2
* Interface between the IPSEC code and the radix (radij) tree code
3
* Copyright (C) 1996, 1997 John Ioannidis.
4
* Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
6
* This program is free software; you can redistribute it and/or modify it
7
* under the terms of the GNU General Public License as published by the
8
* Free Software Foundation; either version 2 of the License, or (at your
9
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11
* This program is distributed in the hope that it will be useful, but
12
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16
* RCSID $Id: ipsec_radij.c,v 1.67.6.1 2004/05/01 04:37:32 ken Exp $
19
#include <linux/config.h>
20
#include <linux/version.h>
21
#include <linux/kernel.h> /* printk() */
23
#include "freeswan/ipsec_param.h"
26
# include <linux/slab.h> /* kmalloc() */
27
#else /* MALLOC_SLAB */
28
# include <linux/malloc.h> /* kmalloc() */
29
#endif /* MALLOC_SLAB */
30
#include <linux/errno.h> /* error codes */
31
#include <linux/types.h> /* size_t */
32
#include <linux/interrupt.h> /* mark_bh */
34
#include <linux/netdevice.h> /* struct device, struct net_device_stats and other headers */
35
#include <linux/etherdevice.h> /* eth_type_trans */
36
#include <linux/ip.h> /* struct iphdr */
37
#include <linux/skbuff.h>
41
# include <linux/spinlock.h> /* *lock* */
42
# else /* 23_SPINLOCK */
43
# include <asm/spinlock.h> /* *lock* */
44
# endif /* 23_SPINLOCK */
47
# include <asm/uaccess.h>
48
# include <linux/in6.h>
50
#include <asm/checksum.h>
53
#include "freeswan/ipsec_eroute.h"
54
#include "freeswan/ipsec_sa.h"
56
#include "freeswan/radij.h"
57
#include "freeswan/ipsec_encap.h"
58
#include "freeswan/radij.h"
59
#include "freeswan/ipsec_encap.h"
60
#include "freeswan/ipsec_radij.h"
61
#include "freeswan/ipsec_tunnel.h" /* struct ipsecpriv */
62
#include "freeswan/ipsec_xform.h"
67
#include "freeswan/ipsec_proto.h"
69
#ifdef CONFIG_IPSEC_DEBUG
71
#endif /* CONFIG_IPSEC_DEBUG */
73
struct radij_node_head *rnh = NULL;
75
spinlock_t eroute_lock = SPIN_LOCK_UNLOCKED;
77
spinlock_t eroute_lock;
83
maj_keylen = sizeof (struct sockaddr_encap);
87
if (rj_inithead((void **)&rnh, /*16*/offsetof(struct sockaddr_encap, sen_type) * sizeof(__u8)) == 0) /* 16 is bit offset of sen_type */
93
ipsec_radijcleanup(void)
97
spin_lock_bh(&eroute_lock);
99
error = radijcleanup();
101
spin_unlock_bh(&eroute_lock);
107
ipsec_cleareroutes(void)
111
spin_lock_bh(&eroute_lock);
113
error = radijcleartree();
115
spin_unlock_bh(&eroute_lock);
121
ipsec_breakroute(struct sockaddr_encap *eaddr,
122
struct sockaddr_encap *emask,
123
struct sk_buff **first,
124
struct sk_buff **last)
127
struct radij_node *rn;
129
#ifdef CONFIG_IPSEC_DEBUG
132
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
133
subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1));
134
subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2));
135
KLIPS_PRINT(debug_eroute,
136
"klips_debug:ipsec_breakroute: "
137
"attempting to delete eroute for %s:%d->%s:%d %d\n",
138
buf1, ntohs(eaddr->sen_sport),
139
buf2, ntohs(eaddr->sen_dport), eaddr->sen_proto);
141
#endif /* CONFIG_IPSEC_DEBUG */
143
spin_lock_bh(&eroute_lock);
145
if ((error = rj_delete(eaddr, emask, rnh, &rn)) != 0) {
146
spin_unlock_bh(&eroute_lock);
147
KLIPS_PRINT(debug_eroute,
148
"klips_debug:ipsec_breakroute: "
149
"node not found, eroute delete failed.\n");
153
spin_unlock_bh(&eroute_lock);
155
ro = (struct eroute *)rn;
157
KLIPS_PRINT(debug_eroute,
158
"klips_debug:ipsec_breakroute: "
159
"deleted eroute=0p%p, ident=0p%p->0p%p, first=0p%p, last=0p%p\n",
166
if (ro->er_ident_s.data != NULL) {
167
kfree(ro->er_ident_s.data);
169
if (ro->er_ident_d.data != NULL) {
170
kfree(ro->er_ident_d.data);
172
if (ro->er_first != NULL) {
174
struct net_device_stats *stats = (struct net_device_stats *) &(((struct ipsecpriv *)(ro->er_first->dev->priv))->mystats);
177
*first = ro->er_first;
179
if (ro->er_last != NULL) {
181
struct net_device_stats *stats = (struct net_device_stats *) &(((struct ipsecpriv *)(ro->er_last->dev->priv))->mystats);
187
if (rn->rj_flags & (RJF_ACTIVE | RJF_ROOT))
188
panic ("ipsec_breakroute RMT_DELEROUTE root or active node\n");
189
memset((caddr_t)rn, 0, sizeof (struct eroute));
196
ipsec_makeroute(struct sockaddr_encap *eaddr,
197
struct sockaddr_encap *emask,
201
struct ident *ident_s,
202
struct ident *ident_d)
204
struct eroute *retrt;
209
#ifdef CONFIG_IPSEC_DEBUG
214
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
216
subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1));
217
subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2));
218
sa_len = satot(&said, 0, sa, sizeof(sa));
219
KLIPS_PRINT(debug_eroute,
220
"klips_debug:ipsec_makeroute: "
221
"attempting to allocate %lu bytes to insert eroute for %s->%s, SA: %s, PID:%d, skb=0p%p, ident:%s->%s\n",
222
(unsigned long) sizeof(struct eroute),
225
sa_len ? sa : " (error)",
228
(ident_s ? (ident_s->data ? ident_s->data : "NULL") : "NULL"),
229
(ident_d ? (ident_d->data ? ident_d->data : "NULL") : "NULL"));
232
char buf1[sizeof(struct sockaddr_encap)*2 + 1],
233
buf2[sizeof(struct sockaddr_encap)*2 + 1];
235
unsigned char *b1 = buf1,
237
*ea = (unsigned char *)eaddr,
238
*em = (unsigned char *)emask;
241
for (i=0; i<sizeof(struct sockaddr_encap); i++) {
242
sprintf(b1, "%02x", ea[i]);
243
sprintf(b2, "%02x", em[i]);
247
KLIPS_PRINT(debug_eroute, "klips_debug:ipsec_makeroute: %s / %s \n", buf1, buf2);
251
#endif /* CONFIG_IPSEC_DEBUG */
253
retrt = (struct eroute *)kmalloc(sizeof (struct eroute), GFP_ATOMIC);
255
printk("klips_error:ipsec_makeroute: "
256
"not able to allocate kernel memory");
259
memset((caddr_t)retrt, 0, sizeof (struct eroute));
261
retrt->er_eaddr = *eaddr;
262
retrt->er_emask = *emask;
263
retrt->er_said = said;
266
retrt->er_lasttime = jiffies/HZ;
267
rd_key((&(retrt->er_rjt))) = &(retrt->er_eaddr);
269
if (ident_s && ident_s->type != SADB_IDENTTYPE_RESERVED) {
270
int data_len = ident_s->len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
272
retrt->er_ident_s.type = ident_s->type;
273
retrt->er_ident_s.id = ident_s->id;
274
retrt->er_ident_s.len = ident_s->len;
276
KLIPS_PRINT(debug_eroute,
277
"klips_debug:ipsec_makeroute: "
278
"attempting to allocate %u bytes for ident_s.\n",
280
if(!(retrt->er_ident_s.data = kmalloc(data_len, GFP_KERNEL))) {
282
printk("klips_error:ipsec_makeroute: not able to allocate kernel memory (%d)\n", data_len);
285
memcpy(retrt->er_ident_s.data, ident_s->data, data_len);
287
retrt->er_ident_s.data = NULL;
291
if (ident_d && ident_d->type != SADB_IDENTTYPE_RESERVED) {
292
int data_len = ident_d->len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident);
294
retrt->er_ident_d.type = ident_d->type;
295
retrt->er_ident_d.id = ident_d->id;
296
retrt->er_ident_d.len = ident_d->len;
298
KLIPS_PRINT(debug_eroute,
299
"klips_debug:ipsec_makeroute: "
300
"attempting to allocate %u bytes for ident_d.\n",
302
if(!(retrt->er_ident_d.data = kmalloc(data_len, GFP_KERNEL))) {
303
if (retrt->er_ident_s.data)
304
kfree(retrt->er_ident_s.data);
306
printk("klips_error:ipsec_makeroute: not able to allocate kernel memory (%d)\n", data_len);
309
memcpy(retrt->er_ident_d.data, ident_d->data, data_len);
311
retrt->er_ident_d.data = NULL;
314
retrt->er_first = skb;
315
retrt->er_last = NULL;
317
KLIPS_PRINT(debug_eroute,
318
"klips_debug:ipsec_makeroute: "
319
"calling rj_addroute now\n");
321
spin_lock_bh(&eroute_lock);
323
error = rj_addroute(&(retrt->er_eaddr), &(retrt->er_emask),
324
rnh, retrt->er_rjt.rd_nodes);
326
spin_unlock_bh(&eroute_lock);
329
sa_len = satot(&said, 0, sa, sizeof(sa));
330
KLIPS_PRINT(debug_eroute,
331
"klips_debug:ipsec_makeroute: "
332
"rj_addroute not able to insert eroute for SA:%s (error:%d)\n",
333
sa_len ? sa : " (error)", error);
334
if (retrt->er_ident_s.data)
335
kfree(retrt->er_ident_s.data);
336
if (retrt->er_ident_d.data)
337
kfree(retrt->er_ident_d.data);
344
#ifdef CONFIG_IPSEC_DEBUG
346
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
348
subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1));
349
subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2));
351
subnettoa(rd_key((&(retrt->er_rjt)))->sen_ip_src, rd_mask((&(retrt->er_rjt)))->sen_ip_src, 0, buf1, sizeof(buf1));
352
subnettoa(rd_key((&(retrt->er_rjt)))->sen_ip_dst, rd_mask((&(retrt->er_rjt)))->sen_ip_dst, 0, buf2, sizeof(buf2));
353
sa_len = satot(&retrt->er_said, 0, sa, sizeof(sa));
355
KLIPS_PRINT(debug_eroute,
356
"klips_debug:ipsec_makeroute: "
360
"%-18s -> %-18s => %s\n",
363
(int)(jiffies/HZ - retrt->er_lasttime),
366
sa_len ? sa : " (error)");
368
#endif /* CONFIG_IPSEC_DEBUG */
369
KLIPS_PRINT(debug_eroute,
370
"klips_debug:ipsec_makeroute: "
376
ipsec_findroute(struct sockaddr_encap *eaddr)
378
struct radij_node *rn;
379
#ifdef CONFIG_IPSEC_DEBUG
380
char buf1[ADDRTOA_BUF], buf2[ADDRTOA_BUF];
382
if (debug_radij & DB_RJ_FINDROUTE) {
383
addrtoa(eaddr->sen_ip_src, 0, buf1, sizeof(buf1));
384
addrtoa(eaddr->sen_ip_dst, 0, buf2, sizeof(buf2));
385
KLIPS_PRINT(debug_eroute,
386
"klips_debug:ipsec_findroute: "
388
buf1, ntohs(eaddr->sen_sport),
389
buf2, ntohs(eaddr->sen_dport),
392
#endif /* CONFIG_IPSEC_DEBUG */
393
rn = rj_match((caddr_t)eaddr, rnh);
395
KLIPS_PRINT(debug_eroute && sysctl_ipsec_debug_verbose,
396
"klips_debug:ipsec_findroute: "
397
"found, points to proto=%d, spi=%x, dst=%x.\n",
398
((struct eroute*)rn)->er_said.proto,
399
ntohl(((struct eroute*)rn)->er_said.spi),
400
ntohl(((struct eroute*)rn)->er_said.dst.u.v4.sin_addr.s_addr));
402
return (struct eroute *)rn;
405
#ifdef CONFIG_PROC_FS
406
/** ipsec_rj_walker_procprint: print one line of eroute table output.
408
* Theoretical BUG: if w->length is less than the length
409
* of some line we should produce, that line will never
410
* be finished. In effect, the "file" will stop part way
414
ipsec_rj_walker_procprint(struct radij_node *rn, void *w0)
416
struct eroute *ro = (struct eroute *)rn;
417
struct rjtentry *rd = (struct rjtentry *)rn;
418
struct wsbuf *w = (struct wsbuf *)w0;
419
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
422
size_t sa_len, buf_len;
423
struct sockaddr_encap *key, *mask;
425
KLIPS_PRINT(debug_radij,
426
"klips_debug:ipsec_rj_walker_procprint: "
427
"rn=0p%p, w0=0p%p\n",
437
if (key == NULL || mask == NULL) {
441
buf_len = subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1));
442
if(key->sen_sport != 0) {
443
sprintf(buf1+buf_len-1, ":%d", ntohs(key->sen_sport));
446
buf_len = subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2));
447
if(key->sen_dport != 0) {
448
sprintf(buf2+buf_len-1, ":%d", ntohs(key->sen_dport));
452
if(key->sen_proto != 0) {
453
sprintf(buf3, ":%d", key->sen_proto);
456
sa_len = satot(&ro->er_said, 'x', sa, sizeof(sa));
457
w->len += ipsec_snprintf(w->buffer + w->len,
460
"%-18s -> %-18s => %s%s\n",
464
sa_len ? sa : " (error)",
468
/* snprintf can only fill the last character with NUL
469
* so the maximum useful character is w->length-1.
470
* However, if w->length == 0, we cannot go back.
471
* (w->length surely cannot be negative.)
473
int max_content = w->length > 0? w->length-1 : 0;
475
if (w->len >= max_content) {
476
/* we've done all that can fit -- stop treewalking */
477
w->len = max_content; /* truncate crap */
480
const off_t pos = w->begin + w->len; /* file position of end of what we've generated */
482
if (pos <= w->offset) {
483
/* all is before first interesting character:
484
* discard, but note where we are.
493
#endif /* CONFIG_PROC_FS */
496
ipsec_rj_walker_delete(struct radij_node *rn, void *w0)
499
struct rjtentry *rd = (struct rjtentry *)rn;
500
struct radij_node *rn2;
502
struct sockaddr_encap *key, *mask;
510
#ifdef CONFIG_IPSEC_DEBUG
512
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
513
subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1));
514
subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2));
515
KLIPS_PRINT(debug_radij,
516
"klips_debug:ipsec_rj_walker_delete: "
517
"deleting: %s -> %s\n",
521
#endif /* CONFIG_IPSEC_DEBUG */
523
if((error = rj_delete(key, mask, rnh, &rn2))) {
524
KLIPS_PRINT(debug_radij,
525
"klips_debug:ipsec_rj_walker_delete: "
526
"rj_delete failed with error=%d.\n", error);
531
printk("klips_debug:ipsec_rj_walker_delete: "
532
"tried to delete a different node?!? This should never happen!\n");
535
ro = (struct eroute *)rn;
537
if (ro->er_ident_s.data)
538
kfree(ro->er_ident_s.data);
539
if (ro->er_ident_d.data)
540
kfree(ro->er_ident_d.data);
542
memset((caddr_t)rn, 0, sizeof (struct eroute));
549
* $Log: ipsec_radij.c,v $
550
* Revision 1.67.6.1 2004/05/01 04:37:32 ken
551
* Pull in snprintf() and proc fixes from HEAD
553
* Revision 1.70 2004/04/25 21:10:52 ken
554
* Pull in dhr's changes from FreeS/WAN 2.06
556
* Revision 1.69 2004/04/06 02:49:26 mcr
557
* pullup of algo code from alg-branch.
559
* Revision 1.68 2004/03/28 20:27:20 paul
560
* Included tested and confirmed fixes mcr made and dhr verified for
561
* snprint statements. Changed one other snprintf to use ipsec_snprintf
562
* so it wouldnt break compatibility with 2.0/2.2 kernels. Verified with
565
* Revision 1.67.4.1 2004/04/05 04:30:46 mcr
566
* patches for alg-branch to compile/work with 2.x openswan
568
* Revision 1.67 2003/10/31 02:27:55 mcr
569
* pulled up port-selector patches and sa_id elimination.
571
* Revision 1.66.24.2 2003/10/29 01:30:41 mcr
572
* elimited "struct sa_id".
574
* Revision 1.66.24.1 2003/09/21 13:59:56 mcr
575
* pre-liminary X.509 patch - does not yet pass tests.
577
* Revision 1.66 2002/10/12 23:11:53 dhr
579
* [KenB + DHR] more 64-bit cleanup
581
* Revision 1.65 2002/09/20 05:01:40 rgb
582
* Added memory allocation debugging.
584
* Revision 1.64 2002/05/31 01:46:05 mcr
585
* added && sysctl_ipsec_debug_verbose verbose to ipsec_findroute
586
* as requested in PR#14.
588
* Revision 1.63 2002/05/23 07:14:11 rgb
589
* Cleaned up %p variants to 0p%p for test suite cleanup.
591
* Revision 1.62 2002/04/24 07:55:32 mcr
592
* #include patches and Makefiles for post-reorg compilation.
594
* Revision 1.61 2002/04/24 07:36:29 mcr
595
* Moved from ./klips/net/ipsec/ipsec_radij.c,v
597
* Revision 1.60 2002/02/19 23:59:45 rgb
598
* Removed redundant compiler directives.
600
* Revision 1.59 2002/02/06 04:13:47 mcr
601
* missing #ifdef CONFIG_IPSEC_DEBUG.
603
* Revision 1.58 2002/01/29 17:17:56 mcr
604
* moved include of ipsec_param.h to after include of linux/kernel.h
605
* otherwise, it seems that some option that is set in ipsec_param.h
606
* screws up something subtle in the include path to kernel.h, and
607
* it complains on the snprintf() prototype.
609
* Revision 1.57 2002/01/29 04:00:52 mcr
610
* more excise of kversions.h header.
612
* Revision 1.56 2002/01/29 02:13:17 mcr
613
* introduction of ipsec_kversion.h means that include of
614
* ipsec_param.h must preceed any decisions about what files to
615
* include to deal with differences in kernel source.
617
* Revision 1.55 2001/11/26 09:23:48 rgb
618
* Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
620
* Revision 1.53.2.1 2001/09/25 02:26:32 mcr
621
* headers adjusted for new usage.
623
* Revision 1.54 2001/10/18 04:45:20 rgb
624
* 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h,
625
* lib/freeswan.h version macros moved to lib/kversions.h.
626
* Other compiler directive cleanups.
628
* Revision 1.53 2001/09/19 17:19:40 rgb
629
* Debug output bugfix for NetCelo's PF_KEY ident patch.
631
* Revision 1.52 2001/09/19 16:33:37 rgb
632
* Temporarily disable ident fields to /proc/net/ipsec_eroute.
634
* Revision 1.51 2001/09/15 16:24:04 rgb
635
* Re-inject first and last HOLD packet when an eroute REPLACE is done.
637
* Revision 1.50 2001/09/14 16:58:36 rgb
638
* Added support for storing the first and last packets through a HOLD.
640
* Revision 1.49 2001/09/08 21:13:32 rgb
641
* Added pfkey ident extension support for ISAKMPd. (NetCelo)
643
* Revision 1.48 2001/06/15 04:12:56 rgb
644
* Fixed kernel memory allocation error return code polarity bug.
646
* Revision 1.47 2001/06/14 19:35:09 rgb
647
* Update copyright date.
649
* Revision 1.46 2001/06/08 08:47:18 rgb
650
* Fixed for debug disabled.
652
* Revision 1.45 2001/05/27 06:12:11 rgb
653
* Added structures for pid, packet count and last access time to eroute.
654
* Added packet count to beginning of /proc/net/ipsec_eroute.
656
* Revision 1.44 2001/05/03 19:41:01 rgb
657
* Initialise error return variable.
658
* Use more appropriate return value for ipsec_rj_walker_delete().
660
* Revision 1.43 2001/02/27 22:24:54 rgb
661
* Re-formatting debug output (line-splitting, joining, 1arg/line).
662
* Check for satoa() return codes.
664
* Revision 1.42 2001/02/27 06:21:57 rgb
665
* Added findroute success instrumentation.
667
* Revision 1.41 2000/11/06 04:32:08 rgb
668
* Ditched spin_lock_irqsave in favour of spin_lock_bh.
670
* Revision 1.40 2000/09/08 19:12:56 rgb
671
* Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
673
* Revision 1.39 2000/08/30 05:25:20 rgb
674
* Correct debug text in ipsec_breakroute() from incorrect
677
* Revision 1.38 2000/07/28 14:58:31 rgb
678
* Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5.
680
* Revision 1.37 2000/03/16 14:02:50 rgb
681
* Fixed debug scope to enable compilation with debug off.
683
* Revision 1.36 2000/01/21 06:14:46 rgb
684
* Added debugging text to ipsec_rj_walker_delete().
685
* Set return code to negative for consistency.
687
* Revision 1.35 1999/11/23 23:05:24 rgb
688
* Use provided macro ADDRTOA_BUF instead of hardcoded value.
690
* Revision 1.34 1999/11/18 04:13:56 rgb
691
* Replaced all kernel version macros to shorter, readable form.
692
* Added CONFIG_PROC_FS compiler directives in case it is shut off.
694
* Revision 1.33 1999/11/17 15:53:39 rgb
695
* Changed all occurrences of #include "../../../lib/freeswan.h"
696
* to #include <freeswan.h> which works due to -Ilibfreeswan in the
697
* klips/net/ipsec/Makefile.
699
* Revision 1.32 1999/10/26 13:58:33 rgb
700
* Put spinlock flags variable declaration outside the debug compiler
701
* directive to enable compilation with debug shut off.
703
* Revision 1.31 1999/10/15 22:13:29 rgb
705
* Align /proc/net/ipsec_eroute output for easier readability.
706
* Fix double linefeed in radij debug output.
707
* Fix double locking bug that locks up 2.0.36 but not 2.0.38.
709
* Revision 1.30 1999/10/08 18:37:33 rgb
710
* Fix end-of-line spacing to sate whining PHMs.
712
* Revision 1.29 1999/10/03 18:52:45 rgb
713
* Spinlock support for 2.0.xx.
714
* Dumb return code spin_unlock fix.
716
* Revision 1.28 1999/10/01 16:22:24 rgb
717
* Switch from assignment init. to functional init. of spinlocks.
719
* Revision 1.27 1999/10/01 15:44:53 rgb
720
* Move spinlock header include to 2.1> scope.
722
* Revision 1.26 1999/10/01 00:01:23 rgb
723
* Added eroute structure locking.
725
* Revision 1.25 1999/06/10 16:07:30 rgb
726
* Silence delete eroute on no debug.
728
* Revision 1.24 1999/05/09 03:25:36 rgb
729
* Fix bug introduced by 2.2 quick-and-dirty patch.
731
* Revision 1.23 1999/05/05 22:02:31 rgb
732
* Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
734
* Revision 1.22 1999/04/29 15:17:23 rgb
735
* Add return values to init and cleanup functions.
736
* Add sanity checking for null pointer arguments.
738
* Revision 1.21 1999/04/11 00:28:58 henry
741
* Revision 1.20 1999/04/06 04:54:26 rgb
742
* Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
745
* Revision 1.19 1999/02/17 16:50:35 rgb
746
* Clean out unused cruft.
747
* Consolidate for space and speed efficiency.
748
* Convert DEBUG_IPSEC to KLIPS_PRINT
750
* Revision 1.18 1999/01/22 06:22:06 rgb
754
* Revision 1.17 1998/12/02 03:09:39 rgb
755
* Clean up debug printing conditionals to compile with debugging off.
757
* Revision 1.16 1998/12/01 13:49:39 rgb
758
* Wrap version info printing in debug switches.
760
* Revision 1.15 1998/11/30 13:22:54 rgb
761
* Rationalised all the klips kernel file headers. They are much shorter
762
* now and won't conflict under RH5.2.
764
* Revision 1.14 1998/10/31 06:48:17 rgb
765
* Fixed up comments in #endif directives.
767
* Revision 1.13 1998/10/27 13:48:09 rgb
768
* Cleaned up /proc/net/ipsec_* filesystem for easy parsing by scripts.
769
* Fixed less(1) truncated output bug.
772
* Revision 1.12 1998/10/25 02:41:36 rgb
773
* Change return type on ipsec_breakroute and ipsec_makeroute and add an
774
* argument to be able to transmit more infomation about errors.
775
* Fix cut-and-paste debug statement identifier.
777
* Revision 1.11 1998/10/22 06:45:39 rgb
779
* Convert to use satoa for printk.
781
* Revision 1.10 1998/10/19 14:44:28 rgb
782
* Added inclusion of freeswan.h.
783
* sa_id structure implemented and used: now includes protocol.
785
* Revision 1.9 1998/10/09 04:30:52 rgb
786
* Added 'klips_debug' prefix to all klips printk debug statements.
787
* Deleted old commented out cruft.
789
* Revision 1.8 1998/08/06 17:24:23 rgb
790
* Fix addrtoa return code bug from stale manpage advice preventing packets
791
* from being erouted.
793
* Revision 1.7 1998/08/06 07:44:59 rgb
794
* Fixed /proc/net/ipsec_eroute subnettoa and addrtoa return value bug that
795
* ended up in nothing being printed.
797
* Revision 1.6 1998/08/05 22:16:41 rgb
798
* Cleanup to prevent cosmetic errors (ie. debug output) from being fatal.
800
* Revision 1.5 1998/07/29 20:38:44 rgb
801
* Debug and fix subnettoa and addrtoa output.
803
* Revision 1.4 1998/07/28 00:02:39 rgb
804
* Converting to exclusive use of addrtoa.
807
* Revision 1.3 1998/07/14 18:21:26 rgb
808
* Add function to clear the eroute table.
810
* Revision 1.2 1998/06/23 02:59:14 rgb
811
* Added debugging output to eroute add/delete routines.
813
* Revision 1.9 1998/06/18 21:29:06 henry
814
* move sources from klips/src to klips/net/ipsec, to keep stupid kernel
815
* build scripts happier in presence of symbolic links
817
* Revision 1.8 1998/06/05 02:32:26 rgb
818
* Fix spi ntoh kernel debug output.
820
* Revision 1.7 1998/05/25 20:30:37 rgb
821
* Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions.
823
* Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and
824
* add ipsec_rj_walker_delete.
826
* Revision 1.6 1998/05/21 13:08:57 rgb
827
* Rewrote procinfo subroutines to avoid *bad things* when more that 3k of
828
* information is available for printout.
830
* Revision 1.5 1998/05/18 21:35:55 rgb
831
* Clean up output for numerical consistency and readability. Zero freed
834
* Revision 1.4 1998/04/21 21:28:58 rgb
835
* Rearrange debug switches to change on the fly debug output from user
836
* space. Only kernel changes checked in at this time. radij.c was also
837
* changed to temporarily remove buggy debugging code in rj_delete causing
838
* an OOPS and hence, netlink device open errors.
840
* Revision 1.3 1998/04/14 17:30:39 rgb
841
* Fix up compiling errors for radij tree memory reclamation.
843
* Revision 1.2 1998/04/12 22:03:23 rgb
844
* Updated ESP-3DES-HMAC-MD5-96,
845
* ESP-DES-HMAC-MD5-96,
847
* AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
848
* from old standards (RFC182[5-9] to new (as of March 1998) drafts.
850
* Fixed eroute references in /proc/net/ipsec*.
852
* Started to patch module unloading memory leaks in ipsec_netlink and
853
* radij tree unloading.
855
* Revision 1.1 1998/04/09 03:06:10 henry
856
* sources moved up from linux/net/ipsec
858
* Revision 1.1.1.1 1998/04/08 05:35:03 henry
859
* RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
861
* Revision 0.4 1997/01/15 01:28:15 ji
864
* Revision 0.3 1996/11/20 14:39:04 ji
866
* Rationalized debugging code.
868
* Revision 0.2 1996/11/02 00:18:33 ji
869
* First limited release.