Import initial strongswan 2.7.0 version into SVN.

5 files changed, 278 insertions, 0 deletions

diff --git a/linux/net/ipv4/af_inet.c.fs2_0.patch b/linux/net/ipv4/af_inet.c.fs2_0.patch
new file mode 100644
index 000000000..bc8a5083c
--- /dev/null
+++ b/linux/net/ipv4/af_inet.c.fs2_0.patch
@@ -0,0 +1,21 @@
+RCSID $Id: af_inet.c.fs2_0.patch,v 1.1 2004/03/15 20:35:27 as Exp $
+--- ./net/ipv4/af_inet.c.preipsec	Wed Jun  3 18:17:50 1998
++++ ./net/ipv4/af_inet.c	Fri Sep 17 10:14:12 1999
+@@ -1146,6 +1146,17 @@
+ 	ip_alias_init();
+ #endif
+ 
++#if defined(CONFIG_IPSEC)
++	{
++               extern /* void */ int ipsec_init(void);
++		/*
++		 *  Initialise AF_INET ESP and AH protocol support including 
++		 *  e-routing and SA tables
++		 */
++		ipsec_init();
++	}
++#endif /* CONFIG_IPSEC */
++
+ #ifdef CONFIG_INET_RARP
+ 	rarp_ioctl_hook = rarp_ioctl;
+ #endif
diff --git a/linux/net/ipv4/af_inet.c.fs2_2.patch b/linux/net/ipv4/af_inet.c.fs2_2.patch
new file mode 100644
index 000000000..00c85baf3
--- /dev/null
+++ b/linux/net/ipv4/af_inet.c.fs2_2.patch
@@ -0,0 +1,21 @@
+RCSID $Id: af_inet.c.fs2_2.patch,v 1.1 2004/03/15 20:35:27 as Exp $
+--- ./net/ipv4/af_inet.c.preipsec	Mon Aug  9 15:05:13 1999
++++ ./net/ipv4/af_inet.c	Fri Sep 17 10:13:07 1999
+@@ -1140,6 +1140,17 @@
+ 	ip_mr_init();
+ #endif
+ 
++#if defined(CONFIG_IPSEC)
++	{
++               extern /* void */ int ipsec_init(void);
++		/*
++		 *  Initialise AF_INET ESP and AH protocol support including 
++		 *  e-routing and SA tables
++		 */
++		ipsec_init();
++	}
++#endif /* CONFIG_IPSEC */
++
+ #ifdef CONFIG_INET_RARP
+ 	rarp_ioctl_hook = rarp_ioctl;
+ #endif
diff --git a/linux/net/ipv4/af_inet.c.fs2_4.patch b/linux/net/ipv4/af_inet.c.fs2_4.patch
new file mode 100644
index 000000000..70290e3c8
--- /dev/null
+++ b/linux/net/ipv4/af_inet.c.fs2_4.patch
@@ -0,0 +1,21 @@
+RCSID $Id: af_inet.c.fs2_4.patch,v 1.1 2004/03/15 20:35:27 as Exp $
+--- ./net/ipv4/af_inet.c.preipsec	Wed Apr 26 15:13:17 2000
++++ ./net/ipv4/af_inet.c	Fri Jun 30 15:01:27 2000
+@@ -1019,6 +1019,17 @@
+ 	ip_mr_init();
+ #endif
+ 
++#if defined(CONFIG_IPSEC)
++	{
++               extern /* void */ int ipsec_init(void);
++		/*
++		 *  Initialise AF_INET ESP and AH protocol support including 
++		 *  e-routing and SA tables
++		 */
++		ipsec_init();
++	}
++#endif /* CONFIG_IPSEC */
++
+ 	/*
+ 	 *	Create all the /proc entries.
+ 	 */
diff --git a/linux/net/ipv4/udp.c.fs2_2.patch b/linux/net/ipv4/udp.c.fs2_2.patch
new file mode 100644
index 000000000..767ddaa23
--- /dev/null
+++ b/linux/net/ipv4/udp.c.fs2_2.patch
@@ -0,0 +1,108 @@
+--- ./net/ipv4/udp.c	Sun Mar 25 18:37:41 2001
++++ ./net/ipv4/udp.c	Mon Jun 10 19:53:18 2002
+@@ -965,6 +965,9 @@
+ 
+ static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
+ {
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++	struct udp_opt *tp =  &(sk->tp_pinfo.af_udp);
++#endif
+ 	/*
+ 	 *	Charge it to the socket, dropping if the queue is full.
+ 	 */
+@@ -982,6 +985,38 @@
+ 	}
+ #endif
+ 
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++	if (tp->esp_in_udp) {
++		/*
++		 * Set skb->sk and xmit packet to ipsec_rcv.
++		 *
++		 * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP),
++		 * restore skb->sk and fall back to sock_queue_rcv_skb
++		 */
++		struct inet_protocol *esp = NULL;
++
++#ifdef CONFIG_IPSEC_MODULE
++		for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)];
++			(esp) && (esp->protocol != IPPROTO_ESP);
++			esp = esp->next);
++#else
++		extern struct inet_protocol esp_protocol;
++		esp = &esp_protocol;
++#endif
++
++		if (esp && esp->handler) {
++			struct sock *sav_sk = skb->sk;
++			skb->sk = sk;
++			if (esp->handler(skb, 0) == 0) {
++				skb->sk = sav_sk;
++				/* not sure we might count ESPinUDP as UDP... */
++				udp_statistics.UdpInDatagrams++;
++				return 0;
++			}
++			skb->sk = sav_sk;
++		}
++	}
++#endif
+ 	if (sock_queue_rcv_skb(sk,skb)<0) {
+ 		udp_statistics.UdpInErrors++;
+ 		ip_statistics.IpInDiscards++;
+@@ -1165,6 +1200,44 @@
+ 	return(0);
+ }
+ 
++#if 1
++static int udp_setsockopt(struct sock *sk, int level, int optname,
++	char *optval, int optlen)
++{
++	struct udp_opt *tp = &(sk->tp_pinfo.af_udp);
++	int val;
++	int err = 0;
++
++	if (level != SOL_UDP)
++		return ip_setsockopt(sk, level, optname, optval, optlen);
++
++	if(optlen<sizeof(int))
++		return -EINVAL;
++
++	if (get_user(val, (int *)optval))
++		return -EFAULT;
++	
++	lock_sock(sk);
++
++	switch(optname) {
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++#ifndef UDP_ESPINUDP
++#define UDP_ESPINUDP 100
++#endif
++		case UDP_ESPINUDP:
++			tp->esp_in_udp = val;
++			break;
++#endif
++		default:
++			err = -ENOPROTOOPT;
++			break;
++	}
++
++	release_sock(sk);
++	return err;
++}
++#endif
++
+ struct proto udp_prot = {
+ 	(struct sock *)&udp_prot,	/* sklist_next */
+ 	(struct sock *)&udp_prot,	/* sklist_prev */
+@@ -1179,7 +1252,11 @@
+ 	NULL,				/* init */
+ 	NULL,				/* destroy */
+ 	NULL,				/* shutdown */
++#if 1
++	udp_setsockopt,			/* setsockopt */
++#else
+ 	ip_setsockopt,			/* setsockopt */
++#endif
+ 	ip_getsockopt,			/* getsockopt */
+ 	udp_sendmsg,			/* sendmsg */
+ 	udp_recvmsg,			/* recvmsg */
diff --git a/linux/net/ipv4/udp.c.fs2_4.patch b/linux/net/ipv4/udp.c.fs2_4.patch
new file mode 100644
index 000000000..87b208bac
--- /dev/null
+++ b/linux/net/ipv4/udp.c.fs2_4.patch
@@ -0,0 +1,107 @@
+--- ./net/ipv4/udp.c	2002/02/26 14:54:22	1.2
++++ ./net/ipv4/udp.c	2002/05/22 12:14:58
+@@ -777,6 +777,9 @@
+ 
+ static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
+ {
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++	struct udp_opt *tp =  &(sk->tp_pinfo.af_udp);
++#endif
+ 	/*
+ 	 *	Charge it to the socket, dropping if the queue is full.
+ 	 */
+@@ -794,6 +797,38 @@
+ 	}
+ #endif
+ 
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++	if (tp->esp_in_udp) {
++		/*
++		 * Set skb->sk and xmit packet to ipsec_rcv.
++		 *
++		 * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP),
++		 * restore skb->sk and fall back to sock_queue_rcv_skb
++		 */
++		struct inet_protocol *esp = NULL;
++
++#ifdef CONFIG_IPSEC_MODULE
++		for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)];
++			(esp) && (esp->protocol != IPPROTO_ESP);
++			esp = esp->next);
++#else
++		extern struct inet_protocol esp_protocol;
++		esp = &esp_protocol;
++#endif
++
++		if (esp && esp->handler) {
++			struct sock *sav_sk = skb->sk;
++			skb->sk = sk;
++			if (esp->handler(skb) == 0) {
++				skb->sk = sav_sk;
++				/* not sure we might count ESPinUDP as UDP... */
++				UDP_INC_STATS_BH(UdpInDatagrams);
++				return 0;
++			}
++			skb->sk = sav_sk;
++		}
++	}
++#endif
+ 	if (sock_queue_rcv_skb(sk,skb)<0) {
+ 		UDP_INC_STATS_BH(UdpInErrors);
+ 		IP_INC_STATS_BH(IpInDiscards);
+@@ -1010,13 +1045,55 @@
+ 	return len;
+ }
+ 
++#if 1
++static int udp_setsockopt(struct sock *sk, int level, int optname,
++	char *optval, int optlen)
++{
++	struct udp_opt *tp = &(sk->tp_pinfo.af_udp);
++	int val;
++	int err = 0;
++
++	if (level != SOL_UDP)
++		return ip_setsockopt(sk, level, optname, optval, optlen);
++
++	if(optlen<sizeof(int))
++		return -EINVAL;
++
++	if (get_user(val, (int *)optval))
++		return -EFAULT;
++	
++	lock_sock(sk);
++
++	switch(optname) {
++#ifdef CONFIG_IPSEC_NAT_TRAVERSAL
++#ifndef UDP_ESPINUDP
++#define UDP_ESPINUDP 100
++#endif
++		case UDP_ESPINUDP:
++			tp->esp_in_udp = val;
++			break;
++#endif
++		default:
++			err = -ENOPROTOOPT;
++			break;
++	}
++
++	release_sock(sk);
++	return err;
++}
++#endif
++
+ struct proto udp_prot = {
+  	name:		"UDP",
+ 	close:		udp_close,
+ 	connect:	udp_connect,
+ 	disconnect:	udp_disconnect,
+ 	ioctl:		udp_ioctl,
++#if 1
++	setsockopt:	udp_setsockopt,
++#else
+ 	setsockopt:	ip_setsockopt,
++#endif
+ 	getsockopt:	ip_getsockopt,
+ 	sendmsg:	udp_sendmsg,
+ 	recvmsg:	udp_recvmsg,