Opportunistic Encryption is now working under Linux 2.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi:

I've just established a connection with oetest.freeswan.org using Linux 2.5!
As usual, here is the patch against FreeSWAN 2.00:

http://gondor.apana.org.au/~herbert/freeswan/freeswan-linux-ipsec-20030524.patch.gz

You will need the following patch against 2.5.69.  It fixes a couple of
buglets and adds ordering to the Linux SPD.

I guess I'll try NAT traversal next.

Cheers,
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Index: include/linux/xfrm.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/linux/xfrm.h,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 xfrm.h
--- include/linux/xfrm.h	7 Apr 2003 17:30:56 -0000	1.1.1.4
+++ include/linux/xfrm.h	24 May 2003 07:36:07 -0000
@@ -116,7 +116,9 @@
 #define XFRM_MSG_ACQUIRE	(RTM_BASE + 7)
 #define XFRM_MSG_EXPIRE		(RTM_BASE + 8)
 
-#define XFRM_MSG_MAX		(XFRM_MSG_EXPIRE+1)
+#define XFRM_MSG_UPDPOLICY	(RTM_BASE + 9)
+
+#define XFRM_MSG_MAX		(XFRM_MSG_UPDPOLICY+1)
 
 struct xfrm_user_tmpl {
 	struct xfrm_id		id;
Index: net/key/af_key.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/key/af_key.c,v
retrieving revision 1.1.1.6
diff -u -r1.1.1.6 af_key.c
--- net/key/af_key.c	4 May 2003 23:53:08 -0000	1.1.1.6
+++ net/key/af_key.c	24 May 2003 00:42:45 -0000
@@ -2245,6 +2245,9 @@
 	p->sadb_prop_len = sizeof(struct sadb_prop)/8;
 	p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
 	p->sadb_prop_replay = 32;
+	p->sadb_prop_reserved[0] = 0;
+	p->sadb_prop_reserved[1] = 0;
+	p->sadb_prop_reserved[2] = 0;
 
 	for (i = 0; ; i++) {
 		struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
@@ -2276,6 +2279,9 @@
 	p->sadb_prop_len = sizeof(struct sadb_prop)/8;
 	p->sadb_prop_exttype = SADB_EXT_PROPOSAL;
 	p->sadb_prop_replay = 32;
+	p->sadb_prop_reserved[0] = 0;
+	p->sadb_prop_reserved[1] = 0;
+	p->sadb_prop_reserved[2] = 0;
 
 	for (i=0; ; i++) {
 		struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
Index: net/xfrm/xfrm_policy.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_policy.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 xfrm_policy.c
--- net/xfrm/xfrm_policy.c	4 May 2003 23:53:29 -0000	1.1.1.2
+++ net/xfrm/xfrm_policy.c	24 May 2003 05:01:29 -0000
@@ -381,22 +381,28 @@
 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
 {
 	struct xfrm_policy *pol, **p;
+	int delpol = 0;
 
 	write_lock_bh(&xfrm_policy_lock);
 	for (p = &xfrm_policy_list[dir]; (pol=*p)!=NULL; p = &pol->next) {
+		if (policy->priority < pol->priority)
+			break;
+		if (policy->priority > pol->priority)
+			continue;
 		if (memcmp(&policy->selector, &pol->selector, sizeof(pol->selector)) == 0) {
 			if (excl) {
 				write_unlock_bh(&xfrm_policy_lock);
 				return -EEXIST;
 			}
+			delpol = 1;
 			break;
 		}
 	}
 	atomic_inc(&policy->refcnt);
-	policy->next = pol ? pol->next : NULL;
+	policy->next = delpol ? pol->next : pol;
 	*p = policy;
 	xfrm_policy_genid++;
-	policy->index = pol ? pol->index : xfrm_gen_index(dir);
+	policy->index = delpol ? pol->index : xfrm_gen_index(dir);
 	policy->curlft.add_time = (unsigned long)xtime.tv_sec;
 	policy->curlft.use_time = 0;
 	if (policy->lft.hard_add_expires_seconds &&
@@ -404,7 +410,7 @@
 		atomic_inc(&policy->refcnt);
 	write_unlock_bh(&xfrm_policy_lock);
 
-	if (pol) {
+	if (delpol) {
 		atomic_dec(&pol->refcnt);
 		xfrm_policy_kill(pol);
 		xfrm_pol_put(pol);
Index: net/xfrm/xfrm_user.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_user.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 xfrm_user.c
--- net/xfrm/xfrm_user.c	7 Apr 2003 17:31:45 -0000	1.1.1.1
+++ net/xfrm/xfrm_user.c	24 May 2003 07:55:06 -0000
@@ -38,7 +38,7 @@
 	if (!rt)
 		return 0;
 
-	if ((rt->rta_len - sizeof(*rt)) < sizeof(*algp))
+	if (rt->rta_len < sizeof(*algp))
 		return -EINVAL;
 
 	algp = RTA_DATA(rt);
@@ -75,7 +75,7 @@
 	if (!rt)
 		return 0;
 
-	if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap))
+	if (rt->rta_len < sizeof(*encap))
 		return -EINVAL;
 
 	return 0;
@@ -567,7 +567,7 @@
 	if (!rt) {
 		pol->xfrm_nr = 0;
 	} else {
-		nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl);
+		nr = rt->rta_len / sizeof(*utmpl);
 
 		if (nr > XFRM_MAX_DEPTH)
 			return -EINVAL;
@@ -629,6 +629,7 @@
 	struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh);
 	struct xfrm_policy *xp;
 	int err;
+	int excl;
 
 	err = verify_newpolicy_info(p);
 	if (err)
@@ -638,7 +639,8 @@
 	if (!xp)
 		return err;
 
-	err = xfrm_policy_insert(p->dir, xp, 1);
+	excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
+	err = xfrm_policy_insert(p->dir, xp, excl);
 	if (err) {
 		kfree(xp);
 		return err;
@@ -798,6 +800,7 @@
 	NLMSG_LENGTH(sizeof(struct xfrm_userspi_info)),	/* ALLOC SPI */
 	NLMSG_LENGTH(sizeof(struct xfrm_user_acquire)),	/* ACQUIRE */
 	NLMSG_LENGTH(sizeof(struct xfrm_user_expire)),	/* EXPIRE */
+	NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info)),/* UPD POLICY */
 };
 
 static struct xfrm_link {
@@ -817,6 +820,9 @@
 		.dump	=	xfrm_dump_policy,
 	},
 	{	.doit	=	xfrm_alloc_userspi	},
+	{},
+	{},
+	{	.doit	=	xfrm_add_policy 	},
 };
 
 static int xfrm_done(struct netlink_callback *cb)
Index: include/linux/pfkeyv2.h
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/linux/pfkeyv2.h,v
retrieving revision 1.1.1.5
diff -u -r1.1.1.5 pfkeyv2.h
--- include/linux/pfkeyv2.h	7 Apr 2003 17:32:27 -0000	1.1.1.5
+++ include/linux/pfkeyv2.h	11 May 2003 05:11:28 -0000
@@ -275,8 +275,8 @@
 
 /* Encryption algorithms */
 #define SADB_EALG_NONE			0
-#define SADB_EALG_DESCBC		1
-#define SADB_EALG_3DESCBC		2
+#define SADB_EALG_DESCBC		2
+#define SADB_EALG_3DESCBC		3
 #define SADB_X_EALG_CASTCBC		6
 #define SADB_X_EALG_BLOWFISHCBC		7
 #define SADB_EALG_NULL			11

[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux