Hi:
I've just established a connection with oetest.freeswan.org using Linux 2.5!
As usual, here is the patch against FreeSWAN 2.00:
http://gondor.apana.org.au/~herbert/freeswan/freeswan-linux-ipsec-20030524.patch.gz
You will need the following patch against 2.5.69. It fixes a couple of
buglets and adds ordering to the Linux SPD.
I guess I'll try NAT traversal next.
Cheers,
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Index: include/linux/xfrm.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/linux/xfrm.h,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 xfrm.h
--- include/linux/xfrm.h 7 Apr 2003 17:30:56 -0000 1.1.1.4
+++ include/linux/xfrm.h 24 May 2003 07:36:07 -0000
@@ -116,7 +116,9 @@
#define XFRM_MSG_ACQUIRE (RTM_BASE + 7)
#define XFRM_MSG_EXPIRE (RTM_BASE + 8)
-#define XFRM_MSG_MAX (XFRM_MSG_EXPIRE+1)
+#define XFRM_MSG_UPDPOLICY (RTM_BASE + 9)
+
+#define XFRM_MSG_MAX (XFRM_MSG_UPDPOLICY+1)
struct xfrm_user_tmpl {
struct xfrm_id id;
Index: net/key/af_key.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/key/af_key.c,v
retrieving revision 1.1.1.6
diff -u -r1.1.1.6 af_key.c
--- net/key/af_key.c 4 May 2003 23:53:08 -0000 1.1.1.6
+++ net/key/af_key.c 24 May 2003 00:42:45 -0000
@@ -2245,6 +2245,9 @@
p->sadb_prop_len = sizeof(struct sadb_prop)/8;
p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
p->sadb_prop_replay = 32;
+ p->sadb_prop_reserved[0] = 0;
+ p->sadb_prop_reserved[1] = 0;
+ p->sadb_prop_reserved[2] = 0;
for (i = 0; ; i++) {
struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
@@ -2276,6 +2279,9 @@
p->sadb_prop_len = sizeof(struct sadb_prop)/8;
p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
p->sadb_prop_replay = 32;
+ p->sadb_prop_reserved[0] = 0;
+ p->sadb_prop_reserved[1] = 0;
+ p->sadb_prop_reserved[2] = 0;
for (i=0; ; i++) {
struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
Index: net/xfrm/xfrm_policy.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_policy.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 xfrm_policy.c
--- net/xfrm/xfrm_policy.c 4 May 2003 23:53:29 -0000 1.1.1.2
+++ net/xfrm/xfrm_policy.c 24 May 2003 05:01:29 -0000
@@ -381,22 +381,28 @@
int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
{
struct xfrm_policy *pol, **p;
+ int delpol = 0;
write_lock_bh(&xfrm_policy_lock);
for (p = &xfrm_policy_list[dir]; (pol=*p)!=NULL; p = &pol->next) {
+ if (policy->priority < pol->priority)
+ break;
+ if (policy->priority > pol->priority)
+ continue;
if (memcmp(&policy->selector, &pol->selector, sizeof(pol->selector)) == 0) {
if (excl) {
write_unlock_bh(&xfrm_policy_lock);
return -EEXIST;
}
+ delpol = 1;
break;
}
}
atomic_inc(&policy->refcnt);
- policy->next = pol ? pol->next : NULL;
+ policy->next = delpol ? pol->next : pol;
*p = policy;
xfrm_policy_genid++;
- policy->index = pol ? pol->index : xfrm_gen_index(dir);
+ policy->index = delpol ? pol->index : xfrm_gen_index(dir);
policy->curlft.add_time = (unsigned long)xtime.tv_sec;
policy->curlft.use_time = 0;
if (policy->lft.hard_add_expires_seconds &&
@@ -404,7 +410,7 @@
atomic_inc(&policy->refcnt);
write_unlock_bh(&xfrm_policy_lock);
- if (pol) {
+ if (delpol) {
atomic_dec(&pol->refcnt);
xfrm_policy_kill(pol);
xfrm_pol_put(pol);
Index: net/xfrm/xfrm_user.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_user.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 xfrm_user.c
--- net/xfrm/xfrm_user.c 7 Apr 2003 17:31:45 -0000 1.1.1.1
+++ net/xfrm/xfrm_user.c 24 May 2003 07:55:06 -0000
@@ -38,7 +38,7 @@
if (!rt)
return 0;
- if ((rt->rta_len - sizeof(*rt)) < sizeof(*algp))
+ if (rt->rta_len < sizeof(*algp))
return -EINVAL;
algp = RTA_DATA(rt);
@@ -75,7 +75,7 @@
if (!rt)
return 0;
- if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap))
+ if (rt->rta_len < sizeof(*encap))
return -EINVAL;
return 0;
@@ -567,7 +567,7 @@
if (!rt) {
pol->xfrm_nr = 0;
} else {
- nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl);
+ nr = rt->rta_len / sizeof(*utmpl);
if (nr > XFRM_MAX_DEPTH)
return -EINVAL;
@@ -629,6 +629,7 @@
struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh);
struct xfrm_policy *xp;
int err;
+ int excl;
err = verify_newpolicy_info(p);
if (err)
@@ -638,7 +639,8 @@
if (!xp)
return err;
- err = xfrm_policy_insert(p->dir, xp, 1);
+ excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
+ err = xfrm_policy_insert(p->dir, xp, excl);
if (err) {
kfree(xp);
return err;
@@ -798,6 +800,7 @@
NLMSG_LENGTH(sizeof(struct xfrm_userspi_info)), /* ALLOC SPI */
NLMSG_LENGTH(sizeof(struct xfrm_user_acquire)), /* ACQUIRE */
NLMSG_LENGTH(sizeof(struct xfrm_user_expire)), /* EXPIRE */
+ NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info)),/* UPD POLICY */
};
static struct xfrm_link {
@@ -817,6 +820,9 @@
.dump = xfrm_dump_policy,
},
{ .doit = xfrm_alloc_userspi },
+ {},
+ {},
+ { .doit = xfrm_add_policy },
};
static int xfrm_done(struct netlink_callback *cb)
Index: include/linux/pfkeyv2.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/linux/pfkeyv2.h,v
retrieving revision 1.1.1.5
diff -u -r1.1.1.5 pfkeyv2.h
--- include/linux/pfkeyv2.h 7 Apr 2003 17:32:27 -0000 1.1.1.5
+++ include/linux/pfkeyv2.h 11 May 2003 05:11:28 -0000
@@ -275,8 +275,8 @@
/* Encryption algorithms */
#define SADB_EALG_NONE 0
-#define SADB_EALG_DESCBC 1
-#define SADB_EALG_3DESCBC 2
+#define SADB_EALG_DESCBC 2
+#define SADB_EALG_3DESCBC 3
#define SADB_X_EALG_CASTCBC 6
#define SADB_X_EALG_BLOWFISHCBC 7
#define SADB_EALG_NULL 11
