diff options
Diffstat (limited to 'src/libfreeswan')
90 files changed, 97 insertions, 3715 deletions
diff --git a/src/libfreeswan/Makefile.am b/src/libfreeswan/Makefile.am index d916fca17..44dd31577 100644 --- a/src/libfreeswan/Makefile.am +++ b/src/libfreeswan/Makefile.am @@ -1,19 +1,19 @@ noinst_LIBRARIES = libfreeswan.a libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \ atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ - goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipcomp.h \ - ipsec_ah.h ipsec_alg.h ipsec_encap.h ipsec_eroute.h ipsec_errs.h \ - ipsec_esp.h ipsec_ipe4.h ipsec_kversion.h ipsec_life.h ipsec_md5h.h \ - ipsec_param.h ipsec_policy.h ipsec_proto.h ipsec_radij.h ipsec_rcv.h \ - ipsec_sa.h ipsec_sha1.h ipsec_stats.h ipsec_tunnel.h ipsec_xform.h \ - ipsec_xmit.h keyblobtoid.c optionsfrom.c pfkey_v2_build.c pfkey_v2_debug.c \ - pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c radij.h rangetoa.c \ + goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ + keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \ + pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \ pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \ satot.c subnetof.c subnettoa.c subnettot.c \ subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \ - ultoa.c ultot.c version.c -INCLUDES = -I$(top_srcdir)/src/pluto + ultoa.c ultot.c + +INCLUDES = \ +-I$(top_srcdir)/src/libstrongswan \ +-I$(top_srcdir)/src/pluto + dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ - keyblobtoid.3 optionsfrom.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ - ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 version.3 + keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ + ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 diff --git a/src/libfreeswan/Makefile.in b/src/libfreeswan/Makefile.in index c973358ed..37c32b9fa 100644 --- a/src/libfreeswan/Makefile.in +++ b/src/libfreeswan/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.10.1 from Makefile.am. +# Makefile.in generated by automake 1.10.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -51,15 +51,15 @@ am_libfreeswan_a_OBJECTS = addrtoa.$(OBJEXT) addrtot.$(OBJEXT) \ atoul.$(OBJEXT) copyright.$(OBJEXT) datatot.$(OBJEXT) \ goodmask.$(OBJEXT) initaddr.$(OBJEXT) initsaid.$(OBJEXT) \ initsubnet.$(OBJEXT) keyblobtoid.$(OBJEXT) \ - optionsfrom.$(OBJEXT) pfkey_v2_build.$(OBJEXT) \ - pfkey_v2_debug.$(OBJEXT) pfkey_v2_ext_bits.$(OBJEXT) \ - pfkey_v2_parse.$(OBJEXT) portof.$(OBJEXT) prng.$(OBJEXT) \ - rangetoa.$(OBJEXT) rangetosubnet.$(OBJEXT) sameaddr.$(OBJEXT) \ - satoa.$(OBJEXT) satot.$(OBJEXT) subnetof.$(OBJEXT) \ - subnettoa.$(OBJEXT) subnettot.$(OBJEXT) subnettypeof.$(OBJEXT) \ - ttoaddr.$(OBJEXT) ttodata.$(OBJEXT) ttoprotoport.$(OBJEXT) \ - ttosa.$(OBJEXT) ttosubnet.$(OBJEXT) ttoul.$(OBJEXT) \ - ultoa.$(OBJEXT) ultot.$(OBJEXT) version.$(OBJEXT) + pfkey_v2_build.$(OBJEXT) pfkey_v2_debug.$(OBJEXT) \ + pfkey_v2_ext_bits.$(OBJEXT) pfkey_v2_parse.$(OBJEXT) \ + portof.$(OBJEXT) prng.$(OBJEXT) rangetoa.$(OBJEXT) \ + rangetosubnet.$(OBJEXT) sameaddr.$(OBJEXT) satoa.$(OBJEXT) \ + satot.$(OBJEXT) subnetof.$(OBJEXT) subnettoa.$(OBJEXT) \ + subnettot.$(OBJEXT) subnettypeof.$(OBJEXT) ttoaddr.$(OBJEXT) \ + ttodata.$(OBJEXT) ttoprotoport.$(OBJEXT) ttosa.$(OBJEXT) \ + ttosubnet.$(OBJEXT) ttoul.$(OBJEXT) ultoa.$(OBJEXT) \ + ultot.$(OBJEXT) libfreeswan_a_OBJECTS = $(am_libfreeswan_a_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp @@ -97,6 +97,7 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -119,6 +120,9 @@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ +LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ +LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ @@ -130,6 +134,7 @@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ @@ -143,6 +148,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -203,6 +210,7 @@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -214,6 +222,7 @@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ xml_CFLAGS = @xml_CFLAGS@ @@ -221,22 +230,21 @@ xml_LIBS = @xml_LIBS@ noinst_LIBRARIES = libfreeswan.a libfreeswan_a_SOURCES = addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c atoasr.c \ atosa.c atosubnet.c atoul.c copyright.c datatot.c freeswan.h \ - goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipcomp.h \ - ipsec_ah.h ipsec_alg.h ipsec_encap.h ipsec_eroute.h ipsec_errs.h \ - ipsec_esp.h ipsec_ipe4.h ipsec_kversion.h ipsec_life.h ipsec_md5h.h \ - ipsec_param.h ipsec_policy.h ipsec_proto.h ipsec_radij.h ipsec_rcv.h \ - ipsec_sa.h ipsec_sha1.h ipsec_stats.h ipsec_tunnel.h ipsec_xform.h \ - ipsec_xmit.h keyblobtoid.c optionsfrom.c pfkey_v2_build.c pfkey_v2_debug.c \ - pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c radij.h rangetoa.c \ + goodmask.c initaddr.c initsaid.c initsubnet.c internal.h ipsec_param.h \ + keyblobtoid.c pfkey_v2_build.c pfkey_v2_debug.c \ + pfkey_v2_ext_bits.c pfkey_v2_parse.c portof.c prng.c rangetoa.c \ pfkey.h pfkeyv2.h rangetosubnet.c sameaddr.c satoa.c \ satot.c subnetof.c subnettoa.c subnettot.c \ subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c ttosa.c ttosubnet.c ttoul.c \ - ultoa.c ultot.c version.c + ultoa.c ultot.c + +INCLUDES = \ +-I$(top_srcdir)/src/libstrongswan \ +-I$(top_srcdir)/src/pluto -INCLUDES = -I$(top_srcdir)/src/pluto dist_man3_MANS = anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 initaddr.3 initsubnet.3 \ - keyblobtoid.3 optionsfrom.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ - ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 version.3 + keyblobtoid.3 portof.3 prng.3 rangetosubnet.3 sameaddr.3 subnetof.3 \ + ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 all: all-am @@ -246,8 +254,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ @@ -301,7 +309,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initsaid.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initsubnet.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyblobtoid.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/optionsfrom.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_build.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_debug.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pfkey_v2_ext_bits.Po@am__quote@ @@ -325,7 +332,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ttoul.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ultoa.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ultot.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/version.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -364,8 +370,8 @@ install-man3: $(man3_MANS) $(man_MANS) esac; \ done; \ for i in $$list; do \ - if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ - else file=$$i; fi; \ + if test -f $$i; then file=$$i; \ + else file=$(srcdir)/$$i; fi; \ ext=`echo $$i | sed -e 's/^.*\\.//'`; \ case "$$ext" in \ 3*) ;; \ @@ -404,7 +410,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS diff --git a/src/libfreeswan/addrtoa.c b/src/libfreeswan/addrtoa.c index bb5d239ab..7acfa5ded 100644 --- a/src/libfreeswan/addrtoa.c +++ b/src/libfreeswan/addrtoa.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: addrtoa.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/addrtot.c b/src/libfreeswan/addrtot.c index 700553b40..6efdfccca 100644 --- a/src/libfreeswan/addrtot.c +++ b/src/libfreeswan/addrtot.c @@ -11,9 +11,9 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: addrtot.c 3265 2007-10-08 19:52:55Z andreas $ */ +#include <sys/socket.h> + #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/addrtypeof.c b/src/libfreeswan/addrtypeof.c index 8d68be12b..f402eca70 100644 --- a/src/libfreeswan/addrtypeof.c +++ b/src/libfreeswan/addrtypeof.c @@ -11,9 +11,9 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: addrtypeof.c 3265 2007-10-08 19:52:55Z andreas $ */ +#include <sys/socket.h> + #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/anyaddr.3 b/src/libfreeswan/anyaddr.3 index 556627f7d..58789cf6c 100644 --- a/src/libfreeswan/anyaddr.3 +++ b/src/libfreeswan/anyaddr.3 @@ -1,5 +1,4 @@ .TH IPSEC_ANYADDR 3 "8 Sept 2000" -.\" RCSID $Id: anyaddr.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec anyaddr \- get "any" address .br diff --git a/src/libfreeswan/anyaddr.c b/src/libfreeswan/anyaddr.c index 12100f07e..2e9fa2787 100644 --- a/src/libfreeswan/anyaddr.c +++ b/src/libfreeswan/anyaddr.c @@ -11,9 +11,9 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: anyaddr.c 3265 2007-10-08 19:52:55Z andreas $ */ +#include <sys/socket.h> + #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/atoaddr.3 b/src/libfreeswan/atoaddr.3 index 617609325..fce8884e4 100644 --- a/src/libfreeswan/atoaddr.3 +++ b/src/libfreeswan/atoaddr.3 @@ -1,5 +1,4 @@ .TH IPSEC_ATOADDR 3 "11 June 2001" -.\" RCSID $Id: atoaddr.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec atoaddr, addrtoa \- convert Internet addresses to and from ASCII .br diff --git a/src/libfreeswan/atoaddr.c b/src/libfreeswan/atoaddr.c index 1af90cd63..dd73be7f3 100644 --- a/src/libfreeswan/atoaddr.c +++ b/src/libfreeswan/atoaddr.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: atoaddr.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/atoasr.3 b/src/libfreeswan/atoasr.3 index 8be2fa274..0b9a5fea3 100644 --- a/src/libfreeswan/atoasr.3 +++ b/src/libfreeswan/atoasr.3 @@ -1,5 +1,4 @@ .TH IPSEC_ATOASR 3 "11 June 2001" -.\" RCSID $Id: atoasr.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec atoasr \- convert ASCII to Internet address, subnet, or range .br diff --git a/src/libfreeswan/atoasr.c b/src/libfreeswan/atoasr.c index 03b7c5b7f..ef8412fe8 100644 --- a/src/libfreeswan/atoasr.c +++ b/src/libfreeswan/atoasr.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: atoasr.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/atosa.3 b/src/libfreeswan/atosa.3 index cd2205bfe..f57fcf1e9 100644 --- a/src/libfreeswan/atosa.3 +++ b/src/libfreeswan/atosa.3 @@ -1,5 +1,4 @@ .TH IPSEC_ATOSA 3 "11 June 2001" -.\" RCSID $Id: atosa.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec atosa, satoa \- convert IPsec Security Association IDs to and from ASCII .SH SYNOPSIS diff --git a/src/libfreeswan/atosa.c b/src/libfreeswan/atosa.c index f49931716..aeb5742e1 100644 --- a/src/libfreeswan/atosa.c +++ b/src/libfreeswan/atosa.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: atosa.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/atosubnet.c b/src/libfreeswan/atosubnet.c index 3411e9e05..a123a39da 100644 --- a/src/libfreeswan/atosubnet.c +++ b/src/libfreeswan/atosubnet.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: atosubnet.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/atoul.3 b/src/libfreeswan/atoul.3 index 2d710cbc9..6737b6b54 100644 --- a/src/libfreeswan/atoul.3 +++ b/src/libfreeswan/atoul.3 @@ -1,5 +1,4 @@ .TH IPSEC_ATOUL 3 "11 June 2001" -.\" RCSID $Id: atoul.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec atoul, ultoa \- convert unsigned-long numbers to and from ASCII .SH SYNOPSIS diff --git a/src/libfreeswan/atoul.c b/src/libfreeswan/atoul.c index a3bf07a60..7e51de8fe 100644 --- a/src/libfreeswan/atoul.c +++ b/src/libfreeswan/atoul.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: atoul.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/copyright.c b/src/libfreeswan/copyright.c index 3c382160a..65585b62e 100644 --- a/src/libfreeswan/copyright.c +++ b/src/libfreeswan/copyright.c @@ -11,14 +11,12 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: copyright.c 4181 2008-07-16 12:28:29Z andreas $ */ #include "internal.h" #include "freeswan.h" static const char *co[] = { - "Copyright (C) 1999-2008 Henry Spencer, Richard Guy Briggs,", + "Copyright (C) 1999-2009 Henry Spencer, Richard Guy Briggs,", " D. Hugh Redelmeier, Sandy Harris, Claudia Schmeing,", " Michael Richardson, Angelos D. Keromytis, John Ioannidis,", "", diff --git a/src/libfreeswan/datatot.c b/src/libfreeswan/datatot.c index cefe09ef0..b18d4b050 100644 --- a/src/libfreeswan/datatot.c +++ b/src/libfreeswan/datatot.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: datatot.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/freeswan.h b/src/libfreeswan/freeswan.h index cbb8e2db4..cb14cd678 100644 --- a/src/libfreeswan/freeswan.h +++ b/src/libfreeswan/freeswan.h @@ -13,24 +13,10 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: freeswan.h 4632 2008-11-11 18:37:19Z martin $ */ #define _FREESWAN_H /* seen it, no need to see it again */ - - -/* - * We've just got to have some datatypes defined... And annoyingly, just - * where we get them depends on whether we're in userland or not. - */ -#ifdef __KERNEL__ - -# include <linux/types.h> -# include <linux/in.h> - -#else /* __KERNEL__ */ - +# include <sys/types.h> # include <stdio.h> # include <netinet/in.h> @@ -41,25 +27,13 @@ # define DEBUG_NO_STATIC static -#endif /* __KERNEL__ */ - #include <ipsec_param.h> - +#include <utils.h> /* - * Grab the kernel version to see if we have NET_21, and therefore - * IPv6. Some of this is repeated from ipsec_kversions.h. Of course, - * we aren't really testing if the kernel has IPv6, but rather if the - * the include files do. + * We assume header files have IPv6 (i.e. kernel version >= 2.1.0) */ -#include <linux/version.h> -#ifndef KERNEL_VERSION -#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) #define NET_21 -#endif #ifndef IPPROTO_COMP # define IPPROTO_COMP 108 @@ -84,28 +58,6 @@ * use their definitions directly, they are subject to change! */ -/* first, some quick fakes in case we're on an old system with no IPv6 */ -#ifndef s6_addr16 -struct in6_addr { - union - { - __u8 u6_addr8[16]; - __u16 u6_addr16[8]; - __u32 u6_addr32[4]; - } in6_u; -#define s6_addr in6_u.u6_addr8 -#define s6_addr16 in6_u.u6_addr16 -#define s6_addr32 in6_u.u6_addr32 -}; -struct sockaddr_in6 { - unsigned short int sin6_family; /* AF_INET6 */ - __u16 sin6_port; /* Transport layer port # */ - __u32 sin6_flowinfo; /* IPv6 flow information */ - struct in6_addr sin6_addr; /* IPv6 address */ - __u32 sin6_scope_id; /* scope id (new in RFC2553) */ -}; -#endif /* !s6_addr16 */ - /* then the main types */ typedef struct { union { @@ -119,11 +71,7 @@ typedef struct { } ip_subnet; /* and the SA ID stuff */ -#ifdef __KERNEL__ -typedef __u32 ipsec_spi_t; -#else typedef u_int32_t ipsec_spi_t; -#endif typedef struct { /* to identify an SA, we need: */ ip_address dst; /* A. destination host */ ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */ @@ -147,7 +95,6 @@ struct sa_id { /* old v4-only version */ }; /* misc */ -typedef const char *err_t; /* error message, or NULL for success */ struct prng { /* pseudo-random-number-generator guts */ unsigned char sbox[256]; int i, j; @@ -160,6 +107,8 @@ struct prng { /* pseudo-random-number-generator guts */ */ typedef uint32_t IPsecSAref_t; +#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH) + #define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t)) #define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) @@ -220,7 +169,7 @@ size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m, size_t mlen, char *dst, size_t dstlen); #define KEYID_BUF 10 /* up to 9 text digits plus NUL */ err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port, - int *has_port_wildcard); + bool *has_port_wildcard); /* initializations */ void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst); @@ -269,8 +218,6 @@ unsigned long prng_count(struct prng *prng); void prng_final(struct prng *prng); /* odds and ends */ -const char *ipsec_version_code(void); -const char *ipsec_version_string(void); const char **ipsec_copyright_notice(void); const char *dns_string_rr(int rr, char *buf, int bufsize); @@ -436,19 +383,6 @@ bitstomask( int n ); - - -/* - * general utilities - */ - -#ifndef __KERNEL__ -/* option pickup from files (userland only because of use of FILE) */ -const char *optionsfrom(const char *filename, int *argcp, char ***argvp, - int optind, FILE *errorreport); -#define ignore_result(call) { if (call); } -#endif - /* * Debugging levels for pfkey_lib_debug */ diff --git a/src/libfreeswan/goodmask.3 b/src/libfreeswan/goodmask.3 index eeff2f25d..b76d431ca 100644 --- a/src/libfreeswan/goodmask.3 +++ b/src/libfreeswan/goodmask.3 @@ -1,5 +1,4 @@ .TH IPSEC_GOODMASK 3 "11 June 2001" -.\" RCSID $Id: goodmask.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec goodmask \- is this Internet subnet mask a valid one? .br diff --git a/src/libfreeswan/goodmask.c b/src/libfreeswan/goodmask.c index 318a2879f..a2d51de0c 100644 --- a/src/libfreeswan/goodmask.c +++ b/src/libfreeswan/goodmask.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: goodmask.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/initaddr.3 b/src/libfreeswan/initaddr.3 index bcbd3f88b..071e507aa 100644 --- a/src/libfreeswan/initaddr.3 +++ b/src/libfreeswan/initaddr.3 @@ -1,5 +1,4 @@ .TH IPSEC_INITADDR 3 "11 Sept 2000" -.\" RCSID $Id: initaddr.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec initaddr \- initialize an ip_address .br diff --git a/src/libfreeswan/initaddr.c b/src/libfreeswan/initaddr.c index 99870ded2..c30efb812 100644 --- a/src/libfreeswan/initaddr.c +++ b/src/libfreeswan/initaddr.c @@ -11,9 +11,9 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: initaddr.c 3265 2007-10-08 19:52:55Z andreas $ */ +#include <sys/socket.h> + #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/initsaid.c b/src/libfreeswan/initsaid.c index 43156e96e..fb8187422 100644 --- a/src/libfreeswan/initsaid.c +++ b/src/libfreeswan/initsaid.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: initsaid.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/initsubnet.3 b/src/libfreeswan/initsubnet.3 index aaf2a64d5..3545fd426 100644 --- a/src/libfreeswan/initsubnet.3 +++ b/src/libfreeswan/initsubnet.3 @@ -1,5 +1,4 @@ .TH IPSEC_INITSUBNET 3 "12 March 2002" -.\" RCSID $Id: initsubnet.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec initsubnet \- initialize an ip_subnet .br diff --git a/src/libfreeswan/initsubnet.c b/src/libfreeswan/initsubnet.c index f2d8b4dc8..0e19098c5 100644 --- a/src/libfreeswan/initsubnet.c +++ b/src/libfreeswan/initsubnet.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: initsubnet.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/internal.h b/src/libfreeswan/internal.h index 921e47835..fa24f7d2d 100644 --- a/src/libfreeswan/internal.h +++ b/src/libfreeswan/internal.h @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: internal.h 3265 2007-10-08 19:52:55Z andreas $ */ #ifndef ABITS @@ -35,47 +33,14 @@ #define PASSTHROUGHDST 0 #endif -/* - * Headers, greatly complicated by stupid and unnecessary inconsistencies - * between the user environment and the kernel environment. These are done - * here so that this mess need exist in only one place. - * - * It may seem like a -I or two could avoid most of this, but on closer - * inspection it is not quite that easy. - */ - -/* things that need to come from one place or the other, depending */ -#ifdef __KERNEL__ -#include <linux/types.h> -#include <linux/socket.h> -#include <linux/in.h> -#include <linux/string.h> -#include <linux/ctype.h> -#define assert(foo) /* nothing */ -#else #include <sys/types.h> #include <netinet/in.h> #include <string.h> #include <ctype.h> #include <assert.h> -#endif - -/* things that exist only in userland */ -#ifndef __KERNEL__ - -/* You'd think this would be okay in the kernel too -- it's just a */ -/* bunch of constants -- but no, in RH5.1 it screws up other things. */ -/* (Credit: Mike Warfield tracked this problem down. Thanks Mike!) */ -/* Fortunately, we don't need it in the kernel subset of the library. */ #include <limits.h> - -/* header files for things that should never be called in kernel */ #include <netdb.h> - -/* memory allocation, currently user-only, macro-ized just in case */ #include <stdlib.h> #define MALLOC(n) malloc(n) #define FREE(p) free(p) -#endif /* __KERNEL__ */ - diff --git a/src/libfreeswan/ipcomp.h b/src/libfreeswan/ipcomp.h deleted file mode 100644 index 57f8cc7cc..000000000 --- a/src/libfreeswan/ipcomp.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * IPCOMP zlib interface code. - * Copyright (C) 2000 Svenning Soerensen <svenning@post5.tele.dk> - * Copyright (C) 2000, 2001 Richard Guy Briggs <rgb@conscoop.ottawa.on.ca> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - - RCSID $Id: ipcomp.h 3265 2007-10-08 19:52:55Z andreas $ - - */ - -/* SSS */ - -#ifndef _IPCOMP_H -#define _IPCOMP_H - -/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */ -#ifndef IPCOMP_PREFIX -#define IPCOMP_PREFIX -#endif /* IPCOMP_PREFIX */ - -#ifndef IPPROTO_COMP -#define IPPROTO_COMP 108 -#endif /* IPPROTO_COMP */ - -#ifdef CONFIG_IPSEC_DEBUG -extern int sysctl_ipsec_debug_ipcomp; -#endif /* CONFIG_IPSEC_DEBUG */ - -struct ipcomphdr { /* IPCOMP header */ - __u8 ipcomp_nh; /* Next header (protocol) */ - __u8 ipcomp_flags; /* Reserved, must be 0 */ - __u16 ipcomp_cpi; /* Compression Parameter Index */ -}; - -extern struct inet_protocol comp_protocol; -extern int sysctl_ipsec_debug_ipcomp; - -#define IPCOMP_UNCOMPRESSABLE 0x000000001 -#define IPCOMP_COMPRESSIONERROR 0x000000002 -#define IPCOMP_PARMERROR 0x000000004 -#define IPCOMP_DECOMPRESSIONERROR 0x000000008 - -#define IPCOMP_ADAPT_INITIAL_TRIES 8 -#define IPCOMP_ADAPT_INITIAL_SKIP 4 -#define IPCOMP_ADAPT_SUBSEQ_TRIES 2 -#define IPCOMP_ADAPT_SUBSEQ_SKIP 8 - -/* Function prototypes */ -struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags); -struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags); - -#endif /* _IPCOMP_H */ diff --git a/src/libfreeswan/ipsec_ah.h b/src/libfreeswan/ipsec_ah.h deleted file mode 100644 index aa34ce798..000000000 --- a/src/libfreeswan/ipsec_ah.h +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Authentication Header declarations - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_ah.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -#include "ipsec_md5h.h" -#include "ipsec_sha1.h" - -#ifndef IPPROTO_AH -#define IPPROTO_AH 51 -#endif /* IPPROTO_AH */ - -#define AH_FLENGTH 12 /* size of fixed part */ -#define AHMD5_KMAX 64 /* MD5 max 512 bits key */ -#define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */ - -#define AHMD596_KLEN 16 /* MD5 128 bits key */ -#define AHSHA196_KLEN 20 /* SHA1 160 bits key */ - -#define AHMD596_ALEN 16 /* MD5 128 bits authentication length */ -#define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */ - -#define AHMD596_BLKLEN 64 /* MD5 block length */ -#define AHSHA196_BLKLEN 64 /* SHA1 block length */ -#define AHSHA2_256_BLKLEN 64 /* SHA2-256 block length */ -#define AHSHA2_384_BLKLEN 128 /* SHA2-384 block length (?) */ -#define AHSHA2_512_BLKLEN 128 /* SHA2-512 block length */ - -#define AH_BLKLEN_MAX 128 /* keep up to date! */ - -#define AH_AMAX AHSHA196_ALEN /* keep up to date! */ -#define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */ -#define AHHMAC_RPLLEN 4 /* 32 bit replay counter */ - -#define DB_AH_PKTRX 0x0001 -#define DB_AH_PKTRX2 0x0002 -#define DB_AH_DMP 0x0004 -#define DB_AH_IPSA 0x0010 -#define DB_AH_XF 0x0020 -#define DB_AH_INAU 0x0040 -#define DB_AH_REPLAY 0x0100 - -#ifdef __KERNEL__ - -/* General HMAC algorithm is described in RFC 2104 */ - -#define HMAC_IPAD 0x36 -#define HMAC_OPAD 0x5C - -struct md5_ctx { - MD5_CTX ictx; /* context after H(K XOR ipad) */ - MD5_CTX octx; /* context after H(K XOR opad) */ -}; - -struct sha1_ctx { - SHA1_CTX ictx; /* context after H(K XOR ipad) */ - SHA1_CTX octx; /* context after H(K XOR opad) */ -}; - -struct auth_alg { - void (*init)(void *ctx); - void (*update)(void *ctx, unsigned char *bytes, __u32 len); - void (*final)(unsigned char *hash, void *ctx); - int hashlen; -}; - -extern struct inet_protocol ah_protocol; - -struct options; - -extern int -ah_rcv(struct sk_buff *skb, - struct device *dev, - struct options *opt, - __u32 daddr, - unsigned short len, - __u32 saddr, - int redo, - struct inet_protocol *protocol); - -struct ahhdr /* Generic AH header */ -{ - __u8 ah_nh; /* Next header (protocol) */ - __u8 ah_hl; /* AH length, in 32-bit words */ - __u16 ah_rv; /* reserved, must be 0 */ - __u32 ah_spi; /* Security Parameters Index */ - __u32 ah_rpl; /* Replay prevention */ - __u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */ -}; -#define AH_BASIC_LEN 8 /* basic AH header is 8 bytes, nh,hl,rv,spi - * and the ah_hl, says how many bytes after that - * to cover. */ - - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_ah; -#endif /* CONFIG_IPSEC_DEBUG */ -#endif /* __KERNEL__ */ diff --git a/src/libfreeswan/ipsec_alg.h b/src/libfreeswan/ipsec_alg.h deleted file mode 100644 index 6b85be645..000000000 --- a/src/libfreeswan/ipsec_alg.h +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Modular extensions service and registration functions interface - * - * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> - * - * $Id: ipsec_alg.h 3265 2007-10-08 19:52:55Z andreas $ - * - */ -/* - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - */ -#ifndef IPSEC_ALG_H -#define IPSEC_ALG_H - -/* - * gcc >= 3.2 has removed __FUNCTION__, replaced by C99 __func__ - * *BUT* its a compiler variable. - */ -#if (__GNUC__ >= 3) -#ifndef __FUNCTION__ -#define __FUNCTION__ __func__ -#endif -#endif - -/* Version 0.8.1-0 */ -#define IPSEC_ALG_VERSION 0x00080100 - -#include <linux/types.h> -#include <linux/list.h> -#include <asm/atomic.h> -/* - * The following structs are used via pointers in ipsec_alg object to - * avoid ipsec_alg.h coupling with freeswan headers, thus simplifying - * module development - */ -struct ipsec_sa; -struct esp; - -/************************************** - * - * Main registration object - * - *************************************/ -#define IPSEC_ALG_VERSION_QUAD(v) \ - (v>>24),((v>>16)&0xff),((v>>8)&0xff),(v&0xff) -/* - * Main ipsec_alg objects: "OOPrograming wannabe" - * Hierachy (carefully handled with _minimal_ cast'ing): - * - * ipsec_alg+ - * +->ipsec_alg_enc (ixt_alg_type=SADB_EXT_SUPPORTED_ENCRYPT) - * +->ipsec_alg_auth (ixt_alg_type=SADB_EXT_SUPPORTED_AUTH) - */ - -/*************************************************************** - * - * INTERFACE object: struct ipsec_alg - * - ***************************************************************/ - -/* - * common part for every struct ipsec_alg_* - * (sortof poor's man OOP) - */ -#define IPSEC_ALG_STRUCT_COMMON \ - unsigned ixt_version; /* only allow this version (or 'near')*/ \ - struct list_head ixt_list; /* dlinked list */ \ - struct module *ixt_module; /* THIS_MODULE */ \ - unsigned ixt_state; /* state flags */ \ - atomic_t ixt_refcnt; /* ref. count when pointed from ipsec_sa */ \ - char ixt_name[16]; /* descriptive short name, eg. "3des" */ \ - void *ixt_data; /* private for algo implementation */ \ - uint8_t ixt_blocksize; /* blocksize in bytes */ \ - \ - /* THIS IS A COPY of struct supported (lib/pfkey.h) \ - * please keep in sync until we migrate 'supported' stuff \ - * to ipsec_alg \ - */ \ - uint16_t ixt_alg_type; /* correspond to IPSEC_ALG_{ENCRYPT,AUTH} */ \ - uint8_t ixt_alg_id; /* enc. alg. number, eg. ESP_3DES */ \ - uint8_t ixt_ivlen; /* ivlen in bits, expected to be multiple of 8! */ \ - uint16_t ixt_keyminbits;/* min. keybits (of entropy) */ \ - uint16_t ixt_keymaxbits;/* max. keybits (of entropy) */ - -#define ixt_support ixt_alg_type - -#define IPSEC_ALG_ST_SUPP 0x01 -#define IPSEC_ALG_ST_REGISTERED 0x02 -#define IPSEC_ALG_ST_EXCL 0x04 -struct ipsec_alg { - IPSEC_ALG_STRUCT_COMMON -}; -/* - * Note the const in cbc_encrypt IV arg: - * some ciphers like to toast passed IV (eg. 3DES): make a local IV copy - */ -struct ipsec_alg_enc { - IPSEC_ALG_STRUCT_COMMON - unsigned ixt_e_keylen; /* raw key length in bytes */ - unsigned ixt_e_ctx_size; /* sa_p->key_e_size */ - int (*ixt_e_set_key)(struct ipsec_alg_enc *alg, __u8 *key_e, const __u8 *key, size_t keysize); - __u8 *(*ixt_e_new_key)(struct ipsec_alg_enc *alg, const __u8 *key, size_t keysize); - void (*ixt_e_destroy_key)(struct ipsec_alg_enc *alg, __u8 *key_e); - int (*ixt_e_cbc_encrypt)(struct ipsec_alg_enc *alg, __u8 *key_e, __u8 *in, int ilen, const __u8 *iv, int encrypt); -}; -struct ipsec_alg_auth { - IPSEC_ALG_STRUCT_COMMON - unsigned ixt_a_keylen; /* raw key length in bytes */ - unsigned ixt_a_ctx_size; /* sa_p->key_a_size */ - unsigned ixt_a_authlen; /* 'natural' auth. hash len (bytes) */ - int (*ixt_a_hmac_set_key)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *key, int keylen); - int (*ixt_a_hmac_hash)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *dat, int len, __u8 *hash, int hashlen); -}; -/* - * These are _copies_ of SADB_EXT_SUPPORTED_{AUTH,ENCRYPT}, - * to avoid header coupling for true constants - * about headers ... "cp is your friend" --Linus - */ -#define IPSEC_ALG_TYPE_AUTH 14 -#define IPSEC_ALG_TYPE_ENCRYPT 15 - -/*************************************************************** - * - * INTERFACE for module loading,testing, and unloading - * - ***************************************************************/ -/* - registration calls */ -int register_ipsec_alg(struct ipsec_alg *); -int unregister_ipsec_alg(struct ipsec_alg *); -/* - optional (simple test) for algos */ -int ipsec_alg_test(unsigned alg_type, unsigned alg_id, int testparm); -/* inline wrappers (usefull for type validation */ -static inline int register_ipsec_alg_enc(struct ipsec_alg_enc *ixt) { - return register_ipsec_alg((struct ipsec_alg*)ixt); -} -static inline int unregister_ipsec_alg_enc(struct ipsec_alg_enc *ixt) { - return unregister_ipsec_alg((struct ipsec_alg*)ixt); -} -static inline int register_ipsec_alg_auth(struct ipsec_alg_auth *ixt) { - return register_ipsec_alg((struct ipsec_alg*)ixt); -} -static inline int unregister_ipsec_alg_auth(struct ipsec_alg_auth *ixt) { - return unregister_ipsec_alg((struct ipsec_alg*)ixt); -} - -/***************************************************************** - * - * INTERFACE for ENC services: key creation, encrypt function - * - *****************************************************************/ - -#define IPSEC_ALG_ENCRYPT 1 -#define IPSEC_ALG_DECRYPT 0 - -/* encryption key context creation function */ -int ipsec_alg_enc_key_create(struct ipsec_sa *sa_p); -/* - * ipsec_alg_esp_encrypt(): encrypt ilen bytes in idat returns - * 0 or ERR<0 - */ -int ipsec_alg_esp_encrypt(struct ipsec_sa *sa_p, __u8 *idat, int ilen, const __u8 *iv, int action); - -/*************************************************************** - * - * INTERFACE for AUTH services: key creation, hash functions - * - ***************************************************************/ -int ipsec_alg_auth_key_create(struct ipsec_sa *sa_p); -int ipsec_alg_sa_esp_hash(const struct ipsec_sa *sa_p, const __u8 *espp, int len, __u8 *hash, int hashlen) ; -#define ipsec_alg_sa_esp_update(c,k,l) ipsec_alg_sa_esp_hash(c,k,l,NULL,0) - -/* only called from ipsec_init.c */ -int ipsec_alg_init(void); - -/* algo module glue for static algos */ -void ipsec_alg_static_init(void); -typedef int (*ipsec_alg_init_func_t) (void); - -/********************************************** - * - * INTERFACE for ipsec_sa init and wipe - * - **********************************************/ - -/* returns true if ipsec_sa has ipsec_alg obj attached */ -/* - * Initializes ipsec_sa's ipsec_alg object, using already loaded - * proto, authalg, encalg.; links ipsec_alg objects (enc, auth) - */ -int ipsec_alg_sa_init(struct ipsec_sa *sa_p); -/* - * Destroys ipsec_sa's ipsec_alg object - * unlinking ipsec_alg objects - */ -int ipsec_alg_sa_wipe(struct ipsec_sa *sa_p); - -/********************************************** - * - * 2.2 backport for some 2.4 useful module stuff - * - **********************************************/ -#ifdef MODULE -#ifndef THIS_MODULE -#define THIS_MODULE (&__this_module) -#endif -#ifndef module_init -typedef int (*__init_module_func_t)(void); -typedef void (*__cleanup_module_func_t)(void); - -#define module_init(x) \ - int init_module(void) __attribute__((alias(#x))); \ - static inline __init_module_func_t __init_module_inline(void) \ - { return x; } -#define module_exit(x) \ - void cleanup_module(void) __attribute__((alias(#x))); \ - static inline __cleanup_module_func_t __cleanup_module_inline(void) \ - { return x; } -#endif - -#define IPSEC_ALG_MODULE_INIT( func_name ) \ - static int func_name(void); \ - module_init(func_name); \ - static int __init func_name(void) -#define IPSEC_ALG_MODULE_EXIT( func_name ) \ - static void func_name(void); \ - module_exit(func_name); \ - static void __exit func_name(void) -#else /* not MODULE */ -#ifndef THIS_MODULE -#define THIS_MODULE NULL -#endif -/* - * I only want module_init() magic - * when algo.c file *is THE MODULE*, in all other - * cases, initialization is called explicitely from ipsec_alg_init() - */ -#define IPSEC_ALG_MODULE_INIT( func_name ) \ - extern int func_name(void); \ - int func_name(void) -#define IPSEC_ALG_MODULE_EXIT( func_name ) \ - extern void func_name(void); \ - void func_name(void) -#endif - -#endif /* IPSEC_ALG_H */ diff --git a/src/libfreeswan/ipsec_encap.h b/src/libfreeswan/ipsec_encap.h deleted file mode 100644 index 4f8d2e9a0..000000000 --- a/src/libfreeswan/ipsec_encap.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * declarations relevant to encapsulation-like operations - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_encap.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -#ifndef _IPSEC_ENCAP_H_ - -#define SENT_IP4 16 /* data is two struct in_addr + proto + ports*/ - /* (2 * sizeof(struct in_addr)) */ - /* sizeof(struct sockaddr_encap) - - offsetof(struct sockaddr_encap, Sen.Sip4.Src) */ - -struct sockaddr_encap -{ - __u8 sen_len; /* length */ - __u8 sen_family; /* AF_ENCAP */ - __u16 sen_type; /* see SENT_* */ - union - { - struct /* SENT_IP4 */ - { - struct in_addr Src; - struct in_addr Dst; - __u8 Proto; - __u16 Sport; - __u16 Dport; - } Sip4; - } Sen; -}; - -#define sen_ip_src Sen.Sip4.Src -#define sen_ip_dst Sen.Sip4.Dst -#define sen_proto Sen.Sip4.Proto -#define sen_sport Sen.Sip4.Sport -#define sen_dport Sen.Sip4.Dport - -#ifndef AF_ENCAP -#define AF_ENCAP 26 -#endif /* AF_ENCAP */ - -#define _IPSEC_ENCAP_H_ -#endif /* _IPSEC_ENCAP_H_ */ diff --git a/src/libfreeswan/ipsec_eroute.h b/src/libfreeswan/ipsec_eroute.h deleted file mode 100644 index 60af0f09b..000000000 --- a/src/libfreeswan/ipsec_eroute.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * @(#) declarations of eroute structures - * - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs <rgb@freeswan.org> - * Copyright (C) 2001 Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_eroute.h 3265 2007-10-08 19:52:55Z andreas $ - * - * derived from ipsec_encap.h 1.15 on 2001/9/18 by mcr. - * - */ - -#ifndef _IPSEC_EROUTE_H_ - -#include "radij.h" -#include "ipsec_encap.h" -#include "ipsec_radij.h" - -/* - * The "type" is really part of the address as far as the routing - * system is concerned. By using only one bit in the type field - * for each type, we sort-of make sure that different types of - * encapsulation addresses won't be matched against the wrong type. - */ - -/* - * An entry in the radix tree - */ - -struct rjtentry -{ - struct radij_node rd_nodes[2]; /* tree glue, and other values */ -#define rd_key(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_key)) -#define rd_mask(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_mask)) - short rd_flags; - short rd_count; -}; - -struct ident -{ - __u16 type; /* identity type */ - __u64 id; /* identity id */ - __u8 len; /* identity len */ - caddr_t data; /* identity data */ -}; - -/* - * An encapsulation route consists of a pointer to a - * radix tree entry and a SAID (a destination_address/SPI/protocol triple). - */ - -struct eroute -{ - struct rjtentry er_rjt; - struct sa_id er_said; - uint32_t er_pid; - uint32_t er_count; - uint64_t er_lasttime; - struct sockaddr_encap er_eaddr; /* MCR get rid of _encap, it is silly*/ - struct sockaddr_encap er_emask; - struct ident er_ident_s; - struct ident er_ident_d; - struct sk_buff* er_first; - struct sk_buff* er_last; -}; - -#define er_dst er_said.dst -#define er_spi er_said.spi - -#define _IPSEC_EROUTE_H_ -#endif /* _IPSEC_EROUTE_H_ */ diff --git a/src/libfreeswan/ipsec_errs.h b/src/libfreeswan/ipsec_errs.h deleted file mode 100644 index da7646870..000000000 --- a/src/libfreeswan/ipsec_errs.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * @(#) definition of ipsec_errs structure - * - * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> - * and Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_errs.h 3265 2007-10-08 19:52:55Z andreas $ - * - */ - -/* - * This file describes the errors/statistics that FreeSWAN collects. - * - */ - -struct ipsec_errs { - __u32 ips_alg_errs; /* number of algorithm errors */ - __u32 ips_auth_errs; /* # of authentication errors */ - __u32 ips_encsize_errs; /* # of encryption size errors*/ - __u32 ips_encpad_errs; /* # of encryption pad errors*/ - __u32 ips_replaywin_errs; /* # of pkt sequence errors */ -}; diff --git a/src/libfreeswan/ipsec_esp.h b/src/libfreeswan/ipsec_esp.h deleted file mode 100644 index af1b488f2..000000000 --- a/src/libfreeswan/ipsec_esp.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_esp.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -#include "freeswan/ipsec_md5h.h" -#include "freeswan/ipsec_sha1.h" - -#include "crypto/des.h" - -#ifndef IPPROTO_ESP -#define IPPROTO_ESP 50 -#endif /* IPPROTO_ESP */ - -#define ESP_HEADER_LEN 8 /* 64 bits header (spi+rpl)*/ - -#define EMT_ESPDESCBC_ULEN 20 /* coming from user mode */ -#define EMT_ESPDES_KMAX 64 /* 512 bit secret key enough? */ -#define EMT_ESPDES_KEY_SZ 8 /* 56 bit secret key with parity = 64 bits */ -#define EMT_ESP3DES_KEY_SZ 24 /* 168 bit secret key with parity = 192 bits */ -#define EMT_ESPDES_IV_SZ 8 /* IV size */ -#define ESP_DESCBC_BLKLEN 8 /* DES-CBC block size */ - -#define ESP_IV_MAXSZ 16 /* This is _critical_ */ -#define ESP_IV_MAXSZ_INT (ESP_IV_MAXSZ/sizeof(int)) - -#define DB_ES_PKTRX 0x0001 -#define DB_ES_PKTRX2 0x0002 -#define DB_ES_IPSA 0x0010 -#define DB_ES_XF 0x0020 -#define DB_ES_IPAD 0x0040 -#define DB_ES_INAU 0x0080 -#define DB_ES_OINFO 0x0100 -#define DB_ES_OINFO2 0x0200 -#define DB_ES_OH 0x0400 -#define DB_ES_REPLAY 0x0800 - -#ifdef __KERNEL__ -struct des_eks { - des_key_schedule ks; -}; - -extern struct inet_protocol esp_protocol; - -struct options; - -extern int -esp_rcv(struct sk_buff *skb, - struct device *dev, - struct options *opt, - __u32 daddr, - unsigned short len, - __u32 saddr, - int redo, - struct inet_protocol *protocol); - -/* Only for 64 bits IVs, eg. ESP_3DES :P */ -struct esphdr -{ - __u32 esp_spi; /* Security Parameters Index */ - __u32 esp_rpl; /* Replay counter */ - __u8 esp_iv[8]; /* iv */ -}; - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_esp; -#endif /* CONFIG_IPSEC_DEBUG */ -#endif /* __KERNEL__ */ diff --git a/src/libfreeswan/ipsec_ipe4.h b/src/libfreeswan/ipsec_ipe4.h deleted file mode 100644 index bc86ae761..000000000 --- a/src/libfreeswan/ipsec_ipe4.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * IP-in-IP Header declarations - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_ipe4.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -/* The packet header is an IP header! */ - -struct ipe4_xdata /* transform table data */ -{ - struct in_addr i4_src; - struct in_addr i4_dst; -}; - -#define EMT_IPE4_ULEN 8 /* coming from user mode */ diff --git a/src/libfreeswan/ipsec_kversion.h b/src/libfreeswan/ipsec_kversion.h deleted file mode 100644 index 4a94021a2..000000000 --- a/src/libfreeswan/ipsec_kversion.h +++ /dev/null @@ -1,191 +0,0 @@ -#ifndef _FREESWAN_KVERSIONS_H -/* - * header file for FreeS/WAN library functions - * Copyright (C) 1998, 1999, 2000 Henry Spencer. - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ipsec_kversion.h 3265 2007-10-08 19:52:55Z andreas $ - */ -#define _FREESWAN_KVERSIONS_H /* seen it, no need to see it again */ - -/* - * this file contains a series of atomic defines that depend upon - * kernel version numbers. The kernel versions are arranged - * in version-order number (which is often not chronological) - * and each clause enables or disables a feature. - */ - -/* - * First, assorted kernel-version-dependent trickery. - */ -#include <linux/version.h> -#ifndef KERNEL_VERSION -#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,0) -#define HEADER_CACHE_BIND_21 -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) -#define SPINLOCK -#define PROC_FS_21 -#define NETLINK_SOCK -#define NET_21 -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,19) -#define net_device_stats enet_statistics -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) -#define SPINLOCK_23 -#define NETDEV_23 -# ifndef CONFIG_IP_ALIAS -# define CONFIG_IP_ALIAS -# endif -#include <linux/socket.h> -#include <linux/skbuff.h> -#include <linux/netlink.h> -# ifdef NETLINK_XFRM -# define NETDEV_25 -# endif -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,25) -#define PROC_FS_2325 -#undef PROC_FS_21 -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,30) -#define PROC_NO_DUMMY -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,35) -#define SKB_COPY_EXPAND -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,37) -#define IP_SELECT_IDENT -#endif - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,50)) && defined(CONFIG_NETFILTER) -#define SKB_RESET_NFCT -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,2) -#define IP_SELECT_IDENT_NEW -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) -#define IPH_is_SKB_PULLED -#define SKB_COW_NEW -#define PROTO_HANDLER_SINGLE_PARM -#define IP_FRAGMENT_LINEARIZE 1 -#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */ -# ifdef REDHAT_BOGOSITY -# define IP_SELECT_IDENT_NEW -# define IPH_is_SKB_PULLED -# define SKB_COW_NEW -# define PROTO_HANDLER_SINGLE_PARM -# endif /* REDHAT_BOGOSITY */ -#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */ - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9) -#define MALLOC_SLAB -#define LINUX_KERNEL_HAS_SNPRINTF -#endif - -#ifdef NET_21 -# include <linux/in6.h> -#else - /* old kernel in.h has some IPv6 stuff, but not quite enough */ -# define s6_addr16 s6_addr -# define AF_INET6 10 -# define uint8_t __u8 -# define uint16_t __u16 -# define uint32_t __u32 -# define uint64_t __u64 -#endif - -#ifdef NET_21 -# define ipsec_kfree_skb(a) kfree_skb(a) -#else /* NET_21 */ -# define ipsec_kfree_skb(a) kfree_skb(a, FREE_WRITE) -#endif /* NET_21 */ - -#ifdef NETDEV_23 -# define device net_device -# define ipsec_dev_get dev_get_by_name -# define __ipsec_dev_get __dev_get_by_name -# define ipsec_dev_put(x) dev_put(x) -# define __ipsec_dev_put(x) __dev_put(x) -# define ipsec_dev_hold(x) dev_hold(x) -#else /* NETDEV_23 */ -# define ipsec_dev_get dev_get -# define __ipsec_dev_put(x) -# define ipsec_dev_put(x) -# define ipsec_dev_hold(x) -#endif /* NETDEV_23 */ - -#ifndef SPINLOCK -# include <linux/bios32.h> - /* simulate spin locks and read/write locks */ - typedef struct { - volatile char lock; - } spinlock_t; - - typedef struct { - volatile unsigned int lock; - } rwlock_t; - -# define spin_lock_init(x) { (x)->lock = 0;} -# define rw_lock_init(x) { (x)->lock = 0; } - -# define spin_lock(x) { while ((x)->lock) barrier(); (x)->lock=1;} -# define spin_lock_irq(x) { cli(); spin_lock(x);} -# define spin_lock_irqsave(x,flags) { save_flags(flags); spin_lock_irq(x);} - -# define spin_unlock(x) { (x)->lock=0;} -# define spin_unlock_irq(x) { spin_unlock(x); sti();} -# define spin_unlock_irqrestore(x,flags) { spin_unlock(x); restore_flags(flags);} - -# define read_lock(x) spin_lock(x) -# define read_lock_irq(x) spin_lock_irq(x) -# define read_lock_irqsave(x,flags) spin_lock_irqsave(x,flags) - -# define read_unlock(x) spin_unlock(x) -# define read_unlock_irq(x) spin_unlock_irq(x) -# define read_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags) - -# define write_lock(x) spin_lock(x) -# define write_lock_irq(x) spin_lock_irq(x) -# define write_lock_irqsave(x,flags) spin_lock_irqsave(x,flags) - -# define write_unlock(x) spin_unlock(x) -# define write_unlock_irq(x) spin_unlock_irq(x) -# define write_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags) -#endif /* !SPINLOCK */ - -#ifndef SPINLOCK_23 -# define spin_lock_bh(x) spin_lock_irq(x) -# define spin_unlock_bh(x) spin_unlock_irq(x) - -# define read_lock_bh(x) read_lock_irq(x) -# define read_unlock_bh(x) read_unlock_irq(x) - -# define write_lock_bh(x) write_lock_irq(x) -# define write_unlock_bh(x) write_unlock_irq(x) -#endif /* !SPINLOCK_23 */ - -#endif /* _FREESWAN_KVERSIONS_H */ diff --git a/src/libfreeswan/ipsec_life.h b/src/libfreeswan/ipsec_life.h deleted file mode 100644 index 3508e007f..000000000 --- a/src/libfreeswan/ipsec_life.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Definitions relevant to IPSEC lifetimes - * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> - * and Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_life.h 3265 2007-10-08 19:52:55Z andreas $ - * - * This file derived from ipsec_xform.h on 2001/9/18 by mcr. - * - */ - -/* - * This file describes the book keeping fields for the - * IPsec Security Association Structure. ("ipsec_sa") - * - * This structure is never allocated directly by kernel code, - * (it is always a static/auto or is part of a structure) - * so it does not have a reference count. - * - */ - -#ifndef _IPSEC_LIFE_H_ - -/* - * _count is total count. - * _hard is hard limit (kill SA after this number) - * _soft is soft limit (try to renew SA after this number) - * _last is used in some special cases. - * - */ - -struct ipsec_lifetime64 -{ - __u64 ipl_count; - __u64 ipl_soft; - __u64 ipl_hard; - __u64 ipl_last; -}; - -struct ipsec_lifetimes -{ - /* number of bytes processed */ - struct ipsec_lifetime64 ipl_bytes; - - /* number of packets processed */ - struct ipsec_lifetime64 ipl_packets; - - /* time since SA was added */ - struct ipsec_lifetime64 ipl_addtime; - - /* time since SA was first used */ - struct ipsec_lifetime64 ipl_usetime; - - /* from rfc2367: - * For CURRENT, the number of different connections, - * endpoints, or flows that the association has been - * allocated towards. For HARD and SOFT, the number of - * these the association may be allocated towards - * before it expires. The concept of a connection, - * flow, or endpoint is system specific. - * - * mcr(2001-9-18) it is unclear what purpose these serve for FreeSWAN. - * They are maintained for PF_KEY compatibility. - */ - struct ipsec_lifetime64 ipl_allocations; -}; - -enum ipsec_life_alive { - ipsec_life_harddied = -1, - ipsec_life_softdied = 0, - ipsec_life_okay = 1 -}; - -enum ipsec_life_type { - ipsec_life_timebased = 1, - ipsec_life_countbased= 0 -}; - -#define _IPSEC_LIFE_H_ -#endif /* _IPSEC_LIFE_H_ */ diff --git a/src/libfreeswan/ipsec_md5h.h b/src/libfreeswan/ipsec_md5h.h deleted file mode 100644 index ea98218a6..000000000 --- a/src/libfreeswan/ipsec_md5h.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * RCSID $Id: ipsec_md5h.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -/* - * The rest of this file is Copyright RSA DSI. See the following comments - * for the full Copyright notice. - */ - -#ifndef _IPSEC_MD5H_H_ -#define _IPSEC_MD5H_H_ - -/* GLOBAL.H - RSAREF types and constants - */ - -/* PROTOTYPES should be set to one if and only if the compiler supports - function argument prototyping. - The following makes PROTOTYPES default to 0 if it has not already - been defined with C compiler flags. - */ -#ifndef PROTOTYPES -#define PROTOTYPES 1 -#endif /* !PROTOTYPES */ - -/* POINTER defines a generic pointer type */ -typedef __u8 *POINTER; - -/* UINT2 defines a two byte word */ -typedef __u16 UINT2; - -/* UINT4 defines a four byte word */ -typedef __u32 UINT4; - -/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. - If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it - returns an empty list. - */ - -#if PROTOTYPES -#define PROTO_LIST(list) list -#else /* PROTOTYPES */ -#define PROTO_LIST(list) () -#endif /* PROTOTYPES */ - - -/* MD5.H - header file for MD5C.C - */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. - */ - -/* MD5 context. */ -typedef struct { - UINT4 state[4]; /* state (ABCD) */ - UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; - -void MD5Init PROTO_LIST ((void *)); -void MD5Update PROTO_LIST - ((void *, unsigned char *, __u32)); -void MD5Final PROTO_LIST ((unsigned char [16], void *)); - -#endif /* _IPSEC_MD5H_H_ */ diff --git a/src/libfreeswan/ipsec_param.h b/src/libfreeswan/ipsec_param.h index 209244c59..b0ee845a5 100644 --- a/src/libfreeswan/ipsec_param.h +++ b/src/libfreeswan/ipsec_param.h @@ -13,9 +13,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: ipsec_param.h 3265 2007-10-08 19:52:55Z andreas $ - * */ /* @@ -28,40 +25,6 @@ #ifndef _IPSEC_PARAM_H_ -#ifdef __KERNEL__ -#include "ipsec_kversion.h" - -/* Set number of ipsecX virtual devices here. */ -/* This must be < exp(field width of IPSEC_DEV_FORMAT) */ -/* It must also be reasonable so as not to overload the memory and CPU */ -/* constraints of the host. */ -#define IPSEC_NUM_IF 4 -/* The field width must be < IF_NAM_SIZ - strlen("ipsec") - 1. */ -/* With "ipsec" being 5 characters, that means 10 is the max field width */ -/* but machine memory and CPU constraints are not likely to tollerate */ -/* more than 3 digits. The default is one digit. */ -/* Update: userland scripts get upset if they can't find "ipsec0", so */ -/* for now, no "0"-padding should be used (which would have been helpful */ -/* to make text-searches work */ -#define IPSEC_DEV_FORMAT "ipsec%d" -/* For, say, 500 virtual ipsec devices, I would recommend: */ -/* #define IPSEC_NUM_IF 500 */ -/* #define IPSEC_DEV_FORMAT "ipsec%03d" */ -/* Note that the "interfaces=" line in /etc/ipsec.conf would be, um, challenging. */ - -/* use dynamic ipsecX device allocation */ -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif /* CONFIG_IPSEC_DYNDEV */ - - -#ifdef CONFIG_IPSEC_BIGGATE -# define SADB_HASHMOD 8069 -#else /* CONFIG_IPSEC_BIGGATE */ -# define SADB_HASHMOD 257 -#endif /* CONFIG_IPSEC_BIGGATE */ -#endif /* __KERNEL__ */ - /* * This is for the SA reference table. This number is related to the * maximum number of SAs that KLIPS can concurrently deal with, plus enough @@ -87,140 +50,5 @@ # define IPSEC_SA_REF_CODE 1 #endif -#ifdef __KERNEL__ -/* This is defined for 2.4, but not 2.2.... */ -#ifndef ARPHRD_VOID -# define ARPHRD_VOID 0xFFFF -#endif - -/* - * Worry about PROC_FS stuff - */ -#if defined(PROC_FS_2325) -/* kernel 2.4 */ -# define IPSEC_PROC_LAST_ARG ,int *eof,void *data -# define IPSEC_PROCFS_DEBUG_NO_STATIC -# define IPSEC_PROC_SUBDIRS -#else -/* kernel <2.4 */ -# define IPSEC_PROCFS_DEBUG_NO_STATIC DEBUG_NO_STATIC - -# ifndef PROC_NO_DUMMY -# define IPSEC_PROC_LAST_ARG , int dummy -# else -# define IPSEC_PROC_LAST_ARG -# endif /* !PROC_NO_DUMMY */ -#endif /* PROC_FS_2325 */ - -#if !defined(LINUX_KERNEL_HAS_SNPRINTF) -/* GNU CPP specific! */ -# define snprintf(buf, len, fmt...) sprintf(buf, ##fmt) -#endif /* !LINUX_KERNEL_HAS_SNPRINTF */ - -#ifdef SPINLOCK -# ifdef SPINLOCK_23 -# include <linux/spinlock.h> /* *lock* */ -# else /* SPINLOCK_23 */ -# include <asm/spinlock.h> /* *lock* */ -# endif /* SPINLOCK_23 */ -#endif /* SPINLOCK */ - -#ifndef KLIPS_FIXES_DES_PARITY -# define KLIPS_FIXES_DES_PARITY 1 -#endif /* !KLIPS_FIXES_DES_PARITY */ - -/* we don't really want to print these unless there are really big problems */ -#ifndef KLIPS_DIVULGE_CYPHER_KEY -# define KLIPS_DIVULGE_CYPHER_KEY 0 -#endif /* !KLIPS_DIVULGE_CYPHER_KEY */ - -#ifndef KLIPS_DIVULGE_HMAC_KEY -# define KLIPS_DIVULGE_HMAC_KEY 0 -#endif /* !KLIPS_DIVULGE_HMAC_KEY */ - -#ifndef IPSEC_DISALLOW_IPOPTIONS -# define IPSEC_DISALLOW_IPOPTIONS 1 -#endif /* !KLIPS_DIVULGE_HMAC_KEY */ - -/* extra toggles for regression testing */ -#ifdef CONFIG_IPSEC_REGRESS - -/* - * should pfkey_acquire() become 100% lossy? - * - */ -extern int sysctl_ipsec_regress_pfkey_lossage; -#ifndef KLIPS_PFKEY_ACQUIRE_LOSSAGE -# ifdef CONFIG_IPSEC_PFKEY_ACQUIRE_LOSSAGE -# define KLIPS_PFKEY_ACQUIRE_LOSSAGE 100 -# else /* CONFIG_IPSEC_PFKEY_ACQUIRE_LOSSAGE */ -/* not by default! */ -# define KLIPS_PFKEY_ACQUIRE_LOSSAGE 0 -# endif /* CONFIG_IPSEC_PFKEY_ACQUIRE_LOSSAGE */ -#endif /* KLIPS_PFKEY_ACQUIRE_LOSSAGE */ - -#endif /* CONFIG_IPSEC_REGRESS */ - -/* - * debugging routines. - */ -#ifdef CONFIG_IPSEC_DEBUG -extern void ipsec_print_ip(struct iphdr *ip); - - #define KLIPS_PRINT(flag, format, args...) \ - ((flag) ? printk(KERN_INFO format , ## args) : 0) - #define KLIPS_PRINTMORE(flag, format, args...) \ - ((flag) ? printk(format , ## args) : 0) - #define KLIPS_IP_PRINT(flag, ip) \ - ((flag) ? ipsec_print_ip(ip) : 0) -#else /* CONFIG_IPSEC_DEBUG */ - #define KLIPS_PRINT(flag, format, args...) do ; while(0) - #define KLIPS_PRINTMORE(flag, format, args...) do ; while(0) - #define KLIPS_IP_PRINT(flag, ip) do ; while(0) -#endif /* CONFIG_IPSEC_DEBUG */ - - -/* - * Stupid kernel API differences in APIs. Not only do some - * kernels not have ip_select_ident, but some have differing APIs, - * and SuSE has one with one parameter, but no way of checking to - * see what is really what. - */ - -#ifdef SUSE_LINUX_2_4_19_IS_STUPID -#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph) -#else - -/* simplest case, nothing */ -#if !defined(IP_SELECT_IDENT) -#define KLIPS_IP_SELECT_IDENT(iph, skb) do { iph->id = htons(ip_id_count++); } while(0) -#endif - -/* kernels > 2.3.37-ish */ -#if defined(IP_SELECT_IDENT) && !defined(IP_SELECT_IDENT_NEW) -#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst) -#endif - -/* kernels > 2.4.2 */ -#if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW) -#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst, NULL) -#endif - -#endif /* SUSE_LINUX_2_4_19_IS_STUPID */ - -/* - * make klips fail test:east-espiv-01. - * exploit is at testing/attacks/espiv - * - */ -#define KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK 0 - - -/* IP_FRAGMENT_LINEARIZE is set in freeswan.h if Kernel > 2.4.4 */ -#ifndef IP_FRAGMENT_LINEARIZE -# define IP_FRAGMENT_LINEARIZE 0 -#endif /* IP_FRAGMENT_LINEARIZE */ -#endif /* __KERNEL__ */ - #define _IPSEC_PARAM_H_ #endif /* _IPSEC_PARAM_H_ */ diff --git a/src/libfreeswan/ipsec_policy.h b/src/libfreeswan/ipsec_policy.h deleted file mode 100644 index bf074f18f..000000000 --- a/src/libfreeswan/ipsec_policy.h +++ /dev/null @@ -1,233 +0,0 @@ -#ifndef _IPSEC_POLICY_H -/* - * policy interface file between pluto and applications - * Copyright (C) 2003 Michael Richardson <mcr@freeswan.org> - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ipsec_policy.h 3839 2008-04-18 11:25:37Z andreas $ - */ -#define _IPSEC_POLICY_H /* seen it, no need to see it again */ - - -/* - * this file defines an interface between an application (or rather an - * application library) and a key/policy daemon. It provides for inquiries - * as to the current state of a connected socket, as well as for general - * questions. - * - * In general, the interface is defined as a series of functional interfaces, - * and the policy messages should be internal. However, because this is in - * fact an ABI between pieces of the system that may get compiled and revised - * seperately, this ABI must be public and revision controlled. - * - * It is expected that the daemon will always support previous versions. - */ - -#define IPSEC_POLICY_MSG_REVISION (unsigned)200305061 - -enum ipsec_policy_command { - IPSEC_CMD_QUERY_FD = 1, - IPSEC_CMD_QUERY_HOSTPAIR = 2, - IPSEC_CMD_QUERY_DSTONLY = 3, -}; - -struct ipsec_policy_msg_head { - u_int32_t ipm_version; - u_int32_t ipm_msg_len; - u_int32_t ipm_msg_type; - u_int32_t ipm_msg_seq; -}; - -enum ipsec_privacy_quality { - IPSEC_PRIVACY_NONE = 0, - IPSEC_PRIVACY_INTEGRAL = 4, /* not private at all. AH-like */ - IPSEC_PRIVACY_UNKNOWN = 8, /* something is claimed, but details unavail */ - IPSEC_PRIVACY_ROT13 = 12, /* trivially breakable, i.e. 1DES */ - IPSEC_PRIVACY_GAK = 16, /* known eavesdroppers */ - IPSEC_PRIVACY_PRIVATE = 32, /* secure for at least a decade */ - IPSEC_PRIVACY_STRONG = 64, /* ridiculously secure */ - IPSEC_PRIVACY_TORTOISE = 192, /* even stronger, but very slow */ - IPSEC_PRIVACY_OTP = 224, /* some kind of *true* one time pad */ -}; - -enum ipsec_bandwidth_quality { - IPSEC_QOS_UNKNOWN = 0, /* unknown bandwidth */ - IPSEC_QOS_INTERACTIVE = 16, /* reasonably moderate jitter, moderate fast. - Good enough for telnet/ssh. */ - IPSEC_QOS_VOIP = 32, /* faster crypto, predicable jitter */ - IPSEC_QOS_FTP = 64, /* higher throughput crypto, perhaps hardware - offloaded, but latency/jitter may be bad */ - IPSEC_QOS_WIRESPEED = 128, /* expect to be able to fill your pipe */ -}; - -/* moved from programs/pluto/constants.h */ -/* IPsec AH transform values - * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3 - * and in http://www.iana.org/assignments/isakmp-registry - */ -enum ipsec_authentication_algo { - AH_NONE = 0, - AH_MD5 = 2, - AH_SHA = 3, - AH_DES = 4, - AH_SHA2_256 = 5, - AH_SHA2_384 = 6, - AH_SHA2_512 = 7, - AH_RIPEMD = 8, - AH_AES_XCBC_MAC = 9, - AH_RSA = 10 -}; - -/* IPsec ESP transform values - * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4 - * and from http://www.iana.org/assignments/isakmp-registry - */ - -enum ipsec_cipher_algo { - ESP_NONE = 0, - ESP_DES_IV64 = 1, - ESP_DES = 2, - ESP_3DES = 3, - ESP_RC5 = 4, - ESP_IDEA = 5, - ESP_CAST = 6, - ESP_BLOWFISH = 7, - ESP_3IDEA = 8, - ESP_DES_IV32 = 9, - ESP_RC4 = 10, - ESP_NULL = 11, - ESP_AES = 12, - ESP_AES_CTR = 13, - ESP_AES_CCM_8 = 14, - ESP_AES_CCM_12 = 15, - ESP_AES_CCM_16 = 16, - ESP_UNASSIGNED_17 = 17, - ESP_AES_GCM_8 = 18, - ESP_AES_GCM_12 = 19, - ESP_AES_GCM_16 = 20, - ESP_SEED_CBC = 21, - ESP_CAMELLIA = 22, - ESP_SERPENT = 252, - ESP_TWOFISH = 253 -}; - -/* IPCOMP transform values - * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5 - */ - -enum ipsec_comp_algo { - IPSCOMP_NONE = 0, - IPCOMP_OUI = 1, - IPCOMP_DEFLATE = 2, - IPCOMP_LZS = 3, - IPCOMP_LZJH = 4 -}; - -/* Identification type values - * RFC 2407 The Internet IP security Domain of Interpretation for ISAKMP 4.6.2.1 - */ - -enum ipsec_id_type { - ID_IMPOSSIBLE= (-2), /* private to Pluto */ - ID_MYID= (-1), /* private to Pluto */ - ID_NONE= 0, /* private to Pluto */ - ID_IPV4_ADDR= 1, - ID_FQDN= 2, - ID_USER_FQDN= 3, - ID_IPV4_ADDR_SUBNET= 4, - ID_IPV6_ADDR= 5, - ID_IPV6_ADDR_SUBNET= 6, - ID_IPV4_ADDR_RANGE= 7, - ID_IPV6_ADDR_RANGE= 8, - ID_DER_ASN1_DN= 9, - ID_DER_ASN1_GN= 10, - ID_KEY_ID= 11 -}; - -/* Certificate type values - * RFC 2408 ISAKMP, chapter 3.9 - */ -enum ipsec_cert_type { - CERT_NONE= 0, - CERT_PKCS7_WRAPPED_X509= 1, - CERT_PGP= 2, - CERT_DNS_SIGNED_KEY= 3, - CERT_X509_SIGNATURE= 4, - CERT_X509_KEY_EXCHANGE= 5, - CERT_KERBEROS_TOKENS= 6, - CERT_CRL= 7, - CERT_ARL= 8, - CERT_SPKI= 9, - CERT_X509_ATTRIBUTE= 10, - CERT_RAW_RSA_KEY= 11 -}; - -/* a SIG record in ASCII */ -struct ipsec_dns_sig { - char fqdn[256]; - char dns_sig[768]; /* empty string if not signed */ -}; - -struct ipsec_raw_key { - char id_name[256]; - char fs_keyid[8]; -}; - -struct ipsec_identity { - enum ipsec_id_type ii_type; - enum ipsec_cert_type ii_format; - union { - struct ipsec_dns_sig ipsec_dns_signed; - /* some thing for PGP */ - /* some thing for PKIX */ - struct ipsec_raw_key ipsec_raw_key; - } ii_credential; -}; - -#define IPSEC_MAX_CREDENTIALS 32 - -struct ipsec_policy_cmd_query { - struct ipsec_policy_msg_head head; - - /* Query section */ - ip_address query_local; /* us */ - ip_address query_remote; /* them */ - u_short src_port, dst_port; - - /* Answer section */ - enum ipsec_privacy_quality strength; - enum ipsec_bandwidth_quality bandwidth; - enum ipsec_authentication_algo auth_detail; - enum ipsec_cipher_algo esp_detail; - enum ipsec_comp_algo comp_detail; - - int credential_count; - - struct ipsec_identity credentials[IPSEC_MAX_CREDENTIALS]; -}; - -#define IPSEC_POLICY_SOCKET "/var/run/pluto.info" - -/* prototypes */ -extern err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result); -extern err_t ipsec_policy_init(void); -extern err_t ipsec_policy_final(void); -extern err_t ipsec_policy_readmsg(int policysock, - unsigned char *buf, size_t buflen); -extern err_t ipsec_policy_sendrecv(unsigned char *buf, size_t buflen); -extern err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result); - - -extern const char *ipsec_policy_version_code(void); -extern const char *ipsec_policy_version_string(void); - -#endif /* _IPSEC_POLICY_H */ diff --git a/src/libfreeswan/ipsec_proto.h b/src/libfreeswan/ipsec_proto.h deleted file mode 100644 index 23b9cf247..000000000 --- a/src/libfreeswan/ipsec_proto.h +++ /dev/null @@ -1,111 +0,0 @@ -/* - * @(#) prototypes for FreeSWAN functions - * - * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> - * and Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_proto.h 3265 2007-10-08 19:52:55Z andreas $ - * - */ - -#ifndef _IPSEC_PROTO_H_ - -#include "ipsec_param.h" - -/* - * This file is a kernel only file that declares prototypes for - * all intra-module function calls and global data structures. - * - * Include this file last. - * - */ - -/* ipsec_init.c */ -extern struct prng ipsec_prng; - -/* ipsec_sa.c */ -extern struct ipsec_sa *ipsec_sadb_hash[SADB_HASHMOD]; -extern spinlock_t tdb_lock; -extern int ipsec_sadb_init(void); - -extern struct ipsec_sa *ipsec_sa_getbyid(struct sa_id*); -extern int ipsec_sa_put(struct ipsec_sa *); -extern /* void */ int ipsec_sa_del(struct ipsec_sa *); -extern /* void */ int ipsec_sa_delchain(struct ipsec_sa *); -extern /* void */ int ipsec_sa_add(struct ipsec_sa *); - -extern int ipsec_sadb_cleanup(__u8); -extern int ipsec_sa_wipe(struct ipsec_sa *); - -/* debug declarations */ - -/* ipsec_proc.c */ -extern int ipsec_proc_init(void); -extern void ipsec_proc_cleanup(void); - -/* ipsec_radij.c */ -extern int ipsec_makeroute(struct sockaddr_encap *ea, - struct sockaddr_encap *em, - struct sa_id said, - uint32_t pid, - struct sk_buff *skb, - struct ident *ident_s, - struct ident *ident_d); - -extern int ipsec_breakroute(struct sockaddr_encap *ea, - struct sockaddr_encap *em, - struct sk_buff **first, - struct sk_buff **last); - -int ipsec_radijinit(void); -int ipsec_cleareroutes(void); -int ipsec_radijcleanup(void); - -/* ipsec_life.c */ -extern enum ipsec_life_alive ipsec_lifetime_check(struct ipsec_lifetime64 *il64, - const char *lifename, - const char *saname, - enum ipsec_life_type ilt, - enum ipsec_direction idir, - struct ipsec_sa *ips); - - -extern int ipsec_lifetime_format(char *buffer, - int buflen, - char *lifename, - enum ipsec_life_type timebaselife, - struct ipsec_lifetime64 *lifetime); - -extern void ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime, - __u64 newvalue); - -extern void ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime, - __u64 newvalue); - - - - -#ifdef CONFIG_IPSEC_DEBUG - -extern int debug_xform; -extern int debug_eroute; -extern int debug_spi; -extern int debug_netlink; - -#endif /* CONFIG_IPSEC_DEBUG */ - - - - -#define _IPSEC_PROTO_H -#endif /* _IPSEC_PROTO_H_ */ diff --git a/src/libfreeswan/ipsec_radij.h b/src/libfreeswan/ipsec_radij.h deleted file mode 100644 index 88e849eee..000000000 --- a/src/libfreeswan/ipsec_radij.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * @(#) Definitions relevant to the IPSEC <> radij tree interfacing - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_radij.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -#ifndef _IPSEC_RADIJ_H - -#include <freeswan.h> - -int ipsec_walk(char *); - -int ipsec_rj_walker_procprint(struct radij_node *, void *); -int ipsec_rj_walker_delete(struct radij_node *, void *); - -/* This structure is used to pass information between - * ipsec_eroute_get_info and ipsec_rj_walker_procprint - * (through rj_walktree) and between calls of ipsec_rj_walker_procprint. - */ -struct wsbuf -{ - /* from caller of ipsec_eroute_get_info: */ - char *const buffer; /* start of buffer provided */ - const int length; /* length of buffer provided */ - const off_t offset; /* file position of first character of interest */ - /* accumulated by ipsec_rj_walker_procprint: */ - int len; /* number of character filled into buffer */ - off_t begin; /* file position contained in buffer[0] (<=offset) */ -}; - - -extern struct radij_node_head *rnh; -extern spinlock_t eroute_lock; - -struct eroute * ipsec_findroute(struct sockaddr_encap *); - -#define O1(x) (int)(((x)>>24)&0xff) -#define O2(x) (int)(((x)>>16)&0xff) -#define O3(x) (int)(((x)>>8)&0xff) -#define O4(x) (int)(((x))&0xff) - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_radij; -void rj_dumptrees(void); - -#define DB_RJ_DUMPTREES 0x0001 -#define DB_RJ_FINDROUTE 0x0002 -#endif /* CONFIG_IPSEC_DEBUG */ - -#define _IPSEC_RADIJ_H -#endif diff --git a/src/libfreeswan/ipsec_rcv.h b/src/libfreeswan/ipsec_rcv.h deleted file mode 100644 index d972a18b9..000000000 --- a/src/libfreeswan/ipsec_rcv.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_rcv.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -#define DB_RX_PKTRX 0x0001 -#define DB_RX_PKTRX2 0x0002 -#define DB_RX_DMP 0x0004 -#define DB_RX_IPSA 0x0010 -#define DB_RX_XF 0x0020 -#define DB_RX_IPAD 0x0040 -#define DB_RX_INAU 0x0080 -#define DB_RX_OINFO 0x0100 -#define DB_RX_OINFO2 0x0200 -#define DB_RX_OH 0x0400 -#define DB_RX_REPLAY 0x0800 - -#ifdef __KERNEL__ -/* struct options; */ - -#define __NO_VERSION__ -#include <linux/module.h> -#include <linux/config.h> /* for CONFIG_IP_FORWARD */ -#include <linux/version.h> -#include <freeswan.h> - -#define IPSEC_BIRTH_TEMPLATE_MAXLEN 256 - -struct ipsec_birth_reply { - int packet_template_len; - unsigned char packet_template[IPSEC_BIRTH_TEMPLATE_MAXLEN]; -}; - -extern struct ipsec_birth_reply ipsec_ipv4_birth_packet; -extern struct ipsec_birth_reply ipsec_ipv6_birth_packet; - -extern int -#ifdef PROTO_HANDLER_SINGLE_PARM -ipsec_rcv(struct sk_buff *skb); -#else /* PROTO_HANDLER_SINGLE_PARM */ -ipsec_rcv(struct sk_buff *skb, -#ifdef NET_21 - unsigned short xlen); -#else /* NET_21 */ - struct device *dev, - struct options *opt, - __u32 daddr, - unsigned short len, - __u32 saddr, - int redo, - struct inet_protocol *protocol); -#endif /* NET_21 */ -#endif /* PROTO_HANDLER_SINGLE_PARM */ - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_rcv; -#endif /* CONFIG_IPSEC_DEBUG */ -extern int sysctl_ipsec_inbound_policy_check; -#endif /* __KERNEL__ */ diff --git a/src/libfreeswan/ipsec_sa.h b/src/libfreeswan/ipsec_sa.h deleted file mode 100644 index 9d178e11f..000000000 --- a/src/libfreeswan/ipsec_sa.h +++ /dev/null @@ -1,252 +0,0 @@ -/* - * @(#) Definitions of IPsec Security Association (ipsec_sa) - * - * Copyright (C) 2001, 2002, 2003 - * Richard Guy Briggs <rgb@freeswan.org> - * and Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_sa.h 3265 2007-10-08 19:52:55Z andreas $ - * - * This file derived from ipsec_xform.h on 2001/9/18 by mcr. - * - */ - -/* - * This file describes the IPsec Security Association Structure. - * - * This structure keeps track of a single transform that may be done - * to a set of packets. It can describe applying the transform or - * apply the reverse. (e.g. compression vs expansion). However, it - * only describes one at a time. To describe both, two structures would - * be used, but since the sides of the transform are performed - * on different machines typically it is usual to have only one side - * of each association. - * - */ - -#ifndef _IPSEC_SA_H_ - -#ifdef __KERNEL__ -#include "ipsec_stats.h" -#include "ipsec_life.h" -#include "ipsec_eroute.h" -#endif /* __KERNEL__ */ -#include "ipsec_param.h" - - -/* SAs are held in a table. - * Entries in this table are referenced by IPsecSAref_t values. - * IPsecSAref_t values are conceptually subscripts. Because - * we want to allocate the table piece-meal, the subscripting - * is implemented with two levels, a bit like paged virtual memory. - * This representation mechanism is known as an Iliffe Vector. - * - * The Main table (AKA the refTable) consists of 2^IPSEC_SA_REF_MAINTABLE_IDX_WIDTH - * pointers to subtables. - * Each subtable has 2^IPSEC_SA_REF_SUBTABLE_IDX_WIDTH entries, each of which - * is a pointer to an SA. - * - * An IPsecSAref_t contains either an exceptional value (signified by the - * high-order bit being on) or a reference to a table entry. A table entry - * reference has the subtable subscript in the low-order - * IPSEC_SA_REF_SUBTABLE_IDX_WIDTH bits and the Main table subscript - * in the next lowest IPSEC_SA_REF_MAINTABLE_IDX_WIDTH bits. - * - * The Maintable entry for an IPsecSAref_t x, a pointer to its subtable, is - * IPsecSAref2table(x). It is of type struct IPsecSArefSubTable *. - * - * The pointer to the SA for x is IPsecSAref2SA(x). It is of type - * struct ipsec_sa*. The macro definition clearly shows the two-level - * access needed to find the SA pointer. - * - * The Maintable is allocated when IPsec is initialized. - * Each subtable is allocated when needed, but the first is allocated - * when IPsec is initialized. - * - * IPsecSAref_t is designed to be smaller than an NFmark so that - * they can be stored in NFmarks and still leave a few bits for other - * purposes. The spare bits are in the low order of the NFmark - * but in the high order of the IPsecSAref_t, so conversion is required. - * We pick the upper bits of NFmark on the theory that they are less likely to - * interfere with more pedestrian uses of nfmark. - */ - - -typedef unsigned short int IPsecRefTableUnusedCount; - -#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH) - -#ifdef __KERNEL__ -#if ((IPSEC_SA_REF_TABLE_IDX_WIDTH - (1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) < 0) -#error "IPSEC_SA_REF_TABLE_IDX_WIDTH("IPSEC_SA_REF_TABLE_IDX_WIDTH") MUST be < 1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH("IPSEC_SA_REF_MAINTABLE_IDX_WIDTH")" -#endif - -#define IPSEC_SA_REF_SUBTABLE_IDX_WIDTH (IPSEC_SA_REF_TABLE_IDX_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH) - -#define IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_MAINTABLE_IDX_WIDTH) -#define IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) - -#ifdef CONFIG_NETFILTER -#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->nfmark -#define IPSEC_SA_REF_HOST_FIELD_TYPE typeof(IPSEC_SA_REF_HOST_FIELD(NULL)) -#else /* CONFIG_NETFILTER */ -/* just make it work for now, it doesn't matter, since there is no nfmark */ -#define IPSEC_SA_REF_HOST_FIELD_TYPE unsigned long -#endif /* CONFIG_NETFILTER */ -#define IPSEC_SA_REF_HOST_FIELD_WIDTH (8 * sizeof(IPSEC_SA_REF_HOST_FIELD_TYPE)) -#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t)) - -#define IPSEC_SA_REF_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) -#define IPSEC_SA_REF_TABLE_MASK ((IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) -#define IPSEC_SA_REF_ENTRY_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)) - -#define IPsecSAref2table(x) (((x) & IPSEC_SA_REF_TABLE_MASK) >> IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) -#define IPsecSAref2entry(x) ((x) & IPSEC_SA_REF_ENTRY_MASK) -#define IPsecSArefBuild(x,y) (((x) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) + (y)) - -#define IPsecSAref2SA(x) (ipsec_sadb.refTable[IPsecSAref2table(x)]->entry[IPsecSAref2entry(x)]) -#define IPsecSA2SAref(x) ((x)->ips_ref) - -#define EMT_INBOUND 0x01 /* SA direction, 1=inbound */ - -/* 'struct ipsec_sa' should be 64bit aligned when allocated. */ -struct ipsec_sa -{ - IPsecSAref_t ips_ref; /* reference table entry number */ - atomic_t ips_refcount; /* reference count for this struct */ - struct ipsec_sa *ips_hnext; /* next in hash chain */ - struct ipsec_sa *ips_inext; /* pointer to next xform */ - struct ipsec_sa *ips_onext; /* pointer to prev xform */ - - struct ifnet *ips_rcvif; /* related rcv encap interface */ - - struct sa_id ips_said; /* SA ID */ - - __u32 ips_seq; /* seq num of msg that initiated this SA */ - __u32 ips_pid; /* PID of process that initiated this SA */ - __u8 ips_authalg; /* auth algorithm for this SA */ - __u8 ips_encalg; /* enc algorithm for this SA */ - - struct ipsec_stats ips_errs; - - __u8 ips_replaywin; /* replay window size */ - __u8 ips_state; /* state of SA */ - __u32 ips_replaywin_lastseq; /* last pkt sequence num */ - __u64 ips_replaywin_bitmap; /* bitmap of received pkts */ - __u32 ips_replaywin_maxdiff; /* max pkt sequence difference */ - - __u32 ips_flags; /* generic xform flags */ - - - struct ipsec_lifetimes ips_life; /* lifetime records */ - - /* selector information */ - struct sockaddr*ips_addr_s; /* src sockaddr */ - struct sockaddr*ips_addr_d; /* dst sockaddr */ - struct sockaddr*ips_addr_p; /* proxy sockaddr */ - __u16 ips_addr_s_size; - __u16 ips_addr_d_size; - __u16 ips_addr_p_size; - ip_address ips_flow_s; - ip_address ips_flow_d; - ip_address ips_mask_s; - ip_address ips_mask_d; - - __u16 ips_key_bits_a; /* size of authkey in bits */ - __u16 ips_auth_bits; /* size of authenticator in bits */ - __u16 ips_key_bits_e; /* size of enckey in bits */ - __u16 ips_iv_bits; /* size of IV in bits */ - __u8 ips_iv_size; - __u16 ips_key_a_size; - __u16 ips_key_e_size; - - caddr_t ips_key_a; /* authentication key */ - caddr_t ips_key_e; /* encryption key */ - caddr_t ips_iv; /* Initialisation Vector */ - - struct ident ips_ident_s; /* identity src */ - struct ident ips_ident_d; /* identity dst */ - -#ifdef CONFIG_IPSEC_IPCOMP - __u16 ips_comp_adapt_tries; /* ipcomp self-adaption tries */ - __u16 ips_comp_adapt_skip; /* ipcomp self-adaption to-skip */ - __u64 ips_comp_ratio_cbytes; /* compressed bytes */ - __u64 ips_comp_ratio_dbytes; /* decompressed (or uncompressed) bytes */ -#endif /* CONFIG_IPSEC_IPCOMP */ - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - __u8 ips_natt_type; - __u8 ips_natt_reserved[3]; - __u16 ips_natt_sport; - __u16 ips_natt_dport; - - struct sockaddr *ips_natt_oa; - __u16 ips_natt_oa_size; - __u16 ips_natt_reserved2; -#endif - -#if 0 - __u32 ips_sens_dpd; - __u8 ips_sens_sens_level; - __u8 ips_sens_sens_len; - __u64* ips_sens_sens_bitmap; - __u8 ips_sens_integ_level; - __u8 ips_sens_integ_len; - __u64* ips_sens_integ_bitmap; -#endif - struct ipsec_alg_enc *ips_alg_enc; - struct ipsec_alg_auth *ips_alg_auth; - IPsecSAref_t ips_ref_rel; -}; - -struct IPsecSArefSubTable -{ - struct ipsec_sa* entry[IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES]; -}; - -struct ipsec_sadb { - struct IPsecSArefSubTable* refTable[IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES]; - IPsecSAref_t refFreeList[IPSEC_SA_REF_FREELIST_NUM_ENTRIES]; - int refFreeListHead; - int refFreeListTail; - IPsecSAref_t refFreeListCont; - IPsecSAref_t said_hash[SADB_HASHMOD]; - spinlock_t sadb_lock; -}; - -extern struct ipsec_sadb ipsec_sadb; - -extern int ipsec_SAref_recycle(void); -extern int ipsec_SArefSubTable_alloc(unsigned table); -extern int ipsec_saref_freelist_init(void); -extern int ipsec_sadb_init(void); -extern struct ipsec_sa *ipsec_sa_alloc(int*error); /* pass in error var by pointer */ -extern IPsecSAref_t ipsec_SAref_alloc(int*erorr); /* pass in error var by pointer */ -extern int ipsec_sa_free(struct ipsec_sa* ips); -extern struct ipsec_sa *ipsec_sa_getbyid(struct sa_id *said); -extern int ipsec_sa_put(struct ipsec_sa *ips); -extern int ipsec_sa_add(struct ipsec_sa *ips); -extern int ipsec_sa_del(struct ipsec_sa *ips); -extern int ipsec_sa_delchain(struct ipsec_sa *ips); -extern int ipsec_sadb_cleanup(__u8 proto); -extern int ipsec_sadb_free(void); -extern int ipsec_sa_wipe(struct ipsec_sa *ips); -#endif /* __KERNEL__ */ - -enum ipsec_direction { - ipsec_incoming = 1, - ipsec_outgoing = 2 -}; - -#define _IPSEC_SA_H_ -#endif /* _IPSEC_SA_H_ */ diff --git a/src/libfreeswan/ipsec_sha1.h b/src/libfreeswan/ipsec_sha1.h deleted file mode 100644 index b0f952c92..000000000 --- a/src/libfreeswan/ipsec_sha1.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * RCSID $Id: ipsec_sha1.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -/* - * Here is the original comment from the distribution: - -SHA-1 in C -By Steve Reid <steve@edmweb.com> -100% Public Domain - - * Adapted for use by the IPSEC code by John Ioannidis - */ - - -#ifndef _IPSEC_SHA1_H_ -#define _IPSEC_SHA1_H_ - -typedef struct -{ - __u32 state[5]; - __u32 count[2]; - __u8 buffer[64]; -} SHA1_CTX; - -void SHA1Transform(__u32 state[5], __u8 buffer[64]); -void SHA1Init(void *context); -void SHA1Update(void *context, unsigned char *data, __u32 len); -void SHA1Final(unsigned char digest[20], void *context); - - -#endif /* _IPSEC_SHA1_H_ */ diff --git a/src/libfreeswan/ipsec_stats.h b/src/libfreeswan/ipsec_stats.h deleted file mode 100644 index dabd02993..000000000 --- a/src/libfreeswan/ipsec_stats.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * @(#) definition of ipsec_stats structure - * - * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org> - * and Michael Richardson <mcr@freeswan.org> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_stats.h 3265 2007-10-08 19:52:55Z andreas $ - * - */ - -/* - * This file describes the errors/statistics that FreeSWAN collects. - */ - -#ifndef _IPSEC_STATS_H_ - -struct ipsec_stats { - __u32 ips_alg_errs; /* number of algorithm errors */ - __u32 ips_auth_errs; /* # of authentication errors */ - __u32 ips_encsize_errs; /* # of encryption size errors*/ - __u32 ips_encpad_errs; /* # of encryption pad errors*/ - __u32 ips_replaywin_errs; /* # of pkt sequence errors */ -}; - -extern int ipsec_snprintf(char * buf, ssize_t size, const char *fmt, ...); - -#define _IPSEC_STATS_H_ -#endif /* _IPSEC_STATS_H_ */ diff --git a/src/libfreeswan/ipsec_tunnel.h b/src/libfreeswan/ipsec_tunnel.h deleted file mode 100644 index df52cf646..000000000 --- a/src/libfreeswan/ipsec_tunnel.h +++ /dev/null @@ -1,128 +0,0 @@ -/* - * IPSEC tunneling code - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_tunnel.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -#include <linux/types.h> - -#ifdef NET_21 -# define DEV_QUEUE_XMIT(skb, device, pri) {\ - skb->dev = device; \ - neigh_compat_output(skb); \ - /* skb->dst->output(skb); */ \ - } -# define ICMP_SEND(skb_in, type, code, info, dev) \ - icmp_send(skb_in, type, code, htonl(info)) -# define IP_SEND(skb, dev) \ - ip_send(skb); -#else /* NET_21 */ -# define DEV_QUEUE_XMIT(skb, device, pri) {\ - dev_queue_xmit(skb, device, pri); \ - } -# define ICMP_SEND(skb_in, type, code, info, dev) \ - icmp_send(skb_in, type, code, info, dev) -# define IP_SEND(skb, dev) \ - if(ntohs(iph->tot_len) > physmtu) { \ - ip_fragment(NULL, skb, dev, 0); \ - ipsec_kfree_skb(skb); \ - } else { \ - dev_queue_xmit(skb, dev, SOPRI_NORMAL); \ - } -#endif /* NET_21 */ - - -/* - * Heavily based on drivers/net/new_tunnel.c. Lots - * of ideas also taken from the 2.1.x version of drivers/net/shaper.c - */ - -struct ipsectunnelconf -{ - __u32 cf_cmd; - union - { - char cfu_name[12]; - } cf_u; -#define cf_name cf_u.cfu_name -}; - -#define IPSEC_SET_DEV (SIOCDEVPRIVATE) -#define IPSEC_DEL_DEV (SIOCDEVPRIVATE + 1) -#define IPSEC_CLR_DEV (SIOCDEVPRIVATE + 2) - -#ifdef __KERNEL__ -#include <linux/version.h> -#ifndef KERNEL_VERSION -# define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) -#endif -struct ipsecpriv -{ - struct sk_buff_head sendq; - struct device *dev; - struct wait_queue *wait_queue; - char locked; - int (*hard_start_xmit) (struct sk_buff *skb, - struct device *dev); - int (*hard_header) (struct sk_buff *skb, - struct device *dev, - unsigned short type, - void *daddr, - void *saddr, - unsigned len); -#ifdef NET_21 - int (*rebuild_header)(struct sk_buff *skb); -#else /* NET_21 */ - int (*rebuild_header)(void *buff, struct device *dev, - unsigned long raddr, struct sk_buff *skb); -#endif /* NET_21 */ - int (*set_mac_address)(struct device *dev, void *addr); -#ifndef NET_21 - void (*header_cache_bind)(struct hh_cache **hhp, struct device *dev, - unsigned short htype, __u32 daddr); -#endif /* !NET_21 */ - void (*header_cache_update)(struct hh_cache *hh, struct device *dev, unsigned char * haddr); - struct net_device_stats *(*get_stats)(struct device *dev); - struct net_device_stats mystats; - int mtu; /* What is the desired MTU? */ -}; - -extern char ipsec_tunnel_c_version[]; - -extern struct device *ipsecdevices[IPSEC_NUM_IF]; - -int ipsec_tunnel_init_devices(void); - -/* void */ int ipsec_tunnel_cleanup_devices(void); - -extern /* void */ int ipsec_init(void); - -extern int ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev); - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_tunnel; -extern int sysctl_ipsec_debug_verbose; -#endif /* CONFIG_IPSEC_DEBUG */ -#endif /* __KERNEL__ */ - -#ifdef CONFIG_IPSEC_DEBUG -#define DB_TN_INIT 0x0001 -#define DB_TN_PROCFS 0x0002 -#define DB_TN_XMIT 0x0010 -#define DB_TN_OHDR 0x0020 -#define DB_TN_CROUT 0x0040 -#define DB_TN_OXFS 0x0080 -#define DB_TN_REVEC 0x0100 -#endif /* CONFIG_IPSEC_DEBUG */ diff --git a/src/libfreeswan/ipsec_xform.h b/src/libfreeswan/ipsec_xform.h deleted file mode 100644 index 642a39bd5..000000000 --- a/src/libfreeswan/ipsec_xform.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Definitions relevant to IPSEC transformations - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_xform.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -#ifndef _IPSEC_XFORM_H_ - -#include <freeswan.h> -#include "ipsec_policy.h" - -#define XF_NONE 0 /* No transform set */ -#define XF_IP4 1 /* IPv4 inside IPv4 */ -#define XF_AHMD5 2 /* AH MD5 */ -#define XF_AHSHA 3 /* AH SHA */ -#define XF_ESP3DES 5 /* ESP DES3-CBC */ -#define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */ -#define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */ -#define XF_ESP3DESMD5 9 /* triple DES, HMAC-MD-5, 128-bits of authentication */ -#define XF_ESP3DESMD596 10 /* triple DES, HMAC-MD-5, 96-bits of authentication */ -#define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */ -#define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */ -#define XF_ESP3DESSHA196 14 /* triple DES, HMAC-SHA-1, 96-bits of authentication */ -#define XF_IP6 15 /* IPv6 inside IPv6 */ -#define XF_COMPDEFLATE 16 /* IPCOMP deflate */ - -#define XF_CLR 126 /* Clear SA table */ -#define XF_DEL 127 /* Delete SA */ - -#define XFT_AUTH 0x0001 -#define XFT_CONF 0x0100 - -/* available if CONFIG_IPSEC_DEBUG is defined */ -#define DB_XF_INIT 0x0001 - -#define PROTO2TXT(x) \ - (x) == IPPROTO_AH ? "AH" : \ - (x) == IPPROTO_ESP ? "ESP" : \ - (x) == IPPROTO_IPIP ? "IPIP" : \ - (x) == IPPROTO_COMP ? "COMP" : \ - "UNKNOWN_proto" -static inline const char *enc_name_id (unsigned id) { - static char buf[16]; - snprintf(buf, sizeof(buf), "_ID%d", id); - return buf; -} -static inline const char *auth_name_id (unsigned id) { - static char buf[16]; - snprintf(buf, sizeof(buf), "_ID%d", id); - return buf; -} -#define IPS_XFORM_NAME(x) \ - PROTO2TXT((x)->ips_said.proto), \ - (x)->ips_said.proto == IPPROTO_COMP ? \ - ((x)->ips_encalg == SADB_X_CALG_DEFLATE ? \ - "_DEFLATE" : "_UNKNOWN_comp") : \ - (x)->ips_encalg == ESP_NONE ? "" : \ - (x)->ips_encalg == ESP_3DES ? "_3DES" : \ - (x)->ips_encalg == ESP_AES ? "_AES" : \ - (x)->ips_encalg == ESP_SERPENT ? "_SERPENT" : \ - (x)->ips_encalg == ESP_TWOFISH ? "_TWOFISH" : \ - enc_name_id(x->ips_encalg)/* "_UNKNOWN_encr" */, \ - (x)->ips_authalg == AH_NONE ? "" : \ - (x)->ips_authalg == AH_MD5 ? "_HMAC_MD5" : \ - (x)->ips_authalg == AH_SHA ? "_HMAC_SHA1" : \ - (x)->ips_authalg == AH_SHA2_256 ? "_HMAC_SHA2_256" : \ - (x)->ips_authalg == AH_SHA2_384 ? "_HMAC_SHA2_384" : \ - (x)->ips_authalg == AH_SHA2_512 ? "_HMAC_SHA2_512" : \ - auth_name_id(x->ips_authalg) /* "_UNKNOWN_auth" */ \ - -#define _IPSEC_XFORM_H_ -#endif /* _IPSEC_XFORM_H_ */ diff --git a/src/libfreeswan/ipsec_xmit.h b/src/libfreeswan/ipsec_xmit.h deleted file mode 100644 index 07ed7da43..000000000 --- a/src/libfreeswan/ipsec_xmit.h +++ /dev/null @@ -1,140 +0,0 @@ -/* - * IPSEC tunneling code - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_xmit.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -#include "freeswan/ipsec_sa.h" - -enum ipsec_xmit_value -{ - IPSEC_XMIT_STOLEN=2, - IPSEC_XMIT_PASS=1, - IPSEC_XMIT_OK=0, - IPSEC_XMIT_ERRMEMALLOC=-1, - IPSEC_XMIT_ESP_BADALG=-2, - IPSEC_XMIT_BADPROTO=-3, - IPSEC_XMIT_ESP_PUSHPULLERR=-4, - IPSEC_XMIT_BADLEN=-5, - IPSEC_XMIT_AH_BADALG=-6, - IPSEC_XMIT_SAIDNOTFOUND=-7, - IPSEC_XMIT_SAIDNOTLIVE=-8, - IPSEC_XMIT_REPLAYROLLED=-9, - IPSEC_XMIT_LIFETIMEFAILED=-10, - IPSEC_XMIT_CANNOTFRAG=-11, - IPSEC_XMIT_MSSERR=-12, - IPSEC_XMIT_ERRSKBALLOC=-13, - IPSEC_XMIT_ENCAPFAIL=-14, - IPSEC_XMIT_NODEV=-15, - IPSEC_XMIT_NOPRIVDEV=-16, - IPSEC_XMIT_NOPHYSDEV=-17, - IPSEC_XMIT_NOSKB=-18, - IPSEC_XMIT_NOIPV6=-19, - IPSEC_XMIT_NOIPOPTIONS=-20, - IPSEC_XMIT_TTLEXPIRED=-21, - IPSEC_XMIT_BADHHLEN=-22, - IPSEC_XMIT_PUSHPULLERR=-23, - IPSEC_XMIT_ROUTEERR=-24, - IPSEC_XMIT_RECURSDETECT=-25, - IPSEC_XMIT_IPSENDFAILURE=-26, -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - IPSEC_XMIT_ESPUDP=-27, -#endif -}; - -struct ipsec_xmit_state -{ - struct sk_buff *skb; /* working skb pointer */ - struct device *dev; /* working dev pointer */ - struct ipsecpriv *prv; /* Our device' private space */ - struct sk_buff *oskb; /* Original skb pointer */ - struct net_device_stats *stats; /* This device's statistics */ - struct iphdr *iph; /* Our new IP header */ - __u32 newdst; /* The other SG's IP address */ - __u32 orgdst; /* Original IP destination address */ - __u32 orgedst; /* 1st SG's IP address */ - __u32 newsrc; /* The new source SG's IP address */ - __u32 orgsrc; /* Original IP source address */ - __u32 innersrc; /* Innermost IP source address */ - int iphlen; /* IP header length */ - int pyldsz; /* upper protocol payload size */ - int headroom; - int tailroom; - int max_headroom; /* The extra header space needed */ - int max_tailroom; /* The extra stuffing needed */ - int ll_headroom; /* The extra link layer hard_header space needed */ - int tot_headroom; /* The total header space needed */ - int tot_tailroom; /* The totalstuffing needed */ - __u8 *saved_header; /* saved copy of the hard header */ - unsigned short sport, dport; - - struct sockaddr_encap matcher; /* eroute search key */ - struct eroute *eroute; - struct ipsec_sa *ipsp, *ipsq; /* ipsec_sa pointers */ - char sa_txt[SATOA_BUF]; - size_t sa_len; - int hard_header_stripped; /* has the hard header been removed yet? */ - int hard_header_len; - struct device *physdev; -/* struct device *virtdev; */ - short physmtu; - short mtudiff; -#ifdef NET_21 - struct rtable *route; -#endif /* NET_21 */ - struct sa_id outgoing_said; -#ifdef NET_21 - int pass; -#endif /* NET_21 */ - int error; - uint32_t eroute_pid; - struct ipsec_sa ips; -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - uint8_t natt_type; - uint8_t natt_head; - uint16_t natt_sport; - uint16_t natt_dport; -#endif -}; - -#if 0 /* save for alg refactorisation */ -struct xform_functions -{ - enum ipsec_xmit_value (*checks)(struct ipsec_xmit_state *ixs, - struct sk_buff *skb); - enum ipsec_xmit_value (*encrypt)(struct ipsec_xmit_state *ixs); - - enum ipsec_xmit_value (*setup_auth)(struct ipsec_xmit_state *ixs, - struct sk_buff *skb, - __u32 *replay, - unsigned char **authenticator); - enum ipsec_xmit_value (*calc_auth)(struct ipsec_xmit_state *ixs, - struct sk_buff *skb); -}; -#endif - -enum ipsec_xmit_value -ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs); - -enum ipsec_xmit_value -ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs); - -enum ipsec_xmit_value -ipsec_xmit_encap_bundle(struct ipsec_xmit_state *ixs); - -extern int ipsec_xmit_trap_count; -extern int ipsec_xmit_trap_sendcount; - -extern void ipsec_extract_ports(struct iphdr * iph, struct sockaddr_encap * er); diff --git a/src/libfreeswan/keyblobtoid.3 b/src/libfreeswan/keyblobtoid.3 index e33603bb0..8b5bfb0a2 100644 --- a/src/libfreeswan/keyblobtoid.3 +++ b/src/libfreeswan/keyblobtoid.3 @@ -1,5 +1,4 @@ .TH IPSEC_KEYBLOBTOID 3 "25 March 2002" -.\" RCSID $Id: keyblobtoid.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec keyblobtoid, splitkeytoid \- generate key IDs from RSA keys .SH SYNOPSIS diff --git a/src/libfreeswan/keyblobtoid.c b/src/libfreeswan/keyblobtoid.c index f8c47a55c..118e61391 100644 --- a/src/libfreeswan/keyblobtoid.c +++ b/src/libfreeswan/keyblobtoid.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: keyblobtoid.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/optionsfrom.3 b/src/libfreeswan/optionsfrom.3 deleted file mode 100644 index 717d280f0..000000000 --- a/src/libfreeswan/optionsfrom.3 +++ /dev/null @@ -1,182 +0,0 @@ -.TH IPSEC_OPTIONSFROM 3 "16 Oct 1998" -.\" RCSID $Id: optionsfrom.3 3265 2007-10-08 19:52:55Z andreas $ -.SH NAME -ipsec optionsfrom \- read additional ``command-line'' options from file -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "const char *optionsfrom(char *filename, int *argcp," -.ti +1c -.B "char ***argvp, int optind, FILE *errsto);" -.SH DESCRIPTION -.I Optionsfrom -is called from within a -.IR getopt_long (3) -scan, -as the result of the appearance of an option (preferably -.BR \-\-optionsfrom ) -to insert additional ``command-line'' arguments -into the scan immediately after -the option. -Typically this would be done to pick up options which are -security-sensitive and should not be visible to -.IR ps (1) -and similar commands, -and hence cannot be supplied as part -of the actual command line or the environment. -.PP -.I Optionsfrom -reads the additional arguments from the specified -.IR filename , -allocates a new argument vector to hold pointers to the existing -arguments plus the new ones, -and amends -.I argc -and -.I argv -(via the pointers -.I argcp -and -.IR argvp , -which must point to the -.I argc -and -.I argv -being supplied to -.IR getopt_long (3)) -accordingly. -.I Optind -must be the index, in the original argument vector, -of the next argument. -.PP -If -.I errsto -is NULL, -.I optionsfrom -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -If -.I errsto -is non-NULL and an error occurs, -.I optionsfrom -prints a suitable complaint onto the -.I errsto -descriptor and invokes -.I exit -with an exit status of 2; -this is a convenience for cases where more sophisticated -responses are not required. -.PP -The text of existing arguments is not disturbed by -.IR optionsfrom , -so pointers to them and into them remain valid. -.PP -The file of additional arguments is an ASCII text file. -Lines consisting solely of white space, -and lines beginning with -.BR # , -are comments and are ignored. -Otherwise, a line which does not begin with -.BR \- -is taken to be a single argument; -if it both begins and ends with double-quote ("), -those quotes are stripped off (note, no other processing is done within -the line!). -A line beginning with -.B \- -is considered to contain multiple arguments separated by white space. -.PP -Because -.I optionsfrom -reads its entire file before the -.IR getopt_long (3) -scan is resumed, an -.I optionsfrom -file can contain another -.B \-\-optionsfrom -option. -Obviously, infinite loops are possible here. -If -.I errsto -is non-NULL, -.I optionsfrom -considers it an error to be called more than 100 times. -If -.I errsto -is NULL, -loop detection is up to the caller -(and the internal loop counter is zeroed out). -.SH EXAMPLE -A reasonable way to invoke -.I optionsfrom -would be like so: -.PP -.nf -.ft B -#include <getopt.h> - -struct option opts[] = { - /* ... */ - "optionsfrom", 1, NULL, '+', - /* ... */ -}; - -int -main(argc, argv) -int argc; -char *argv[]; -{ - int opt; - extern char *optarg; - extern int optind; - - while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) - switch (opt) { - /* ... */ - case '+': /* optionsfrom */ - optionsfrom(optarg, &argc, &argv, optind, stderr); - /* does not return on error */ - break; - /* ... */ - } - /* ... */ -.ft -.fi -.SH SEE ALSO -getopt_long(3) -.SH DIAGNOSTICS -Errors in -.I optionsfrom -are: -unable to open file; -attempt to allocate temporary storage for argument or -argument vector failed; -read error in file; -line too long. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The double-quote convention is rather simplistic. -.PP -Line length is currently limited to 1023 bytes, -and there is no continuation convention. -.PP -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -.PP -There is a certain element of unwarranted chumminess with -the insides of -.IR getopt_long (3) -here. -No non-public interfaces are actually used, but -.IR optionsfrom -does rely on -.IR getopt_long (3) -being well-behaved in certain ways that are not actually -promised by the specs. diff --git a/src/libfreeswan/optionsfrom.c b/src/libfreeswan/optionsfrom.c deleted file mode 100644 index f4878f386..000000000 --- a/src/libfreeswan/optionsfrom.c +++ /dev/null @@ -1,301 +0,0 @@ -/* - * pick up more options from a file, in the middle of an option scan - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: optionsfrom.c 3265 2007-10-08 19:52:55Z andreas $ - */ -#include "internal.h" -#include "freeswan.h" - -#include <stdio.h> - -#define MAX 100 /* loop-detection limit */ - -/* internal work area */ -struct work { -# define LOTS 1024 - char buf[LOTS]; - char *line; - char *pending; -}; - -static const char *dowork(const char *, int *, char ***, int); -static const char *getanarg(FILE *, struct work *, char **); -static char *getline(FILE *, char *, size_t); - -/* - - optionsfrom - add some options, taken from a file, to argc/argv - * If errsto is non-NULL, does not return in event of error. - */ -const char * /* NULL for success, else string literal */ -optionsfrom(filename, argcp, argvp, optind, errsto) -const char *filename; -int *argcp; /* pointer to argc */ -char ***argvp; /* pointer to argv */ -int optind; /* current optind, number of next argument */ -FILE *errsto; /* where to report errors (NULL means return) */ -{ - const char *e; - static int nuses = 0; - - if (errsto != NULL) { - nuses++; - if (nuses >= MAX) { - fprintf(errsto, - "%s: optionsfrom called %d times, looping?\n", - (*argvp)[0], nuses); - exit(2); - } - } else - nuses = 0; - - e = dowork(filename, argcp, argvp, optind); - if (e != NULL && errsto != NULL) { - fprintf(errsto, "%s: optionsfrom failed: %s\n", (*argvp)[0], e); - exit(2); - } - return e; -} - -/* - - dowork - do all the real work of optionsfrom - * Does not alter the existing arguments, but does relocate and alter - * the argv pointer vector. - */ -static const char * /* NULL for success, else string literal */ -dowork(filename, argcp, argvp, optind) -const char *filename; -int *argcp; /* pointer to argc */ -char ***argvp; /* pointer to argv */ -int optind; /* current optind, number of next argument */ -{ - char **newargv; - char **tmp; - int newargc; - int next; /* place for next argument */ - int room; /* how many more new arguments we can hold */ -# define SOME 10 /* first guess at how many we'll need */ - FILE *f; - int i; - const char *p; - struct work wa; /* for getanarg() */ - - f = fopen(filename, "r"); - if (f == NULL) - return "unable to open file"; - - newargc = *argcp + SOME; - newargv = malloc((newargc+1) * sizeof(char *)); - if (newargv == NULL) - return "unable to allocate memory"; - memcpy(newargv, *argvp, optind * sizeof(char *)); - room = SOME; - next = optind; - - newargv[next] = NULL; - wa.pending = NULL; - while ((p = getanarg(f, &wa, &newargv[next])) == NULL) { - if (room == 0) { - newargc += SOME; - tmp = realloc(newargv, (newargc+1) * sizeof(char *)); - if (tmp == NULL) { - p = "out of space for new argv"; - break; /* NOTE BREAK OUT */ - } - newargv = tmp; - room += SOME; - } - next++; - room--; - } - if (p != NULL && !feof(f)) { /* error of some kind */ - for (i = optind+1; i <= next; i++) - if (newargv[i] != NULL) - free(newargv[i]); - free(newargv); - fclose(f); - return p; - } - - fclose(f); - memcpy(newargv + next, *argvp + optind, - (*argcp+1-optind) * sizeof(char *)); - *argcp += next - optind; - *argvp = newargv; - return NULL; -} - -/* - - getanarg - get a malloced argument from the file - */ -static const char * /* NULL for success, else string literal */ -getanarg(f, w, linep) -FILE *f; -struct work *w; -char **linep; /* where to store pointer if successful */ -{ - size_t len; - char *p; - char *endp; - - while (w->pending == NULL) { /* no pending line */ - if ((w->line = getline(f, w->buf, sizeof(w->buf))) == NULL) - return "error in line read"; /* caller checks EOF */ - if (w->line[0] != '#' && - *(w->line + strspn(w->line, " \t")) != '\0') - w->pending = w->line; - } - - if (w->pending == w->line && w->line[0] != '-') { - /* fresh plain line */ - w->pending = NULL; - p = w->line; - endp = p + strlen(p); - if (*p == '"' && endp > p+1 && *(endp-1) == '"') { - p++; - endp--; - *endp = '\0'; - } - if (w->line == w->buf) { - *linep = malloc(endp - p + 1); - if (*linep == NULL) - return "out of memory for new line"; - strcpy(*linep, p); - } else /* getline already malloced it */ - *linep = p; - return NULL; - } - - /* chip off a piece of a pending line */ - p = w->pending; - p += strspn(p, " \t"); - endp = p + strcspn(p, " \t"); - len = endp - p; - if (*endp != '\0') { - *endp++ = '\0'; - endp += strspn(endp, " \t"); - } - /* endp now points to next real character, or to line-end NUL */ - *linep = malloc(len + 1); - if (*linep == NULL) { - if (w->line != w->buf) - free(w->line); - return "out of memory for new argument"; - } - strcpy(*linep, p); - if (*endp == '\0') { - w->pending = NULL; - if (w->line != w->buf) - free(w->line); - } else - w->pending = endp; - return NULL; -} - -/* - - getline - read a line from the file, trim newline off - */ -static char * /* pointer to line, NULL for eof/error */ -getline(f, buf, bufsize) -FILE *f; -char *buf; /* buffer to use, if convenient */ -size_t bufsize; /* size of buf */ -{ - size_t len; - - if (fgets(buf, bufsize, f) == NULL) - return NULL; - len = strlen(buf); - - if (len < bufsize-1 || buf[bufsize-1] == '\n') { - /* it fit */ - buf[len-1] = '\0'; - return buf; - } - - /* oh crud, buffer overflow */ - /* for now, to hell with it */ - return NULL; -} - - - -#ifdef TEST - -#include <getopt.h> - -char usage[] = "Usage: tester [--foo] [--bar] [--optionsfrom file] arg ..."; -struct option opts[] = { - "foo", 0, NULL, 'f', - "bar", 0, NULL, 'b', - "builtin", 0, NULL, 'B', - "optionsfrom", 1, NULL, '+', - "help", 0, NULL, 'h', - "version", 0, NULL, 'v', - 0, 0, NULL, 0, -}; - -int -main(argc, argv) -int argc; -char *argv[]; -{ - int opt; - extern char *optarg; - extern int optind; - int errflg = 0; - const char *p; - int i; - FILE *errs = NULL; - - while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) - switch (opt) { - case 'f': - case 'b': - break; - case 'B': - errs = stderr; - break; - case '+': /* optionsfrom */ - p = optionsfrom(optarg, &argc, &argv, optind, errs); - if (p != NULL) { - fprintf(stderr, "%s: optionsfrom error: %s\n", - argv[0], p); - exit(1); - } - break; - case 'h': /* help */ - printf("%s\n", usage); - exit(0); - break; - case 'v': /* version */ - printf("1\n"); - exit(0); - break; - case '?': - default: - errflg = 1; - break; - } - if (errflg) { - fprintf(stderr, "%s\n", usage); - exit(2); - } - - for (i = 1; i < argc; i++) - printf("%d: `%s'\n", i, argv[i]); - exit(0); -} - - -#endif /* TEST */ diff --git a/src/libfreeswan/pfkey.h b/src/libfreeswan/pfkey.h index 8c657ff51..ba0010bc7 100644 --- a/src/libfreeswan/pfkey.h +++ b/src/libfreeswan/pfkey.h @@ -11,128 +11,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: pfkey.h 3265 2007-10-08 19:52:55Z andreas $ */ #ifndef __NET_IPSEC_PF_KEY_H #define __NET_IPSEC_PF_KEY_H -#ifdef __KERNEL__ -extern struct proto_ops pfkey_proto_ops; -typedef struct sock pfkey_sock; -extern int debug_pfkey; - -extern /* void */ int pfkey_init(void); -extern /* void */ int pfkey_cleanup(void); - -extern struct sock *pfkey_sock_list; -struct socket_list -{ - struct socket *socketp; - struct socket_list *next; -}; -extern int pfkey_list_insert_socket(struct socket*, struct socket_list**); -extern int pfkey_list_remove_socket(struct socket*, struct socket_list**); -extern struct socket_list *pfkey_open_sockets; -extern struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1]; - -/* - * There is a field-by-field copy in klips/net/ipsec/ipsec_alg.h - * please keep in sync until we migrate all support stuff - * to ipsec_alg objects - */ -struct supported -{ - uint16_t supported_alg_exttype; - uint8_t supported_alg_id; - uint8_t supported_alg_ivlen; - uint16_t supported_alg_minbits; - uint16_t supported_alg_maxbits; -}; -extern struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1]; -struct supported_list -{ - struct supported *supportedp; - struct supported_list *next; -}; -extern int pfkey_list_insert_supported(struct supported*, struct supported_list**); -extern int pfkey_list_remove_supported(struct supported*, struct supported_list**); - -struct sockaddr_key -{ - uint16_t key_family; /* PF_KEY */ - uint16_t key_pad; /* not used */ - uint32_t key_pid; /* process ID */ -}; - -struct pfkey_extracted_data -{ - struct ipsec_sa* ips; - struct ipsec_sa* ips2; - struct eroute *eroute; -}; - -extern int -pfkey_alloc_eroute(struct eroute** eroute); - -extern int -pfkey_sa_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_lifetime_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_address_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_key_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_ident_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_sens_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_prop_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_supported_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_spirange_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_x_satype_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_x_debug_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int pfkey_register_reply(int satype, struct sadb_msg *); -extern int pfkey_upmsg(struct socket *, struct sadb_msg *); -extern int pfkey_expire(struct ipsec_sa *, int); -extern int pfkey_acquire(struct ipsec_sa *); -#else /* ! __KERNEL__ */ extern void (*pfkey_debug_func)(const char *message, ...); -#endif /* __KERNEL__ */ - extern uint8_t satype2proto(uint8_t satype); extern uint8_t proto2satype(uint8_t proto); extern char* satype2name(uint8_t satype); @@ -242,12 +127,6 @@ pfkey_ident_build(struct sadb_ext** pfkey_ext, uint8_t ident_len, char* ident_string); -#ifdef __KERNEL__ -extern int pfkey_nat_t_new_mapping(struct ipsec_sa *, struct sockaddr *, __u16); -extern int pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr); -extern int pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr); -#endif /* __KERNEL__ */ - int pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext, uint8_t type); diff --git a/src/libfreeswan/pfkey_v2_build.c b/src/libfreeswan/pfkey_v2_build.c index 45a8a8e71..ddc21040f 100644 --- a/src/libfreeswan/pfkey_v2_build.c +++ b/src/libfreeswan/pfkey_v2_build.c @@ -11,51 +11,18 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: pfkey_v2_build.c 3265 2007-10-08 19:52:55Z andreas $ */ /* * Template from klips/net/ipsec/ipsec/ipsec_parser.c. */ -char pfkey_v2_build_c_version[] = "$Id: pfkey_v2_build.c 3265 2007-10-08 19:52:55Z andreas $"; - -/* - * Some ugly stuff to allow consistent debugging code for use in the - * kernel and in user space -*/ - -#ifdef __KERNEL__ - -# include <linux/kernel.h> /* for printk */ - -# include "freeswan/ipsec_kversion.h" /* for malloc switch */ -# ifdef MALLOC_SLAB -# include <linux/slab.h> /* kmalloc() */ -# else /* MALLOC_SLAB */ -# include <linux/malloc.h> /* kmalloc() */ -# endif /* MALLOC_SLAB */ -# include <linux/errno.h> /* error codes */ -# include <linux/types.h> /* size_t */ -# include <linux/interrupt.h> /* mark_bh */ - -# include <linux/netdevice.h> /* struct device, and other headers */ -# include <linux/etherdevice.h> /* eth_type_trans */ -# include <linux/ip.h> /* struct iphdr */ -# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -# include <linux/ipv6.h> /* struct ipv6hdr */ -# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ - -# define MALLOC(size) kmalloc(size, GFP_ATOMIC) -# define FREE(obj) kfree(obj) -# include <freeswan.h> -#else /* __KERNEL__ */ +char pfkey_v2_build_c_version[] = ""; # include <sys/types.h> -# include <linux/types.h> -# include <linux/errno.h> -# include <malloc.h> +# include <sys/socket.h> +# include <stdlib.h> +# include <errno.h> # include <string.h> /* memset */ # include <freeswan.h> @@ -63,8 +30,6 @@ unsigned int pfkey_lib_debug = 0; void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1); -/* #define PLUTO */ - #define DEBUGGING(args...) if(pfkey_lib_debug) { \ if(pfkey_debug_func != NULL) { \ (*pfkey_debug_func)("pfkey_lib_debug:" args); \ @@ -73,22 +38,10 @@ void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1); } } # define MALLOC(size) malloc(size) # define FREE(obj) free(obj) -#endif /* __KERNEL__ */ #include <pfkeyv2.h> #include <pfkey.h> -#ifdef __KERNEL__ - -#include "freeswan/radij.h" /* rd_nodes */ -#include "freeswan/ipsec_encap.h" /* sockaddr_encap */ - -# define DEBUGGING(args...) \ - KLIPS_PRINT(debug_pfkey, "klips_debug:" args) -#endif /* __KERNEL__ */ - -#include "ipsec_sa.h" /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */ - #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) void @@ -483,14 +436,14 @@ pfkey_address_build(struct sadb_ext** pfkey_ext, "found address family AF_INET6.\n"); saddr_len = sizeof(struct sockaddr_in6); sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x-%x" - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[0]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[1]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[2]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[3]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[4]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[5]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[6]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[7]) + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[0]) + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[1]) + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[2]) + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[3]) + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[4]) + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[5]) + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[6]) + , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr[7]) , ntohs(((struct sockaddr_in6*)address)->sin6_port)); break; default: diff --git a/src/libfreeswan/pfkey_v2_debug.c b/src/libfreeswan/pfkey_v2_debug.c index 35e4f75f1..0256e2a03 100644 --- a/src/libfreeswan/pfkey_v2_debug.c +++ b/src/libfreeswan/pfkey_v2_debug.c @@ -13,36 +13,10 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: pfkey_v2_debug.c 3265 2007-10-08 19:52:55Z andreas $ - * */ -#ifdef __KERNEL__ - -# include <linux/kernel.h> /* for printk */ - -# include "freeswan/ipsec_kversion.h" /* for malloc switch */ -# ifdef MALLOC_SLAB -# include <linux/slab.h> /* kmalloc() */ -# else /* MALLOC_SLAB */ -# include <linux/malloc.h> /* kmalloc() */ -# endif /* MALLOC_SLAB */ -# include <linux/errno.h> /* error codes */ -# include <linux/types.h> /* size_t */ -# include <linux/interrupt.h> /* mark_bh */ - -# include <linux/netdevice.h> /* struct device, and other headers */ -# include <linux/etherdevice.h> /* eth_type_trans */ -extern int debug_pfkey; - -#else /* __KERNEL__ */ - # include <sys/types.h> -# include <linux/types.h> -# include <linux/errno.h> - -#endif /* __KERNEL__ */ +# include <errno.h> #include "freeswan.h" #include "pfkeyv2.h" diff --git a/src/libfreeswan/pfkey_v2_ext_bits.c b/src/libfreeswan/pfkey_v2_ext_bits.c index d6f31def4..b6ef4496d 100644 --- a/src/libfreeswan/pfkey_v2_ext_bits.c +++ b/src/libfreeswan/pfkey_v2_ext_bits.c @@ -11,48 +11,16 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: pfkey_v2_ext_bits.c 3265 2007-10-08 19:52:55Z andreas $ */ /* * Template from klips/net/ipsec/ipsec/ipsec_parse.c. */ -char pfkey_v2_ext_bits_c_version[] = "$Id: pfkey_v2_ext_bits.c 3265 2007-10-08 19:52:55Z andreas $"; - -/* - * Some ugly stuff to allow consistent debugging code for use in the - * kernel and in user space -*/ - -#ifdef __KERNEL__ - -# include <linux/kernel.h> /* for printk */ - -# include "freeswan/ipsec_kversion.h" /* for malloc switch */ -# ifdef MALLOC_SLAB -# include <linux/slab.h> /* kmalloc() */ -# else /* MALLOC_SLAB */ -# include <linux/malloc.h> /* kmalloc() */ -# endif /* MALLOC_SLAB */ -# include <linux/errno.h> /* error codes */ -# include <linux/types.h> /* size_t */ -# include <linux/interrupt.h> /* mark_bh */ - -# include <linux/netdevice.h> /* struct device, and other headers */ -# include <linux/etherdevice.h> /* eth_type_trans */ -# include <linux/ip.h> /* struct iphdr */ -# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -# include <linux/ipv6.h> -# endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ - -#else /* __KERNEL__ */ +char pfkey_v2_ext_bits_c_version[] = ""; # include <sys/types.h> -# include <linux/types.h> -# include <linux/errno.h> -#endif +# include <errno.h> #include <freeswan.h> #include <pfkeyv2.h> diff --git a/src/libfreeswan/pfkey_v2_parse.c b/src/libfreeswan/pfkey_v2_parse.c index e365d10b6..7ee08978c 100644 --- a/src/libfreeswan/pfkey_v2_parse.c +++ b/src/libfreeswan/pfkey_v2_parse.c @@ -11,83 +11,32 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: pfkey_v2_parse.c 3265 2007-10-08 19:52:55Z andreas $ */ /* * Template from klips/net/ipsec/ipsec/ipsec_parser.c. */ -char pfkey_v2_parse_c_version[] = "$Id: pfkey_v2_parse.c 3265 2007-10-08 19:52:55Z andreas $"; - -/* - * Some ugly stuff to allow consistent debugging code for use in the - * kernel and in user space -*/ - -#ifdef __KERNEL__ - -# include <linux/kernel.h> /* for printk */ - -#include "freeswan/ipsec_kversion.h" /* for malloc switch */ - -# ifdef MALLOC_SLAB -# include <linux/slab.h> /* kmalloc() */ -# else /* MALLOC_SLAB */ -# include <linux/malloc.h> /* kmalloc() */ -# endif /* MALLOC_SLAB */ -# include <linux/errno.h> /* error codes */ -# include <linux/types.h> /* size_t */ -# include <linux/interrupt.h> /* mark_bh */ - -# include <linux/netdevice.h> /* struct device, and other headers */ -# include <linux/etherdevice.h> /* eth_type_trans */ -# include <linux/ip.h> /* struct iphdr */ -# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -# include <linux/ipv6.h> /* struct ipv6hdr */ -# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ -extern int debug_pfkey; - -#include "freeswan.h" - -#include "ipsec_encap.h" - -#else /* __KERNEL__ */ +char pfkey_v2_parse_c_version[] = ""; # include <sys/types.h> -# include <linux/types.h> -# include <linux/errno.h> +# include <sys/socket.h> +# include <errno.h> # include <freeswan.h> # include <constants.h> # include <defs.h> /* for PRINTF_LIKE */ # include <log.h> /* for debugging and DBG_log */ -/* #define PLUTO */ - # ifdef PLUTO # define DEBUGGING(level, args...) { DBG_log("pfkey_lib_debug:" args); } # else # define DEBUGGING(level, args...) if(pfkey_lib_debug & level) { printf("pfkey_lib_debug:" args); } else { ; } # endif -#endif /* __KERNEL__ */ - - #include <pfkeyv2.h> #include <pfkey.h> -#ifdef __KERNEL__ -extern int sysctl_ipsec_debug_verbose; -# define DEBUGGING(level, args...) \ - KLIPS_PRINT( \ - ((debug_pfkey & level & (PF_KEY_DEBUG_PARSE_STRUCT | PF_KEY_DEBUG_PARSE_PROBLEM)) \ - || (sysctl_ipsec_debug_verbose && (debug_pfkey & level & PF_KEY_DEBUG_PARSE_FLOW))) \ - , "klips_debug:" args) -#endif /* __KERNEL__ */ -#include "ipsec_sa.h" /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */ - #define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) @@ -96,21 +45,11 @@ struct satype_tbl { uint8_t satype; char* name; } static satype_tbl[] = { -#ifdef __KERNEL__ - { IPPROTO_ESP, SADB_SATYPE_ESP, "ESP" }, - { IPPROTO_AH, SADB_SATYPE_AH, "AH" }, - { IPPROTO_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, -#ifdef CONFIG_IPSEC_IPCOMP - { IPPROTO_COMP, SADB_X_SATYPE_COMP, "COMP" }, -#endif /* CONFIG_IPSEC_IPCOMP */ - { IPPROTO_INT, SADB_X_SATYPE_INT, "INT" }, -#else /* __KERNEL__ */ { SA_ESP, SADB_SATYPE_ESP, "ESP" }, { SA_AH, SADB_SATYPE_AH, "AH" }, { SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, { SA_COMP, SADB_X_SATYPE_COMP, "COMP" }, { SA_INT, SADB_X_SATYPE_INT, "INT" }, -#endif /* __KERNEL__ */ { 0, 0, "UNKNOWN" } }; @@ -418,14 +357,14 @@ pfkey_address_parse(struct sadb_ext *pfkey_ext) case AF_INET6: saddr_len = sizeof(struct sockaddr_in6); sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x" - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[0]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[1]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[2]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[3]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[4]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[5]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[6]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[7])); + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[0]) + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[1]) + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[2]) + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[3]) + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[4]) + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[5]) + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[6]) + , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr[7])); DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, "pfkey_address_parse: " "found exttype=%u(%s) family=%d(AF_INET6) address=%s proto=%u port=%u.\n", diff --git a/src/libfreeswan/pfkeyv2.h b/src/libfreeswan/pfkeyv2.h index 1ea1265d3..5ef5e747c 100644 --- a/src/libfreeswan/pfkeyv2.h +++ b/src/libfreeswan/pfkeyv2.h @@ -1,8 +1,4 @@ /* - * RCSID $Id: pfkeyv2.h 3846 2008-04-18 17:01:45Z andreas $ - */ - -/* RFC 2367 PF_KEY Key Management API July 1998 diff --git a/src/libfreeswan/portof.3 b/src/libfreeswan/portof.3 index ffa2c0125..112def560 100644 --- a/src/libfreeswan/portof.3 +++ b/src/libfreeswan/portof.3 @@ -1,5 +1,4 @@ .TH IPSEC_PORTOF 3 "8 Sept 2000" -.\" RCSID $Id: portof.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec portof \- get port field of an ip_address .br diff --git a/src/libfreeswan/portof.c b/src/libfreeswan/portof.c index 96d32acf2..6d06473ad 100644 --- a/src/libfreeswan/portof.c +++ b/src/libfreeswan/portof.c @@ -11,9 +11,9 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: portof.c 3265 2007-10-08 19:52:55Z andreas $ */ +#include <sys/socket.h> + #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/prng.3 b/src/libfreeswan/prng.3 index 9d0130c0f..48c6ceed0 100644 --- a/src/libfreeswan/prng.3 +++ b/src/libfreeswan/prng.3 @@ -1,5 +1,4 @@ .TH IPSEC_PRNG 3 "1 April 2002" -.\" RCSID $Id: prng.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec prng_init \- initialize IPsec pseudorandom-number generator .br diff --git a/src/libfreeswan/prng.c b/src/libfreeswan/prng.c index cdf9eb0ed..6cb84e484 100644 --- a/src/libfreeswan/prng.c +++ b/src/libfreeswan/prng.c @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: prng.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/radij.h b/src/libfreeswan/radij.h deleted file mode 100644 index 2396020f7..000000000 --- a/src/libfreeswan/radij.h +++ /dev/null @@ -1,201 +0,0 @@ -/* - * RCSID $Id: radij.h 3265 2007-10-08 19:52:55Z andreas $ - */ - -/* - * This file is defived from ${SRC}/sys/net/radix.h of BSD 4.4lite - * - * Variable and procedure names have been modified so that they don't - * conflict with the original BSD code, as a small number of modifications - * have been introduced and we may want to reuse this code in BSD. - * - * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek - * chi or a German ch sound (as `doch', not as in `milch'), or even a - * spanish j as in Juan. It is not as far back in the throat like - * the corresponding Hebrew sound, nor is it a soft breath like the English h. - * It has nothing to do with the Dutch ij sound. - * - * Here is the appropriate copyright notice: - */ - -/* - * Copyright (c) 1988, 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)radix.h 8.1 (Berkeley) 6/10/93 - */ - -#ifndef _RADIJ_H_ -#define _RADIJ_H_ - -/* -#define RJ_DEBUG -*/ - -#ifdef __KERNEL__ - -#ifndef __P -#ifdef __STDC__ -#define __P(x) x -#else -#define __P(x) () -#endif -#endif - -/* - * Radix search tree node layout. - */ - -struct radij_node -{ - struct radij_mask *rj_mklist; /* list of masks contained in subtree */ - struct radij_node *rj_p; /* parent */ - short rj_b; /* bit offset; -1-index(netmask) */ - char rj_bmask; /* node: mask for bit test*/ - u_char rj_flags; /* enumerated next */ -#define RJF_NORMAL 1 /* leaf contains normal route */ -#define RJF_ROOT 2 /* leaf is root leaf for tree */ -#define RJF_ACTIVE 4 /* This node is alive (for rtfree) */ - union { - struct { /* leaf only data: */ - caddr_t rj_Key; /* object of search */ - caddr_t rj_Mask; /* netmask, if present */ - struct radij_node *rj_Dupedkey; - } rj_leaf; - struct { /* node only data: */ - int rj_Off; /* where to start compare */ - struct radij_node *rj_L;/* progeny */ - struct radij_node *rj_R;/* progeny */ - }rj_node; - } rj_u; -#ifdef RJ_DEBUG - int rj_info; - struct radij_node *rj_twin; - struct radij_node *rj_ybro; -#endif -}; - -#define rj_dupedkey rj_u.rj_leaf.rj_Dupedkey -#define rj_key rj_u.rj_leaf.rj_Key -#define rj_mask rj_u.rj_leaf.rj_Mask -#define rj_off rj_u.rj_node.rj_Off -#define rj_l rj_u.rj_node.rj_L -#define rj_r rj_u.rj_node.rj_R - -/* - * Annotations to tree concerning potential routes applying to subtrees. - */ - -extern struct radij_mask { - short rm_b; /* bit offset; -1-index(netmask) */ - char rm_unused; /* cf. rj_bmask */ - u_char rm_flags; /* cf. rj_flags */ - struct radij_mask *rm_mklist; /* more masks to try */ - caddr_t rm_mask; /* the mask */ - int rm_refs; /* # of references to this struct */ -} *rj_mkfreelist; - -#define MKGet(m) {\ - if (rj_mkfreelist) {\ - m = rj_mkfreelist; \ - rj_mkfreelist = (m)->rm_mklist; \ - } else \ - R_Malloc(m, struct radij_mask *, sizeof (*(m))); }\ - -#define MKFree(m) { (m)->rm_mklist = rj_mkfreelist; rj_mkfreelist = (m);} - -struct radij_node_head { - struct radij_node *rnh_treetop; - int rnh_addrsize; /* permit, but not require fixed keys */ - int rnh_pktsize; /* permit, but not require fixed keys */ -#if 0 - struct radij_node *(*rnh_addaddr) /* add based on sockaddr */ - __P((void *v, void *mask, - struct radij_node_head *head, struct radij_node nodes[])); -#endif - int (*rnh_addaddr) /* add based on sockaddr */ - __P((void *v, void *mask, - struct radij_node_head *head, struct radij_node nodes[])); - struct radij_node *(*rnh_addpkt) /* add based on packet hdr */ - __P((void *v, void *mask, - struct radij_node_head *head, struct radij_node nodes[])); -#if 0 - struct radij_node *(*rnh_deladdr) /* remove based on sockaddr */ - __P((void *v, void *mask, struct radij_node_head *head)); -#endif - int (*rnh_deladdr) /* remove based on sockaddr */ - __P((void *v, void *mask, struct radij_node_head *head, struct radij_node **node)); - struct radij_node *(*rnh_delpkt) /* remove based on packet hdr */ - __P((void *v, void *mask, struct radij_node_head *head)); - struct radij_node *(*rnh_matchaddr) /* locate based on sockaddr */ - __P((void *v, struct radij_node_head *head)); - struct radij_node *(*rnh_matchpkt) /* locate based on packet hdr */ - __P((void *v, struct radij_node_head *head)); - int (*rnh_walktree) /* traverse tree */ - __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w)); - struct radij_node rnh_nodes[3]; /* empty tree for common case */ -}; - - -#define Bcmp(a, b, n) memcmp(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) -#define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) -#define Bzero(p, n) memset((caddr_t)(p), 0, (unsigned)(n)) -#define R_Malloc(p, t, n) ((p = (t) kmalloc((size_t)(n), GFP_ATOMIC)), Bzero((p),(n))) -#define Free(p) kfree((caddr_t)p); - -void rj_init __P((void)); -int rj_inithead __P((void **, int)); -int rj_refines __P((void *, void *)); -int rj_walktree __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w)); -struct radij_node - *rj_addmask __P((void *, int, int)) /* , rgb */ ; -int /* * */ rj_addroute __P((void *, void *, struct radij_node_head *, - struct radij_node [2])) /* , rgb */ ; -int /* * */ rj_delete __P((void *, void *, struct radij_node_head *, struct radij_node **)) /* , rgb */ ; -struct radij_node /* rgb */ - *rj_insert __P((void *, struct radij_node_head *, int *, - struct radij_node [2])), - *rj_match __P((void *, struct radij_node_head *)), - *rj_newpair __P((void *, int, struct radij_node[2])), - *rj_search __P((void *, struct radij_node *)), - *rj_search_m __P((void *, struct radij_node *, void *)); - -void rj_deltree(struct radij_node_head *); -void rj_delnodes(struct radij_node *); -void rj_free_mkfreelist(void); -int radijcleartree(void); -int radijcleanup(void); - -extern struct radij_node_head *mask_rjhead; -extern int maj_keylen; -#endif /* __KERNEL__ */ - -#endif /* _RADIJ_H_ */ diff --git a/src/libfreeswan/rangetoa.c b/src/libfreeswan/rangetoa.c index 4d1eb204e..c5a7ddfda 100644 --- a/src/libfreeswan/rangetoa.c +++ b/src/libfreeswan/rangetoa.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: rangetoa.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/rangetosubnet.3 b/src/libfreeswan/rangetosubnet.3 index 27e765670..100b42bd9 100644 --- a/src/libfreeswan/rangetosubnet.3 +++ b/src/libfreeswan/rangetosubnet.3 @@ -1,5 +1,4 @@ .TH IPSEC_RANGETOSUBNET 3 "8 Sept 2000" -.\" RCSID $Id: rangetosubnet.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec rangetosubnet \- convert address range to subnet .SH SYNOPSIS diff --git a/src/libfreeswan/rangetosubnet.c b/src/libfreeswan/rangetosubnet.c index f68efa6bf..0defa0739 100644 --- a/src/libfreeswan/rangetosubnet.c +++ b/src/libfreeswan/rangetosubnet.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: rangetosubnet.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/sameaddr.3 b/src/libfreeswan/sameaddr.3 index dc172029e..62886bf1a 100644 --- a/src/libfreeswan/sameaddr.3 +++ b/src/libfreeswan/sameaddr.3 @@ -1,5 +1,4 @@ .TH IPSEC_ANYADDR 3 "28 Nov 2000" -.\" RCSID $Id: sameaddr.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec sameaddr \- are two addresses the same? .br diff --git a/src/libfreeswan/sameaddr.c b/src/libfreeswan/sameaddr.c index 77f458e50..653b94c30 100644 --- a/src/libfreeswan/sameaddr.c +++ b/src/libfreeswan/sameaddr.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: sameaddr.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/satoa.c b/src/libfreeswan/satoa.c index 46ed1a483..fe7fb2ea0 100644 --- a/src/libfreeswan/satoa.c +++ b/src/libfreeswan/satoa.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: satoa.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/satot.c b/src/libfreeswan/satot.c index bb1e6c736..a16d62840 100644 --- a/src/libfreeswan/satot.c +++ b/src/libfreeswan/satot.c @@ -11,9 +11,9 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: satot.c 3265 2007-10-08 19:52:55Z andreas $ */ +#include <sys/socket.h> + #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/subnetof.3 b/src/libfreeswan/subnetof.3 index 9358256cf..aacc76d2c 100644 --- a/src/libfreeswan/subnetof.3 +++ b/src/libfreeswan/subnetof.3 @@ -1,5 +1,4 @@ .TH IPSEC_SUBNETOF 3 "11 June 2001" -.\" RCSID $Id: subnetof.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec subnetof \- given Internet address and subnet mask, return subnet number .br diff --git a/src/libfreeswan/subnetof.c b/src/libfreeswan/subnetof.c index 4cc3653f3..55786a2e4 100644 --- a/src/libfreeswan/subnetof.c +++ b/src/libfreeswan/subnetof.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: subnetof.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/subnettoa.c b/src/libfreeswan/subnettoa.c index 6fc282de1..e8d98168d 100644 --- a/src/libfreeswan/subnettoa.c +++ b/src/libfreeswan/subnettoa.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: subnettoa.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/subnettot.c b/src/libfreeswan/subnettot.c index 7bdacc1fb..03d2e1e57 100644 --- a/src/libfreeswan/subnettot.c +++ b/src/libfreeswan/subnettot.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: subnettot.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/subnettypeof.c b/src/libfreeswan/subnettypeof.c index d2b09fde7..9fa15a7d5 100644 --- a/src/libfreeswan/subnettypeof.c +++ b/src/libfreeswan/subnettypeof.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: subnettypeof.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/ttoaddr.3 b/src/libfreeswan/ttoaddr.3 index a1ede84b3..70671145e 100644 --- a/src/libfreeswan/ttoaddr.3 +++ b/src/libfreeswan/ttoaddr.3 @@ -1,5 +1,4 @@ .TH IPSEC_TTOADDR 3 "28 Sept 2001" -.\" RCSID $Id: ttoaddr.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec ttoaddr, tnatoaddr, addrtot \- convert Internet addresses to and from text .br diff --git a/src/libfreeswan/ttoaddr.c b/src/libfreeswan/ttoaddr.c index 15e8dfe55..e4ceec863 100644 --- a/src/libfreeswan/ttoaddr.c +++ b/src/libfreeswan/ttoaddr.c @@ -11,9 +11,9 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: ttoaddr.c 3684 2008-03-28 11:46:30Z martin $ */ +#include <sys/socket.h> + #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/ttodata.3 b/src/libfreeswan/ttodata.3 index 0663407ff..8f4b1ec93 100644 --- a/src/libfreeswan/ttodata.3 +++ b/src/libfreeswan/ttodata.3 @@ -1,5 +1,4 @@ .TH IPSEC_TTODATA 3 "16 August 2003" -.\" RCSID $Id: ttodata.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec ttodata, datatot \- convert binary data bytes from and to text formats .SH SYNOPSIS diff --git a/src/libfreeswan/ttodata.c b/src/libfreeswan/ttodata.c index 5334ea124..b0d5e4d01 100644 --- a/src/libfreeswan/ttodata.c +++ b/src/libfreeswan/ttodata.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: ttodata.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/ttoprotoport.c b/src/libfreeswan/ttoprotoport.c index d64cfd5ee..c3d033168 100644 --- a/src/libfreeswan/ttoprotoport.c +++ b/src/libfreeswan/ttoprotoport.c @@ -12,8 +12,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * RCSID $Id: ttoprotoport.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" @@ -28,7 +26,7 @@ char *src; /* input string */ size_t src_len; /* length of input string, use strlen() if 0 */ u_int8_t *proto; /* extracted protocol number */ u_int16_t *port; /* extracted port number if it exists */ -int *has_port_wildcard; /* set if port is %any */ +bool *has_port_wildcard; /* set if port is %any */ { char *end, *service_name; char proto_name[16]; diff --git a/src/libfreeswan/ttosa.3 b/src/libfreeswan/ttosa.3 index 3ae041de2..f9ea36a09 100644 --- a/src/libfreeswan/ttosa.3 +++ b/src/libfreeswan/ttosa.3 @@ -1,5 +1,4 @@ .TH IPSEC_TTOSA 3 "26 Nov 2001" -.\" RCSID $Id: ttosa.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec ttosa, satot \- convert IPsec Security Association IDs to and from text .br diff --git a/src/libfreeswan/ttosa.c b/src/libfreeswan/ttosa.c index 4e6a29f74..20e01b152 100644 --- a/src/libfreeswan/ttosa.c +++ b/src/libfreeswan/ttosa.c @@ -11,9 +11,9 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: ttosa.c 3265 2007-10-08 19:52:55Z andreas $ */ +#include <sys/socket.h> + #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/ttosubnet.c b/src/libfreeswan/ttosubnet.c index 82e569ea1..36c039a96 100644 --- a/src/libfreeswan/ttosubnet.c +++ b/src/libfreeswan/ttosubnet.c @@ -11,9 +11,9 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: ttosubnet.c 3265 2007-10-08 19:52:55Z andreas $ */ +#include <sys/socket.h> + #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/ttoul.3 b/src/libfreeswan/ttoul.3 index 2bd08b4b0..ffd9fb38a 100644 --- a/src/libfreeswan/ttoul.3 +++ b/src/libfreeswan/ttoul.3 @@ -1,5 +1,4 @@ .TH IPSEC_TTOUL 3 "16 Aug 2000" -.\" RCSID $Id: ttoul.3 3265 2007-10-08 19:52:55Z andreas $ .SH NAME ipsec ttoul, ultot \- convert unsigned-long numbers to and from text .SH SYNOPSIS diff --git a/src/libfreeswan/ttoul.c b/src/libfreeswan/ttoul.c index 1bd73a702..853a6130c 100644 --- a/src/libfreeswan/ttoul.c +++ b/src/libfreeswan/ttoul.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: ttoul.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/ultoa.c b/src/libfreeswan/ultoa.c index ae7c7e62b..ef45366a1 100644 --- a/src/libfreeswan/ultoa.c +++ b/src/libfreeswan/ultoa.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: ultoa.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/ultot.c b/src/libfreeswan/ultot.c index 9e1bfa36c..c4f2d7884 100644 --- a/src/libfreeswan/ultot.c +++ b/src/libfreeswan/ultot.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public * License for more details. - * - * RCSID $Id: ultot.c 3265 2007-10-08 19:52:55Z andreas $ */ #include "internal.h" #include "freeswan.h" diff --git a/src/libfreeswan/version.3 b/src/libfreeswan/version.3 deleted file mode 100644 index e43ee8b61..000000000 --- a/src/libfreeswan/version.3 +++ /dev/null @@ -1,44 +0,0 @@ -.TH IPSEC_VERSION 3 "21 Nov 2001" -.\" RCSID $Id: version.3 3265 2007-10-08 19:52:55Z andreas $ -.SH NAME -ipsec ipsec_version_code \- get IPsec version code -.br -ipsec ipsec_version_string \- get full IPsec version string -.br -ipsec ipsec_copyright_notice \- get IPsec copyright notice -.SH SYNOPSIS -.B "#include <freeswan.h> -.sp -.B "const char *ipsec_version_code(void);" -.br -.B "const char *ipsec_version_string(void);" -.br -.B "const char **ipsec_copyright_notice(void);" -.SH DESCRIPTION -These functions provide information on version numbering and copyright -of the Linux FreeS/WAN IPsec implementation. -.PP -.I Ipsec_version_code -returns a pointer to a string constant -containing the current IPsec version code, -such as ``1.92'' or ``snap2001Nov19b''. -.PP -.I Ipsec_version_string -returns a pointer to a string constant giving a full version identification, -consisting of the version code preceded by a prefix identifying the software, -e.g. ``Linux FreeS/WAN 1.92''. -.PP -.I Ipsec_copyright_notice -returns a pointer to a vector of pointers, -terminated by a -.BR NULL , -which is the text of a suitable copyright notice. -Each pointer points to a string constant (possibly empty) which is one line -of the somewhat-verbose copyright notice. -The strings are NUL-terminated and do not contain a newline; -supplying suitable line termination for the output device is -the caller's responsibility. -.SH SEE ALSO -ipsec(8) -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. diff --git a/src/libfreeswan/version.c b/src/libfreeswan/version.c deleted file mode 100644 index ffd2f5680..000000000 --- a/src/libfreeswan/version.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * return IPsec version information - * Copyright (C) 2001 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: version.c 3265 2007-10-08 19:52:55Z andreas $ - */ - -#ifdef __KERNEL__ -#include <linux/netdevice.h> -#endif - -#include "freeswan.h" - -static const char strongswan_number[] = VERSION; -static const char strongswan_string[] = "Linux strongSwan " VERSION; - -/* - - ipsec_version_code - return IPsec version number/code, as string - */ -const char * -ipsec_version_code() -{ - return strongswan_number; -} - -/* - - ipsec_version_string - return full version string - */ -const char * -ipsec_version_string() -{ - return strongswan_string; -} |