2 * @(#) RFC2367 PF_KEYv2 Key management API domain socket I/F
3 * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * RCSID $Id: pfkey_v2.c,v 1.68 2002/03/08 01:15:17 mcr Exp $
19 * Template from /usr/src/linux-2.0.36/net/unix/af_unix.c.
20 * Hints from /usr/src/linux-2.0.36/net/ipv4/udp.c.
23 #define __NO_VERSION__
24 #include <linux/module.h>
25 #include <linux/version.h>
26 #include <linux/config.h>
27 #include <linux/kernel.h>
29 #include "ipsec_param.h"
31 #include <linux/major.h>
32 #include <linux/signal.h>
33 #include <linux/sched.h>
34 #include <linux/errno.h>
35 #include <linux/string.h>
36 #include <linux/stat.h>
37 #include <linux/socket.h>
39 #include <linux/fcntl.h>
40 #include <linux/termios.h>
41 #include <linux/socket.h>
42 #include <linux/sockios.h>
43 #include <linux/net.h> /* struct socket */
47 # include <linux/slab.h> /* kmalloc() */
48 #else /* MALLOC_SLAB */
49 # include <linux/malloc.h> /* kmalloc() */
50 #endif /* MALLOC_SLAB */
51 #include <asm/segment.h>
52 #include <linux/skbuff.h>
53 #include <linux/netdevice.h>
54 #include <net/sock.h> /* struct sock */
55 /* #include <net/tcp.h> */
56 #include <net/af_unix.h>
58 # include <linux/proc_fs.h>
59 #endif /* CONFIG_PROC_FS */
61 #include <linux/types.h>
65 # include <asm/uaccess.h>
66 # include <linux/in6.h>
70 #include "ipsec_encap.h"
72 #include "ipsec_netlink.h"
77 #include "ipsec_proto.h"
79 #ifdef CONFIG_IPSEC_DEBUG
81 extern int sysctl_ipsec_debug_verbose;
82 #endif /* CONFIG_IPSEC_DEBUG */
84 #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0)
86 #ifndef SOCKOPS_WRAPPED
87 #define SOCKOPS_WRAPPED(name) name
88 #endif /* SOCKOPS_WRAPPED */
90 struct proto_ops SOCKOPS_WRAPPED(pfkey_ops);
91 struct sock *pfkey_sock_list = NULL;
92 struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1];
94 struct socket_list *pfkey_open_sockets = NULL;
95 struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1];
97 int pfkey_msg_interp(struct sock *, struct sadb_msg *, struct sadb_msg **);
100 pfkey_list_remove_socket(struct socket *socketp, struct socket_list **sockets)
102 struct socket_list *socket_listp,*prev;
105 KLIPS_PRINT(debug_pfkey,
106 "klips_debug:pfkey_list_remove_socket: "
107 "NULL socketp handed in, failed.\n");
112 KLIPS_PRINT(debug_pfkey,
113 "klips_debug:pfkey_list_remove_socket: "
114 "NULL sockets list handed in, failed.\n");
118 socket_listp = *sockets;
121 KLIPS_PRINT(debug_pfkey,
122 "klips_debug:pfkey_list_remove_socket: "
123 "removing sock=%p\n",
126 while(socket_listp != NULL) {
127 if(socket_listp->socketp == socketp) {
129 prev->next = socket_listp->next;
131 *sockets = socket_listp->next;
134 kfree((void*)socket_listp);
139 socket_listp = socket_listp->next;
146 pfkey_list_insert_socket(struct socket *socketp, struct socket_list **sockets)
148 struct socket_list *socket_listp;
151 KLIPS_PRINT(debug_pfkey,
152 "klips_debug:pfkey_list_insert_socket: "
153 "NULL socketp handed in, failed.\n");
158 KLIPS_PRINT(debug_pfkey,
159 "klips_debug:pfkey_list_insert_socket: "
160 "NULL sockets list handed in, failed.\n");
164 KLIPS_PRINT(debug_pfkey,
165 "klips_debug:pfkey_list_insert_socket: "
166 "socketp=%p\n",socketp);
168 if((socket_listp = (struct socket_list *)kmalloc(sizeof(struct socket_list), GFP_KERNEL)) == NULL) {
169 KLIPS_PRINT(debug_pfkey,
170 "klips_debug:pfkey_list_insert_socket: "
171 "memory allocation error.\n");
175 socket_listp->socketp = socketp;
176 socket_listp->next = *sockets;
177 *sockets = socket_listp;
183 pfkey_list_remove_supported(struct supported *supported, struct supported_list **supported_list)
185 struct supported_list *supported_listp = *supported_list, *prev = NULL;
188 KLIPS_PRINT(debug_pfkey,
189 "klips_debug:pfkey_list_remove_supported: "
190 "NULL supported handed in, failed.\n");
194 if(!supported_list) {
195 KLIPS_PRINT(debug_pfkey,
196 "klips_debug:pfkey_list_remove_supported: "
197 "NULL supported_list handed in, failed.\n");
201 KLIPS_PRINT(debug_pfkey,
202 "klips_debug:pfkey_list_remove_supported: "
203 "removing supported=%p\n",
206 while(supported_listp != NULL) {
207 if(supported_listp->supportedp == supported) {
209 prev->next = supported_listp->next;
211 *supported_list = supported_listp->next;
214 kfree((void*)supported_listp);
218 prev = supported_listp;
219 supported_listp = supported_listp->next;
226 pfkey_list_insert_supported(struct supported *supported, struct supported_list **supported_list)
228 struct supported_list *supported_listp;
231 KLIPS_PRINT(debug_pfkey,
232 "klips_debug:pfkey_list_insert_supported: "
233 "NULL supported handed in, failed.\n");
237 if(!supported_list) {
238 KLIPS_PRINT(debug_pfkey,
239 "klips_debug:pfkey_list_insert_supported: "
240 "NULL supported_list handed in, failed.\n");
244 KLIPS_PRINT(debug_pfkey,
245 "klips_debug:pfkey_list_insert_supported: "
246 "incoming, supported=%p, supported_list=%p\n",
250 supported_listp = (struct supported_list *)kmalloc(sizeof(struct supported_list), GFP_KERNEL);
251 if(supported_listp == NULL) {
252 KLIPS_PRINT(debug_pfkey,
253 "klips_debug:pfkey_list_insert_supported: "
254 "memory allocation error.\n");
258 supported_listp->supportedp = supported;
259 supported_listp->next = *supported_list;
260 *supported_list = supported_listp;
261 KLIPS_PRINT(debug_pfkey,
262 "klips_debug:pfkey_list_insert_supported: "
263 "outgoing, supported=%p, supported_list=%p\n",
272 pfkey_state_change(struct sock *sk)
274 KLIPS_PRINT(debug_pfkey,
275 "klips_debug:pfkey_state_change: .\n");
277 wake_up_interruptible(sk->sleep);
284 pfkey_data_ready(struct sock *sk, int len)
286 KLIPS_PRINT(debug_pfkey,
287 "klips_debug:pfkey_data_ready: "
292 wake_up_interruptible(sk->sleep);
293 sock_wake_async(sk->socket, 1);
298 pfkey_write_space(struct sock *sk)
300 KLIPS_PRINT(debug_pfkey,
301 "klips_debug:pfkey_write_space: .\n");
303 wake_up_interruptible(sk->sleep);
304 sock_wake_async(sk->socket, 2);
310 pfkey_insert_socket(struct sock *sk)
312 KLIPS_PRINT(debug_pfkey,
313 "klips_debug:pfkey_insert_socket: "
317 sk->next=pfkey_sock_list;
323 pfkey_remove_socket(struct sock *sk)
327 KLIPS_PRINT(debug_pfkey,
328 "klips_debug:pfkey_remove_socket: .\n");
337 KLIPS_PRINT(debug_pfkey,
338 "klips_debug:pfkey_remove_socket: "
345 KLIPS_PRINT(debug_pfkey,
346 "klips_debug:pfkey_remove_socket: "
352 pfkey_destroy_socket(struct sock *sk)
356 KLIPS_PRINT(debug_pfkey,
357 "klips_debug:pfkey_destroy_socket: .\n");
358 pfkey_remove_socket(sk);
359 KLIPS_PRINT(debug_pfkey,
360 "klips_debug:pfkey_destroy_socket: "
361 "pfkey_remove_socket called.\n");
363 KLIPS_PRINT(debug_pfkey,
364 "klips_debug:pfkey_destroy_socket: "
365 "sk(%p)->(&%p)receive_queue.{next=%p,prev=%p}.\n",
367 &(sk->receive_queue),
368 sk->receive_queue.next,
369 sk->receive_queue.prev);
370 while(sk && ((skb=skb_dequeue(&(sk->receive_queue)))!=NULL)) {
372 #ifdef CONFIG_IPSEC_DEBUG
373 if(debug_pfkey && sysctl_ipsec_debug_verbose) {
374 KLIPS_PRINT(debug_pfkey,
375 "klips_debug:pfkey_destroy_socket: "
376 "skb=%p dequeued.\n", skb);
377 printk(KERN_INFO "klips_debug:pfkey_destroy_socket: "
378 "pfkey_skb contents:");
379 printk(" next:%p", skb->next);
380 printk(" prev:%p", skb->prev);
381 printk(" list:%p", skb->list);
382 printk(" sk:%p", skb->sk);
383 printk(" stamp:%ld.%ld", skb->stamp.tv_sec, skb->stamp.tv_usec);
384 printk(" dev:%p", skb->dev);
387 printk(" dev->name:%s", skb->dev->name);
389 printk(" dev->name:NULL?");
394 printk(" h:%p", skb->h.raw);
395 printk(" nh:%p", skb->nh.raw);
396 printk(" mac:%p", skb->mac.raw);
397 printk(" dst:%p", skb->dst);
398 if(sysctl_ipsec_debug_verbose) {
402 for(i=0; i<48; i++) {
403 printk(":%2x", skb->cb[i]);
406 printk(" len:%d", skb->len);
407 printk(" csum:%d", skb->csum);
409 printk(" used:%d", skb->used);
410 printk(" is_clone:%d", skb->is_clone);
411 #endif /* NETDEV_23 */
412 printk(" cloned:%d", skb->cloned);
413 printk(" pkt_type:%d", skb->pkt_type);
414 printk(" ip_summed:%d", skb->ip_summed);
415 printk(" priority:%d", skb->priority);
416 printk(" protocol:%d", skb->protocol);
417 printk(" security:%d", skb->security);
418 printk(" truesize:%d", skb->truesize);
419 printk(" head:%p", skb->head);
420 printk(" data:%p", skb->data);
421 printk(" tail:%p", skb->tail);
422 printk(" end:%p", skb->end);
423 if(sysctl_ipsec_debug_verbose) {
426 for(i=(unsigned int)(skb->head); i<(unsigned int)(skb->end); i++) {
427 printk(":%2x", (unsigned char)(*(char*)(i)));
430 printk(" destructor:%p", skb->destructor);
433 #endif /* CONFIG_IPSEC_DEBUG */
434 KLIPS_PRINT(debug_pfkey,
435 "klips_debug:pfkey_destroy_socket: "
441 KLIPS_PRINT(debug_pfkey,
442 "klips_debug:pfkey_destroy_socket: "
443 "skb=%p dequeued and freed.\n",
445 kfree_skb(skb, FREE_WRITE);
453 KLIPS_PRINT(debug_pfkey,
454 "klips_debug:pfkey_destroy_socket: destroyed.\n");
458 pfkey_upmsg(struct socket *sock, struct sadb_msg *pfkey_msg)
461 struct sk_buff * skb = NULL;
465 KLIPS_PRINT(debug_pfkey,
466 "klips_debug:pfkey_upmsg: "
467 "NULL socket passed in.\n");
471 if(pfkey_msg == NULL) {
472 KLIPS_PRINT(debug_pfkey,
473 "klips_debug:pfkey_upmsg: "
474 "NULL pfkey_msg passed in.\n");
485 KLIPS_PRINT(debug_pfkey,
486 "klips_debug:pfkey_upmsg: "
487 "NULL sock passed in.\n");
491 KLIPS_PRINT(debug_pfkey,
492 "klips_debug:pfkey_upmsg: "
493 "allocating %d bytes...\n",
494 pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
495 if(!(skb = alloc_skb(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN, GFP_ATOMIC) )) {
496 KLIPS_PRINT(debug_pfkey,
497 "klips_debug:pfkey_upmsg: "
498 "no buffers left to send up a message.\n");
501 KLIPS_PRINT(debug_pfkey,
502 "klips_debug:pfkey_upmsg: "
503 "...allocated at %p.\n",
508 if(skb_tailroom(skb) < pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) {
509 printk(KERN_WARNING "klips_error:pfkey_upmsg: "
510 "tried to skb_put %ld, %d available. This should never happen, please report.\n",
511 (unsigned long int)pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN,
516 kfree_skb(skb, FREE_WRITE);
520 skb->h.raw = skb_put(skb, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
521 memcpy(skb->h.raw, pfkey_msg, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN);
527 if((error = sock_queue_rcv_skb(sk, skb)) < 0) {
532 kfree_skb(skb, FREE_WRITE);
534 KLIPS_PRINT(debug_pfkey,
535 "klips_debug:pfkey_upmsg: "
536 "error=%d calling sock_queue_rcv_skb with skb=%p.\n",
545 pfkey_create(struct socket *sock, int protocol)
550 KLIPS_PRINT(debug_pfkey,
551 "klips_debug:pfkey_create: "
556 KLIPS_PRINT(debug_pfkey,
557 "klips_debug:pfkey_create: "
558 "sock=%p type:%d state:%d flags:%ld protocol:%d\n",
561 (unsigned int)(sock->state),
562 sock->flags, protocol);
564 if(sock->type != SOCK_RAW) {
565 KLIPS_PRINT(debug_pfkey,
566 "klips_debug:pfkey_create: "
567 "only SOCK_RAW supported.\n");
568 return -ESOCKTNOSUPPORT;
571 if(protocol != PF_KEY_V2) {
572 KLIPS_PRINT(debug_pfkey,
573 "klips_debug:pfkey_create: "
574 "protocol not PF_KEY_V2.\n");
575 return -EPROTONOSUPPORT;
578 if((current->uid != 0)) {
579 KLIPS_PRINT(debug_pfkey,
580 "klips_debug:pfkey_create: "
581 "must be root to open pfkey sockets.\n");
586 sock->state = SS_UNCONNECTED;
590 if((sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1)) == NULL)
592 if((sk=(struct sock *)sk_alloc(GFP_KERNEL)) == NULL)
595 KLIPS_PRINT(debug_pfkey,
596 "klips_debug:pfkey_create: "
597 "Out of memory trying to allocate.\n");
603 memset(sk, 0, sizeof(*sk));
607 sock_init_data(sock, sk);
611 sock->ops = &SOCKOPS_WRAPPED(pfkey_ops);
615 /* sk->num = protocol; */
616 sk->protocol = protocol;
617 key_pid(sk) = current->pid;
618 KLIPS_PRINT(debug_pfkey,
619 "klips_debug:pfkey_create: "
620 "sock->fasync_list=%p sk->sleep=%p.\n",
625 init_timer(&sk->timer);
626 skb_queue_head_init(&sk->write_queue);
627 skb_queue_head_init(&sk->receive_queue);
628 skb_queue_head_init(&sk->back_log);
629 sk->rcvbuf=SK_RMEM_MAX;
630 sk->sndbuf=SK_WMEM_MAX;
631 sk->allocation=GFP_KERNEL;
633 sk->priority=SOPRI_NORMAL;
634 sk->state_change=pfkey_state_change;
635 sk->data_ready=pfkey_data_ready;
636 sk->write_space=pfkey_write_space;
637 sk->error_report=pfkey_state_change;
640 sock->data=(void *)sk;
641 sk->sleep=sock->wait;
644 pfkey_insert_socket(sk);
645 pfkey_list_insert_socket(sock, &pfkey_open_sockets);
647 KLIPS_PRINT(debug_pfkey,
648 "klips_debug:pfkey_create: "
649 "Socket sock=%p sk=%p initialised.\n", sock, sk);
655 pfkey_dup(struct socket *newsock, struct socket *oldsock)
660 KLIPS_PRINT(debug_pfkey,
661 "klips_debug:pfkey_dup: "
662 "No new socket attached.\n");
667 KLIPS_PRINT(debug_pfkey,
668 "klips_debug:pfkey_dup: "
669 "No old socket attached.\n");
679 /* May not have data attached */
681 KLIPS_PRINT(debug_pfkey,
682 "klips_debug:pfkey_dup: "
683 "No sock attached to old socket.\n");
687 KLIPS_PRINT(debug_pfkey,
688 "klips_debug:pfkey_dup: .\n");
690 return pfkey_create(newsock, sk->protocol);
696 pfkey_release(struct socket *sock)
697 #else /* NETDEV_23 */
698 pfkey_release(struct socket *sock, struct socket *peersock)
699 #endif /* NETDEV_23 */
705 KLIPS_PRINT(debug_pfkey,
706 "klips_debug:pfkey_release: "
707 "No socket attached.\n");
708 return 0; /* -EINVAL; */
717 /* May not have data attached */
719 KLIPS_PRINT(debug_pfkey,
720 "klips_debug:pfkey_release: "
721 "No sk attached to sock=%p.\n", sock);
722 return 0; /* -EINVAL; */
725 KLIPS_PRINT(debug_pfkey,
726 "klips_debug:pfkey_release: "
727 "sock=%p sk=%p\n", sock, sk);
732 if(sk->state_change) {
733 sk->state_change(sk);
742 /* Try to flush out this socket. Throw out buffers at least */
743 pfkey_destroy_socket(sk);
744 pfkey_list_remove_socket(sock, &pfkey_open_sockets);
745 for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) {
746 pfkey_list_remove_socket(sock, &(pfkey_registered_sockets[i]));
750 KLIPS_PRINT(debug_pfkey,
751 "klips_debug:pfkey_release: "
759 pfkey_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
761 KLIPS_PRINT(debug_pfkey,
762 "klips_debug:pfkey_bind: "
763 "operation not supported.\n");
768 pfkey_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags)
770 KLIPS_PRINT(debug_pfkey,
771 "klips_debug:pfkey_connect: "
772 "operation not supported.\n");
777 pfkey_socketpair(struct socket *a, struct socket *b)
779 KLIPS_PRINT(debug_pfkey,
780 "klips_debug:pfkey_socketpair: "
781 "operation not supported.\n");
786 pfkey_accept(struct socket *sock, struct socket *newsock, int flags)
788 KLIPS_PRINT(debug_pfkey,
789 "klips_debug:pfkey_aaccept: "
790 "operation not supported.\n");
795 pfkey_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len,
798 struct sockaddr *ska = (struct sockaddr*)uaddr;
800 KLIPS_PRINT(debug_pfkey,
801 "klips_debug:pfkey_getname: .\n");
802 ska->sa_family = PF_KEY;
803 *uaddr_len = sizeof(*ska);
808 pfkey_select(struct socket *sock, int sel_type, select_table *wait)
811 KLIPS_PRINT(debug_pfkey,
812 "klips_debug:pfkey_select: "
813 ".sock=%p sk=%p sel_type=%d\n",
818 KLIPS_PRINT(debug_pfkey,
819 "klips_debug:pfkey_select: "
820 "Null socket passed in.\n");
823 return datagram_select(sock->data, sel_type, wait);
827 pfkey_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
829 KLIPS_PRINT(debug_pfkey,
830 "klips_debug:pfkey_ioctl: "
836 pfkey_listen(struct socket *sock, int backlog)
838 KLIPS_PRINT(debug_pfkey,
839 "klips_debug:pfkey_listen: "
846 pfkey_shutdown(struct socket *sock, int mode)
851 KLIPS_PRINT(debug_pfkey,
852 "klips_debug:pfkey_shutdown: "
853 "NULL socket passed in.\n");
864 KLIPS_PRINT(debug_pfkey,
865 "klips_debug:pfkey_shutdown: "
866 "No sock attached to socket.\n");
870 KLIPS_PRINT(debug_pfkey,
871 "klips_debug:pfkey_shutdown: "
875 if(mode&SEND_SHUTDOWN) {
876 sk->shutdown|=SEND_SHUTDOWN;
877 sk->state_change(sk);
880 if(mode&RCV_SHUTDOWN) {
881 sk->shutdown|=RCV_SHUTDOWN;
882 sk->state_change(sk);
889 pfkey_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
895 KLIPS_PRINT(debug_pfkey,
896 "klips_debug:pfkey_setsockopt: "
897 "Null socket passed in.\n");
904 KLIPS_PRINT(debug_pfkey,
905 "klips_debug:pfkey_setsockopt: "
906 "Null sock passed in.\n");
911 KLIPS_PRINT(debug_pfkey,
912 "klips_debug:pfkey_setsockopt: .\n");
913 if(level!=SOL_SOCKET) {
917 return sock_setsockopt(sock, level, optname, optval, optlen);
919 return sock_setsockopt(sk, level, optname, optval, optlen);
924 pfkey_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
930 KLIPS_PRINT(debug_pfkey,
931 "klips_debug:pfkey_setsockopt: "
932 "Null socket passed in.\n");
939 KLIPS_PRINT(debug_pfkey,
940 "klips_debug:pfkey_setsockopt: "
941 "Null sock passed in.\n");
946 KLIPS_PRINT(debug_pfkey,
947 "klips_debug:pfkey_getsockopt: .\n");
948 if(level!=SOL_SOCKET) {
952 return sock_getsockopt(sock, level, optname, optval, optlen);
954 return sock_getsockopt(sk, level, optname, optval, optlen);
959 pfkey_fcntl(struct socket *sock, unsigned int cmd, unsigned long arg)
961 KLIPS_PRINT(debug_pfkey,
962 "klips_debug:pfkey_fcntl: "
969 * Send PF_KEY data down.
974 pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
976 pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, int nonblock, int flags)
981 struct sadb_msg *pfkey_msg = NULL, *pfkey_reply = NULL;
984 KLIPS_PRINT(debug_pfkey,
985 "klips_debug:pfkey_sendmsg: "
986 "Null socket passed in.\n");
997 KLIPS_PRINT(debug_pfkey,
998 "klips_debug:pfkey_sendmsg: "
999 "Null sock passed in.\n");
1004 KLIPS_PRINT(debug_pfkey,
1005 "klips_debug:pfkey_sendmsg: "
1006 "Null msghdr passed in.\n");
1010 KLIPS_PRINT(debug_pfkey,
1011 "klips_debug:pfkey_sendmsg: .\n");
1013 error = sock_error(sk);
1014 KLIPS_PRINT(debug_pfkey,
1015 "klips_debug:pfkey_sendmsg: "
1016 "sk->err is non-zero, returns %d.\n",
1021 if((current->uid != 0)) {
1022 KLIPS_PRINT(debug_pfkey,
1023 "klips_debug:pfkey_sendmsg: "
1024 "must be root to send messages to pfkey sockets.\n");
1029 if(msg->msg_control)
1031 if(flags || msg->msg_control)
1034 KLIPS_PRINT(debug_pfkey,
1035 "klips_debug:pfkey_sendmsg: "
1036 "can't set flags or set msg_control.\n");
1040 if(sk->shutdown & SEND_SHUTDOWN) {
1041 KLIPS_PRINT(debug_pfkey,
1042 "klips_debug:pfkey_sendmsg: "
1044 send_sig(SIGPIPE, current, 0);
1048 if(len < sizeof(struct sadb_msg)) {
1049 KLIPS_PRINT(debug_pfkey,
1050 "klips_debug:pfkey_sendmsg: "
1051 "bogus msg len of %d, too small.\n", len);
1055 if((pfkey_msg = (struct sadb_msg*)kmalloc(len, GFP_KERNEL)) == NULL) {
1056 KLIPS_PRINT(debug_pfkey,
1057 "klips_debug:pfkey_sendmsg: "
1058 "memory allocation error.\n");
1062 memcpy_fromiovec((void *)pfkey_msg, msg->msg_iov, len);
1064 if(pfkey_msg->sadb_msg_version != PF_KEY_V2) {
1065 KLIPS_PRINT(1 || debug_pfkey,
1066 "klips_debug:pfkey_sendmsg: "
1067 "not PF_KEY_V2 msg, found %d, should be %d.\n",
1068 pfkey_msg->sadb_msg_version,
1070 kfree((void*)pfkey_msg);
1074 if(len != pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) {
1075 KLIPS_PRINT(debug_pfkey,
1076 "klips_debug:pfkey_sendmsg: "
1077 "bogus msg len of %d, not %d byte aligned.\n",
1078 len, IPSEC_PFKEYv2_ALIGN);
1083 /* This check is questionable, since a downward message could be
1084 the result of an ACQUIRE either from kernel (PID==0) or
1085 userspace (some other PID). */
1087 if(pfkey_msg->sadb_msg_pid != current->pid) {
1088 KLIPS_PRINT(debug_pfkey,
1089 "klips_debug:pfkey_sendmsg: "
1090 "pid (%d) does not equal sending process pid (%d).\n",
1091 pfkey_msg->sadb_msg_pid, current->pid);
1096 if(pfkey_msg->sadb_msg_reserved) {
1097 KLIPS_PRINT(debug_pfkey,
1098 "klips_debug:pfkey_sendmsg: "
1099 "reserved field must be zero, set to %d.\n",
1100 pfkey_msg->sadb_msg_reserved);
1104 if((pfkey_msg->sadb_msg_type > SADB_MAX) || (!pfkey_msg->sadb_msg_type)){
1105 KLIPS_PRINT(debug_pfkey,
1106 "klips_debug:pfkey_sendmsg: "
1107 "msg type too large or small:%d.\n",
1108 pfkey_msg->sadb_msg_type);
1112 KLIPS_PRINT(debug_pfkey,
1113 "klips_debug:pfkey_sendmsg: "
1114 "msg sent for parsing.\n");
1116 if((error = pfkey_msg_interp(sk, pfkey_msg, &pfkey_reply))) {
1117 struct socket_list *pfkey_socketsp;
1119 KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: "
1120 "pfkey_msg_parse returns %d.\n",
1123 if((pfkey_reply = (struct sadb_msg*)kmalloc(sizeof(struct sadb_msg), GFP_KERNEL)) == NULL) {
1124 KLIPS_PRINT(debug_pfkey,
1125 "klips_debug:pfkey_sendmsg: "
1126 "memory allocation error.\n");
1129 memcpy((void*)pfkey_reply, (void*)pfkey_msg, sizeof(struct sadb_msg));
1130 pfkey_reply->sadb_msg_errno = -error;
1131 pfkey_reply->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN;
1133 for(pfkey_socketsp = pfkey_open_sockets;
1135 pfkey_socketsp = pfkey_socketsp->next) {
1136 int error_upmsg = 0;
1137 KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: "
1138 "sending up error=%d message=%p to socket=%p.\n",
1141 pfkey_socketsp->socketp);
1142 if((error_upmsg = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) {
1143 KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: "
1144 "sending up error message to socket=%p failed with error=%d.\n",
1145 pfkey_socketsp->socketp,
1147 /* pfkey_msg_free(&pfkey_reply); */
1148 /* SENDERR(-error); */
1150 KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: "
1151 "sending up error message to socket=%p succeeded.\n",
1152 pfkey_socketsp->socketp);
1155 pfkey_msg_free(&pfkey_reply);
1162 kfree((void*)pfkey_msg);
1173 * Receive PF_KEY data up.
1178 pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags, struct scm_cookie *scm)
1180 pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int noblock, int flags, int *addr_len)
1185 int noblock = flags & MSG_DONTWAIT;
1187 struct sk_buff *skb;
1191 KLIPS_PRINT(debug_pfkey,
1192 "klips_debug:pfkey_recvmsg: "
1193 "Null socket passed in.\n");
1204 KLIPS_PRINT(debug_pfkey,
1205 "klips_debug:pfkey_recvmsg: "
1206 "Null sock passed in for sock=%p.\n", sock);
1211 KLIPS_PRINT(debug_pfkey,
1212 "klips_debug:pfkey_recvmsg: "
1213 "Null msghdr passed in for sock=%p, sk=%p.\n",
1218 KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose,
1219 "klips_debug:pfkey_recvmsg: sock=%p sk=%p msg=%p size=%d.\n",
1220 sock, sk, msg, size);
1221 if(flags & ~MSG_PEEK) {
1222 KLIPS_PRINT(debug_pfkey,
1223 "klips_debug:pfkey_sendmsg: "
1224 "flags (%d) other than MSG_PEEK not supported.\n",
1230 msg->msg_namelen = 0; /* sizeof(*ska); */
1233 *addr_len = 0; /* sizeof(*ska); */
1238 KLIPS_PRINT(debug_pfkey,
1239 "klips_debug:pfkey_sendmsg: "
1240 "sk->err=%d.\n", sk->err);
1241 return sock_error(sk);
1244 if((skb = skb_recv_datagram(sk, flags, noblock, &error) ) == NULL) {
1248 if(size > skb->len) {
1252 else if(size <skb->len) {
1253 msg->msg_flags |= MSG_TRUNC;
1257 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size);
1258 sk->stamp=skb->stamp;
1260 skb_free_datagram(sk, skb);
1265 struct net_proto_family pfkey_family_ops = {
1270 struct proto_ops SOCKOPS_WRAPPED(pfkey_ops) = {
1273 release: pfkey_release,
1275 connect: sock_no_connect,
1276 socketpair: sock_no_socketpair,
1277 accept: sock_no_accept,
1278 getname: sock_no_getname,
1279 poll: datagram_poll,
1280 ioctl: sock_no_ioctl,
1281 listen: sock_no_listen,
1282 shutdown: pfkey_shutdown,
1283 setsockopt: sock_no_setsockopt,
1284 getsockopt: sock_no_getsockopt,
1285 sendmsg: pfkey_sendmsg,
1286 recvmsg: pfkey_recvmsg,
1288 #else /* NETDEV_23 */
1306 #endif /* NETDEV_23 */
1310 #include <linux/smp_lock.h>
1311 SOCKOPS_WRAP(pfkey, PF_KEY);
1312 #endif /* NETDEV_23 */
1315 struct proto_ops pfkey_proto_ops = {
1337 #ifdef CONFIG_PROC_FS
1338 #ifndef PROC_FS_2325
1340 #endif /* PROC_FS_2325 */
1342 pfkey_get_info(char *buffer, char **start, off_t offset, int length
1343 #ifndef PROC_NO_DUMMY
1345 #endif /* !PROC_NO_DUMMY */
1351 struct sock *sk=pfkey_sock_list;
1353 #ifdef CONFIG_IPSEC_DEBUG
1354 if(!sysctl_ipsec_debug_verbose) {
1355 #endif /* CONFIG_IPSEC_DEBUG */
1356 len+= sprintf(buffer,
1357 " sock pid socket next prev e n p sndbf Flags Type St\n");
1358 #ifdef CONFIG_IPSEC_DEBUG
1360 len+= sprintf(buffer,
1361 " sock pid d sleep socket next prev e r z n p sndbf stamp Flags Type St\n");
1363 #endif /* CONFIG_IPSEC_DEBUG */
1366 #ifdef CONFIG_IPSEC_DEBUG
1367 if(!sysctl_ipsec_debug_verbose) {
1368 #endif /* CONFIG_IPSEC_DEBUG */
1369 len+=sprintf(buffer+len,
1370 "%8p %5d %8p %8p %8p %d %d %d %5d %08lX %8X %2X\n",
1383 #ifdef CONFIG_IPSEC_DEBUG
1385 len+=sprintf(buffer+len,
1386 "%8p %5d %d %8p %8p %8p %8p %d %d %d %d %d %5d %d.%06d %08lX %8X %2X\n",
1400 (unsigned int)sk->stamp.tv_sec,
1401 (unsigned int)sk->stamp.tv_usec,
1406 #endif /* CONFIG_IPSEC_DEBUG */
1414 if(pos>offset+length)
1418 *start=buffer+(offset-begin);
1419 len-=(offset-begin);
1425 #ifndef PROC_FS_2325
1427 #endif /* PROC_FS_2325 */
1429 pfkey_supported_get_info(char *buffer, char **start, off_t offset, int length
1430 #ifndef PROC_NO_DUMMY
1432 #endif /* !PROC_NO_DUMMY */
1439 struct supported_list *pfkey_supported_p;
1441 len+= sprintf(buffer,
1442 "satype exttype alg_id ivlen minbits maxbits\n");
1444 for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) {
1445 pfkey_supported_p = pfkey_supported_list[satype];
1446 while(pfkey_supported_p) {
1447 len+=sprintf(buffer+len,
1448 " %2d %2d %2d %3d %3d %3d\n",
1450 pfkey_supported_p->supportedp->supported_alg_exttype,
1451 pfkey_supported_p->supportedp->supported_alg_id,
1452 pfkey_supported_p->supportedp->supported_alg_ivlen,
1453 pfkey_supported_p->supportedp->supported_alg_minbits,
1454 pfkey_supported_p->supportedp->supported_alg_maxbits);
1461 if(pos>offset+length)
1463 pfkey_supported_p = pfkey_supported_p->next;
1466 *start=buffer+(offset-begin);
1467 len-=(offset-begin);
1473 #ifndef PROC_FS_2325
1475 #endif /* PROC_FS_2325 */
1477 pfkey_registered_get_info(char *buffer, char **start, off_t offset, int length
1478 #ifndef PROC_NO_DUMMY
1480 #endif /* !PROC_NO_DUMMY */
1487 struct socket_list *pfkey_sockets;
1489 len+= sprintf(buffer,
1490 "satype socket pid sk\n");
1492 for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) {
1493 pfkey_sockets = pfkey_registered_sockets[satype];
1494 while(pfkey_sockets) {
1496 len+=sprintf(buffer+len,
1497 " %2d %8p %5d %8p\n",
1499 pfkey_sockets->socketp,
1500 key_pid(pfkey_sockets->socketp->sk),
1501 pfkey_sockets->socketp->sk);
1503 len+=sprintf(buffer+len,
1504 " %2d %8p N/A %8p\n",
1506 pfkey_sockets->socketp,
1508 key_pid((pfkey_sockets->socketp)->data),
1510 (pfkey_sockets->socketp)->data);
1518 if(pos>offset+length)
1520 pfkey_sockets = pfkey_sockets->next;
1523 *start=buffer+(offset-begin);
1524 len-=(offset-begin);
1530 #ifndef PROC_FS_2325
1531 struct proc_dir_entry proc_net_pfkey =
1535 S_IFREG | S_IRUGO, 1, 0, 0,
1536 0, &proc_net_inode_operations,
1539 struct proc_dir_entry proc_net_pfkey_supported =
1542 16, "pf_key_supported",
1543 S_IFREG | S_IRUGO, 1, 0, 0,
1544 0, &proc_net_inode_operations,
1545 pfkey_supported_get_info
1547 struct proc_dir_entry proc_net_pfkey_registered =
1550 17, "pf_key_registered",
1551 S_IFREG | S_IRUGO, 1, 0, 0,
1552 0, &proc_net_inode_operations,
1553 pfkey_registered_get_info
1555 #endif /* !PROC_FS_2325 */
1556 #endif /* CONFIG_PROC_FS */
1559 supported_add_all(int satype, struct supported supported[], int size)
1564 KLIPS_PRINT(debug_pfkey,
1565 "klips_debug:init_pfkey: "
1566 "sizeof(supported_init_<satype=%d>)[%d]/sizeof(struct supported)[%d]=%d.\n",
1569 sizeof(struct supported),
1570 size/sizeof(struct supported));
1572 for(i = 0; i < size / sizeof(struct supported); i++) {
1574 KLIPS_PRINT(debug_pfkey,
1575 "klips_debug:init_pfkey: "
1576 "i=%d inserting satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n",
1579 supported[i].supported_alg_exttype,
1580 supported[i].supported_alg_id,
1581 supported[i].supported_alg_ivlen,
1582 supported[i].supported_alg_minbits,
1583 supported[i].supported_alg_maxbits);
1585 error |= pfkey_list_insert_supported(&(supported[i]),
1586 &(pfkey_supported_list[satype]));
1592 supported_remove_all(int satype)
1595 struct supported*supportedp;
1597 while(pfkey_supported_list[satype]) {
1598 supportedp = pfkey_supported_list[satype]->supportedp;
1599 KLIPS_PRINT(debug_pfkey,
1600 "klips_debug:init_pfkey: "
1601 "removing satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n",
1603 supportedp->supported_alg_exttype,
1604 supportedp->supported_alg_id,
1605 supportedp->supported_alg_ivlen,
1606 supportedp->supported_alg_minbits,
1607 supportedp->supported_alg_maxbits);
1609 error |= pfkey_list_remove_supported(supportedp,
1610 &(pfkey_supported_list[satype]));
1621 static struct supported supported_init_ah[] = {
1622 #ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
1623 {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5HMAC, 0, 128, 128},
1624 #endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
1625 #ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
1626 {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1HMAC, 0, 160, 160}
1627 #endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
1629 static struct supported supported_init_esp[] = {
1630 #ifdef CONFIG_IPSEC_AUTH_HMAC_MD5
1631 {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5HMAC, 0, 128, 128},
1632 #endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */
1633 #ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1
1634 {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1HMAC, 0, 160, 160},
1635 #endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */
1636 #ifdef CONFIG_IPSEC_ENC_DES
1637 {SADB_EXT_SUPPORTED_ENCRYPT, SADB_EALG_DESCBC, 64, 64, 168},
1638 #endif /* CONFIG_IPSEC_ENC_DES */
1639 #ifdef CONFIG_IPSEC_ENC_3DES
1640 {SADB_EXT_SUPPORTED_ENCRYPT, SADB_EALG_3DESCBC, 64, 168, 168}
1641 #endif /* CONFIG_IPSEC_ENC_3DES */
1643 static struct supported supported_init_ipip[] = {
1644 {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv4, 0, 32, 32}
1645 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1646 , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv4, 0, 128, 32}
1647 , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv6, 0, 32, 128}
1648 , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv6, 0, 128, 128}
1649 #endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
1651 #ifdef CONFIG_IPSEC_IPCOMP
1652 static struct supported supported_init_ipcomp[] = {
1653 {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_CALG_DEFLATE, 0, 1, 1},
1654 #ifdef CONFIG_IPSEC_IPCOMP_LZS
1655 {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_CALG_LZS, 0, 1, 1}
1658 #endif /* CONFIG_IPSEC_IPCOMP */
1662 "klips_info:pfkey_init: "
1663 "FreeS/WAN: initialising PF_KEYv2 domain sockets.\n");
1666 for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) {
1667 pfkey_registered_sockets[i] = NULL;
1668 pfkey_supported_list[i] = NULL;
1671 error |= supported_add_all(SADB_SATYPE_AH, supported_init_ah, sizeof(supported_init_ah));
1672 error |= supported_add_all(SADB_SATYPE_ESP, supported_init_esp, sizeof(supported_init_esp));
1673 #ifdef CONFIG_IPSEC_IPCOMP
1674 error |= supported_add_all(SADB_X_SATYPE_COMP, supported_init_ipcomp, sizeof(supported_init_ipcomp));
1675 #endif /* CONFIG_IPSEC_IPCOMP */
1676 error |= supported_add_all(SADB_X_SATYPE_IPIP, supported_init_ipip, sizeof(supported_init_ipip));
1679 error |= sock_register(&pfkey_family_ops);
1681 error |= sock_register(pfkey_proto_ops.family, &pfkey_proto_ops);
1684 #ifdef CONFIG_PROC_FS
1685 # ifndef PROC_FS_2325
1687 error |= proc_register(proc_net, &proc_net_pfkey);
1688 error |= proc_register(proc_net, &proc_net_pfkey_supported);
1689 error |= proc_register(proc_net, &proc_net_pfkey_registered);
1690 # else /* PROC_FS_21 */
1691 error |= proc_register_dynamic(&proc_net, &proc_net_pfkey);
1692 error |= proc_register_dynamic(&proc_net, &proc_net_pfkey_supported);
1693 error |= proc_register_dynamic(&proc_net, &proc_net_pfkey_registered);
1694 # endif /* PROC_FS_21 */
1695 # else /* !PROC_FS_2325 */
1696 proc_net_create ("pf_key", 0, pfkey_get_info);
1697 proc_net_create ("pf_key_supported", 0, pfkey_supported_get_info);
1698 proc_net_create ("pf_key_registered", 0, pfkey_registered_get_info);
1699 # endif /* !PROC_FS_2325 */
1700 #endif /* CONFIG_PROC_FS */
1710 printk(KERN_INFO "klips_info:pfkey_cleanup: "
1711 "shutting down PF_KEY domain sockets.\n");
1713 error |= sock_unregister(PF_KEY);
1715 error |= sock_unregister(pfkey_proto_ops.family);
1718 error |= supported_remove_all(SADB_SATYPE_AH);
1719 error |= supported_remove_all(SADB_SATYPE_ESP);
1720 #ifdef CONFIG_IPSEC_IPCOMP
1721 error |= supported_remove_all(SADB_X_SATYPE_COMP);
1722 #endif /* CONFIG_IPSEC_IPCOMP */
1723 error |= supported_remove_all(SADB_X_SATYPE_IPIP);
1725 #ifdef CONFIG_PROC_FS
1726 # ifndef PROC_FS_2325
1727 if (proc_net_unregister(proc_net_pfkey.low_ino) != 0)
1728 printk("klips_debug:pfkey_cleanup: "
1729 "cannot unregister /proc/net/pf_key\n");
1730 if (proc_net_unregister(proc_net_pfkey_supported.low_ino) != 0)
1731 printk("klips_debug:pfkey_cleanup: "
1732 "cannot unregister /proc/net/pf_key_supported\n");
1733 if (proc_net_unregister(proc_net_pfkey_registered.low_ino) != 0)
1734 printk("klips_debug:pfkey_cleanup: "
1735 "cannot unregister /proc/net/pf_key_registered\n");
1736 # else /* !PROC_FS_2325 */
1737 proc_net_remove ("pf_key");
1738 proc_net_remove ("pf_key_supported");
1739 proc_net_remove ("pf_key_registered");
1740 # endif /* !PROC_FS_2325 */
1741 #endif /* CONFIG_PROC_FS */
1743 /* other module unloading cleanup happens here */
1757 cleanup_module(void)
1764 pfkey_proto_init(struct net_proto *pro)
1771 * $Log: pfkey_v2.c,v $
1772 * Revision 1.68 2002/03/08 01:15:17 mcr
1773 * put some internal structure only debug messages behind
1774 * && sysctl_ipsec_debug_verbose.
1776 * Revision 1.67 2002/01/29 17:17:57 mcr
1777 * moved include of ipsec_param.h to after include of linux/kernel.h
1778 * otherwise, it seems that some option that is set in ipsec_param.h
1779 * screws up something subtle in the include path to kernel.h, and
1780 * it complains on the snprintf() prototype.
1782 * Revision 1.66 2002/01/29 04:00:54 mcr
1783 * more excise of kversions.h header.
1785 * Revision 1.65 2002/01/29 02:13:18 mcr
1786 * introduction of ipsec_kversion.h means that include of
1787 * ipsec_param.h must preceed any decisions about what files to
1788 * include to deal with differences in kernel source.
1790 * Revision 1.64 2001/11/26 09:23:51 rgb
1791 * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
1793 * Revision 1.61.2.1 2001/09/25 02:28:44 mcr
1794 * cleaned up includes.
1796 * Revision 1.63 2001/11/12 19:38:00 rgb
1797 * Continue trying other sockets even if one fails and return only original
1800 * Revision 1.62 2001/10/18 04:45:22 rgb
1801 * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h,
1802 * lib/freeswan.h version macros moved to lib/kversions.h.
1803 * Other compiler directive cleanups.
1805 * Revision 1.61 2001/09/20 15:32:59 rgb
1808 * Revision 1.60 2001/06/14 19:35:12 rgb
1809 * Update copyright date.
1811 * Revision 1.59 2001/06/13 15:35:48 rgb
1812 * Fixed #endif comments.
1814 * Revision 1.58 2001/05/04 16:37:24 rgb
1815 * Remove erroneous checking of return codes for proc_net_* in 2.4.
1817 * Revision 1.57 2001/05/03 19:43:36 rgb
1818 * Initialise error return variable.
1819 * Check error return codes in startup and shutdown.
1820 * Standardise on SENDERR() macro.
1822 * Revision 1.56 2001/04/21 23:05:07 rgb
1823 * Define out skb->used for 2.4 kernels.
1825 * Revision 1.55 2001/02/28 05:03:28 rgb
1826 * Clean up and rationalise startup messages.
1828 * Revision 1.54 2001/02/27 22:24:55 rgb
1829 * Re-formatting debug output (line-splitting, joining, 1arg/line).
1830 * Check for satoa() return codes.
1832 * Revision 1.53 2001/02/27 06:48:18 rgb
1833 * Fixed pfkey socket unregister log message to reflect type and function.
1835 * Revision 1.52 2001/02/26 22:34:38 rgb
1836 * Fix error return code that was getting overwritten by the error return
1839 * Revision 1.51 2001/01/30 23:42:47 rgb
1840 * Allow pfkey msgs from pid other than user context required for ACQUIRE
1841 * and subsequent ADD or UDATE.
1843 * Revision 1.50 2001/01/23 20:22:59 rgb
1844 * 2.4 fix to remove removed is_clone member.
1846 * Revision 1.49 2000/11/06 04:33:47 rgb
1847 * Changed non-exported functions to DEBUG_NO_STATIC.
1849 * Revision 1.48 2000/09/29 19:47:41 rgb
1852 * Revision 1.47 2000/09/22 04:23:04 rgb
1853 * Added more debugging to pfkey_upmsg() call from pfkey_sendmsg() error.
1855 * Revision 1.46 2000/09/21 04:20:44 rgb
1856 * Fixed array size off-by-one error. (Thanks Svenning!)
1858 * Revision 1.45 2000/09/20 04:01:26 rgb
1859 * Changed static functions to DEBUG_NO_STATIC for revealing function names
1862 * Revision 1.44 2000/09/19 00:33:17 rgb
1865 * Revision 1.43 2000/09/16 01:28:13 rgb
1866 * Fixed use of 0 in p format warning.
1868 * Revision 1.42 2000/09/16 01:09:41 rgb
1869 * Fixed debug format warning for pointers that was expecting ints.
1871 * Revision 1.41 2000/09/13 15:54:00 rgb
1872 * Rewrote pfkey_get_info(), added pfkey_{supported,registered}_get_info().
1873 * Moved supported algos add and remove to functions.
1875 * Revision 1.40 2000/09/12 18:49:28 rgb
1876 * Added IPIP tunnel and IPCOMP register support.
1878 * Revision 1.39 2000/09/12 03:23:49 rgb
1879 * Converted #if0 debugs to sysctl.
1880 * Removed debug_pfkey initialisations that prevented no_debug loading or
1883 * Revision 1.38 2000/09/09 06:38:02 rgb
1884 * Return positive errno in pfkey_reply error message.
1886 * Revision 1.37 2000/09/08 19:19:09 rgb
1887 * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
1888 * Clean-up of long-unused crud...
1889 * Create pfkey error message on on failure.
1890 * Give pfkey_list_{insert,remove}_{socket,supported}() some error
1893 * Revision 1.36 2000/09/01 18:49:38 rgb
1894 * Reap experimental NET_21_ bits.
1895 * Turned registered sockets list into an array of one list per satype.
1896 * Remove references to deprecated sklist_{insert,remove}_socket.
1897 * Removed leaking socket debugging code.
1898 * Removed duplicate pfkey_insert_socket in pfkey_create.
1899 * Removed all references to pfkey msg->msg_name, since it is not used for
1901 * Added a supported algorithms array lists, one per satype and registered
1902 * existing algorithms.
1903 * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to
1905 * Only send pfkey_expire() messages to sockets registered for that satype.
1907 * Revision 1.35 2000/08/24 17:03:00 rgb
1908 * Corrected message size error return code for PF_KEYv2.
1909 * Removed downward error prohibition.
1911 * Revision 1.34 2000/08/21 16:32:26 rgb
1912 * Re-formatted for cosmetic consistency and readability.
1914 * Revision 1.33 2000/08/20 21:38:24 rgb
1915 * Added a pfkey_reply parameter to pfkey_msg_interp(). (Momchil)
1916 * Extended the upward message initiation of pfkey_sendmsg(). (Momchil)
1918 * Revision 1.32 2000/07/28 14:58:31 rgb
1919 * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5.
1921 * Revision 1.31 2000/05/16 03:04:00 rgb
1922 * Updates for 2.3.99pre8 from MB.
1924 * Revision 1.30 2000/05/10 19:22:21 rgb
1925 * Use sklist private functions for 2.3.xx compatibility.
1927 * Revision 1.29 2000/03/22 16:17:03 rgb
1928 * Fixed SOCKOPS_WRAPPED macro for SMP (MB).
1930 * Revision 1.28 2000/02/21 19:30:45 rgb
1931 * Removed references to pkt_bridged for 2.3.47 compatibility.
1933 * Revision 1.27 2000/02/14 21:07:00 rgb
1934 * Fixed /proc/net/pf-key legend spacing.
1936 * Revision 1.26 2000/01/22 03:46:59 rgb
1937 * Fixed pfkey error return mechanism so that we are able to free the
1938 * local copy of the pfkey_msg, plugging a memory leak and silencing
1939 * the bad object free complaints.
1941 * Revision 1.25 2000/01/21 06:19:44 rgb
1942 * Moved pfkey_list_remove_socket() calls to before MOD_USE_DEC_COUNT.
1943 * Added debugging to pfkey_upmsg.
1945 * Revision 1.24 2000/01/10 16:38:23 rgb
1946 * MB fixups for 2.3.x.
1948 * Revision 1.23 1999/12/09 23:22:16 rgb
1949 * Added more instrumentation for debugging 2.0 socket
1950 * selection/reading.
1951 * Removed erroneous 2.0 wait==NULL check bug in select.
1953 * Revision 1.22 1999/12/08 20:32:16 rgb
1954 * Tidied up 2.0.xx support, after major pfkey work, eliminating
1955 * msg->msg_name twiddling in the process, since it is not defined
1958 * Revision 1.21 1999/12/01 22:17:19 rgb
1959 * Set skb->dev to zero on new skb in case it is a reused skb.
1960 * Added check for skb_put overflow and freeing to avoid upmsg on error.
1961 * Added check for wrong pfkey version and freeing to avoid upmsg on
1963 * Shut off content dumping in pfkey_destroy.
1964 * Added debugging message for size of buffer allocated for upmsg.
1966 * Revision 1.20 1999/11/27 12:11:00 rgb
1967 * Minor clean-up, enabling quiet operation of pfkey if desired.
1969 * Revision 1.19 1999/11/25 19:04:21 rgb
1970 * Update proc_fs code for pfkey to use dynamic registration.
1972 * Revision 1.18 1999/11/25 09:07:17 rgb
1973 * Implemented SENDERR macro for propagating error codes.
1974 * Fixed error return code bug.
1976 * Revision 1.17 1999/11/23 23:07:20 rgb
1977 * Change name of pfkey_msg_parser to pfkey_msg_interp since it no longer
1979 * Sort out pfkey and freeswan headers, putting them in a library path.
1981 * Revision 1.16 1999/11/20 22:00:22 rgb
1982 * Moved socketlist type declarations and prototypes for shared use.
1983 * Renamed reformatted and generically extended for use by other socket
1984 * lists pfkey_{del,add}_open_socket to pfkey_list_{remove,insert}_socket.
1986 * Revision 1.15 1999/11/18 04:15:09 rgb
1987 * Make pfkey_data_ready temporarily available for 2.2.x testing.
1988 * Clean up pfkey_destroy_socket() debugging statements.
1989 * Add Peter Onion's code to send messages up to all listening sockets.
1990 * Changed all occurrences of #include "../../../lib/freeswan.h"
1991 * to #include <freeswan.h> which works due to -Ilibfreeswan in the
1992 * klips/net/ipsec/Makefile.
1993 * Replaced all kernel version macros to shorter, readable form.
1994 * Added CONFIG_PROC_FS compiler directives in case it is shut off.
1996 * Revision 1.14 1999/11/17 16:01:00 rgb
1997 * Make pfkey_data_ready temporarily available for 2.2.x testing.
1998 * Clean up pfkey_destroy_socket() debugging statements.
1999 * Add Peter Onion's code to send messages up to all listening sockets.
2000 * Changed #include "../../../lib/freeswan.h" to #include <freeswan.h>
2001 * which works due to -Ilibfreeswan in the klips/net/ipsec/Makefile.
2003 * Revision 1.13 1999/10/27 19:59:51 rgb
2004 * Removed af_unix comments that are no longer relevant.
2005 * Added debug prink statements.
2006 * Added to the /proc output in pfkey_get_info.
2007 * Made most functions non-static to enable oops tracing.
2008 * Re-enable skb dequeueing and freeing.
2009 * Fix skb_alloc() and skb_put() size bug in pfkey_upmsg().
2011 * Revision 1.12 1999/10/26 17:05:42 rgb
2012 * Complete re-ordering based on proto_ops structure order.
2013 * Separated out proto_ops structures for 2.0.x and 2.2.x for clarity.
2014 * Simplification to use built-in socket ops where possible for 2.2.x.
2015 * Add shorter macros for compiler directives to visually clean-up.
2016 * Add lots of sk skb dequeueing debugging statements.
2017 * Added to the /proc output in pfkey_get_info.
2019 * Revision 1.11 1999/09/30 02:55:10 rgb
2020 * Bogus skb detection.
2021 * Fix incorrect /proc/net/ipsec-eroute printk message.
2023 * Revision 1.10 1999/09/21 15:22:13 rgb
2024 * Temporary fix while I figure out the right way to destroy sockets.
2026 * Revision 1.9 1999/07/08 19:19:44 rgb
2027 * Fix pointer format warning.
2028 * Fix missing member error under 2.0.xx kernels.
2030 * Revision 1.8 1999/06/13 07:24:04 rgb
2031 * Add more debugging.
2033 * Revision 1.7 1999/06/10 05:24:17 rgb
2034 * Clarified compiler directives.
2035 * Renamed variables to reduce confusion.
2036 * Used sklist_*_socket() kernel functions to simplify 2.2.x socket support.
2037 * Added lots of sanity checking.
2039 * Revision 1.6 1999/06/03 18:59:50 rgb
2040 * More updates to 2.2.x socket support. Almost works, oops at end of call.
2042 * Revision 1.5 1999/05/25 22:44:05 rgb
2043 * Start fixing 2.2 sockets.
2045 * Revision 1.4 1999/04/29 15:21:34 rgb
2046 * Move log to the end of the file.
2047 * Eliminate min/max redefinition in #include <net/tcp.h>.
2048 * Correct path for pfkey #includes
2049 * Standardise an error return method.
2050 * Add debugging instrumentation.
2051 * Move message type checking to pfkey_msg_parse().
2052 * Add check for errno incorrectly set.
2053 * Add check for valid PID.
2054 * Add check for reserved illegally set.
2055 * Add check for message out of bounds.
2057 * Revision 1.3 1999/04/15 17:58:07 rgb
2060 * Revision 1.2 1999/04/15 15:37:26 rgb
2061 * Forward check changes from POST1_00 branch.
2063 * Revision 1.1.2.2 1999/04/13 20:37:12 rgb
2064 * Header Title correction.
2066 * Revision 1.1.2.1 1999/03/26 20:58:55 rgb
2067 * Add pfkeyv2 support to KLIPS.
2071 * PF_KEY_v2 Key Management API