3 * Copyright (C) 1996, 1997 John Ioannidis.
4 * Copyright (C) 1998, 1999, 2000, 2001, 2002 Richard Guy Briggs.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 char ipsec_mast_c_version
[] = "RCSID $Id: ipsec_mast.c,v 1.2 2004/06/13 19:57:49 as Exp $";
19 #define __NO_VERSION__
20 #include <linux/module.h>
21 #include <linux/config.h> /* for CONFIG_IP_FORWARD */
22 #include <linux/version.h>
23 #include <linux/kernel.h> /* printk() */
25 #include "freeswan/ipsec_param.h"
28 # include <linux/slab.h> /* kmalloc() */
29 #else /* MALLOC_SLAB */
30 # include <linux/malloc.h> /* kmalloc() */
31 #endif /* MALLOC_SLAB */
32 #include <linux/errno.h> /* error codes */
33 #include <linux/types.h> /* size_t */
34 #include <linux/interrupt.h> /* mark_bh */
36 #include <linux/netdevice.h> /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */
37 #include <linux/etherdevice.h> /* eth_type_trans */
38 #include <linux/ip.h> /* struct iphdr */
39 #include <linux/tcp.h> /* struct tcphdr */
40 #include <linux/udp.h> /* struct udphdr */
41 #include <linux/skbuff.h>
43 #include <asm/uaccess.h>
44 #include <linux/in6.h>
47 #define dev_kfree_skb(a,b) kfree_skb(a)
49 #include <asm/checksum.h>
50 #include <net/icmp.h> /* icmp_send() */
52 #include <linux/netfilter_ipv4.h>
54 #include <linux/if_arp.h>
56 #include "freeswan/radij.h"
57 #include "freeswan/ipsec_life.h"
58 #include "freeswan/ipsec_xform.h"
59 #include "freeswan/ipsec_eroute.h"
60 #include "freeswan/ipsec_encap.h"
61 #include "freeswan/ipsec_radij.h"
62 #include "freeswan/ipsec_sa.h"
63 #include "freeswan/ipsec_tunnel.h"
64 #include "freeswan/ipsec_mast.h"
65 #include "freeswan/ipsec_ipe4.h"
66 #include "freeswan/ipsec_ah.h"
67 #include "freeswan/ipsec_esp.h"
72 #include "freeswan/ipsec_proto.h"
74 int ipsec_maxdevice_count
= -1;
77 ipsec_mast_open(struct device
*dev
)
79 struct ipsecpriv
*prv
= dev
->priv
;
82 * Can't open until attached.
85 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
86 "klips_debug:ipsec_mast_open: "
87 "dev = %s, prv->dev = %s\n",
88 dev
->name
, prv
->dev
?prv
->dev
->name
:"NONE");
98 ipsec_mast_close(struct device
*dev
)
104 static inline int ipsec_mast_xmit2(struct sk_buff
*skb
)
109 enum ipsec_xmit_value
110 ipsec_mast_send(struct ipsec_xmit_state
*ixs
)
112 /* new route/dst cache code from James Morris */
113 ixs
->skb
->dev
= ixs
->physdev
;
114 /*skb_orphan(ixs->skb);*/
115 if((ixs
->error
= ip_route_output(&ixs
->route
,
116 ixs
->skb
->nh
.iph
->daddr
,
117 ixs
->pass
? 0 : ixs
->skb
->nh
.iph
->saddr
,
118 RT_TOS(ixs
->skb
->nh
.iph
->tos
),
119 ixs
->physdev
->iflink
/* rgb: should this be 0? */))) {
120 ixs
->stats
->tx_errors
++;
121 KLIPS_PRINT(debug_mast
& DB_MAST_XMIT
,
122 "klips_debug:ipsec_xmit_send: "
123 "ip_route_output failed with error code %d, rt->u.dst.dev=%s, dropped\n",
125 ixs
->route
->u
.dst
.dev
->name
);
126 return IPSEC_XMIT_ROUTEERR
;
128 if(ixs
->dev
== ixs
->route
->u
.dst
.dev
) {
129 ip_rt_put(ixs
->route
);
130 /* This is recursion, drop it. */
131 ixs
->stats
->tx_errors
++;
132 KLIPS_PRINT(debug_mast
& DB_MAST_XMIT
,
133 "klips_debug:ipsec_xmit_send: "
134 "suspect recursion, dev=rt->u.dst.dev=%s, dropped\n",
136 return IPSEC_XMIT_RECURSDETECT
;
138 dst_release(ixs
->skb
->dst
);
139 ixs
->skb
->dst
= &ixs
->route
->u
.dst
;
140 ixs
->stats
->tx_bytes
+= ixs
->skb
->len
;
141 if(ixs
->skb
->len
< ixs
->skb
->nh
.raw
- ixs
->skb
->data
) {
142 ixs
->stats
->tx_errors
++;
144 "klips_error:ipsec_xmit_send: "
145 "tried to __skb_pull nh-data=%ld, %d available. This should never happen, please report.\n",
146 (unsigned long)(ixs
->skb
->nh
.raw
- ixs
->skb
->data
),
148 return IPSEC_XMIT_PUSHPULLERR
;
150 __skb_pull(ixs
->skb
, ixs
->skb
->nh
.raw
- ixs
->skb
->data
);
151 #ifdef SKB_RESET_NFCT
152 nf_conntrack_put(ixs
->skb
->nfct
);
153 ixs
->skb
->nfct
= NULL
;
154 #ifdef CONFIG_NETFILTER_DEBUG
155 ixs
->skb
->nf_debug
= 0;
156 #endif /* CONFIG_NETFILTER_DEBUG */
157 #endif /* SKB_RESET_NFCT */
158 KLIPS_PRINT(debug_mast
& DB_MAST_XMIT
,
159 "klips_debug:ipsec_xmit_send: "
160 "...done, calling ip_send() on device:%s\n",
161 ixs
->skb
->dev
? ixs
->skb
->dev
->name
: "NULL");
162 KLIPS_IP_PRINT(debug_mast
& DB_MAST_XMIT
, ixs
->skb
->nh
.iph
);
166 err
= NF_HOOK(PF_INET
, NF_IP_LOCAL_OUT
, ixs
->skb
, NULL
, ixs
->route
->u
.dst
.dev
,
168 if(err
!= NET_XMIT_SUCCESS
&& err
!= NET_XMIT_CN
) {
171 "klips_error:ipsec_xmit_send: "
172 "ip_send() failed, err=%d\n",
174 ixs
->stats
->tx_errors
++;
175 ixs
->stats
->tx_aborted_errors
++;
177 return IPSEC_XMIT_IPSENDFAILURE
;
180 ixs
->stats
->tx_packets
++;
184 return IPSEC_XMIT_OK
;
188 ipsec_mast_cleanup(struct ipsec_xmit_state
*ixs
)
190 #if defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE)
191 netif_wake_queue(ixs
->dev
);
192 #else /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */
194 #endif /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */
195 if(ixs
->saved_header
) {
196 kfree(ixs
->saved_header
);
199 dev_kfree_skb(ixs
->skb
, FREE_WRITE
);
202 dev_kfree_skb(ixs
->oskb
, FREE_WRITE
);
204 if (ixs
->ips
.ips_ident_s
.data
) {
205 kfree(ixs
->ips
.ips_ident_s
.data
);
207 if (ixs
->ips
.ips_ident_d
.data
) {
208 kfree(ixs
->ips
.ips_ident_d
.data
);
214 * This function assumes it is being called from dev_queue_xmit()
215 * and that skb is filled properly by that function.
218 ipsec_mast_start_xmit(struct sk_buff
*skb
, struct device
*dev
, IPsecSAref_t SAref
)
220 struct ipsec_xmit_state ixs_mem
;
221 struct ipsec_xmit_state
*ixs
= &ixs_mem
;
222 enum ipsec_xmit_value stat
= IPSEC_XMIT_OK
;
224 /* dev could be a mast device, but should be optional, I think... */
225 /* SAref is also optional, but one of the two must be present. */
226 /* I wonder if it could accept no device or saref and guess? */
228 /* ipsec_xmit_sanity_check_dev(ixs); */
230 ipsec_xmit_sanity_check_skb(ixs
);
232 ipsec_xmit_adjust_hard_header(ixs
);
234 stat
= ipsec_xmit_encap_bundle(ixs
);
235 if(stat
!= IPSEC_XMIT_OK
) {
236 /* SA processing failed */
239 ipsec_xmit_hard_header_restore();
243 DEBUG_NO_STATIC
struct net_device_stats
*
244 ipsec_mast_get_stats(struct device
*dev
)
246 return &(((struct ipsecpriv
*)(dev
->priv
))->mystats
);
251 * For each of these calls, a field exists in our private structure.
255 ipsec_mast_hard_header(struct sk_buff
*skb
, struct device
*dev
,
256 unsigned short type
, void *daddr
, void *saddr
, unsigned len
)
258 struct ipsecpriv
*prv
= dev
->priv
;
261 struct net_device_stats
*stats
; /* This device's statistics */
264 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
265 "klips_debug:ipsec_mast_hard_header: "
271 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
272 "klips_debug:ipsec_mast_hard_header: "
277 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
278 "klips_debug:ipsec_mast_hard_header: "
279 "skb->dev=%s dev=%s.\n",
280 skb
->dev
? skb
->dev
->name
: "NULL",
284 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
285 "klips_debug:ipsec_mast_hard_header: "
286 "no private space associated with dev=%s\n",
287 dev
->name
? dev
->name
: "NULL");
291 stats
= (struct net_device_stats
*) &(prv
->mystats
);
293 if(prv
->dev
== NULL
) {
294 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
295 "klips_debug:ipsec_mast_hard_header: "
296 "no physical device associated with dev=%s\n",
297 dev
->name
? dev
->name
: "NULL");
302 /* check if we have to send a IPv6 packet. It might be a Router
303 Solicitation, where the building of the packet happens in
308 -> skb->nh.raw is still uninitialized when this function is
309 called!! If this is no IPv6 packet, we can print debugging
310 messages, otherwise we skip all debugging messages and just
311 build the ll header */
312 if(type
!= ETH_P_IPV6
) {
313 /* execute this only, if we don't have to build the
314 header for a IPv6 packet */
315 if(!prv
->hard_header
) {
316 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
317 "klips_debug:ipsec_mast_hard_header: "
318 "physical device has been detached, packet dropped 0p%p->0p%p len=%d type=%d dev=%s->NULL ",
324 KLIPS_PRINTMORE(debug_mast
& DB_MAST_REVEC
,
326 (__u32
)ntohl(skb
->nh
.iph
->saddr
),
327 (__u32
)ntohl(skb
->nh
.iph
->daddr
) );
332 #define da ((struct device *)(prv->dev))->dev_addr
333 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
334 "klips_debug:ipsec_mast_hard_header: "
335 "Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ",
342 da
[0], da
[1], da
[2], da
[3], da
[4], da
[5]);
343 KLIPS_PRINTMORE(debug_mast
& DB_MAST_REVEC
,
345 (__u32
)ntohl(skb
->nh
.iph
->saddr
),
346 (__u32
)ntohl(skb
->nh
.iph
->daddr
) );
348 KLIPS_PRINT(debug_mast
,
349 "klips_debug:ipsec_mast_hard_header: "
350 "is IPv6 packet, skip debugging messages, only revector and build linklocal header.\n");
354 ret
= prv
->hard_header(skb
, prv
->dev
, type
, (void *)daddr
, (void *)saddr
, len
);
360 ipsec_mast_rebuild_header(struct sk_buff
*skb
)
362 struct ipsecpriv
*prv
= skb
->dev
->priv
;
365 struct net_device_stats
*stats
; /* This device's statistics */
367 if(skb
->dev
== NULL
) {
368 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
369 "klips_debug:ipsec_mast_rebuild_header: "
375 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
376 "klips_debug:ipsec_mast_rebuild_header: "
377 "no private space associated with dev=%s",
378 skb
->dev
->name
? skb
->dev
->name
: "NULL");
382 stats
= (struct net_device_stats
*) &(prv
->mystats
);
384 if(prv
->dev
== NULL
) {
385 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
386 "klips_debug:ipsec_mast_rebuild_header: "
387 "no physical device associated with dev=%s",
388 skb
->dev
->name
? skb
->dev
->name
: "NULL");
393 if(!prv
->rebuild_header
) {
394 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
395 "klips_debug:ipsec_mast_rebuild_header: "
396 "physical device has been detached, packet dropped skb->dev=%s->NULL ",
398 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
400 (__u32
)ntohl(skb
->nh
.iph
->saddr
),
401 (__u32
)ntohl(skb
->nh
.iph
->daddr
) );
406 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
407 "klips_debug:ipsec_mast: "
408 "Revectored rebuild_header dev=%s->%s ",
409 skb
->dev
->name
, prv
->dev
->name
);
410 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
412 (__u32
)ntohl(skb
->nh
.iph
->saddr
),
413 (__u32
)ntohl(skb
->nh
.iph
->daddr
) );
417 ret
= prv
->rebuild_header(skb
);
423 ipsec_mast_set_mac_address(struct device
*dev
, void *addr
)
425 struct ipsecpriv
*prv
= dev
->priv
;
427 struct net_device_stats
*stats
; /* This device's statistics */
430 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
431 "klips_debug:ipsec_mast_set_mac_address: "
437 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
438 "klips_debug:ipsec_mast_set_mac_address: "
439 "no private space associated with dev=%s",
440 dev
->name
? dev
->name
: "NULL");
444 stats
= (struct net_device_stats
*) &(prv
->mystats
);
446 if(prv
->dev
== NULL
) {
447 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
448 "klips_debug:ipsec_mast_set_mac_address: "
449 "no physical device associated with dev=%s",
450 dev
->name
? dev
->name
: "NULL");
455 if(!prv
->set_mac_address
) {
456 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
457 "klips_debug:ipsec_mast_set_mac_address: "
458 "physical device has been detached, cannot set - skb->dev=%s->NULL\n",
463 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
464 "klips_debug:ipsec_mast_set_mac_address: "
465 "Revectored dev=%s->%s addr=0p%p\n",
466 dev
->name
, prv
->dev
->name
, addr
);
467 return prv
->set_mac_address(prv
->dev
, addr
);
472 ipsec_mast_cache_update(struct hh_cache
*hh
, struct device
*dev
, unsigned char * haddr
)
474 struct ipsecpriv
*prv
= dev
->priv
;
476 struct net_device_stats
*stats
; /* This device's statistics */
479 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
480 "klips_debug:ipsec_mast_cache_update: "
486 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
487 "klips_debug:ipsec_mast_cache_update: "
488 "no private space associated with dev=%s",
489 dev
->name
? dev
->name
: "NULL");
493 stats
= (struct net_device_stats
*) &(prv
->mystats
);
495 if(prv
->dev
== NULL
) {
496 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
497 "klips_debug:ipsec_mast_cache_update: "
498 "no physical device associated with dev=%s",
499 dev
->name
? dev
->name
: "NULL");
504 if(!prv
->header_cache_update
) {
505 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
506 "klips_debug:ipsec_mast_cache_update: "
507 "physical device has been detached, cannot set - skb->dev=%s->NULL\n",
512 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
513 "klips_debug:ipsec_mast: "
514 "Revectored cache_update\n");
515 prv
->header_cache_update(hh
, prv
->dev
, haddr
);
520 ipsec_mast_neigh_setup(struct neighbour
*n
)
522 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
523 "klips_debug:ipsec_mast_neigh_setup:\n");
525 if (n
->nud_state
== NUD_NONE
) {
526 n
->ops
= &arp_broken_ops
;
527 n
->output
= n
->ops
->output
;
533 ipsec_mast_neigh_setup_dev(struct device
*dev
, struct neigh_parms
*p
)
535 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
536 "klips_debug:ipsec_mast_neigh_setup_dev: "
538 dev
? dev
->name
: "NULL");
540 if (p
->tbl
->family
== AF_INET
) {
541 p
->neigh_setup
= ipsec_mast_neigh_setup
;
549 * We call the attach routine to attach another device.
553 ipsec_mast_attach(struct device
*dev
, struct device
*physdev
)
556 struct ipsecpriv
*prv
= dev
->priv
;
559 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
560 "klips_debug:ipsec_mast_attach: "
566 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
567 "klips_debug:ipsec_mast_attach: "
568 "no private space associated with dev=%s",
569 dev
->name
? dev
->name
: "NULL");
574 prv
->hard_start_xmit
= physdev
->hard_start_xmit
;
575 prv
->get_stats
= physdev
->get_stats
;
577 if (physdev
->hard_header
) {
578 prv
->hard_header
= physdev
->hard_header
;
579 dev
->hard_header
= ipsec_mast_hard_header
;
581 dev
->hard_header
= NULL
;
583 if (physdev
->rebuild_header
) {
584 prv
->rebuild_header
= physdev
->rebuild_header
;
585 dev
->rebuild_header
= ipsec_mast_rebuild_header
;
587 dev
->rebuild_header
= NULL
;
589 if (physdev
->set_mac_address
) {
590 prv
->set_mac_address
= physdev
->set_mac_address
;
591 dev
->set_mac_address
= ipsec_mast_set_mac_address
;
593 dev
->set_mac_address
= NULL
;
595 if (physdev
->header_cache_update
) {
596 prv
->header_cache_update
= physdev
->header_cache_update
;
597 dev
->header_cache_update
= ipsec_mast_cache_update
;
599 dev
->header_cache_update
= NULL
;
601 dev
->hard_header_len
= physdev
->hard_header_len
;
603 /* prv->neigh_setup = physdev->neigh_setup; */
604 dev
->neigh_setup
= ipsec_mast_neigh_setup_dev
;
605 dev
->mtu
= 16260; /* 0xfff0; */ /* dev->mtu; */
606 prv
->mtu
= physdev
->mtu
;
609 dev
->type
= physdev
->type
; /* ARPHRD_MAST; */
610 #endif /* PHYSDEV_TYPE */
612 dev
->addr_len
= physdev
->addr_len
;
613 for (i
=0; i
<dev
->addr_len
; i
++) {
614 dev
->dev_addr
[i
] = physdev
->dev_addr
[i
];
616 #ifdef CONFIG_IPSEC_DEBUG
617 if(debug_mast
& DB_MAST_INIT
) {
618 printk(KERN_INFO
"klips_debug:ipsec_mast_attach: "
619 "physical device %s being attached has HW address: %2x",
620 physdev
->name
, physdev
->dev_addr
[0]);
621 for (i
=1; i
< physdev
->addr_len
; i
++) {
622 printk(":%02x", physdev
->dev_addr
[i
]);
626 #endif /* CONFIG_IPSEC_DEBUG */
632 * We call the detach routine to detach the ipsec mast from another device.
636 ipsec_mast_detach(struct device
*dev
)
639 struct ipsecpriv
*prv
= dev
->priv
;
642 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
643 "klips_debug:ipsec_mast_detach: "
649 KLIPS_PRINT(debug_mast
& DB_MAST_REVEC
,
650 "klips_debug:ipsec_mast_detach: "
651 "no private space associated with dev=%s",
652 dev
->name
? dev
->name
: "NULL");
656 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
657 "klips_debug:ipsec_mast_detach: "
658 "physical device %s being detached from virtual device %s\n",
659 prv
->dev
? prv
->dev
->name
: "NULL",
663 prv
->hard_start_xmit
= NULL
;
664 prv
->get_stats
= NULL
;
666 prv
->hard_header
= NULL
;
667 #ifdef DETACH_AND_DOWN
668 dev
->hard_header
= NULL
;
669 #endif /* DETACH_AND_DOWN */
671 prv
->rebuild_header
= NULL
;
672 #ifdef DETACH_AND_DOWN
673 dev
->rebuild_header
= NULL
;
674 #endif /* DETACH_AND_DOWN */
676 prv
->set_mac_address
= NULL
;
677 #ifdef DETACH_AND_DOWN
678 dev
->set_mac_address
= NULL
;
679 #endif /* DETACH_AND_DOWN */
681 prv
->header_cache_update
= NULL
;
682 #ifdef DETACH_AND_DOWN
683 dev
->header_cache_update
= NULL
;
684 #endif /* DETACH_AND_DOWN */
686 #ifdef DETACH_AND_DOWN
687 dev
->neigh_setup
= NULL
;
688 #endif /* DETACH_AND_DOWN */
690 dev
->hard_header_len
= 0;
691 #ifdef DETACH_AND_DOWN
693 #endif /* DETACH_AND_DOWN */
695 for (i
=0; i
<MAX_ADDR_LEN
; i
++) {
696 dev
->dev_addr
[i
] = 0;
700 dev
->type
= ARPHRD_VOID
; /* ARPHRD_MAST; */
701 #endif /* PHYSDEV_TYPE */
707 * We call the clear routine to detach all ipsec masts from other devices.
710 ipsec_mast_clear(void)
713 struct device
*ipsecdev
= NULL
, *prvdev
;
714 struct ipsecpriv
*prv
;
718 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
719 "klips_debug:ipsec_mast_clear: .\n");
721 for(i
= 0; i
< IPSEC_NUM_IF
; i
++) {
722 sprintf(name
, IPSEC_DEV_FORMAT
, i
);
723 if((ipsecdev
= ipsec_dev_get(name
)) != NULL
) {
724 if((prv
= (struct ipsecpriv
*)(ipsecdev
->priv
))) {
725 prvdev
= (struct device
*)(prv
->dev
);
727 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
728 "klips_debug:ipsec_mast_clear: "
729 "physical device for device %s is %s\n",
731 if((ret
= ipsec_mast_detach(ipsecdev
))) {
732 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
733 "klips_debug:ipsec_mast_clear: "
734 "error %d detatching device %s from device %s.\n",
735 ret
, name
, prvdev
->name
);
746 ipsec_mast_ioctl(struct device
*dev
, struct ifreq
*ifr
, int cmd
)
748 struct ipsecmastconf
*cf
= (struct ipsecmastconf
*)&ifr
->ifr_data
;
749 struct ipsecpriv
*prv
= dev
->priv
;
750 struct device
*them
; /* physical device */
751 #ifdef CONFIG_IP_ALIAS
753 char realphysname
[IFNAMSIZ
];
754 #endif /* CONFIG_IP_ALIAS */
757 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
758 "klips_debug:ipsec_mast_ioctl: "
759 "device not supplied.\n");
763 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
764 "klips_debug:ipsec_mast_ioctl: "
765 "tncfg service call #%d for dev=%s\n",
767 dev
->name
? dev
->name
: "NULL");
769 /* attach a virtual ipsec? device to a physical device */
771 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
772 "klips_debug:ipsec_mast_ioctl: "
773 "calling ipsec_mast_attatch...\n");
774 #ifdef CONFIG_IP_ALIAS
775 /* If this is an IP alias interface, get its real physical name */
776 strncpy(realphysname
, cf
->cf_name
, IFNAMSIZ
);
777 realphysname
[IFNAMSIZ
-1] = 0;
778 colon
= strchr(realphysname
, ':');
779 if (colon
) *colon
= 0;
780 them
= ipsec_dev_get(realphysname
);
781 #else /* CONFIG_IP_ALIAS */
782 them
= ipsec_dev_get(cf
->cf_name
);
783 #endif /* CONFIG_IP_ALIAS */
786 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
787 "klips_debug:ipsec_mast_ioctl: "
788 "physical device %s requested is null\n",
794 if (them
->flags
& IFF_UP
) {
795 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
796 "klips_debug:ipsec_mast_ioctl: "
797 "physical device %s requested is not up.\n",
803 if (prv
&& prv
->dev
) {
804 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
805 "klips_debug:ipsec_mast_ioctl: "
806 "virtual device is already connected to %s.\n",
807 prv
->dev
->name
? prv
->dev
->name
: "NULL");
810 return ipsec_mast_attach(dev
, them
);
813 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
814 "klips_debug:ipsec_mast_ioctl: "
815 "calling ipsec_mast_detatch.\n");
817 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
818 "klips_debug:ipsec_mast_ioctl: "
819 "physical device not connected.\n");
822 return ipsec_mast_detach(dev
);
825 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
826 "klips_debug:ipsec_mast_ioctl: "
827 "calling ipsec_mast_clear.\n");
828 return ipsec_mast_clear();
831 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
832 "klips_debug:ipsec_mast_ioctl: "
833 "unknown command %d.\n",
840 ipsec_mast_device_event(struct notifier_block
*unused
, unsigned long event
, void *ptr
)
842 struct device
*dev
= ptr
;
843 struct device
*ipsec_dev
;
844 struct ipsecpriv
*priv
;
849 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
850 "klips_debug:ipsec_mast_device_event: "
851 "dev=NULL for event type %ld.\n",
856 /* check for loopback devices */
857 if (dev
&& (dev
->flags
& IFF_LOOPBACK
)) {
863 /* look very carefully at the scope of these compiler
864 directives before changing anything... -- RGB */
866 case NETDEV_UNREGISTER
:
869 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
870 "klips_debug:ipsec_mast_device_event: "
871 "NETDEV_DOWN dev=%s flags=%x\n",
874 if(strncmp(dev
->name
, "ipsec", strlen("ipsec")) == 0) {
875 printk(KERN_CRIT
"IPSEC EVENT: KLIPS device %s shut down.\n",
879 case NETDEV_UNREGISTER
:
880 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
881 "klips_debug:ipsec_mast_device_event: "
882 "NETDEV_UNREGISTER dev=%s flags=%x\n",
888 /* find the attached physical device and detach it. */
889 for(i
= 0; i
< IPSEC_NUM_IF
; i
++) {
890 sprintf(name
, IPSEC_DEV_FORMAT
, i
);
891 ipsec_dev
= ipsec_dev_get(name
);
893 priv
= (struct ipsecpriv
*)(ipsec_dev
->priv
);
896 if(((struct device
*)(priv
->dev
)) == dev
) {
897 /* dev_close(ipsec_dev); */
898 /* return */ ipsec_mast_detach(ipsec_dev
);
899 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
900 "klips_debug:ipsec_mast_device_event: "
901 "device '%s' has been detached.\n",
906 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
907 "klips_debug:ipsec_mast_device_event: "
908 "device '%s' has no private data space!\n",
915 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
916 "klips_debug:ipsec_mast_device_event: "
917 "NETDEV_UP dev=%s\n",
921 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
922 "klips_debug:ipsec_mast_device_event: "
923 "NETDEV_REBOOT dev=%s\n",
927 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
928 "klips_debug:ipsec_mast_device_event: "
929 "NETDEV_CHANGE dev=%s flags=%x\n",
933 case NETDEV_REGISTER
:
934 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
935 "klips_debug:ipsec_mast_device_event: "
936 "NETDEV_REGISTER dev=%s\n",
939 case NETDEV_CHANGEMTU
:
940 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
941 "klips_debug:ipsec_mast_device_event: "
942 "NETDEV_CHANGEMTU dev=%s to mtu=%d\n",
946 case NETDEV_CHANGEADDR
:
947 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
948 "klips_debug:ipsec_mast_device_event: "
949 "NETDEV_CHANGEADDR dev=%s\n",
952 case NETDEV_GOING_DOWN
:
953 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
954 "klips_debug:ipsec_mast_device_event: "
955 "NETDEV_GOING_DOWN dev=%s\n",
958 case NETDEV_CHANGENAME
:
959 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
960 "klips_debug:ipsec_mast_device_event: "
961 "NETDEV_CHANGENAME dev=%s\n",
965 KLIPS_PRINT(debug_mast
& DB_MAST_INIT
,
966 "klips_debug:ipsec_mast_device_event: "
967 "event type %ld unrecognised for dev=%s\n",
976 * Called when an ipsec mast device is initialized.
977 * The ipsec mast device structure is passed to us.
981 ipsec_mast_init(struct device
*dev
)
985 KLIPS_PRINT(debug_mast
,
986 "klips_debug:ipsec_mast_init: "
987 "allocating %lu bytes initialising device: %s\n",
988 (unsigned long) sizeof(struct ipsecpriv
),
989 dev
->name
? dev
->name
: "NULL");
991 /* Add our mast functions to the device */
992 dev
->open
= ipsec_mast_open
;
993 dev
->stop
= ipsec_mast_close
;
994 dev
->hard_start_xmit
= ipsec_mast_start_xmit
;
995 dev
->get_stats
= ipsec_mast_get_stats
;
997 dev
->priv
= kmalloc(sizeof(struct ipsecpriv
), GFP_KERNEL
);
998 if (dev
->priv
== NULL
)
1000 memset((caddr_t
)(dev
->priv
), 0, sizeof(struct ipsecpriv
));
1002 for(i
= 0; i
< sizeof(zeroes
); i
++) {
1003 ((__u8
*)(zeroes
))[i
] = 0;
1006 dev
->set_multicast_list
= NULL
;
1007 dev
->do_ioctl
= ipsec_mast_ioctl
;
1008 dev
->hard_header
= NULL
;
1009 dev
->rebuild_header
= NULL
;
1010 dev
->set_mac_address
= NULL
;
1011 dev
->header_cache_update
= NULL
;
1012 dev
->neigh_setup
= ipsec_mast_neigh_setup_dev
;
1013 dev
->hard_header_len
= 0;
1016 dev
->type
= ARPHRD_VOID
; /* ARPHRD_MAST; */ /* ARPHRD_ETHER; */
1017 dev
->tx_queue_len
= 10; /* Small queue */
1018 memset((caddr_t
)(dev
->broadcast
),0xFF, ETH_ALEN
); /* what if this is not attached to ethernet? */
1020 /* New-style flags. */
1021 dev
->flags
= IFF_NOARP
/* 0 */ /* Petr Novak */;
1022 dev_init_buffers(dev
);
1024 /* We're done. Have I forgotten anything? */
1028 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1029 /* Module specific interface (but it links with the rest of IPSEC) */
1030 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1033 ipsec_mast_probe(struct device
*dev
)
1035 ipsec_mast_init(dev
);
1040 ipsec_mast_init_devices(void)
1047 ipsec_mast_cleanup_devices(void)
1052 struct device
*dev_mast
;
1054 for(i
= 0; i
< ipsec_mastdevice_count
; i
++) {
1055 sprintf(name
, MAST_DEV_FORMAT
, i
);
1056 if((dev_mast
= ipsec_dev_get(name
)) == NULL
) {
1059 unregister_netdev(dev_mast
);
1060 kfree(dev_mast
->priv
);
1061 dev_mast
->priv
=NULL
;