Hello David,
> 1) Please, can you split out seperate patch for changes
> to net/ipv4/xfrm_user.c? They are independant.
>
> Kunihiro sent me identical patch, so please could you
> add him to credits in comment? Thank you.
I attached xfrm_user.c patch below.
Just FYI,
the IPv6 part of this patch depends xfrm6_state_lookup().
Sincerely,
Mitsuru KANDA (mk@xxxxxxxxxx)
USAGI Project (mk@xxxxxxxxxxxxxx)
diff -uNr linux-2.5.62.org/net/ipv4/xfrm_user.c
linux-2.5.62/net/ipv4/xfrm_user.c
--- linux-2.5.62.org/net/ipv4/xfrm_user.c 2003-02-18 07:56:17.000000000
+0900
+++ linux-2.5.62/net/ipv4/xfrm_user.c 2003-02-20 00:00:57.000000000 +0900
@@ -1,6 +1,13 @@
/* xfrm_user.c: User interface to configure xfrm engine.
*
* Copyright (C) 2002 David S. Miller (davem@xxxxxxxxxx)
+ *
+ * Changes
+ *
+ * Mitsuru KANDA @USAGI : IPv6 Support
+ * Kazunori MIYAZAWA @USAGI :
+ * Kunihiro Ishiguro :
+ *
*/
#include <linux/module.h>
@@ -17,6 +24,9 @@
#include <linux/ipsec.h>
#include <linux/init.h>
#include <linux/security.h>
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#include <linux/in6.h>
+#endif
#include <net/sock.h>
#include <net/xfrm.h>
@@ -63,11 +73,13 @@
case AF_INET:
break;
- case AF_INET6: /* XXX */
- err = -EAFNOSUPPORT;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+ case AF_INET6:
+ break;
+#endif
- /* fallthru */
default:
+ err = -EAFNOSUPPORT;
goto out;
};
@@ -206,8 +218,21 @@
if (!x)
return err;
- x1 = xfrm_state_lookup(x->props.saddr.xfrm4_addr,
- x->id.spi, x->id.proto);
+ switch (p->family) {
+ case AF_INET:
+ x1 = xfrm_state_lookup(x->props.saddr.xfrm4_addr,
+ x->id.spi, x->id.proto);
+ break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+ case AF_INET6:
+ x1 = xfrm6_state_lookup((struct in6_addr *)&x->props.saddr,
+ x->id.spi,x->id.proto);
+ break;
+#endif
+ default:
+ return -EAFNOSUPPORT;
+ }
+
if (x1) {
xfrm_state_put(x);
xfrm_state_put(x1);
@@ -224,7 +249,19 @@
struct xfrm_state *x;
struct xfrm_usersa_id *p = NLMSG_DATA(nlh);
- x = xfrm_state_lookup(p->saddr.xfrm4_addr, p->spi, p->proto);
+ switch (p->family) {
+ case AF_INET:
+ x = xfrm_state_lookup(p->saddr.xfrm4_addr, p->spi, p->proto);
+ break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+ case AF_INET6:
+ x = xfrm6_state_lookup((struct in6_addr *)&p->saddr, p->spi,
p->proto);
+ break;
+#endif
+ default:
+ return -EAFNOSUPPORT;
+ }
+
if (x == NULL)
return -ESRCH;
@@ -342,7 +379,19 @@
struct sk_buff *resp_skb;
int err;
- x = xfrm_state_lookup(p->saddr.xfrm4_addr, p->spi, p->proto);
+ switch (p->family) {
+ case AF_INET:
+ x = xfrm_state_lookup(p->saddr.xfrm4_addr, p->spi, p->proto);
+ break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+ case AF_INET6:
+ x = xfrm6_state_lookup((struct in6_addr *)&p->saddr, p->spi,
p->proto);
+ break;
+#endif
+ default:
+ return -EAFNOSUPPORT;
+ }
+
err = -ESRCH;
if (x == NULL)
goto out_noput;
@@ -393,9 +442,25 @@
err = verify_userspi_info(p);
if (err)
goto out_noput;
- x = xfrm_find_acq(p->info.mode, p->info.reqid, p->info.id.proto,
- p->info.sel.daddr.xfrm4_addr,
- p->info.sel.saddr.xfrm4_addr, 1);
+
+ switch (p->info.family) {
+ case AF_INET:
+ x = xfrm_find_acq(p->info.mode, p->info.reqid,
p->info.id.proto,
+ p->info.sel.daddr.xfrm4_addr,
+ p->info.sel.saddr.xfrm4_addr, 1);
+ break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+ case AF_INET6:
+ x = xfrm6_find_acq(p->info.mode, p->info.reqid,
p->info.id.proto,
+ (struct in6_addr *)&p->info.sel.daddr,
+ (struct in6_addr *)&p->info.sel.saddr, 1);
+ break;
+#endif
+ default:
+ err = -EAFNOSUPPORT;
+ goto out_noput;
+ }
+
err = -ENOENT;
if (x == NULL)
goto out_noput;
|