2 * Common routines for IPsec SA maintenance routines.
4 * Copyright (C) 1996, 1997 John Ioannidis.
5 * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * RCSID $Id: ipsec_sa.c,v 1.5 2002/01/29 17:17:56 mcr Exp $
19 * This is the file formerly known as "ipsec_xform.h"
23 #include <linux/config.h>
24 #include <linux/version.h>
25 #include <linux/kernel.h> /* printk() */
27 #include "ipsec_param.h"
30 # include <linux/slab.h> /* kmalloc() */
31 #else /* MALLOC_SLAB */
32 # include <linux/malloc.h> /* kmalloc() */
33 #endif /* MALLOC_SLAB */
34 #include <linux/errno.h> /* error codes */
35 #include <linux/types.h> /* size_t */
36 #include <linux/interrupt.h> /* mark_bh */
38 #include <linux/netdevice.h> /* struct device, and other headers */
39 #include <linux/etherdevice.h> /* eth_type_trans */
40 #include <linux/ip.h> /* struct iphdr */
41 #include <linux/skbuff.h>
42 #include <linux/random.h> /* get_random_bytes() */
46 #include <linux/spinlock.h> /* *lock* */
47 #else /* SPINLOCK_23 */
48 #include <asm/spinlock.h> /* *lock* */
49 #endif /* SPINLOCK_23 */
52 #include <asm/uaccess.h>
53 #include <linux/in6.h>
55 #include <asm/checksum.h>
58 #ifdef USE_IXP4XX_CRYPTO
59 #include "ipsec_glue.h" /* glue code */
60 #include "ipsec_glue_desc.h" /* glue code */
61 #endif /* USE_IXP4XX_CRYPTO */
64 #include "ipsec_stats.h"
65 #include "ipsec_life.h"
67 #include "ipsec_xform.h"
69 #include "ipsec_encap.h"
70 #include "ipsec_radij.h"
71 #include "ipsec_netlink.h"
72 #include "ipsec_xform.h"
73 #include "ipsec_ipe4.h"
75 #include "ipsec_esp.h"
80 #include "ipsec_proto.h"
81 #include "ipsec_alg.h"
84 #ifdef CONFIG_IPSEC_DEBUG
86 #endif /* CONFIG_IPSEC_DEBUG */
88 #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
90 struct ipsec_sa *ipsec_sadb_hash[SADB_HASHMOD];
92 spinlock_t tdb_lock = SPIN_LOCK_UNLOCKED;
102 for(i = 1; i < SADB_HASHMOD; i++) {
103 ipsec_sadb_hash[i] = NULL;
109 ipsec_sa_getbyid(struct sa_id *said)
112 struct ipsec_sa *ips;
117 KLIPS_PRINT(debug_xform,
118 "klips_error:gettdb: "
119 "null pointer passed in!\n");
123 sa_len = satoa(*said, 0, sa, SATOA_BUF);
125 hashval = (said->spi+said->dst.s_addr+said->proto) % SADB_HASHMOD;
127 KLIPS_PRINT(debug_xform,
128 "klips_debug:gettdb: "
129 "linked entry in tdb table for hash=%d of SA:%s requested.\n",
131 sa_len ? sa : " (error)");
133 if(!(ips = ipsec_sadb_hash[hashval])) {
134 KLIPS_PRINT(debug_xform,
135 "klips_debug:gettdb: "
136 "no entries in tdb table for hash=%d of SA:%s.\n",
138 sa_len ? sa : " (error)");
142 for (; ips; ips = ips->ips_hnext) {
143 if ((ips->ips_said.spi == said->spi) &&
144 (ips->ips_said.dst.s_addr == said->dst.s_addr) &&
145 (ips->ips_said.proto == said->proto)) {
150 KLIPS_PRINT(debug_xform,
151 "klips_debug:gettdb: "
152 "no entry in linked list for hash=%d of SA:%s.\n",
154 sa_len ? sa : " (error)");
159 The tdb table better *NOT* be locked before it is handed in, or SMP locks will happen
162 ipsec_sa_put(struct ipsec_sa *ips)
165 unsigned int hashval;
168 KLIPS_PRINT(debug_xform,
169 "klips_error:puttdb: "
170 "null pointer passed in!\n");
173 hashval = ((ips->ips_said.spi + ips->ips_said.dst.s_addr + ips->ips_said.proto) % SADB_HASHMOD);
175 #ifndef USE_IXP4XX_CRYPTO
176 spin_lock_bh(&tdb_lock);
178 ips->ips_hnext = ipsec_sadb_hash[hashval];
179 ipsec_sadb_hash[hashval] = ips;
181 spin_unlock_bh(&tdb_lock);
184 #ifdef USE_IXP4XX_CRYPTO
185 /* Add correspond crypto context for hardware accelarator */
186 if (IPSEC_GLUE_STATUS_FAIL == ipsec_glue_crypto_context_put (ips))
188 KLIPS_PRINT(debug_xform,
189 "klips_error:puttdb: "
190 "Cannot add crypto context!\n");
193 /* adding the crypt context succeded - only now can we add the ips
194 * to the hash table */
195 spin_lock_bh(&tdb_lock);
197 ips->ips_hnext = ipsec_sadb_hash[hashval];
198 ipsec_sadb_hash[hashval] = ips;
200 spin_unlock_bh(&tdb_lock);
202 #endif /*USE_IXP4XX_CRYPTO */
207 The tdb table better be locked before it is handed in, or races might happen
210 ipsec_sa_del(struct ipsec_sa *ips)
212 unsigned int hashval;
213 struct ipsec_sa *tdbtp;
216 struct _IpsecRcvDesc *p = NULL;
217 struct _IpsecXmitDesc *q = NULL;
220 KLIPS_PRINT(debug_xform,
221 "klips_error:deltdb: "
222 "null pointer passed in!\n");
226 sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF);
227 if(ips->ips_inext || ips->ips_onext) {
228 KLIPS_PRINT(debug_xform,
229 "klips_error:deltdb: "
230 "SA:%s still linked!\n",
231 sa_len ? sa : " (error)");
235 #ifdef USE_IXP4XX_CRYPTO
236 for (p = ips->RcvDesc_head; p != NULL; p = p->RcvDesc_next) {
240 for (q = ips->XmitDesc_head; q != NULL; q = q->XmitDesc_next) {
245 hashval = ((ips->ips_said.spi + ips->ips_said.dst.s_addr + ips->ips_said.proto) % SADB_HASHMOD);
247 KLIPS_PRINT(debug_xform,
248 "klips_debug:deltdb: "
249 "deleting SA:%s, hashval=%d.\n",
250 sa_len ? sa : " (error)",
252 if(!ipsec_sadb_hash[hashval]) {
253 KLIPS_PRINT(debug_xform,
254 "klips_debug:deltdb: "
255 "no entries in tdb table for hash=%d of SA:%s.\n",
257 sa_len ? sa : " (error)");
261 if (ips == ipsec_sadb_hash[hashval]) {
262 ipsec_sadb_hash[hashval] = ipsec_sadb_hash[hashval]->ips_hnext;
263 #ifndef USE_IXP4XX_CRYPTO
264 ips->ips_hnext = NULL;
265 #endif /* USE_IXP4XX_CRYPTO */
266 KLIPS_PRINT(debug_xform,
267 "klips_debug:deltdb: "
268 "successfully deleted first tdb in chain.\n");
269 #ifdef USE_IXP4XX_CRYPTO
270 /* Delete cryto context associate with this SA */
272 * Delete on SA and skip deleting the non crypto context becuase no
273 * associate crypto context for unsupported SA (e.g. IPCOMP)
275 if (ips->ips_crypto_state >= IPSEC_GLUE_UNSUPPORTED_CTXID)
277 KLIPS_PRINT(debug_xform,
278 "klips_debug:deltdb: "
279 "Delete on SA and no crypto context associated!\n");
283 if (IPSEC_GLUE_STATUS_FAIL ==
284 ipsec_glue_crypto_context_del(ips->ips_crypto_context_id))
286 KLIPS_PRINT(debug_xform,
287 "klips_error:deltdb: "
288 "Cannot delete crypto context!\n");
289 return (IPSEC_GLUE_STATUS_FAIL);
292 /* Set crypto context ID to default value */
293 ips->ips_crypto_state = IPSEC_GLUE_INIT_CTXID;
294 ips->ips_hnext = NULL;
295 #endif /* USE_IXP4XX_CRYPTO */
298 for (tdbtp = ipsec_sadb_hash[hashval];
300 tdbtp = tdbtp->ips_hnext) {
301 if (tdbtp->ips_hnext == ips) {
302 #ifndef USE_IXP4XX_CRYPTO
303 tdbtp->ips_hnext = ips->ips_hnext;
304 ips->ips_hnext = NULL;
306 KLIPS_PRINT(debug_xform,
307 "klips_debug:deltdb: "
308 "successfully deleted link in tdb chain.\n");
309 #ifdef USE_IXP4XX_CRYPTO
311 * Delete on SA and skip deleting the non crypto context becuase no
312 * associate crypto context for unsupported SA (e.g. IPCOMP)
314 if (ips->ips_crypto_state >= IPSEC_GLUE_UNSUPPORTED_CTXID)
316 KLIPS_PRINT(debug_xform,
317 "klips_debug:deltdb: "
318 "Delete on SA and no crypto context associated!\n");
322 /* Delete cryto context associate with this SA -in the chain */
323 if (IPSEC_GLUE_STATUS_FAIL ==
324 ipsec_glue_crypto_context_del(ips->ips_crypto_context_id))
326 KLIPS_PRINT(debug_xform,
327 "klips_error:deltdb: "
328 "Cannot delete crypto context!\n");
329 return (IPSEC_GLUE_STATUS_FAIL);
332 /* Set crypto context ID to default value */
333 ips->ips_crypto_state = IPSEC_GLUE_INIT_CTXID;
334 tdbtp->ips_hnext = ips->ips_hnext;
335 ips->ips_hnext = NULL;
336 #endif /* USE_IXP4XX_CRYPTO */
342 KLIPS_PRINT(debug_xform,
343 "klips_debug:deltdb: "
344 "no entries in linked list for hash=%d of SA:%s.\n",
346 sa_len ? sa : " (error)");
351 The tdb table better be locked before it is handed in, or races might happen
354 ipsec_sa_delchain(struct ipsec_sa *ips)
356 struct ipsec_sa *tdbdel;
357 #ifdef USE_IXP4XX_CRYPTO
358 int temp_count, temp_done_count;
359 #endif /* USE_IXP4XX_CRYPTO */
365 KLIPS_PRINT(debug_xform,
366 "klips_error:deltdbchain: "
367 "null pointer passed in!\n");
371 sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF);
372 KLIPS_PRINT(debug_xform,
373 "klips_debug:deltdbchain: "
375 sa_len ? sa : " (error)");
376 while(ips->ips_onext) {
377 #ifdef USE_IXP4XX_CRYPTO
378 ipsec_glue_update_state(ips, IX_FAIL);
379 #endif /* USE_IXP4XX_CRYPTO */
380 ips = ips->ips_onext;
383 #ifdef USE_IXP4XX_CRYPTO
384 ipsec_glue_update_state(ips, IX_FAIL);
385 #endif /* USE_IXP4XX_CRYPTO */
387 /* XXX send a pfkey message up to advise of deleted TDB */
388 sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF);
389 KLIPS_PRINT(debug_xform,
390 "klips_debug:deltdbchain: "
391 "unlinking and delting SA:%s",
392 sa_len ? sa : " (error)");
394 ips = ips->ips_inext;
396 sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF);
397 KLIPS_PRINT(debug_xform,
399 sa_len ? sa : " (error)");
400 tdbdel->ips_inext = NULL;
401 ips->ips_onext = NULL;
403 KLIPS_PRINT(debug_xform,
405 if((error = ipsec_sa_del(tdbdel))) {
406 KLIPS_PRINT(debug_xform,
407 "klips_debug:deltdbchain: "
408 "deltdb returned error %d.\n", -error);
411 if((error = ipsec_sa_wipe(tdbdel))) {
412 KLIPS_PRINT(debug_xform,
413 "klips_debug:deltdbchain: "
414 "ipsec_tdbwipe returned error %d.\n", -error);
422 ipsec_sadb_cleanup(__u8 proto)
426 struct ipsec_sa *ips, **ipsprev, *tdbdel;
430 KLIPS_PRINT(debug_xform,
431 "klips_debug:ipsec_tdbcleanup: "
432 "cleaning up proto=%d.\n",
435 spin_lock_bh(&tdb_lock);
437 for (i = 0; i < SADB_HASHMOD; i++) {
438 ipsprev = &(ipsec_sadb_hash[i]);
439 ips = ipsec_sadb_hash[i];
441 sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF);
442 KLIPS_PRINT(debug_xform,
443 "klips_debug:ipsec_tdbcleanup: "
444 "checking SA:%s, hash=%d",
445 sa_len ? sa : " (error)",
448 ips = tdbdel->ips_hnext;
450 sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF);
451 KLIPS_PRINT(debug_xform,
453 sa_len ? sa : " (error)");
456 sa_len = satoa((*ipsprev)->ips_said, 0, sa, SATOA_BUF);
457 KLIPS_PRINT(debug_xform,
459 sa_len ? sa : " (error)");
460 if((*ipsprev)->ips_hnext) {
461 sa_len = satoa((*ipsprev)->ips_hnext->ips_said, 0, sa, SATOA_BUF);
462 KLIPS_PRINT(debug_xform,
463 ", *ipsprev->ips_hnext=%s",
464 sa_len ? sa : " (error)");
467 KLIPS_PRINT(debug_xform,
469 if(!proto || (proto == tdbdel->ips_said.proto)) {
470 sa_len = satoa(tdbdel->ips_said, 0, sa, SATOA_BUF);
471 KLIPS_PRINT(debug_xform,
472 "klips_debug:ipsec_tdbcleanup: "
473 "deleting SA chain:%s.\n",
474 sa_len ? sa : " (error)");
475 if((error = ipsec_sa_delchain(tdbdel))) {
478 ipsprev = &(ipsec_sadb_hash[i]);
479 ips = ipsec_sadb_hash[i];
480 KLIPS_PRINT(debug_xform,
481 "klips_debug:ipsec_tdbcleanup: "
482 "deleted SA chain:%s",
483 sa_len ? sa : " (error)");
485 sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF);
486 KLIPS_PRINT(debug_xform,
489 sa_len ? sa : " (error)");
492 sa_len = satoa((*ipsprev)->ips_said, 0, sa, SATOA_BUF);
493 KLIPS_PRINT(debug_xform,
495 sa_len ? sa : " (error)");
496 if((*ipsprev)->ips_hnext) {
497 sa_len = satoa((*ipsprev)->ips_hnext->ips_said, 0, sa, SATOA_BUF);
498 KLIPS_PRINT(debug_xform,
499 ", *ipsprev->ips_hnext=%s",
500 sa_len ? sa : " (error)");
503 KLIPS_PRINT(debug_xform,
512 spin_unlock_bh(&tdb_lock);
518 ipsec_sa_wipe(struct ipsec_sa *ips)
524 if(ips->ips_addr_s) {
525 memset((caddr_t)(ips->ips_addr_s), 0, ips->ips_addr_s_size);
526 kfree(ips->ips_addr_s);
528 ips->ips_addr_s = NULL;
530 if(ips->ips_addr_d) {
531 memset((caddr_t)(ips->ips_addr_d), 0, ips->ips_addr_d_size);
532 kfree(ips->ips_addr_d);
534 ips->ips_addr_d = NULL;
536 if(ips->ips_addr_p) {
537 memset((caddr_t)(ips->ips_addr_p), 0, ips->ips_addr_p_size);
538 kfree(ips->ips_addr_p);
540 ips->ips_addr_p = NULL;
542 #ifdef CONFIG_IPSEC_NAT_TRAVERSAL
543 if(ips->ips_natt_oa) {
544 memset((caddr_t)(ips->ips_natt_oa), 0, ips->ips_natt_oa_size);
545 kfree(ips->ips_natt_oa);
547 ips->ips_natt_oa = NULL;
551 memset((caddr_t)(ips->ips_key_a), 0, ips->ips_key_a_size);
552 kfree(ips->ips_key_a);
554 ips->ips_key_a = NULL;
557 memset((caddr_t)(ips->ips_key_e), 0, ips->ips_key_e_size);
558 kfree(ips->ips_key_e);
560 ips->ips_key_e = NULL;
563 memset((caddr_t)(ips->ips_iv), 0, ips->ips_iv_size);
568 if(ips->ips_ident_s.data) {
569 memset((caddr_t)(ips->ips_ident_s.data),
571 ips->ips_ident_s.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident));
572 kfree(ips->ips_ident_s.data);
574 ips->ips_ident_s.data = NULL;
576 if(ips->ips_ident_d.data) {
577 memset((caddr_t)(ips->ips_ident_d.data),
579 ips->ips_ident_d.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident));
580 kfree(ips->ips_ident_d.data);
582 ips->ips_ident_d.data = NULL;
584 #ifdef USE_IXP4XX_CRYPTO
585 #ifdef CONFIG_IPSEC_ALG
586 if (IPSEC_ALG_SA_ESP_ENC(ips)||IPSEC_ALG_SA_ESP_AUTH(ips)) {
587 ipsec_alg_sa_wipe(ips);
590 #endif /* USE_IXP4XX_CRYPTO */
592 memset((caddr_t)ips, 0, sizeof(*ips));
600 * $Log: ipsec_sa.c,v $
601 * Revision 1.5 2002/01/29 17:17:56 mcr
602 * moved include of ipsec_param.h to after include of linux/kernel.h
603 * otherwise, it seems that some option that is set in ipsec_param.h
604 * screws up something subtle in the include path to kernel.h, and
605 * it complains on the snprintf() prototype.
607 * Revision 1.4 2002/01/29 04:00:52 mcr
608 * more excise of kversions.h header.
610 * Revision 1.3 2002/01/29 02:13:18 mcr
611 * introduction of ipsec_kversion.h means that include of
612 * ipsec_param.h must preceed any decisions about what files to
613 * include to deal with differences in kernel source.
615 * Revision 1.2 2001/11/26 09:16:15 rgb
616 * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
618 * Revision 1.1.2.2 2001/10/22 21:05:41 mcr
619 * removed phony prototype for des_set_key.
621 * Revision 1.1.2.1 2001/09/25 02:24:57 mcr
622 * struct tdb -> struct ipsec_sa.
623 * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
624 * ipsec_xform.c removed. header file still contains useful things.
628 * CLONED from ipsec_xform.c:
629 * Revision 1.53 2001/09/08 21:13:34 rgb
630 * Added pfkey ident extension support for ISAKMPd. (NetCelo)
632 * Revision 1.52 2001/06/14 19:35:11 rgb
633 * Update copyright date.
635 * Revision 1.51 2001/05/30 08:14:03 rgb
636 * Removed vestiges of esp-null transforms.
638 * Revision 1.50 2001/05/03 19:43:18 rgb
639 * Initialise error return variable.
640 * Update SENDERR macro.
641 * Fix sign of error return code for ipsec_tdbcleanup().
642 * Use more appropriate return code for ipsec_tdbwipe().
644 * Revision 1.49 2001/04/19 18:56:17 rgb
645 * Fixed tdb table locking comments.
647 * Revision 1.48 2001/02/27 22:24:55 rgb
648 * Re-formatting debug output (line-splitting, joining, 1arg/line).
649 * Check for satoa() return codes.
651 * Revision 1.47 2000/11/06 04:32:08 rgb
652 * Ditched spin_lock_irqsave in favour of spin_lock_bh.
654 * Revision 1.46 2000/09/20 16:21:57 rgb
655 * Cleaned up ident string alloc/free.
657 * Revision 1.45 2000/09/08 19:16:51 rgb
658 * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
659 * Removed all references to CONFIG_IPSEC_PFKEYv2.
661 * Revision 1.44 2000/08/30 05:29:04 rgb
662 * Compiler-define out no longer used tdb_init() in ipsec_xform.c.
664 * Revision 1.43 2000/08/18 21:30:41 rgb
665 * Purged all tdb_spi, tdb_proto and tdb_dst macros. They are unclear.
667 * Revision 1.42 2000/08/01 14:51:51 rgb
668 * Removed _all_ remaining traces of DES.
670 * Revision 1.41 2000/07/28 14:58:31 rgb
671 * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5.
673 * Revision 1.40 2000/06/28 05:50:11 rgb
674 * Actually set iv_bits.
676 * Revision 1.39 2000/05/10 23:11:09 rgb
677 * Added netlink debugging output.
678 * Added a cast to quiet down the ntohl bug.
680 * Revision 1.38 2000/05/10 19:18:42 rgb
681 * Cast output of ntohl so that the broken prototype doesn't make our
684 * Revision 1.37 2000/03/16 14:04:59 rgb
685 * Hardwired CONFIG_IPSEC_PFKEYv2 on.
687 * Revision 1.36 2000/01/26 10:11:28 rgb
688 * Fixed spacing in error text causing run-in words.
690 * Revision 1.35 2000/01/21 06:17:16 rgb
691 * Tidied up compiler directive indentation for readability.
692 * Added ictx,octx vars for simplification.(kravietz)
693 * Added macros for HMAC padding magic numbers.(kravietz)
694 * Fixed missing key length reporting bug.
695 * Fixed bug in tdbwipe to return immediately on NULL tdbp passed in.
697 * Revision 1.34 1999/12/08 00:04:19 rgb
698 * Fixed SA direction overwriting bug for netlink users.
700 * Revision 1.33 1999/12/01 22:16:44 rgb
701 * Minor formatting changes in ESP MD5 initialisation.
703 * Revision 1.32 1999/11/25 09:06:36 rgb
704 * Fixed error return messages, should be returning negative numbers.
705 * Implemented SENDERR macro for propagating error codes.
706 * Added debug message and separate error code for algorithms not compiled
709 * Revision 1.31 1999/11/23 23:06:26 rgb
710 * Sort out pfkey and freeswan headers, putting them in a library path.
712 * Revision 1.30 1999/11/18 04:09:20 rgb
713 * Replaced all kernel version macros to shorter, readable form.
715 * Revision 1.29 1999/11/17 15:53:40 rgb
716 * Changed all occurrences of #include "../../../lib/freeswan.h"
717 * to #include <freeswan.h> which works due to -Ilibfreeswan in the
718 * klips/net/ipsec/Makefile.
720 * Revision 1.28 1999/10/18 20:04:01 rgb
721 * Clean-out unused cruft.
723 * Revision 1.27 1999/10/03 19:01:03 rgb
724 * Spinlock support for 2.3.xx and 2.0.xx kernels.
726 * Revision 1.26 1999/10/01 16:22:24 rgb
727 * Switch from assignment init. to functional init. of spinlocks.
729 * Revision 1.25 1999/10/01 15:44:54 rgb
730 * Move spinlock header include to 2.1> scope.
732 * Revision 1.24 1999/10/01 00:03:46 rgb
733 * Added tdb structure locking.
734 * Minor formatting changes.
735 * Add function to initialize tdb hash table.
737 * Revision 1.23 1999/05/25 22:42:12 rgb
738 * Add deltdbchain() debugging.
740 * Revision 1.22 1999/05/25 21:24:31 rgb
741 * Add debugging statements to deltdbchain().
743 * Revision 1.21 1999/05/25 03:51:48 rgb
744 * Refix error return code.
746 * Revision 1.20 1999/05/25 03:34:07 rgb
747 * Fix error return for flush.
749 * Revision 1.19 1999/05/09 03:25:37 rgb
750 * Fix bug introduced by 2.2 quick-and-dirty patch.
752 * Revision 1.18 1999/05/05 22:02:32 rgb
753 * Add a quick and dirty port to 2.2 kernels by Marc Boucher <marc@mbsi.ca>.
755 * Revision 1.17 1999/04/29 15:20:16 rgb
756 * Change gettdb parameter to a pointer to reduce stack loading and
757 * facilitate parameter sanity checking.
758 * Add sanity checking for null pointer arguments.
759 * Add debugging instrumentation.
760 * Add function deltdbchain() which will take care of unlinking,
761 * zeroing and deleting a chain of tdbs.
762 * Add a parameter to tdbcleanup to be able to delete a class of SAs.
763 * tdbwipe now actually zeroes the tdb as well as any of its pointed
766 * Revision 1.16 1999/04/16 15:36:29 rgb
767 * Fix cut-and-paste error causing a memory leak in IPIP TDB freeing.
769 * Revision 1.15 1999/04/11 00:29:01 henry
772 * Revision 1.14 1999/04/06 04:54:28 rgb
773 * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
776 * Revision 1.13 1999/02/19 18:23:01 rgb
777 * Nix debug off compile warning.
779 * Revision 1.12 1999/02/17 16:52:16 rgb
780 * Consolidate satoa()s for space and speed efficiency.
781 * Convert DEBUG_IPSEC to KLIPS_PRINT
782 * Clean out unused cruft.
783 * Ditch NET_IPIP dependancy.
784 * Loop for 3des key setting.
786 * Revision 1.11 1999/01/26 02:09:05 rgb
787 * Remove ah/esp/IPIP switching on include files.
788 * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
790 * Clean up debug code when switched off.
791 * Remove references to INET_GET_PROTOCOL.
792 * Added code exclusion macros to reduce code from unused algorithms.
794 * Revision 1.10 1999/01/22 06:28:55 rgb
796 * Put random IV generation in kernel.
797 * Added algorithm switch code.
798 * Enhanced debugging.
801 * Revision 1.9 1998/11/30 13:22:55 rgb
802 * Rationalised all the klips kernel file headers. They are much shorter
803 * now and won't conflict under RH5.2.
805 * Revision 1.8 1998/11/25 04:59:06 rgb
806 * Add conditionals for no IPIP tunnel code.
807 * Delete commented out code.
809 * Revision 1.7 1998/10/31 06:50:41 rgb
810 * Convert xform ASCII names to no spaces.
811 * Fixed up comments in #endif directives.
813 * Revision 1.6 1998/10/19 14:44:28 rgb
814 * Added inclusion of freeswan.h.
815 * sa_id structure implemented and used: now includes protocol.
817 * Revision 1.5 1998/10/09 04:32:19 rgb
818 * Added 'klips_debug' prefix to all klips printk debug statements.
820 * Revision 1.4 1998/08/12 00:11:31 rgb
821 * Added new xform functions to the xform table.
822 * Fixed minor debug output spelling error.
824 * Revision 1.3 1998/07/09 17:45:31 rgb
825 * Clarify algorithm not available message.
827 * Revision 1.2 1998/06/23 03:00:51 rgb
828 * Check for presence of IPIP protocol if it is setup one way (we don't
829 * know what has been set up the other way and can only assume it will be
830 * symmetrical with the exception of keys).
832 * Revision 1.1 1998/06/18 21:27:51 henry
833 * move sources from klips/src to klips/net/ipsec, to keep stupid
834 * kernel-build scripts happier in the presence of symlinks
836 * Revision 1.3 1998/06/11 05:54:59 rgb
837 * Added transform version string pointer to xformsw initialisations.
839 * Revision 1.2 1998/04/21 21:28:57 rgb
840 * Rearrange debug switches to change on the fly debug output from user
841 * space. Only kernel changes checked in at this time. radij.c was also
842 * changed to temporarily remove buggy debugging code in rj_delete causing
843 * an OOPS and hence, netlink device open errors.
845 * Revision 1.1 1998/04/09 03:06:13 henry
846 * sources moved up from linux/net/ipsec
848 * Revision 1.1.1.1 1998/04/08 05:35:02 henry
849 * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
851 * Revision 0.5 1997/06/03 04:24:48 ji
852 * Added ESP-3DES-MD5-96
854 * Revision 0.4 1997/01/15 01:28:15 ji
855 * Added new transforms.
857 * Revision 0.3 1996/11/20 14:39:04 ji
859 * Rationalized debugging code.
861 * Revision 0.2 1996/11/02 00:18:33 ji
862 * First limited release.