]> git.ipfire.org Git - people/ms/strongswan.git/blob - linux/net/ipsec/ipsec_mast.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
- import of strongswan-2.7.0
[people/ms/strongswan.git] / linux / net / ipsec / ipsec_mast.c
1 /*
2 * IPSEC MAST code.
3 * Copyright (C) 1996, 1997 John Ioannidis.
4 * Copyright (C) 1998, 1999, 2000, 2001, 2002 Richard Guy Briggs.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 char ipsec_mast_c_version[] = "RCSID $Id: ipsec_mast.c,v 1.2 2004/06/13 19:57:49 as Exp $";
18
19 #define __NO_VERSION__
20 #include <linux/module.h>
21 #include <linux/config.h> /* for CONFIG_IP_FORWARD */
22 #include <linux/version.h>
23 #include <linux/kernel.h> /* printk() */
24
25 #include "freeswan/ipsec_param.h"
26
27 #ifdef MALLOC_SLAB
28 # include <linux/slab.h> /* kmalloc() */
29 #else /* MALLOC_SLAB */
30 # include <linux/malloc.h> /* kmalloc() */
31 #endif /* MALLOC_SLAB */
32 #include <linux/errno.h> /* error codes */
33 #include <linux/types.h> /* size_t */
34 #include <linux/interrupt.h> /* mark_bh */
35
36 #include <linux/netdevice.h> /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */
37 #include <linux/etherdevice.h> /* eth_type_trans */
38 #include <linux/ip.h> /* struct iphdr */
39 #include <linux/tcp.h> /* struct tcphdr */
40 #include <linux/udp.h> /* struct udphdr */
41 #include <linux/skbuff.h>
42 #include <freeswan.h>
43 #include <asm/uaccess.h>
44 #include <linux/in6.h>
45 #include <net/dst.h>
46 #undef dev_kfree_skb
47 #define dev_kfree_skb(a,b) kfree_skb(a)
48 #define PHYSDEV_TYPE
49 #include <asm/checksum.h>
50 #include <net/icmp.h> /* icmp_send() */
51 #include <net/ip.h>
52 #include <linux/netfilter_ipv4.h>
53
54 #include <linux/if_arp.h>
55
56 #include "freeswan/radij.h"
57 #include "freeswan/ipsec_life.h"
58 #include "freeswan/ipsec_xform.h"
59 #include "freeswan/ipsec_eroute.h"
60 #include "freeswan/ipsec_encap.h"
61 #include "freeswan/ipsec_radij.h"
62 #include "freeswan/ipsec_sa.h"
63 #include "freeswan/ipsec_tunnel.h"
64 #include "freeswan/ipsec_mast.h"
65 #include "freeswan/ipsec_ipe4.h"
66 #include "freeswan/ipsec_ah.h"
67 #include "freeswan/ipsec_esp.h"
68
69 #include <pfkeyv2.h>
70 #include <pfkey.h>
71
72 #include "freeswan/ipsec_proto.h"
73
74 int ipsec_maxdevice_count = -1;
75
76 DEBUG_NO_STATIC int
77 ipsec_mast_open(struct device *dev)
78 {
79 struct ipsecpriv *prv = dev->priv;
80
81 /*
82 * Can't open until attached.
83 */
84
85 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
86 "klips_debug:ipsec_mast_open: "
87 "dev = %s, prv->dev = %s\n",
88 dev->name, prv->dev?prv->dev->name:"NONE");
89
90 if (prv->dev == NULL)
91 return -ENODEV;
92
93 MOD_INC_USE_COUNT;
94 return 0;
95 }
96
97 DEBUG_NO_STATIC int
98 ipsec_mast_close(struct device *dev)
99 {
100 MOD_DEC_USE_COUNT;
101 return 0;
102 }
103
104 static inline int ipsec_mast_xmit2(struct sk_buff *skb)
105 {
106 return ip_send(skb);
107 }
108
109 enum ipsec_xmit_value
110 ipsec_mast_send(struct ipsec_xmit_state*ixs)
111 {
112 /* new route/dst cache code from James Morris */
113 ixs->skb->dev = ixs->physdev;
114 /*skb_orphan(ixs->skb);*/
115 if((ixs->error = ip_route_output(&ixs->route,
116 ixs->skb->nh.iph->daddr,
117 ixs->pass ? 0 : ixs->skb->nh.iph->saddr,
118 RT_TOS(ixs->skb->nh.iph->tos),
119 ixs->physdev->iflink /* rgb: should this be 0? */))) {
120 ixs->stats->tx_errors++;
121 KLIPS_PRINT(debug_mast & DB_MAST_XMIT,
122 "klips_debug:ipsec_xmit_send: "
123 "ip_route_output failed with error code %d, rt->u.dst.dev=%s, dropped\n",
124 ixs->error,
125 ixs->route->u.dst.dev->name);
126 return IPSEC_XMIT_ROUTEERR;
127 }
128 if(ixs->dev == ixs->route->u.dst.dev) {
129 ip_rt_put(ixs->route);
130 /* This is recursion, drop it. */
131 ixs->stats->tx_errors++;
132 KLIPS_PRINT(debug_mast & DB_MAST_XMIT,
133 "klips_debug:ipsec_xmit_send: "
134 "suspect recursion, dev=rt->u.dst.dev=%s, dropped\n",
135 ixs->dev->name);
136 return IPSEC_XMIT_RECURSDETECT;
137 }
138 dst_release(ixs->skb->dst);
139 ixs->skb->dst = &ixs->route->u.dst;
140 ixs->stats->tx_bytes += ixs->skb->len;
141 if(ixs->skb->len < ixs->skb->nh.raw - ixs->skb->data) {
142 ixs->stats->tx_errors++;
143 printk(KERN_WARNING
144 "klips_error:ipsec_xmit_send: "
145 "tried to __skb_pull nh-data=%ld, %d available. This should never happen, please report.\n",
146 (unsigned long)(ixs->skb->nh.raw - ixs->skb->data),
147 ixs->skb->len);
148 return IPSEC_XMIT_PUSHPULLERR;
149 }
150 __skb_pull(ixs->skb, ixs->skb->nh.raw - ixs->skb->data);
151 #ifdef SKB_RESET_NFCT
152 nf_conntrack_put(ixs->skb->nfct);
153 ixs->skb->nfct = NULL;
154 #ifdef CONFIG_NETFILTER_DEBUG
155 ixs->skb->nf_debug = 0;
156 #endif /* CONFIG_NETFILTER_DEBUG */
157 #endif /* SKB_RESET_NFCT */
158 KLIPS_PRINT(debug_mast & DB_MAST_XMIT,
159 "klips_debug:ipsec_xmit_send: "
160 "...done, calling ip_send() on device:%s\n",
161 ixs->skb->dev ? ixs->skb->dev->name : "NULL");
162 KLIPS_IP_PRINT(debug_mast & DB_MAST_XMIT, ixs->skb->nh.iph);
163 {
164 int err;
165
166 err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, ixs->skb, NULL, ixs->route->u.dst.dev,
167 ipsec_mast_xmit2);
168 if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) {
169 if(net_ratelimit())
170 printk(KERN_ERR
171 "klips_error:ipsec_xmit_send: "
172 "ip_send() failed, err=%d\n",
173 -err);
174 ixs->stats->tx_errors++;
175 ixs->stats->tx_aborted_errors++;
176 ixs->skb = NULL;
177 return IPSEC_XMIT_IPSENDFAILURE;
178 }
179 }
180 ixs->stats->tx_packets++;
181
182 ixs->skb = NULL;
183
184 return IPSEC_XMIT_OK;
185 }
186
187 void
188 ipsec_mast_cleanup(struct ipsec_xmit_state*ixs)
189 {
190 #if defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE)
191 netif_wake_queue(ixs->dev);
192 #else /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */
193 ixs->dev->tbusy = 0;
194 #endif /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */
195 if(ixs->saved_header) {
196 kfree(ixs->saved_header);
197 }
198 if(ixs->skb) {
199 dev_kfree_skb(ixs->skb, FREE_WRITE);
200 }
201 if(ixs->oskb) {
202 dev_kfree_skb(ixs->oskb, FREE_WRITE);
203 }
204 if (ixs->ips.ips_ident_s.data) {
205 kfree(ixs->ips.ips_ident_s.data);
206 }
207 if (ixs->ips.ips_ident_d.data) {
208 kfree(ixs->ips.ips_ident_d.data);
209 }
210 }
211
212 #if 0
213 /*
214 * This function assumes it is being called from dev_queue_xmit()
215 * and that skb is filled properly by that function.
216 */
217 int
218 ipsec_mast_start_xmit(struct sk_buff *skb, struct device *dev, IPsecSAref_t SAref)
219 {
220 struct ipsec_xmit_state ixs_mem;
221 struct ipsec_xmit_state *ixs = &ixs_mem;
222 enum ipsec_xmit_value stat = IPSEC_XMIT_OK;
223
224 /* dev could be a mast device, but should be optional, I think... */
225 /* SAref is also optional, but one of the two must be present. */
226 /* I wonder if it could accept no device or saref and guess? */
227
228 /* ipsec_xmit_sanity_check_dev(ixs); */
229
230 ipsec_xmit_sanity_check_skb(ixs);
231
232 ipsec_xmit_adjust_hard_header(ixs);
233
234 stat = ipsec_xmit_encap_bundle(ixs);
235 if(stat != IPSEC_XMIT_OK) {
236 /* SA processing failed */
237 }
238
239 ipsec_xmit_hard_header_restore();
240 }
241 #endif
242
243 DEBUG_NO_STATIC struct net_device_stats *
244 ipsec_mast_get_stats(struct device *dev)
245 {
246 return &(((struct ipsecpriv *)(dev->priv))->mystats);
247 }
248
249 /*
250 * Revectored calls.
251 * For each of these calls, a field exists in our private structure.
252 */
253
254 DEBUG_NO_STATIC int
255 ipsec_mast_hard_header(struct sk_buff *skb, struct device *dev,
256 unsigned short type, void *daddr, void *saddr, unsigned len)
257 {
258 struct ipsecpriv *prv = dev->priv;
259 struct device *tmp;
260 int ret;
261 struct net_device_stats *stats; /* This device's statistics */
262
263 if(skb == NULL) {
264 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
265 "klips_debug:ipsec_mast_hard_header: "
266 "no skb...\n");
267 return -ENODATA;
268 }
269
270 if(dev == NULL) {
271 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
272 "klips_debug:ipsec_mast_hard_header: "
273 "no device...\n");
274 return -ENODEV;
275 }
276
277 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
278 "klips_debug:ipsec_mast_hard_header: "
279 "skb->dev=%s dev=%s.\n",
280 skb->dev ? skb->dev->name : "NULL",
281 dev->name);
282
283 if(prv == NULL) {
284 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
285 "klips_debug:ipsec_mast_hard_header: "
286 "no private space associated with dev=%s\n",
287 dev->name ? dev->name : "NULL");
288 return -ENODEV;
289 }
290
291 stats = (struct net_device_stats *) &(prv->mystats);
292
293 if(prv->dev == NULL) {
294 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
295 "klips_debug:ipsec_mast_hard_header: "
296 "no physical device associated with dev=%s\n",
297 dev->name ? dev->name : "NULL");
298 stats->tx_dropped++;
299 return -ENODEV;
300 }
301
302 /* check if we have to send a IPv6 packet. It might be a Router
303 Solicitation, where the building of the packet happens in
304 reverse order:
305 1. ll hdr,
306 2. IPv6 hdr,
307 3. ICMPv6 hdr
308 -> skb->nh.raw is still uninitialized when this function is
309 called!! If this is no IPv6 packet, we can print debugging
310 messages, otherwise we skip all debugging messages and just
311 build the ll header */
312 if(type != ETH_P_IPV6) {
313 /* execute this only, if we don't have to build the
314 header for a IPv6 packet */
315 if(!prv->hard_header) {
316 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
317 "klips_debug:ipsec_mast_hard_header: "
318 "physical device has been detached, packet dropped 0p%p->0p%p len=%d type=%d dev=%s->NULL ",
319 saddr,
320 daddr,
321 len,
322 type,
323 dev->name);
324 KLIPS_PRINTMORE(debug_mast & DB_MAST_REVEC,
325 "ip=%08x->%08x\n",
326 (__u32)ntohl(skb->nh.iph->saddr),
327 (__u32)ntohl(skb->nh.iph->daddr) );
328 stats->tx_dropped++;
329 return -ENODEV;
330 }
331
332 #define da ((struct device *)(prv->dev))->dev_addr
333 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
334 "klips_debug:ipsec_mast_hard_header: "
335 "Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ",
336 saddr,
337 daddr,
338 len,
339 type,
340 dev->name,
341 prv->dev->name,
342 da[0], da[1], da[2], da[3], da[4], da[5]);
343 KLIPS_PRINTMORE(debug_mast & DB_MAST_REVEC,
344 "ip=%08x->%08x\n",
345 (__u32)ntohl(skb->nh.iph->saddr),
346 (__u32)ntohl(skb->nh.iph->daddr) );
347 } else {
348 KLIPS_PRINT(debug_mast,
349 "klips_debug:ipsec_mast_hard_header: "
350 "is IPv6 packet, skip debugging messages, only revector and build linklocal header.\n");
351 }
352 tmp = skb->dev;
353 skb->dev = prv->dev;
354 ret = prv->hard_header(skb, prv->dev, type, (void *)daddr, (void *)saddr, len);
355 skb->dev = tmp;
356 return ret;
357 }
358
359 DEBUG_NO_STATIC int
360 ipsec_mast_rebuild_header(struct sk_buff *skb)
361 {
362 struct ipsecpriv *prv = skb->dev->priv;
363 struct device *tmp;
364 int ret;
365 struct net_device_stats *stats; /* This device's statistics */
366
367 if(skb->dev == NULL) {
368 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
369 "klips_debug:ipsec_mast_rebuild_header: "
370 "no device...");
371 return -ENODEV;
372 }
373
374 if(prv == NULL) {
375 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
376 "klips_debug:ipsec_mast_rebuild_header: "
377 "no private space associated with dev=%s",
378 skb->dev->name ? skb->dev->name : "NULL");
379 return -ENODEV;
380 }
381
382 stats = (struct net_device_stats *) &(prv->mystats);
383
384 if(prv->dev == NULL) {
385 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
386 "klips_debug:ipsec_mast_rebuild_header: "
387 "no physical device associated with dev=%s",
388 skb->dev->name ? skb->dev->name : "NULL");
389 stats->tx_dropped++;
390 return -ENODEV;
391 }
392
393 if(!prv->rebuild_header) {
394 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
395 "klips_debug:ipsec_mast_rebuild_header: "
396 "physical device has been detached, packet dropped skb->dev=%s->NULL ",
397 skb->dev->name);
398 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
399 "ip=%08x->%08x\n",
400 (__u32)ntohl(skb->nh.iph->saddr),
401 (__u32)ntohl(skb->nh.iph->daddr) );
402 stats->tx_dropped++;
403 return -ENODEV;
404 }
405
406 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
407 "klips_debug:ipsec_mast: "
408 "Revectored rebuild_header dev=%s->%s ",
409 skb->dev->name, prv->dev->name);
410 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
411 "ip=%08x->%08x\n",
412 (__u32)ntohl(skb->nh.iph->saddr),
413 (__u32)ntohl(skb->nh.iph->daddr) );
414 tmp = skb->dev;
415 skb->dev = prv->dev;
416
417 ret = prv->rebuild_header(skb);
418 skb->dev = tmp;
419 return ret;
420 }
421
422 DEBUG_NO_STATIC int
423 ipsec_mast_set_mac_address(struct device *dev, void *addr)
424 {
425 struct ipsecpriv *prv = dev->priv;
426
427 struct net_device_stats *stats; /* This device's statistics */
428
429 if(dev == NULL) {
430 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
431 "klips_debug:ipsec_mast_set_mac_address: "
432 "no device...");
433 return -ENODEV;
434 }
435
436 if(prv == NULL) {
437 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
438 "klips_debug:ipsec_mast_set_mac_address: "
439 "no private space associated with dev=%s",
440 dev->name ? dev->name : "NULL");
441 return -ENODEV;
442 }
443
444 stats = (struct net_device_stats *) &(prv->mystats);
445
446 if(prv->dev == NULL) {
447 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
448 "klips_debug:ipsec_mast_set_mac_address: "
449 "no physical device associated with dev=%s",
450 dev->name ? dev->name : "NULL");
451 stats->tx_dropped++;
452 return -ENODEV;
453 }
454
455 if(!prv->set_mac_address) {
456 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
457 "klips_debug:ipsec_mast_set_mac_address: "
458 "physical device has been detached, cannot set - skb->dev=%s->NULL\n",
459 dev->name);
460 return -ENODEV;
461 }
462
463 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
464 "klips_debug:ipsec_mast_set_mac_address: "
465 "Revectored dev=%s->%s addr=0p%p\n",
466 dev->name, prv->dev->name, addr);
467 return prv->set_mac_address(prv->dev, addr);
468
469 }
470
471 DEBUG_NO_STATIC void
472 ipsec_mast_cache_update(struct hh_cache *hh, struct device *dev, unsigned char * haddr)
473 {
474 struct ipsecpriv *prv = dev->priv;
475
476 struct net_device_stats *stats; /* This device's statistics */
477
478 if(dev == NULL) {
479 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
480 "klips_debug:ipsec_mast_cache_update: "
481 "no device...");
482 return;
483 }
484
485 if(prv == NULL) {
486 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
487 "klips_debug:ipsec_mast_cache_update: "
488 "no private space associated with dev=%s",
489 dev->name ? dev->name : "NULL");
490 return;
491 }
492
493 stats = (struct net_device_stats *) &(prv->mystats);
494
495 if(prv->dev == NULL) {
496 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
497 "klips_debug:ipsec_mast_cache_update: "
498 "no physical device associated with dev=%s",
499 dev->name ? dev->name : "NULL");
500 stats->tx_dropped++;
501 return;
502 }
503
504 if(!prv->header_cache_update) {
505 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
506 "klips_debug:ipsec_mast_cache_update: "
507 "physical device has been detached, cannot set - skb->dev=%s->NULL\n",
508 dev->name);
509 return;
510 }
511
512 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
513 "klips_debug:ipsec_mast: "
514 "Revectored cache_update\n");
515 prv->header_cache_update(hh, prv->dev, haddr);
516 return;
517 }
518
519 DEBUG_NO_STATIC int
520 ipsec_mast_neigh_setup(struct neighbour *n)
521 {
522 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
523 "klips_debug:ipsec_mast_neigh_setup:\n");
524
525 if (n->nud_state == NUD_NONE) {
526 n->ops = &arp_broken_ops;
527 n->output = n->ops->output;
528 }
529 return 0;
530 }
531
532 DEBUG_NO_STATIC int
533 ipsec_mast_neigh_setup_dev(struct device *dev, struct neigh_parms *p)
534 {
535 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
536 "klips_debug:ipsec_mast_neigh_setup_dev: "
537 "setting up %s\n",
538 dev ? dev->name : "NULL");
539
540 if (p->tbl->family == AF_INET) {
541 p->neigh_setup = ipsec_mast_neigh_setup;
542 p->ucast_probes = 0;
543 p->mcast_probes = 0;
544 }
545 return 0;
546 }
547
548 /*
549 * We call the attach routine to attach another device.
550 */
551
552 DEBUG_NO_STATIC int
553 ipsec_mast_attach(struct device *dev, struct device *physdev)
554 {
555 int i;
556 struct ipsecpriv *prv = dev->priv;
557
558 if(dev == NULL) {
559 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
560 "klips_debug:ipsec_mast_attach: "
561 "no device...");
562 return -ENODEV;
563 }
564
565 if(prv == NULL) {
566 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
567 "klips_debug:ipsec_mast_attach: "
568 "no private space associated with dev=%s",
569 dev->name ? dev->name : "NULL");
570 return -ENODATA;
571 }
572
573 prv->dev = physdev;
574 prv->hard_start_xmit = physdev->hard_start_xmit;
575 prv->get_stats = physdev->get_stats;
576
577 if (physdev->hard_header) {
578 prv->hard_header = physdev->hard_header;
579 dev->hard_header = ipsec_mast_hard_header;
580 } else
581 dev->hard_header = NULL;
582
583 if (physdev->rebuild_header) {
584 prv->rebuild_header = physdev->rebuild_header;
585 dev->rebuild_header = ipsec_mast_rebuild_header;
586 } else
587 dev->rebuild_header = NULL;
588
589 if (physdev->set_mac_address) {
590 prv->set_mac_address = physdev->set_mac_address;
591 dev->set_mac_address = ipsec_mast_set_mac_address;
592 } else
593 dev->set_mac_address = NULL;
594
595 if (physdev->header_cache_update) {
596 prv->header_cache_update = physdev->header_cache_update;
597 dev->header_cache_update = ipsec_mast_cache_update;
598 } else
599 dev->header_cache_update = NULL;
600
601 dev->hard_header_len = physdev->hard_header_len;
602
603 /* prv->neigh_setup = physdev->neigh_setup; */
604 dev->neigh_setup = ipsec_mast_neigh_setup_dev;
605 dev->mtu = 16260; /* 0xfff0; */ /* dev->mtu; */
606 prv->mtu = physdev->mtu;
607
608 #ifdef PHYSDEV_TYPE
609 dev->type = physdev->type; /* ARPHRD_MAST; */
610 #endif /* PHYSDEV_TYPE */
611
612 dev->addr_len = physdev->addr_len;
613 for (i=0; i<dev->addr_len; i++) {
614 dev->dev_addr[i] = physdev->dev_addr[i];
615 }
616 #ifdef CONFIG_IPSEC_DEBUG
617 if(debug_mast & DB_MAST_INIT) {
618 printk(KERN_INFO "klips_debug:ipsec_mast_attach: "
619 "physical device %s being attached has HW address: %2x",
620 physdev->name, physdev->dev_addr[0]);
621 for (i=1; i < physdev->addr_len; i++) {
622 printk(":%02x", physdev->dev_addr[i]);
623 }
624 printk("\n");
625 }
626 #endif /* CONFIG_IPSEC_DEBUG */
627
628 return 0;
629 }
630
631 /*
632 * We call the detach routine to detach the ipsec mast from another device.
633 */
634
635 DEBUG_NO_STATIC int
636 ipsec_mast_detach(struct device *dev)
637 {
638 int i;
639 struct ipsecpriv *prv = dev->priv;
640
641 if(dev == NULL) {
642 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
643 "klips_debug:ipsec_mast_detach: "
644 "no device...");
645 return -ENODEV;
646 }
647
648 if(prv == NULL) {
649 KLIPS_PRINT(debug_mast & DB_MAST_REVEC,
650 "klips_debug:ipsec_mast_detach: "
651 "no private space associated with dev=%s",
652 dev->name ? dev->name : "NULL");
653 return -ENODATA;
654 }
655
656 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
657 "klips_debug:ipsec_mast_detach: "
658 "physical device %s being detached from virtual device %s\n",
659 prv->dev ? prv->dev->name : "NULL",
660 dev->name);
661
662 prv->dev = NULL;
663 prv->hard_start_xmit = NULL;
664 prv->get_stats = NULL;
665
666 prv->hard_header = NULL;
667 #ifdef DETACH_AND_DOWN
668 dev->hard_header = NULL;
669 #endif /* DETACH_AND_DOWN */
670
671 prv->rebuild_header = NULL;
672 #ifdef DETACH_AND_DOWN
673 dev->rebuild_header = NULL;
674 #endif /* DETACH_AND_DOWN */
675
676 prv->set_mac_address = NULL;
677 #ifdef DETACH_AND_DOWN
678 dev->set_mac_address = NULL;
679 #endif /* DETACH_AND_DOWN */
680
681 prv->header_cache_update = NULL;
682 #ifdef DETACH_AND_DOWN
683 dev->header_cache_update = NULL;
684 #endif /* DETACH_AND_DOWN */
685
686 #ifdef DETACH_AND_DOWN
687 dev->neigh_setup = NULL;
688 #endif /* DETACH_AND_DOWN */
689
690 dev->hard_header_len = 0;
691 #ifdef DETACH_AND_DOWN
692 dev->mtu = 0;
693 #endif /* DETACH_AND_DOWN */
694 prv->mtu = 0;
695 for (i=0; i<MAX_ADDR_LEN; i++) {
696 dev->dev_addr[i] = 0;
697 }
698 dev->addr_len = 0;
699 #ifdef PHYSDEV_TYPE
700 dev->type = ARPHRD_VOID; /* ARPHRD_MAST; */
701 #endif /* PHYSDEV_TYPE */
702
703 return 0;
704 }
705
706 /*
707 * We call the clear routine to detach all ipsec masts from other devices.
708 */
709 DEBUG_NO_STATIC int
710 ipsec_mast_clear(void)
711 {
712 int i;
713 struct device *ipsecdev = NULL, *prvdev;
714 struct ipsecpriv *prv;
715 char name[9];
716 int ret;
717
718 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
719 "klips_debug:ipsec_mast_clear: .\n");
720
721 for(i = 0; i < IPSEC_NUM_IF; i++) {
722 sprintf(name, IPSEC_DEV_FORMAT, i);
723 if((ipsecdev = ipsec_dev_get(name)) != NULL) {
724 if((prv = (struct ipsecpriv *)(ipsecdev->priv))) {
725 prvdev = (struct device *)(prv->dev);
726 if(prvdev) {
727 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
728 "klips_debug:ipsec_mast_clear: "
729 "physical device for device %s is %s\n",
730 name, prvdev->name);
731 if((ret = ipsec_mast_detach(ipsecdev))) {
732 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
733 "klips_debug:ipsec_mast_clear: "
734 "error %d detatching device %s from device %s.\n",
735 ret, name, prvdev->name);
736 return ret;
737 }
738 }
739 }
740 }
741 }
742 return 0;
743 }
744
745 DEBUG_NO_STATIC int
746 ipsec_mast_ioctl(struct device *dev, struct ifreq *ifr, int cmd)
747 {
748 struct ipsecmastconf *cf = (struct ipsecmastconf *)&ifr->ifr_data;
749 struct ipsecpriv *prv = dev->priv;
750 struct device *them; /* physical device */
751 #ifdef CONFIG_IP_ALIAS
752 char *colon;
753 char realphysname[IFNAMSIZ];
754 #endif /* CONFIG_IP_ALIAS */
755
756 if(dev == NULL) {
757 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
758 "klips_debug:ipsec_mast_ioctl: "
759 "device not supplied.\n");
760 return -ENODEV;
761 }
762
763 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
764 "klips_debug:ipsec_mast_ioctl: "
765 "tncfg service call #%d for dev=%s\n",
766 cmd,
767 dev->name ? dev->name : "NULL");
768 switch (cmd) {
769 /* attach a virtual ipsec? device to a physical device */
770 case IPSEC_SET_DEV:
771 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
772 "klips_debug:ipsec_mast_ioctl: "
773 "calling ipsec_mast_attatch...\n");
774 #ifdef CONFIG_IP_ALIAS
775 /* If this is an IP alias interface, get its real physical name */
776 strncpy(realphysname, cf->cf_name, IFNAMSIZ);
777 realphysname[IFNAMSIZ-1] = 0;
778 colon = strchr(realphysname, ':');
779 if (colon) *colon = 0;
780 them = ipsec_dev_get(realphysname);
781 #else /* CONFIG_IP_ALIAS */
782 them = ipsec_dev_get(cf->cf_name);
783 #endif /* CONFIG_IP_ALIAS */
784
785 if (them == NULL) {
786 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
787 "klips_debug:ipsec_mast_ioctl: "
788 "physical device %s requested is null\n",
789 cf->cf_name);
790 return -ENXIO;
791 }
792
793 #if 0
794 if (them->flags & IFF_UP) {
795 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
796 "klips_debug:ipsec_mast_ioctl: "
797 "physical device %s requested is not up.\n",
798 cf->cf_name);
799 return -ENXIO;
800 }
801 #endif
802
803 if (prv && prv->dev) {
804 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
805 "klips_debug:ipsec_mast_ioctl: "
806 "virtual device is already connected to %s.\n",
807 prv->dev->name ? prv->dev->name : "NULL");
808 return -EBUSY;
809 }
810 return ipsec_mast_attach(dev, them);
811
812 case IPSEC_DEL_DEV:
813 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
814 "klips_debug:ipsec_mast_ioctl: "
815 "calling ipsec_mast_detatch.\n");
816 if (! prv->dev) {
817 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
818 "klips_debug:ipsec_mast_ioctl: "
819 "physical device not connected.\n");
820 return -ENODEV;
821 }
822 return ipsec_mast_detach(dev);
823
824 case IPSEC_CLR_DEV:
825 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
826 "klips_debug:ipsec_mast_ioctl: "
827 "calling ipsec_mast_clear.\n");
828 return ipsec_mast_clear();
829
830 default:
831 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
832 "klips_debug:ipsec_mast_ioctl: "
833 "unknown command %d.\n",
834 cmd);
835 return -EOPNOTSUPP;
836 }
837 }
838
839 int
840 ipsec_mast_device_event(struct notifier_block *unused, unsigned long event, void *ptr)
841 {
842 struct device *dev = ptr;
843 struct device *ipsec_dev;
844 struct ipsecpriv *priv;
845 char name[9];
846 int i;
847
848 if (dev == NULL) {
849 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
850 "klips_debug:ipsec_mast_device_event: "
851 "dev=NULL for event type %ld.\n",
852 event);
853 return(NOTIFY_DONE);
854 }
855
856 /* check for loopback devices */
857 if (dev && (dev->flags & IFF_LOOPBACK)) {
858 return(NOTIFY_DONE);
859 }
860
861 switch (event) {
862 case NETDEV_DOWN:
863 /* look very carefully at the scope of these compiler
864 directives before changing anything... -- RGB */
865
866 case NETDEV_UNREGISTER:
867 switch (event) {
868 case NETDEV_DOWN:
869 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
870 "klips_debug:ipsec_mast_device_event: "
871 "NETDEV_DOWN dev=%s flags=%x\n",
872 dev->name,
873 dev->flags);
874 if(strncmp(dev->name, "ipsec", strlen("ipsec")) == 0) {
875 printk(KERN_CRIT "IPSEC EVENT: KLIPS device %s shut down.\n",
876 dev->name);
877 }
878 break;
879 case NETDEV_UNREGISTER:
880 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
881 "klips_debug:ipsec_mast_device_event: "
882 "NETDEV_UNREGISTER dev=%s flags=%x\n",
883 dev->name,
884 dev->flags);
885 break;
886 }
887
888 /* find the attached physical device and detach it. */
889 for(i = 0; i < IPSEC_NUM_IF; i++) {
890 sprintf(name, IPSEC_DEV_FORMAT, i);
891 ipsec_dev = ipsec_dev_get(name);
892 if(ipsec_dev) {
893 priv = (struct ipsecpriv *)(ipsec_dev->priv);
894 if(priv) {
895 ;
896 if(((struct device *)(priv->dev)) == dev) {
897 /* dev_close(ipsec_dev); */
898 /* return */ ipsec_mast_detach(ipsec_dev);
899 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
900 "klips_debug:ipsec_mast_device_event: "
901 "device '%s' has been detached.\n",
902 ipsec_dev->name);
903 break;
904 }
905 } else {
906 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
907 "klips_debug:ipsec_mast_device_event: "
908 "device '%s' has no private data space!\n",
909 ipsec_dev->name);
910 }
911 }
912 }
913 break;
914 case NETDEV_UP:
915 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
916 "klips_debug:ipsec_mast_device_event: "
917 "NETDEV_UP dev=%s\n",
918 dev->name);
919 break;
920 case NETDEV_REBOOT:
921 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
922 "klips_debug:ipsec_mast_device_event: "
923 "NETDEV_REBOOT dev=%s\n",
924 dev->name);
925 break;
926 case NETDEV_CHANGE:
927 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
928 "klips_debug:ipsec_mast_device_event: "
929 "NETDEV_CHANGE dev=%s flags=%x\n",
930 dev->name,
931 dev->flags);
932 break;
933 case NETDEV_REGISTER:
934 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
935 "klips_debug:ipsec_mast_device_event: "
936 "NETDEV_REGISTER dev=%s\n",
937 dev->name);
938 break;
939 case NETDEV_CHANGEMTU:
940 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
941 "klips_debug:ipsec_mast_device_event: "
942 "NETDEV_CHANGEMTU dev=%s to mtu=%d\n",
943 dev->name,
944 dev->mtu);
945 break;
946 case NETDEV_CHANGEADDR:
947 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
948 "klips_debug:ipsec_mast_device_event: "
949 "NETDEV_CHANGEADDR dev=%s\n",
950 dev->name);
951 break;
952 case NETDEV_GOING_DOWN:
953 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
954 "klips_debug:ipsec_mast_device_event: "
955 "NETDEV_GOING_DOWN dev=%s\n",
956 dev->name);
957 break;
958 case NETDEV_CHANGENAME:
959 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
960 "klips_debug:ipsec_mast_device_event: "
961 "NETDEV_CHANGENAME dev=%s\n",
962 dev->name);
963 break;
964 default:
965 KLIPS_PRINT(debug_mast & DB_MAST_INIT,
966 "klips_debug:ipsec_mast_device_event: "
967 "event type %ld unrecognised for dev=%s\n",
968 event,
969 dev->name);
970 break;
971 }
972 return NOTIFY_DONE;
973 }
974
975 /*
976 * Called when an ipsec mast device is initialized.
977 * The ipsec mast device structure is passed to us.
978 */
979
980 int
981 ipsec_mast_init(struct device *dev)
982 {
983 int i;
984
985 KLIPS_PRINT(debug_mast,
986 "klips_debug:ipsec_mast_init: "
987 "allocating %lu bytes initialising device: %s\n",
988 (unsigned long) sizeof(struct ipsecpriv),
989 dev->name ? dev->name : "NULL");
990
991 /* Add our mast functions to the device */
992 dev->open = ipsec_mast_open;
993 dev->stop = ipsec_mast_close;
994 dev->hard_start_xmit = ipsec_mast_start_xmit;
995 dev->get_stats = ipsec_mast_get_stats;
996
997 dev->priv = kmalloc(sizeof(struct ipsecpriv), GFP_KERNEL);
998 if (dev->priv == NULL)
999 return -ENOMEM;
1000 memset((caddr_t)(dev->priv), 0, sizeof(struct ipsecpriv));
1001
1002 for(i = 0; i < sizeof(zeroes); i++) {
1003 ((__u8*)(zeroes))[i] = 0;
1004 }
1005
1006 dev->set_multicast_list = NULL;
1007 dev->do_ioctl = ipsec_mast_ioctl;
1008 dev->hard_header = NULL;
1009 dev->rebuild_header = NULL;
1010 dev->set_mac_address = NULL;
1011 dev->header_cache_update= NULL;
1012 dev->neigh_setup = ipsec_mast_neigh_setup_dev;
1013 dev->hard_header_len = 0;
1014 dev->mtu = 0;
1015 dev->addr_len = 0;
1016 dev->type = ARPHRD_VOID; /* ARPHRD_MAST; */ /* ARPHRD_ETHER; */
1017 dev->tx_queue_len = 10; /* Small queue */
1018 memset((caddr_t)(dev->broadcast),0xFF, ETH_ALEN); /* what if this is not attached to ethernet? */
1019
1020 /* New-style flags. */
1021 dev->flags = IFF_NOARP /* 0 */ /* Petr Novak */;
1022 dev_init_buffers(dev);
1023
1024 /* We're done. Have I forgotten anything? */
1025 return 0;
1026 }
1027
1028 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1029 /* Module specific interface (but it links with the rest of IPSEC) */
1030 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1031
1032 int
1033 ipsec_mast_probe(struct device *dev)
1034 {
1035 ipsec_mast_init(dev);
1036 return 0;
1037 }
1038
1039 int
1040 ipsec_mast_init_devices(void)
1041 {
1042 return 0;
1043 }
1044
1045 /* void */
1046 int
1047 ipsec_mast_cleanup_devices(void)
1048 {
1049 int error = 0;
1050 int i;
1051 char name[10];
1052 struct device *dev_mast;
1053
1054 for(i = 0; i < ipsec_mastdevice_count; i++) {
1055 sprintf(name, MAST_DEV_FORMAT, i);
1056 if((dev_mast = ipsec_dev_get(name)) == NULL) {
1057 break;
1058 }
1059 unregister_netdev(dev_mast);
1060 kfree(dev_mast->priv);
1061 dev_mast->priv=NULL;
1062 }
1063 return error;
1064 }
Michael's strongswan development tree