Major new upstream release, just ran svn-upgrade for now (and wrote some

debian/changelong entries).

1 files changed, 0 insertions, 338 deletions

diff --git a/linux/include/freeswan/ipsec_sa.h b/linux/include/freeswan/ipsec_sa.h
deleted file mode 100644
index 555df42d3..000000000
--- a/linux/include/freeswan/ipsec_sa.h
+++ /dev/null
@@ -1,338 +0,0 @@
-/*
- * @(#) Definitions of IPsec Security Association (ipsec_sa)
- *
- * Copyright (C) 2001, 2002, 2003
- *                      Richard Guy Briggs  <rgb@freeswan.org>
- *                  and Michael Richardson  <mcr@freeswan.org>
- * 
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- * 
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * RCSID $Id: ipsec_sa.h,v 1.3 2004/04/28 08:07:11 as Exp $
- *
- * This file derived from ipsec_xform.h on 2001/9/18 by mcr.
- *
- */
-
-/* 
- * This file describes the IPsec Security Association Structure.
- *
- * This structure keeps track of a single transform that may be done
- * to a set of packets. It can describe applying the transform or
- * apply the reverse. (e.g. compression vs expansion). However, it
- * only describes one at a time. To describe both, two structures would
- * be used, but since the sides of the transform are performed 
- * on different machines typically it is usual to have only one side
- * of each association.
- * 
- */
-
-#ifndef _IPSEC_SA_H_
-
-#ifdef __KERNEL__
-#include "ipsec_stats.h"
-#include "ipsec_life.h"
-#include "ipsec_eroute.h"
-#endif /* __KERNEL__ */
-#include "ipsec_param.h"
-
-
-/* SAs are held in a table.
- * Entries in this table are referenced by IPsecSAref_t values.
- * IPsecSAref_t values are conceptually subscripts.  Because
- * we want to allocate the table piece-meal, the subscripting
- * is implemented with two levels, a bit like paged virtual memory.
- * This representation mechanism is known as an Iliffe Vector.
- *
- * The Main table (AKA the refTable) consists of 2^IPSEC_SA_REF_MAINTABLE_IDX_WIDTH
- * pointers to subtables.
- * Each subtable has 2^IPSEC_SA_REF_SUBTABLE_IDX_WIDTH entries, each of which
- * is a pointer to an SA.
- *
- * An IPsecSAref_t contains either an exceptional value (signified by the
- * high-order bit being on) or a reference to a table entry.  A table entry
- * reference has the subtable subscript in the low-order
- * IPSEC_SA_REF_SUBTABLE_IDX_WIDTH bits and the Main table subscript
- * in the next lowest IPSEC_SA_REF_MAINTABLE_IDX_WIDTH bits.
- *
- * The Maintable entry for an IPsecSAref_t x, a pointer to its subtable, is
- * IPsecSAref2table(x).  It is of type struct IPsecSArefSubTable *.
- *
- * The pointer to the SA for x is IPsecSAref2SA(x).  It is of type
- * struct ipsec_sa*.  The macro definition clearly shows the two-level
- * access needed to find the SA pointer.
- *
- * The Maintable is allocated when IPsec is initialized.
- * Each subtable is allocated when needed, but the first is allocated
- * when IPsec is initialized.
- *
- * IPsecSAref_t is designed to be smaller than an NFmark so that
- * they can be stored in NFmarks and still leave a few bits for other
- * purposes.  The spare bits are in the low order of the NFmark
- * but in the high order of the IPsecSAref_t, so conversion is required.
- * We pick the upper bits of NFmark on the theory that they are less likely to
- * interfere with more pedestrian uses of nfmark.
- */
-
-
-typedef unsigned short int IPsecRefTableUnusedCount;
-
-#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH)
-
-#ifdef __KERNEL__
-#if ((IPSEC_SA_REF_TABLE_IDX_WIDTH - (1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) < 0)
-#error "IPSEC_SA_REF_TABLE_IDX_WIDTH("IPSEC_SA_REF_TABLE_IDX_WIDTH") MUST be < 1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH("IPSEC_SA_REF_MAINTABLE_IDX_WIDTH")"
-#endif
-
-#define IPSEC_SA_REF_SUBTABLE_IDX_WIDTH (IPSEC_SA_REF_TABLE_IDX_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)
-
-#define IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)
-#define IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
-
-#ifdef CONFIG_NETFILTER
-#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->nfmark
-#define IPSEC_SA_REF_HOST_FIELD_TYPE typeof(IPSEC_SA_REF_HOST_FIELD(NULL))
-#else /* CONFIG_NETFILTER */
-/* just make it work for now, it doesn't matter, since there is no nfmark */
-#define IPSEC_SA_REF_HOST_FIELD_TYPE unsigned long
-#endif /* CONFIG_NETFILTER */
-#define IPSEC_SA_REF_HOST_FIELD_WIDTH (8 * sizeof(IPSEC_SA_REF_HOST_FIELD_TYPE))
-#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t))
-
-#define IPSEC_SA_REF_MASK        (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH))
-#define IPSEC_SA_REF_TABLE_MASK ((IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
-#define IPSEC_SA_REF_ENTRY_MASK  (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_SUBTABLE_IDX_WIDTH))
-
-#define IPsecSAref2table(x) (((x) & IPSEC_SA_REF_TABLE_MASK) >> IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)
-#define IPsecSAref2entry(x) ((x) & IPSEC_SA_REF_ENTRY_MASK)
-#define IPsecSArefBuild(x,y) (((x) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) + (y))
-
-#define IPsecSAref2SA(x) (ipsec_sadb.refTable[IPsecSAref2table(x)]->entry[IPsecSAref2entry(x)])
-#define IPsecSA2SAref(x) ((x)->ips_ref)
-
-#define EMT_INBOUND	0x01	/* SA direction, 1=inbound */
-
-/* 'struct ipsec_sa' should be 64bit aligned when allocated. */
-struct ipsec_sa 	                        
-{
-	IPsecSAref_t	ips_ref;		/* reference table entry number */
-	atomic_t	ips_refcount;		/* reference count for this struct */
-	struct ipsec_sa	*ips_hnext;		/* next in hash chain */
-	struct ipsec_sa	*ips_inext;	 	/* pointer to next xform */
-	struct ipsec_sa	*ips_onext;	 	/* pointer to prev xform */
-
-	struct ifnet	*ips_rcvif;	 	/* related rcv encap interface */
-
-	struct sa_id	ips_said;	 	/* SA ID */
-
-	__u32		ips_seq;		/* seq num of msg that initiated this SA */
-	__u32		ips_pid;		/* PID of process that initiated this SA */
-	__u8		ips_authalg;		/* auth algorithm for this SA */
-	__u8		ips_encalg;		/* enc algorithm for this SA */
-
-	struct ipsec_stats ips_errs;
-
-	__u8		ips_replaywin;		/* replay window size */
-	__u8		ips_state;		/* state of SA */
-	__u32		ips_replaywin_lastseq;	/* last pkt sequence num */
-	__u64		ips_replaywin_bitmap;	/* bitmap of received pkts */
-	__u32		ips_replaywin_maxdiff;	/* max pkt sequence difference */
-
-	__u32		ips_flags;		/* generic xform flags */
-
-
-	struct ipsec_lifetimes ips_life;	/* lifetime records */
-
-	/* selector information */
-	struct sockaddr*ips_addr_s;		/* src sockaddr */
-	struct sockaddr*ips_addr_d;		/* dst sockaddr */
-	struct sockaddr*ips_addr_p;		/* proxy sockaddr */
-	__u16		ips_addr_s_size;
-	__u16		ips_addr_d_size;
-	__u16		ips_addr_p_size;
-	ip_address	ips_flow_s;
-	ip_address	ips_flow_d;
-	ip_address	ips_mask_s;
-	ip_address	ips_mask_d;
-
-	__u16		ips_key_bits_a;		/* size of authkey in bits */
-	__u16		ips_auth_bits;		/* size of authenticator in bits */
-	__u16		ips_key_bits_e;		/* size of enckey in bits */
-	__u16		ips_iv_bits;	 	/* size of IV in bits */
-	__u8		ips_iv_size;
-	__u16		ips_key_a_size;
-	__u16		ips_key_e_size;
-
-	caddr_t		ips_key_a;		/* authentication key */
-	caddr_t		ips_key_e;		/* encryption key */
-	caddr_t	        ips_iv;			/* Initialisation Vector */
-
-	struct ident	ips_ident_s;		/* identity src */
-	struct ident	ips_ident_d;		/* identity dst */
-
-#ifdef CONFIG_IPSEC_IPCOMP
-	__u16		ips_comp_adapt_tries;	/* ipcomp self-adaption tries */
-	__u16		ips_comp_adapt_skip;	/* ipcomp self-adaption to-skip */
-	__u64		ips_comp_ratio_cbytes;	/* compressed bytes */
-	__u64		ips_comp_ratio_dbytes;	/* decompressed (or uncompressed) bytes */
-#endif /* CONFIG_IPSEC_IPCOMP */
-
-#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
-	__u8		ips_natt_type;
-	__u8		ips_natt_reserved[3];
-	__u16		ips_natt_sport;
-	__u16		ips_natt_dport;
-
-	struct sockaddr *ips_natt_oa;
-	__u16		ips_natt_oa_size;
-	__u16		ips_natt_reserved2;
-#endif
-
-#if 0
-	__u32		ips_sens_dpd;
-	__u8		ips_sens_sens_level;
-	__u8		ips_sens_sens_len;
-	__u64*		ips_sens_sens_bitmap;
-	__u8		ips_sens_integ_level;
-	__u8		ips_sens_integ_len;
-	__u64*		ips_sens_integ_bitmap;
-#endif
-	struct ipsec_alg_enc *ips_alg_enc;
-	struct ipsec_alg_auth *ips_alg_auth;
-	IPsecSAref_t	ips_ref_rel;
-};
-
-struct IPsecSArefSubTable
-{
-	struct ipsec_sa* entry[IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES];
-};
-
-struct ipsec_sadb {
-	struct IPsecSArefSubTable* refTable[IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES];
-	IPsecSAref_t refFreeList[IPSEC_SA_REF_FREELIST_NUM_ENTRIES];
-	int refFreeListHead;
-	int refFreeListTail;
-	IPsecSAref_t refFreeListCont;
-	IPsecSAref_t said_hash[SADB_HASHMOD];
-	spinlock_t sadb_lock;
-};
-
-extern struct ipsec_sadb ipsec_sadb;
-
-extern int ipsec_SAref_recycle(void);
-extern int ipsec_SArefSubTable_alloc(unsigned table);
-extern int ipsec_saref_freelist_init(void);
-extern int ipsec_sadb_init(void);
-extern struct ipsec_sa *ipsec_sa_alloc(int*error); /* pass in error var by pointer */
-extern IPsecSAref_t ipsec_SAref_alloc(int*erorr); /* pass in error var by pointer */
-extern int ipsec_sa_free(struct ipsec_sa* ips);
-extern struct ipsec_sa *ipsec_sa_getbyid(struct sa_id *said);
-extern int ipsec_sa_put(struct ipsec_sa *ips);
-extern int ipsec_sa_add(struct ipsec_sa *ips);
-extern int ipsec_sa_del(struct ipsec_sa *ips);
-extern int ipsec_sa_delchain(struct ipsec_sa *ips);
-extern int ipsec_sadb_cleanup(__u8 proto);
-extern int ipsec_sadb_free(void);
-extern int ipsec_sa_wipe(struct ipsec_sa *ips);
-#endif /* __KERNEL__ */
-
-enum ipsec_direction {
-	ipsec_incoming = 1,
-	ipsec_outgoing = 2
-};
-
-#define _IPSEC_SA_H_
-#endif /* _IPSEC_SA_H_ */
-
-/*
- * $Log: ipsec_sa.h,v $
- * Revision 1.3  2004/04/28 08:07:11  as
- * added dhr's freeswan-2.06 changes
- *
- * Revision 1.2  2004/03/22 21:53:18  as
- * merged alg-0.8.1 branch with HEAD
- *
- * Revision 1.1.2.1.2.1  2004/03/16 09:48:18  as
- * alg-0.8.1rc12 patch merged
- *
- * Revision 1.1.2.1  2004/03/15 22:30:06  as
- * nat-0.6c patch merged
- *
- * Revision 1.1  2004/03/15 20:35:25  as
- * added files from freeswan-2.04-x509-1.5.3
- *
- * Revision 1.15  2003/05/11 00:53:09  mcr
- * 	IPsecSAref_t and macros were moved to freeswan.h.
- *
- * Revision 1.14  2003/02/12 19:31:55  rgb
- * Fixed bug in "file seen" machinery.
- * Updated copyright year.
- *
- * Revision 1.13  2003/01/30 02:31:52  rgb
- *
- * Re-wrote comments describing SAref system for accuracy.
- * Rename SAref table macro names for clarity.
- * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug.
- * Transmit error code through to caller from callee for better diagnosis of problems.
- * Enclose all macro arguments in parens to avoid any possible obscrure bugs.
- *
- * Revision 1.12  2002/10/07 18:31:19  rgb
- * Change comment to reflect the flexible nature of the main and sub-table widths.
- * Added a counter for the number of unused entries in each subtable.
- * Further break up host field type macro to host field.
- * Move field width sanity checks to ipsec_sa.c
- * Define a mask for an entire saref.
- *
- * Revision 1.11  2002/09/20 15:40:33  rgb
- * Re-write most of the SAref macros and types to eliminate any pointer references to Entrys.
- * Fixed SAref/nfmark macros.
- * Rework saref freeslist.
- * Place all ipsec sadb globals into one struct.
- * Restrict some bits to kernel context for use to klips utils.
- *
- * Revision 1.10  2002/09/20 05:00:34  rgb
- * Update copyright date.
- *
- * Revision 1.9  2002/09/17 17:19:29  mcr
- * 	make it compile even if there is no netfilter - we lost
- * 	functionality, but it works, especially on 2.2.
- *
- * Revision 1.8  2002/07/28 22:59:53  mcr
- * 	clarified/expanded one comment.
- *
- * Revision 1.7  2002/07/26 08:48:31  rgb
- * Added SA ref table code.
- *
- * Revision 1.6  2002/05/31 17:27:48  rgb
- * Comment fix.
- *
- * Revision 1.5  2002/05/27 18:55:03  rgb
- * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT.
- *
- * Revision 1.4  2002/05/23 07:13:36  rgb
- * Convert "usecount" to "refcount" to remove ambiguity.
- *
- * Revision 1.3  2002/04/24 07:36:47  mcr
- * Moved from ./klips/net/ipsec/ipsec_sa.h,v
- *
- * Revision 1.2  2001/11/26 09:16:15  rgb
- * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
- *
- * Revision 1.1.2.1  2001/09/25 02:24:58  mcr
- * 	struct tdb -> struct ipsec_sa.
- * 	sa(tdb) manipulation functions renamed and moved to ipsec_sa.c
- * 	ipsec_xform.c removed. header file still contains useful things.
- *
- *
- * Local variables:
- * c-file-style: "linux"
- * End:
- *
- */