_len in %esi locally, and in %esi. */ | |
40579 | + | |
40580 | + addl %eax, %esi | |
40581 | + movl %esi, windowbestlen(%esp) | |
40582 | + | |
40583 | +/* register ush scan_start = *(ushf*)scan; */ | |
40584 | +/* register ush scan_end = *(ushf*)(scan+best_len-1); */ | |
40585 | + | |
40586 | + movw (%edi), %bx | |
40587 | + movw %bx, scanstart(%esp) | |
40588 | + movw -1(%edi,%eax), %bx | |
40589 | + movl %ebx, chainlenscanend(%esp) | |
40590 | + | |
40591 | +/* Posf *prev = s->prev; */ | |
40592 | +/* uInt wmask = s->w_mask; */ | |
40593 | + | |
40594 | + movl dsPrev(%edx), %edi | |
40595 | + movl dsWMask(%edx), %edx | |
40596 | + mov %edx, wmask(%esp) | |
40597 | + | |
40598 | +/* Jump into the main loop. */ | |
40599 | + | |
40600 | + jmp LoopEntry | |
40601 | + | |
40602 | +.balign 16 | |
40603 | + | |
40604 | +/* do { | |
40605 | + * match = s->window + cur_match; | |
40606 | + * if (*(ushf*)(match+best_len-1) != scan_end || | |
40607 | + * *(ushf*)match != scan_start) continue; | |
40608 | + * [...] | |
40609 | + * } while ((cur_match = prev[cur_match & wmask]) > limit | |
40610 | + * && --chain_length != 0); | |
40611 | + * | |
40612 | + * Here is the inner loop of the function. The function will spend the | |
40613 | + * majority of its time in this loop, and majority of that time will | |
40614 | + * be spent in the first ten instructions. | |
40615 | + * | |
40616 | + * Within this loop: | |
40617 | + * %ebx = chainlenscanend - i.e., ((chainlen << 16) | scanend) | |
40618 | + * %ecx = curmatch | |
40619 | + * %edx = curmatch & wmask | |
40620 | + * %esi = windowbestlen - i.e., (window + bestlen) | |
40621 | + * %edi = prev | |
40622 | + * %ebp = limit | |
40623 | + * | |
40624 | + * Two optimization notes on the choice of instructions: | |
40625 | + * | |
40626 | + * The first instruction uses a 16-bit address, which costs an extra, | |
40627 | + * unpairable cycle. This is cheaper than doing a 32-bit access and | |
40628 | + * zeroing the high word, due to the 3-cycle misalignment penalty which | |
40629 | + * would occur half the time. This also turns out to be cheaper than | |
40630 | + * doing two separate 8-bit accesses, as the memory is so rarely in the | |
40631 | + * L1 cache. | |
40632 | + * | |
40633 | + * The window buffer, however, apparently spends a lot of time in the | |
40634 | + * cache, and so it is faster to retrieve the word at the end of the | |
40635 | + * match string with two 8-bit loads. The instructions that test the | |
40636 | + * word at the beginning of the match string, however, are executed | |
40637 | + * much less frequently, and there it was cheaper to use 16-bit | |
40638 | + * instructions, which avoided the necessity of saving off and | |
40639 | + * subsequently reloading one of the other registers. | |
40640 | + */ | |
40641 | +LookupLoop: | |
40642 | + /* 1 U & V */ | |
40643 | + movw (%edi,%edx,2), %cx /* 2 U pipe */ | |
40644 | + movl wmask(%esp), %edx /* 2 V pipe */ | |
40645 | + cmpl %ebp, %ecx /* 3 U pipe */ | |
40646 | + jbe LeaveNow /* 3 V pipe */ | |
40647 | + subl $0x00010000, %ebx /* 4 U pipe */ | |
40648 | + js LeaveNow /* 4 V pipe */ | |
40649 | +LoopEntry: movb -1(%esi,%ecx), %al /* 5 U pipe */ | |
40650 | + andl %ecx, %edx /* 5 V pipe */ | |
40651 | + cmpb %bl, %al /* 6 U pipe */ | |
40652 | + jnz LookupLoop /* 6 V pipe */ | |
40653 | + movb (%esi,%ecx), %ah | |
40654 | + cmpb %bh, %ah | |
40655 | + jnz LookupLoop | |
40656 | + movl window(%esp), %eax | |
40657 | + movw (%eax,%ecx), %ax | |
40658 | + cmpw scanstart(%esp), %ax | |
40659 | + jnz LookupLoop | |
40660 | + | |
40661 | +/* Store the current value of chainlen. */ | |
40662 | + | |
40663 | + movl %ebx, chainlenscanend(%esp) | |
40664 | + | |
40665 | +/* Point %edi to the string under scrutiny, and %esi to the string we */ | |
40666 | +/* are hoping to match it up with. In actuality, %esi and %edi are */ | |
40667 | +/* both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and %edx is */ | |
40668 | +/* initialized to -(MAX_MATCH_8 - scanalign). */ | |
40669 | + | |
40670 | + movl window(%esp), %esi | |
40671 | + movl scan(%esp), %edi | |
40672 | + addl %ecx, %esi | |
40673 | + movl scanalign(%esp), %eax | |
40674 | + movl $(-MAX_MATCH_8), %edx | |
40675 | + lea MAX_MATCH_8(%edi,%eax), %edi | |
40676 | + lea MAX_MATCH_8(%esi,%eax), %esi | |
40677 | + | |
40678 | +/* Test the strings for equality, 8 bytes at a time. At the end, | |
40679 | + * adjust %edx so that it is offset to the exact byte that mismatched. | |
40680 | + * | |
40681 | + * We already know at this point that the first three bytes of the | |
40682 | + * strings match each other, and they can be safely passed over before | |
40683 | + * starting the compare loop. So what this code does is skip over 0-3 | |
40684 | + * bytes, as much as necessary in order to dword-align the %edi | |
40685 | + * pointer. (%esi will still be misaligned three times out of four.) | |
40686 | + * | |
40687 | + * It should be confessed that this loop usually does not represent | |
40688 | + * much of the total running time. Replacing it with a more | |
40689 | + * straightforward "rep cmpsb" would not drastically degrade | |
40690 | + * performance. | |
40691 | + */ | |
40692 | +LoopCmps: | |
40693 | + movl (%esi,%edx), %eax | |
40694 | + movl (%edi,%edx), %ebx | |
40695 | + xorl %ebx, %eax | |
40696 | + jnz LeaveLoopCmps | |
40697 | + movl 4(%esi,%edx), %eax | |
40698 | + movl 4(%edi,%edx), %ebx | |
40699 | + xorl %ebx, %eax | |
40700 | + jnz LeaveLoopCmps4 | |
40701 | + addl $8, %edx | |
40702 | + jnz LoopCmps | |
40703 | + jmp LenMaximum | |
40704 | +LeaveLoopCmps4: addl $4, %edx | |
40705 | +LeaveLoopCmps: testl $0x0000FFFF, %eax | |
40706 | + jnz LenLower | |
40707 | + addl $2, %edx | |
40708 | + shrl $16, %eax | |
40709 | +LenLower: subb $1, %al | |
40710 | + adcl $0, %edx | |
40711 | + | |
40712 | +/* Calculate the length of the match. If it is longer than MAX_MATCH, */ | |
40713 | +/* then automatically accept it as the best possible match and leave. */ | |
40714 | + | |
40715 | + lea (%edi,%edx), %eax | |
40716 | + movl scan(%esp), %edi | |
40717 | + subl %edi, %eax | |
40718 | + cmpl $MAX_MATCH, %eax | |
40719 | + jge LenMaximum | |
40720 | + | |
40721 | +/* If the length of the match is not longer than the best match we */ | |
40722 | +/* have so far, then forget it and return to the lookup loop. */ | |
40723 | + | |
40724 | + movl deflatestate(%esp), %edx | |
40725 | + movl bestlen(%esp), %ebx | |
40726 | + cmpl %ebx, %eax | |
40727 | + jg LongerMatch | |
40728 | + movl chainlenscanend(%esp), %ebx | |
40729 | + movl windowbestlen(%esp), %esi | |
40730 | + movl dsPrev(%edx), %edi | |
40731 | + movl wmask(%esp), %edx | |
40732 | + andl %ecx, %edx | |
40733 | + jmp LookupLoop | |
40734 | + | |
40735 | +/* s->match_start = cur_match; */ | |
40736 | +/* best_len = len; */ | |
40737 | +/* if (len >= nice_match) break; */ | |
40738 | +/* scan_end = *(ushf*)(scan+best_len-1); */ | |
40739 | + | |
40740 | +LongerMatch: movl nicematch(%esp), %ebx | |
40741 | + movl %eax, bestlen(%esp) | |
40742 | + movl %ecx, dsMatchStart(%edx) | |
40743 | + cmpl %ebx, %eax | |
40744 | + jge LeaveNow | |
40745 | + movl window(%esp), %esi | |
40746 | + addl %eax, %esi | |
40747 | + movl %esi, windowbestlen(%esp) | |
40748 | + movl chainlenscanend(%esp), %ebx | |
40749 | + movw -1(%edi,%eax), %bx | |
40750 | + movl dsPrev(%edx), %edi | |
40751 | + movl %ebx, chainlenscanend(%esp) | |
40752 | + movl wmask(%esp), %edx | |
40753 | + andl %ecx, %edx | |
40754 | + jmp LookupLoop | |
40755 | + | |
40756 | +/* Accept the current string, with the maximum possible length. */ | |
40757 | + | |
40758 | +LenMaximum: movl deflatestate(%esp), %edx | |
40759 | + movl $MAX_MATCH, bestlen(%esp) | |
40760 | + movl %ecx, dsMatchStart(%edx) | |
40761 | + | |
40762 | +/* if ((uInt)best_len <= s->lookahead) return (uInt)best_len; */ | |
40763 | +/* return s->lookahead; */ | |
40764 | + | |
40765 | +LeaveNow: | |
40766 | + movl deflatestate(%esp), %edx | |
40767 | + movl bestlen(%esp), %ebx | |
40768 | + movl dsLookahead(%edx), %eax | |
40769 | + cmpl %eax, %ebx | |
40770 | + jg LookaheadRet | |
40771 | + movl %ebx, %eax | |
40772 | +LookaheadRet: | |
40773 | + | |
40774 | +/* Restore the stack and return from whence we came. */ | |
40775 | + | |
40776 | + addl $LocalVarsSize, %esp | |
40777 | + popl %ebx | |
40778 | + popl %esi | |
40779 | + popl %edi | |
40780 | + popl %ebp | |
40781 | +match_init: ret | |
40782 | diff -druN linux-noipsec/net/ipsec/zlib/match686.S linux/net/ipsec/zlib/match686.S | |
40783 | --- linux-noipsec/net/ipsec/zlib/match686.S Thu Jan 1 01:00:00 1970 | |
40784 | +++ linux/net/ipsec/zlib/match686.S Fri Oct 27 05:35:16 2000 | |
40785 | @@ -0,0 +1,330 @@ | |
40786 | +/* match.s -- Pentium-Pro-optimized version of longest_match() | |
40787 | + * Written for zlib 1.1.2 | |
40788 | + * Copyright (C) 1998 Brian Raiter <breadbox@muppetlabs.com> | |
40789 | + * | |
40790 | + * This is free software; you can redistribute it and/or modify it | |
40791 | + * under the terms of the GNU General Public License. | |
40792 | + */ | |
40793 | + | |
40794 | +#ifndef NO_UNDERLINE | |
40795 | +#define match_init _ipcomp_match_init | |
40796 | +#define longest_match _ipcomp_longest_match | |
40797 | +#else | |
40798 | +#define match_init ipcomp_match_init | |
40799 | +#define longest_match ipcomp_longest_match | |
40800 | +#endif | |
40801 | + | |
40802 | +#define MAX_MATCH (258) | |
40803 | +#define MIN_MATCH (3) | |
40804 | +#define MIN_LOOKAHEAD (MAX_MATCH + MIN_MATCH + 1) | |
40805 | +#define MAX_MATCH_8 ((MAX_MATCH + 7) & ~7) | |
40806 | + | |
40807 | +/* stack frame offsets */ | |
40808 | + | |
40809 | +#define chainlenwmask 0 /* high word: current chain len */ | |
40810 | + /* low word: s->wmask */ | |
40811 | +#define window 4 /* local copy of s->window */ | |
40812 | +#define windowbestlen 8 /* s->window + bestlen */ | |
40813 | +#define scanstart 16 /* first two bytes of string */ | |
40814 | +#define scanend 12 /* last two bytes of string */ | |
40815 | +#define scanalign 20 /* dword-misalignment of string */ | |
40816 | +#define nicematch 24 /* a good enough match size */ | |
40817 | +#define bestlen 28 /* size of best match so far */ | |
40818 | +#define scan 32 /* ptr to string wanting match */ | |
40819 | + | |
40820 | +#define LocalVarsSize (36) | |
40821 | +/* saved ebx 36 */ | |
40822 | +/* saved edi 40 */ | |
40823 | +/* saved esi 44 */ | |
40824 | +/* saved ebp 48 */ | |
40825 | +/* return address 52 */ | |
40826 | +#define deflatestate 56 /* the function arguments */ | |
40827 | +#define curmatch 60 | |
40828 | + | |
40829 | +/* Offsets for fields in the deflate_state structure. These numbers | |
40830 | + * are calculated from the definition of deflate_state, with the | |
40831 | + * assumption that the compiler will dword-align the fields. (Thus, | |
40832 | + * changing the definition of deflate_state could easily cause this | |
40833 | + * program to crash horribly, without so much as a warning at | |
40834 | + * compile time. Sigh.) | |
40835 | + */ | |
40836 | +#define dsWSize 36 | |
40837 | +#define dsWMask 44 | |
40838 | +#define dsWindow 48 | |
40839 | +#define dsPrev 56 | |
40840 | +#define dsMatchLen 88 | |
40841 | +#define dsPrevMatch 92 | |
40842 | +#define dsStrStart 100 | |
40843 | +#define dsMatchStart 104 | |
40844 | +#define dsLookahead 108 | |
40845 | +#define dsPrevLen 112 | |
40846 | +#define dsMaxChainLen 116 | |
40847 | +#define dsGoodMatch 132 | |
40848 | +#define dsNiceMatch 136 | |
40849 | + | |
40850 | + | |
40851 | +.file "match.S" | |
40852 | + | |
40853 | +.globl match_init, longest_match | |
40854 | + | |
40855 | +.text | |
40856 | + | |
40857 | +/* uInt longest_match(deflate_state *deflatestate, IPos curmatch) */ | |
40858 | + | |
40859 | +longest_match: | |
40860 | + | |
40861 | +/* Save registers that the compiler may be using, and adjust %esp to */ | |
40862 | +/* make room for our stack frame. */ | |
40863 | + | |
40864 | + pushl %ebp | |
40865 | + pushl %edi | |
40866 | + pushl %esi | |
40867 | + pushl %ebx | |
40868 | + subl $LocalVarsSize, %esp | |
40869 | + | |
40870 | +/* Retrieve the function arguments. %ecx will hold cur_match */ | |
40871 | +/* throughout the entire function. %edx will hold the pointer to the */ | |
40872 | +/* deflate_state structure during the function's setup (before */ | |
40873 | +/* entering the main loop). */ | |
40874 | + | |
40875 | + movl deflatestate(%esp), %edx | |
40876 | + movl curmatch(%esp), %ecx | |
40877 | + | |
40878 | +/* uInt wmask = s->w_mask; */ | |
40879 | +/* unsigned chain_length = s->max_chain_length; */ | |
40880 | +/* if (s->prev_length >= s->good_match) { */ | |
40881 | +/* chain_length >>= 2; */ | |
40882 | +/* } */ | |
40883 | + | |
40884 | + movl dsPrevLen(%edx), %eax | |
40885 | + movl dsGoodMatch(%edx), %ebx | |
40886 | + cmpl %ebx, %eax | |
40887 | + movl dsWMask(%edx), %eax | |
40888 | + movl dsMaxChainLen(%edx), %ebx | |
40889 | + jl LastMatchGood | |
40890 | + shrl $2, %ebx | |
40891 | +LastMatchGood: | |
40892 | + | |
40893 | +/* chainlen is decremented once beforehand so that the function can */ | |
40894 | +/* use the sign flag instead of the zero flag for the exit test. */ | |
40895 | +/* It is then shifted into the high word, to make room for the wmask */ | |
40896 | +/* value, which it will always accompany. */ | |
40897 | + | |
40898 | + decl %ebx | |
40899 | + shll $16, %ebx | |
40900 | + orl %eax, %ebx | |
40901 | + movl %ebx, chainlenwmask(%esp) | |
40902 | + | |
40903 | +/* if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; */ | |
40904 | + | |
40905 | + movl dsNiceMatch(%edx), %eax | |
40906 | + movl dsLookahead(%edx), %ebx | |
40907 | + cmpl %eax, %ebx | |
40908 | + jl LookaheadLess | |
40909 | + movl %eax, %ebx | |
40910 | +LookaheadLess: movl %ebx, nicematch(%esp) | |
40911 | + | |
40912 | +/* register Bytef *scan = s->window + s->strstart; */ | |
40913 | + | |
40914 | + movl dsWindow(%edx), %esi | |
40915 | + movl %esi, window(%esp) | |
40916 | + movl dsStrStart(%edx), %ebp | |
40917 | + lea (%esi,%ebp), %edi | |
40918 | + movl %edi, scan(%esp) | |
40919 | + | |
40920 | +/* Determine how many bytes the scan ptr is off from being */ | |
40921 | +/* dword-aligned. */ | |
40922 | + | |
40923 | + movl %edi, %eax | |
40924 | + negl %eax | |
40925 | + andl $3, %eax | |
40926 | + movl %eax, scanalign(%esp) | |
40927 | + | |
40928 | +/* IPos limit = s->strstart > (IPos)MAX_DIST(s) ? */ | |
40929 | +/* s->strstart - (IPos)MAX_DIST(s) : NIL; */ | |
40930 | + | |
40931 | + movl dsWSize(%edx), %eax | |
40932 | + subl $MIN_LOOKAHEAD, %eax | |
40933 | + subl %eax, %ebp | |
40934 | + jg LimitPositive | |
40935 | + xorl %ebp, %ebp | |
40936 | +LimitPositive: | |
40937 | + | |
40938 | +/* int best_len = s->prev_length; */ | |
40939 | + | |
40940 | + movl dsPrevLen(%edx), %eax | |
40941 | + movl %eax, bestlen(%esp) | |
40942 | + | |
40943 | +/* Store the sum of s->window + best_len in %esi locally, and in %esi. */ | |
40944 | + | |
40945 | + addl %eax, %esi | |
40946 | + movl %esi, windowbestlen(%esp) | |
40947 | + | |
40948 | +/* register ush scan_start = *(ushf*)scan; */ | |
40949 | +/* register ush scan_end = *(ushf*)(scan+best_len-1); */ | |
40950 | +/* Posf *prev = s->prev; */ | |
40951 | + | |
40952 | + movzwl (%edi), %ebx | |
40953 | + movl %ebx, scanstart(%esp) | |
40954 | + movzwl -1(%edi,%eax), %ebx | |
40955 | + movl %ebx, scanend(%esp) | |
40956 | + movl dsPrev(%edx), %edi | |
40957 | + | |
40958 | +/* Jump into the main loop. */ | |
40959 | + | |
40960 | + movl chainlenwmask(%esp), %edx | |
40961 | + jmp LoopEntry | |
40962 | + | |
40963 | +.balign 16 | |
40964 | + | |
40965 | +/* do { | |
40966 | + * match = s->window + cur_match; | |
40967 | + * if (*(ushf*)(match+best_len-1) != scan_end || | |
40968 | + * *(ushf*)match != scan_start) continue; | |
40969 | + * [...] | |
40970 | + * } while ((cur_match = prev[cur_match & wmask]) > limit | |
40971 | + * && --chain_length != 0); | |
40972 | + * | |
40973 | + * Here is the inner loop of the function. The function will spend the | |
40974 | + * majority of its time in this loop, and majority of that time will | |
40975 | + * be spent in the first ten instructions. | |
40976 | + * | |
40977 | + * Within this loop: | |
40978 | + * %ebx = scanend | |
40979 | + * %ecx = curmatch | |
40980 | + * %edx = chainlenwmask - i.e., ((chainlen << 16) | wmask) | |
40981 | + * %esi = windowbestlen - i.e., (window + bestlen) | |
40982 | + * %edi = prev | |
40983 | + * %ebp = limit | |
40984 | + */ | |
40985 | +LookupLoop: | |
40986 | + andl %edx, %ecx | |
40987 | + movzwl (%edi,%ecx,2), %ecx | |
40988 | + cmpl %ebp, %ecx | |
40989 | + jbe LeaveNow | |
40990 | + subl $0x00010000, %edx | |
40991 | + js LeaveNow | |
40992 | +LoopEntry: movzwl -1(%esi,%ecx), %eax | |
40993 | + cmpl %ebx, %eax | |
40994 | + jnz LookupLoop | |
40995 | + movl window(%esp), %eax | |
40996 | + movzwl (%eax,%ecx), %eax | |
40997 | + cmpl scanstart(%esp), %eax | |
40998 | + jnz LookupLoop | |
40999 | + | |
41000 | +/* Store the current value of chainlen. */ | |
41001 | + | |
41002 | + movl %edx, chainlenwmask(%esp) | |
41003 | + | |
41004 | +/* Point %edi to the string under scrutiny, and %esi to the string we */ | |
41005 | +/* are hoping to match it up with. In actuality, %esi and %edi are */ | |
41006 | +/* both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and %edx is */ | |
41007 | +/* initialized to -(MAX_MATCH_8 - scanalign). */ | |
41008 | + | |
41009 | + movl window(%esp), %esi | |
41010 | + movl scan(%esp), %edi | |
41011 | + addl %ecx, %esi | |
41012 | + movl scanalign(%esp), %eax | |
41013 | + movl $(-MAX_MATCH_8), %edx | |
41014 | + lea MAX_MATCH_8(%edi,%eax), %edi | |
41015 | + lea MAX_MATCH_8(%esi,%eax), %esi | |
41016 | + | |
41017 | +/* Test the strings for equality, 8 bytes at a time. At the end, | |
41018 | + * adjust %edx so that it is offset to the exact byte that mismatched. | |
41019 | + * | |
41020 | + * We already know at this point that the first three bytes of the | |
41021 | + * strings match each other, and they can be safely passed over before | |
41022 | + * starting the compare loop. So what this code does is skip over 0-3 | |
41023 | + * bytes, as much as necessary in order to dword-align the %edi | |
41024 | + * pointer. (%esi will still be misaligned three times out of four.) | |
41025 | + * | |
41026 | + * It should be confessed that this loop usually does not represent | |
41027 | + * much of the total running time. Replacing it with a more | |
41028 | + * straightforward "rep cmpsb" would not drastically degrade | |
41029 | + * performance. | |
41030 | + */ | |
41031 | +LoopCmps: | |
41032 | + movl (%esi,%edx), %eax | |
41033 | + xorl (%edi,%edx), %eax | |
41034 | + jnz LeaveLoopCmps | |
41035 | + movl 4(%esi,%edx), %eax | |
41036 | + xorl 4(%edi,%edx), %eax | |
41037 | + jnz LeaveLoopCmps4 | |
41038 | + addl $8, %edx | |
41039 | + jnz LoopCmps | |
41040 | + jmp LenMaximum | |
41041 | +LeaveLoopCmps4: addl $4, %edx | |
41042 | +LeaveLoopCmps: testl $0x0000FFFF, %eax | |
41043 | + jnz LenLower | |
41044 | + addl $2, %edx | |
41045 | + shrl $16, %eax | |
41046 | +LenLower: subb $1, %al | |
41047 | + adcl $0, %edx | |
41048 | + | |
41049 | +/* Calculate the length of the match. If it is longer than MAX_MATCH, */ | |
41050 | +/* then automatically accept it as the best possible match and leave. */ | |
41051 | + | |
41052 | + lea (%edi,%edx), %eax | |
41053 | + movl scan(%esp), %edi | |
41054 | + subl %edi, %eax | |
41055 | + cmpl $MAX_MATCH, %eax | |
41056 | + jge LenMaximum | |
41057 | + | |
41058 | +/* If the length of the match is not longer than the best match we */ | |
41059 | +/* have so far, then forget it and return to the lookup loop. */ | |
41060 | + | |
41061 | + movl deflatestate(%esp), %edx | |
41062 | + movl bestlen(%esp), %ebx | |
41063 | + cmpl %ebx, %eax | |
41064 | + jg LongerMatch | |
41065 | + movl windowbestlen(%esp), %esi | |
41066 | + movl dsPrev(%edx), %edi | |
41067 | + movl scanend(%esp), %ebx | |
41068 | + movl chainlenwmask(%esp), %edx | |
41069 | + jmp LookupLoop | |
41070 | + | |
41071 | +/* s->match_start = cur_match; */ | |
41072 | +/* best_len = len; */ | |
41073 | +/* if (len >= nice_match) break; */ | |
41074 | +/* scan_end = *(ushf*)(scan+best_len-1); */ | |
41075 | + | |
41076 | +LongerMatch: movl nicematch(%esp), %ebx | |
41077 | + movl %eax, bestlen(%esp) | |
41078 | + movl %ecx, dsMatchStart(%edx) | |
41079 | + cmpl %ebx, %eax | |
41080 | + jge LeaveNow | |
41081 | + movl window(%esp), %esi | |
41082 | + addl %eax, %esi | |
41083 | + movl %esi, windowbestlen(%esp) | |
41084 | + movzwl -1(%edi,%eax), %ebx | |
41085 | + movl dsPrev(%edx), %edi | |
41086 | + movl %ebx, scanend(%esp) | |
41087 | + movl chainlenwmask(%esp), %edx | |
41088 | + jmp LookupLoop | |
41089 | + | |
41090 | +/* Accept the current string, with the maximum possible length. */ | |
41091 | + | |
41092 | +LenMaximum: movl deflatestate(%esp), %edx | |
41093 | + movl $MAX_MATCH, bestlen(%esp) | |
41094 | + movl %ecx, dsMatchStart(%edx) | |
41095 | + | |
41096 | +/* if ((uInt)best_len <= s->lookahead) return (uInt)best_len; */ | |
41097 | +/* return s->lookahead; */ | |
41098 | + | |
41099 | +LeaveNow: | |
41100 | + movl deflatestate(%esp), %edx | |
41101 | + movl bestlen(%esp), %ebx | |
41102 | + movl dsLookahead(%edx), %eax | |
41103 | + cmpl %eax, %ebx | |
41104 | + jg LookaheadRet | |
41105 | + movl %ebx, %eax | |
41106 | +LookaheadRet: | |
41107 | + | |
41108 | +/* Restore the stack and return from whence we came. */ | |
41109 | + | |
41110 | + addl $LocalVarsSize, %esp | |
41111 | + popl %ebx | |
41112 | + popl %esi | |
41113 | + popl %edi | |
41114 | + popl %ebp | |
41115 | +match_init: ret | |
41116 | diff -druN linux-noipsec/net/ipsec/zlib/trees.c linux/net/ipsec/zlib/trees.c | |
41117 | --- linux-noipsec/net/ipsec/zlib/trees.c Thu Jan 1 01:00:00 1970 | |
41118 | +++ linux/net/ipsec/zlib/trees.c Fri Sep 29 20:51:34 2000 | |
41119 | @@ -0,0 +1,1214 @@ | |
41120 | +/* trees.c -- output deflated data using Huffman coding | |
41121 | + * Copyright (C) 1995-1998 Jean-loup Gailly | |
41122 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
41123 | + */ | |
41124 | + | |
41125 | +/* | |
41126 | + * ALGORITHM | |
41127 | + * | |
41128 | + * The "deflation" process uses several Huffman trees. The more | |
41129 | + * common source values are represented by shorter bit sequences. | |
41130 | + * | |
41131 | + * Each code tree is stored in a compressed form which is itself | |
41132 | + * a Huffman encoding of the lengths of all the code strings (in | |
41133 | + * ascending order by source values). The actual code strings are | |
41134 | + * reconstructed from the lengths in the inflate process, as described | |
41135 | + * in the deflate specification. | |
41136 | + * | |
41137 | + * REFERENCES | |
41138 | + * | |
41139 | + * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification". | |
41140 | + * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc | |
41141 | + * | |
41142 | + * Storer, James A. | |
41143 | + * Data Compression: Methods and Theory, pp. 49-50. | |
41144 | + * Computer Science Press, 1988. ISBN 0-7167-8156-5. | |
41145 | + * | |
41146 | + * Sedgewick, R. | |
41147 | + * Algorithms, p290. | |
41148 | + * Addison-Wesley, 1983. ISBN 0-201-06672-6. | |
41149 | + */ | |
41150 | + | |
41151 | +/* @(#) $Id$ */ | |
41152 | + | |
41153 | +/* #define GEN_TREES_H */ | |
41154 | + | |
41155 | +#include "deflate.h" | |
41156 | + | |
41157 | +#ifdef DEBUG | |
41158 | +# include <ctype.h> | |
41159 | +#endif | |
41160 | + | |
41161 | +/* =========================================================================== | |
41162 | + * Constants | |
41163 | + */ | |
41164 | + | |
41165 | +#define MAX_BL_BITS 7 | |
41166 | +/* Bit length codes must not exceed MAX_BL_BITS bits */ | |
41167 | + | |
41168 | +#define END_BLOCK 256 | |
41169 | +/* end of block literal code */ | |
41170 | + | |
41171 | +#define REP_3_6 16 | |
41172 | +/* repeat previous bit length 3-6 times (2 bits of repeat count) */ | |
41173 | + | |
41174 | +#define REPZ_3_10 17 | |
41175 | +/* repeat a zero length 3-10 times (3 bits of repeat count) */ | |
41176 | + | |
41177 | +#define REPZ_11_138 18 | |
41178 | +/* repeat a zero length 11-138 times (7 bits of repeat count) */ | |
41179 | + | |
41180 | +local const int extra_lbits[LENGTH_CODES] /* extra bits for each length code */ | |
41181 | + = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0}; | |
41182 | + | |
41183 | +local const int extra_dbits[D_CODES] /* extra bits for each distance code */ | |
41184 | + = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13}; | |
41185 | + | |
41186 | +local const int extra_blbits[BL_CODES]/* extra bits for each bit length code */ | |
41187 | + = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7}; | |
41188 | + | |
41189 | +local const uch bl_order[BL_CODES] | |
41190 | + = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15}; | |
41191 | +/* The lengths of the bit length codes are sent in order of decreasing | |
41192 | + * probability, to avoid transmitting the lengths for unused bit length codes. | |
41193 | + */ | |
41194 | + | |
41195 | +#define Buf_size (8 * 2*sizeof(char)) | |
41196 | +/* Number of bits used within bi_buf. (bi_buf might be implemented on | |
41197 | + * more than 16 bits on some systems.) | |
41198 | + */ | |
41199 | + | |
41200 | +/* =========================================================================== | |
41201 | + * Local data. These are initialized only once. | |
41202 | + */ | |
41203 | + | |
41204 | +#define DIST_CODE_LEN 512 /* see definition of array dist_code below */ | |
41205 | + | |
41206 | +#if defined(GEN_TREES_H) || !defined(STDC) | |
41207 | +/* non ANSI compilers may not accept trees.h */ | |
41208 | + | |
41209 | +local ct_data static_ltree[L_CODES+2]; | |
41210 | +/* The static literal tree. Since the bit lengths are imposed, there is no | |
41211 | + * need for the L_CODES extra codes used during heap construction. However | |
41212 | + * The codes 286 and 287 are needed to build a canonical tree (see _tr_init | |
41213 | + * below). | |
41214 | + */ | |
41215 | + | |
41216 | +local ct_data static_dtree[D_CODES]; | |
41217 | +/* The static distance tree. (Actually a trivial tree since all codes use | |
41218 | + * 5 bits.) | |
41219 | + */ | |
41220 | + | |
41221 | +uch _dist_code[DIST_CODE_LEN]; | |
41222 | +/* Distance codes. The first 256 values correspond to the distances | |
41223 | + * 3 .. 258, the last 256 values correspond to the top 8 bits of | |
41224 | + * the 15 bit distances. | |
41225 | + */ | |
41226 | + | |
41227 | +uch _length_code[MAX_MATCH-MIN_MATCH+1]; | |
41228 | +/* length code for each normalized match length (0 == MIN_MATCH) */ | |
41229 | + | |
41230 | +local int base_length[LENGTH_CODES]; | |
41231 | +/* First normalized length for each code (0 = MIN_MATCH) */ | |
41232 | + | |
41233 | +local int base_dist[D_CODES]; | |
41234 | +/* First normalized distance for each code (0 = distance of 1) */ | |
41235 | + | |
41236 | +#else | |
41237 | +# include "trees.h" | |
41238 | +#endif /* GEN_TREES_H */ | |
41239 | + | |
41240 | +struct static_tree_desc_s { | |
41241 | + const ct_data *static_tree; /* static tree or NULL */ | |
41242 | + const intf *extra_bits; /* extra bits for each code or NULL */ | |
41243 | + int extra_base; /* base index for extra_bits */ | |
41244 | + int elems; /* max number of elements in the tree */ | |
41245 | + int max_length; /* max bit length for the codes */ | |
41246 | +}; | |
41247 | + | |
41248 | +local static_tree_desc static_l_desc = | |
41249 | +{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS}; | |
41250 | + | |
41251 | +local static_tree_desc static_d_desc = | |
41252 | +{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS}; | |
41253 | + | |
41254 | +local static_tree_desc static_bl_desc = | |
41255 | +{(const ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS}; | |
41256 | + | |
41257 | +/* =========================================================================== | |
41258 | + * Local (static) routines in this file. | |
41259 | + */ | |
41260 | + | |
41261 | +local void tr_static_init OF((void)); | |
41262 | +local void init_block OF((deflate_state *s)); | |
41263 | +local void pqdownheap OF((deflate_state *s, ct_data *tree, int k)); | |
41264 | +local void gen_bitlen OF((deflate_state *s, tree_desc *desc)); | |
41265 | +local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count)); | |
41266 | +local void build_tree OF((deflate_state *s, tree_desc *desc)); | |
41267 | +local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code)); | |
41268 | +local void send_tree OF((deflate_state *s, ct_data *tree, int max_code)); | |
41269 | +local int build_bl_tree OF((deflate_state *s)); | |
41270 | +local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes, | |
41271 | + int blcodes)); | |
41272 | +local void compress_block OF((deflate_state *s, const ct_data *ltree, | |
41273 | + const ct_data *dtree)); | |
41274 | +local void set_data_type OF((deflate_state *s)); | |
41275 | +local unsigned bi_reverse OF((unsigned value, int length)); | |
41276 | +local void bi_windup OF((deflate_state *s)); | |
41277 | +local void bi_flush OF((deflate_state *s)); | |
41278 | +local void copy_block OF((deflate_state *s, charf *buf, unsigned len, | |
41279 | + int header)); | |
41280 | + | |
41281 | +#ifdef GEN_TREES_H | |
41282 | +local void gen_trees_header OF((void)); | |
41283 | +#endif | |
41284 | + | |
41285 | +#ifndef DEBUG | |
41286 | +# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len) | |
41287 | + /* Send a code of the given tree. c and tree must not have side effects */ | |
41288 | + | |
41289 | +#else /* DEBUG */ | |
41290 | +# define send_code(s, c, tree) \ | |
41291 | + { if (z_verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \ | |
41292 | + send_bits(s, tree[c].Code, tree[c].Len); } | |
41293 | +#endif | |
41294 | + | |
41295 | +/* =========================================================================== | |
41296 | + * Output a short LSB first on the stream. | |
41297 | + * IN assertion: there is enough room in pendingBuf. | |
41298 | + */ | |
41299 | +#define put_short(s, w) { \ | |
41300 | + put_byte(s, (uch)((w) & 0xff)); \ | |
41301 | + put_byte(s, (uch)((ush)(w) >> 8)); \ | |
41302 | +} | |
41303 | + | |
41304 | +/* =========================================================================== | |
41305 | + * Send a value on a given number of bits. | |
41306 | + * IN assertion: length <= 16 and value fits in length bits. | |
41307 | + */ | |
41308 | +#ifdef DEBUG | |
41309 | +local void send_bits OF((deflate_state *s, int value, int length)); | |
41310 | + | |
41311 | +local void send_bits(s, value, length) | |
41312 | + deflate_state *s; | |
41313 | + int value; /* value to send */ | |
41314 | + int length; /* number of bits */ | |
41315 | +{ | |
41316 | + Tracevv((stderr," l %2d v %4x ", length, value)); | |
41317 | + Assert(length > 0 && length <= 15, "invalid length"); | |
41318 | + s->bits_sent += (ulg)length; | |
41319 | + | |
41320 | + /* If not enough room in bi_buf, use (valid) bits from bi_buf and | |
41321 | + * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid)) | |
41322 | + * unused bits in value. | |
41323 | + */ | |
41324 | + if (s->bi_valid > (int)Buf_size - length) { | |
41325 | + s->bi_buf |= (value << s->bi_valid); | |
41326 | + put_short(s, s->bi_buf); | |
41327 | + s->bi_buf = (ush)value >> (Buf_size - s->bi_valid); | |
41328 | + s->bi_valid += length - Buf_size; | |
41329 | + } else { | |
41330 | + s->bi_buf |= value << s->bi_valid; | |
41331 | + s->bi_valid += length; | |
41332 | + } | |
41333 | +} | |
41334 | +#else /* !DEBUG */ | |
41335 | + | |
41336 | +#define send_bits(s, value, length) \ | |
41337 | +{ int len = length;\ | |
41338 | + if (s->bi_valid > (int)Buf_size - len) {\ | |
41339 | + int val = value;\ | |
41340 | + s->bi_buf |= (val << s->bi_valid);\ | |
41341 | + put_short(s, s->bi_buf);\ | |
41342 | + s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\ | |
41343 | + s->bi_valid += len - Buf_size;\ | |
41344 | + } else {\ | |
41345 | + s->bi_buf |= (value) << s->bi_valid;\ | |
41346 | + s->bi_valid += len;\ | |
41347 | + }\ | |
41348 | +} | |
41349 | +#endif /* DEBUG */ | |
41350 | + | |
41351 | + | |
41352 | +#define MAX(a,b) (a >= b ? a : b) | |
41353 | +/* the arguments must not have side effects */ | |
41354 | + | |
41355 | +/* =========================================================================== | |
41356 | + * Initialize the various 'constant' tables. | |
41357 | + */ | |
41358 | +local void tr_static_init() | |
41359 | +{ | |
41360 | +#if defined(GEN_TREES_H) || !defined(STDC) | |
41361 | + static int static_init_done = 0; | |
41362 | + int n; /* iterates over tree elements */ | |
41363 | + int bits; /* bit counter */ | |
41364 | + int length; /* length value */ | |
41365 | + int code; /* code value */ | |
41366 | + int dist; /* distance index */ | |
41367 | + ush bl_count[MAX_BITS+1]; | |
41368 | + /* number of codes at each bit length for an optimal tree */ | |
41369 | + | |
41370 | + if (static_init_done) return; | |
41371 | + | |
41372 | + /* For some embedded targets, global variables are not initialized: */ | |
41373 | + static_l_desc.static_tree = static_ltree; | |
41374 | + static_l_desc.extra_bits = extra_lbits; | |
41375 | + static_d_desc.static_tree = static_dtree; | |
41376 | + static_d_desc.extra_bits = extra_dbits; | |
41377 | + static_bl_desc.extra_bits = extra_blbits; | |
41378 | + | |
41379 | + /* Initialize the mapping length (0..255) -> length code (0..28) */ | |
41380 | + length = 0; | |
41381 | + for (code = 0; code < LENGTH_CODES-1; code++) { | |
41382 | + base_length[code] = length; | |
41383 | + for (n = 0; n < (1<<extra_lbits[code]); n++) { | |
41384 | + _length_code[length++] = (uch)code; | |
41385 | + } | |
41386 | + } | |
41387 | + Assert (length == 256, "tr_static_init: length != 256"); | |
41388 | + /* Note that the length 255 (match length 258) can be represented | |
41389 | + * in two different ways: code 284 + 5 bits or code 285, so we | |
41390 | + * overwrite length_code[255] to use the best encoding: | |
41391 | + */ | |
41392 | + _length_code[length-1] = (uch)code; | |
41393 | + | |
41394 | + /* Initialize the mapping dist (0..32K) -> dist code (0..29) */ | |
41395 | + dist = 0; | |
41396 | + for (code = 0 ; code < 16; code++) { | |
41397 | + base_dist[code] = dist; | |
41398 | + for (n = 0; n < (1<<extra_dbits[code]); n++) { | |
41399 | + _dist_code[dist++] = (uch)code; | |
41400 | + } | |
41401 | + } | |
41402 | + Assert (dist == 256, "tr_static_init: dist != 256"); | |
41403 | + dist >>= 7; /* from now on, all distances are divided by 128 */ | |
41404 | + for ( ; code < D_CODES; code++) { | |
41405 | + base_dist[code] = dist << 7; | |
41406 | + for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) { | |
41407 | + _dist_code[256 + dist++] = (uch)code; | |
41408 | + } | |
41409 | + } | |
41410 | + Assert (dist == 256, "tr_static_init: 256+dist != 512"); | |
41411 | + | |
41412 | + /* Construct the codes of the static literal tree */ | |
41413 | + for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0; | |
41414 | + n = 0; | |
41415 | + while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++; | |
41416 | + while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++; | |
41417 | + while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++; | |
41418 | + while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++; | |
41419 | + /* Codes 286 and 287 do not exist, but we must include them in the | |
41420 | + * tree construction to get a canonical Huffman tree (longest code | |
41421 | + * all ones) | |
41422 | + */ | |
41423 | + gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count); | |
41424 | + | |
41425 | + /* The static distance tree is trivial: */ | |
41426 | + for (n = 0; n < D_CODES; n++) { | |
41427 | + static_dtree[n].Len = 5; | |
41428 | + static_dtree[n].Code = bi_reverse((unsigned)n, 5); | |
41429 | + } | |
41430 | + static_init_done = 1; | |
41431 | + | |
41432 | +# ifdef GEN_TREES_H | |
41433 | + gen_trees_header(); | |
41434 | +# endif | |
41435 | +#endif /* defined(GEN_TREES_H) || !defined(STDC) */ | |
41436 | +} | |
41437 | + | |
41438 | +/* =========================================================================== | |
41439 | + * Genererate the file trees.h describing the static trees. | |
41440 | + */ | |
41441 | +#ifdef GEN_TREES_H | |
41442 | +# ifndef DEBUG | |
41443 | +# include <stdio.h> | |
41444 | +# endif | |
41445 | + | |
41446 | +# define SEPARATOR(i, last, width) \ | |
41447 | + ((i) == (last)? "\n};\n\n" : \ | |
41448 | + ((i) % (width) == (width)-1 ? ",\n" : ", ")) | |
41449 | + | |
41450 | +void gen_trees_header() | |
41451 | +{ | |
41452 | + FILE *header = fopen("trees.h", "w"); | |
41453 | + int i; | |
41454 | + | |
41455 | + Assert (header != NULL, "Can't open trees.h"); | |
41456 | + fprintf(header, | |
41457 | + "/* header created automatically with -DGEN_TREES_H */\n\n"); | |
41458 | + | |
41459 | + fprintf(header, "local const ct_data static_ltree[L_CODES+2] = {\n"); | |
41460 | + for (i = 0; i < L_CODES+2; i++) { | |
41461 | + fprintf(header, "{{%3u},{%3u}}%s", static_ltree[i].Code, | |
41462 | + static_ltree[i].Len, SEPARATOR(i, L_CODES+1, 5)); | |
41463 | + } | |
41464 | + | |
41465 | + fprintf(header, "local const ct_data static_dtree[D_CODES] = {\n"); | |
41466 | + for (i = 0; i < D_CODES; i++) { | |
41467 | + fprintf(header, "{{%2u},{%2u}}%s", static_dtree[i].Code, | |
41468 | + static_dtree[i].Len, SEPARATOR(i, D_CODES-1, 5)); | |
41469 | + } | |
41470 | + | |
41471 | + fprintf(header, "const uch _dist_code[DIST_CODE_LEN] = {\n"); | |
41472 | + for (i = 0; i < DIST_CODE_LEN; i++) { | |
41473 | + fprintf(header, "%2u%s", _dist_code[i], | |
41474 | + SEPARATOR(i, DIST_CODE_LEN-1, 20)); | |
41475 | + } | |
41476 | + | |
41477 | + fprintf(header, "const uch _length_code[MAX_MATCH-MIN_MATCH+1]= {\n"); | |
41478 | + for (i = 0; i < MAX_MATCH-MIN_MATCH+1; i++) { | |
41479 | + fprintf(header, "%2u%s", _length_code[i], | |
41480 | + SEPARATOR(i, MAX_MATCH-MIN_MATCH, 20)); | |
41481 | + } | |
41482 | + | |
41483 | + fprintf(header, "local const int base_length[LENGTH_CODES] = {\n"); | |
41484 | + for (i = 0; i < LENGTH_CODES; i++) { | |
41485 | + fprintf(header, "%1u%s", base_length[i], | |
41486 | + SEPARATOR(i, LENGTH_CODES-1, 20)); | |
41487 | + } | |
41488 | + | |
41489 | + fprintf(header, "local const int base_dist[D_CODES] = {\n"); | |
41490 | + for (i = 0; i < D_CODES; i++) { | |
41491 | + fprintf(header, "%5u%s", base_dist[i], | |
41492 | + SEPARATOR(i, D_CODES-1, 10)); | |
41493 | + } | |
41494 | + | |
41495 | + fclose(header); | |
41496 | +} | |
41497 | +#endif /* GEN_TREES_H */ | |
41498 | + | |
41499 | +/* =========================================================================== | |
41500 | + * Initialize the tree data structures for a new zlib stream. | |
41501 | + */ | |
41502 | +void _tr_init(s) | |
41503 | + deflate_state *s; | |
41504 | +{ | |
41505 | + tr_static_init(); | |
41506 | + | |
41507 | + s->l_desc.dyn_tree = s->dyn_ltree; | |
41508 | + s->l_desc.stat_desc = &static_l_desc; | |
41509 | + | |
41510 | + s->d_desc.dyn_tree = s->dyn_dtree; | |
41511 | + s->d_desc.stat_desc = &static_d_desc; | |
41512 | + | |
41513 | + s->bl_desc.dyn_tree = s->bl_tree; | |
41514 | + s->bl_desc.stat_desc = &static_bl_desc; | |
41515 | + | |
41516 | + s->bi_buf = 0; | |
41517 | + s->bi_valid = 0; | |
41518 | + s->last_eob_len = 8; /* enough lookahead for inflate */ | |
41519 | +#ifdef DEBUG | |
41520 | + s->compressed_len = 0L; | |
41521 | + s->bits_sent = 0L; | |
41522 | +#endif | |
41523 | + | |
41524 | + /* Initialize the first block of the first file: */ | |
41525 | + init_block(s); | |
41526 | +} | |
41527 | + | |
41528 | +/* =========================================================================== | |
41529 | + * Initialize a new block. | |
41530 | + */ | |
41531 | +local void init_block(s) | |
41532 | + deflate_state *s; | |
41533 | +{ | |
41534 | + int n; /* iterates over tree elements */ | |
41535 | + | |
41536 | + /* Initialize the trees. */ | |
41537 | + for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0; | |
41538 | + for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0; | |
41539 | + for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0; | |
41540 | + | |
41541 | + s->dyn_ltree[END_BLOCK].Freq = 1; | |
41542 | + s->opt_len = s->static_len = 0L; | |
41543 | + s->last_lit = s->matches = 0; | |
41544 | +} | |
41545 | + | |
41546 | +#define SMALLEST 1 | |
41547 | +/* Index within the heap array of least frequent node in the Huffman tree */ | |
41548 | + | |
41549 | + | |
41550 | +/* =========================================================================== | |
41551 | + * Remove the smallest element from the heap and recreate the heap with | |
41552 | + * one less element. Updates heap and heap_len. | |
41553 | + */ | |
41554 | +#define pqremove(s, tree, top) \ | |
41555 | +{\ | |
41556 | + top = s->heap[SMALLEST]; \ | |
41557 | + s->heap[SMALLEST] = s->heap[s->heap_len--]; \ | |
41558 | + pqdownheap(s, tree, SMALLEST); \ | |
41559 | +} | |
41560 | + | |
41561 | +/* =========================================================================== | |
41562 | + * Compares to subtrees, using the tree depth as tie breaker when | |
41563 | + * the subtrees have equal frequency. This minimizes the worst case length. | |
41564 | + */ | |
41565 | +#define smaller(tree, n, m, depth) \ | |
41566 | + (tree[n].Freq < tree[m].Freq || \ | |
41567 | + (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m])) | |
41568 | + | |
41569 | +/* =========================================================================== | |
41570 | + * Restore the heap property by moving down the tree starting at node k, | |
41571 | + * exchanging a node with the smallest of its two sons if necessary, stopping | |
41572 | + * when the heap property is re-established (each father smaller than its | |
41573 | + * two sons). | |
41574 | + */ | |
41575 | +local void pqdownheap(s, tree, k) | |
41576 | + deflate_state *s; | |
41577 | + ct_data *tree; /* the tree to restore */ | |
41578 | + int k; /* node to move down */ | |
41579 | +{ | |
41580 | + int v = s->heap[k]; | |
41581 | + int j = k << 1; /* left son of k */ | |
41582 | + while (j <= s->heap_len) { | |
41583 | + /* Set j to the smallest of the two sons: */ | |
41584 | + if (j < s->heap_len && | |
41585 | + smaller(tree, s->heap[j+1], s->heap[j], s->depth)) { | |
41586 | + j++; | |
41587 | + } | |
41588 | + /* Exit if v is smaller than both sons */ | |
41589 | + if (smaller(tree, v, s->heap[j], s->depth)) break; | |
41590 | + | |
41591 | + /* Exchange v with the smallest son */ | |
41592 | + s->heap[k] = s->heap[j]; k = j; | |
41593 | + | |
41594 | + /* And continue down the tree, setting j to the left son of k */ | |
41595 | + j <<= 1; | |
41596 | + } | |
41597 | + s->heap[k] = v; | |
41598 | +} | |
41599 | + | |
41600 | +/* =========================================================================== | |
41601 | + * Compute the optimal bit lengths for a tree and update the total bit length | |
41602 | + * for the current block. | |
41603 | + * IN assertion: the fields freq and dad are set, heap[heap_max] and | |
41604 | + * above are the tree nodes sorted by increasing frequency. | |
41605 | + * OUT assertions: the field len is set to the optimal bit length, the | |
41606 | + * array bl_count contains the frequencies for each bit length. | |
41607 | + * The length opt_len is updated; static_len is also updated if stree is | |
41608 | + * not null. | |
41609 | + */ | |
41610 | +local void gen_bitlen(s, desc) | |
41611 | + deflate_state *s; | |
41612 | + tree_desc *desc; /* the tree descriptor */ | |
41613 | +{ | |
41614 | + ct_data *tree = desc->dyn_tree; | |
41615 | + int max_code = desc->max_code; | |
41616 | + const ct_data *stree = desc->stat_desc->static_tree; | |
41617 | + const intf *extra = desc->stat_desc->extra_bits; | |
41618 | + int base = desc->stat_desc->extra_base; | |
41619 | + int max_length = desc->stat_desc->max_length; | |
41620 | + int h; /* heap index */ | |
41621 | + int n, m; /* iterate over the tree elements */ | |
41622 | + int bits; /* bit length */ | |
41623 | + int xbits; /* extra bits */ | |
41624 | + ush f; /* frequency */ | |
41625 | + int overflow = 0; /* number of elements with bit length too large */ | |
41626 | + | |
41627 | + for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0; | |
41628 | + | |
41629 | + /* In a first pass, compute the optimal bit lengths (which may | |
41630 | + * overflow in the case of the bit length tree). | |
41631 | + */ | |
41632 | + tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */ | |
41633 | + | |
41634 | + for (h = s->heap_max+1; h < HEAP_SIZE; h++) { | |
41635 | + n = s->heap[h]; | |
41636 | + bits = tree[tree[n].Dad].Len + 1; | |
41637 | + if (bits > max_length) bits = max_length, overflow++; | |
41638 | + tree[n].Len = (ush)bits; | |
41639 | + /* We overwrite tree[n].Dad which is no longer needed */ | |
41640 | + | |
41641 | + if (n > max_code) continue; /* not a leaf node */ | |
41642 | + | |
41643 | + s->bl_count[bits]++; | |
41644 | + xbits = 0; | |
41645 | + if (n >= base) xbits = extra[n-base]; | |
41646 | + f = tree[n].Freq; | |
41647 | + s->opt_len += (ulg)f * (bits + xbits); | |
41648 | + if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits); | |
41649 | + } | |
41650 | + if (overflow == 0) return; | |
41651 | + | |
41652 | + Trace((stderr,"\nbit length overflow\n")); | |
41653 | + /* This happens for example on obj2 and pic of the Calgary corpus */ | |
41654 | + | |
41655 | + /* Find the first bit length which could increase: */ | |
41656 | + do { | |
41657 | + bits = max_length-1; | |
41658 | + while (s->bl_count[bits] == 0) bits--; | |
41659 | + s->bl_count[bits]--; /* move one leaf down the tree */ | |
41660 | + s->bl_count[bits+1] += 2; /* move one overflow item as its brother */ | |
41661 | + s->bl_count[max_length]--; | |
41662 | + /* The brother of the overflow item also moves one step up, | |
41663 | + * but this does not affect bl_count[max_length] | |
41664 | + */ | |
41665 | + overflow -= 2; | |
41666 | + } while (overflow > 0); | |
41667 | + | |
41668 | + /* Now recompute all bit lengths, scanning in increasing frequency. | |
41669 | + * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all | |
41670 | + * lengths instead of fixing only the wrong ones. This idea is taken | |
41671 | + * from 'ar' written by Haruhiko Okumura.) | |
41672 | + */ | |
41673 | + for (bits = max_length; bits != 0; bits--) { | |
41674 | + n = s->bl_count[bits]; | |
41675 | + while (n != 0) { | |
41676 | + m = s->heap[--h]; | |
41677 | + if (m > max_code) continue; | |
41678 | + if (tree[m].Len != (unsigned) bits) { | |
41679 | + Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); | |
41680 | + s->opt_len += ((long)bits - (long)tree[m].Len) | |
41681 | + *(long)tree[m].Freq; | |
41682 | + tree[m].Len = (ush)bits; | |
41683 | + } | |
41684 | + n--; | |
41685 | + } | |
41686 | + } | |
41687 | +} | |
41688 | + | |
41689 | +/* =========================================================================== | |
41690 | + * Generate the codes for a given tree and bit counts (which need not be | |
41691 | + * optimal). | |
41692 | + * IN assertion: the array bl_count contains the bit length statistics for | |
41693 | + * the given tree and the field len is set for all tree elements. | |
41694 | + * OUT assertion: the field code is set for all tree elements of non | |
41695 | + * zero code length. | |
41696 | + */ | |
41697 | +local void gen_codes (tree, max_code, bl_count) | |
41698 | + ct_data *tree; /* the tree to decorate */ | |
41699 | + int max_code; /* largest code with non zero frequency */ | |
41700 | + ushf *bl_count; /* number of codes at each bit length */ | |
41701 | +{ | |
41702 | + ush next_code[MAX_BITS+1]; /* next code value for each bit length */ | |
41703 | + ush code = 0; /* running code value */ | |
41704 | + int bits; /* bit index */ | |
41705 | + int n; /* code index */ | |
41706 | + | |
41707 | + /* The distribution counts are first used to generate the code values | |
41708 | + * without bit reversal. | |
41709 | + */ | |
41710 | + for (bits = 1; bits <= MAX_BITS; bits++) { | |
41711 | + next_code[bits] = code = (code + bl_count[bits-1]) << 1; | |
41712 | + } | |
41713 | + /* Check that the bit counts in bl_count are consistent. The last code | |
41714 | + * must be all ones. | |
41715 | + */ | |
41716 | + Assert (code + bl_count[MAX_BITS]-1 == (1<<MAX_BITS)-1, | |
41717 | + "inconsistent bit counts"); | |
41718 | + Tracev((stderr,"\ngen_codes: max_code %d ", max_code)); | |
41719 | + | |
41720 | + for (n = 0; n <= max_code; n++) { | |
41721 | + int len = tree[n].Len; | |
41722 | + if (len == 0) continue; | |
41723 | + /* Now reverse the bits */ | |
41724 | + tree[n].Code = bi_reverse(next_code[len]++, len); | |
41725 | + | |
41726 | + Tracecv(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ", | |
41727 | + n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len]-1)); | |
41728 | + } | |
41729 | +} | |
41730 | + | |
41731 | +/* =========================================================================== | |
41732 | + * Construct one Huffman tree and assigns the code bit strings and lengths. | |
41733 | + * Update the total bit length for the current block. | |
41734 | + * IN assertion: the field freq is set for all tree elements. | |
41735 | + * OUT assertions: the fields len and code are set to the optimal bit length | |
41736 | + * and corresponding code. The length opt_len is updated; static_len is | |
41737 | + * also updated if stree is not null. The field max_code is set. | |
41738 | + */ | |
41739 | +local void build_tree(s, desc) | |
41740 | + deflate_state *s; | |
41741 | + tree_desc *desc; /* the tree descriptor */ | |
41742 | +{ | |
41743 | + ct_data *tree = desc->dyn_tree; | |
41744 | + const ct_data *stree = desc->stat_desc->static_tree; | |
41745 | + int elems = desc->stat_desc->elems; | |
41746 | + int n, m; /* iterate over heap elements */ | |
41747 | + int max_code = -1; /* largest code with non zero frequency */ | |
41748 | + int node; /* new node being created */ | |
41749 | + | |
41750 | + /* Construct the initial heap, with least frequent element in | |
41751 | + * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. | |
41752 | + * heap[0] is not used. | |
41753 | + */ | |
41754 | + s->heap_len = 0, s->heap_max = HEAP_SIZE; | |
41755 | + | |
41756 | + for (n = 0; n < elems; n++) { | |
41757 | + if (tree[n].Freq != 0) { | |
41758 | + s->heap[++(s->heap_len)] = max_code = n; | |
41759 | + s->depth[n] = 0; | |
41760 | + } else { | |
41761 | + tree[n].Len = 0; | |
41762 | + } | |
41763 | + } | |
41764 | + | |
41765 | + /* The pkzip format requires that at least one distance code exists, | |
41766 | + * and that at least one bit should be sent even if there is only one | |
41767 | + * possible code. So to avoid special checks later on we force at least | |
41768 | + * two codes of non zero frequency. | |
41769 | + */ | |
41770 | + while (s->heap_len < 2) { | |
41771 | + node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0); | |
41772 | + tree[node].Freq = 1; | |
41773 | + s->depth[node] = 0; | |
41774 | + s->opt_len--; if (stree) s->static_len -= stree[node].Len; | |
41775 | + /* node is 0 or 1 so it does not have extra bits */ | |
41776 | + } | |
41777 | + desc->max_code = max_code; | |
41778 | + | |
41779 | + /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, | |
41780 | + * establish sub-heaps of increasing lengths: | |
41781 | + */ | |
41782 | + for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n); | |
41783 | + | |
41784 | + /* Construct the Huffman tree by repeatedly combining the least two | |
41785 | + * frequent nodes. | |
41786 | + */ | |
41787 | + node = elems; /* next internal node of the tree */ | |
41788 | + do { | |
41789 | + pqremove(s, tree, n); /* n = node of least frequency */ | |
41790 | + m = s->heap[SMALLEST]; /* m = node of next least frequency */ | |
41791 | + | |
41792 | + s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */ | |
41793 | + s->heap[--(s->heap_max)] = m; | |
41794 | + | |
41795 | + /* Create a new node father of n and m */ | |
41796 | + tree[node].Freq = tree[n].Freq + tree[m].Freq; | |
41797 | + s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1); | |
41798 | + tree[n].Dad = tree[m].Dad = (ush)node; | |
41799 | +#ifdef DUMP_BL_TREE | |
41800 | + if (tree == s->bl_tree) { | |
41801 | + fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)", | |
41802 | + node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq); | |
41803 | + } | |
41804 | +#endif | |
41805 | + /* and insert the new node in the heap */ | |
41806 | + s->heap[SMALLEST] = node++; | |
41807 | + pqdownheap(s, tree, SMALLEST); | |
41808 | + | |
41809 | + } while (s->heap_len >= 2); | |
41810 | + | |
41811 | + s->heap[--(s->heap_max)] = s->heap[SMALLEST]; | |
41812 | + | |
41813 | + /* At this point, the fields freq and dad are set. We can now | |
41814 | + * generate the bit lengths. | |
41815 | + */ | |
41816 | + gen_bitlen(s, (tree_desc *)desc); | |
41817 | + | |
41818 | + /* The field len is now set, we can generate the bit codes */ | |
41819 | + gen_codes ((ct_data *)tree, max_code, s->bl_count); | |
41820 | +} | |
41821 | + | |
41822 | +/* =========================================================================== | |
41823 | + * Scan a literal or distance tree to determine the frequencies of the codes | |
41824 | + * in the bit length tree. | |
41825 | + */ | |
41826 | +local void scan_tree (s, tree, max_code) | |
41827 | + deflate_state *s; | |
41828 | + ct_data *tree; /* the tree to be scanned */ | |
41829 | + int max_code; /* and its largest code of non zero frequency */ | |
41830 | +{ | |
41831 | + int n; /* iterates over all tree elements */ | |
41832 | + int prevlen = -1; /* last emitted length */ | |
41833 | + int curlen; /* length of current code */ | |
41834 | + int nextlen = tree[0].Len; /* length of next code */ | |
41835 | + int count = 0; /* repeat count of the current code */ | |
41836 | + int max_count = 7; /* max repeat count */ | |
41837 | + int min_count = 4; /* min repeat count */ | |
41838 | + | |
41839 | + if (nextlen == 0) max_count = 138, min_count = 3; | |
41840 | + tree[max_code+1].Len = (ush)0xffff; /* guard */ | |
41841 | + | |
41842 | + for (n = 0; n <= max_code; n++) { | |
41843 | + curlen = nextlen; nextlen = tree[n+1].Len; | |
41844 | + if (++count < max_count && curlen == nextlen) { | |
41845 | + continue; | |
41846 | + } else if (count < min_count) { | |
41847 | + s->bl_tree[curlen].Freq += count; | |
41848 | + } else if (curlen != 0) { | |
41849 | + if (curlen != prevlen) s->bl_tree[curlen].Freq++; | |
41850 | + s->bl_tree[REP_3_6].Freq++; | |
41851 | + } else if (count <= 10) { | |
41852 | + s->bl_tree[REPZ_3_10].Freq++; | |
41853 | + } else { | |
41854 | + s->bl_tree[REPZ_11_138].Freq++; | |
41855 | + } | |
41856 | + count = 0; prevlen = curlen; | |
41857 | + if (nextlen == 0) { | |
41858 | + max_count = 138, min_count = 3; | |
41859 | + } else if (curlen == nextlen) { | |
41860 | + max_count = 6, min_count = 3; | |
41861 | + } else { | |
41862 | + max_count = 7, min_count = 4; | |
41863 | + } | |
41864 | + } | |
41865 | +} | |
41866 | + | |
41867 | +/* =========================================================================== | |
41868 | + * Send a literal or distance tree in compressed form, using the codes in | |
41869 | + * bl_tree. | |
41870 | + */ | |
41871 | +local void send_tree (s, tree, max_code) | |
41872 | + deflate_state *s; | |
41873 | + ct_data *tree; /* the tree to be scanned */ | |
41874 | + int max_code; /* and its largest code of non zero frequency */ | |
41875 | +{ | |
41876 | + int n; /* iterates over all tree elements */ | |
41877 | + int prevlen = -1; /* last emitted length */ | |
41878 | + int curlen; /* length of current code */ | |
41879 | + int nextlen = tree[0].Len; /* length of next code */ | |
41880 | + int count = 0; /* repeat count of the current code */ | |
41881 | + int max_count = 7; /* max repeat count */ | |
41882 | + int min_count = 4; /* min repeat count */ | |
41883 | + | |
41884 | + /* tree[max_code+1].Len = -1; */ /* guard already set */ | |
41885 | + if (nextlen == 0) max_count = 138, min_count = 3; | |
41886 | + | |
41887 | + for (n = 0; n <= max_code; n++) { | |
41888 | + curlen = nextlen; nextlen = tree[n+1].Len; | |
41889 | + if (++count < max_count && curlen == nextlen) { | |
41890 | + continue; | |
41891 | + } else if (count < min_count) { | |
41892 | + do { send_code(s, curlen, s->bl_tree); } while (--count != 0); | |
41893 | + | |
41894 | + } else if (curlen != 0) { | |
41895 | + if (curlen != prevlen) { | |
41896 | + send_code(s, curlen, s->bl_tree); count--; | |
41897 | + } | |
41898 | + Assert(count >= 3 && count <= 6, " 3_6?"); | |
41899 | + send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2); | |
41900 | + | |
41901 | + } else if (count <= 10) { | |
41902 | + send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3); | |
41903 | + | |
41904 | + } else { | |
41905 | + send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7); | |
41906 | + } | |
41907 | + count = 0; prevlen = curlen; | |
41908 | + if (nextlen == 0) { | |
41909 | + max_count = 138, min_count = 3; | |
41910 | + } else if (curlen == nextlen) { | |
41911 | + max_count = 6, min_count = 3; | |
41912 | + } else { | |
41913 | + max_count = 7, min_count = 4; | |
41914 | + } | |
41915 | + } | |
41916 | +} | |
41917 | + | |
41918 | +/* =========================================================================== | |
41919 | + * Construct the Huffman tree for the bit lengths and return the index in | |
41920 | + * bl_order of the last bit length code to send. | |
41921 | + */ | |
41922 | +local int build_bl_tree(s) | |
41923 | + deflate_state *s; | |
41924 | +{ | |
41925 | + int max_blindex; /* index of last bit length code of non zero freq */ | |
41926 | + | |
41927 | + /* Determine the bit length frequencies for literal and distance trees */ | |
41928 | + scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code); | |
41929 | + scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code); | |
41930 | + | |
41931 | + /* Build the bit length tree: */ | |
41932 | + build_tree(s, (tree_desc *)(&(s->bl_desc))); | |
41933 | + /* opt_len now includes the length of the tree representations, except | |
41934 | + * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. | |
41935 | + */ | |
41936 | + | |
41937 | + /* Determine the number of bit length codes to send. The pkzip format | |
41938 | + * requires that at least 4 bit length codes be sent. (appnote.txt says | |
41939 | + * 3 but the actual value used is 4.) | |
41940 | + */ | |
41941 | + for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) { | |
41942 | + if (s->bl_tree[bl_order[max_blindex]].Len != 0) break; | |
41943 | + } | |
41944 | + /* Update opt_len to include the bit length tree and counts */ | |
41945 | + s->opt_len += 3*(max_blindex+1) + 5+5+4; | |
41946 | + Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", | |
41947 | + s->opt_len, s->static_len)); | |
41948 | + | |
41949 | + return max_blindex; | |
41950 | +} | |
41951 | + | |
41952 | +/* =========================================================================== | |
41953 | + * Send the header for a block using dynamic Huffman trees: the counts, the | |
41954 | + * lengths of the bit length codes, the literal tree and the distance tree. | |
41955 | + * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. | |
41956 | + */ | |
41957 | +local void send_all_trees(s, lcodes, dcodes, blcodes) | |
41958 | + deflate_state *s; | |
41959 | + int lcodes, dcodes, blcodes; /* number of codes for each tree */ | |
41960 | +{ | |
41961 | + int rank; /* index in bl_order */ | |
41962 | + | |
41963 | + Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); | |
41964 | + Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, | |
41965 | + "too many codes"); | |
41966 | + Tracev((stderr, "\nbl counts: ")); | |
41967 | + send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */ | |
41968 | + send_bits(s, dcodes-1, 5); | |
41969 | + send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */ | |
41970 | + for (rank = 0; rank < blcodes; rank++) { | |
41971 | + Tracev((stderr, "\nbl code %2d ", bl_order[rank])); | |
41972 | + send_bits(s, s->bl_tree[bl_order[rank]].Len, 3); | |
41973 | + } | |
41974 | + Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); | |
41975 | + | |
41976 | + send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */ | |
41977 | + Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); | |
41978 | + | |
41979 | + send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */ | |
41980 | + Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); | |
41981 | +} | |
41982 | + | |
41983 | +/* =========================================================================== | |
41984 | + * Send a stored block | |
41985 | + */ | |
41986 | +void _tr_stored_block(s, buf, stored_len, eof) | |
41987 | + deflate_state *s; | |
41988 | + charf *buf; /* input block */ | |
41989 | + ulg stored_len; /* length of input block */ | |
41990 | + int eof; /* true if this is the last block for a file */ | |
41991 | +{ | |
41992 | + send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */ | |
41993 | +#ifdef DEBUG | |
41994 | + s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L; | |
41995 | + s->compressed_len += (stored_len + 4) << 3; | |
41996 | +#endif | |
41997 | + copy_block(s, buf, (unsigned)stored_len, 1); /* with header */ | |
41998 | +} | |
41999 | + | |
42000 | +/* =========================================================================== | |
42001 | + * Send one empty static block to give enough lookahead for inflate. | |
42002 | + * This takes 10 bits, of which 7 may remain in the bit buffer. | |
42003 | + * The current inflate code requires 9 bits of lookahead. If the | |
42004 | + * last two codes for the previous block (real code plus EOB) were coded | |
42005 | + * on 5 bits or less, inflate may have only 5+3 bits of lookahead to decode | |
42006 | + * the last real code. In this case we send two empty static blocks instead | |
42007 | + * of one. (There are no problems if the previous block is stored or fixed.) | |
42008 | + * To simplify the code, we assume the worst case of last real code encoded | |
42009 | + * on one bit only. | |
42010 | + */ | |
42011 | +void _tr_align(s) | |
42012 | + deflate_state *s; | |
42013 | +{ | |
42014 | + send_bits(s, STATIC_TREES<<1, 3); | |
42015 | + send_code(s, END_BLOCK, static_ltree); | |
42016 | +#ifdef DEBUG | |
42017 | + s->compressed_len += 10L; /* 3 for block type, 7 for EOB */ | |
42018 | +#endif | |
42019 | + bi_flush(s); | |
42020 | + /* Of the 10 bits for the empty block, we have already sent | |
42021 | + * (10 - bi_valid) bits. The lookahead for the last real code (before | |
42022 | + * the EOB of the previous block) was thus at least one plus the length | |
42023 | + * of the EOB plus what we have just sent of the empty static block. | |
42024 | + */ | |
42025 | + if (1 + s->last_eob_len + 10 - s->bi_valid < 9) { | |
42026 | + send_bits(s, STATIC_TREES<<1, 3); | |
42027 | + send_code(s, END_BLOCK, static_ltree); | |
42028 | +#ifdef DEBUG | |
42029 | + s->compressed_len += 10L; | |
42030 | +#endif | |
42031 | + bi_flush(s); | |
42032 | + } | |
42033 | + s->last_eob_len = 7; | |
42034 | +} | |
42035 | + | |
42036 | +/* =========================================================================== | |
42037 | + * Determine the best encoding for the current block: dynamic trees, static | |
42038 | + * trees or store, and output the encoded block to the zip file. | |
42039 | + */ | |
42040 | +void _tr_flush_block(s, buf, stored_len, eof) | |
42041 | + deflate_state *s; | |
42042 | + charf *buf; /* input block, or NULL if too old */ | |
42043 | + ulg stored_len; /* length of input block */ | |
42044 | + int eof; /* true if this is the last block for a file */ | |
42045 | +{ | |
42046 | + ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */ | |
42047 | + int max_blindex = 0; /* index of last bit length code of non zero freq */ | |
42048 | + | |
42049 | + /* Build the Huffman trees unless a stored block is forced */ | |
42050 | + if (s->level > 0) { | |
42051 | + | |
42052 | + /* Check if the file is ascii or binary */ | |
42053 | + if (s->data_type == Z_UNKNOWN) set_data_type(s); | |
42054 | + | |
42055 | + /* Construct the literal and distance trees */ | |
42056 | + build_tree(s, (tree_desc *)(&(s->l_desc))); | |
42057 | + Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, | |
42058 | + s->static_len)); | |
42059 | + | |
42060 | + build_tree(s, (tree_desc *)(&(s->d_desc))); | |
42061 | + Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, | |
42062 | + s->static_len)); | |
42063 | + /* At this point, opt_len and static_len are the total bit lengths of | |
42064 | + * the compressed block data, excluding the tree representations. | |
42065 | + */ | |
42066 | + | |
42067 | + /* Build the bit length tree for the above two trees, and get the index | |
42068 | + * in bl_order of the last bit length code to send. | |
42069 | + */ | |
42070 | + max_blindex = build_bl_tree(s); | |
42071 | + | |
42072 | + /* Determine the best encoding. Compute first the block length in bytes*/ | |
42073 | + opt_lenb = (s->opt_len+3+7)>>3; | |
42074 | + static_lenb = (s->static_len+3+7)>>3; | |
42075 | + | |
42076 | + Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", | |
42077 | + opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, | |
42078 | + s->last_lit)); | |
42079 | + | |
42080 | + if (static_lenb <= opt_lenb) opt_lenb = static_lenb; | |
42081 | + | |
42082 | + } else { | |
42083 | + Assert(buf != (char*)0, "lost buf"); | |
42084 | + opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ | |
42085 | + } | |
42086 | + | |
42087 | +#ifdef FORCE_STORED | |
42088 | + if (buf != (char*)0) { /* force stored block */ | |
42089 | +#else | |
42090 | + if (stored_len+4 <= opt_lenb && buf != (char*)0) { | |
42091 | + /* 4: two words for the lengths */ | |
42092 | +#endif | |
42093 | + /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. | |
42094 | + * Otherwise we can't have processed more than WSIZE input bytes since | |
42095 | + * the last block flush, because compression would have been | |
42096 | + * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to | |
42097 | + * transform a block into a stored block. | |
42098 | + */ | |
42099 | + _tr_stored_block(s, buf, stored_len, eof); | |
42100 | + | |
42101 | +#ifdef FORCE_STATIC | |
42102 | + } else if (static_lenb >= 0) { /* force static trees */ | |
42103 | +#else | |
42104 | + } else if (static_lenb == opt_lenb) { | |
42105 | +#endif | |
42106 | + send_bits(s, (STATIC_TREES<<1)+eof, 3); | |
42107 | + compress_block(s, static_ltree, static_dtree); | |
42108 | +#ifdef DEBUG | |
42109 | + s->compressed_len += 3 + s->static_len; | |
42110 | +#endif | |
42111 | + } else { | |
42112 | + send_bits(s, (DYN_TREES<<1)+eof, 3); | |
42113 | + send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1, | |
42114 | + max_blindex+1); | |
42115 | + compress_block(s, s->dyn_ltree, s->dyn_dtree); | |
42116 | +#ifdef DEBUG | |
42117 | + s->compressed_len += 3 + s->opt_len; | |
42118 | +#endif | |
42119 | + } | |
42120 | + Assert (s->compressed_len == s->bits_sent, "bad compressed size"); | |
42121 | + /* The above check is made mod 2^32, for files larger than 512 MB | |
42122 | + * and uLong implemented on 32 bits. | |
42123 | + */ | |
42124 | + init_block(s); | |
42125 | + | |
42126 | + if (eof) { | |
42127 | + bi_windup(s); | |
42128 | +#ifdef DEBUG | |
42129 | + s->compressed_len += 7; /* align on byte boundary */ | |
42130 | +#endif | |
42131 | + } | |
42132 | + Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, | |
42133 | + s->compressed_len-7*eof)); | |
42134 | +} | |
42135 | + | |
42136 | +/* =========================================================================== | |
42137 | + * Save the match info and tally the frequency counts. Return true if | |
42138 | + * the current block must be flushed. | |
42139 | + */ | |
42140 | +int _tr_tally (s, dist, lc) | |
42141 | + deflate_state *s; | |
42142 | + unsigned dist; /* distance of matched string */ | |
42143 | + unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ | |
42144 | +{ | |
42145 | + s->d_buf[s->last_lit] = (ush)dist; | |
42146 | + s->l_buf[s->last_lit++] = (uch)lc; | |
42147 | + if (dist == 0) { | |
42148 | + /* lc is the unmatched char */ | |
42149 | + s->dyn_ltree[lc].Freq++; | |
42150 | + } else { | |
42151 | + s->matches++; | |
42152 | + /* Here, lc is the match length - MIN_MATCH */ | |
42153 | + dist--; /* dist = match distance - 1 */ | |
42154 | + Assert((ush)dist < (ush)MAX_DIST(s) && | |
42155 | + (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && | |
42156 | + (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); | |
42157 | + | |
42158 | + s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; | |
42159 | + s->dyn_dtree[d_code(dist)].Freq++; | |
42160 | + } | |
42161 | + | |
42162 | +#ifdef TRUNCATE_BLOCK | |
42163 | + /* Try to guess if it is profitable to stop the current block here */ | |
42164 | + if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { | |
42165 | + /* Compute an upper bound for the compressed length */ | |
42166 | + ulg out_length = (ulg)s->last_lit*8L; | |
42167 | + ulg in_length = (ulg)((long)s->strstart - s->block_start); | |
42168 | + int dcode; | |
42169 | + for (dcode = 0; dcode < D_CODES; dcode++) { | |
42170 | + out_length += (ulg)s->dyn_dtree[dcode].Freq * | |
42171 | + (5L+extra_dbits[dcode]); | |
42172 | + } | |
42173 | + out_length >>= 3; | |
42174 | + Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", | |
42175 | + s->last_lit, in_length, out_length, | |
42176 | + 100L - out_length*100L/in_length)); | |
42177 | + if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; | |
42178 | + } | |
42179 | +#endif | |
42180 | + return (s->last_lit == s->lit_bufsize-1); | |
42181 | + /* We avoid equality with lit_bufsize because of wraparound at 64K | |
42182 | + * on 16 bit machines and because stored blocks are restricted to | |
42183 | + * 64K-1 bytes. | |
42184 | + */ | |
42185 | +} | |
42186 | + | |
42187 | +/* =========================================================================== | |
42188 | + * Send the block data compressed using the given Huffman trees | |
42189 | + */ | |
42190 | +local void compress_block(s, ltree, dtree) | |
42191 | + deflate_state *s; | |
42192 | + const ct_data *ltree; /* literal tree */ | |
42193 | + const ct_data *dtree; /* distance tree */ | |
42194 | +{ | |
42195 | + unsigned dist; /* distance of matched string */ | |
42196 | + int lc; /* match length or unmatched char (if dist == 0) */ | |
42197 | + unsigned lx = 0; /* running index in l_buf */ | |
42198 | + unsigned code; /* the code to send */ | |
42199 | + int extra; /* number of extra bits to send */ | |
42200 | + | |
42201 | + if (s->last_lit != 0) do { | |
42202 | + dist = s->d_buf[lx]; | |
42203 | + lc = s->l_buf[lx++]; | |
42204 | + if (dist == 0) { | |
42205 | + send_code(s, lc, ltree); /* send a literal byte */ | |
42206 | + Tracecv(isgraph(lc), (stderr," '%c' ", lc)); | |
42207 | + } else { | |
42208 | + /* Here, lc is the match length - MIN_MATCH */ | |
42209 | + code = _length_code[lc]; | |
42210 | + send_code(s, code+LITERALS+1, ltree); /* send the length code */ | |
42211 | + extra = extra_lbits[code]; | |
42212 | + if (extra != 0) { | |
42213 | + lc -= base_length[code]; | |
42214 | + send_bits(s, lc, extra); /* send the extra length bits */ | |
42215 | + } | |
42216 | + dist--; /* dist is now the match distance - 1 */ | |
42217 | + code = d_code(dist); | |
42218 | + Assert (code < D_CODES, "bad d_code"); | |
42219 | + | |
42220 | + send_code(s, code, dtree); /* send the distance code */ | |
42221 | + extra = extra_dbits[code]; | |
42222 | + if (extra != 0) { | |
42223 | + dist -= base_dist[code]; | |
42224 | + send_bits(s, dist, extra); /* send the extra distance bits */ | |
42225 | + } | |
42226 | + } /* literal or match pair ? */ | |
42227 | + | |
42228 | + /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ | |
42229 | + Assert(s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow"); | |
42230 | + | |
42231 | + } while (lx < s->last_lit); | |
42232 | + | |
42233 | + send_code(s, END_BLOCK, ltree); | |
42234 | + s->last_eob_len = ltree[END_BLOCK].Len; | |
42235 | +} | |
42236 | + | |
42237 | +/* =========================================================================== | |
42238 | + * Set the data type to ASCII or BINARY, using a crude approximation: | |
42239 | + * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise. | |
42240 | + * IN assertion: the fields freq of dyn_ltree are set and the total of all | |
42241 | + * frequencies does not exceed 64K (to fit in an int on 16 bit machines). | |
42242 | + */ | |
42243 | +local void set_data_type(s) | |
42244 | + deflate_state *s; | |
42245 | +{ | |
42246 | + int n = 0; | |
42247 | + unsigned ascii_freq = 0; | |
42248 | + unsigned bin_freq = 0; | |
42249 | + while (n < 7) bin_freq += s->dyn_ltree[n++].Freq; | |
42250 | + while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq; | |
42251 | + while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq; | |
42252 | + s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? Z_BINARY : Z_ASCII); | |
42253 | +} | |
42254 | + | |
42255 | +/* =========================================================================== | |
42256 | + * Reverse the first len bits of a code, using straightforward code (a faster | |
42257 | + * method would use a table) | |
42258 | + * IN assertion: 1 <= len <= 15 | |
42259 | + */ | |
42260 | +local unsigned bi_reverse(code, len) | |
42261 | + unsigned code; /* the value to invert */ | |
42262 | + int len; /* its bit length */ | |
42263 | +{ | |
42264 | + register unsigned res = 0; | |
42265 | + do { | |
42266 | + res |= code & 1; | |
42267 | + code >>= 1, res <<= 1; | |
42268 | + } while (--len > 0); | |
42269 | + return res >> 1; | |
42270 | +} | |
42271 | + | |
42272 | +/* =========================================================================== | |
42273 | + * Flush the bit buffer, keeping at most 7 bits in it. | |
42274 | + */ | |
42275 | +local void bi_flush(s) | |
42276 | + deflate_state *s; | |
42277 | +{ | |
42278 | + if (s->bi_valid == 16) { | |
42279 | + put_short(s, s->bi_buf); | |
42280 | + s->bi_buf = 0; | |
42281 | + s->bi_valid = 0; | |
42282 | + } else if (s->bi_valid >= 8) { | |
42283 | + put_byte(s, (Byte)s->bi_buf); | |
42284 | + s->bi_buf >>= 8; | |
42285 | + s->bi_valid -= 8; | |
42286 | + } | |
42287 | +} | |
42288 | + | |
42289 | +/* =========================================================================== | |
42290 | + * Flush the bit buffer and align the output on a byte boundary | |
42291 | + */ | |
42292 | +local void bi_windup(s) | |
42293 | + deflate_state *s; | |
42294 | +{ | |
42295 | + if (s->bi_valid > 8) { | |
42296 | + put_short(s, s->bi_buf); | |
42297 | + } else if (s->bi_valid > 0) { | |
42298 | + put_byte(s, (Byte)s->bi_buf); | |
42299 | + } | |
42300 | + s->bi_buf = 0; | |
42301 | + s->bi_valid = 0; | |
42302 | +#ifdef DEBUG | |
42303 | + s->bits_sent = (s->bits_sent+7) & ~7; | |
42304 | +#endif | |
42305 | +} | |
42306 | + | |
42307 | +/* =========================================================================== | |
42308 | + * Copy a stored block, storing first the length and its | |
42309 | + * one's complement if requested. | |
42310 | + */ | |
42311 | +local void copy_block(s, buf, len, header) | |
42312 | + deflate_state *s; | |
42313 | + charf *buf; /* the input data */ | |
42314 | + unsigned len; /* its length */ | |
42315 | + int header; /* true if block header must be written */ | |
42316 | +{ | |
42317 | + bi_windup(s); /* align on byte boundary */ | |
42318 | + s->last_eob_len = 8; /* enough lookahead for inflate */ | |
42319 | + | |
42320 | + if (header) { | |
42321 | + put_short(s, (ush)len); | |
42322 | + put_short(s, (ush)~len); | |
42323 | +#ifdef DEBUG | |
42324 | + s->bits_sent += 2*16; | |
42325 | +#endif | |
42326 | + } | |
42327 | +#ifdef DEBUG | |
42328 | + s->bits_sent += (ulg)len<<3; | |
42329 | +#endif | |
42330 | + while (len--) { | |
42331 | + put_byte(s, *buf++); | |
42332 | + } | |
42333 | +} | |
42334 | diff -druN linux-noipsec/net/ipsec/zlib/trees.h linux/net/ipsec/zlib/trees.h | |
42335 | --- linux-noipsec/net/ipsec/zlib/trees.h Thu Jan 1 01:00:00 1970 | |
42336 | +++ linux/net/ipsec/zlib/trees.h Fri Sep 29 20:51:34 2000 | |
42337 | @@ -0,0 +1,128 @@ | |
42338 | +/* header created automatically with -DGEN_TREES_H */ | |
42339 | + | |
42340 | +local const ct_data static_ltree[L_CODES+2] = { | |
42341 | +{{ 12},{ 8}}, {{140},{ 8}}, {{ 76},{ 8}}, {{204},{ 8}}, {{ 44},{ 8}}, | |
42342 | +{{172},{ 8}}, {{108},{ 8}}, {{236},{ 8}}, {{ 28},{ 8}}, {{156},{ 8}}, | |
42343 | +{{ 92},{ 8}}, {{220},{ 8}}, {{ 60},{ 8}}, {{188},{ 8}}, {{124},{ 8}}, | |
42344 | +{{252},{ 8}}, {{ 2},{ 8}}, {{130},{ 8}}, {{ 66},{ 8}}, {{194},{ 8}}, | |
42345 | +{{ 34},{ 8}}, {{162},{ 8}}, {{ 98},{ 8}}, {{226},{ 8}}, {{ 18},{ 8}}, | |
42346 | +{{146},{ 8}}, {{ 82},{ 8}}, {{210},{ 8}}, {{ 50},{ 8}}, {{178},{ 8}}, | |
42347 | +{{114},{ 8}}, {{242},{ 8}}, {{ 10},{ 8}}, {{138},{ 8}}, {{ 74},{ 8}}, | |
42348 | +{{202},{ 8}}, {{ 42},{ 8}}, {{170},{ 8}}, {{106},{ 8}}, {{234},{ 8}}, | |
42349 | +{{ 26},{ 8}}, {{154},{ 8}}, {{ 90},{ 8}}, {{218},{ 8}}, {{ 58},{ 8}}, | |
42350 | +{{186},{ 8}}, {{122},{ 8}}, {{250},{ 8}}, {{ 6},{ 8}}, {{134},{ 8}}, | |
42351 | +{{ 70},{ 8}}, {{198},{ 8}}, {{ 38},{ 8}}, {{166},{ 8}}, {{102},{ 8}}, | |
42352 | +{{230},{ 8}}, {{ 22},{ 8}}, {{150},{ 8}}, {{ 86},{ 8}}, {{214},{ 8}}, | |
42353 | +{{ 54},{ 8}}, {{182},{ 8}}, {{118},{ 8}}, {{246},{ 8}}, {{ 14},{ 8}}, | |
42354 | +{{142},{ 8}}, {{ 78},{ 8}}, {{206},{ 8}}, {{ 46},{ 8}}, {{174},{ 8}}, | |
42355 | +{{110},{ 8}}, {{238},{ 8}}, {{ 30},{ 8}}, {{158},{ 8}}, {{ 94},{ 8}}, | |
42356 | +{{222},{ 8}}, {{ 62},{ 8}}, {{190},{ 8}}, {{126},{ 8}}, {{254},{ 8}}, | |
42357 | +{{ 1},{ 8}}, {{129},{ 8}}, {{ 65},{ 8}}, {{193},{ 8}}, {{ 33},{ 8}}, | |
42358 | +{{161},{ 8}}, {{ 97},{ 8}}, {{225},{ 8}}, {{ 17},{ 8}}, {{145},{ 8}}, | |
42359 | +{{ 81},{ 8}}, {{209},{ 8}}, {{ 49},{ 8}}, {{177},{ 8}}, {{113},{ 8}}, | |
42360 | +{{241},{ 8}}, {{ 9},{ 8}}, {{137},{ 8}}, {{ 73},{ 8}}, {{201},{ 8}}, | |
42361 | +{{ 41},{ 8}}, {{169},{ 8}}, {{105},{ 8}}, {{233},{ 8}}, {{ 25},{ 8}}, | |
42362 | +{{153},{ 8}}, {{ 89},{ 8}}, {{217},{ 8}}, {{ 57},{ 8}}, {{185},{ 8}}, | |
42363 | +{{121},{ 8}}, {{249},{ 8}}, {{ 5},{ 8}}, {{133},{ 8}}, {{ 69},{ 8}}, | |
42364 | +{{197},{ 8}}, {{ 37},{ 8}}, {{165},{ 8}}, {{101},{ 8}}, {{229},{ 8}}, | |
42365 | +{{ 21},{ 8}}, {{149},{ 8}}, {{ 85},{ 8}}, {{213},{ 8}}, {{ 53},{ 8}}, | |
42366 | +{{181},{ 8}}, {{117},{ 8}}, {{245},{ 8}}, {{ 13},{ 8}}, {{141},{ 8}}, | |
42367 | +{{ 77},{ 8}}, {{205},{ 8}}, {{ 45},{ 8}}, {{173},{ 8}}, {{109},{ 8}}, | |
42368 | +{{237},{ 8}}, {{ 29},{ 8}}, {{157},{ 8}}, {{ 93},{ 8}}, {{221},{ 8}}, | |
42369 | +{{ 61},{ 8}}, {{189},{ 8}}, {{125},{ 8}}, {{253},{ 8}}, {{ 19},{ 9}}, | |
42370 | +{{275},{ 9}}, {{147},{ 9}}, {{403},{ 9}}, {{ 83},{ 9}}, {{339},{ 9}}, | |
42371 | +{{211},{ 9}}, {{467},{ 9}}, {{ 51},{ 9}}, {{307},{ 9}}, {{179},{ 9}}, | |
42372 | +{{435},{ 9}}, {{115},{ 9}}, {{371},{ 9}}, {{243},{ 9}}, {{499},{ 9}}, | |
42373 | +{{ 11},{ 9}}, {{267},{ 9}}, {{139},{ 9}}, {{395},{ 9}}, {{ 75},{ 9}}, | |
42374 | +{{331},{ 9}}, {{203},{ 9}}, {{459},{ 9}}, {{ 43},{ 9}}, {{299},{ 9}}, | |
42375 | +{{171},{ 9}}, {{427},{ 9}}, {{107},{ 9}}, {{363},{ 9}}, {{235},{ 9}}, | |
42376 | +{{491},{ 9}}, {{ 27},{ 9}}, {{283},{ 9}}, {{155},{ 9}}, {{411},{ 9}}, | |
42377 | +{{ 91},{ 9}}, {{347},{ 9}}, {{219},{ 9}}, {{475},{ 9}}, {{ 59},{ 9}}, | |
42378 | +{{315},{ 9}}, {{187},{ 9}}, {{443},{ 9}}, {{123},{ 9}}, {{379},{ 9}}, | |
42379 | +{{251},{ 9}}, {{507},{ 9}}, {{ 7},{ 9}}, {{263},{ 9}}, {{135},{ 9}}, | |
42380 | +{{391},{ 9}}, {{ 71},{ 9}}, {{327},{ 9}}, {{199},{ 9}}, {{455},{ 9}}, | |
42381 | +{{ 39},{ 9}}, {{295},{ 9}}, {{167},{ 9}}, {{423},{ 9}}, {{103},{ 9}}, | |
42382 | +{{359},{ 9}}, {{231},{ 9}}, {{487},{ 9}}, {{ 23},{ 9}}, {{279},{ 9}}, | |
42383 | +{{151},{ 9}}, {{407},{ 9}}, {{ 87},{ 9}}, {{343},{ 9}}, {{215},{ 9}}, | |
42384 | +{{471},{ 9}}, {{ 55},{ 9}}, {{311},{ 9}}, {{183},{ 9}}, {{439},{ 9}}, | |
42385 | +{{119},{ 9}}, {{375},{ 9}}, {{247},{ 9}}, {{503},{ 9}}, {{ 15},{ 9}}, | |
42386 | +{{271},{ 9}}, {{143},{ 9}}, {{399},{ 9}}, {{ 79},{ 9}}, {{335},{ 9}}, | |
42387 | +{{207},{ 9}}, {{463},{ 9}}, {{ 47},{ 9}}, {{303},{ 9}}, {{175},{ 9}}, | |
42388 | +{{431},{ 9}}, {{111},{ 9}}, {{367},{ 9}}, {{239},{ 9}}, {{495},{ 9}}, | |
42389 | +{{ 31},{ 9}}, {{287},{ 9}}, {{159},{ 9}}, {{415},{ 9}}, {{ 95},{ 9}}, | |
42390 | +{{351},{ 9}}, {{223},{ 9}}, {{479},{ 9}}, {{ 63},{ 9}}, {{319},{ 9}}, | |
42391 | +{{191},{ 9}}, {{447},{ 9}}, {{127},{ 9}}, {{383},{ 9}}, {{255},{ 9}}, | |
42392 | +{{511},{ 9}}, {{ 0},{ 7}}, {{ 64},{ 7}}, {{ 32},{ 7}}, {{ 96},{ 7}}, | |
42393 | +{{ 16},{ 7}}, {{ 80},{ 7}}, {{ 48},{ 7}}, {{112},{ 7}}, {{ 8},{ 7}}, | |
42394 | +{{ 72},{ 7}}, {{ 40},{ 7}}, {{104},{ 7}}, {{ 24},{ 7}}, {{ 88},{ 7}}, | |
42395 | +{{ 56},{ 7}}, {{120},{ 7}}, {{ 4},{ 7}}, {{ 68},{ 7}}, {{ 36},{ 7}}, | |
42396 | +{{100},{ 7}}, {{ 20},{ 7}}, {{ 84},{ 7}}, {{ 52},{ 7}}, {{116},{ 7}}, | |
42397 | +{{ 3},{ 8}}, {{131},{ 8}}, {{ 67},{ 8}}, {{195},{ 8}}, {{ 35},{ 8}}, | |
42398 | +{{163},{ 8}}, {{ 99},{ 8}}, {{227},{ 8}} | |
42399 | +}; | |
42400 | + | |
42401 | +local const ct_data static_dtree[D_CODES] = { | |
42402 | +{{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}}, | |
42403 | +{{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}}, | |
42404 | +{{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}}, | |
42405 | +{{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}}, | |
42406 | +{{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}}, | |
42407 | +{{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}} | |
42408 | +}; | |
42409 | + | |
42410 | +const uch _dist_code[DIST_CODE_LEN] = { | |
42411 | + 0, 1, 2, 3, 4, 4, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, 8, 8, 8, 8, | |
42412 | + 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 9, 9, 10, 10, 10, 10, 10, 10, 10, 10, | |
42413 | +10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, | |
42414 | +11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, | |
42415 | +12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13, | |
42416 | +13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, | |
42417 | +13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, | |
42418 | +14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, | |
42419 | +14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, | |
42420 | +14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, | |
42421 | +15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, | |
42422 | +15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, | |
42423 | +15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 0, 0, 16, 17, | |
42424 | +18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22, | |
42425 | +23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, | |
42426 | +24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, | |
42427 | +26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, | |
42428 | +26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, | |
42429 | +27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, | |
42430 | +27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, | |
42431 | +28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, | |
42432 | +28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, | |
42433 | +28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, | |
42434 | +29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, | |
42435 | +29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, | |
42436 | +29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29 | |
42437 | +}; | |
42438 | + | |
42439 | +const uch _length_code[MAX_MATCH-MIN_MATCH+1]= { | |
42440 | + 0, 1, 2, 3, 4, 5, 6, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 12, 12, | |
42441 | +13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16, | |
42442 | +17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19, | |
42443 | +19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, | |
42444 | +21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22, | |
42445 | +22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23, | |
42446 | +23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, | |
42447 | +24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, | |
42448 | +25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, | |
42449 | +25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26, | |
42450 | +26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, | |
42451 | +26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, | |
42452 | +27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28 | |
42453 | +}; | |
42454 | + | |
42455 | +local const int base_length[LENGTH_CODES] = { | |
42456 | +0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56, | |
42457 | +64, 80, 96, 112, 128, 160, 192, 224, 0 | |
42458 | +}; | |
42459 | + | |
42460 | +local const int base_dist[D_CODES] = { | |
42461 | + 0, 1, 2, 3, 4, 6, 8, 12, 16, 24, | |
42462 | + 32, 48, 64, 96, 128, 192, 256, 384, 512, 768, | |
42463 | + 1024, 1536, 2048, 3072, 4096, 6144, 8192, 12288, 16384, 24576 | |
42464 | +}; | |
42465 | + | |
42466 | diff -druN linux-noipsec/net/ipsec/zlib/zconf.h linux/net/ipsec/zlib/zconf.h | |
42467 | --- linux-noipsec/net/ipsec/zlib/zconf.h Thu Jan 1 01:00:00 1970 | |
42468 | +++ linux/net/ipsec/zlib/zconf.h Fri Sep 29 20:51:34 2000 | |
42469 | @@ -0,0 +1,309 @@ | |
42470 | +/* zconf.h -- configuration of the zlib compression library | |
42471 | + * Copyright (C) 1995-1998 Jean-loup Gailly. | |
42472 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
42473 | + */ | |
42474 | + | |
42475 | +/* @(#) $Id$ */ | |
42476 | + | |
42477 | +#ifndef _ZCONF_H | |
42478 | +#define _ZCONF_H | |
42479 | + | |
42480 | +/* | |
42481 | + * If you *really* need a unique prefix for all types and library functions, | |
42482 | + * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. | |
42483 | + */ | |
42484 | +#ifdef IPCOMP_PREFIX | |
42485 | +# define deflateInit_ ipcomp_deflateInit_ | |
42486 | +# define deflate ipcomp_deflate | |
42487 | +# define deflateEnd ipcomp_deflateEnd | |
42488 | +# define inflateInit_ ipcomp_inflateInit_ | |
42489 | +# define inflate ipcomp_inflate | |
42490 | +# define inflateEnd ipcomp_inflateEnd | |
42491 | +# define deflateInit2_ ipcomp_deflateInit2_ | |
42492 | +# define deflateSetDictionary ipcomp_deflateSetDictionary | |
42493 | +# define deflateCopy ipcomp_deflateCopy | |
42494 | +# define deflateReset ipcomp_deflateReset | |
42495 | +# define deflateParams ipcomp_deflateParams | |
42496 | +# define inflateInit2_ ipcomp_inflateInit2_ | |
42497 | +# define inflateSetDictionary ipcomp_inflateSetDictionary | |
42498 | +# define inflateSync ipcomp_inflateSync | |
42499 | +# define inflateSyncPoint ipcomp_inflateSyncPoint | |
42500 | +# define inflateReset ipcomp_inflateReset | |
42501 | +# define compress ipcomp_compress | |
42502 | +# define compress2 ipcomp_compress2 | |
42503 | +# define uncompress ipcomp_uncompress | |
42504 | +# define adler32 ipcomp_adler32 | |
42505 | +# define crc32 ipcomp_crc32 | |
42506 | +# define get_crc_table ipcomp_get_crc_table | |
42507 | +/* SSS: these also need to be prefixed to avoid clash with ppp_deflate and ext2compression */ | |
42508 | +# define inflate_blocks ipcomp_deflate_blocks | |
42509 | +# define inflate_blocks_free ipcomp_deflate_blocks_free | |
42510 | +# define inflate_blocks_new ipcomp_inflate_blocks_new | |
42511 | +# define inflate_blocks_reset ipcomp_inflate_blocks_reset | |
42512 | +# define inflate_blocks_sync_point ipcomp_inflate_blocks_sync_point | |
42513 | +# define inflate_set_dictionary ipcomp_inflate_set_dictionary | |
42514 | +# define inflate_codes ipcomp_inflate_codes | |
42515 | +# define inflate_codes_free ipcomp_inflate_codes_free | |
42516 | +# define inflate_codes_new ipcomp_inflate_codes_new | |
42517 | +# define inflate_fast ipcomp_inflate_fast | |
42518 | +# define inflate_trees_bits ipcomp_inflate_trees_bits | |
42519 | +# define inflate_trees_dynamic ipcomp_inflate_trees_dynamic | |
42520 | +# define inflate_trees_fixed ipcomp_inflate_trees_fixed | |
42521 | +# define inflate_flush ipcomp_inflate_flush | |
42522 | +# define inflate_mask ipcomp_inflate_mask | |
42523 | +# define _dist_code _ipcomp_dist_code | |
42524 | +# define _length_code _ipcomp_length_code | |
42525 | +# define _tr_align _ipcomp_tr_align | |
42526 | +# define _tr_flush_block _ipcomp_tr_flush_block | |
42527 | +# define _tr_init _ipcomp_tr_init | |
42528 | +# define _tr_stored_block _ipcomp_tr_stored_block | |
42529 | +# define _tr_tally _ipcomp_tr_tally | |
42530 | +# define zError ipcomp_zError | |
42531 | +# define z_errmsg ipcomp_z_errmsg | |
42532 | +# define zlibVersion ipcomp_zlibVersion | |
42533 | +# define match_init ipcomp_match_init | |
42534 | +# define longest_match ipcomp_longest_match | |
42535 | +#endif | |
42536 | + | |
42537 | +#ifdef Z_PREFIX | |
42538 | +# define Byte z_Byte | |
42539 | +# define uInt z_uInt | |
42540 | +# define uLong z_uLong | |
42541 | +# define Bytef z_Bytef | |
42542 | +# define charf z_charf | |
42543 | +# define intf z_intf | |
42544 | +# define uIntf z_uIntf | |
42545 | +# define uLongf z_uLongf | |
42546 | +# define voidpf z_voidpf | |
42547 | +# define voidp z_voidp | |
42548 | +#endif | |
42549 | + | |
42550 | +#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) | |
42551 | +# define WIN32 | |
42552 | +#endif | |
42553 | +#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386) | |
42554 | +# ifndef __32BIT__ | |
42555 | +# define __32BIT__ | |
42556 | +# endif | |
42557 | +#endif | |
42558 | +#if defined(__MSDOS__) && !defined(MSDOS) | |
42559 | +# define MSDOS | |
42560 | +#endif | |
42561 | + | |
42562 | +/* | |
42563 | + * Compile with -DMAXSEG_64K if the alloc function cannot allocate more | |
42564 | + * than 64k bytes at a time (needed on systems with 16-bit int). | |
42565 | + */ | |
42566 | +#if defined(MSDOS) && !defined(__32BIT__) | |
42567 | +# define MAXSEG_64K | |
42568 | +#endif | |
42569 | +#ifdef MSDOS | |
42570 | +# define UNALIGNED_OK | |
42571 | +#endif | |
42572 | + | |
42573 | +#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32)) && !defined(STDC) | |
42574 | +# define STDC | |
42575 | +#endif | |
42576 | +#if defined(__STDC__) || defined(__cplusplus) || defined(__OS2__) | |
42577 | +# ifndef STDC | |
42578 | +# define STDC | |
42579 | +# endif | |
42580 | +#endif | |
42581 | + | |
42582 | +#ifndef STDC | |
42583 | +# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */ | |
42584 | +# define const | |
42585 | +# endif | |
42586 | +#endif | |
42587 | + | |
42588 | +/* Some Mac compilers merge all .h files incorrectly: */ | |
42589 | +#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__) | |
42590 | +# define NO_DUMMY_DECL | |
42591 | +#endif | |
42592 | + | |
42593 | +/* Old Borland C incorrectly complains about missing returns: */ | |
42594 | +#if defined(__BORLANDC__) && (__BORLANDC__ < 0x500) | |
42595 | +# define NEED_DUMMY_RETURN | |
42596 | +#endif | |
42597 | + | |
42598 | + | |
42599 | +/* Maximum value for memLevel in deflateInit2 */ | |
42600 | +#ifndef MAX_MEM_LEVEL | |
42601 | +# ifdef MAXSEG_64K | |
42602 | +# define MAX_MEM_LEVEL 8 | |
42603 | +# else | |
42604 | +# define MAX_MEM_LEVEL 9 | |
42605 | +# endif | |
42606 | +#endif | |
42607 | + | |
42608 | +/* Maximum value for windowBits in deflateInit2 and inflateInit2. | |
42609 | + * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files | |
42610 | + * created by gzip. (Files created by minigzip can still be extracted by | |
42611 | + * gzip.) | |
42612 | + */ | |
42613 | +#ifndef MAX_WBITS | |
42614 | +# define MAX_WBITS 15 /* 32K LZ77 window */ | |
42615 | +#endif | |
42616 | + | |
42617 | +/* The memory requirements for deflate are (in bytes): | |
42618 | + (1 << (windowBits+2)) + (1 << (memLevel+9)) | |
42619 | + that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) | |
42620 | + plus a few kilobytes for small objects. For example, if you want to reduce | |
42621 | + the default memory requirements from 256K to 128K, compile with | |
42622 | + make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" | |
42623 | + Of course this will generally degrade compression (there's no free lunch). | |
42624 | + | |
42625 | + The memory requirements for inflate are (in bytes) 1 << windowBits | |
42626 | + that is, 32K for windowBits=15 (default value) plus a few kilobytes | |
42627 | + for small objects. | |
42628 | +*/ | |
42629 | + | |
42630 | + /* Type declarations */ | |
42631 | + | |
42632 | +#ifndef OF /* function prototypes */ | |
42633 | +# ifdef STDC | |
42634 | +# define OF(args) args | |
42635 | +# else | |
42636 | +# define OF(args) () | |
42637 | +# endif | |
42638 | +#endif | |
42639 | + | |
42640 | +/* The following definitions for FAR are needed only for MSDOS mixed | |
42641 | + * model programming (small or medium model with some far allocations). | |
42642 | + * This was tested only with MSC; for other MSDOS compilers you may have | |
42643 | + * to define NO_MEMCPY in zutil.h. If you don't need the mixed model, | |
42644 | + * just define FAR to be empty. | |
42645 | + */ | |
42646 | +#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__) | |
42647 | + /* MSC small or medium model */ | |
42648 | +# define SMALL_MEDIUM | |
42649 | +# ifdef _MSC_VER | |
42650 | +# define FAR _far | |
42651 | +# else | |
42652 | +# define FAR far | |
42653 | +# endif | |
42654 | +#endif | |
42655 | +#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__)) | |
42656 | +# ifndef __32BIT__ | |
42657 | +# define SMALL_MEDIUM | |
42658 | +# define FAR _far | |
42659 | +# endif | |
42660 | +#endif | |
42661 | + | |
42662 | +/* Compile with -DZLIB_DLL for Windows DLL support */ | |
42663 | +#if defined(ZLIB_DLL) | |
42664 | +# if defined(_WINDOWS) || defined(WINDOWS) | |
42665 | +# ifdef FAR | |
42666 | +# undef FAR | |
42667 | +# endif | |
42668 | +# include <windows.h> | |
42669 | +# define ZEXPORT WINAPI | |
42670 | +# ifdef WIN32 | |
42671 | +# define ZEXPORTVA WINAPIV | |
42672 | +# else | |
42673 | +# define ZEXPORTVA FAR _cdecl _export | |
42674 | +# endif | |
42675 | +# endif | |
42676 | +# if defined (__BORLANDC__) | |
42677 | +# if (__BORLANDC__ >= 0x0500) && defined (WIN32) | |
42678 | +# include <windows.h> | |
42679 | +# define ZEXPORT __declspec(dllexport) WINAPI | |
42680 | +# define ZEXPORTRVA __declspec(dllexport) WINAPIV | |
42681 | +# else | |
42682 | +# if defined (_Windows) && defined (__DLL__) | |
42683 | +# define ZEXPORT _export | |
42684 | +# define ZEXPORTVA _export | |
42685 | +# endif | |
42686 | +# endif | |
42687 | +# endif | |
42688 | +#endif | |
42689 | + | |
42690 | +#if defined (__BEOS__) | |
42691 | +# if defined (ZLIB_DLL) | |
42692 | +# define ZEXTERN extern __declspec(dllexport) | |
42693 | +# else | |
42694 | +# define ZEXTERN extern __declspec(dllimport) | |
42695 | +# endif | |
42696 | +#endif | |
42697 | + | |
42698 | +#ifndef ZEXPORT | |
42699 | +# define ZEXPORT | |
42700 | +#endif | |
42701 | +#ifndef ZEXPORTVA | |
42702 | +# define ZEXPORTVA | |
42703 | +#endif | |
42704 | +#ifndef ZEXTERN | |
42705 | +# define ZEXTERN extern | |
42706 | +#endif | |
42707 | + | |
42708 | +#ifndef FAR | |
42709 | +# define FAR | |
42710 | +#endif | |
42711 | + | |
42712 | +#if !defined(MACOS) && !defined(TARGET_OS_MAC) | |
42713 | +typedef unsigned char Byte; /* 8 bits */ | |
42714 | +#endif | |
42715 | +typedef unsigned int uInt; /* 16 bits or more */ | |
42716 | +typedef unsigned long uLong; /* 32 bits or more */ | |
42717 | + | |
42718 | +#ifdef SMALL_MEDIUM | |
42719 | + /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */ | |
42720 | +# define Bytef Byte FAR | |
42721 | +#else | |
42722 | + typedef Byte FAR Bytef; | |
42723 | +#endif | |
42724 | +typedef char FAR charf; | |
42725 | +typedef int FAR intf; | |
42726 | +typedef uInt FAR uIntf; | |
42727 | +typedef uLong FAR uLongf; | |
42728 | + | |
42729 | +#ifdef STDC | |
42730 | + typedef void FAR *voidpf; | |
42731 | + typedef void *voidp; | |
42732 | +#else | |
42733 | + typedef Byte FAR *voidpf; | |
42734 | + typedef Byte *voidp; | |
42735 | +#endif | |
42736 | + | |
42737 | +#ifdef HAVE_UNISTD_H | |
42738 | +# include <sys/types.h> /* for off_t */ | |
42739 | +# include <unistd.h> /* for SEEK_* and off_t */ | |
42740 | +# define z_off_t off_t | |
42741 | +#endif | |
42742 | +#ifndef SEEK_SET | |
42743 | +# define SEEK_SET 0 /* Seek from beginning of file. */ | |
42744 | +# define SEEK_CUR 1 /* Seek from current position. */ | |
42745 | +# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ | |
42746 | +#endif | |
42747 | +#ifndef z_off_t | |
42748 | +# define z_off_t long | |
42749 | +#endif | |
42750 | + | |
42751 | +/* MVS linker does not support external names larger than 8 bytes */ | |
42752 | +#if defined(__MVS__) | |
42753 | +# pragma map(deflateInit_,"DEIN") | |
42754 | +# pragma map(deflateInit2_,"DEIN2") | |
42755 | +# pragma map(deflateEnd,"DEEND") | |
42756 | +# pragma map(inflateInit_,"ININ") | |
42757 | +# pragma map(inflateInit2_,"ININ2") | |
42758 | +# pragma map(inflateEnd,"INEND") | |
42759 | +# pragma map(inflateSync,"INSY") | |
42760 | +# pragma map(inflateSetDictionary,"INSEDI") | |
42761 | +# pragma map(inflate_blocks,"INBL") | |
42762 | +# pragma map(inflate_blocks_new,"INBLNE") | |
42763 | +# pragma map(inflate_blocks_free,"INBLFR") | |
42764 | +# pragma map(inflate_blocks_reset,"INBLRE") | |
42765 | +# pragma map(inflate_codes_free,"INCOFR") | |
42766 | +# pragma map(inflate_codes,"INCO") | |
42767 | +# pragma map(inflate_fast,"INFA") | |
42768 | +# pragma map(inflate_flush,"INFLU") | |
42769 | +# pragma map(inflate_mask,"INMA") | |
42770 | +# pragma map(inflate_set_dictionary,"INSEDI2") | |
42771 | +# pragma map(ipcomp_inflate_copyright,"INCOPY") | |
42772 | +# pragma map(inflate_trees_bits,"INTRBI") | |
42773 | +# pragma map(inflate_trees_dynamic,"INTRDY") | |
42774 | +# pragma map(inflate_trees_fixed,"INTRFI") | |
42775 | +# pragma map(inflate_trees_free,"INTRFR") | |
42776 | +#endif | |
42777 | + | |
42778 | +#endif /* _ZCONF_H */ | |
42779 | diff -druN linux-noipsec/net/ipsec/zlib/zlib.h linux/net/ipsec/zlib/zlib.h | |
42780 | --- linux-noipsec/net/ipsec/zlib/zlib.h Thu Jan 1 01:00:00 1970 | |
42781 | +++ linux/net/ipsec/zlib/zlib.h Fri Sep 29 20:51:34 2000 | |
42782 | @@ -0,0 +1,893 @@ | |
42783 | +/* zlib.h -- interface of the 'zlib' general purpose compression library | |
42784 | + version 1.1.3, July 9th, 1998 | |
42785 | + | |
42786 | + Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler | |
42787 | + | |
42788 | + This software is provided 'as-is', without any express or implied | |
42789 | + warranty. In no event will the authors be held liable for any damages | |
42790 | + arising from the use of this software. | |
42791 | + | |
42792 | + Permission is granted to anyone to use this software for any purpose, | |
42793 | + including commercial applications, and to alter it and redistribute it | |
42794 | + freely, subject to the following restrictions: | |
42795 | + | |
42796 | + 1. The origin of this software must not be misrepresented; you must not | |
42797 | + claim that you wrote the original software. If you use this software | |
42798 | + in a product, an acknowledgment in the product documentation would be | |
42799 | + appreciated but is not required. | |
42800 | + 2. Altered source versions must be plainly marked as such, and must not be | |
42801 | + misrepresented as being the original software. | |
42802 | + 3. This notice may not be removed or altered from any source distribution. | |
42803 | + | |
42804 | + Jean-loup Gailly Mark Adler | |
42805 | + jloup@gzip.org madler@alumni.caltech.edu | |
42806 | + | |
42807 | + | |
42808 | + The data format used by the zlib library is described by RFCs (Request for | |
42809 | + Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt | |
42810 | + (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format). | |
42811 | +*/ | |
42812 | + | |
42813 | +#ifndef _ZLIB_H | |
42814 | +#define _ZLIB_H | |
42815 | + | |
42816 | +#include "zconf.h" | |
42817 | + | |
42818 | +#ifdef __cplusplus | |
42819 | +extern "C" { | |
42820 | +#endif | |
42821 | + | |
42822 | +#define ZLIB_VERSION "1.1.3" | |
42823 | + | |
42824 | +/* | |
42825 | + The 'zlib' compression library provides in-memory compression and | |
42826 | + decompression functions, including integrity checks of the uncompressed | |
42827 | + data. This version of the library supports only one compression method | |
42828 | + (deflation) but other algorithms will be added later and will have the same | |
42829 | + stream interface. | |
42830 | + | |
42831 | + Compression can be done in a single step if the buffers are large | |
42832 | + enough (for example if an input file is mmap'ed), or can be done by | |
42833 | + repeated calls of the compression function. In the latter case, the | |
42834 | + application must provide more input and/or consume the output | |
42835 | + (providing more output space) before each call. | |
42836 | + | |
42837 | + The library also supports reading and writing files in gzip (.gz) format | |
42838 | + with an interface similar to that of stdio. | |
42839 | + | |
42840 | + The library does not install any signal handler. The decoder checks | |
42841 | + the consistency of the compressed data, so the library should never | |
42842 | + crash even in case of corrupted input. | |
42843 | +*/ | |
42844 | + | |
42845 | +typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size)); | |
42846 | +typedef void (*free_func) OF((voidpf opaque, voidpf address)); | |
42847 | + | |
42848 | +struct internal_state; | |
42849 | + | |
42850 | +typedef struct z_stream_s { | |
42851 | + Bytef *next_in; /* next input byte */ | |
42852 | + uInt avail_in; /* number of bytes available at next_in */ | |
42853 | + uLong total_in; /* total nb of input bytes read so far */ | |
42854 | + | |
42855 | + Bytef *next_out; /* next output byte should be put there */ | |
42856 | + uInt avail_out; /* remaining free space at next_out */ | |
42857 | + uLong total_out; /* total nb of bytes output so far */ | |
42858 | + | |
42859 | + const char *msg; /* last error message, NULL if no error */ | |
42860 | + struct internal_state FAR *state; /* not visible by applications */ | |
42861 | + | |
42862 | + alloc_func zalloc; /* used to allocate the internal state */ | |
42863 | + free_func zfree; /* used to free the internal state */ | |
42864 | + voidpf opaque; /* private data object passed to zalloc and zfree */ | |
42865 | + | |
42866 | + int data_type; /* best guess about the data type: ascii or binary */ | |
42867 | + uLong adler; /* adler32 value of the uncompressed data */ | |
42868 | + uLong reserved; /* reserved for future use */ | |
42869 | +} z_stream; | |
42870 | + | |
42871 | +typedef z_stream FAR *z_streamp; | |
42872 | + | |
42873 | +/* | |
42874 | + The application must update next_in and avail_in when avail_in has | |
42875 | + dropped to zero. It must update next_out and avail_out when avail_out | |
42876 | + has dropped to zero. The application must initialize zalloc, zfree and | |
42877 | + opaque before calling the init function. All other fields are set by the | |
42878 | + compression library and must not be updated by the application. | |
42879 | + | |
42880 | + The opaque value provided by the application will be passed as the first | |
42881 | + parameter for calls of zalloc and zfree. This can be useful for custom | |
42882 | + memory management. The compression library attaches no meaning to the | |
42883 | + opaque value. | |
42884 | + | |
42885 | + zalloc must return Z_NULL if there is not enough memory for the object. | |
42886 | + If zlib is used in a multi-threaded application, zalloc and zfree must be | |
42887 | + thread safe. | |
42888 | + | |
42889 | + On 16-bit systems, the functions zalloc and zfree must be able to allocate | |
42890 | + exactly 65536 bytes, but will not be required to allocate more than this | |
42891 | + if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS, | |
42892 | + pointers returned by zalloc for objects of exactly 65536 bytes *must* | |
42893 | + have their offset normalized to zero. The default allocation function | |
42894 | + provided by this library ensures this (see zutil.c). To reduce memory | |
42895 | + requirements and avoid any allocation of 64K objects, at the expense of | |
42896 | + compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h). | |
42897 | + | |
42898 | + The fields total_in and total_out can be used for statistics or | |
42899 | + progress reports. After compression, total_in holds the total size of | |
42900 | + the uncompressed data and may be saved for use in the decompressor | |
42901 | + (particularly if the decompressor wants to decompress everything in | |
42902 | + a single step). | |
42903 | +*/ | |
42904 | + | |
42905 | + /* constants */ | |
42906 | + | |
42907 | +#define Z_NO_FLUSH 0 | |
42908 | +#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */ | |
42909 | +#define Z_SYNC_FLUSH 2 | |
42910 | +#define Z_FULL_FLUSH 3 | |
42911 | +#define Z_FINISH 4 | |
42912 | +/* Allowed flush values; see deflate() below for details */ | |
42913 | + | |
42914 | +#define Z_OK 0 | |
42915 | +#define Z_STREAM_END 1 | |
42916 | +#define Z_NEED_DICT 2 | |
42917 | +#define Z_ERRNO (-1) | |
42918 | +#define Z_STREAM_ERROR (-2) | |
42919 | +#define Z_DATA_ERROR (-3) | |
42920 | +#define Z_MEM_ERROR (-4) | |
42921 | +#define Z_BUF_ERROR (-5) | |
42922 | +#define Z_VERSION_ERROR (-6) | |
42923 | +/* Return codes for the compression/decompression functions. Negative | |
42924 | + * values are errors, positive values are used for special but normal events. | |
42925 | + */ | |
42926 | + | |
42927 | +#define Z_NO_COMPRESSION 0 | |
42928 | +#define Z_BEST_SPEED 1 | |
42929 | +#define Z_BEST_COMPRESSION 9 | |
42930 | +#define Z_DEFAULT_COMPRESSION (-1) | |
42931 | +/* compression levels */ | |
42932 | + | |
42933 | +#define Z_FILTERED 1 | |
42934 | +#define Z_HUFFMAN_ONLY 2 | |
42935 | +#define Z_DEFAULT_STRATEGY 0 | |
42936 | +/* compression strategy; see deflateInit2() below for details */ | |
42937 | + | |
42938 | +#define Z_BINARY 0 | |
42939 | +#define Z_ASCII 1 | |
42940 | +#define Z_UNKNOWN 2 | |
42941 | +/* Possible values of the data_type field */ | |
42942 | + | |
42943 | +#define Z_DEFLATED 8 | |
42944 | +/* The deflate compression method (the only one supported in this version) */ | |
42945 | + | |
42946 | +#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */ | |
42947 | + | |
42948 | +#define zlib_version zlibVersion() | |
42949 | +/* for compatibility with versions < 1.0.2 */ | |
42950 | + | |
42951 | + /* basic functions */ | |
42952 | + | |
42953 | +ZEXTERN const char * ZEXPORT zlibVersion OF((void)); | |
42954 | +/* The application can compare zlibVersion and ZLIB_VERSION for consistency. | |
42955 | + If the first character differs, the library code actually used is | |
42956 | + not compatible with the zlib.h header file used by the application. | |
42957 | + This check is automatically made by deflateInit and inflateInit. | |
42958 | + */ | |
42959 | + | |
42960 | +/* | |
42961 | +ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level)); | |
42962 | + | |
42963 | + Initializes the internal stream state for compression. The fields | |
42964 | + zalloc, zfree and opaque must be initialized before by the caller. | |
42965 | + If zalloc and zfree are set to Z_NULL, deflateInit updates them to | |
42966 | + use default allocation functions. | |
42967 | + | |
42968 | + The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9: | |
42969 | + 1 gives best speed, 9 gives best compression, 0 gives no compression at | |
42970 | + all (the input data is simply copied a block at a time). | |
42971 | + Z_DEFAULT_COMPRESSION requests a default compromise between speed and | |
42972 | + compression (currently equivalent to level 6). | |
42973 | + | |
42974 | + deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not | |
42975 | + enough memory, Z_STREAM_ERROR if level is not a valid compression level, | |
42976 | + Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible | |
42977 | + with the version assumed by the caller (ZLIB_VERSION). | |
42978 | + msg is set to null if there is no error message. deflateInit does not | |
42979 | + perform any compression: this will be done by deflate(). | |
42980 | +*/ | |
42981 | + | |
42982 | + | |
42983 | +ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush)); | |
42984 | +/* | |
42985 | + deflate compresses as much data as possible, and stops when the input | |
42986 | + buffer becomes empty or the output buffer becomes full. It may introduce some | |
42987 | + output latency (reading input without producing any output) except when | |
42988 | + forced to flush. | |
42989 | + | |
42990 | + The detailed semantics are as follows. deflate performs one or both of the | |
42991 | + following actions: | |
42992 | + | |
42993 | + - Compress more input starting at next_in and update next_in and avail_in | |
42994 | + accordingly. If not all input can be processed (because there is not | |
42995 | + enough room in the output buffer), next_in and avail_in are updated and | |
42996 | + processing will resume at this point for the next call of deflate(). | |
42997 | + | |
42998 | + - Provide more output starting at next_out and update next_out and avail_out | |
42999 | + accordingly. This action is forced if the parameter flush is non zero. | |
43000 | + Forcing flush frequently degrades the compression ratio, so this parameter | |
43001 | + should be set only when necessary (in interactive applications). | |
43002 | + Some output may be provided even if flush is not set. | |
43003 | + | |
43004 | + Before the call of deflate(), the application should ensure that at least | |
43005 | + one of the actions is possible, by providing more input and/or consuming | |
43006 | + more output, and updating avail_in or avail_out accordingly; avail_out | |
43007 | + should never be zero before the call. The application can consume the | |
43008 | + compressed output when it wants, for example when the output buffer is full | |
43009 | + (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK | |
43010 | + and with zero avail_out, it must be called again after making room in the | |
43011 | + output buffer because there might be more output pending. | |
43012 | + | |
43013 | + If the parameter flush is set to Z_SYNC_FLUSH, all pending output is | |
43014 | + flushed to the output buffer and the output is aligned on a byte boundary, so | |
43015 | + that the decompressor can get all input data available so far. (In particular | |
43016 | + avail_in is zero after the call if enough output space has been provided | |
43017 | + before the call.) Flushing may degrade compression for some compression | |
43018 | + algorithms and so it should be used only when necessary. | |
43019 | + | |
43020 | + If flush is set to Z_FULL_FLUSH, all output is flushed as with | |
43021 | + Z_SYNC_FLUSH, and the compression state is reset so that decompression can | |
43022 | + restart from this point if previous compressed data has been damaged or if | |
43023 | + random access is desired. Using Z_FULL_FLUSH too often can seriously degrade | |
43024 | + the compression. | |
43025 | + | |
43026 | + If deflate returns with avail_out == 0, this function must be called again | |
43027 | + with the same value of the flush parameter and more output space (updated | |
43028 | + avail_out), until the flush is complete (deflate returns with non-zero | |
43029 | + avail_out). | |
43030 | + | |
43031 | + If the parameter flush is set to Z_FINISH, pending input is processed, | |
43032 | + pending output is flushed and deflate returns with Z_STREAM_END if there | |
43033 | + was enough output space; if deflate returns with Z_OK, this function must be | |
43034 | + called again with Z_FINISH and more output space (updated avail_out) but no | |
43035 | + more input data, until it returns with Z_STREAM_END or an error. After | |
43036 | + deflate has returned Z_STREAM_END, the only possible operations on the | |
43037 | + stream are deflateReset or deflateEnd. | |
43038 | + | |
43039 | + Z_FINISH can be used immediately after deflateInit if all the compression | |
43040 | + is to be done in a single step. In this case, avail_out must be at least | |
43041 | + 0.1% larger than avail_in plus 12 bytes. If deflate does not return | |
43042 | + Z_STREAM_END, then it must be called again as described above. | |
43043 | + | |
43044 | + deflate() sets strm->adler to the adler32 checksum of all input read | |
43045 | + so far (that is, total_in bytes). | |
43046 | + | |
43047 | + deflate() may update data_type if it can make a good guess about | |
43048 | + the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered | |
43049 | + binary. This field is only for information purposes and does not affect | |
43050 | + the compression algorithm in any manner. | |
43051 | + | |
43052 | + deflate() returns Z_OK if some progress has been made (more input | |
43053 | + processed or more output produced), Z_STREAM_END if all input has been | |
43054 | + consumed and all output has been produced (only when flush is set to | |
43055 | + Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example | |
43056 | + if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible | |
43057 | + (for example avail_in or avail_out was zero). | |
43058 | +*/ | |
43059 | + | |
43060 | + | |
43061 | +ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm)); | |
43062 | +/* | |
43063 | + All dynamically allocated data structures for this stream are freed. | |
43064 | + This function discards any unprocessed input and does not flush any | |
43065 | + pending output. | |
43066 | + | |
43067 | + deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the | |
43068 | + stream state was inconsistent, Z_DATA_ERROR if the stream was freed | |
43069 | + prematurely (some input or output was discarded). In the error case, | |
43070 | + msg may be set but then points to a static string (which must not be | |
43071 | + deallocated). | |
43072 | +*/ | |
43073 | + | |
43074 | + | |
43075 | +/* | |
43076 | +ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm)); | |
43077 | + | |
43078 | + Initializes the internal stream state for decompression. The fields | |
43079 | + next_in, avail_in, zalloc, zfree and opaque must be initialized before by | |
43080 | + the caller. If next_in is not Z_NULL and avail_in is large enough (the exact | |
43081 | + value depends on the compression method), inflateInit determines the | |
43082 | + compression method from the zlib header and allocates all data structures | |
43083 | + accordingly; otherwise the allocation will be deferred to the first call of | |
43084 | + inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to | |
43085 | + use default allocation functions. | |
43086 | + | |
43087 | + inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough | |
43088 | + memory, Z_VERSION_ERROR if the zlib library version is incompatible with the | |
43089 | + version assumed by the caller. msg is set to null if there is no error | |
43090 | + message. inflateInit does not perform any decompression apart from reading | |
43091 | + the zlib header if present: this will be done by inflate(). (So next_in and | |
43092 | + avail_in may be modified, but next_out and avail_out are unchanged.) | |
43093 | +*/ | |
43094 | + | |
43095 | + | |
43096 | +ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush)); | |
43097 | +/* | |
43098 | + inflate decompresses as much data as possible, and stops when the input | |
43099 | + buffer becomes empty or the output buffer becomes full. It may some | |
43100 | + introduce some output latency (reading input without producing any output) | |
43101 | + except when forced to flush. | |
43102 | + | |
43103 | + The detailed semantics are as follows. inflate performs one or both of the | |
43104 | + following actions: | |
43105 | + | |
43106 | + - Decompress more input starting at next_in and update next_in and avail_in | |
43107 | + accordingly. If not all input can be processed (because there is not | |
43108 | + enough room in the output buffer), next_in is updated and processing | |
43109 | + will resume at this point for the next call of inflate(). | |
43110 | + | |
43111 | + - Provide more output starting at next_out and update next_out and avail_out | |
43112 | + accordingly. inflate() provides as much output as possible, until there | |
43113 | + is no more input data or no more space in the output buffer (see below | |
43114 | + about the flush parameter). | |
43115 | + | |
43116 | + Before the call of inflate(), the application should ensure that at least | |
43117 | + one of the actions is possible, by providing more input and/or consuming | |
43118 | + more output, and updating the next_* and avail_* values accordingly. | |
43119 | + The application can consume the uncompressed output when it wants, for | |
43120 | + example when the output buffer is full (avail_out == 0), or after each | |
43121 | + call of inflate(). If inflate returns Z_OK and with zero avail_out, it | |
43122 | + must be called again after making room in the output buffer because there | |
43123 | + might be more output pending. | |
43124 | + | |
43125 | + If the parameter flush is set to Z_SYNC_FLUSH, inflate flushes as much | |
43126 | + output as possible to the output buffer. The flushing behavior of inflate is | |
43127 | + not specified for values of the flush parameter other than Z_SYNC_FLUSH | |
43128 | + and Z_FINISH, but the current implementation actually flushes as much output | |
43129 | + as possible anyway. | |
43130 | + | |
43131 | + inflate() should normally be called until it returns Z_STREAM_END or an | |
43132 | + error. However if all decompression is to be performed in a single step | |
43133 | + (a single call of inflate), the parameter flush should be set to | |
43134 | + Z_FINISH. In this case all pending input is processed and all pending | |
43135 | + output is flushed; avail_out must be large enough to hold all the | |
43136 | + uncompressed data. (The size of the uncompressed data may have been saved | |
43137 | + by the compressor for this purpose.) The next operation on this stream must | |
43138 | + be inflateEnd to deallocate the decompression state. The use of Z_FINISH | |
43139 | + is never required, but can be used to inform inflate that a faster routine | |
43140 | + may be used for the single inflate() call. | |
43141 | + | |
43142 | + If a preset dictionary is needed at this point (see inflateSetDictionary | |
43143 | + below), inflate sets strm-adler to the adler32 checksum of the | |
43144 | + dictionary chosen by the compressor and returns Z_NEED_DICT; otherwise | |
43145 | + it sets strm->adler to the adler32 checksum of all output produced | |
43146 | + so far (that is, total_out bytes) and returns Z_OK, Z_STREAM_END or | |
43147 | + an error code as described below. At the end of the stream, inflate() | |
43148 | + checks that its computed adler32 checksum is equal to that saved by the | |
43149 | + compressor and returns Z_STREAM_END only if the checksum is correct. | |
43150 | + | |
43151 | + inflate() returns Z_OK if some progress has been made (more input processed | |
43152 | + or more output produced), Z_STREAM_END if the end of the compressed data has | |
43153 | + been reached and all uncompressed output has been produced, Z_NEED_DICT if a | |
43154 | + preset dictionary is needed at this point, Z_DATA_ERROR if the input data was | |
43155 | + corrupted (input stream not conforming to the zlib format or incorrect | |
43156 | + adler32 checksum), Z_STREAM_ERROR if the stream structure was inconsistent | |
43157 | + (for example if next_in or next_out was NULL), Z_MEM_ERROR if there was not | |
43158 | + enough memory, Z_BUF_ERROR if no progress is possible or if there was not | |
43159 | + enough room in the output buffer when Z_FINISH is used. In the Z_DATA_ERROR | |
43160 | + case, the application may then call inflateSync to look for a good | |
43161 | + compression block. | |
43162 | +*/ | |
43163 | + | |
43164 | + | |
43165 | +ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm)); | |
43166 | +/* | |
43167 | + All dynamically allocated data structures for this stream are freed. | |
43168 | + This function discards any unprocessed input and does not flush any | |
43169 | + pending output. | |
43170 | + | |
43171 | + inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state | |
43172 | + was inconsistent. In the error case, msg may be set but then points to a | |
43173 | + static string (which must not be deallocated). | |
43174 | +*/ | |
43175 | + | |
43176 | + /* Advanced functions */ | |
43177 | + | |
43178 | +/* | |
43179 | + The following functions are needed only in some special applications. | |
43180 | +*/ | |
43181 | + | |
43182 | +/* | |
43183 | +ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm, | |
43184 | + int level, | |
43185 | + int method, | |
43186 | + int windowBits, | |
43187 | + int memLevel, | |
43188 | + int strategy)); | |
43189 | + | |
43190 | + This is another version of deflateInit with more compression options. The | |
43191 | + fields next_in, zalloc, zfree and opaque must be initialized before by | |
43192 | + the caller. | |
43193 | + | |
43194 | + The method parameter is the compression method. It must be Z_DEFLATED in | |
43195 | + this version of the library. | |
43196 | + | |
43197 | + The windowBits parameter is the base two logarithm of the window size | |
43198 | + (the size of the history buffer). It should be in the range 8..15 for this | |
43199 | + version of the library. Larger values of this parameter result in better | |
43200 | + compression at the expense of memory usage. The default value is 15 if | |
43201 | + deflateInit is used instead. | |
43202 | + | |
43203 | + The memLevel parameter specifies how much memory should be allocated | |
43204 | + for the internal compression state. memLevel=1 uses minimum memory but | |
43205 | + is slow and reduces compression ratio; memLevel=9 uses maximum memory | |
43206 | + for optimal speed. The default value is 8. See zconf.h for total memory | |
43207 | + usage as a function of windowBits and memLevel. | |
43208 | + | |
43209 | + The strategy parameter is used to tune the compression algorithm. Use the | |
43210 | + value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a | |
43211 | + filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no | |
43212 | + string match). Filtered data consists mostly of small values with a | |
43213 | + somewhat random distribution. In this case, the compression algorithm is | |
43214 | + tuned to compress them better. The effect of Z_FILTERED is to force more | |
43215 | + Huffman coding and less string matching; it is somewhat intermediate | |
43216 | + between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects | |
43217 | + the compression ratio but not the correctness of the compressed output even | |
43218 | + if it is not set appropriately. | |
43219 | + | |
43220 | + deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough | |
43221 | + memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid | |
43222 | + method). msg is set to null if there is no error message. deflateInit2 does | |
43223 | + not perform any compression: this will be done by deflate(). | |
43224 | +*/ | |
43225 | + | |
43226 | +ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm, | |
43227 | + const Bytef *dictionary, | |
43228 | + uInt dictLength)); | |
43229 | +/* | |
43230 | + Initializes the compression dictionary from the given byte sequence | |
43231 | + without producing any compressed output. This function must be called | |
43232 | + immediately after deflateInit, deflateInit2 or deflateReset, before any | |
43233 | + call of deflate. The compressor and decompressor must use exactly the same | |
43234 | + dictionary (see inflateSetDictionary). | |
43235 | + | |
43236 | + The dictionary should consist of strings (byte sequences) that are likely | |
43237 | + to be encountered later in the data to be compressed, with the most commonly | |
43238 | + used strings preferably put towards the end of the dictionary. Using a | |
43239 | + dictionary is most useful when the data to be compressed is short and can be | |
43240 | + predicted with good accuracy; the data can then be compressed better than | |
43241 | + with the default empty dictionary. | |
43242 | + | |
43243 | + Depending on the size of the compression data structures selected by | |
43244 | + deflateInit or deflateInit2, a part of the dictionary may in effect be | |
43245 | + discarded, for example if the dictionary is larger than the window size in | |
43246 | + deflate or deflate2. Thus the strings most likely to be useful should be | |
43247 | + put at the end of the dictionary, not at the front. | |
43248 | + | |
43249 | + Upon return of this function, strm->adler is set to the Adler32 value | |
43250 | + of the dictionary; the decompressor may later use this value to determine | |
43251 | + which dictionary has been used by the compressor. (The Adler32 value | |
43252 | + applies to the whole dictionary even if only a subset of the dictionary is | |
43253 | + actually used by the compressor.) | |
43254 | + | |
43255 | + deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a | |
43256 | + parameter is invalid (such as NULL dictionary) or the stream state is | |
43257 | + inconsistent (for example if deflate has already been called for this stream | |
43258 | + or if the compression method is bsort). deflateSetDictionary does not | |
43259 | + perform any compression: this will be done by deflate(). | |
43260 | +*/ | |
43261 | + | |
43262 | +ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest, | |
43263 | + z_streamp source)); | |
43264 | +/* | |
43265 | + Sets the destination stream as a complete copy of the source stream. | |
43266 | + | |
43267 | + This function can be useful when several compression strategies will be | |
43268 | + tried, for example when there are several ways of pre-processing the input | |
43269 | + data with a filter. The streams that will be discarded should then be freed | |
43270 | + by calling deflateEnd. Note that deflateCopy duplicates the internal | |
43271 | + compression state which can be quite large, so this strategy is slow and | |
43272 | + can consume lots of memory. | |
43273 | + | |
43274 | + deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not | |
43275 | + enough memory, Z_STREAM_ERROR if the source stream state was inconsistent | |
43276 | + (such as zalloc being NULL). msg is left unchanged in both source and | |
43277 | + destination. | |
43278 | +*/ | |
43279 | + | |
43280 | +ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm)); | |
43281 | +/* | |
43282 | + This function is equivalent to deflateEnd followed by deflateInit, | |
43283 | + but does not free and reallocate all the internal compression state. | |
43284 | + The stream will keep the same compression level and any other attributes | |
43285 | + that may have been set by deflateInit2. | |
43286 | + | |
43287 | + deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source | |
43288 | + stream state was inconsistent (such as zalloc or state being NULL). | |
43289 | +*/ | |
43290 | + | |
43291 | +ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm, | |
43292 | + int level, | |
43293 | + int strategy)); | |
43294 | +/* | |
43295 | + Dynamically update the compression level and compression strategy. The | |
43296 | + interpretation of level and strategy is as in deflateInit2. This can be | |
43297 | + used to switch between compression and straight copy of the input data, or | |
43298 | + to switch to a different kind of input data requiring a different | |
43299 | + strategy. If the compression level is changed, the input available so far | |
43300 | + is compressed with the old level (and may be flushed); the new level will | |
43301 | + take effect only at the next call of deflate(). | |
43302 | + | |
43303 | + Before the call of deflateParams, the stream state must be set as for | |
43304 | + a call of deflate(), since the currently available input may have to | |
43305 | + be compressed and flushed. In particular, strm->avail_out must be non-zero. | |
43306 | + | |
43307 | + deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source | |
43308 | + stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR | |
43309 | + if strm->avail_out was zero. | |
43310 | +*/ | |
43311 | + | |
43312 | +/* | |
43313 | +ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, | |
43314 | + int windowBits)); | |
43315 | + | |
43316 | + This is another version of inflateInit with an extra parameter. The | |
43317 | + fields next_in, avail_in, zalloc, zfree and opaque must be initialized | |
43318 | + before by the caller. | |
43319 | + | |
43320 | + The windowBits parameter is the base two logarithm of the maximum window | |
43321 | + size (the size of the history buffer). It should be in the range 8..15 for | |
43322 | + this version of the library. The default value is 15 if inflateInit is used | |
43323 | + instead. If a compressed stream with a larger window size is given as | |
43324 | + input, inflate() will return with the error code Z_DATA_ERROR instead of | |
43325 | + trying to allocate a larger window. | |
43326 | + | |
43327 | + inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough | |
43328 | + memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative | |
43329 | + memLevel). msg is set to null if there is no error message. inflateInit2 | |
43330 | + does not perform any decompression apart from reading the zlib header if | |
43331 | + present: this will be done by inflate(). (So next_in and avail_in may be | |
43332 | + modified, but next_out and avail_out are unchanged.) | |
43333 | +*/ | |
43334 | + | |
43335 | +ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm, | |
43336 | + const Bytef *dictionary, | |
43337 | + uInt dictLength)); | |
43338 | +/* | |
43339 | + Initializes the decompression dictionary from the given uncompressed byte | |
43340 | + sequence. This function must be called immediately after a call of inflate | |
43341 | + if this call returned Z_NEED_DICT. The dictionary chosen by the compressor | |
43342 | + can be determined from the Adler32 value returned by this call of | |
43343 | + inflate. The compressor and decompressor must use exactly the same | |
43344 | + dictionary (see deflateSetDictionary). | |
43345 | + | |
43346 | + inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a | |
43347 | + parameter is invalid (such as NULL dictionary) or the stream state is | |
43348 | + inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the | |
43349 | + expected one (incorrect Adler32 value). inflateSetDictionary does not | |
43350 | + perform any decompression: this will be done by subsequent calls of | |
43351 | + inflate(). | |
43352 | +*/ | |
43353 | + | |
43354 | +ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm)); | |
43355 | +/* | |
43356 | + Skips invalid compressed data until a full flush point (see above the | |
43357 | + description of deflate with Z_FULL_FLUSH) can be found, or until all | |
43358 | + available input is skipped. No output is provided. | |
43359 | + | |
43360 | + inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR | |
43361 | + if no more input was provided, Z_DATA_ERROR if no flush point has been found, | |
43362 | + or Z_STREAM_ERROR if the stream structure was inconsistent. In the success | |
43363 | + case, the application may save the current current value of total_in which | |
43364 | + indicates where valid compressed data was found. In the error case, the | |
43365 | + application may repeatedly call inflateSync, providing more input each time, | |
43366 | + until success or end of the input data. | |
43367 | +*/ | |
43368 | + | |
43369 | +ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm)); | |
43370 | +/* | |
43371 | + This function is equivalent to inflateEnd followed by inflateInit, | |
43372 | + but does not free and reallocate all the internal decompression state. | |
43373 | + The stream will keep attributes that may have been set by inflateInit2. | |
43374 | + | |
43375 | + inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source | |
43376 | + stream state was inconsistent (such as zalloc or state being NULL). | |
43377 | +*/ | |
43378 | + | |
43379 | + | |
43380 | + /* utility functions */ | |
43381 | + | |
43382 | +/* | |
43383 | + The following utility functions are implemented on top of the | |
43384 | + basic stream-oriented functions. To simplify the interface, some | |
43385 | + default options are assumed (compression level and memory usage, | |
43386 | + standard memory allocation functions). The source code of these | |
43387 | + utility functions can easily be modified if you need special options. | |
43388 | +*/ | |
43389 | + | |
43390 | +ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen, | |
43391 | + const Bytef *source, uLong sourceLen)); | |
43392 | +/* | |
43393 | + Compresses the source buffer into the destination buffer. sourceLen is | |
43394 | + the byte length of the source buffer. Upon entry, destLen is the total | |
43395 | + size of the destination buffer, which must be at least 0.1% larger than | |
43396 | + sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the | |
43397 | + compressed buffer. | |
43398 | + This function can be used to compress a whole file at once if the | |
43399 | + input file is mmap'ed. | |
43400 | + compress returns Z_OK if success, Z_MEM_ERROR if there was not | |
43401 | + enough memory, Z_BUF_ERROR if there was not enough room in the output | |
43402 | + buffer. | |
43403 | +*/ | |
43404 | + | |
43405 | +ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen, | |
43406 | + const Bytef *source, uLong sourceLen, | |
43407 | + int level)); | |
43408 | +/* | |
43409 | + Compresses the source buffer into the destination buffer. The level | |
43410 | + parameter has the same meaning as in deflateInit. sourceLen is the byte | |
43411 | + length of the source buffer. Upon entry, destLen is the total size of the | |
43412 | + destination buffer, which must be at least 0.1% larger than sourceLen plus | |
43413 | + 12 bytes. Upon exit, destLen is the actual size of the compressed buffer. | |
43414 | + | |
43415 | + compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough | |
43416 | + memory, Z_BUF_ERROR if there was not enough room in the output buffer, | |
43417 | + Z_STREAM_ERROR if the level parameter is invalid. | |
43418 | +*/ | |
43419 | + | |
43420 | +ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen, | |
43421 | + const Bytef *source, uLong sourceLen)); | |
43422 | +/* | |
43423 | + Decompresses the source buffer into the destination buffer. sourceLen is | |
43424 | + the byte length of the source buffer. Upon entry, destLen is the total | |
43425 | + size of the destination buffer, which must be large enough to hold the | |
43426 | + entire uncompressed data. (The size of the uncompressed data must have | |
43427 | + been saved previously by the compressor and transmitted to the decompressor | |
43428 | + by some mechanism outside the scope of this compression library.) | |
43429 | + Upon exit, destLen is the actual size of the compressed buffer. | |
43430 | + This function can be used to decompress a whole file at once if the | |
43431 | + input file is mmap'ed. | |
43432 | + | |
43433 | + uncompress returns Z_OK if success, Z_MEM_ERROR if there was not | |
43434 | + enough memory, Z_BUF_ERROR if there was not enough room in the output | |
43435 | + buffer, or Z_DATA_ERROR if the input data was corrupted. | |
43436 | +*/ | |
43437 | + | |
43438 | + | |
43439 | +typedef voidp gzFile; | |
43440 | + | |
43441 | +ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode)); | |
43442 | +/* | |
43443 | + Opens a gzip (.gz) file for reading or writing. The mode parameter | |
43444 | + is as in fopen ("rb" or "wb") but can also include a compression level | |
43445 | + ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for | |
43446 | + Huffman only compression as in "wb1h". (See the description | |
43447 | + of deflateInit2 for more information about the strategy parameter.) | |
43448 | + | |
43449 | + gzopen can be used to read a file which is not in gzip format; in this | |
43450 | + case gzread will directly read from the file without decompression. | |
43451 | + | |
43452 | + gzopen returns NULL if the file could not be opened or if there was | |
43453 | + insufficient memory to allocate the (de)compression state; errno | |
43454 | + can be checked to distinguish the two cases (if errno is zero, the | |
43455 | + zlib error is Z_MEM_ERROR). */ | |
43456 | + | |
43457 | +ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode)); | |
43458 | +/* | |
43459 | + gzdopen() associates a gzFile with the file descriptor fd. File | |
43460 | + descriptors are obtained from calls like open, dup, creat, pipe or | |
43461 | + fileno (in the file has been previously opened with fopen). | |
43462 | + The mode parameter is as in gzopen. | |
43463 | + The next call of gzclose on the returned gzFile will also close the | |
43464 | + file descriptor fd, just like fclose(fdopen(fd), mode) closes the file | |
43465 | + descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode). | |
43466 | + gzdopen returns NULL if there was insufficient memory to allocate | |
43467 | + the (de)compression state. | |
43468 | +*/ | |
43469 | + | |
43470 | +ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy)); | |
43471 | +/* | |
43472 | + Dynamically update the compression level or strategy. See the description | |
43473 | + of deflateInit2 for the meaning of these parameters. | |
43474 | + gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not | |
43475 | + opened for writing. | |
43476 | +*/ | |
43477 | + | |
43478 | +ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len)); | |
43479 | +/* | |
43480 | + Reads the given number of uncompressed bytes from the compressed file. | |
43481 | + If the input file was not in gzip format, gzread copies the given number | |
43482 | + of bytes into the buffer. | |
43483 | + gzread returns the number of uncompressed bytes actually read (0 for | |
43484 | + end of file, -1 for error). */ | |
43485 | + | |
43486 | +ZEXTERN int ZEXPORT gzwrite OF((gzFile file, | |
43487 | + const voidp buf, unsigned len)); | |
43488 | +/* | |
43489 | + Writes the given number of uncompressed bytes into the compressed file. | |
43490 | + gzwrite returns the number of uncompressed bytes actually written | |
43491 | + (0 in case of error). | |
43492 | +*/ | |
43493 | + | |
43494 | +ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)); | |
43495 | +/* | |
43496 | + Converts, formats, and writes the args to the compressed file under | |
43497 | + control of the format string, as in fprintf. gzprintf returns the number of | |
43498 | + uncompressed bytes actually written (0 in case of error). | |
43499 | +*/ | |
43500 | + | |
43501 | +ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s)); | |
43502 | +/* | |
43503 | + Writes the given null-terminated string to the compressed file, excluding | |
43504 | + the terminating null character. | |
43505 | + gzputs returns the number of characters written, or -1 in case of error. | |
43506 | +*/ | |
43507 | + | |
43508 | +ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len)); | |
43509 | +/* | |
43510 | + Reads bytes from the compressed file until len-1 characters are read, or | |
43511 | + a newline character is read and transferred to buf, or an end-of-file | |
43512 | + condition is encountered. The string is then terminated with a null | |
43513 | + character. | |
43514 | + gzgets returns buf, or Z_NULL in case of error. | |
43515 | +*/ | |
43516 | + | |
43517 | +ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c)); | |
43518 | +/* | |
43519 | + Writes c, converted to an unsigned char, into the compressed file. | |
43520 | + gzputc returns the value that was written, or -1 in case of error. | |
43521 | +*/ | |
43522 | + | |
43523 | +ZEXTERN int ZEXPORT gzgetc OF((gzFile file)); | |
43524 | +/* | |
43525 | + Reads one byte from the compressed file. gzgetc returns this byte | |
43526 | + or -1 in case of end of file or error. | |
43527 | +*/ | |
43528 | + | |
43529 | +ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush)); | |
43530 | +/* | |
43531 | + Flushes all pending output into the compressed file. The parameter | |
43532 | + flush is as in the deflate() function. The return value is the zlib | |
43533 | + error number (see function gzerror below). gzflush returns Z_OK if | |
43534 | + the flush parameter is Z_FINISH and all output could be flushed. | |
43535 | + gzflush should be called only when strictly necessary because it can | |
43536 | + degrade compression. | |
43537 | +*/ | |
43538 | + | |
43539 | +ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file, | |
43540 | + z_off_t offset, int whence)); | |
43541 | +/* | |
43542 | + Sets the starting position for the next gzread or gzwrite on the | |
43543 | + given compressed file. The offset represents a number of bytes in the | |
43544 | + uncompressed data stream. The whence parameter is defined as in lseek(2); | |
43545 | + the value SEEK_END is not supported. | |
43546 | + If the file is opened for reading, this function is emulated but can be | |
43547 | + extremely slow. If the file is opened for writing, only forward seeks are | |
43548 | + supported; gzseek then compresses a sequence of zeroes up to the new | |
43549 | + starting position. | |
43550 | + | |
43551 | + gzseek returns the resulting offset location as measured in bytes from | |
43552 | + the beginning of the uncompressed stream, or -1 in case of error, in | |
43553 | + particular if the file is opened for writing and the new starting position | |
43554 | + would be before the current position. | |
43555 | +*/ | |
43556 | + | |
43557 | +ZEXTERN int ZEXPORT gzrewind OF((gzFile file)); | |
43558 | +/* | |
43559 | + Rewinds the given file. This function is supported only for reading. | |
43560 | + | |
43561 | + gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET) | |
43562 | +*/ | |
43563 | + | |
43564 | +ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file)); | |
43565 | +/* | |
43566 | + Returns the starting position for the next gzread or gzwrite on the | |
43567 | + given compressed file. This position represents a number of bytes in the | |
43568 | + uncompressed data stream. | |
43569 | + | |
43570 | + gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR) | |
43571 | +*/ | |
43572 | + | |
43573 | +ZEXTERN int ZEXPORT gzeof OF((gzFile file)); | |
43574 | +/* | |
43575 | + Returns 1 when EOF has previously been detected reading the given | |
43576 | + input stream, otherwise zero. | |
43577 | +*/ | |
43578 | + | |
43579 | +ZEXTERN int ZEXPORT gzclose OF((gzFile file)); | |
43580 | +/* | |
43581 | + Flushes all pending output if necessary, closes the compressed file | |
43582 | + and deallocates all the (de)compression state. The return value is the zlib | |
43583 | + error number (see function gzerror below). | |
43584 | +*/ | |
43585 | + | |
43586 | +ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum)); | |
43587 | +/* | |
43588 | + Returns the error message for the last error which occurred on the | |
43589 | + given compressed file. errnum is set to zlib error number. If an | |
43590 | + error occurred in the file system and not in the compression library, | |
43591 | + errnum is set to Z_ERRNO and the application may consult errno | |
43592 | + to get the exact error code. | |
43593 | +*/ | |
43594 | + | |
43595 | + /* checksum functions */ | |
43596 | + | |
43597 | +/* | |
43598 | + These functions are not related to compression but are exported | |
43599 | + anyway because they might be useful in applications using the | |
43600 | + compression library. | |
43601 | +*/ | |
43602 | + | |
43603 | +ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len)); | |
43604 | + | |
43605 | +/* | |
43606 | + Update a running Adler-32 checksum with the bytes buf[0..len-1] and | |
43607 | + return the updated checksum. If buf is NULL, this function returns | |
43608 | + the required initial value for the checksum. | |
43609 | + An Adler-32 checksum is almost as reliable as a CRC32 but can be computed | |
43610 | + much faster. Usage example: | |
43611 | + | |
43612 | + uLong adler = adler32(0L, Z_NULL, 0); | |
43613 | + | |
43614 | + while (read_buffer(buffer, length) != EOF) { | |
43615 | + adler = adler32(adler, buffer, length); | |
43616 | + } | |
43617 | + if (adler != original_adler) error(); | |
43618 | +*/ | |
43619 | + | |
43620 | +ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len)); | |
43621 | +/* | |
43622 | + Update a running crc with the bytes buf[0..len-1] and return the updated | |
43623 | + crc. If buf is NULL, this function returns the required initial value | |
43624 | + for the crc. Pre- and post-conditioning (one's complement) is performed | |
43625 | + within this function so it shouldn't be done by the application. | |
43626 | + Usage example: | |
43627 | + | |
43628 | + uLong crc = crc32(0L, Z_NULL, 0); | |
43629 | + | |
43630 | + while (read_buffer(buffer, length) != EOF) { | |
43631 | + crc = crc32(crc, buffer, length); | |
43632 | + } | |
43633 | + if (crc != original_crc) error(); | |
43634 | +*/ | |
43635 | + | |
43636 | + | |
43637 | + /* various hacks, don't look :) */ | |
43638 | + | |
43639 | +/* deflateInit and inflateInit are macros to allow checking the zlib version | |
43640 | + * and the compiler's view of z_stream: | |
43641 | + */ | |
43642 | +ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level, | |
43643 | + const char *version, int stream_size)); | |
43644 | +ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm, | |
43645 | + const char *version, int stream_size)); | |
43646 | +ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method, | |
43647 | + int windowBits, int memLevel, | |
43648 | + int strategy, const char *version, | |
43649 | + int stream_size)); | |
43650 | +ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits, | |
43651 | + const char *version, int stream_size)); | |
43652 | +#define deflateInit(strm, level) \ | |
43653 | + deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream)) | |
43654 | +#define inflateInit(strm) \ | |
43655 | + inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream)) | |
43656 | +#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ | |
43657 | + deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\ | |
43658 | + (strategy), ZLIB_VERSION, sizeof(z_stream)) | |
43659 | +#define inflateInit2(strm, windowBits) \ | |
43660 | + inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream)) | |
43661 | + | |
43662 | + | |
43663 | +#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL) | |
43664 | + struct internal_state {int dummy;}; /* hack for buggy compilers */ | |
43665 | +#endif | |
43666 | + | |
43667 | +ZEXTERN const char * ZEXPORT zError OF((int err)); | |
43668 | +ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z)); | |
43669 | +ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void)); | |
43670 | + | |
43671 | +#ifdef __cplusplus | |
43672 | +} | |
43673 | +#endif | |
43674 | + | |
43675 | +#endif /* _ZLIB_H */ | |
43676 | diff -druN linux-noipsec/net/ipsec/zlib/zutil.c linux/net/ipsec/zlib/zutil.c | |
43677 | --- linux-noipsec/net/ipsec/zlib/zutil.c Thu Jan 1 01:00:00 1970 | |
43678 | +++ linux/net/ipsec/zlib/zutil.c Fri Sep 29 20:51:34 2000 | |
43679 | @@ -0,0 +1,227 @@ | |
43680 | +/* zutil.c -- target dependent utility functions for the compression library | |
43681 | + * Copyright (C) 1995-1998 Jean-loup Gailly. | |
43682 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
43683 | + */ | |
43684 | + | |
43685 | +/* @(#) $Id$ */ | |
43686 | + | |
43687 | +#include "zutil.h" | |
43688 | + | |
43689 | +#define MY_ZCALLOC | |
43690 | + | |
43691 | +struct internal_state {int dummy;}; /* for buggy compilers */ | |
43692 | + | |
43693 | +#ifndef STDC | |
43694 | +extern void exit OF((int)); | |
43695 | +#endif | |
43696 | + | |
43697 | +const char *z_errmsg[10] = { | |
43698 | +"need dictionary", /* Z_NEED_DICT 2 */ | |
43699 | +"stream end", /* Z_STREAM_END 1 */ | |
43700 | +"", /* Z_OK 0 */ | |
43701 | +"file error", /* Z_ERRNO (-1) */ | |
43702 | +"stream error", /* Z_STREAM_ERROR (-2) */ | |
43703 | +"data error", /* Z_DATA_ERROR (-3) */ | |
43704 | +"insufficient memory", /* Z_MEM_ERROR (-4) */ | |
43705 | +"buffer error", /* Z_BUF_ERROR (-5) */ | |
43706 | +"incompatible version",/* Z_VERSION_ERROR (-6) */ | |
43707 | +""}; | |
43708 | + | |
43709 | + | |
43710 | +const char * ZEXPORT zlibVersion() | |
43711 | +{ | |
43712 | + return ZLIB_VERSION; | |
43713 | +} | |
43714 | + | |
43715 | +#ifdef DEBUG | |
43716 | + | |
43717 | +# ifndef verbose | |
43718 | +# define verbose 0 | |
43719 | +# endif | |
43720 | +int z_verbose = verbose; | |
43721 | + | |
43722 | +void z_error (m) | |
43723 | + char *m; | |
43724 | +{ | |
43725 | + fprintf(stderr, "%s\n", m); | |
43726 | + exit(1); | |
43727 | +} | |
43728 | +#endif | |
43729 | + | |
43730 | +/* exported to allow conversion of error code to string for compress() and | |
43731 | + * uncompress() | |
43732 | + */ | |
43733 | +const char * ZEXPORT zError(err) | |
43734 | + int err; | |
43735 | +{ | |
43736 | + return ERR_MSG(err); | |
43737 | +} | |
43738 | + | |
43739 | + | |
43740 | +#ifndef HAVE_MEMCPY | |
43741 | + | |
43742 | +void zmemcpy(dest, source, len) | |
43743 | + Bytef* dest; | |
43744 | + const Bytef* source; | |
43745 | + uInt len; | |
43746 | +{ | |
43747 | + if (len == 0) return; | |
43748 | + do { | |
43749 | + *dest++ = *source++; /* ??? to be unrolled */ | |
43750 | + } while (--len != 0); | |
43751 | +} | |
43752 | + | |
43753 | +int zmemcmp(s1, s2, len) | |
43754 | + const Bytef* s1; | |
43755 | + const Bytef* s2; | |
43756 | + uInt len; | |
43757 | +{ | |
43758 | + uInt j; | |
43759 | + | |
43760 | + for (j = 0; j < len; j++) { | |
43761 | + if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1; | |
43762 | + } | |
43763 | + return 0; | |
43764 | +} | |
43765 | + | |
43766 | +void zmemzero(dest, len) | |
43767 | + Bytef* dest; | |
43768 | + uInt len; | |
43769 | +{ | |
43770 | + if (len == 0) return; | |
43771 | + do { | |
43772 | + *dest++ = 0; /* ??? to be unrolled */ | |
43773 | + } while (--len != 0); | |
43774 | +} | |
43775 | +#endif | |
43776 | + | |
43777 | +#ifdef __TURBOC__ | |
43778 | +#if (defined( __BORLANDC__) || !defined(SMALL_MEDIUM)) && !defined(__32BIT__) | |
43779 | +/* Small and medium model in Turbo C are for now limited to near allocation | |
43780 | + * with reduced MAX_WBITS and MAX_MEM_LEVEL | |
43781 | + */ | |
43782 | +# define MY_ZCALLOC | |
43783 | + | |
43784 | +/* Turbo C malloc() does not allow dynamic allocation of 64K bytes | |
43785 | + * and farmalloc(64K) returns a pointer with an offset of 8, so we | |
43786 | + * must fix the pointer. Warning: the pointer must be put back to its | |
43787 | + * original form in order to free it, use zcfree(). | |
43788 | + */ | |
43789 | + | |
43790 | +#define MAX_PTR 10 | |
43791 | +/* 10*64K = 640K */ | |
43792 | + | |
43793 | +local int next_ptr = 0; | |
43794 | + | |
43795 | +typedef struct ptr_table_s { | |
43796 | + voidpf org_ptr; | |
43797 | + voidpf new_ptr; | |
43798 | +} ptr_table; | |
43799 | + | |
43800 | +local ptr_table table[MAX_PTR]; | |
43801 | +/* This table is used to remember the original form of pointers | |
43802 | + * to large buffers (64K). Such pointers are normalized with a zero offset. | |
43803 | + * Since MSDOS is not a preemptive multitasking OS, this table is not | |
43804 | + * protected from concurrent access. This hack doesn't work anyway on | |
43805 | + * a protected system like OS/2. Use Microsoft C instead. | |
43806 | + */ | |
43807 | + | |
43808 | +voidpf zcalloc (voidpf opaque, unsigned items, unsigned size) | |
43809 | +{ | |
43810 | + voidpf buf = opaque; /* just to make some compilers happy */ | |
43811 | + ulg bsize = (ulg)items*size; | |
43812 | + | |
43813 | + /* If we allocate less than 65520 bytes, we assume that farmalloc | |
43814 | + * will return a usable pointer which doesn't have to be normalized. | |
43815 | + */ | |
43816 | + if (bsize < 65520L) { | |
43817 | + buf = farmalloc(bsize); | |
43818 | + if (*(ush*)&buf != 0) return buf; | |
43819 | + } else { | |
43820 | + buf = farmalloc(bsize + 16L); | |
43821 | + } | |
43822 | + if (buf == NULL || next_ptr >= MAX_PTR) return NULL; | |
43823 | + table[next_ptr].org_ptr = buf; | |
43824 | + | |
43825 | + /* Normalize the pointer to seg:0 */ | |
43826 | + *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4; | |
43827 | + *(ush*)&buf = 0; | |
43828 | + table[next_ptr++].new_ptr = buf; | |
43829 | + return buf; | |
43830 | +} | |
43831 | + | |
43832 | +void zcfree (voidpf opaque, voidpf ptr) | |
43833 | +{ | |
43834 | + int n; | |
43835 | + if (*(ush*)&ptr != 0) { /* object < 64K */ | |
43836 | + farfree(ptr); | |
43837 | + return; | |
43838 | + } | |
43839 | + /* Find the original pointer */ | |
43840 | + for (n = 0; n < next_ptr; n++) { | |
43841 | + if (ptr != table[n].new_ptr) continue; | |
43842 | + | |
43843 | + farfree(table[n].org_ptr); | |
43844 | + while (++n < next_ptr) { | |
43845 | + table[n-1] = table[n]; | |
43846 | + } | |
43847 | + next_ptr--; | |
43848 | + return; | |
43849 | + } | |
43850 | + ptr = opaque; /* just to make some compilers happy */ | |
43851 | + Assert(0, "zcfree: ptr not found"); | |
43852 | +} | |
43853 | +#endif | |
43854 | +#endif /* __TURBOC__ */ | |
43855 | + | |
43856 | + | |
43857 | +#if defined(M_I86) && !defined(__32BIT__) | |
43858 | +/* Microsoft C in 16-bit mode */ | |
43859 | + | |
43860 | +# define MY_ZCALLOC | |
43861 | + | |
43862 | +#if (!defined(_MSC_VER) || (_MSC_VER <= 600)) | |
43863 | +# define _halloc halloc | |
43864 | +# define _hfree hfree | |
43865 | +#endif | |
43866 | + | |
43867 | +voidpf zcalloc (voidpf opaque, unsigned items, unsigned size) | |
43868 | +{ | |
43869 | + if (opaque) opaque = 0; /* to make compiler happy */ | |
43870 | + return _halloc((long)items, size); | |
43871 | +} | |
43872 | + | |
43873 | +void zcfree (voidpf opaque, voidpf ptr) | |
43874 | +{ | |
43875 | + if (opaque) opaque = 0; /* to make compiler happy */ | |
43876 | + _hfree(ptr); | |
43877 | +} | |
43878 | + | |
43879 | +#endif /* MSC */ | |
43880 | + | |
43881 | + | |
43882 | +#ifndef MY_ZCALLOC /* Any system without a special alloc function */ | |
43883 | + | |
43884 | +#ifndef STDC | |
43885 | +extern voidp calloc OF((uInt items, uInt size)); | |
43886 | +extern void free OF((voidpf ptr)); | |
43887 | +#endif | |
43888 | + | |
43889 | +voidpf zcalloc (opaque, items, size) | |
43890 | + voidpf opaque; | |
43891 | + unsigned items; | |
43892 | + unsigned size; | |
43893 | +{ | |
43894 | + if (opaque) items += size - size; /* make compiler happy */ | |
43895 | + return (voidpf)calloc(items, size); | |
43896 | +} | |
43897 | + | |
43898 | +void zcfree (opaque, ptr) | |
43899 | + voidpf opaque; | |
43900 | + voidpf ptr; | |
43901 | +{ | |
43902 | + free(ptr); | |
43903 | + if (opaque) return; /* make compiler happy */ | |
43904 | +} | |
43905 | + | |
43906 | +#endif /* MY_ZCALLOC */ | |
43907 | diff -druN linux-noipsec/net/ipsec/zlib/zutil.h linux/net/ipsec/zlib/zutil.h | |
43908 | --- linux-noipsec/net/ipsec/zlib/zutil.h Thu Jan 1 01:00:00 1970 | |
43909 | +++ linux/net/ipsec/zlib/zutil.h Fri Sep 29 20:51:34 2000 | |
43910 | @@ -0,0 +1,223 @@ | |
43911 | +/* zutil.h -- internal interface and configuration of the compression library | |
43912 | + * Copyright (C) 1995-1998 Jean-loup Gailly. | |
43913 | + * For conditions of distribution and use, see copyright notice in zlib.h | |
43914 | + */ | |
43915 | + | |
43916 | +/* WARNING: this file should *not* be used by applications. It is | |
43917 | + part of the implementation of the compression library and is | |
43918 | + subject to change. Applications should only use zlib.h. | |
43919 | + */ | |
43920 | + | |
43921 | +/* @(#) $Id$ */ | |
43922 | + | |
43923 | +#ifndef _Z_UTIL_H | |
43924 | +#define _Z_UTIL_H | |
43925 | + | |
43926 | +#include "zlib.h" | |
43927 | + | |
43928 | +#include <linux/string.h> | |
43929 | +#define HAVE_MEMCPY | |
43930 | + | |
43931 | +#if 0 // #ifdef STDC | |
43932 | +# include <stddef.h> | |
43933 | +# include <string.h> | |
43934 | +# include <stdlib.h> | |
43935 | +#endif | |
43936 | +#ifdef NO_ERRNO_H | |
43937 | + extern int errno; | |
43938 | +#else | |
43939 | +# include <errno.h> | |
43940 | +#endif | |
43941 | + | |
43942 | +#ifndef local | |
43943 | +# define local static | |
43944 | +#endif | |
43945 | +/* compile with -Dlocal if your debugger can't find static symbols */ | |
43946 | + | |
43947 | +typedef unsigned char uch; | |
43948 | +typedef uch FAR uchf; | |
43949 | +typedef unsigned short ush; | |
43950 | +typedef ush FAR ushf; | |
43951 | +typedef unsigned long ulg; | |
43952 | + | |
43953 | +extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */ | |
43954 | +/* (size given to avoid silly warnings with Visual C++) */ | |
43955 | + | |
43956 | +#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)] | |
43957 | + | |
43958 | +#define ERR_RETURN(strm,err) \ | |
43959 | + return (strm->msg = ERR_MSG(err), (err)) | |
43960 | +/* To be used only when the state is known to be valid */ | |
43961 | + | |
43962 | + /* common constants */ | |
43963 | + | |
43964 | +#ifndef DEF_WBITS | |
43965 | +# define DEF_WBITS MAX_WBITS | |
43966 | +#endif | |
43967 | +/* default windowBits for decompression. MAX_WBITS is for compression only */ | |
43968 | + | |
43969 | +#if MAX_MEM_LEVEL >= 8 | |
43970 | +# define DEF_MEM_LEVEL 8 | |
43971 | +#else | |
43972 | +# define DEF_MEM_LEVEL MAX_MEM_LEVEL | |
43973 | +#endif | |
43974 | +/* default memLevel */ | |
43975 | + | |
43976 | +#define STORED_BLOCK 0 | |
43977 | +#define STATIC_TREES 1 | |
43978 | +#define DYN_TREES 2 | |
43979 | +/* The three kinds of block type */ | |
43980 | + | |
43981 | +#define MIN_MATCH 3 | |
43982 | +#define MAX_MATCH 258 | |
43983 | +/* The minimum and maximum match lengths */ | |
43984 | + | |
43985 | +#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */ | |
43986 | + | |
43987 | + /* target dependencies */ | |
43988 | + | |
43989 | +#ifdef MSDOS | |
43990 | +# define OS_CODE 0x00 | |
43991 | +# if defined(__TURBOC__) || defined(__BORLANDC__) | |
43992 | +# if(__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__)) | |
43993 | + /* Allow compilation with ANSI keywords only enabled */ | |
43994 | + void _Cdecl farfree( void *block ); | |
43995 | + void *_Cdecl farmalloc( unsigned long nbytes ); | |
43996 | +# else | |
43997 | +# include <alloc.h> | |
43998 | +# endif | |
43999 | +# else /* MSC or DJGPP */ | |
44000 | +# include <malloc.h> | |
44001 | +# endif | |
44002 | +#endif | |
44003 | + | |
44004 | +#ifdef OS2 | |
44005 | +# define OS_CODE 0x06 | |
44006 | +#endif | |
44007 | + | |
44008 | +#ifdef WIN32 /* Window 95 & Windows NT */ | |
44009 | +# define OS_CODE 0x0b | |
44010 | +#endif | |
44011 | + | |
44012 | +#if defined(VAXC) || defined(VMS) | |
44013 | +# define OS_CODE 0x02 | |
44014 | +# define F_OPEN(name, mode) \ | |
44015 | + fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512") | |
44016 | +#endif | |
44017 | + | |
44018 | +#ifdef AMIGA | |
44019 | +# define OS_CODE 0x01 | |
44020 | +#endif | |
44021 | + | |
44022 | +#if defined(ATARI) || defined(atarist) | |
44023 | +# define OS_CODE 0x05 | |
44024 | +#endif | |
44025 | + | |
44026 | +#if defined(MACOS) || defined(TARGET_OS_MAC) | |
44027 | +# define OS_CODE 0x07 | |
44028 | +# if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os | |
44029 | +# include <unix.h> /* for fdopen */ | |
44030 | +# else | |
44031 | +# ifndef fdopen | |
44032 | +# define fdopen(fd,mode) NULL /* No fdopen() */ | |
44033 | +# endif | |
44034 | +# endif | |
44035 | +#endif | |
44036 | + | |
44037 | +#ifdef __50SERIES /* Prime/PRIMOS */ | |
44038 | +# define OS_CODE 0x0F | |
44039 | +#endif | |
44040 | + | |
44041 | +#ifdef TOPS20 | |
44042 | +# define OS_CODE 0x0a | |
44043 | +#endif | |
44044 | + | |
44045 | +#if defined(_BEOS_) || defined(RISCOS) | |
44046 | +# define fdopen(fd,mode) NULL /* No fdopen() */ | |
44047 | +#endif | |
44048 | + | |
44049 | +#if (defined(_MSC_VER) && (_MSC_VER > 600)) | |
44050 | +# define fdopen(fd,type) _fdopen(fd,type) | |
44051 | +#endif | |
44052 | + | |
44053 | + | |
44054 | + /* Common defaults */ | |
44055 | + | |
44056 | +#ifndef OS_CODE | |
44057 | +# define OS_CODE 0x03 /* assume Unix */ | |
44058 | +#endif | |
44059 | + | |
44060 | +#ifndef F_OPEN | |
44061 | +# define F_OPEN(name, mode) fopen((name), (mode)) | |
44062 | +#endif | |
44063 | + | |
44064 | + /* functions */ | |
44065 | + | |
44066 | +#ifdef HAVE_STRERROR | |
44067 | + extern char *strerror OF((int)); | |
44068 | +# define zstrerror(errnum) strerror(errnum) | |
44069 | +#else | |
44070 | +# define zstrerror(errnum) "" | |
44071 | +#endif | |
44072 | + | |
44073 | +#if defined(pyr) | |
44074 | +# define NO_MEMCPY | |
44075 | +#endif | |
44076 | +#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__) | |
44077 | + /* Use our own functions for small and medium model with MSC <= 5.0. | |
44078 | + * You may have to use the same strategy for Borland C (untested). | |
44079 | + * The __SC__ check is for Symantec. | |
44080 | + */ | |
44081 | +# define NO_MEMCPY | |
44082 | +#endif | |
44083 | +#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY) | |
44084 | +# define HAVE_MEMCPY | |
44085 | +#endif | |
44086 | +#ifdef HAVE_MEMCPY | |
44087 | +# ifdef SMALL_MEDIUM /* MSDOS small or medium model */ | |
44088 | +# define zmemcpy _fmemcpy | |
44089 | +# define zmemcmp _fmemcmp | |
44090 | +# define zmemzero(dest, len) _fmemset(dest, 0, len) | |
44091 | +# else | |
44092 | +# define zmemcpy memcpy | |
44093 | +# define zmemcmp memcmp | |
44094 | +# define zmemzero(dest, len) memset(dest, 0, len) | |
44095 | +# endif | |
44096 | +#else | |
44097 | + extern void zmemcpy OF((Bytef* dest, const Bytef* source, uInt len)); | |
44098 | + extern int zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len)); | |
44099 | + extern void zmemzero OF((Bytef* dest, uInt len)); | |
44100 | +#endif | |
44101 | + | |
44102 | +/* Diagnostic functions */ | |
44103 | +#ifdef DEBUG | |
44104 | +# include <stdio.h> | |
44105 | + extern int z_verbose; | |
44106 | + extern void z_error OF((char *m)); | |
44107 | +# define Assert(cond,msg) {if(!(cond)) z_error(msg);} | |
44108 | +# define Trace(x) {if (z_verbose>=0) fprintf x ;} | |
44109 | +# define Tracev(x) {if (z_verbose>0) fprintf x ;} | |
44110 | +# define Tracevv(x) {if (z_verbose>1) fprintf x ;} | |
44111 | +# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;} | |
44112 | +# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;} | |
44113 | +#else | |
44114 | +# define Assert(cond,msg) | |
44115 | +# define Trace(x) | |
44116 | +# define Tracev(x) | |
44117 | +# define Tracevv(x) | |
44118 | +# define Tracec(c,x) | |
44119 | +# define Tracecv(c,x) | |
44120 | +#endif | |
44121 | + | |
44122 | + | |
44123 | +typedef uLong (ZEXPORT *check_func) OF((uLong check, const Bytef *buf, | |
44124 | + uInt len)); | |
44125 | +voidpf zcalloc OF((voidpf opaque, unsigned items, unsigned size)); | |
44126 | +void zcfree OF((voidpf opaque, voidpf ptr)); | |
44127 | + | |
44128 | +#define ZALLOC(strm, items, size) \ | |
44129 | + (*((strm)->zalloc))((strm)->opaque, (items), (size)) | |
44130 | +#define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr)) | |
44131 | +#define TRY_FREE(s, p) {if (p) ZFREE(s, p);} | |
44132 | + | |
44133 | +#endif /* _Z_UTIL_H */ | |
44134 | diff -druN linux-noipsec/net/ipv4/af_inet.c linux/net/ipv4/af_inet.c | |
44135 | --- linux-noipsec/net/ipv4/af_inet.c Fri Dec 15 15:15:47 2000 | |
44136 | +++ linux/net/ipv4/af_inet.c Fri Dec 15 15:18:21 2000 | |
44137 | @@ -1149,6 +1149,17 @@ | |
44138 | ip_mr_init(); | |
44139 | #endif | |
44140 | ||
44141 | +#if defined(CONFIG_IPSEC) | |
44142 | + { | |
44143 | + extern /* void */ int ipsec_init(void); | |
44144 | + /* | |
44145 | + * Initialise AF_INET ESP and AH protocol support including | |
44146 | + * e-routing and SA tables | |
44147 | + */ | |
44148 | + ipsec_init(); | |
44149 | + } | |
44150 | +#endif /* CONFIG_IPSEC */ | |
44151 | + | |
44152 | #ifdef CONFIG_INET_RARP | |
44153 | rarp_ioctl_hook = rarp_ioctl; | |
44154 | #endif |