From 808cf8b3174aa7ad0833ea69cb55753d21318c9c Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Sun, 28 Jan 2007 20:57:54 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (2.8.1) --- testing/scripts/kstart-umls | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'testing/scripts/kstart-umls') diff --git a/testing/scripts/kstart-umls b/testing/scripts/kstart-umls index a533fb728..21baee52c 100755 --- a/testing/scripts/kstart-umls +++ b/testing/scripts/kstart-umls @@ -14,7 +14,7 @@ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # -# RCSID $Id: kstart-umls,v 1.6 2005/08/30 22:13:12 as Exp $ +# RCSID $Id: kstart-umls,v 1.7 2007/01/11 20:32:01 as Exp $ DIR=`dirname $0` @@ -35,6 +35,12 @@ BOOTING_HOSTS="" count_max=12 count=0 +#position of konsole window on the desktop +x0=8 +y0=8 +dx=12 +dy=24 + for host in $HOSTS do up=0 @@ -57,13 +63,16 @@ do [ -f $UMLHOSTFS ] || die "!! uml root file system '$UMLHOSTFS' not found" cecho-n " * Starting ${host}.." - eval konsole -title ${host} -e "$UMLKERNEL \ + eval konsole -title ${host} --geometry "+${x0}+${y0}" -e "$UMLKERNEL \ umid=${host} \ ubda=$UMLHOSTFS \ \$SWITCH_${host} \ mem=${MEM}M con=pty con0=fd:0,fd:1" & cecho "done" fi + let "x0+=dx" + let "y0+=dy" + sleep 15 done if [ -z "$BOOTING_HOSTS" ] @@ -90,14 +99,13 @@ do exit 1 fi - pid=`cat ~/.uml/$host/pid` - up=`ps up $pid | grep agetty | wc -l` + up=`uml_mconsole $host proc net/route 2> /dev/null | grep eth0 | wc -l` while [ $count -lt $count_max ] && [ $up -eq 0 ] do cecho-n "." sleep 5 - up=`ps up $pid | grep agetty | wc -l` + up=`uml_mconsole $host proc net/route 2> /dev/null | grep eth0 | wc -l` let "count+=1" done -- cgit v1.2.3 From b0d8ed94fe9e74afb49fdf5f11e4add29879c65c Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Thu, 12 Apr 2007 20:30:08 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.1.1) --- AUTHORS | 0 CHANGES | 781 - CREDITS | 3 + ChangeLog | 1079 + Doxyfile.in | 220 + INSTALL | 305 +- LICENSE | 33 - Makefile | 602 - Makefile.am | 15 + Makefile.in | 638 + Makefile.inc | 330 - Makefile.ver | 1 - NEWS | 962 + README | 2 +- TODO | 69 + aclocal.m4 | 7324 ++++++ config.guess | 1519 ++ config.sub | 1626 ++ configure | 23369 +++++++++++++++++++ configure.in | 240 + depcomp | 530 + install-sh | 323 + lib/.cvsignore | 2 - lib/COPYING.LIB | 481 - lib/Makefile | 40 - lib/Makefile.kernel | 65 - lib/README | 3 - lib/libcrypto/include/cbc_generic.h | 110 - lib/libcrypto/include/hmac_generic.h | 60 - lib/libcrypto/include/md32_common.h | 607 - lib/libcrypto/libaes/Makefile | 40 - lib/libcrypto/libaes/aes.c | 1415 -- lib/libcrypto/libaes/aes.h | 97 - lib/libcrypto/libaes/aes_cbc.c | 13 - lib/libcrypto/libaes/aes_cbc.h | 4 - lib/libcrypto/libaes/aes_xcbc_mac.c | 67 - lib/libcrypto/libaes/aes_xcbc_mac.h | 12 - lib/libcrypto/libaes/asm/aes-i586.S | 892 - lib/libcrypto/libaes/test_main.c | 41 - lib/libcrypto/libaes/test_main_mac.c | 30 - lib/libcrypto/libblowfish/COPYRIGHT | 46 - lib/libcrypto/libblowfish/INSTALL | 14 - lib/libcrypto/libblowfish/Makefile | 121 - lib/libcrypto/libblowfish/Makefile.ssl | 118 - lib/libcrypto/libblowfish/README | 8 - lib/libcrypto/libblowfish/VERSION | 6 - lib/libcrypto/libblowfish/asm/bf-586.pl | 136 - lib/libcrypto/libblowfish/asm/bf-686.pl | 127 - lib/libcrypto/libblowfish/asm/readme | 10 - lib/libcrypto/libblowfish/bf_enc.c | 306 - lib/libcrypto/libblowfish/bf_locl.h | 218 - lib/libcrypto/libblowfish/bf_pi.h | 325 - lib/libcrypto/libblowfish/bf_skey.c | 122 - lib/libcrypto/libblowfish/blowfish.h | 133 - lib/libcrypto/libserpent/Makefile | 20 - lib/libcrypto/libserpent/serpent.c | 995 - lib/libcrypto/libserpent/serpent.h | 17 - lib/libcrypto/libserpent/serpent_cbc.c | 8 - lib/libcrypto/libserpent/serpent_cbc.h | 3 - lib/libcrypto/libserpent/test_main.c | 34 - lib/libcrypto/libsha2/Makefile | 21 - lib/libcrypto/libsha2/hmac_sha2.c | 32 - lib/libcrypto/libsha2/hmac_sha2.h | 17 - lib/libcrypto/libsha2/sha2.c | 437 - lib/libcrypto/libsha2/sha2.h | 52 - lib/libcrypto/libtwofish/Makefile | 21 - lib/libcrypto/libtwofish/test_main.c | 34 - lib/libcrypto/libtwofish/twofish.c | 861 - lib/libcrypto/libtwofish/twofish.h | 20 - lib/libcrypto/libtwofish/twofish_cbc.c | 8 - lib/libcrypto/libtwofish/twofish_cbc.h | 3 - lib/libcrypto/perlasm/LICENSE | 127 - lib/libcrypto/perlasm/alpha.pl | 434 - lib/libcrypto/perlasm/cbc.pl | 342 - lib/libcrypto/perlasm/readme | 124 - lib/libcrypto/perlasm/version | 5 - lib/libcrypto/perlasm/x86asm.pl | 118 - lib/libcrypto/perlasm/x86ms.pl | 365 - lib/libcrypto/perlasm/x86nasm.pl | 366 - lib/libcrypto/perlasm/x86unix.pl | 472 - lib/libdes/.cvsignore | 3 - lib/libdes/Makefile | 245 - lib/libfreeswan/.cvsignore | 9 - lib/libfreeswan/Makefile | 176 - lib/libipsecpolicy/.cvsignore | 1 - lib/libipsecpolicy/Makefile | 96 - lib/libipsecpolicy/cgipolicy.c | 77 - lib/libipsecpolicy/libipsecpolicy.h | 4 - lib/libipsecpolicy/policyquery.c | 167 - lib/libipsecpolicy/version.in.c | 38 - lib/liblwres/Makefile | 73 - lib/liblwres/api | 3 - lib/liblwres/assert_p.h | 33 - lib/liblwres/async.c | 361 - lib/liblwres/config.h | 0 lib/liblwres/context.c | 380 - lib/liblwres/context_p.h | 68 - lib/liblwres/gai_strerror.c | 52 - lib/liblwres/getaddrinfo.c | 692 - lib/liblwres/gethost.c | 219 - lib/liblwres/getipnode.c | 839 - lib/liblwres/getnameinfo.c | 289 - lib/liblwres/getrrset.c | 211 - lib/liblwres/getrrset2.c | 97 - lib/liblwres/herror.c | 101 - lib/liblwres/include/lwres/async.h | 78 - lib/liblwres/include/lwres/context.h | 133 - lib/liblwres/include/lwres/int.h | 32 - lib/liblwres/include/lwres/ipv6.h | 118 - lib/liblwres/include/lwres/lang.h | 31 - lib/liblwres/include/lwres/list.h | 119 - lib/liblwres/include/lwres/lwbuffer.h | 402 - lib/liblwres/include/lwres/lwpacket.h | 124 - lib/liblwres/include/lwres/lwres.h | 584 - lib/liblwres/include/lwres/netdb.h | 522 - lib/liblwres/include/lwres/netdb.h.in | 518 - lib/liblwres/include/lwres/platform.h | 91 - lib/liblwres/include/lwres/platform.h.in | 91 - lib/liblwres/include/lwres/result.h | 40 - lib/liblwres/lwbuffer.c | 287 - lib/liblwres/lwconfig.c | 703 - lib/liblwres/lwinetaton.c | 203 - lib/liblwres/lwinetntop.c | 191 - lib/liblwres/lwinetpton.c | 206 - lib/liblwres/lwpacket.c | 85 - lib/liblwres/lwres_gabn.c | 415 - lib/liblwres/lwres_gnba.c | 328 - lib/liblwres/lwres_grbn.c | 416 - lib/liblwres/lwres_noop.c | 255 - lib/liblwres/lwresutil.c | 491 - lib/liblwres/man/Makefile.in | 232 - lib/liblwres/man/lwres.3 | 158 - lib/liblwres/man/lwres.docbook | 244 - lib/liblwres/man/lwres.html | 444 - lib/liblwres/man/lwres_buffer.3 | 277 - lib/liblwres/man/lwres_buffer.docbook | 378 - lib/liblwres/man/lwres_buffer.html | 608 - lib/liblwres/man/lwres_config.3 | 105 - lib/liblwres/man/lwres_config.docbook | 159 - lib/liblwres/man/lwres_config.html | 295 - lib/liblwres/man/lwres_context.3 | 194 - lib/liblwres/man/lwres_context.docbook | 283 - lib/liblwres/man/lwres_context.html | 519 - lib/liblwres/man/lwres_gabn.3 | 193 - lib/liblwres/man/lwres_gabn.docbook | 255 - lib/liblwres/man/lwres_gabn.html | 442 - lib/liblwres/man/lwres_gai_strerror.3 | 86 - lib/liblwres/man/lwres_gai_strerror.docbook | 161 - lib/liblwres/man/lwres_gai_strerror.html | 294 - lib/liblwres/man/lwres_getaddrinfo.3 | 247 - lib/liblwres/man/lwres_getaddrinfo.docbook | 372 - lib/liblwres/man/lwres_getaddrinfo.html | 722 - lib/liblwres/man/lwres_gethostent.3 | 270 - lib/liblwres/man/lwres_gethostent.docbook | 407 - lib/liblwres/man/lwres_gethostent.html | 827 - lib/liblwres/man/lwres_getipnode.3 | 187 - lib/liblwres/man/lwres_getipnode.docbook | 307 - lib/liblwres/man/lwres_getipnode.html | 529 - lib/liblwres/man/lwres_getnameinfo.3 | 84 - lib/liblwres/man/lwres_getnameinfo.docbook | 154 - lib/liblwres/man/lwres_getnameinfo.html | 303 - lib/liblwres/man/lwres_getrrsetbyname.3 | 142 - lib/liblwres/man/lwres_getrrsetbyname.docbook | 208 - lib/liblwres/man/lwres_getrrsetbyname.html | 371 - lib/liblwres/man/lwres_gnba.3 | 186 - lib/liblwres/man/lwres_gnba.docbook | 259 - lib/liblwres/man/lwres_gnba.html | 408 - lib/liblwres/man/lwres_hstrerror.3 | 67 - lib/liblwres/man/lwres_hstrerror.docbook | 124 - lib/liblwres/man/lwres_hstrerror.html | 242 - lib/liblwres/man/lwres_inetntop.3 | 52 - lib/liblwres/man/lwres_inetntop.docbook | 99 - lib/liblwres/man/lwres_inetntop.html | 186 - lib/liblwres/man/lwres_noop.3 | 160 - lib/liblwres/man/lwres_noop.docbook | 229 - lib/liblwres/man/lwres_noop.html | 409 - lib/liblwres/man/lwres_packet.3 | 149 - lib/liblwres/man/lwres_packet.docbook | 218 - lib/liblwres/man/lwres_packet.html | 373 - lib/liblwres/man/lwres_resutil.3 | 151 - lib/liblwres/man/lwres_resutil.docbook | 221 - lib/liblwres/man/lwres_resutil.html | 412 - lib/liblwres/unix/include/lwres/net.h | 127 - lib/liblwres/version.c | 24 - linux/Documentation/Configure.help.fs2_0.patch | 65 - linux/Documentation/Configure.help.fs2_2.patch | 70 - linux/Documentation/Configure.help.fs2_4.patch | 69 - linux/Makefile | 32 - linux/README.freeswan | 177 - linux/crypto/ciphers/des/COPYRIGHT | 50 - linux/crypto/ciphers/des/INSTALL | 69 - linux/crypto/ciphers/des/Makefile.objs | 20 - linux/crypto/ciphers/des/README | 54 - linux/crypto/ciphers/des/README.freeswan | 33 - linux/crypto/ciphers/des/VERSION | 406 - linux/crypto/ciphers/des/asm/crypt586.pl | 204 - linux/crypto/ciphers/des/asm/des-586.pl | 251 - linux/crypto/ciphers/des/asm/des686.pl | 230 - linux/crypto/ciphers/des/asm/desboth.pl | 79 - linux/crypto/ciphers/des/asm/perlasm/cbc.pl | 342 - linux/crypto/ciphers/des/asm/perlasm/readme | 124 - linux/crypto/ciphers/des/asm/perlasm/x86asm.pl | 111 - linux/crypto/ciphers/des/asm/perlasm/x86ms.pl | 345 - linux/crypto/ciphers/des/asm/perlasm/x86unix.pl | 403 - linux/crypto/ciphers/des/asm/readme | 131 - linux/crypto/ciphers/des/cbc_enc.c | 135 - linux/crypto/ciphers/des/des.doc | 505 - linux/crypto/ciphers/des/des_crypt.man | 508 - linux/crypto/ciphers/des/des_enc.c | 502 - linux/crypto/ciphers/des/des_locl.h | 515 - linux/crypto/ciphers/des/des_opts.c | 620 - linux/crypto/ciphers/des/des_ver.h | 60 - linux/crypto/ciphers/des/destest.c | 871 - linux/crypto/ciphers/des/dx86unix.S | 3160 --- linux/crypto/ciphers/des/ecb_enc.c | 128 - linux/crypto/ciphers/des/fcrypt.c | 152 - linux/crypto/ciphers/des/fcrypt_b.c | 148 - linux/crypto/ciphers/des/options.txt | 39 - linux/crypto/ciphers/des/podd.h | 75 - linux/crypto/ciphers/des/set_key.c | 246 - linux/crypto/ciphers/des/sk.h | 204 - linux/crypto/ciphers/des/speed.c | 329 - linux/crypto/ciphers/des/spr.h | 204 - linux/include/crypto/des.h | 308 - linux/include/freeswan.h | 477 - linux/include/freeswan/ipcomp.h | 61 - linux/include/freeswan/ipsec_ah.h | 235 - linux/include/freeswan/ipsec_alg.h | 254 - linux/include/freeswan/ipsec_encap.h | 143 - linux/include/freeswan/ipsec_eroute.h | 103 - linux/include/freeswan/ipsec_errs.h | 53 - linux/include/freeswan/ipsec_esp.h | 220 - linux/include/freeswan/ipsec_ipe4.h | 68 - linux/include/freeswan/ipsec_kversion.h | 227 - linux/include/freeswan/ipsec_life.h | 112 - linux/include/freeswan/ipsec_md5h.h | 140 - linux/include/freeswan/ipsec_param.h | 226 - linux/include/freeswan/ipsec_policy.h | 225 - linux/include/freeswan/ipsec_proto.h | 111 - linux/include/freeswan/ipsec_radij.h | 63 - linux/include/freeswan/ipsec_rcv.h | 196 - linux/include/freeswan/ipsec_sa.h | 338 - linux/include/freeswan/ipsec_sha1.h | 79 - linux/include/freeswan/ipsec_stats.h | 38 - linux/include/freeswan/ipsec_tunnel.h | 265 - linux/include/freeswan/ipsec_xform.h | 274 - linux/include/freeswan/ipsec_xmit.h | 140 - linux/include/freeswan/radij.h | 280 - linux/include/mast.h | 33 - linux/include/pfkey.h | 498 - linux/include/pfkeyv2.h | 385 - linux/include/zlib/zlib.h | 893 - linux/include/zlib/zutil.h | 225 - linux/lib/libfreeswan/Makefile.objs | 18 - linux/lib/libfreeswan/addrtoa.c | 68 - linux/lib/libfreeswan/addrtot.c | 302 - linux/lib/libfreeswan/addrtypeof.c | 94 - linux/lib/libfreeswan/anyaddr.3 | 87 - linux/lib/libfreeswan/anyaddr.c | 146 - linux/lib/libfreeswan/atoaddr.3 | 294 - linux/lib/libfreeswan/atoaddr.c | 238 - linux/lib/libfreeswan/atoasr.3 | 186 - linux/lib/libfreeswan/atoasr.c | 212 - linux/lib/libfreeswan/atosa.3 | 218 - linux/lib/libfreeswan/atosa.c | 200 - linux/lib/libfreeswan/atosubnet.c | 216 - linux/lib/libfreeswan/atoul.3 | 161 - linux/lib/libfreeswan/atoul.c | 90 - linux/lib/libfreeswan/copyright.c | 56 - linux/lib/libfreeswan/datatot.c | 233 - linux/lib/libfreeswan/goodmask.3 | 57 - linux/lib/libfreeswan/goodmask.c | 97 - linux/lib/libfreeswan/initaddr.3 | 129 - linux/lib/libfreeswan/initaddr.c | 51 - linux/lib/libfreeswan/initsaid.c | 33 - linux/lib/libfreeswan/initsubnet.3 | 137 - linux/lib/libfreeswan/initsubnet.c | 95 - linux/lib/libfreeswan/internal.h | 81 - linux/lib/libfreeswan/keyblobtoid.3 | 103 - linux/lib/libfreeswan/keyblobtoid.c | 148 - linux/lib/libfreeswan/optionsfrom.3 | 182 - linux/lib/libfreeswan/optionsfrom.c | 301 - linux/lib/libfreeswan/pfkey_v2_build.c | 1438 -- linux/lib/libfreeswan/pfkey_v2_debug.c | 179 - linux/lib/libfreeswan/pfkey_v2_ext_bits.c | 803 - linux/lib/libfreeswan/pfkey_v2_parse.c | 1832 -- linux/lib/libfreeswan/portof.3 | 70 - linux/lib/libfreeswan/portof.c | 96 - linux/lib/libfreeswan/prng.3 | 121 - linux/lib/libfreeswan/prng.c | 202 - linux/lib/libfreeswan/rangetoa.c | 61 - linux/lib/libfreeswan/rangetosubnet.3 | 59 - linux/lib/libfreeswan/rangetosubnet.c | 226 - linux/lib/libfreeswan/sameaddr.3 | 165 - linux/lib/libfreeswan/sameaddr.c | 190 - linux/lib/libfreeswan/satoa.c | 102 - linux/lib/libfreeswan/satot.c | 132 - linux/lib/libfreeswan/subnetof.3 | 47 - linux/lib/libfreeswan/subnetof.c | 60 - linux/lib/libfreeswan/subnettoa.c | 62 - linux/lib/libfreeswan/subnettot.c | 56 - linux/lib/libfreeswan/subnettypeof.c | 109 - linux/lib/libfreeswan/ttoaddr.3 | 377 - linux/lib/libfreeswan/ttoaddr.c | 426 - linux/lib/libfreeswan/ttodata.3 | 281 - linux/lib/libfreeswan/ttodata.c | 722 - linux/lib/libfreeswan/ttoprotoport.c | 103 - linux/lib/libfreeswan/ttosa.3 | 288 - linux/lib/libfreeswan/ttosa.c | 280 - linux/lib/libfreeswan/ttosubnet.c | 296 - linux/lib/libfreeswan/ttoul.3 | 192 - linux/lib/libfreeswan/ttoul.c | 91 - linux/lib/libfreeswan/ultoa.c | 67 - linux/lib/libfreeswan/ultot.c | 83 - linux/lib/libfreeswan/version.3 | 44 - linux/lib/libfreeswan/version.in.c | 44 - linux/lib/zlib/Makefile | 121 - linux/lib/zlib/Makefile.objs | 27 - linux/lib/zlib/README | 147 - linux/lib/zlib/README.freeswan | 13 - linux/lib/zlib/adler32.c | 49 - linux/lib/zlib/deflate.c | 1351 -- linux/lib/zlib/deflate.h | 318 - linux/lib/zlib/infblock.c | 403 - linux/lib/zlib/infblock.h | 39 - linux/lib/zlib/infcodes.c | 251 - linux/lib/zlib/infcodes.h | 31 - linux/lib/zlib/inffast.c | 183 - linux/lib/zlib/inffast.h | 22 - linux/lib/zlib/inffixed.h | 151 - linux/lib/zlib/inflate.c | 368 - linux/lib/zlib/inftrees.c | 454 - linux/lib/zlib/inftrees.h | 63 - linux/lib/zlib/infutil.c | 87 - linux/lib/zlib/infutil.h | 98 - linux/lib/zlib/match586.S | 357 - linux/lib/zlib/match686.S | 330 - linux/lib/zlib/trees.c | 1214 - linux/lib/zlib/trees.h | 128 - linux/lib/zlib/zconf.h | 309 - linux/lib/zlib/zutil.c | 227 - linux/net/Config.in.fs2_0.patch | 12 - linux/net/Config.in.fs2_2.patch | 12 - linux/net/Config.in.fs2_4.patch | 13 - linux/net/Makefile.fs2_0.patch | 20 - linux/net/Makefile.fs2_2.patch | 20 - linux/net/Makefile.fs2_4.ipsec_alg.patch | 10 - linux/net/Makefile.fs2_4.patch | 11 - linux/net/include.net.sock.h.fs2_2.patch | 25 - linux/net/include.net.sock.h.fs2_4.patch | 27 - linux/net/ipsec/.cvsignore | 47 - linux/net/ipsec/Config.in | 41 - linux/net/ipsec/Makefile | 529 - linux/net/ipsec/Makefile.algtest | 125 - linux/net/ipsec/alg/Config.alg_aes.in | 3 - linux/net/ipsec/alg/Config.alg_blowfish.in | 3 - linux/net/ipsec/alg/Config.alg_cryptoapi.in | 3 - linux/net/ipsec/alg/Config.alg_serpent.in | 3 - linux/net/ipsec/alg/Config.alg_sha2.in | 3 - linux/net/ipsec/alg/Config.alg_twofish.in | 3 - linux/net/ipsec/alg/Config.in | 7 - linux/net/ipsec/alg/Makefile | 112 - linux/net/ipsec/alg/Makefile.alg_aes | 23 - linux/net/ipsec/alg/Makefile.alg_blowfish | 23 - linux/net/ipsec/alg/Makefile.alg_cryptoapi | 14 - linux/net/ipsec/alg/Makefile.alg_serpent | 21 - linux/net/ipsec/alg/Makefile.alg_sha2 | 22 - linux/net/ipsec/alg/Makefile.alg_twofish | 21 - linux/net/ipsec/alg/ipsec_alg_aes.c | 253 - linux/net/ipsec/alg/ipsec_alg_blowfish.c | 142 - linux/net/ipsec/alg/ipsec_alg_cryptoapi.c | 421 - linux/net/ipsec/alg/ipsec_alg_serpent.c | 139 - linux/net/ipsec/alg/ipsec_alg_sha2.c | 185 - linux/net/ipsec/alg/ipsec_alg_twofish.c | 138 - linux/net/ipsec/alg/scripts/mk-static_init.c.sh | 18 - linux/net/ipsec/defconfig | 140 - linux/net/ipsec/ipcomp.c | 725 - linux/net/ipsec/ipsec_alg.c | 927 - linux/net/ipsec/ipsec_init.c | 755 - linux/net/ipsec/ipsec_life.c | 210 - linux/net/ipsec/ipsec_mast.c | 1064 - linux/net/ipsec/ipsec_md5c.c | 448 - linux/net/ipsec/ipsec_proc.c | 1003 - linux/net/ipsec/ipsec_radij.c | 550 - linux/net/ipsec/ipsec_rcv.c | 2204 -- linux/net/ipsec/ipsec_sa.c | 1031 - linux/net/ipsec/ipsec_sha1.c | 219 - linux/net/ipsec/ipsec_tunnel.c | 1671 -- linux/net/ipsec/ipsec_xform.c | 73 - linux/net/ipsec/ipsec_xmit.c | 1782 -- linux/net/ipsec/pfkey_v2.c | 2125 -- linux/net/ipsec/pfkey_v2_ext_process.c | 851 - linux/net/ipsec/pfkey_v2_parser.c | 3420 --- linux/net/ipsec/radij.c | 992 - linux/net/ipsec/sysctl_net_ipsec.c | 196 - linux/net/ipsec/tagsfile.mak | 6 - linux/net/ipv4/af_inet.c.fs2_0.patch | 21 - linux/net/ipv4/af_inet.c.fs2_2.patch | 21 - linux/net/ipv4/af_inet.c.fs2_4.patch | 21 - linux/net/ipv4/udp.c.fs2_2.patch | 108 - linux/net/ipv4/udp.c.fs2_4.patch | 107 - ltmain.sh | 6971 ++++++ missing | 360 + packaging/ipkg/conffiles | 1 - packaging/ipkg/control-freeswan-module.dist | 8 - packaging/ipkg/control-freeswan.dist | 8 - packaging/ipkg/debian-binary | 1 - packaging/ipkg/generate-ipkg | 43 - packaging/linus/config-all.h | 62 - packaging/makefiles/module.make | 5 - packaging/redhat/.cvsignore | 12 - packaging/redhat/Makefile | 100 - packaging/redhat/config-athlon-smp.h | 79 - packaging/redhat/config-athlon.h | 79 - packaging/redhat/config-i386-smp.h | 79 - packaging/redhat/config-i386.h | 79 - packaging/redhat/config-i586-smp.h | 79 - packaging/redhat/config-i586-up.h | 79 - packaging/redhat/config-i586.h | 79 - packaging/redhat/config-i686-bigmem.h | 78 - packaging/redhat/config-i686-smp.h | 79 - packaging/redhat/config-i686.h | 79 - packaging/redhat/freeswan.spec | 176 - packaging/redhat/kernel-list.txt | 9 - packaging/redhat/rpm.in | 149 - packaging/utils/backup | 80 - packaging/utils/branch | 70 - packaging/utils/canrel | 55 - packaging/utils/disttools.pl | 357 - packaging/utils/errcheck | 40 - packaging/utils/kernel.patch.gen.sh | 52 - packaging/utils/kerneldiff | 35 - packaging/utils/kernelpatch | 55 - packaging/utils/kernelversion | 10 - packaging/utils/kernelversion-short | 8 - packaging/utils/manlink | 74 - packaging/utils/maysnap | 41 - packaging/utils/maytest | 42 - packaging/utils/mkcand | 126 - packaging/utils/mkrel | 95 - packaging/utils/mksnap | 114 - packaging/utils/mvcand | 62 - packaging/utils/mvrel | 65 - packaging/utils/patcher | 188 - packaging/utils/prepcand | 33 - packaging/utils/recan | 17 - packaging/utils/setup | 9 - packaging/utils/sshenv | 4 - packaging/utils/tattle | 33 - packaging/utils/wantsnap | 3 - packaging/utils/wanttest | 10 - programs/Makefile | 46 - programs/Makefile.program | 154 - programs/_confread/.cvsignore | 7 - programs/_confread/Makefile | 27 - programs/_confread/README.conf.V2 | 103 - programs/_confread/_confread.8 | 28 - programs/_confread/_confread.in | 520 - programs/_confread/block.in | 8 - programs/_confread/clear-or-private.in | 8 - programs/_confread/clear.in | 7 - programs/_confread/ipsec.conf.5 | 1286 - programs/_confread/ipsec.conf.in | 44 - programs/_confread/private-or-clear.in | 14 - programs/_confread/private.in | 6 - programs/_confread/randomize | 28 - programs/_copyright/.cvsignore | 1 - programs/_copyright/Makefile | 44 - programs/_copyright/_copyright.8 | 32 - programs/_copyright/_copyright.c | 69 - programs/_include/.cvsignore | 1 - programs/_include/Makefile | 43 - programs/_include/_include.8 | 35 - programs/_include/_include.in | 102 - programs/_keycensor/.cvsignore | 1 - programs/_keycensor/Makefile | 43 - programs/_keycensor/_keycensor.8 | 33 - programs/_keycensor/_keycensor.in | 52 - programs/_plutoload/.cvsignore | 1 - programs/_plutoload/Makefile | 43 - programs/_plutoload/_plutoload.8 | 33 - programs/_plutoload/_plutoload.in | 164 - programs/_plutorun/.cvsignore | 1 - programs/_plutorun/Makefile | 43 - programs/_plutorun/_plutorun.8 | 37 - programs/_plutorun/_plutorun.in | 281 - programs/_realsetup/.cvsignore | 1 - programs/_realsetup/Makefile | 43 - programs/_realsetup/_realsetup.8 | 36 - programs/_realsetup/_realsetup.in | 456 - programs/_secretcensor/.cvsignore | 1 - programs/_secretcensor/Makefile | 43 - programs/_secretcensor/_secretcensor.8 | 34 - programs/_secretcensor/_secretcensor.in | 75 - programs/_startklips/.cvsignore | 1 - programs/_startklips/Makefile | 43 - programs/_startklips/_startklips.8 | 33 - programs/_startklips/_startklips.in | 367 - programs/_updown/.cvsignore | 2 - programs/_updown/Makefile | 22 - programs/_updown/_updown.8 | 19 - programs/_updown/_updown.in | 503 - programs/_updown_espmark/Makefile | 22 - programs/_updown_espmark/_updown_espmark.8 | 18 - programs/_updown_espmark/_updown_espmark.in | 452 - programs/auto/.cvsignore | 1 - programs/auto/Makefile | 21 - programs/auto/auto.8 | 481 - programs/auto/auto.in | 660 - programs/barf/.cvsignore | 1 - programs/barf/Makefile | 38 - programs/barf/barf.8 | 84 - programs/barf/barf.in | 296 - programs/calcgoo/.cvsignore | 1 - programs/calcgoo/Makefile | 41 - programs/calcgoo/calcgoo.8 | 31 - programs/calcgoo/calcgoo.in | 43 - programs/eroute/.cvsignore | 1 - programs/eroute/Makefile | 52 - programs/eroute/eroute.5 | 272 - programs/eroute/eroute.8 | 354 - programs/eroute/eroute.c | 1044 - programs/examples/Makefile | 22 - programs/examples/oe.conf.in | 68 - programs/ikeping/.cvsignore | 1 - programs/ikeping/Makefile | 57 - programs/ikeping/ikeping.8 | 71 - programs/ikeping/ikeping.c | 483 - programs/ipsec/.cvsignore | 1 - programs/ipsec/Makefile | 28 - programs/ipsec/distro.txt | 1 - programs/ipsec/ipsec.8 | 336 - programs/ipsec/ipsec.in | 259 - programs/klipsdebug/.cvsignore | 1 - programs/klipsdebug/Makefile | 80 - programs/klipsdebug/klipsdebug.5 | 138 - programs/klipsdebug/klipsdebug.8 | 164 - programs/klipsdebug/klipsdebug.c | 436 - programs/look/.cvsignore | 1 - programs/look/Makefile | 38 - programs/look/look.8 | 45 - programs/look/look.in | 87 - programs/lwdnsq/.cvsignore | 4 - programs/lwdnsq/CONTRACT.txt | 106 - programs/lwdnsq/Makefile | 96 - programs/lwdnsq/cmds.c | 351 - programs/lwdnsq/lookup.c | 632 - programs/lwdnsq/lwdnsq.8 | 250 - programs/lwdnsq/lwdnsq.c | 506 - programs/lwdnsq/lwdnsq.h | 121 - programs/lwdnsq/lwdnsq.xml.in | 446 - programs/lwdnsq/states.fig | 66 - programs/lwdnsq/states.png | Bin 6756 -> 0 bytes programs/mailkey/.cvsignore | 1 - programs/mailkey/Makefile | 41 - programs/mailkey/mailkey.8 | 47 - programs/mailkey/mailkey.in | 241 - programs/manual/.cvsignore | 1 - programs/manual/Makefile | 38 - programs/manual/manual.8 | 267 - programs/manual/manual.in | 637 - programs/openac/Makefile | 162 - programs/openac/build.c | 242 - programs/openac/build.h | 47 - programs/openac/loglite.c | 295 - programs/openac/openac.8 | 180 - programs/openac/openac.c | 438 - programs/pf_key/.cvsignore | 1 - programs/pf_key/Makefile | 49 - programs/pf_key/pf_key.5 | 122 - programs/pf_key/pf_key.8 | 73 - programs/pf_key/pf_key.c | 353 - programs/pluto/.cvsignore | 3 - programs/pluto/Makefile | 1090 - programs/pluto/PLUTO-CONVENTIONS | 127 - programs/pluto/TODO | 129 - programs/pluto/ac.c | 1018 - programs/pluto/ac.h | 103 - programs/pluto/adns.c | 615 - programs/pluto/adns.h | 75 - programs/pluto/alg/Config.ike_alg | 9 - programs/pluto/alg/Makefile | 93 - programs/pluto/alg/Makefile.ike_alg_aes | 14 - programs/pluto/alg/Makefile.ike_alg_blowfish | 13 - programs/pluto/alg/Makefile.ike_alg_serpent | 13 - programs/pluto/alg/Makefile.ike_alg_sha2 | 13 - programs/pluto/alg/Makefile.ike_alg_twofish | 13 - programs/pluto/alg/ike_alg_aes.c | 68 - programs/pluto/alg/ike_alg_blowfish.c | 52 - programs/pluto/alg/ike_alg_serpent.c | 70 - programs/pluto/alg/ike_alg_sha2.c | 634 - programs/pluto/alg/ike_alg_twofish.c | 85 - programs/pluto/alg_info.c | 1205 - programs/pluto/alg_info.h | 85 - programs/pluto/asn1.c | 770 - programs/pluto/asn1.h | 141 - programs/pluto/ca.c | 694 - programs/pluto/ca.h | 70 - programs/pluto/certs.c | 287 - programs/pluto/certs.h | 80 - programs/pluto/connections.c | 4457 ---- programs/pluto/connections.h | 376 - programs/pluto/constants.c | 1356 -- programs/pluto/constants.h | 1264 - programs/pluto/cookie.c | 67 - programs/pluto/cookie.h | 24 - programs/pluto/crl.c | 763 - programs/pluto/crl.h | 87 - programs/pluto/crypto.c | 627 - programs/pluto/crypto.h | 108 - programs/pluto/db_ops.c | 439 - programs/pluto/db_ops.h | 56 - programs/pluto/defs.c | 374 - programs/pluto/defs.h | 145 - programs/pluto/demux.c | 2526 -- programs/pluto/demux.h | 100 - programs/pluto/dnskey.c | 1962 -- programs/pluto/dnskey.h | 84 - programs/pluto/dsa.c | 476 - programs/pluto/dsa.h | 32 - programs/pluto/elgamal.c | 613 - programs/pluto/elgamal.h | 35 - programs/pluto/fetch.c | 1081 - programs/pluto/fetch.h | 79 - programs/pluto/foodgroups.c | 462 - programs/pluto/foodgroups.h | 24 - programs/pluto/gcryptfix.c | 283 - programs/pluto/gcryptfix.h | 111 - programs/pluto/id.c | 509 - programs/pluto/id.h | 67 - programs/pluto/ike_alg.c | 592 - programs/pluto/ike_alg.h | 94 - programs/pluto/ipsec.secrets.5 | 175 - programs/pluto/ipsec_doi.c | 5696 ----- programs/pluto/ipsec_doi.h | 104 - programs/pluto/kameipsec.h | 47 - programs/pluto/kernel.c | 2999 --- programs/pluto/kernel.h | 200 - programs/pluto/kernel_alg.c | 775 - programs/pluto/kernel_alg.h | 46 - programs/pluto/kernel_netlink.c | 1221 - programs/pluto/kernel_netlink.h | 20 - programs/pluto/kernel_noklips.c | 126 - programs/pluto/kernel_noklips.h | 19 - programs/pluto/kernel_pfkey.c | 938 - programs/pluto/kernel_pfkey.h | 23 - programs/pluto/keys.c | 1516 -- programs/pluto/keys.h | 114 - programs/pluto/lex.c | 213 - programs/pluto/lex.h | 52 - programs/pluto/linux26/netlink.h | 90 - programs/pluto/linux26/rtnetlink.h | 562 - programs/pluto/linux26/xfrm.h | 233 - programs/pluto/log.c | 841 - programs/pluto/log.h | 236 - programs/pluto/md2.c | 237 - programs/pluto/md2.h | 72 - programs/pluto/md5.c | 385 - programs/pluto/md5.h | 75 - programs/pluto/modecfg.c | 1078 - programs/pluto/modecfg.h | 47 - programs/pluto/mp_defs.c | 70 - programs/pluto/mp_defs.h | 36 - programs/pluto/nat_traversal.c | 869 - programs/pluto/nat_traversal.h | 154 - programs/pluto/ocsp.c | 1568 -- programs/pluto/ocsp.h | 85 - programs/pluto/oid.c | 197 - programs/pluto/oid.h | 78 - programs/pluto/oid.pl | 123 - programs/pluto/oid.txt | 184 - programs/pluto/packet.c | 1244 - programs/pluto/packet.h | 655 - programs/pluto/pem.c | 463 - programs/pluto/pem.h | 18 - programs/pluto/pgp.c | 647 - programs/pluto/pgp.h | 54 - programs/pluto/pkcs1.c | 674 - programs/pluto/pkcs1.h | 88 - programs/pluto/pkcs7.c | 862 - programs/pluto/pkcs7.h | 51 - programs/pluto/pluto-style.el | 4 - programs/pluto/pluto.8 | 1649 -- programs/pluto/plutomain.c | 684 - programs/pluto/primegen.c | 593 - programs/pluto/rcv_whack.c | 689 - programs/pluto/rcv_whack.h | 17 - programs/pluto/rnd.c | 250 - programs/pluto/rnd.h | 21 - programs/pluto/routing.txt | 331 - programs/pluto/rsaref/pkcs11.h | 299 - programs/pluto/rsaref/pkcs11f.h | 912 - programs/pluto/rsaref/pkcs11t.h | 1685 -- programs/pluto/rsaref/unix.h | 24 - programs/pluto/server.c | 1001 - programs/pluto/server.h | 60 - programs/pluto/sha1.c | 193 - programs/pluto/sha1.h | 16 - programs/pluto/smallprime.c | 122 - programs/pluto/smartcard.c | 1956 -- programs/pluto/smartcard.h | 100 - programs/pluto/spdb.c | 2329 -- programs/pluto/spdb.h | 112 - programs/pluto/state.c | 1012 - programs/pluto/state.h | 275 - programs/pluto/timer.c | 537 - programs/pluto/timer.h | 34 - programs/pluto/vendor.c | 521 - programs/pluto/vendor.h | 125 - programs/pluto/virtual.c | 338 - programs/pluto/virtual.h | 31 - programs/pluto/whack.c | 1911 -- programs/pluto/whack.h | 319 - programs/pluto/x509.c | 2241 -- programs/pluto/x509.h | 138 - programs/pluto/xauth.c | 77 - programs/pluto/xauth.h | 41 - programs/proc/Makefile | 51 - programs/proc/trap_count.5 | 35 - programs/proc/trap_sendcount.5 | 33 - programs/proc/version.5 | 54 - programs/ranbits/.cvsignore | 1 - programs/ranbits/Makefile | 39 - programs/ranbits/ranbits.8 | 77 - programs/ranbits/ranbits.c | 146 - programs/rsasigkey/.cvsignore | 1 - programs/rsasigkey/Makefile | 39 - programs/rsasigkey/rsasigkey.8 | 259 - programs/rsasigkey/rsasigkey.c | 573 - programs/scepclient/Makefile | 192 - programs/scepclient/pkcs10.c | 220 - programs/scepclient/pkcs10.h | 57 - programs/scepclient/rsakey.c | 349 - programs/scepclient/rsakey.h | 31 - programs/scepclient/scep.c | 598 - programs/scepclient/scep.h | 93 - programs/scepclient/scepclient.8 | 288 - programs/scepclient/scepclient.c | 1036 - programs/secrets/Makefile | 38 - programs/secrets/secrets.8 | 20 - programs/secrets/secrets.in | 18 - programs/send-pr/.cvsignore | 1 - programs/send-pr/Makefile | 39 - programs/send-pr/ipsec_pr.template | 54 - programs/send-pr/send-pr.8 | 291 - programs/send-pr/send-pr.in | 643 - programs/setup/.cvsignore | 1 - programs/setup/Makefile | 22 - programs/setup/setup.8 | 142 - programs/setup/setup.in | 162 - programs/showdefaults/.cvsignore | 1 - programs/showdefaults/Makefile | 38 - programs/showdefaults/showdefaults.8 | 34 - programs/showdefaults/showdefaults.in | 33 - programs/showhostkey/.cvsignore | 1 - programs/showhostkey/Makefile | 38 - programs/showhostkey/showhostkey.8 | 168 - programs/showhostkey/showhostkey.in | 180 - programs/showpolicy/.cvsignore | 1 - programs/showpolicy/Makefile | 38 - programs/showpolicy/showpolicy.8 | 41 - programs/showpolicy/showpolicy.c | 251 - programs/spi/.cvsignore | 1 - programs/spi/Makefile | 69 - programs/spi/spi.5 | 213 - programs/spi/spi.8 | 525 - programs/spi/spi.c | 1689 -- programs/spigrp/.cvsignore | 1 - programs/spigrp/Makefile | 52 - programs/spigrp/spigrp.5 | 116 - programs/spigrp/spigrp.8 | 174 - programs/spigrp/spigrp.c | 491 - programs/starter/Makefile | 182 - programs/starter/README | 104 - programs/starter/args.c | 623 - programs/starter/args.h | 34 - programs/starter/cmp.c | 105 - programs/starter/cmp.h | 29 - programs/starter/confread.c | 908 - programs/starter/confread.h | 200 - programs/starter/exec.c | 54 - programs/starter/exec.h | 23 - programs/starter/files.h | 47 - programs/starter/interfaces.c | 582 - programs/starter/interfaces.h | 41 - programs/starter/invokepluto.c | 286 - programs/starter/invokepluto.h | 28 - programs/starter/keywords.c | 246 - programs/starter/keywords.h | 169 - programs/starter/keywords.txt | 109 - programs/starter/klips.c | 134 - programs/starter/klips.h | 26 - programs/starter/lex.yy.c | 1966 -- programs/starter/netkey.c | 85 - programs/starter/netkey.h | 24 - programs/starter/parser.h | 57 - programs/starter/parser.l | 190 - programs/starter/parser.output | 351 - programs/starter/parser.tab.c | 1832 -- programs/starter/parser.tab.h | 82 - programs/starter/parser.y | 283 - programs/starter/starter.8 | 0 programs/starter/starter.c | 571 - programs/starter/starterwhack.c | 372 - programs/starter/starterwhack.h | 32 - programs/tncfg/.cvsignore | 1 - programs/tncfg/Makefile | 52 - programs/tncfg/tncfg.5 | 109 - programs/tncfg/tncfg.8 | 113 - programs/tncfg/tncfg.c | 393 - src/Makefile.am | 1 + src/Makefile.in | 497 + src/_copyright/Makefile.am | 6 + src/_copyright/Makefile.in | 529 + src/_copyright/_copyright.8 | 32 + src/_copyright/_copyright.c | 69 + src/_updown/Makefile.am | 3 + src/_updown/Makefile.in | 421 + src/_updown/_updown | 503 + src/_updown/_updown.8 | 19 + src/_updown_espmark/Makefile.am | 2 + src/_updown_espmark/Makefile.in | 421 + src/_updown_espmark/_updown_espmark | 452 + src/_updown_espmark/_updown_espmark.8 | 18 + src/charon/Makefile.am | 87 + src/charon/Makefile.in | 1878 ++ src/charon/bus/bus.c | 397 + src/charon/bus/bus.h | 366 + src/charon/bus/listeners/file_logger.c | 128 + src/charon/bus/listeners/file_logger.h | 73 + src/charon/bus/listeners/sys_logger.c | 131 + src/charon/bus/listeners/sys_logger.h | 75 + src/charon/config/configuration.c | 162 + src/charon/config/configuration.h | 102 + src/charon/config/connections/connection.c | 404 + src/charon/config/connections/connection.h | 292 + src/charon/config/connections/connection_store.h | 118 + .../config/connections/local_connection_store.c | 237 + .../config/connections/local_connection_store.h | 62 + .../config/credentials/local_credential_store.c | 1363 ++ .../config/credentials/local_credential_store.h | 64 + src/charon/config/policies/local_policy_store.c | 282 + src/charon/config/policies/local_policy_store.h | 60 + src/charon/config/policies/policy.c | 635 + src/charon/config/policies/policy.h | 413 + src/charon/config/policies/policy_store.h | 119 + src/charon/config/proposal.c | 641 + src/charon/config/proposal.h | 266 + src/charon/config/traffic_selector.c | 795 + src/charon/config/traffic_selector.h | 312 + src/charon/daemon.c | 529 + src/charon/daemon.h | 403 + src/charon/encoding/generator.c | 1063 + src/charon/encoding/generator.h | 102 + src/charon/encoding/message.c | 1316 ++ src/charon/encoding/message.h | 390 + src/charon/encoding/parser.c | 1048 + src/charon/encoding/parser.h | 95 + src/charon/encoding/payloads/auth_payload.c | 265 + src/charon/encoding/payloads/auth_payload.h | 121 + src/charon/encoding/payloads/cert_payload.c | 290 + src/charon/encoding/payloads/cert_payload.h | 166 + src/charon/encoding/payloads/certreq_payload.c | 335 + src/charon/encoding/payloads/certreq_payload.h | 144 + .../encoding/payloads/configuration_attribute.c | 313 + .../encoding/payloads/configuration_attribute.h | 147 + src/charon/encoding/payloads/cp_payload.c | 277 + src/charon/encoding/payloads/cp_payload.h | 132 + src/charon/encoding/payloads/delete_payload.c | 299 + src/charon/encoding/payloads/delete_payload.h | 102 + src/charon/encoding/payloads/eap_payload.c | 331 + src/charon/encoding/payloads/eap_payload.h | 149 + src/charon/encoding/payloads/encodings.c | 66 + src/charon/encoding/payloads/encodings.h | 537 + src/charon/encoding/payloads/encryption_payload.c | 646 + src/charon/encoding/payloads/encryption_payload.h | 197 + src/charon/encoding/payloads/id_payload.c | 323 + src/charon/encoding/payloads/id_payload.h | 172 + src/charon/encoding/payloads/ike_header.c | 406 + src/charon/encoding/payloads/ike_header.h | 260 + src/charon/encoding/payloads/ke_payload.c | 277 + src/charon/encoding/payloads/ke_payload.h | 121 + src/charon/encoding/payloads/nonce_payload.c | 232 + src/charon/encoding/payloads/nonce_payload.h | 99 + src/charon/encoding/payloads/notify_payload.c | 481 + src/charon/encoding/payloads/notify_payload.h | 224 + src/charon/encoding/payloads/payload.c | 161 + src/charon/encoding/payloads/payload.h | 282 + .../encoding/payloads/proposal_substructure.c | 603 + .../encoding/payloads/proposal_substructure.h | 206 + src/charon/encoding/payloads/sa_payload.c | 375 + src/charon/encoding/payloads/sa_payload.h | 141 + .../payloads/traffic_selector_substructure.c | 283 + .../payloads/traffic_selector_substructure.h | 172 + src/charon/encoding/payloads/transform_attribute.c | 332 + src/charon/encoding/payloads/transform_attribute.h | 154 + .../encoding/payloads/transform_substructure.c | 409 + .../encoding/payloads/transform_substructure.h | 198 + src/charon/encoding/payloads/ts_payload.c | 341 + src/charon/encoding/payloads/ts_payload.h | 153 + src/charon/encoding/payloads/unknown_payload.c | 208 + src/charon/encoding/payloads/unknown_payload.h | 95 + src/charon/encoding/payloads/vendor_id_payload.c | 228 + src/charon/encoding/payloads/vendor_id_payload.h | 104 + src/charon/network/packet.c | 168 + src/charon/network/packet.h | 134 + src/charon/network/socket.c | 755 + src/charon/network/socket.h | 112 + src/charon/queues/event_queue.c | 290 + src/charon/queues/event_queue.h | 118 + src/charon/queues/job_queue.c | 139 + src/charon/queues/job_queue.h | 100 + src/charon/queues/jobs/acquire_job.c | 98 + src/charon/queues/jobs/acquire_job.h | 60 + src/charon/queues/jobs/delete_child_sa_job.c | 113 + src/charon/queues/jobs/delete_child_sa_job.h | 68 + src/charon/queues/jobs/delete_ike_sa_job.c | 126 + src/charon/queues/jobs/delete_ike_sa_job.h | 66 + src/charon/queues/jobs/initiate_job.c | 112 + src/charon/queues/jobs/initiate_job.h | 61 + src/charon/queues/jobs/job.c | 39 + src/charon/queues/jobs/job.h | 165 + src/charon/queues/jobs/process_message_job.c | 106 + src/charon/queues/jobs/process_message_job.h | 58 + src/charon/queues/jobs/rekey_child_sa_job.c | 112 + src/charon/queues/jobs/rekey_child_sa_job.h | 65 + src/charon/queues/jobs/rekey_ike_sa_job.c | 120 + src/charon/queues/jobs/rekey_ike_sa_job.h | 60 + src/charon/queues/jobs/retransmit_job.c | 109 + src/charon/queues/jobs/retransmit_job.h | 64 + src/charon/queues/jobs/route_job.c | 125 + src/charon/queues/jobs/route_job.h | 59 + src/charon/queues/jobs/send_dpd_job.c | 110 + src/charon/queues/jobs/send_dpd_job.h | 68 + src/charon/queues/jobs/send_keepalive_job.c | 103 + src/charon/queues/jobs/send_keepalive_job.h | 67 + src/charon/sa/authenticators/authenticator.c | 56 + src/charon/sa/authenticators/authenticator.h | 139 + src/charon/sa/authenticators/eap/eap_identity.c | 135 + src/charon/sa/authenticators/eap/eap_identity.h | 59 + src/charon/sa/authenticators/eap/eap_method.c | 245 + src/charon/sa/authenticators/eap/eap_method.h | 242 + src/charon/sa/authenticators/eap/eap_sim.c | 703 + src/charon/sa/authenticators/eap/eap_sim.h | 141 + src/charon/sa/authenticators/eap_authenticator.c | 360 + src/charon/sa/authenticators/eap_authenticator.h | 156 + src/charon/sa/authenticators/psk_authenticator.c | 204 + src/charon/sa/authenticators/psk_authenticator.h | 57 + src/charon/sa/authenticators/rsa_authenticator.c | 180 + src/charon/sa/authenticators/rsa_authenticator.h | 57 + src/charon/sa/child_sa.c | 1130 + src/charon/sa/child_sa.h | 298 + src/charon/sa/ike_sa.c | 2032 ++ src/charon/sa/ike_sa.h | 649 + src/charon/sa/ike_sa_id.c | 215 + src/charon/sa/ike_sa_id.h | 147 + src/charon/sa/ike_sa_manager.c | 914 + src/charon/sa/ike_sa_manager.h | 231 + src/charon/sa/task_manager.c | 854 + src/charon/sa/task_manager.h | 144 + src/charon/sa/tasks/child_create.c | 804 + src/charon/sa/tasks/child_create.h | 88 + src/charon/sa/tasks/child_delete.c | 292 + src/charon/sa/tasks/child_delete.h | 66 + src/charon/sa/tasks/child_rekey.c | 346 + src/charon/sa/tasks/child_rekey.h | 70 + src/charon/sa/tasks/ike_auth.c | 750 + src/charon/sa/tasks/ike_auth.h | 64 + src/charon/sa/tasks/ike_cert.c | 370 + src/charon/sa/tasks/ike_cert.h | 61 + src/charon/sa/tasks/ike_config.c | 428 + src/charon/sa/tasks/ike_config.h | 59 + src/charon/sa/tasks/ike_delete.c | 172 + src/charon/sa/tasks/ike_delete.h | 57 + src/charon/sa/tasks/ike_dpd.c | 106 + src/charon/sa/tasks/ike_dpd.h | 58 + src/charon/sa/tasks/ike_init.c | 598 + src/charon/sa/tasks/ike_init.h | 68 + src/charon/sa/tasks/ike_natd.c | 371 + src/charon/sa/tasks/ike_natd.h | 57 + src/charon/sa/tasks/ike_rekey.c | 329 + src/charon/sa/tasks/ike_rekey.h | 69 + src/charon/sa/tasks/task.c | 38 + src/charon/sa/tasks/task.h | 151 + src/charon/threads/kernel_interface.c | 1964 ++ src/charon/threads/kernel_interface.h | 331 + src/charon/threads/receiver.c | 372 + src/charon/threads/receiver.h | 81 + src/charon/threads/scheduler.c | 102 + src/charon/threads/scheduler.h | 68 + src/charon/threads/sender.c | 149 + src/charon/threads/sender.h | 74 + src/charon/threads/stroke_interface.c | 1456 ++ src/charon/threads/stroke_interface.h | 61 + src/charon/threads/thread_pool.c | 181 + src/charon/threads/thread_pool.h | 87 + src/ipsec/Makefile.am | 16 + src/ipsec/Makefile.in | 434 + src/ipsec/ipsec.8 | 342 + src/ipsec/ipsec.in | 294 + src/libcrypto/Makefile.am | 11 + src/libcrypto/Makefile.in | 761 + src/libcrypto/include/cbc_generic.h | 110 + src/libcrypto/include/hmac_generic.h | 60 + src/libcrypto/include/md32_common.h | 607 + src/libcrypto/libaes/aes.c | 1415 ++ src/libcrypto/libaes/aes.h | 97 + src/libcrypto/libaes/aes_cbc.c | 13 + src/libcrypto/libaes/aes_cbc.h | 4 + src/libcrypto/libaes/aes_xcbc_mac.c | 67 + src/libcrypto/libaes/aes_xcbc_mac.h | 12 + src/libcrypto/libblowfish/bf_enc.c | 306 + src/libcrypto/libblowfish/bf_locl.h | 218 + src/libcrypto/libblowfish/bf_pi.h | 325 + src/libcrypto/libblowfish/bf_skey.c | 122 + src/libcrypto/libblowfish/blowfish.h | 133 + src/libcrypto/libdes/cbc_enc.c | 135 + src/libcrypto/libdes/des.h | 308 + src/libcrypto/libdes/des_enc.c | 502 + src/libcrypto/libdes/des_locl.h | 515 + src/libcrypto/libdes/des_opts.c | 620 + src/libcrypto/libdes/des_ver.h | 60 + src/libcrypto/libdes/destest.c | 871 + src/libcrypto/libdes/ecb_enc.c | 128 + src/libcrypto/libdes/fcrypt.c | 152 + src/libcrypto/libdes/fcrypt_b.c | 148 + src/libcrypto/libdes/podd.h | 75 + src/libcrypto/libdes/set_key.c | 246 + src/libcrypto/libdes/sk.h | 204 + src/libcrypto/libdes/speed.c | 329 + src/libcrypto/libdes/spr.h | 204 + src/libcrypto/libserpent/serpent.c | 995 + src/libcrypto/libserpent/serpent.h | 17 + src/libcrypto/libserpent/serpent_cbc.c | 8 + src/libcrypto/libserpent/serpent_cbc.h | 3 + src/libcrypto/libsha2/hmac_sha2.c | 32 + src/libcrypto/libsha2/hmac_sha2.h | 17 + src/libcrypto/libsha2/sha2.c | 437 + src/libcrypto/libsha2/sha2.h | 52 + src/libcrypto/libtwofish/twofish.c | 861 + src/libcrypto/libtwofish/twofish.h | 20 + src/libcrypto/libtwofish/twofish_cbc.c | 8 + src/libcrypto/libtwofish/twofish_cbc.h | 3 + src/libfreeswan/Makefile.am | 19 + src/libfreeswan/Makefile.in | 574 + src/libfreeswan/addrtoa.c | 68 + src/libfreeswan/addrtot.c | 302 + src/libfreeswan/addrtypeof.c | 94 + src/libfreeswan/anyaddr.3 | 87 + src/libfreeswan/anyaddr.c | 146 + src/libfreeswan/atoaddr.3 | 294 + src/libfreeswan/atoaddr.c | 238 + src/libfreeswan/atoasr.3 | 186 + src/libfreeswan/atoasr.c | 212 + src/libfreeswan/atosa.3 | 218 + src/libfreeswan/atosa.c | 200 + src/libfreeswan/atosubnet.c | 216 + src/libfreeswan/atoul.3 | 161 + src/libfreeswan/atoul.c | 90 + src/libfreeswan/copyright.c | 56 + src/libfreeswan/datatot.c | 233 + src/libfreeswan/freeswan.h | 470 + src/libfreeswan/goodmask.3 | 57 + src/libfreeswan/goodmask.c | 97 + src/libfreeswan/initaddr.3 | 129 + src/libfreeswan/initaddr.c | 51 + src/libfreeswan/initsaid.c | 33 + src/libfreeswan/initsubnet.3 | 137 + src/libfreeswan/initsubnet.c | 95 + src/libfreeswan/internal.h | 81 + src/libfreeswan/ipcomp.h | 61 + src/libfreeswan/ipsec_ah.h | 235 + src/libfreeswan/ipsec_alg.h | 254 + src/libfreeswan/ipsec_encap.h | 143 + src/libfreeswan/ipsec_eroute.h | 103 + src/libfreeswan/ipsec_errs.h | 53 + src/libfreeswan/ipsec_esp.h | 220 + src/libfreeswan/ipsec_ipe4.h | 68 + src/libfreeswan/ipsec_kversion.h | 227 + src/libfreeswan/ipsec_life.h | 112 + src/libfreeswan/ipsec_md5h.h | 140 + src/libfreeswan/ipsec_param.h | 226 + src/libfreeswan/ipsec_policy.h | 225 + src/libfreeswan/ipsec_proto.h | 111 + src/libfreeswan/ipsec_radij.h | 63 + src/libfreeswan/ipsec_rcv.h | 196 + src/libfreeswan/ipsec_sa.h | 338 + src/libfreeswan/ipsec_sha1.h | 79 + src/libfreeswan/ipsec_stats.h | 38 + src/libfreeswan/ipsec_tunnel.h | 265 + src/libfreeswan/ipsec_xform.h | 274 + src/libfreeswan/ipsec_xmit.h | 140 + src/libfreeswan/keyblobtoid.3 | 103 + src/libfreeswan/keyblobtoid.c | 148 + src/libfreeswan/optionsfrom.3 | 182 + src/libfreeswan/optionsfrom.c | 301 + src/libfreeswan/pfkey.h | 498 + src/libfreeswan/pfkey_v2_build.c | 1435 ++ src/libfreeswan/pfkey_v2_debug.c | 177 + src/libfreeswan/pfkey_v2_ext_bits.c | 789 + src/libfreeswan/pfkey_v2_parse.c | 1824 ++ src/libfreeswan/pfkeyv2.h | 375 + src/libfreeswan/portof.3 | 70 + src/libfreeswan/portof.c | 96 + src/libfreeswan/prng.3 | 121 + src/libfreeswan/prng.c | 202 + src/libfreeswan/radij.h | 280 + src/libfreeswan/rangetoa.c | 61 + src/libfreeswan/rangetosubnet.3 | 59 + src/libfreeswan/rangetosubnet.c | 226 + src/libfreeswan/sameaddr.3 | 165 + src/libfreeswan/sameaddr.c | 190 + src/libfreeswan/satoa.c | 102 + src/libfreeswan/satot.c | 132 + src/libfreeswan/subnetof.3 | 47 + src/libfreeswan/subnetof.c | 60 + src/libfreeswan/subnettoa.c | 62 + src/libfreeswan/subnettot.c | 56 + src/libfreeswan/subnettypeof.c | 109 + src/libfreeswan/ttoaddr.3 | 377 + src/libfreeswan/ttoaddr.c | 426 + src/libfreeswan/ttodata.3 | 281 + src/libfreeswan/ttodata.c | 722 + src/libfreeswan/ttoprotoport.c | 103 + src/libfreeswan/ttosa.3 | 288 + src/libfreeswan/ttosa.c | 280 + src/libfreeswan/ttosubnet.c | 296 + src/libfreeswan/ttoul.3 | 192 + src/libfreeswan/ttoul.c | 91 + src/libfreeswan/ultoa.c | 67 + src/libfreeswan/ultot.c | 83 + src/libfreeswan/version.3 | 44 + src/libfreeswan/version.c | 43 + src/libstrongswan/Makefile.am | 69 + src/libstrongswan/Makefile.in | 820 + src/libstrongswan/asn1/asn1.c | 733 + src/libstrongswan/asn1/asn1.h | 135 + src/libstrongswan/asn1/oid.c | 197 + src/libstrongswan/asn1/oid.h | 80 + src/libstrongswan/asn1/oid.pl | 127 + src/libstrongswan/asn1/oid.txt | 184 + src/libstrongswan/asn1/pem.c | 366 + src/libstrongswan/asn1/pem.h | 27 + src/libstrongswan/asn1/ttodata.c | 378 + src/libstrongswan/asn1/ttodata.h | 28 + src/libstrongswan/chunk.c | 410 + src/libstrongswan/chunk.h | 154 + src/libstrongswan/credential_store.h | 294 + src/libstrongswan/crypto/ca.c | 788 + src/libstrongswan/crypto/ca.h | 215 + src/libstrongswan/crypto/certinfo.c | 305 + src/libstrongswan/crypto/certinfo.h | 203 + src/libstrongswan/crypto/crl.c | 533 + src/libstrongswan/crypto/crl.h | 147 + .../crypto/crypters/aes_cbc_crypter.c | 1620 ++ .../crypto/crypters/aes_cbc_crypter.h | 61 + src/libstrongswan/crypto/crypters/crypter.c | 68 + src/libstrongswan/crypto/crypters/crypter.h | 155 + src/libstrongswan/crypto/crypters/des_crypter.c | 1535 ++ src/libstrongswan/crypto/crypters/des_crypter.h | 58 + src/libstrongswan/crypto/diffie_hellman.c | 612 + src/libstrongswan/crypto/diffie_hellman.h | 147 + src/libstrongswan/crypto/hashers/hasher.c | 65 + src/libstrongswan/crypto/hashers/hasher.h | 159 + src/libstrongswan/crypto/hashers/md5_hasher.c | 405 + src/libstrongswan/crypto/hashers/md5_hasher.h | 60 + src/libstrongswan/crypto/hashers/sha1_hasher.c | 280 + src/libstrongswan/crypto/hashers/sha1_hasher.h | 60 + src/libstrongswan/crypto/hashers/sha2_hasher.c | 672 + src/libstrongswan/crypto/hashers/sha2_hasher.h | 62 + src/libstrongswan/crypto/hmac.c | 215 + src/libstrongswan/crypto/hmac.h | 117 + src/libstrongswan/crypto/ocsp.c | 924 + src/libstrongswan/crypto/ocsp.h | 86 + src/libstrongswan/crypto/prf_plus.c | 156 + src/libstrongswan/crypto/prf_plus.h | 92 + src/libstrongswan/crypto/prfs/fips_prf.c | 258 + src/libstrongswan/crypto/prfs/fips_prf.h | 80 + src/libstrongswan/crypto/prfs/hmac_prf.c | 118 + src/libstrongswan/crypto/prfs/hmac_prf.h | 65 + src/libstrongswan/crypto/prfs/prf.c | 70 + src/libstrongswan/crypto/prfs/prf.h | 142 + src/libstrongswan/crypto/rsa/rsa_private_key.c | 774 + src/libstrongswan/crypto/rsa/rsa_private_key.h | 184 + src/libstrongswan/crypto/rsa/rsa_public_key.c | 497 + src/libstrongswan/crypto/rsa/rsa_public_key.h | 164 + src/libstrongswan/crypto/signers/hmac_signer.c | 174 + src/libstrongswan/crypto/signers/hmac_signer.h | 68 + src/libstrongswan/crypto/signers/signer.c | 65 + src/libstrongswan/crypto/signers/signer.h | 147 + src/libstrongswan/crypto/x509.c | 1354 ++ src/libstrongswan/crypto/x509.h | 290 + src/libstrongswan/debug.c | 41 + src/libstrongswan/debug.h | 60 + src/libstrongswan/enum.c | 73 + src/libstrongswan/enum.h | 106 + src/libstrongswan/library.c | 184 + src/libstrongswan/library.h | 301 + src/libstrongswan/printf_hook.c | 118 + src/libstrongswan/printf_hook.h | 76 + src/libstrongswan/utils/fetcher.c | 421 + src/libstrongswan/utils/fetcher.h | 95 + src/libstrongswan/utils/host.c | 526 + src/libstrongswan/utils/host.h | 231 + src/libstrongswan/utils/identification.c | 1144 + src/libstrongswan/utils/identification.h | 261 + src/libstrongswan/utils/iterator.h | 166 + src/libstrongswan/utils/leak_detective.c | 459 + src/libstrongswan/utils/leak_detective.h | 35 + src/libstrongswan/utils/lexparser.c | 137 + src/libstrongswan/utils/lexparser.h | 57 + src/libstrongswan/utils/linked_list.c | 763 + src/libstrongswan/utils/linked_list.h | 232 + src/libstrongswan/utils/randomizer.c | 165 + src/libstrongswan/utils/randomizer.h | 114 + src/openac/Makefile.am | 98 + src/openac/Makefile.in | 624 + src/openac/build.c | 242 + src/openac/build.h | 47 + src/openac/loglite.c | 295 + src/openac/openac.8 | 180 + src/openac/openac.c | 438 + src/pluto/Makefile.am | 140 + src/pluto/Makefile.in | 878 + src/pluto/TODO | 129 + src/pluto/ac.c | 1018 + src/pluto/ac.h | 103 + src/pluto/adns.c | 615 + src/pluto/adns.h | 75 + src/pluto/alg/ike_alg_aes.c | 68 + src/pluto/alg/ike_alg_blowfish.c | 52 + src/pluto/alg/ike_alg_serpent.c | 70 + src/pluto/alg/ike_alg_sha2.c | 634 + src/pluto/alg/ike_alg_twofish.c | 85 + src/pluto/alg/ike_alginit.c | 7 + src/pluto/alg_info.c | 1205 + src/pluto/alg_info.h | 85 + src/pluto/asn1.c | 770 + src/pluto/asn1.h | 141 + src/pluto/ca.c | 694 + src/pluto/ca.h | 70 + src/pluto/certs.c | 287 + src/pluto/certs.h | 80 + src/pluto/connections.c | 4406 ++++ src/pluto/connections.h | 367 + src/pluto/constants.c | 1353 ++ src/pluto/constants.h | 1269 + src/pluto/cookie.c | 67 + src/pluto/cookie.h | 24 + src/pluto/crl.c | 763 + src/pluto/crl.h | 87 + src/pluto/crypto.c | 627 + src/pluto/crypto.h | 108 + src/pluto/db_ops.c | 439 + src/pluto/db_ops.h | 56 + src/pluto/defs.c | 374 + src/pluto/defs.h | 145 + src/pluto/demux.c | 2499 ++ src/pluto/demux.h | 93 + src/pluto/dnskey.c | 1962 ++ src/pluto/dnskey.h | 84 + src/pluto/dsa.c | 476 + src/pluto/dsa.h | 32 + src/pluto/elgamal.c | 613 + src/pluto/elgamal.h | 35 + src/pluto/fetch.c | 1081 + src/pluto/fetch.h | 79 + src/pluto/foodgroups.c | 462 + src/pluto/foodgroups.h | 24 + src/pluto/gcryptfix.c | 283 + src/pluto/gcryptfix.h | 111 + src/pluto/id.c | 509 + src/pluto/id.h | 67 + src/pluto/ike_alg.c | 592 + src/pluto/ike_alg.h | 94 + src/pluto/ipsec.secrets.5 | 175 + src/pluto/ipsec_doi.c | 5630 +++++ src/pluto/ipsec_doi.h | 104 + src/pluto/kameipsec.h | 47 + src/pluto/kernel.c | 2995 +++ src/pluto/kernel.h | 198 + src/pluto/kernel_alg.c | 775 + src/pluto/kernel_alg.h | 46 + src/pluto/kernel_netlink.c | 1219 + src/pluto/kernel_netlink.h | 20 + src/pluto/kernel_noklips.c | 126 + src/pluto/kernel_noklips.h | 19 + src/pluto/kernel_pfkey.c | 926 + src/pluto/kernel_pfkey.h | 23 + src/pluto/keys.c | 1514 ++ src/pluto/keys.h | 113 + src/pluto/lex.c | 213 + src/pluto/lex.h | 52 + src/pluto/linux26/netlink.h | 90 + src/pluto/linux26/rtnetlink.h | 562 + src/pluto/linux26/xfrm.h | 233 + src/pluto/log.c | 841 + src/pluto/log.h | 236 + src/pluto/md2.c | 237 + src/pluto/md2.h | 72 + src/pluto/md5.c | 385 + src/pluto/md5.h | 75 + src/pluto/modecfg.c | 1078 + src/pluto/modecfg.h | 47 + src/pluto/mp_defs.c | 70 + src/pluto/mp_defs.h | 36 + src/pluto/nat_traversal.c | 866 + src/pluto/nat_traversal.h | 154 + src/pluto/ocsp.c | 1568 ++ src/pluto/ocsp.h | 85 + src/pluto/oid.c | 197 + src/pluto/oid.h | 78 + src/pluto/oid.pl | 123 + src/pluto/oid.txt | 184 + src/pluto/packet.c | 1244 + src/pluto/packet.h | 655 + src/pluto/pem.c | 463 + src/pluto/pem.h | 18 + src/pluto/pgp.c | 647 + src/pluto/pgp.h | 54 + src/pluto/pkcs1.c | 674 + src/pluto/pkcs1.h | 88 + src/pluto/pkcs7.c | 862 + src/pluto/pkcs7.h | 51 + src/pluto/pluto.8 | 1649 ++ src/pluto/plutomain.c | 655 + src/pluto/primegen.c | 593 + src/pluto/rcv_whack.c | 685 + src/pluto/rcv_whack.h | 17 + src/pluto/rnd.c | 250 + src/pluto/rnd.h | 21 + src/pluto/rsaref/pkcs11.h | 299 + src/pluto/rsaref/pkcs11f.h | 912 + src/pluto/rsaref/pkcs11t.h | 1685 ++ src/pluto/rsaref/unix.h | 24 + src/pluto/server.c | 996 + src/pluto/server.h | 58 + src/pluto/sha1.c | 193 + src/pluto/sha1.h | 16 + src/pluto/smallprime.c | 122 + src/pluto/smartcard.c | 1956 ++ src/pluto/smartcard.h | 100 + src/pluto/spdb.c | 2314 ++ src/pluto/spdb.h | 112 + src/pluto/state.c | 1012 + src/pluto/state.h | 273 + src/pluto/timer.c | 532 + src/pluto/timer.h | 34 + src/pluto/vendor.c | 528 + src/pluto/vendor.h | 131 + src/pluto/virtual.c | 334 + src/pluto/virtual.h | 31 + src/pluto/x509.c | 2241 ++ src/pluto/x509.h | 138 + src/pluto/xauth.c | 79 + src/pluto/xauth.h | 41 + src/scepclient/Makefile.am | 103 + src/scepclient/Makefile.in | 630 + src/scepclient/pkcs10.c | 220 + src/scepclient/pkcs10.h | 57 + src/scepclient/rsakey.c | 349 + src/scepclient/rsakey.h | 31 + src/scepclient/scep.c | 598 + src/scepclient/scep.h | 93 + src/scepclient/scepclient.8 | 288 + src/scepclient/scepclient.c | 1036 + src/starter/Makefile.am | 37 + src/starter/Makefile.in | 581 + src/starter/README | 104 + src/starter/args.c | 632 + src/starter/args.h | 34 + src/starter/cmp.c | 105 + src/starter/cmp.h | 29 + src/starter/confread.c | 936 + src/starter/confread.h | 210 + src/starter/exec.c | 54 + src/starter/exec.h | 23 + src/starter/files.h | 40 + src/starter/interfaces.c | 595 + src/starter/interfaces.h | 41 + src/starter/invokecharon.c | 251 + src/starter/invokecharon.h | 31 + src/starter/invokepluto.c | 286 + src/starter/invokepluto.h | 28 + src/starter/ipsec.conf | 42 + src/starter/ipsec.conf.5 | 1062 + src/starter/keywords.c | 261 + src/starter/keywords.h | 176 + src/starter/keywords.txt | 118 + src/starter/lex.yy.c | 1966 ++ src/starter/netkey.c | 85 + src/starter/netkey.h | 24 + src/starter/parser.h | 57 + src/starter/parser.l | 190 + src/starter/parser.y | 283 + src/starter/starter.c | 643 + src/starter/starterstroke.c | 295 + src/starter/starterstroke.h | 29 + src/starter/starterwhack.c | 369 + src/starter/starterwhack.h | 32 + src/starter/y.tab.c | 1832 ++ src/starter/y.tab.h | 82 + src/stroke/Makefile.am | 9 + src/stroke/Makefile.in | 483 + src/stroke/stroke.c | 421 + src/stroke/stroke.h | 226 + src/stroke/stroke_keywords.c | 179 + src/stroke/stroke_keywords.h | 55 + src/stroke/stroke_keywords.txt | 50 + src/whack/Makefile.am | 8 + src/whack/Makefile.in | 478 + src/whack/whack.c | 1905 ++ src/whack/whack.h | 318 + testing/INSTALL | 6 +- testing/do-tests | 538 +- testing/hosts/alice/etc/ipsec.conf | 1 + testing/hosts/bob/etc/ipsec.conf | 1 + testing/hosts/carol/etc/ipsec.conf | 1 + testing/hosts/dave/etc/ipsec.conf | 1 + testing/hosts/moon/etc/ipsec.conf | 1 + testing/hosts/moon/etc/ipsec.secrets | 4 - testing/hosts/sun/etc/ipsec.conf | 1 + testing/hosts/venus/etc/ipsec.conf | 1 + testing/hosts/winnetou/etc/apache2/httpd.conf | 1103 + .../etc/apache2/vhosts.d/01_ocsp_vhost.conf | 37 + testing/hosts/winnetou/etc/openssl/index.txt | 1 + testing/hosts/winnetou/etc/openssl/index.txt.old | 1 + testing/hosts/winnetou/etc/openssl/newcerts/13.pem | 26 + testing/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi | 11 + .../hosts/winnetou/etc/openssl/ocspCert-self.pem | 26 + .../hosts/winnetou/etc/openssl/ocspKey-self.pem | 27 + testing/hosts/winnetou/etc/openssl/openssl.cnf | 5 +- .../hosts/winnetou/etc/openssl/research/index.txt | 1 + .../winnetou/etc/openssl/research/index.txt.old | 1 + .../winnetou/etc/openssl/research/newcerts/03.pem | 26 + .../winnetou/etc/openssl/research/ocsp/ocsp.cgi | 11 + .../winnetou/etc/openssl/research/ocspCert.pem | 26 + .../winnetou/etc/openssl/research/ocspKey.pem | 27 + .../winnetou/etc/openssl/research/openssl.cnf | 2 +- testing/hosts/winnetou/etc/openssl/research/serial | 2 +- .../hosts/winnetou/etc/openssl/research/serial.old | 2 +- testing/hosts/winnetou/etc/openssl/sales/index.txt | 1 + .../hosts/winnetou/etc/openssl/sales/index.txt.old | 1 + .../winnetou/etc/openssl/sales/newcerts/03.pem | 26 + .../hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi | 11 + .../hosts/winnetou/etc/openssl/sales/ocspCert.pem | 26 + .../hosts/winnetou/etc/openssl/sales/ocspKey.pem | 27 + .../hosts/winnetou/etc/openssl/sales/openssl.cnf | 2 +- testing/hosts/winnetou/etc/openssl/sales/serial | 2 +- .../hosts/winnetou/etc/openssl/sales/serial.old | 2 +- testing/hosts/winnetou/etc/openssl/serial | 2 +- testing/hosts/winnetou/etc/openssl/serial.old | 2 +- testing/hosts/winnetou/etc/openssl/start-ocsp | 20 - testing/scripts/build-hostconfig | 2 +- testing/scripts/build-sshkeys | 2 +- testing/scripts/build-umlhostfs | 1 + testing/scripts/build-umlrootfs | 33 +- testing/scripts/install-shared | 38 + testing/scripts/kstart-umls | 2 +- testing/scripts/load-testconfig | 6 +- testing/scripts/restore-defaults | 2 +- testing/scripts/shutdown-umls | 38 + testing/scripts/start-switches | 2 +- testing/scripts/start-umls | 2 +- testing/scripts/xstart-umls | 2 +- testing/start-testing | 4 + testing/testing.conf | 35 +- testing/tests/alg-blowfish/description.txt | 4 - testing/tests/alg-blowfish/evaltest.dat | 9 - .../tests/alg-blowfish/hosts/carol/etc/ipsec.conf | 25 - .../tests/alg-blowfish/hosts/moon/etc/ipsec.conf | 26 - testing/tests/alg-blowfish/posttest.dat | 2 - testing/tests/alg-blowfish/pretest.dat | 5 - testing/tests/alg-blowfish/test.conf | 22 - testing/tests/alg-serpent/description.txt | 4 - testing/tests/alg-serpent/evaltest.dat | 9 - .../tests/alg-serpent/hosts/carol/etc/ipsec.conf | 25 - .../tests/alg-serpent/hosts/moon/etc/ipsec.conf | 26 - testing/tests/alg-serpent/posttest.dat | 2 - testing/tests/alg-serpent/pretest.dat | 5 - testing/tests/alg-serpent/test.conf | 22 - testing/tests/alg-sha-equals-sha1/description.txt | 5 - testing/tests/alg-sha-equals-sha1/evaltest.dat | 9 - .../alg-sha-equals-sha1/hosts/carol/etc/ipsec.conf | 26 - .../alg-sha-equals-sha1/hosts/moon/etc/ipsec.conf | 26 - testing/tests/alg-sha-equals-sha1/posttest.dat | 2 - testing/tests/alg-sha-equals-sha1/pretest.dat | 5 - testing/tests/alg-sha-equals-sha1/test.conf | 22 - testing/tests/alg-sha2_256/description.txt | 4 - testing/tests/alg-sha2_256/evaltest.dat | 9 - .../tests/alg-sha2_256/hosts/carol/etc/ipsec.conf | 25 - .../tests/alg-sha2_256/hosts/moon/etc/ipsec.conf | 26 - testing/tests/alg-sha2_256/posttest.dat | 2 - testing/tests/alg-sha2_256/pretest.dat | 5 - testing/tests/alg-sha2_256/test.conf | 22 - testing/tests/alg-twofish/description.txt | 4 - testing/tests/alg-twofish/evaltest.dat | 8 - .../tests/alg-twofish/hosts/carol/etc/ipsec.conf | 25 - .../tests/alg-twofish/hosts/moon/etc/ipsec.conf | 26 - testing/tests/alg-twofish/posttest.dat | 2 - testing/tests/alg-twofish/pretest.dat | 5 - testing/tests/alg-twofish/test.conf | 22 - testing/tests/attr-cert/description.txt | 7 - testing/tests/attr-cert/evaltest.dat | 12 - testing/tests/attr-cert/hosts/carol/etc/ipsec.conf | 33 - testing/tests/attr-cert/hosts/dave/etc/ipsec.conf | 33 - testing/tests/attr-cert/hosts/moon/etc/ipsec.conf | 31 - .../hosts/moon/etc/ipsec.d/aacerts/aaCert.pem | 25 - .../attr-cert/hosts/moon/etc/openac/aaKey.pem | 27 - .../attr-cert/hosts/moon/etc/openac/carolCert.pem | 25 - .../attr-cert/hosts/moon/etc/openac/daveCert.pem | 25 - .../attr-cert/hosts/moon/etc/openac/default.conf | 4 - testing/tests/attr-cert/posttest.dat | 6 - testing/tests/attr-cert/pretest.dat | 12 - testing/tests/attr-cert/test.conf | 21 - testing/tests/compress/description.txt | 3 - testing/tests/compress/evaltest.dat | 10 - testing/tests/compress/hosts/carol/etc/ipsec.conf | 25 - testing/tests/compress/hosts/moon/etc/ipsec.conf | 25 - testing/tests/compress/posttest.dat | 2 - testing/tests/compress/pretest.dat | 5 - testing/tests/compress/test.conf | 22 - testing/tests/crl-from-cache/description.txt | 5 - testing/tests/crl-from-cache/evaltest.dat | 10 - .../crl-from-cache/hosts/carol/etc/ipsec.conf | 25 - .../tests/crl-from-cache/hosts/moon/etc/ipsec.conf | 36 - testing/tests/crl-from-cache/posttest.dat | 4 - testing/tests/crl-from-cache/pretest.dat | 8 - testing/tests/crl-from-cache/test.conf | 21 - testing/tests/crl-ldap/description.txt | 9 - testing/tests/crl-ldap/evaltest.dat | 16 - .../tests/crl-ldap/hosts/carol/etc/init.d/iptables | 73 - testing/tests/crl-ldap/hosts/carol/etc/ipsec.conf | 31 - .../5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl | Bin 560 -> 0 bytes .../tests/crl-ldap/hosts/moon/etc/init.d/iptables | 76 - testing/tests/crl-ldap/hosts/moon/etc/ipsec.conf | 42 - .../5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl | Bin 560 -> 0 bytes testing/tests/crl-ldap/posttest.dat | 9 - testing/tests/crl-ldap/pretest.dat | 8 - testing/tests/crl-ldap/test.conf | 21 - testing/tests/crl-revoked/description.txt | 7 - testing/tests/crl-revoked/evaltest.dat | 6 - .../tests/crl-revoked/hosts/carol/etc/ipsec.conf | 24 - .../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 25 - .../carol/etc/ipsec.d/private/carolRevokedKey.pem | 27 - .../crl-revoked/hosts/carol/etc/ipsec.secrets | 3 - .../tests/crl-revoked/hosts/moon/etc/ipsec.conf | 35 - testing/tests/crl-revoked/posttest.dat | 4 - testing/tests/crl-revoked/pretest.dat | 4 - testing/tests/crl-revoked/test.conf | 21 - testing/tests/crl-strict/description.txt | 6 - testing/tests/crl-strict/evaltest.dat | 8 - .../tests/crl-strict/hosts/carol/etc/ipsec.conf | 24 - testing/tests/crl-strict/hosts/moon/etc/ipsec.conf | 35 - testing/tests/crl-strict/posttest.dat | 2 - testing/tests/crl-strict/pretest.dat | 4 - testing/tests/crl-strict/test.conf | 21 - testing/tests/crl-to-cache/description.txt | 6 - testing/tests/crl-to-cache/evaltest.dat | 4 - .../tests/crl-to-cache/hosts/carol/etc/ipsec.conf | 24 - .../tests/crl-to-cache/hosts/moon/etc/ipsec.conf | 23 - testing/tests/crl-to-cache/posttest.dat | 4 - testing/tests/crl-to-cache/pretest.dat | 4 - testing/tests/crl-to-cache/test.conf | 21 - testing/tests/default-keys/description.txt | 8 - testing/tests/default-keys/evaltest.dat | 7 - .../tests/default-keys/hosts/carol/etc/ipsec.conf | 26 - .../default-keys/hosts/moon/etc/init.d/iptables | 78 - .../tests/default-keys/hosts/moon/etc/ipsec.conf | 27 - testing/tests/default-keys/posttest.dat | 10 - testing/tests/default-keys/pretest.dat | 18 - testing/tests/default-keys/test.conf | 21 - testing/tests/double-nat-net/description.txt | 7 - testing/tests/double-nat-net/evaltest.dat | 5 - .../double-nat-net/hosts/alice/etc/ipsec.conf | 25 - .../tests/double-nat-net/hosts/bob/etc/ipsec.conf | 25 - testing/tests/double-nat-net/posttest.dat | 9 - testing/tests/double-nat-net/pretest.dat | 15 - testing/tests/double-nat-net/test.conf | 21 - testing/tests/double-nat/description.txt | 5 - testing/tests/double-nat/evaltest.dat | 5 - .../tests/double-nat/hosts/alice/etc/ipsec.conf | 25 - testing/tests/double-nat/posttest.dat | 8 - testing/tests/double-nat/pretest.dat | 13 - testing/tests/double-nat/test.conf | 21 - testing/tests/dpd-clear/description.txt | 5 - testing/tests/dpd-clear/evaltest.dat | 8 - testing/tests/dpd-clear/hosts/moon/etc/ipsec.conf | 30 - testing/tests/dpd-clear/posttest.dat | 3 - testing/tests/dpd-clear/pretest.dat | 4 - testing/tests/dpd-clear/test.conf | 21 - testing/tests/esp-ah-transport/description.txt | 5 - testing/tests/esp-ah-transport/evaltest.dat | 8 - .../hosts/carol/etc/init.d/iptables | 73 - .../esp-ah-transport/hosts/carol/etc/ipsec.conf | 28 - .../hosts/moon/etc/init.d/iptables | 76 - .../esp-ah-transport/hosts/moon/etc/ipsec.conf | 28 - testing/tests/esp-ah-transport/posttest.dat | 6 - testing/tests/esp-ah-transport/pretest.dat | 6 - testing/tests/esp-ah-transport/test.conf | 22 - testing/tests/esp-ah-tunnel/description.txt | 6 - testing/tests/esp-ah-tunnel/evaltest.dat | 8 - .../esp-ah-tunnel/hosts/carol/etc/init.d/iptables | 73 - .../tests/esp-ah-tunnel/hosts/carol/etc/ipsec.conf | 28 - .../esp-ah-tunnel/hosts/moon/etc/init.d/iptables | 76 - .../tests/esp-ah-tunnel/hosts/moon/etc/ipsec.conf | 28 - testing/tests/esp-ah-tunnel/posttest.dat | 6 - testing/tests/esp-ah-tunnel/pretest.dat | 6 - testing/tests/esp-ah-tunnel/test.conf | 22 - testing/tests/esp-alg-des/description.txt | 5 - testing/tests/esp-alg-des/evaltest.dat | 6 - .../tests/esp-alg-des/hosts/carol/etc/ipsec.conf | 25 - .../tests/esp-alg-des/hosts/moon/etc/ipsec.conf | 26 - testing/tests/esp-alg-des/posttest.dat | 2 - testing/tests/esp-alg-des/pretest.dat | 5 - testing/tests/esp-alg-des/test.conf | 22 - testing/tests/esp-alg-null/description.txt | 5 - testing/tests/esp-alg-null/evaltest.dat | 5 - .../tests/esp-alg-null/hosts/carol/etc/ipsec.conf | 25 - .../tests/esp-alg-null/hosts/moon/etc/ipsec.conf | 26 - testing/tests/esp-alg-null/posttest.dat | 2 - testing/tests/esp-alg-null/pretest.dat | 4 - testing/tests/esp-alg-null/test.conf | 22 - testing/tests/esp-alg-strict-fail/description.txt | 5 - testing/tests/esp-alg-strict-fail/evaltest.dat | 9 - .../esp-alg-strict-fail/hosts/carol/etc/ipsec.conf | 25 - .../esp-alg-strict-fail/hosts/moon/etc/ipsec.conf | 26 - testing/tests/esp-alg-strict-fail/posttest.dat | 2 - testing/tests/esp-alg-strict-fail/pretest.dat | 4 - testing/tests/esp-alg-strict-fail/test.conf | 21 - testing/tests/esp-alg-strict/description.txt | 7 - testing/tests/esp-alg-strict/evaltest.dat | 7 - .../esp-alg-strict/hosts/carol/etc/ipsec.conf | 25 - .../tests/esp-alg-strict/hosts/moon/etc/ipsec.conf | 26 - testing/tests/esp-alg-strict/posttest.dat | 2 - testing/tests/esp-alg-strict/pretest.dat | 4 - testing/tests/esp-alg-strict/test.conf | 22 - testing/tests/esp-alg-weak/description.txt | 5 - testing/tests/esp-alg-weak/evaltest.dat | 5 - .../tests/esp-alg-weak/hosts/carol/etc/ipsec.conf | 25 - .../tests/esp-alg-weak/hosts/moon/etc/ipsec.conf | 24 - testing/tests/esp-alg-weak/posttest.dat | 2 - testing/tests/esp-alg-weak/pretest.dat | 5 - testing/tests/esp-alg-weak/test.conf | 22 - testing/tests/host2host-cert/description.txt | 4 - testing/tests/host2host-cert/evaltest.dat | 5 - testing/tests/host2host-cert/posttest.dat | 6 - testing/tests/host2host-cert/pretest.dat | 6 - testing/tests/host2host-cert/test.conf | 21 - testing/tests/host2host-swapped/description.txt | 3 - testing/tests/host2host-swapped/evaltest.dat | 5 - .../host2host-swapped/hosts/moon/etc/ipsec.conf | 24 - .../host2host-swapped/hosts/sun/etc/ipsec.conf | 25 - testing/tests/host2host-swapped/posttest.dat | 6 - testing/tests/host2host-swapped/pretest.dat | 6 - testing/tests/host2host-swapped/test.conf | 21 - testing/tests/host2host-transport/description.txt | 4 - testing/tests/host2host-transport/evaltest.dat | 5 - .../host2host-transport/hosts/moon/etc/ipsec.conf | 25 - .../host2host-transport/hosts/sun/etc/ipsec.conf | 26 - testing/tests/host2host-transport/posttest.dat | 6 - testing/tests/host2host-transport/pretest.dat | 6 - testing/tests/host2host-transport/test.conf | 21 - testing/tests/ike-alg-sha2_384/description.txt | 4 - testing/tests/ike-alg-sha2_384/evaltest.dat | 8 - .../ike-alg-sha2_384/hosts/carol/etc/ipsec.conf | 23 - .../ike-alg-sha2_384/hosts/moon/etc/ipsec.conf | 24 - testing/tests/ike-alg-sha2_384/posttest.dat | 2 - testing/tests/ike-alg-sha2_384/pretest.dat | 5 - testing/tests/ike-alg-sha2_384/test.conf | 22 - testing/tests/ike-alg-sha2_512/description.txt | 4 - testing/tests/ike-alg-sha2_512/evaltest.dat | 8 - .../ike-alg-sha2_512/hosts/carol/etc/ipsec.conf | 25 - .../ike-alg-sha2_512/hosts/moon/etc/ipsec.conf | 26 - testing/tests/ike-alg-sha2_512/posttest.dat | 2 - testing/tests/ike-alg-sha2_512/pretest.dat | 5 - testing/tests/ike-alg-sha2_512/test.conf | 22 - testing/tests/ike-alg-strict-fail/description.txt | 5 - testing/tests/ike-alg-strict-fail/evaltest.dat | 5 - .../ike-alg-strict-fail/hosts/carol/etc/ipsec.conf | 25 - .../ike-alg-strict-fail/hosts/moon/etc/ipsec.conf | 26 - testing/tests/ike-alg-strict-fail/posttest.dat | 2 - testing/tests/ike-alg-strict-fail/pretest.dat | 4 - testing/tests/ike-alg-strict-fail/test.conf | 21 - testing/tests/ike-alg-strict/description.txt | 5 - testing/tests/ike-alg-strict/evaltest.dat | 7 - .../ike-alg-strict/hosts/carol/etc/ipsec.conf | 25 - .../tests/ike-alg-strict/hosts/moon/etc/ipsec.conf | 26 - testing/tests/ike-alg-strict/posttest.dat | 2 - testing/tests/ike-alg-strict/pretest.dat | 4 - testing/tests/ike-alg-strict/test.conf | 21 - testing/tests/ike/rw-cert/description.txt | 5 + testing/tests/ike/rw-cert/evaltest.dat | 11 + .../tests/ike/rw-cert/hosts/dave/etc/ipsec.conf | 22 + .../tests/ike/rw-cert/hosts/moon/etc/ipsec.conf | 20 + testing/tests/ike/rw-cert/posttest.dat | 3 + testing/tests/ike/rw-cert/pretest.dat | 8 + testing/tests/ike/rw-cert/test.conf | 21 + testing/tests/ike/rw_v1-net_v2/description.txt | 7 + testing/tests/ike/rw_v1-net_v2/evaltest.dat | 10 + .../ike/rw_v1-net_v2/hosts/moon/etc/ipsec.conf | 28 + .../ike/rw_v1-net_v2/hosts/sun/etc/ipsec.conf | 15 + testing/tests/ike/rw_v1-net_v2/posttest.dat | 3 + testing/tests/ike/rw_v1-net_v2/pretest.dat | 9 + testing/tests/ike/rw_v1-net_v2/test.conf | 21 + testing/tests/ikev1/alg-blowfish/description.txt | 4 + testing/tests/ikev1/alg-blowfish/evaltest.dat | 9 + .../ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/alg-blowfish/posttest.dat | 2 + testing/tests/ikev1/alg-blowfish/pretest.dat | 5 + testing/tests/ikev1/alg-blowfish/test.conf | 22 + testing/tests/ikev1/alg-serpent/description.txt | 4 + testing/tests/ikev1/alg-serpent/evaltest.dat | 9 + .../ikev1/alg-serpent/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/alg-serpent/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/alg-serpent/posttest.dat | 2 + testing/tests/ikev1/alg-serpent/pretest.dat | 5 + testing/tests/ikev1/alg-serpent/test.conf | 22 + .../ikev1/alg-sha-equals-sha1/description.txt | 5 + .../tests/ikev1/alg-sha-equals-sha1/evaltest.dat | 9 + .../alg-sha-equals-sha1/hosts/carol/etc/ipsec.conf | 26 + .../alg-sha-equals-sha1/hosts/moon/etc/ipsec.conf | 26 + .../tests/ikev1/alg-sha-equals-sha1/posttest.dat | 2 + .../tests/ikev1/alg-sha-equals-sha1/pretest.dat | 5 + testing/tests/ikev1/alg-sha-equals-sha1/test.conf | 22 + testing/tests/ikev1/alg-sha2_256/description.txt | 4 + testing/tests/ikev1/alg-sha2_256/evaltest.dat | 9 + .../ikev1/alg-sha2_256/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/alg-sha2_256/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/alg-sha2_256/posttest.dat | 2 + testing/tests/ikev1/alg-sha2_256/pretest.dat | 5 + testing/tests/ikev1/alg-sha2_256/test.conf | 22 + testing/tests/ikev1/alg-twofish/description.txt | 4 + testing/tests/ikev1/alg-twofish/evaltest.dat | 8 + .../ikev1/alg-twofish/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/alg-twofish/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/alg-twofish/posttest.dat | 2 + testing/tests/ikev1/alg-twofish/pretest.dat | 5 + testing/tests/ikev1/alg-twofish/test.conf | 22 + testing/tests/ikev1/attr-cert/description.txt | 7 + testing/tests/ikev1/attr-cert/evaltest.dat | 12 + .../ikev1/attr-cert/hosts/carol/etc/ipsec.conf | 32 + .../ikev1/attr-cert/hosts/dave/etc/ipsec.conf | 32 + .../ikev1/attr-cert/hosts/moon/etc/ipsec.conf | 30 + .../hosts/moon/etc/ipsec.d/aacerts/aaCert.pem | 25 + .../attr-cert/hosts/moon/etc/openac/aaKey.pem | 27 + .../attr-cert/hosts/moon/etc/openac/carolCert.pem | 25 + .../attr-cert/hosts/moon/etc/openac/daveCert.pem | 25 + .../attr-cert/hosts/moon/etc/openac/default.conf | 4 + testing/tests/ikev1/attr-cert/posttest.dat | 6 + testing/tests/ikev1/attr-cert/pretest.dat | 12 + testing/tests/ikev1/attr-cert/test.conf | 21 + testing/tests/ikev1/compress/description.txt | 3 + testing/tests/ikev1/compress/evaltest.dat | 10 + .../ikev1/compress/hosts/carol/etc/ipsec.conf | 24 + .../tests/ikev1/compress/hosts/moon/etc/ipsec.conf | 24 + testing/tests/ikev1/compress/posttest.dat | 2 + testing/tests/ikev1/compress/pretest.dat | 5 + testing/tests/ikev1/compress/test.conf | 22 + testing/tests/ikev1/crl-from-cache/description.txt | 5 + testing/tests/ikev1/crl-from-cache/evaltest.dat | 10 + .../crl-from-cache/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/crl-from-cache/hosts/moon/etc/ipsec.conf | 35 + testing/tests/ikev1/crl-from-cache/posttest.dat | 4 + testing/tests/ikev1/crl-from-cache/pretest.dat | 8 + testing/tests/ikev1/crl-from-cache/test.conf | 21 + testing/tests/ikev1/crl-ldap/description.txt | 9 + testing/tests/ikev1/crl-ldap/evaltest.dat | 16 + .../ikev1/crl-ldap/hosts/carol/etc/init.d/iptables | 73 + .../ikev1/crl-ldap/hosts/carol/etc/ipsec.conf | 30 + .../5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl | Bin 0 -> 560 bytes .../ikev1/crl-ldap/hosts/moon/etc/init.d/iptables | 76 + .../tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.conf | 41 + .../5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl | Bin 0 -> 560 bytes testing/tests/ikev1/crl-ldap/posttest.dat | 7 + testing/tests/ikev1/crl-ldap/pretest.dat | 8 + testing/tests/ikev1/crl-ldap/test.conf | 21 + testing/tests/ikev1/crl-revoked/description.txt | 7 + testing/tests/ikev1/crl-revoked/evaltest.dat | 6 + .../ikev1/crl-revoked/hosts/carol/etc/ipsec.conf | 23 + .../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 25 + .../carol/etc/ipsec.d/private/carolRevokedKey.pem | 27 + .../crl-revoked/hosts/carol/etc/ipsec.secrets | 3 + .../ikev1/crl-revoked/hosts/moon/etc/ipsec.conf | 34 + testing/tests/ikev1/crl-revoked/posttest.dat | 4 + testing/tests/ikev1/crl-revoked/pretest.dat | 4 + testing/tests/ikev1/crl-revoked/test.conf | 21 + testing/tests/ikev1/crl-strict/description.txt | 6 + testing/tests/ikev1/crl-strict/evaltest.dat | 8 + .../ikev1/crl-strict/hosts/carol/etc/ipsec.conf | 23 + .../ikev1/crl-strict/hosts/moon/etc/ipsec.conf | 34 + testing/tests/ikev1/crl-strict/posttest.dat | 2 + testing/tests/ikev1/crl-strict/pretest.dat | 4 + testing/tests/ikev1/crl-strict/test.conf | 21 + testing/tests/ikev1/crl-to-cache/description.txt | 6 + testing/tests/ikev1/crl-to-cache/evaltest.dat | 4 + .../ikev1/crl-to-cache/hosts/carol/etc/ipsec.conf | 23 + .../ikev1/crl-to-cache/hosts/moon/etc/ipsec.conf | 22 + testing/tests/ikev1/crl-to-cache/posttest.dat | 4 + testing/tests/ikev1/crl-to-cache/pretest.dat | 4 + testing/tests/ikev1/crl-to-cache/test.conf | 21 + testing/tests/ikev1/default-keys/description.txt | 8 + testing/tests/ikev1/default-keys/evaltest.dat | 9 + .../ikev1/default-keys/hosts/carol/etc/ipsec.conf | 25 + .../default-keys/hosts/moon/etc/init.d/iptables | 78 + .../ikev1/default-keys/hosts/moon/etc/ipsec.conf | 26 + testing/tests/ikev1/default-keys/posttest.dat | 8 + testing/tests/ikev1/default-keys/pretest.dat | 18 + testing/tests/ikev1/default-keys/test.conf | 21 + testing/tests/ikev1/double-nat-net/description.txt | 7 + testing/tests/ikev1/double-nat-net/evaltest.dat | 5 + .../double-nat-net/hosts/alice/etc/ipsec.conf | 24 + .../ikev1/double-nat-net/hosts/bob/etc/ipsec.conf | 24 + testing/tests/ikev1/double-nat-net/posttest.dat | 9 + testing/tests/ikev1/double-nat-net/pretest.dat | 15 + testing/tests/ikev1/double-nat-net/test.conf | 21 + testing/tests/ikev1/double-nat/description.txt | 5 + testing/tests/ikev1/double-nat/evaltest.dat | 5 + .../ikev1/double-nat/hosts/alice/etc/ipsec.conf | 24 + testing/tests/ikev1/double-nat/posttest.dat | 8 + testing/tests/ikev1/double-nat/pretest.dat | 13 + testing/tests/ikev1/double-nat/test.conf | 21 + testing/tests/ikev1/dpd-clear/description.txt | 5 + testing/tests/ikev1/dpd-clear/evaltest.dat | 7 + .../ikev1/dpd-clear/hosts/moon/etc/ipsec.conf | 29 + testing/tests/ikev1/dpd-clear/posttest.dat | 3 + testing/tests/ikev1/dpd-clear/pretest.dat | 4 + testing/tests/ikev1/dpd-clear/test.conf | 21 + .../tests/ikev1/esp-ah-transport/description.txt | 5 + testing/tests/ikev1/esp-ah-transport/evaltest.dat | 8 + .../hosts/carol/etc/init.d/iptables | 73 + .../esp-ah-transport/hosts/carol/etc/ipsec.conf | 27 + .../hosts/moon/etc/init.d/iptables | 76 + .../esp-ah-transport/hosts/moon/etc/ipsec.conf | 27 + testing/tests/ikev1/esp-ah-transport/posttest.dat | 4 + testing/tests/ikev1/esp-ah-transport/pretest.dat | 6 + testing/tests/ikev1/esp-ah-transport/test.conf | 22 + testing/tests/ikev1/esp-ah-tunnel/description.txt | 6 + testing/tests/ikev1/esp-ah-tunnel/evaltest.dat | 8 + .../esp-ah-tunnel/hosts/carol/etc/init.d/iptables | 73 + .../ikev1/esp-ah-tunnel/hosts/carol/etc/ipsec.conf | 27 + .../esp-ah-tunnel/hosts/moon/etc/init.d/iptables | 76 + .../ikev1/esp-ah-tunnel/hosts/moon/etc/ipsec.conf | 27 + testing/tests/ikev1/esp-ah-tunnel/posttest.dat | 4 + testing/tests/ikev1/esp-ah-tunnel/pretest.dat | 6 + testing/tests/ikev1/esp-ah-tunnel/test.conf | 22 + testing/tests/ikev1/esp-alg-des/description.txt | 5 + testing/tests/ikev1/esp-alg-des/evaltest.dat | 6 + .../ikev1/esp-alg-des/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/esp-alg-des/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/esp-alg-des/posttest.dat | 2 + testing/tests/ikev1/esp-alg-des/pretest.dat | 5 + testing/tests/ikev1/esp-alg-des/test.conf | 22 + testing/tests/ikev1/esp-alg-null/description.txt | 5 + testing/tests/ikev1/esp-alg-null/evaltest.dat | 5 + .../ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/esp-alg-null/posttest.dat | 2 + testing/tests/ikev1/esp-alg-null/pretest.dat | 5 + testing/tests/ikev1/esp-alg-null/test.conf | 22 + .../ikev1/esp-alg-strict-fail/description.txt | 5 + .../tests/ikev1/esp-alg-strict-fail/evaltest.dat | 9 + .../esp-alg-strict-fail/hosts/carol/etc/ipsec.conf | 24 + .../esp-alg-strict-fail/hosts/moon/etc/ipsec.conf | 25 + .../tests/ikev1/esp-alg-strict-fail/posttest.dat | 2 + .../tests/ikev1/esp-alg-strict-fail/pretest.dat | 4 + testing/tests/ikev1/esp-alg-strict-fail/test.conf | 21 + testing/tests/ikev1/esp-alg-strict/description.txt | 7 + testing/tests/ikev1/esp-alg-strict/evaltest.dat | 7 + .../esp-alg-strict/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/esp-alg-strict/posttest.dat | 2 + testing/tests/ikev1/esp-alg-strict/pretest.dat | 4 + testing/tests/ikev1/esp-alg-strict/test.conf | 22 + testing/tests/ikev1/esp-alg-weak/description.txt | 5 + testing/tests/ikev1/esp-alg-weak/evaltest.dat | 5 + .../ikev1/esp-alg-weak/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/esp-alg-weak/hosts/moon/etc/ipsec.conf | 23 + testing/tests/ikev1/esp-alg-weak/posttest.dat | 2 + testing/tests/ikev1/esp-alg-weak/pretest.dat | 5 + testing/tests/ikev1/esp-alg-weak/test.conf | 22 + testing/tests/ikev1/host2host-cert/description.txt | 4 + testing/tests/ikev1/host2host-cert/evaltest.dat | 5 + testing/tests/ikev1/host2host-cert/posttest.dat | 4 + testing/tests/ikev1/host2host-cert/pretest.dat | 6 + testing/tests/ikev1/host2host-cert/test.conf | 21 + .../tests/ikev1/host2host-swapped/description.txt | 3 + testing/tests/ikev1/host2host-swapped/evaltest.dat | 5 + .../host2host-swapped/hosts/moon/etc/ipsec.conf | 23 + .../host2host-swapped/hosts/sun/etc/ipsec.conf | 24 + testing/tests/ikev1/host2host-swapped/posttest.dat | 4 + testing/tests/ikev1/host2host-swapped/pretest.dat | 6 + testing/tests/ikev1/host2host-swapped/test.conf | 21 + .../ikev1/host2host-transport/description.txt | 4 + .../tests/ikev1/host2host-transport/evaltest.dat | 5 + .../host2host-transport/hosts/moon/etc/ipsec.conf | 24 + .../host2host-transport/hosts/sun/etc/ipsec.conf | 25 + .../tests/ikev1/host2host-transport/posttest.dat | 4 + .../tests/ikev1/host2host-transport/pretest.dat | 6 + testing/tests/ikev1/host2host-transport/test.conf | 21 + .../tests/ikev1/ike-alg-sha2_384/description.txt | 4 + testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat | 8 + .../ike-alg-sha2_384/hosts/carol/etc/ipsec.conf | 24 + .../ike-alg-sha2_384/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/ike-alg-sha2_384/posttest.dat | 2 + testing/tests/ikev1/ike-alg-sha2_384/pretest.dat | 5 + testing/tests/ikev1/ike-alg-sha2_384/test.conf | 22 + .../tests/ikev1/ike-alg-sha2_512/description.txt | 4 + testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat | 8 + .../ike-alg-sha2_512/hosts/carol/etc/ipsec.conf | 24 + .../ike-alg-sha2_512/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/ike-alg-sha2_512/posttest.dat | 2 + testing/tests/ikev1/ike-alg-sha2_512/pretest.dat | 5 + testing/tests/ikev1/ike-alg-sha2_512/test.conf | 22 + .../ikev1/ike-alg-strict-fail/description.txt | 5 + .../tests/ikev1/ike-alg-strict-fail/evaltest.dat | 5 + .../ike-alg-strict-fail/hosts/carol/etc/ipsec.conf | 24 + .../ike-alg-strict-fail/hosts/moon/etc/ipsec.conf | 25 + .../tests/ikev1/ike-alg-strict-fail/posttest.dat | 2 + .../tests/ikev1/ike-alg-strict-fail/pretest.dat | 4 + testing/tests/ikev1/ike-alg-strict-fail/test.conf | 21 + testing/tests/ikev1/ike-alg-strict/description.txt | 5 + testing/tests/ikev1/ike-alg-strict/evaltest.dat | 7 + .../ike-alg-strict/hosts/carol/etc/ipsec.conf | 24 + .../ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/ike-alg-strict/posttest.dat | 2 + testing/tests/ikev1/ike-alg-strict/pretest.dat | 4 + testing/tests/ikev1/ike-alg-strict/test.conf | 21 + .../tests/ikev1/mode-config-push/description.txt | 10 + testing/tests/ikev1/mode-config-push/evaltest.dat | 16 + .../mode-config-push/hosts/carol/etc/ipsec.conf | 30 + .../mode-config-push/hosts/dave/etc/ipsec.conf | 30 + .../mode-config-push/hosts/moon/etc/ipsec.conf | 33 + testing/tests/ikev1/mode-config-push/posttest.dat | 8 + testing/tests/ikev1/mode-config-push/pretest.dat | 10 + testing/tests/ikev1/mode-config-push/test.conf | 21 + .../ikev1/mode-config-swapped/description.txt | 3 + .../tests/ikev1/mode-config-swapped/evaltest.dat | 16 + .../mode-config-swapped/hosts/carol/etc/ipsec.conf | 29 + .../mode-config-swapped/hosts/dave/etc/ipsec.conf | 29 + .../mode-config-swapped/hosts/moon/etc/ipsec.conf | 32 + .../tests/ikev1/mode-config-swapped/posttest.dat | 8 + .../tests/ikev1/mode-config-swapped/pretest.dat | 9 + testing/tests/ikev1/mode-config-swapped/test.conf | 21 + testing/tests/ikev1/mode-config/description.txt | 7 + testing/tests/ikev1/mode-config/evaltest.dat | 16 + .../ikev1/mode-config/hosts/carol/etc/ipsec.conf | 29 + .../ikev1/mode-config/hosts/dave/etc/ipsec.conf | 29 + .../ikev1/mode-config/hosts/moon/etc/ipsec.conf | 32 + testing/tests/ikev1/mode-config/posttest.dat | 8 + testing/tests/ikev1/mode-config/pretest.dat | 10 + testing/tests/ikev1/mode-config/test.conf | 21 + .../ikev1/multi-level-ca-ldap/description.txt | 11 + .../tests/ikev1/multi-level-ca-ldap/evaltest.dat | 13 + .../multi-level-ca-ldap/hosts/carol/etc/ipsec.conf | 31 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../hosts/carol/etc/ipsec.secrets | 3 + .../multi-level-ca-ldap/hosts/dave/etc/ipsec.conf | 31 + .../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 24 + .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 + .../hosts/moon/etc/init.d/iptables | 76 + .../multi-level-ca-ldap/hosts/moon/etc/ipsec.conf | 46 + .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 + .../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 22 + .../tests/ikev1/multi-level-ca-ldap/posttest.dat | 7 + .../tests/ikev1/multi-level-ca-ldap/pretest.dat | 10 + testing/tests/ikev1/multi-level-ca-ldap/test.conf | 21 + .../ikev1/multi-level-ca-loop/description.txt | 6 + .../tests/ikev1/multi-level-ca-loop/evaltest.dat | 3 + .../multi-level-ca-loop/hosts/carol/etc/ipsec.conf | 27 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../hosts/carol/etc/ipsec.secrets | 3 + .../multi-level-ca-loop/hosts/moon/etc/ipsec.conf | 23 + .../etc/ipsec.d/cacerts/research_by_salesCert.pem | 24 + .../etc/ipsec.d/cacerts/sales_by_researchCert.pem | 24 + .../tests/ikev1/multi-level-ca-loop/posttest.dat | 4 + .../tests/ikev1/multi-level-ca-loop/pretest.dat | 6 + testing/tests/ikev1/multi-level-ca-loop/test.conf | 21 + .../ikev1/multi-level-ca-revoked/description.txt | 4 + .../ikev1/multi-level-ca-revoked/evaltest.dat | 6 + .../hosts/carol/etc/ipsec.conf | 23 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/moon/etc/ipsec.conf | 28 + .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 + .../ikev1/multi-level-ca-revoked/posttest.dat | 3 + .../tests/ikev1/multi-level-ca-revoked/pretest.dat | 4 + .../tests/ikev1/multi-level-ca-revoked/test.conf | 21 + .../ikev1/multi-level-ca-strict/description.txt | 10 + .../tests/ikev1/multi-level-ca-strict/evaltest.dat | 12 + .../hosts/carol/etc/ipsec.conf | 31 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../hosts/carol/etc/ipsec.secrets | 3 + .../hosts/dave/etc/ipsec.conf | 31 + .../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 24 + .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 + .../hosts/moon/etc/ipsec.conf | 35 + .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 + .../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 22 + .../tests/ikev1/multi-level-ca-strict/posttest.dat | 5 + .../tests/ikev1/multi-level-ca-strict/pretest.dat | 9 + .../tests/ikev1/multi-level-ca-strict/test.conf | 21 + testing/tests/ikev1/multi-level-ca/description.txt | 7 + testing/tests/ikev1/multi-level-ca/evaltest.dat | 12 + .../multi-level-ca/hosts/carol/etc/ipsec.conf | 32 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../multi-level-ca/hosts/carol/etc/ipsec.secrets | 3 + .../ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf | 32 + .../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 24 + .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 + .../ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf | 36 + .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 + .../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 22 + testing/tests/ikev1/multi-level-ca/posttest.dat | 5 + testing/tests/ikev1/multi-level-ca/pretest.dat | 9 + testing/tests/ikev1/multi-level-ca/test.conf | 21 + testing/tests/ikev1/nat-before-esp/description.txt | 6 + testing/tests/ikev1/nat-before-esp/evaltest.dat | 9 + .../nat-before-esp/hosts/moon/etc/init.d/iptables | 83 + .../ikev1/nat-before-esp/hosts/moon/etc/ipsec.conf | 24 + .../ikev1/nat-before-esp/hosts/sun/etc/ipsec.conf | 23 + testing/tests/ikev1/nat-before-esp/posttest.dat | 5 + testing/tests/ikev1/nat-before-esp/pretest.dat | 6 + testing/tests/ikev1/nat-before-esp/test.conf | 21 + testing/tests/ikev1/nat-one-rw/description.txt | 5 + testing/tests/ikev1/nat-one-rw/evaltest.dat | 5 + testing/tests/ikev1/nat-one-rw/posttest.dat | 6 + testing/tests/ikev1/nat-one-rw/pretest.dat | 10 + testing/tests/ikev1/nat-one-rw/test.conf | 21 + testing/tests/ikev1/nat-two-rw-psk/description.txt | 6 + testing/tests/ikev1/nat-two-rw-psk/evaltest.dat | 9 + .../nat-two-rw-psk/hosts/alice/etc/ipsec.conf | 20 + .../nat-two-rw-psk/hosts/alice/etc/ipsec.secrets | 3 + .../ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.conf | 22 + .../nat-two-rw-psk/hosts/sun/etc/ipsec.secrets | 3 + .../nat-two-rw-psk/hosts/venus/etc/ipsec.conf | 20 + .../nat-two-rw-psk/hosts/venus/etc/ipsec.secrets | 3 + testing/tests/ikev1/nat-two-rw-psk/posttest.dat | 8 + testing/tests/ikev1/nat-two-rw-psk/pretest.dat | 16 + testing/tests/ikev1/nat-two-rw-psk/test.conf | 21 + testing/tests/ikev1/nat-two-rw/description.txt | 5 + testing/tests/ikev1/nat-two-rw/evaltest.dat | 9 + testing/tests/ikev1/nat-two-rw/posttest.dat | 8 + testing/tests/ikev1/nat-two-rw/pretest.dat | 13 + testing/tests/ikev1/nat-two-rw/test.conf | 21 + testing/tests/ikev1/net2net-cert/description.txt | 6 + testing/tests/ikev1/net2net-cert/evaltest.dat | 5 + testing/tests/ikev1/net2net-cert/posttest.dat | 4 + testing/tests/ikev1/net2net-cert/pretest.dat | 6 + testing/tests/ikev1/net2net-cert/test.conf | 21 + testing/tests/ikev1/net2net-pgp/description.txt | 6 + testing/tests/ikev1/net2net-pgp/evaltest.dat | 5 + .../ikev1/net2net-pgp/hosts/moon/etc/ipsec.conf | 23 + .../hosts/moon/etc/ipsec.d/certs/moonCert.asc | 15 + .../hosts/moon/etc/ipsec.d/certs/sunCert.asc | 15 + .../hosts/moon/etc/ipsec.d/private/moonKey.asc | 19 + .../ikev1/net2net-pgp/hosts/moon/etc/ipsec.secrets | 3 + .../ikev1/net2net-pgp/hosts/sun/etc/ipsec.conf | 23 + .../hosts/sun/etc/ipsec.d/certs/moonCert.asc | 15 + .../hosts/sun/etc/ipsec.d/certs/sunCert.asc | 15 + .../hosts/sun/etc/ipsec.d/private/sunKey.asc | 19 + .../ikev1/net2net-pgp/hosts/sun/etc/ipsec.secrets | 3 + testing/tests/ikev1/net2net-pgp/posttest.dat | 8 + testing/tests/ikev1/net2net-pgp/pretest.dat | 8 + testing/tests/ikev1/net2net-pgp/test.conf | 21 + .../tests/ikev1/net2net-psk-fail/description.txt | 7 + testing/tests/ikev1/net2net-psk-fail/evaltest.dat | 6 + .../net2net-psk-fail/hosts/moon/etc/ipsec.conf | 22 + .../net2net-psk-fail/hosts/moon/etc/ipsec.secrets | 7 + .../net2net-psk-fail/hosts/sun/etc/ipsec.conf | 22 + .../net2net-psk-fail/hosts/sun/etc/ipsec.secrets | 7 + testing/tests/ikev1/net2net-psk-fail/posttest.dat | 2 + testing/tests/ikev1/net2net-psk-fail/pretest.dat | 6 + testing/tests/ikev1/net2net-psk-fail/test.conf | 21 + testing/tests/ikev1/net2net-psk/description.txt | 6 + testing/tests/ikev1/net2net-psk/evaltest.dat | 5 + .../ikev1/net2net-psk/hosts/moon/etc/ipsec.conf | 23 + .../ikev1/net2net-psk/hosts/moon/etc/ipsec.secrets | 7 + .../ikev1/net2net-psk/hosts/sun/etc/ipsec.conf | 23 + .../ikev1/net2net-psk/hosts/sun/etc/ipsec.secrets | 7 + testing/tests/ikev1/net2net-psk/posttest.dat | 4 + testing/tests/ikev1/net2net-psk/pretest.dat | 8 + testing/tests/ikev1/net2net-psk/test.conf | 21 + testing/tests/ikev1/net2net-route/description.txt | 9 + testing/tests/ikev1/net2net-route/evaltest.dat | 6 + .../ikev1/net2net-route/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/net2net-route/posttest.dat | 4 + testing/tests/ikev1/net2net-route/pretest.dat | 6 + testing/tests/ikev1/net2net-route/test.conf | 21 + testing/tests/ikev1/net2net-rsa/description.txt | 6 + testing/tests/ikev1/net2net-rsa/evaltest.dat | 5 + .../ikev1/net2net-rsa/hosts/moon/etc/ipsec.conf | 24 + .../ikev1/net2net-rsa/hosts/moon/etc/ipsec.secrets | 17 + .../ikev1/net2net-rsa/hosts/sun/etc/ipsec.conf | 24 + .../ikev1/net2net-rsa/hosts/sun/etc/ipsec.secrets | 17 + testing/tests/ikev1/net2net-rsa/posttest.dat | 4 + testing/tests/ikev1/net2net-rsa/pretest.dat | 8 + testing/tests/ikev1/net2net-rsa/test.conf | 21 + testing/tests/ikev1/net2net-start/description.txt | 8 + testing/tests/ikev1/net2net-start/evaltest.dat | 5 + .../ikev1/net2net-start/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/net2net-start/posttest.dat | 4 + testing/tests/ikev1/net2net-start/pretest.dat | 5 + testing/tests/ikev1/net2net-start/test.conf | 21 + testing/tests/ikev1/no-priv-key/description.txt | 4 + testing/tests/ikev1/no-priv-key/evaltest.dat | 4 + .../no-priv-key/hosts/carol/etc/ipsec.secrets | 3 + testing/tests/ikev1/no-priv-key/posttest.dat | 2 + testing/tests/ikev1/no-priv-key/pretest.dat | 4 + testing/tests/ikev1/no-priv-key/test.conf | 21 + testing/tests/ikev1/ocsp-revoked/description.txt | 7 + testing/tests/ikev1/ocsp-revoked/evaltest.dat | 6 + .../ikev1/ocsp-revoked/hosts/carol/etc/ipsec.conf | 28 + .../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 25 + .../carol/etc/ipsec.d/private/carolRevokedKey.pem | 27 + .../ocsp-revoked/hosts/carol/etc/ipsec.secrets | 3 + .../ikev1/ocsp-revoked/hosts/moon/etc/ipsec.conf | 39 + testing/tests/ikev1/ocsp-revoked/posttest.dat | 4 + testing/tests/ikev1/ocsp-revoked/pretest.dat | 4 + testing/tests/ikev1/ocsp-revoked/test.conf | 21 + testing/tests/ikev1/ocsp-strict/description.txt | 6 + testing/tests/ikev1/ocsp-strict/evaltest.dat | 8 + .../ikev1/ocsp-strict/hosts/carol/etc/ipsec.conf | 28 + .../ikev1/ocsp-strict/hosts/moon/etc/ipsec.conf | 39 + testing/tests/ikev1/ocsp-strict/posttest.dat | 2 + testing/tests/ikev1/ocsp-strict/pretest.dat | 4 + testing/tests/ikev1/ocsp-strict/test.conf | 21 + testing/tests/ikev1/protoport-dual/description.txt | 6 + testing/tests/ikev1/protoport-dual/evaltest.dat | 7 + .../protoport-dual/hosts/carol/etc/ipsec.conf | 30 + .../ikev1/protoport-dual/hosts/moon/etc/ipsec.conf | 30 + testing/tests/ikev1/protoport-dual/posttest.dat | 4 + testing/tests/ikev1/protoport-dual/pretest.dat | 7 + testing/tests/ikev1/protoport-dual/test.conf | 21 + testing/tests/ikev1/protoport-pass/description.txt | 13 + testing/tests/ikev1/protoport-pass/evaltest.dat | 7 + .../protoport-pass/hosts/carol/etc/ipsec.conf | 26 + .../ikev1/protoport-pass/hosts/moon/etc/ipsec.conf | 26 + testing/tests/ikev1/protoport-pass/posttest.dat | 4 + testing/tests/ikev1/protoport-pass/pretest.dat | 10 + testing/tests/ikev1/protoport-pass/test.conf | 21 + .../tests/ikev1/protoport-route/description.txt | 8 + testing/tests/ikev1/protoport-route/evaltest.dat | 8 + .../protoport-route/hosts/carol/etc/ipsec.conf | 30 + .../protoport-route/hosts/moon/etc/ipsec.conf | 30 + testing/tests/ikev1/protoport-route/posttest.dat | 4 + testing/tests/ikev1/protoport-route/pretest.dat | 6 + testing/tests/ikev1/protoport-route/test.conf | 21 + testing/tests/ikev1/req-pkcs10/description.txt | 11 + testing/tests/ikev1/req-pkcs10/evaltest.dat | 5 + .../ikev1/req-pkcs10/hosts/carol/etc/ipsec.conf | 28 + .../ikev1/req-pkcs10/hosts/carol/etc/ipsec.secrets | 3 + .../req-pkcs10/hosts/carol/etc/scepclient.conf | 3 + .../ikev1/req-pkcs10/hosts/moon/etc/ipsec.secrets | 3 + .../req-pkcs10/hosts/moon/etc/scepclient.conf | 4 + .../req-pkcs10/hosts/winnetou/etc/openssl/yy.txt | 2 + testing/tests/ikev1/req-pkcs10/posttest.dat | 11 + testing/tests/ikev1/req-pkcs10/pretest.dat | 22 + testing/tests/ikev1/req-pkcs10/test.conf | 21 + testing/tests/ikev1/rw-cert/description.txt | 6 + testing/tests/ikev1/rw-cert/evaltest.dat | 5 + testing/tests/ikev1/rw-cert/posttest.dat | 4 + testing/tests/ikev1/rw-cert/pretest.dat | 6 + testing/tests/ikev1/rw-cert/test.conf | 21 + .../tests/ikev1/rw-psk-fqdn-named/description.txt | 11 + testing/tests/ikev1/rw-psk-fqdn-named/evaltest.dat | 5 + .../rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf | 22 + .../hosts/carol/etc/ipsec.secrets | 7 + .../rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf | 22 + .../rw-psk-fqdn-named/hosts/moon/etc/ipsec.secrets | 7 + testing/tests/ikev1/rw-psk-fqdn-named/posttest.dat | 4 + testing/tests/ikev1/rw-psk-fqdn-named/pretest.dat | 8 + testing/tests/ikev1/rw-psk-fqdn-named/test.conf | 21 + testing/tests/ikev1/rw-psk-fqdn/description.txt | 5 + testing/tests/ikev1/rw-psk-fqdn/evaltest.dat | 5 + .../ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.conf | 22 + .../rw-psk-fqdn/hosts/carol/etc/ipsec.secrets | 7 + .../ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.conf | 21 + .../ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets | 3 + testing/tests/ikev1/rw-psk-fqdn/posttest.dat | 4 + testing/tests/ikev1/rw-psk-fqdn/pretest.dat | 8 + testing/tests/ikev1/rw-psk-fqdn/test.conf | 21 + testing/tests/ikev1/rw-psk-ipv4/description.txt | 5 + testing/tests/ikev1/rw-psk-ipv4/evaltest.dat | 5 + .../ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.conf | 20 + .../rw-psk-ipv4/hosts/carol/etc/ipsec.secrets | 7 + .../ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.conf | 20 + .../ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets | 7 + testing/tests/ikev1/rw-psk-ipv4/posttest.dat | 4 + testing/tests/ikev1/rw-psk-ipv4/pretest.dat | 8 + testing/tests/ikev1/rw-psk-ipv4/test.conf | 21 + .../tests/ikev1/rw-psk-no-policy/description.txt | 3 + testing/tests/ikev1/rw-psk-no-policy/evaltest.dat | 5 + .../rw-psk-no-policy/hosts/carol/etc/ipsec.conf | 22 + .../rw-psk-no-policy/hosts/carol/etc/ipsec.secrets | 7 + .../rw-psk-no-policy/hosts/moon/etc/ipsec.conf | 21 + testing/tests/ikev1/rw-psk-no-policy/posttest.dat | 2 + testing/tests/ikev1/rw-psk-no-policy/pretest.dat | 5 + testing/tests/ikev1/rw-psk-no-policy/test.conf | 21 + .../tests/ikev1/rw-psk-rsa-mixed/description.txt | 5 + testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat | 7 + .../rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf | 23 + .../rw-psk-rsa-mixed/hosts/carol/etc/ipsec.secrets | 7 + .../rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf | 26 + .../rw-psk-rsa-mixed/hosts/moon/etc/ipsec.secrets | 5 + testing/tests/ikev1/rw-psk-rsa-mixed/posttest.dat | 3 + testing/tests/ikev1/rw-psk-rsa-mixed/pretest.dat | 7 + testing/tests/ikev1/rw-psk-rsa-mixed/test.conf | 21 + .../tests/ikev1/rw-rsa-no-policy/description.txt | 3 + testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat | 5 + .../rw-rsa-no-policy/hosts/moon/etc/ipsec.conf | 20 + .../rw-rsa-no-policy/hosts/moon/etc/ipsec.secrets | 3 + testing/tests/ikev1/rw-rsa-no-policy/posttest.dat | 2 + testing/tests/ikev1/rw-rsa-no-policy/pretest.dat | 5 + testing/tests/ikev1/rw-rsa-no-policy/test.conf | 21 + testing/tests/ikev1/self-signed/description.txt | 8 + testing/tests/ikev1/self-signed/evaltest.dat | 7 + .../ikev1/self-signed/hosts/carol/etc/ipsec.conf | 26 + .../self-signed/hosts/carol/etc/ipsec.secrets | 3 + .../self-signed/hosts/moon/etc/init.d/iptables | 78 + .../ikev1/self-signed/hosts/moon/etc/ipsec.conf | 27 + .../ikev1/self-signed/hosts/moon/etc/ipsec.secrets | 3 + .../self-signed/hosts/moon/etc/scepclient.conf | 6 + testing/tests/ikev1/self-signed/posttest.dat | 8 + testing/tests/ikev1/self-signed/pretest.dat | 17 + testing/tests/ikev1/self-signed/test.conf | 21 + .../tests/ikev1/starter-also-loop/description.txt | 4 + testing/tests/ikev1/starter-also-loop/evaltest.dat | 3 + .../starter-also-loop/hosts/moon/etc/ipsec.conf | 47 + testing/tests/ikev1/starter-also-loop/posttest.dat | 0 testing/tests/ikev1/starter-also-loop/pretest.dat | 2 + testing/tests/ikev1/starter-also-loop/test.conf | 21 + testing/tests/ikev1/starter-also/description.txt | 3 + testing/tests/ikev1/starter-also/evaltest.dat | 5 + .../ikev1/starter-also/hosts/moon/etc/ipsec.conf | 46 + testing/tests/ikev1/starter-also/posttest.dat | 4 + testing/tests/ikev1/starter-also/pretest.dat | 6 + testing/tests/ikev1/starter-also/test.conf | 21 + .../tests/ikev1/starter-includes/description.txt | 6 + testing/tests/ikev1/starter-includes/evaltest.dat | 16 + .../starter-includes/hosts/carol/etc/ipsec.conf | 29 + .../starter-includes/hosts/dave/etc/ipsec.conf | 29 + .../starter-includes/hosts/moon/etc/ipsec.conf | 9 + .../hosts/moon/etc/ipsec.connections | 12 + .../starter-includes/hosts/moon/etc/ipsec.host | 11 + .../hosts/moon/etc/ipsec.peers/ipsec.carol | 8 + .../hosts/moon/etc/ipsec.peers/ipsec.dave | 8 + testing/tests/ikev1/starter-includes/posttest.dat | 10 + testing/tests/ikev1/starter-includes/pretest.dat | 11 + testing/tests/ikev1/starter-includes/test.conf | 21 + testing/tests/ikev1/strong-certs/description.txt | 6 + testing/tests/ikev1/strong-certs/evaltest.dat | 10 + .../ikev1/strong-certs/hosts/carol/etc/ipsec.conf | 24 + .../carol/etc/ipsec.d/certs/carolCert-sha384.pem | 25 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../strong-certs/hosts/carol/etc/ipsec.secrets | 3 + .../ikev1/strong-certs/hosts/dave/etc/ipsec.conf | 24 + .../dave/etc/ipsec.d/certs/daveCert-sha512.pem | 25 + .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 + .../strong-certs/hosts/dave/etc/ipsec.secrets | 3 + .../ikev1/strong-certs/hosts/moon/etc/ipsec.conf | 23 + .../moon/etc/ipsec.d/certs/moonCert-sha256.pem | 25 + .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 27 + .../strong-certs/hosts/moon/etc/ipsec.secrets | 3 + testing/tests/ikev1/strong-certs/posttest.dat | 12 + testing/tests/ikev1/strong-certs/pretest.dat | 10 + testing/tests/ikev1/strong-certs/test.conf | 21 + .../tests/ikev1/virtual-ip-swapped/description.txt | 3 + .../tests/ikev1/virtual-ip-swapped/evaltest.dat | 9 + .../virtual-ip-swapped/hosts/carol/etc/ipsec.conf | 29 + .../virtual-ip-swapped/hosts/moon/etc/ipsec.conf | 25 + .../tests/ikev1/virtual-ip-swapped/posttest.dat | 5 + testing/tests/ikev1/virtual-ip-swapped/pretest.dat | 6 + testing/tests/ikev1/virtual-ip-swapped/test.conf | 21 + testing/tests/ikev1/virtual-ip/description.txt | 8 + testing/tests/ikev1/virtual-ip/evaltest.dat | 9 + .../ikev1/virtual-ip/hosts/carol/etc/ipsec.conf | 29 + .../ikev1/virtual-ip/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev1/virtual-ip/posttest.dat | 5 + testing/tests/ikev1/virtual-ip/pretest.dat | 7 + testing/tests/ikev1/virtual-ip/test.conf | 21 + testing/tests/ikev1/wildcards/description.txt | 8 + testing/tests/ikev1/wildcards/evaltest.dat | 8 + .../ikev1/wildcards/hosts/carol/etc/ipsec.conf | 31 + .../ikev1/wildcards/hosts/dave/etc/ipsec.conf | 31 + .../ikev1/wildcards/hosts/moon/etc/ipsec.conf | 29 + testing/tests/ikev1/wildcards/posttest.dat | 3 + testing/tests/ikev1/wildcards/pretest.dat | 9 + testing/tests/ikev1/wildcards/test.conf | 21 + testing/tests/ikev1/wlan/description.txt | 15 + testing/tests/ikev1/wlan/evaltest.dat | 11 + .../ikev1/wlan/hosts/alice/etc/init.d/iptables | 73 + .../tests/ikev1/wlan/hosts/alice/etc/ipsec.conf | 36 + .../ikev1/wlan/hosts/moon/etc/init.d/iptables | 82 + testing/tests/ikev1/wlan/hosts/moon/etc/ipsec.conf | 36 + .../ikev1/wlan/hosts/venus/etc/init.d/iptables | 73 + .../tests/ikev1/wlan/hosts/venus/etc/ipsec.conf | 36 + testing/tests/ikev1/wlan/posttest.dat | 8 + testing/tests/ikev1/wlan/pretest.dat | 11 + testing/tests/ikev1/wlan/test.conf | 21 + .../ikev1/xauth-psk-mode-config/description.txt | 11 + .../tests/ikev1/xauth-psk-mode-config/evaltest.dat | 18 + .../hosts/carol/etc/ipsec.conf | 25 + .../hosts/carol/etc/ipsec.secrets | 5 + .../hosts/dave/etc/ipsec.conf | 25 + .../hosts/dave/etc/ipsec.secrets | 5 + .../hosts/moon/etc/ipsec.conf | 30 + .../hosts/moon/etc/ipsec.secrets | 7 + .../tests/ikev1/xauth-psk-mode-config/posttest.dat | 8 + .../tests/ikev1/xauth-psk-mode-config/pretest.dat | 12 + .../tests/ikev1/xauth-psk-mode-config/test.conf | 21 + testing/tests/ikev1/xauth-psk/description.txt | 9 + testing/tests/ikev1/xauth-psk/evaltest.dat | 12 + .../ikev1/xauth-psk/hosts/carol/etc/ipsec.conf | 22 + .../ikev1/xauth-psk/hosts/carol/etc/ipsec.secrets | 5 + .../ikev1/xauth-psk/hosts/dave/etc/ipsec.conf | 22 + .../ikev1/xauth-psk/hosts/dave/etc/ipsec.secrets | 5 + .../ikev1/xauth-psk/hosts/moon/etc/ipsec.conf | 23 + .../ikev1/xauth-psk/hosts/moon/etc/ipsec.secrets | 7 + testing/tests/ikev1/xauth-psk/posttest.dat | 6 + testing/tests/ikev1/xauth-psk/pretest.dat | 12 + testing/tests/ikev1/xauth-psk/test.conf | 21 + testing/tests/ikev1/xauth-rsa-fail/description.txt | 5 + testing/tests/ikev1/xauth-rsa-fail/evaltest.dat | 4 + .../xauth-rsa-fail/hosts/carol/etc/ipsec.conf | 25 + .../xauth-rsa-fail/hosts/carol/etc/ipsec.secrets | 5 + .../ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.conf | 25 + .../xauth-rsa-fail/hosts/moon/etc/ipsec.secrets | 5 + testing/tests/ikev1/xauth-rsa-fail/posttest.dat | 2 + testing/tests/ikev1/xauth-rsa-fail/pretest.dat | 4 + testing/tests/ikev1/xauth-rsa-fail/test.conf | 21 + .../ikev1/xauth-rsa-mode-config/description.txt | 11 + .../tests/ikev1/xauth-rsa-mode-config/evaltest.dat | 18 + .../hosts/carol/etc/ipsec.conf | 26 + .../hosts/carol/etc/ipsec.secrets | 5 + .../hosts/dave/etc/ipsec.conf | 26 + .../hosts/dave/etc/ipsec.secrets | 5 + .../hosts/moon/etc/ipsec.conf | 31 + .../hosts/moon/etc/ipsec.secrets | 7 + .../tests/ikev1/xauth-rsa-mode-config/posttest.dat | 8 + .../tests/ikev1/xauth-rsa-mode-config/pretest.dat | 9 + .../tests/ikev1/xauth-rsa-mode-config/test.conf | 21 + .../tests/ikev1/xauth-rsa-nosecret/description.txt | 6 + .../tests/ikev1/xauth-rsa-nosecret/evaltest.dat | 4 + .../xauth-rsa-nosecret/hosts/carol/etc/ipsec.conf | 25 + .../hosts/carol/etc/ipsec.secrets | 3 + .../xauth-rsa-nosecret/hosts/moon/etc/ipsec.conf | 25 + .../hosts/moon/etc/ipsec.secrets | 5 + .../tests/ikev1/xauth-rsa-nosecret/posttest.dat | 2 + testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat | 4 + testing/tests/ikev1/xauth-rsa-nosecret/test.conf | 21 + testing/tests/ikev1/xauth-rsa/description.txt | 9 + testing/tests/ikev1/xauth-rsa/evaltest.dat | 12 + .../ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf | 25 + .../ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets | 5 + .../ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf | 25 + .../ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets | 5 + .../ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf | 25 + .../ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets | 7 + testing/tests/ikev1/xauth-rsa/posttest.dat | 6 + testing/tests/ikev1/xauth-rsa/pretest.dat | 9 + testing/tests/ikev1/xauth-rsa/test.conf | 21 + .../ikev2/config-payload-swapped/description.txt | 3 + .../ikev2/config-payload-swapped/evaltest.dat | 20 + .../hosts/carol/etc/ipsec.conf | 26 + .../hosts/dave/etc/ipsec.conf | 26 + .../hosts/moon/etc/ipsec.conf | 32 + .../ikev2/config-payload-swapped/posttest.dat | 6 + .../tests/ikev2/config-payload-swapped/pretest.dat | 10 + .../tests/ikev2/config-payload-swapped/test.conf | 21 + testing/tests/ikev2/config-payload/description.txt | 7 + testing/tests/ikev2/config-payload/evaltest.dat | 20 + .../config-payload/hosts/carol/etc/ipsec.conf | 25 + .../ikev2/config-payload/hosts/dave/etc/ipsec.conf | 25 + .../ikev2/config-payload/hosts/moon/etc/ipsec.conf | 32 + testing/tests/ikev2/config-payload/posttest.dat | 6 + testing/tests/ikev2/config-payload/pretest.dat | 10 + testing/tests/ikev2/config-payload/test.conf | 21 + testing/tests/ikev2/crl-from-cache/description.txt | 5 + testing/tests/ikev2/crl-from-cache/evaltest.dat | 8 + .../crl-from-cache/hosts/carol/etc/ipsec.conf | 24 + .../ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf | 23 + testing/tests/ikev2/crl-from-cache/posttest.dat | 4 + testing/tests/ikev2/crl-from-cache/pretest.dat | 8 + testing/tests/ikev2/crl-from-cache/test.conf | 21 + testing/tests/ikev2/crl-ldap/description.txt | 6 + testing/tests/ikev2/crl-ldap/evaltest.dat | 12 + .../ikev2/crl-ldap/hosts/carol/etc/init.d/iptables | 73 + .../ikev2/crl-ldap/hosts/carol/etc/ipsec.conf | 31 + .../5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl | Bin 0 -> 560 bytes .../ikev2/crl-ldap/hosts/moon/etc/init.d/iptables | 76 + .../tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf | 29 + .../5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl | Bin 0 -> 560 bytes testing/tests/ikev2/crl-ldap/posttest.dat | 7 + testing/tests/ikev2/crl-ldap/pretest.dat | 8 + testing/tests/ikev2/crl-ldap/test.conf | 21 + testing/tests/ikev2/crl-revoked/description.txt | 4 + testing/tests/ikev2/crl-revoked/evaltest.dat | 6 + .../ikev2/crl-revoked/hosts/carol/etc/ipsec.conf | 23 + .../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 25 + .../carol/etc/ipsec.d/private/carolRevokedKey.pem | 27 + .../crl-revoked/hosts/carol/etc/ipsec.secrets | 3 + .../ikev2/crl-revoked/hosts/moon/etc/ipsec.conf | 22 + testing/tests/ikev2/crl-revoked/posttest.dat | 4 + testing/tests/ikev2/crl-revoked/pretest.dat | 4 + testing/tests/ikev2/crl-revoked/test.conf | 21 + testing/tests/ikev2/crl-strict/description.txt | 2 + testing/tests/ikev2/crl-strict/evaltest.dat | 4 + .../ikev2/crl-strict/hosts/carol/etc/ipsec.conf | 23 + .../ikev2/crl-strict/hosts/moon/etc/ipsec.conf | 34 + testing/tests/ikev2/crl-strict/posttest.dat | 2 + testing/tests/ikev2/crl-strict/pretest.dat | 4 + testing/tests/ikev2/crl-strict/test.conf | 21 + testing/tests/ikev2/crl-to-cache/description.txt | 6 + testing/tests/ikev2/crl-to-cache/evaltest.dat | 4 + .../ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf | 24 + .../ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf | 23 + testing/tests/ikev2/crl-to-cache/posttest.dat | 4 + testing/tests/ikev2/crl-to-cache/pretest.dat | 4 + testing/tests/ikev2/crl-to-cache/test.conf | 21 + testing/tests/ikev2/default-keys/description.txt | 8 + testing/tests/ikev2/default-keys/evaltest.dat | 7 + .../ikev2/default-keys/hosts/carol/etc/ipsec.conf | 24 + .../default-keys/hosts/moon/etc/init.d/iptables | 78 + .../ikev2/default-keys/hosts/moon/etc/ipsec.conf | 24 + testing/tests/ikev2/default-keys/posttest.dat | 8 + testing/tests/ikev2/default-keys/pretest.dat | 18 + testing/tests/ikev2/default-keys/test.conf | 21 + testing/tests/ikev2/double-nat-net/description.txt | 7 + testing/tests/ikev2/double-nat-net/evaltest.dat | 5 + .../double-nat-net/hosts/alice/etc/ipsec.conf | 23 + .../ikev2/double-nat-net/hosts/bob/etc/ipsec.conf | 23 + testing/tests/ikev2/double-nat-net/posttest.dat | 9 + testing/tests/ikev2/double-nat-net/pretest.dat | 15 + testing/tests/ikev2/double-nat-net/test.conf | 21 + testing/tests/ikev2/double-nat/description.txt | 5 + testing/tests/ikev2/double-nat/evaltest.dat | 5 + .../ikev2/double-nat/hosts/alice/etc/ipsec.conf | 23 + .../ikev2/double-nat/hosts/bob/etc/ipsec.conf | 22 + testing/tests/ikev2/double-nat/posttest.dat | 8 + testing/tests/ikev2/double-nat/pretest.dat | 13 + testing/tests/ikev2/double-nat/test.conf | 21 + testing/tests/ikev2/dpd-clear/description.txt | 5 + testing/tests/ikev2/dpd-clear/evaltest.dat | 6 + .../ikev2/dpd-clear/hosts/carol/etc/ipsec.conf | 24 + .../ikev2/dpd-clear/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev2/dpd-clear/posttest.dat | 3 + testing/tests/ikev2/dpd-clear/pretest.dat | 4 + testing/tests/ikev2/dpd-clear/test.conf | 21 + testing/tests/ikev2/dpd-hold/description.txt | 7 + testing/tests/ikev2/dpd-hold/evaltest.dat | 14 + .../ikev2/dpd-hold/hosts/carol/etc/ipsec.conf | 26 + .../tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev2/dpd-hold/posttest.dat | 2 + testing/tests/ikev2/dpd-hold/pretest.dat | 4 + testing/tests/ikev2/dpd-hold/test.conf | 21 + testing/tests/ikev2/dpd-restart/description.txt | 7 + testing/tests/ikev2/dpd-restart/evaltest.dat | 13 + .../ikev2/dpd-restart/hosts/carol/etc/ipsec.conf | 26 + .../ikev2/dpd-restart/hosts/moon/etc/ipsec.conf | 25 + testing/tests/ikev2/dpd-restart/posttest.dat | 2 + testing/tests/ikev2/dpd-restart/pretest.dat | 4 + testing/tests/ikev2/dpd-restart/test.conf | 21 + testing/tests/ikev2/host2host-cert/description.txt | 4 + testing/tests/ikev2/host2host-cert/evaltest.dat | 5 + .../ikev2/host2host-cert/hosts/moon/etc/ipsec.conf | 23 + .../ikev2/host2host-cert/hosts/sun/etc/ipsec.conf | 23 + testing/tests/ikev2/host2host-cert/posttest.dat | 4 + testing/tests/ikev2/host2host-cert/pretest.dat | 6 + testing/tests/ikev2/host2host-cert/test.conf | 21 + .../tests/ikev2/host2host-swapped/description.txt | 3 + testing/tests/ikev2/host2host-swapped/evaltest.dat | 5 + .../host2host-swapped/hosts/moon/etc/ipsec.conf | 23 + .../host2host-swapped/hosts/sun/etc/ipsec.conf | 23 + testing/tests/ikev2/host2host-swapped/posttest.dat | 4 + testing/tests/ikev2/host2host-swapped/pretest.dat | 6 + testing/tests/ikev2/host2host-swapped/test.conf | 21 + .../ikev2/host2host-transport/description.txt | 4 + .../tests/ikev2/host2host-transport/evaltest.dat | 5 + .../host2host-transport/hosts/moon/etc/ipsec.conf | 24 + .../host2host-transport/hosts/sun/etc/ipsec.conf | 24 + .../tests/ikev2/host2host-transport/posttest.dat | 4 + .../tests/ikev2/host2host-transport/pretest.dat | 6 + testing/tests/ikev2/host2host-transport/test.conf | 21 + .../tests/ikev2/nat-double-snat/description.txt | 6 + testing/tests/ikev2/nat-double-snat/evaltest.dat | 5 + .../nat-double-snat/hosts/alice/etc/ipsec.conf | 16 + .../hosts/alice/etc/ipsec.d/certs/bobCert.pem | 25 + .../ikev2/nat-double-snat/hosts/bob/etc/ipsec.conf | 20 + .../hosts/bob/etc/ipsec.d/certs/aliceCert.pem | 25 + testing/tests/ikev2/nat-double-snat/posttest.dat | 8 + testing/tests/ikev2/nat-double-snat/pretest.dat | 11 + testing/tests/ikev2/nat-double-snat/test.conf | 21 + testing/tests/ikev2/nat-one-rw/description.txt | 5 + testing/tests/ikev2/nat-one-rw/evaltest.dat | 5 + .../ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf | 23 + .../ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf | 35 + testing/tests/ikev2/nat-one-rw/posttest.dat | 6 + testing/tests/ikev2/nat-one-rw/pretest.dat | 11 + testing/tests/ikev2/nat-one-rw/test.conf | 21 + testing/tests/ikev2/nat-pf/description.txt | 4 + testing/tests/ikev2/nat-pf/evaltest.dat | 5 + .../tests/ikev2/nat-pf/hosts/alice/etc/ipsec.conf | 19 + .../hosts/alice/etc/ipsec.d/certs/carolCert.pem | 25 + .../tests/ikev2/nat-pf/hosts/carol/etc/ipsec.conf | 17 + .../hosts/carol/etc/ipsec.d/certs/aliceCert.pem | 25 + testing/tests/ikev2/nat-pf/posttest.dat | 5 + testing/tests/ikev2/nat-pf/pretest.dat | 7 + testing/tests/ikev2/nat-pf/test.conf | 21 + testing/tests/ikev2/nat-portswitch/description.txt | 6 + testing/tests/ikev2/nat-portswitch/evaltest.dat | 10 + .../nat-portswitch/hosts/alice/etc/ipsec.conf | 17 + .../hosts/alice/etc/ipsec.d/certs/sunCert.pem | 24 + .../ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf | 20 + .../hosts/sun/etc/ipsec.d/certs/aliceCert.pem | 25 + testing/tests/ikev2/nat-portswitch/posttest.dat | 6 + testing/tests/ikev2/nat-portswitch/pretest.dat | 9 + testing/tests/ikev2/nat-portswitch/test.conf | 21 + testing/tests/ikev2/nat-rw-mixed/description.txt | 6 + testing/tests/ikev2/nat-rw-mixed/evaltest.dat | 9 + .../ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf | 17 + .../hosts/alice/etc/ipsec.d/certs/sunCert.pem | 24 + .../ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf | 31 + .../hosts/sun/etc/ipsec.d/certs/aliceCert.pem | 25 + .../hosts/sun/etc/ipsec.d/certs/venusCert.pem | 24 + testing/tests/ikev2/nat-rw-mixed/posttest.dat | 6 + testing/tests/ikev2/nat-rw-mixed/pretest.dat | 11 + testing/tests/ikev2/nat-rw-mixed/test.conf | 21 + testing/tests/ikev2/nat-two-rw-psk/description.txt | 6 + testing/tests/ikev2/nat-two-rw-psk/evaltest.dat | 9 + .../nat-two-rw-psk/hosts/alice/etc/ipsec.conf | 19 + .../nat-two-rw-psk/hosts/alice/etc/ipsec.secrets | 3 + .../ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf | 21 + .../nat-two-rw-psk/hosts/sun/etc/ipsec.secrets | 5 + .../nat-two-rw-psk/hosts/venus/etc/ipsec.conf | 19 + .../nat-two-rw-psk/hosts/venus/etc/ipsec.secrets | 3 + testing/tests/ikev2/nat-two-rw-psk/posttest.dat | 8 + testing/tests/ikev2/nat-two-rw-psk/pretest.dat | 17 + testing/tests/ikev2/nat-two-rw-psk/test.conf | 21 + testing/tests/ikev2/nat-two-rw/description.txt | 5 + testing/tests/ikev2/nat-two-rw/evaltest.dat | 9 + .../ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf | 23 + .../ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf | 35 + .../ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf | 23 + testing/tests/ikev2/nat-two-rw/posttest.dat | 8 + testing/tests/ikev2/nat-two-rw/pretest.dat | 14 + testing/tests/ikev2/nat-two-rw/test.conf | 21 + testing/tests/ikev2/net2net-cert/description.txt | 6 + testing/tests/ikev2/net2net-cert/evaltest.dat | 5 + .../ikev2/net2net-cert/hosts/moon/etc/ipsec.conf | 24 + .../ikev2/net2net-cert/hosts/sun/etc/ipsec.conf | 24 + testing/tests/ikev2/net2net-cert/posttest.dat | 5 + testing/tests/ikev2/net2net-cert/pretest.dat | 6 + testing/tests/ikev2/net2net-cert/test.conf | 21 + testing/tests/ikev2/net2net-psk/description.txt | 6 + testing/tests/ikev2/net2net-psk/evaltest.dat | 5 + .../ikev2/net2net-psk/hosts/moon/etc/ipsec.conf | 23 + .../ikev2/net2net-psk/hosts/moon/etc/ipsec.secrets | 12 + .../ikev2/net2net-psk/hosts/sun/etc/ipsec.conf | 23 + .../ikev2/net2net-psk/hosts/sun/etc/ipsec.secrets | 7 + testing/tests/ikev2/net2net-psk/posttest.dat | 4 + testing/tests/ikev2/net2net-psk/pretest.dat | 8 + testing/tests/ikev2/net2net-psk/test.conf | 21 + testing/tests/ikev2/net2net-route/description.txt | 9 + testing/tests/ikev2/net2net-route/evaltest.dat | 6 + .../ikev2/net2net-route/hosts/moon/etc/ipsec.conf | 25 + .../ikev2/net2net-route/hosts/sun/etc/ipsec.conf | 24 + testing/tests/ikev2/net2net-route/posttest.dat | 4 + testing/tests/ikev2/net2net-route/pretest.dat | 6 + testing/tests/ikev2/net2net-route/test.conf | 21 + testing/tests/ikev2/net2net-start/description.txt | 8 + testing/tests/ikev2/net2net-start/evaltest.dat | 5 + .../ikev2/net2net-start/hosts/moon/etc/ipsec.conf | 25 + .../ikev2/net2net-start/hosts/sun/etc/ipsec.conf | 25 + testing/tests/ikev2/net2net-start/posttest.dat | 4 + testing/tests/ikev2/net2net-start/pretest.dat | 6 + testing/tests/ikev2/net2net-start/test.conf | 21 + .../tests/ikev2/ocsp-local-cert/description.txt | 9 + testing/tests/ikev2/ocsp-local-cert/evaltest.dat | 8 + .../ocsp-local-cert/hosts/carol/etc/ipsec.conf | 28 + .../carol/etc/ipsec.d/ocspcerts/ocspCert-self.pem | 26 + .../ocsp-local-cert/hosts/moon/etc/ipsec.conf | 27 + .../moon/etc/ipsec.d/ocspcerts/ocspCert-self.pem | 26 + .../hosts/winnetou/etc/openssl/ocsp/ocsp.cgi | 11 + testing/tests/ikev2/ocsp-local-cert/posttest.dat | 4 + testing/tests/ikev2/ocsp-local-cert/pretest.dat | 4 + testing/tests/ikev2/ocsp-local-cert/test.conf | 21 + .../tests/ikev2/ocsp-multi-level/description.txt | 10 + testing/tests/ikev2/ocsp-multi-level/evaltest.dat | 10 + .../ocsp-multi-level/hosts/carol/etc/ipsec.conf | 31 + .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 + .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 + .../ocsp-multi-level/hosts/carol/etc/ipsec.secrets | 3 + .../ocsp-multi-level/hosts/dave/etc/ipsec.conf | 31 + .../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 24 + .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 + .../ocsp-multi-level/hosts/moon/etc/ipsec.conf | 44 + .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 + .../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 22 + testing/tests/ikev2/ocsp-multi-level/posttest.dat | 5 + testing/tests/ikev2/ocsp-multi-level/pretest.dat | 7 + testing/tests/ikev2/ocsp-multi-level/test.conf | 21 + testing/tests/ikev2/ocsp-revoked/description.txt | 9 + testing/tests/ikev2/ocsp-revoked/evaltest.dat | 7 + .../ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf | 28 + .../carol/etc/ipsec.d/certs/carolCert-revoked.pem | 25 + .../carol/etc/ipsec.d/private/carolKey-revoked.pem | 27 + .../ocsp-revoked/hosts/carol/etc/ipsec.secrets | 3 + .../ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf | 27 + testing/tests/ikev2/ocsp-revoked/posttest.dat | 4 + testing/tests/ikev2/ocsp-revoked/pretest.dat | 4 + testing/tests/ikev2/ocsp-revoked/test.conf | 21 + testing/tests/ikev2/ocsp-root-cert/description.txt | 8 + testing/tests/ikev2/ocsp-root-cert/evaltest.dat | 6 + .../ocsp-root-cert/hosts/carol/etc/ipsec.conf | 28 + .../ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf | 27 + .../hosts/winnetou/etc/openssl/ocsp/ocsp.cgi | 11 + testing/tests/ikev2/ocsp-root-cert/posttest.dat | 2 + testing/tests/ikev2/ocsp-root-cert/pretest.dat | 4 + testing/tests/ikev2/ocsp-root-cert/test.conf | 21 + .../tests/ikev2/ocsp-signer-cert/description.txt | 10 + testing/tests/ikev2/ocsp-signer-cert/evaltest.dat | 13 + .../ocsp-signer-cert/hosts/carol/etc/ipsec.conf | 23 + .../carol/etc/ipsec.d/certs/carolCert-ocsp.pem | 26 + .../carol/etc/ipsec.d/private/carolKey-ocsp.pem | 27 + .../ocsp-signer-cert/hosts/carol/etc/ipsec.secrets | 3 + .../ocsp-signer-cert/hosts/moon/etc/ipsec.conf | 22 + testing/tests/ikev2/ocsp-signer-cert/posttest.dat | 4 + testing/tests/ikev2/ocsp-signer-cert/pretest.dat | 4 + testing/tests/ikev2/ocsp-signer-cert/test.conf | 21 + .../tests/ikev2/ocsp-timeouts-good/description.txt | 10 + .../tests/ikev2/ocsp-timeouts-good/evaltest.dat | 9 + .../ocsp-timeouts-good/hosts/carol/etc/ipsec.conf | 28 + .../carol/etc/ipsec.d/certs/carolCert-ocsp.pem | 26 + .../carol/etc/ipsec.d/private/carolKey-ocsp.pem | 27 + .../hosts/carol/etc/ipsec.secrets | 3 + .../ocsp-timeouts-good/hosts/moon/etc/ipsec.conf | 27 + .../hosts/winnetou/etc/openssl/ocsp/ocsp.cgi | 14 + .../tests/ikev2/ocsp-timeouts-good/posttest.dat | 4 + testing/tests/ikev2/ocsp-timeouts-good/pretest.dat | 4 + testing/tests/ikev2/ocsp-timeouts-good/test.conf | 21 + .../ikev2/ocsp-timeouts-unknown/description.txt | 7 + .../tests/ikev2/ocsp-timeouts-unknown/evaltest.dat | 6 + .../hosts/carol/etc/ipsec.conf | 29 + .../hosts/moon/etc/ipsec.conf | 28 + .../tests/ikev2/ocsp-timeouts-unknown/posttest.dat | 4 + .../tests/ikev2/ocsp-timeouts-unknown/pretest.dat | 6 + .../tests/ikev2/ocsp-timeouts-unknown/test.conf | 21 + .../ikev2/ocsp-untrusted-cert/description.txt | 9 + .../tests/ikev2/ocsp-untrusted-cert/evaltest.dat | 5 + .../ocsp-untrusted-cert/hosts/carol/etc/ipsec.conf | 27 + .../ocsp-untrusted-cert/hosts/moon/etc/ipsec.conf | 26 + .../hosts/winnetou/etc/openssl/ocsp/ocsp.cgi | 11 + .../tests/ikev2/ocsp-untrusted-cert/posttest.dat | 2 + .../tests/ikev2/ocsp-untrusted-cert/pretest.dat | 4 + testing/tests/ikev2/ocsp-untrusted-cert/test.conf | 21 + testing/tests/ikev2/protoport-dual/description.txt | 6 + testing/tests/ikev2/protoport-dual/evaltest.dat | 9 + .../protoport-dual/hosts/carol/etc/ipsec.conf | 30 + .../ikev2/protoport-dual/hosts/moon/etc/ipsec.conf | 30 + testing/tests/ikev2/protoport-dual/posttest.dat | 4 + testing/tests/ikev2/protoport-dual/pretest.dat | 7 + testing/tests/ikev2/protoport-dual/test.conf | 21 + .../tests/ikev2/protoport-route/description.txt | 8 + testing/tests/ikev2/protoport-route/evaltest.dat | 10 + .../protoport-route/hosts/carol/etc/ipsec.conf | 30 + .../protoport-route/hosts/moon/etc/ipsec.conf | 30 + testing/tests/ikev2/protoport-route/posttest.dat | 4 + testing/tests/ikev2/protoport-route/pretest.dat | 8 + testing/tests/ikev2/protoport-route/test.conf | 21 + testing/tests/ikev2/rw-cert/description.txt | 6 + testing/tests/ikev2/rw-cert/evaltest.dat | 10 + .../tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf | 24 + .../tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf | 24 + .../tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf | 23 + testing/tests/ikev2/rw-cert/posttest.dat | 6 + testing/tests/ikev2/rw-cert/pretest.dat | 9 + testing/tests/ikev2/rw-cert/test.conf | 21 + testing/tests/ikev2/rw-psk-fqdn/description.txt | 6 + testing/tests/ikev2/rw-psk-fqdn/evaltest.dat | 10 + .../ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf | 22 + .../rw-psk-fqdn/hosts/carol/etc/ipsec.secrets | 3 + .../ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf | 23 + .../ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets | 3 + .../ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf | 21 + .../ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets | 5 + testing/tests/ikev2/rw-psk-fqdn/posttest.dat | 6 + testing/tests/ikev2/rw-psk-fqdn/pretest.dat | 12 + testing/tests/ikev2/rw-psk-fqdn/test.conf | 21 + testing/tests/ikev2/rw-psk-ipv4/description.txt | 6 + testing/tests/ikev2/rw-psk-ipv4/evaltest.dat | 10 + .../ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.conf | 20 + .../rw-psk-ipv4/hosts/carol/etc/ipsec.secrets | 3 + .../ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf | 21 + .../ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets | 3 + .../ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.conf | 20 + .../ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets | 5 + testing/tests/ikev2/rw-psk-ipv4/posttest.dat | 6 + testing/tests/ikev2/rw-psk-ipv4/pretest.dat | 12 + testing/tests/ikev2/rw-psk-ipv4/test.conf | 21 + testing/tests/ikev2/rw-psk-no-idr/description.txt | 6 + testing/tests/ikev2/rw-psk-no-idr/evaltest.dat | 10 + .../ikev2/rw-psk-no-idr/hosts/carol/etc/ipsec.conf | 22 + .../rw-psk-no-idr/hosts/carol/etc/ipsec.secrets | 3 + .../ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf | 23 + .../rw-psk-no-idr/hosts/dave/etc/ipsec.secrets | 3 + .../ikev2/rw-psk-no-idr/hosts/moon/etc/ipsec.conf | 21 + .../rw-psk-no-idr/hosts/moon/etc/ipsec.secrets | 5 + testing/tests/ikev2/rw-psk-no-idr/posttest.dat | 6 + testing/tests/ikev2/rw-psk-no-idr/pretest.dat | 12 + testing/tests/ikev2/rw-psk-no-idr/test.conf | 21 + .../tests/ikev2/rw-psk-rsa-mixed/description.txt | 6 + testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat | 15 + .../rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf | 22 + .../rw-psk-rsa-mixed/hosts/carol/etc/ipsec.secrets | 3 + .../rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf | 24 + .../rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf | 30 + .../rw-psk-rsa-mixed/hosts/moon/etc/ipsec.secrets | 7 + testing/tests/ikev2/rw-psk-rsa-mixed/posttest.dat | 6 + testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat | 10 + testing/tests/ikev2/rw-psk-rsa-mixed/test.conf | 21 + .../tests/ikev2/rw-psk-rsa-split/description.txt | 8 + testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat | 12 + .../rw-psk-rsa-split/hosts/carol/etc/ipsec.conf | 24 + .../rw-psk-rsa-split/hosts/carol/etc/ipsec.secrets | 3 + .../rw-psk-rsa-split/hosts/dave/etc/ipsec.conf | 24 + .../rw-psk-rsa-split/hosts/dave/etc/ipsec.secrets | 3 + .../rw-psk-rsa-split/hosts/moon/etc/ipsec.conf | 22 + .../rw-psk-rsa-split/hosts/moon/etc/ipsec.secrets | 7 + testing/tests/ikev2/rw-psk-rsa-split/posttest.dat | 6 + testing/tests/ikev2/rw-psk-rsa-split/pretest.dat | 9 + testing/tests/ikev2/rw-psk-rsa-split/test.conf | 21 + .../tests/ikev2/strong-keys-certs/description.txt | 7 + testing/tests/ikev2/strong-keys-certs/evaltest.dat | 10 + .../strong-keys-certs/hosts/carol/etc/ipsec.conf | 24 + .../carol/etc/ipsec.d/certs/carolCert-sha384.pem | 25 + .../carol/etc/ipsec.d/private/carolKey-aes192.pem | 30 + .../hosts/carol/etc/ipsec.secrets | 3 + .../strong-keys-certs/hosts/dave/etc/ipsec.conf | 24 + .../dave/etc/ipsec.d/certs/daveCert-sha512.pem | 25 + .../dave/etc/ipsec.d/private/daveKey-aes256.pem | 30 + .../strong-keys-certs/hosts/dave/etc/ipsec.secrets | 3 + .../strong-keys-certs/hosts/moon/etc/ipsec.conf | 23 + .../moon/etc/ipsec.d/certs/moonCert-sha256.pem | 25 + .../moon/etc/ipsec.d/private/moonKey-aes128.pem | 30 + .../strong-keys-certs/hosts/moon/etc/ipsec.secrets | 3 + testing/tests/ikev2/strong-keys-certs/posttest.dat | 13 + testing/tests/ikev2/strong-keys-certs/pretest.dat | 10 + testing/tests/ikev2/strong-keys-certs/test.conf | 21 + testing/tests/ikev2/wildcards/description.txt | 8 + testing/tests/ikev2/wildcards/evaltest.dat | 8 + .../ikev2/wildcards/hosts/carol/etc/ipsec.conf | 26 + .../ikev2/wildcards/hosts/dave/etc/ipsec.conf | 26 + .../ikev2/wildcards/hosts/moon/etc/ipsec.conf | 30 + testing/tests/ikev2/wildcards/posttest.dat | 3 + testing/tests/ikev2/wildcards/pretest.dat | 9 + testing/tests/ikev2/wildcards/test.conf | 21 + testing/tests/ipv6/host2host-ikev1/description.txt | 3 + testing/tests/ipv6/host2host-ikev1/evaltest.dat | 5 + .../ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf | 30 + .../ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf | 29 + testing/tests/ipv6/host2host-ikev1/posttest.dat | 2 + testing/tests/ipv6/host2host-ikev1/pretest.dat | 4 + testing/tests/ipv6/host2host-ikev1/test.conf | 21 + testing/tests/ipv6/host2host-ikev2/description.txt | 3 + testing/tests/ipv6/host2host-ikev2/evaltest.dat | 5 + .../ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf | 29 + .../ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf | 28 + testing/tests/ipv6/host2host-ikev2/posttest.dat | 2 + testing/tests/ipv6/host2host-ikev2/pretest.dat | 4 + testing/tests/ipv6/host2host-ikev2/test.conf | 21 + testing/tests/mode-config-push/description.txt | 10 - testing/tests/mode-config-push/evaltest.dat | 16 - .../mode-config-push/hosts/carol/etc/ipsec.conf | 31 - .../mode-config-push/hosts/dave/etc/ipsec.conf | 31 - .../mode-config-push/hosts/moon/etc/ipsec.conf | 34 - testing/tests/mode-config-push/posttest.dat | 11 - testing/tests/mode-config-push/pretest.dat | 9 - testing/tests/mode-config-push/test.conf | 21 - testing/tests/mode-config-swapped/description.txt | 3 - testing/tests/mode-config-swapped/evaltest.dat | 16 - .../mode-config-swapped/hosts/carol/etc/ipsec.conf | 30 - .../mode-config-swapped/hosts/dave/etc/ipsec.conf | 30 - .../mode-config-swapped/hosts/moon/etc/ipsec.conf | 33 - testing/tests/mode-config-swapped/posttest.dat | 11 - testing/tests/mode-config-swapped/pretest.dat | 9 - testing/tests/mode-config-swapped/test.conf | 21 - testing/tests/mode-config/description.txt | 7 - testing/tests/mode-config/evaltest.dat | 16 - .../tests/mode-config/hosts/carol/etc/ipsec.conf | 30 - .../tests/mode-config/hosts/dave/etc/ipsec.conf | 30 - .../tests/mode-config/hosts/moon/etc/ipsec.conf | 33 - testing/tests/mode-config/posttest.dat | 11 - testing/tests/mode-config/pretest.dat | 9 - testing/tests/mode-config/test.conf | 21 - testing/tests/multi-level-ca-ldap/description.txt | 11 - testing/tests/multi-level-ca-ldap/evaltest.dat | 13 - .../multi-level-ca-ldap/hosts/carol/etc/ipsec.conf | 32 - .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 - .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 - .../hosts/carol/etc/ipsec.secrets | 3 - .../multi-level-ca-ldap/hosts/dave/etc/ipsec.conf | 32 - .../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 24 - .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 - .../hosts/moon/etc/init.d/iptables | 76 - .../multi-level-ca-ldap/hosts/moon/etc/ipsec.conf | 47 - .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 - .../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 22 - testing/tests/multi-level-ca-ldap/posttest.dat | 8 - testing/tests/multi-level-ca-ldap/pretest.dat | 10 - testing/tests/multi-level-ca-ldap/test.conf | 21 - testing/tests/multi-level-ca-loop/description.txt | 6 - testing/tests/multi-level-ca-loop/evaltest.dat | 3 - .../multi-level-ca-loop/hosts/carol/etc/ipsec.conf | 28 - .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 - .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 - .../hosts/carol/etc/ipsec.secrets | 3 - .../multi-level-ca-loop/hosts/moon/etc/ipsec.conf | 24 - .../etc/ipsec.d/cacerts/research_by_salesCert.pem | 24 - .../etc/ipsec.d/cacerts/sales_by_researchCert.pem | 24 - testing/tests/multi-level-ca-loop/posttest.dat | 4 - testing/tests/multi-level-ca-loop/pretest.dat | 6 - testing/tests/multi-level-ca-loop/test.conf | 21 - .../tests/multi-level-ca-revoked/description.txt | 4 - testing/tests/multi-level-ca-revoked/evaltest.dat | 6 - .../hosts/carol/etc/ipsec.conf | 24 - .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 - .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 - .../hosts/carol/etc/ipsec.secrets | 3 - .../hosts/moon/etc/ipsec.conf | 29 - .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 - testing/tests/multi-level-ca-revoked/posttest.dat | 3 - testing/tests/multi-level-ca-revoked/pretest.dat | 4 - testing/tests/multi-level-ca-revoked/test.conf | 21 - .../tests/multi-level-ca-strict/description.txt | 10 - testing/tests/multi-level-ca-strict/evaltest.dat | 12 - .../hosts/carol/etc/ipsec.conf | 32 - .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 - .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 - .../hosts/carol/etc/ipsec.secrets | 3 - .../hosts/dave/etc/ipsec.conf | 32 - .../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 24 - .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 - .../hosts/moon/etc/ipsec.conf | 36 - .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 - .../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 22 - testing/tests/multi-level-ca-strict/posttest.dat | 5 - testing/tests/multi-level-ca-strict/pretest.dat | 9 - testing/tests/multi-level-ca-strict/test.conf | 21 - testing/tests/multi-level-ca/description.txt | 7 - testing/tests/multi-level-ca/evaltest.dat | 12 - .../multi-level-ca/hosts/carol/etc/ipsec.conf | 33 - .../hosts/carol/etc/ipsec.d/certs/carolCert.pem | 25 - .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 - .../multi-level-ca/hosts/carol/etc/ipsec.secrets | 3 - .../tests/multi-level-ca/hosts/dave/etc/ipsec.conf | 33 - .../hosts/dave/etc/ipsec.d/certs/daveCert.pem | 24 - .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 - .../tests/multi-level-ca/hosts/moon/etc/ipsec.conf | 37 - .../moon/etc/ipsec.d/cacerts/researchCert.pem | 23 - .../hosts/moon/etc/ipsec.d/cacerts/salesCert.pem | 22 - testing/tests/multi-level-ca/posttest.dat | 5 - testing/tests/multi-level-ca/pretest.dat | 9 - testing/tests/multi-level-ca/test.conf | 21 - testing/tests/nat-one-rw/description.txt | 5 - testing/tests/nat-one-rw/evaltest.dat | 5 - testing/tests/nat-one-rw/posttest.dat | 8 - testing/tests/nat-one-rw/pretest.dat | 10 - testing/tests/nat-one-rw/test.conf | 21 - testing/tests/nat-two-rw/description.txt | 5 - testing/tests/nat-two-rw/evaltest.dat | 9 - testing/tests/nat-two-rw/posttest.dat | 11 - testing/tests/nat-two-rw/pretest.dat | 13 - testing/tests/nat-two-rw/test.conf | 21 - testing/tests/net2net-cert/description.txt | 6 - testing/tests/net2net-cert/evaltest.dat | 5 - testing/tests/net2net-cert/posttest.dat | 6 - testing/tests/net2net-cert/pretest.dat | 6 - testing/tests/net2net-cert/test.conf | 21 - testing/tests/net2net-pgp/description.txt | 6 - testing/tests/net2net-pgp/evaltest.dat | 5 - .../tests/net2net-pgp/hosts/moon/etc/ipsec.conf | 24 - .../hosts/moon/etc/ipsec.d/certs/moonCert.asc | 15 - .../hosts/moon/etc/ipsec.d/certs/sunCert.asc | 15 - .../hosts/moon/etc/ipsec.d/private/moonKey.asc | 19 - .../tests/net2net-pgp/hosts/moon/etc/ipsec.secrets | 3 - testing/tests/net2net-pgp/hosts/sun/etc/ipsec.conf | 24 - .../hosts/sun/etc/ipsec.d/certs/moonCert.asc | 15 - .../hosts/sun/etc/ipsec.d/certs/sunCert.asc | 15 - .../hosts/sun/etc/ipsec.d/private/sunKey.asc | 19 - .../tests/net2net-pgp/hosts/sun/etc/ipsec.secrets | 3 - testing/tests/net2net-pgp/posttest.dat | 10 - testing/tests/net2net-pgp/pretest.dat | 8 - testing/tests/net2net-pgp/test.conf | 21 - testing/tests/net2net-psk-fail/description.txt | 7 - testing/tests/net2net-psk-fail/evaltest.dat | 6 - .../net2net-psk-fail/hosts/moon/etc/ipsec.conf | 23 - .../net2net-psk-fail/hosts/moon/etc/ipsec.secrets | 7 - .../net2net-psk-fail/hosts/sun/etc/ipsec.conf | 23 - .../net2net-psk-fail/hosts/sun/etc/ipsec.secrets | 7 - testing/tests/net2net-psk-fail/posttest.dat | 2 - testing/tests/net2net-psk-fail/pretest.dat | 6 - testing/tests/net2net-psk-fail/test.conf | 21 - testing/tests/net2net-psk/description.txt | 6 - testing/tests/net2net-psk/evaltest.dat | 5 - .../tests/net2net-psk/hosts/moon/etc/ipsec.conf | 24 - .../tests/net2net-psk/hosts/moon/etc/ipsec.secrets | 7 - testing/tests/net2net-psk/hosts/sun/etc/ipsec.conf | 24 - .../tests/net2net-psk/hosts/sun/etc/ipsec.secrets | 7 - testing/tests/net2net-psk/posttest.dat | 6 - testing/tests/net2net-psk/pretest.dat | 8 - testing/tests/net2net-psk/test.conf | 21 - testing/tests/net2net-route/description.txt | 9 - testing/tests/net2net-route/evaltest.dat | 6 - .../tests/net2net-route/hosts/moon/etc/ipsec.conf | 26 - testing/tests/net2net-route/posttest.dat | 6 - testing/tests/net2net-route/pretest.dat | 6 - testing/tests/net2net-route/test.conf | 21 - testing/tests/net2net-rsa/description.txt | 6 - testing/tests/net2net-rsa/evaltest.dat | 5 - .../tests/net2net-rsa/hosts/moon/etc/ipsec.conf | 25 - .../tests/net2net-rsa/hosts/moon/etc/ipsec.secrets | 17 - testing/tests/net2net-rsa/hosts/sun/etc/ipsec.conf | 25 - .../tests/net2net-rsa/hosts/sun/etc/ipsec.secrets | 17 - testing/tests/net2net-rsa/posttest.dat | 6 - testing/tests/net2net-rsa/pretest.dat | 8 - testing/tests/net2net-rsa/test.conf | 21 - testing/tests/net2net-start/description.txt | 8 - testing/tests/net2net-start/evaltest.dat | 5 - .../tests/net2net-start/hosts/moon/etc/ipsec.conf | 26 - testing/tests/net2net-start/posttest.dat | 6 - testing/tests/net2net-start/pretest.dat | 5 - testing/tests/net2net-start/test.conf | 21 - testing/tests/no-priv-key/description.txt | 4 - testing/tests/no-priv-key/evaltest.dat | 4 - .../no-priv-key/hosts/carol/etc/ipsec.secrets | 3 - testing/tests/no-priv-key/posttest.dat | 2 - testing/tests/no-priv-key/pretest.dat | 4 - testing/tests/no-priv-key/test.conf | 21 - testing/tests/ocsp-revoked/description.txt | 7 - testing/tests/ocsp-revoked/evaltest.dat | 6 - .../tests/ocsp-revoked/hosts/carol/etc/ipsec.conf | 29 - .../carol/etc/ipsec.d/certs/carolRevokedCert.pem | 25 - .../carol/etc/ipsec.d/private/carolRevokedKey.pem | 27 - .../ocsp-revoked/hosts/carol/etc/ipsec.secrets | 3 - .../tests/ocsp-revoked/hosts/moon/etc/ipsec.conf | 40 - testing/tests/ocsp-revoked/posttest.dat | 5 - testing/tests/ocsp-revoked/pretest.dat | 5 - testing/tests/ocsp-revoked/test.conf | 21 - testing/tests/ocsp-strict/description.txt | 6 - testing/tests/ocsp-strict/evaltest.dat | 8 - .../tests/ocsp-strict/hosts/carol/etc/ipsec.conf | 29 - .../tests/ocsp-strict/hosts/moon/etc/ipsec.conf | 40 - testing/tests/ocsp-strict/posttest.dat | 3 - testing/tests/ocsp-strict/pretest.dat | 5 - testing/tests/ocsp-strict/test.conf | 21 - testing/tests/protoport-dual/description.txt | 6 - testing/tests/protoport-dual/evaltest.dat | 7 - .../protoport-dual/hosts/carol/etc/ipsec.conf | 31 - .../tests/protoport-dual/hosts/moon/etc/ipsec.conf | 31 - testing/tests/protoport-dual/posttest.dat | 6 - testing/tests/protoport-dual/pretest.dat | 7 - testing/tests/protoport-dual/test.conf | 21 - testing/tests/protoport-pass/description.txt | 13 - testing/tests/protoport-pass/evaltest.dat | 7 - .../protoport-pass/hosts/carol/etc/ipsec.conf | 27 - .../tests/protoport-pass/hosts/moon/etc/ipsec.conf | 27 - testing/tests/protoport-pass/posttest.dat | 6 - testing/tests/protoport-pass/pretest.dat | 10 - testing/tests/protoport-pass/test.conf | 21 - testing/tests/protoport-route/description.txt | 8 - testing/tests/protoport-route/evaltest.dat | 8 - .../protoport-route/hosts/carol/etc/ipsec.conf | 31 - .../protoport-route/hosts/moon/etc/ipsec.conf | 31 - testing/tests/protoport-route/posttest.dat | 6 - testing/tests/protoport-route/pretest.dat | 6 - testing/tests/protoport-route/test.conf | 21 - testing/tests/req-pkcs10/description.txt | 11 - testing/tests/req-pkcs10/evaltest.dat | 5 - .../tests/req-pkcs10/hosts/carol/etc/ipsec.conf | 29 - .../tests/req-pkcs10/hosts/carol/etc/ipsec.secrets | 3 - .../req-pkcs10/hosts/carol/etc/scepclient.conf | 3 - .../tests/req-pkcs10/hosts/moon/etc/ipsec.secrets | 3 - .../req-pkcs10/hosts/moon/etc/scepclient.conf | 4 - .../req-pkcs10/hosts/winnetou/etc/openssl/yy.txt | 2 - testing/tests/req-pkcs10/posttest.dat | 13 - testing/tests/req-pkcs10/pretest.dat | 22 - testing/tests/req-pkcs10/test.conf | 21 - testing/tests/rw-cert/description.txt | 6 - testing/tests/rw-cert/evaltest.dat | 5 - testing/tests/rw-cert/posttest.dat | 6 - testing/tests/rw-cert/pretest.dat | 6 - testing/tests/rw-cert/test.conf | 21 - testing/tests/rw-psk-fqdn-named/description.txt | 11 - testing/tests/rw-psk-fqdn-named/evaltest.dat | 5 - .../rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf | 23 - .../hosts/carol/etc/ipsec.secrets | 7 - .../rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf | 23 - .../rw-psk-fqdn-named/hosts/moon/etc/ipsec.secrets | 7 - testing/tests/rw-psk-fqdn-named/posttest.dat | 6 - testing/tests/rw-psk-fqdn-named/pretest.dat | 8 - testing/tests/rw-psk-fqdn-named/test.conf | 21 - testing/tests/rw-psk-fqdn/description.txt | 5 - testing/tests/rw-psk-fqdn/evaltest.dat | 5 - .../tests/rw-psk-fqdn/hosts/carol/etc/ipsec.conf | 23 - .../rw-psk-fqdn/hosts/carol/etc/ipsec.secrets | 7 - .../tests/rw-psk-fqdn/hosts/moon/etc/ipsec.conf | 22 - .../tests/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets | 7 - testing/tests/rw-psk-fqdn/posttest.dat | 6 - testing/tests/rw-psk-fqdn/pretest.dat | 8 - testing/tests/rw-psk-fqdn/test.conf | 21 - testing/tests/rw-psk-ipv4/description.txt | 5 - testing/tests/rw-psk-ipv4/evaltest.dat | 5 - .../tests/rw-psk-ipv4/hosts/carol/etc/ipsec.conf | 21 - .../rw-psk-ipv4/hosts/carol/etc/ipsec.secrets | 7 - .../tests/rw-psk-ipv4/hosts/moon/etc/ipsec.conf | 21 - .../tests/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets | 7 - testing/tests/rw-psk-ipv4/posttest.dat | 6 - testing/tests/rw-psk-ipv4/pretest.dat | 8 - testing/tests/rw-psk-ipv4/test.conf | 21 - testing/tests/rw-psk-no-policy/description.txt | 3 - testing/tests/rw-psk-no-policy/evaltest.dat | 5 - .../rw-psk-no-policy/hosts/carol/etc/ipsec.conf | 23 - .../rw-psk-no-policy/hosts/carol/etc/ipsec.secrets | 7 - .../rw-psk-no-policy/hosts/moon/etc/ipsec.conf | 22 - testing/tests/rw-psk-no-policy/posttest.dat | 2 - testing/tests/rw-psk-no-policy/pretest.dat | 5 - testing/tests/rw-psk-no-policy/test.conf | 21 - testing/tests/rw-psk-rsa-mixed/description.txt | 5 - testing/tests/rw-psk-rsa-mixed/evaltest.dat | 7 - .../rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf | 24 - .../rw-psk-rsa-mixed/hosts/carol/etc/ipsec.secrets | 7 - .../rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf | 27 - .../rw-psk-rsa-mixed/hosts/moon/etc/ipsec.secrets | 5 - testing/tests/rw-psk-rsa-mixed/posttest.dat | 3 - testing/tests/rw-psk-rsa-mixed/pretest.dat | 7 - testing/tests/rw-psk-rsa-mixed/test.conf | 21 - testing/tests/rw-rsa-no-policy/description.txt | 3 - testing/tests/rw-rsa-no-policy/evaltest.dat | 5 - .../rw-rsa-no-policy/hosts/moon/etc/ipsec.conf | 22 - .../rw-rsa-no-policy/hosts/moon/etc/ipsec.secrets | 3 - testing/tests/rw-rsa-no-policy/posttest.dat | 2 - testing/tests/rw-rsa-no-policy/pretest.dat | 5 - testing/tests/rw-rsa-no-policy/test.conf | 21 - testing/tests/self-signed/description.txt | 8 - testing/tests/self-signed/evaltest.dat | 7 - .../tests/self-signed/hosts/carol/etc/ipsec.conf | 27 - .../self-signed/hosts/carol/etc/ipsec.secrets | 3 - .../self-signed/hosts/moon/etc/init.d/iptables | 78 - .../tests/self-signed/hosts/moon/etc/ipsec.conf | 28 - .../tests/self-signed/hosts/moon/etc/ipsec.secrets | 3 - .../self-signed/hosts/moon/etc/scepclient.conf | 6 - testing/tests/self-signed/posttest.dat | 10 - testing/tests/self-signed/pretest.dat | 17 - testing/tests/self-signed/test.conf | 21 - testing/tests/starter-also-loop/description.txt | 4 - testing/tests/starter-also-loop/evaltest.dat | 3 - .../starter-also-loop/hosts/moon/etc/ipsec.conf | 48 - testing/tests/starter-also-loop/posttest.dat | 0 testing/tests/starter-also-loop/pretest.dat | 2 - testing/tests/starter-also-loop/test.conf | 21 - testing/tests/starter-also/description.txt | 3 - testing/tests/starter-also/evaltest.dat | 5 - .../tests/starter-also/hosts/moon/etc/ipsec.conf | 47 - testing/tests/starter-also/posttest.dat | 6 - testing/tests/starter-also/pretest.dat | 6 - testing/tests/starter-also/test.conf | 21 - testing/tests/starter-includes/description.txt | 6 - testing/tests/starter-includes/evaltest.dat | 16 - .../starter-includes/hosts/carol/etc/ipsec.conf | 30 - .../starter-includes/hosts/dave/etc/ipsec.conf | 30 - .../starter-includes/hosts/moon/etc/ipsec.conf | 10 - .../hosts/moon/etc/ipsec.connections | 12 - .../starter-includes/hosts/moon/etc/ipsec.host | 11 - .../hosts/moon/etc/ipsec.peers/ipsec.carol | 8 - .../hosts/moon/etc/ipsec.peers/ipsec.dave | 8 - testing/tests/starter-includes/posttest.dat | 13 - testing/tests/starter-includes/pretest.dat | 10 - testing/tests/starter-includes/test.conf | 21 - testing/tests/strong-certs/description.txt | 6 - testing/tests/strong-certs/evaltest.dat | 10 - .../tests/strong-certs/hosts/carol/etc/ipsec.conf | 23 - .../carol/etc/ipsec.d/certs/carolCert-sha384.pem | 25 - .../hosts/carol/etc/ipsec.d/private/carolKey.pem | 27 - .../strong-certs/hosts/carol/etc/ipsec.secrets | 3 - .../tests/strong-certs/hosts/dave/etc/ipsec.conf | 23 - .../dave/etc/ipsec.d/certs/daveCert-sha512.pem | 25 - .../hosts/dave/etc/ipsec.d/private/daveKey.pem | 27 - .../strong-certs/hosts/dave/etc/ipsec.secrets | 3 - .../tests/strong-certs/hosts/moon/etc/ipsec.conf | 22 - .../moon/etc/ipsec.d/certs/moonCert-sha256.pem | 25 - .../hosts/moon/etc/ipsec.d/private/moonKey.pem | 27 - .../strong-certs/hosts/moon/etc/ipsec.secrets | 3 - testing/tests/strong-certs/posttest.dat | 15 - testing/tests/strong-certs/pretest.dat | 10 - testing/tests/strong-certs/test.conf | 21 - testing/tests/virtual-ip-swapped/description.txt | 3 - testing/tests/virtual-ip-swapped/evaltest.dat | 9 - .../virtual-ip-swapped/hosts/carol/etc/ipsec.conf | 30 - .../virtual-ip-swapped/hosts/moon/etc/ipsec.conf | 26 - testing/tests/virtual-ip-swapped/posttest.dat | 7 - testing/tests/virtual-ip-swapped/pretest.dat | 6 - testing/tests/virtual-ip-swapped/test.conf | 21 - testing/tests/virtual-ip/description.txt | 8 - testing/tests/virtual-ip/evaltest.dat | 9 - .../tests/virtual-ip/hosts/carol/etc/ipsec.conf | 30 - testing/tests/virtual-ip/hosts/moon/etc/ipsec.conf | 26 - testing/tests/virtual-ip/posttest.dat | 7 - testing/tests/virtual-ip/pretest.dat | 6 - testing/tests/virtual-ip/test.conf | 21 - testing/tests/wildcards/description.txt | 8 - testing/tests/wildcards/evaltest.dat | 8 - testing/tests/wildcards/hosts/carol/etc/ipsec.conf | 32 - testing/tests/wildcards/hosts/dave/etc/ipsec.conf | 32 - testing/tests/wildcards/hosts/moon/etc/ipsec.conf | 31 - testing/tests/wildcards/posttest.dat | 3 - testing/tests/wildcards/pretest.dat | 9 - testing/tests/wildcards/test.conf | 21 - testing/tests/wlan/description.txt | 15 - testing/tests/wlan/evaltest.dat | 11 - testing/tests/wlan/hosts/alice/etc/init.d/iptables | 73 - testing/tests/wlan/hosts/alice/etc/ipsec.conf | 37 - testing/tests/wlan/hosts/moon/etc/init.d/iptables | 82 - testing/tests/wlan/hosts/moon/etc/ipsec.conf | 37 - testing/tests/wlan/hosts/venus/etc/init.d/iptables | 73 - testing/tests/wlan/hosts/venus/etc/ipsec.conf | 37 - testing/tests/wlan/posttest.dat | 10 - testing/tests/wlan/pretest.dat | 11 - testing/tests/wlan/test.conf | 21 - .../tests/xauth-psk-mode-config/description.txt | 11 - testing/tests/xauth-psk-mode-config/evaltest.dat | 18 - .../hosts/carol/etc/ipsec.conf | 24 - .../hosts/carol/etc/ipsec.secrets | 5 - .../hosts/dave/etc/ipsec.conf | 24 - .../hosts/dave/etc/ipsec.secrets | 5 - .../hosts/moon/etc/ipsec.conf | 29 - .../hosts/moon/etc/ipsec.secrets | 7 - testing/tests/xauth-psk-mode-config/posttest.dat | 9 - testing/tests/xauth-psk-mode-config/pretest.dat | 12 - testing/tests/xauth-psk-mode-config/test.conf | 21 - testing/tests/xauth-psk/description.txt | 9 - testing/tests/xauth-psk/evaltest.dat | 12 - testing/tests/xauth-psk/hosts/carol/etc/ipsec.conf | 21 - .../tests/xauth-psk/hosts/carol/etc/ipsec.secrets | 5 - testing/tests/xauth-psk/hosts/dave/etc/ipsec.conf | 21 - .../tests/xauth-psk/hosts/dave/etc/ipsec.secrets | 5 - testing/tests/xauth-psk/hosts/moon/etc/ipsec.conf | 22 - .../tests/xauth-psk/hosts/moon/etc/ipsec.secrets | 7 - testing/tests/xauth-psk/posttest.dat | 9 - testing/tests/xauth-psk/pretest.dat | 12 - testing/tests/xauth-psk/test.conf | 21 - testing/tests/xauth-rsa-fail/description.txt | 5 - testing/tests/xauth-rsa-fail/evaltest.dat | 4 - .../xauth-rsa-fail/hosts/carol/etc/ipsec.conf | 24 - .../xauth-rsa-fail/hosts/carol/etc/ipsec.secrets | 5 - .../tests/xauth-rsa-fail/hosts/moon/etc/ipsec.conf | 24 - .../xauth-rsa-fail/hosts/moon/etc/ipsec.secrets | 5 - testing/tests/xauth-rsa-fail/posttest.dat | 2 - testing/tests/xauth-rsa-fail/pretest.dat | 4 - testing/tests/xauth-rsa-fail/test.conf | 21 - .../tests/xauth-rsa-mode-config/description.txt | 11 - testing/tests/xauth-rsa-mode-config/evaltest.dat | 18 - .../hosts/carol/etc/ipsec.conf | 25 - .../hosts/carol/etc/ipsec.secrets | 5 - .../hosts/dave/etc/ipsec.conf | 25 - .../hosts/dave/etc/ipsec.secrets | 5 - .../hosts/moon/etc/ipsec.conf | 30 - .../hosts/moon/etc/ipsec.secrets | 7 - testing/tests/xauth-rsa-mode-config/posttest.dat | 9 - testing/tests/xauth-rsa-mode-config/pretest.dat | 9 - testing/tests/xauth-rsa-mode-config/test.conf | 21 - testing/tests/xauth-rsa-nosecret/description.txt | 6 - testing/tests/xauth-rsa-nosecret/evaltest.dat | 4 - .../xauth-rsa-nosecret/hosts/carol/etc/ipsec.conf | 24 - .../hosts/carol/etc/ipsec.secrets | 3 - .../xauth-rsa-nosecret/hosts/moon/etc/ipsec.conf | 24 - .../hosts/moon/etc/ipsec.secrets | 5 - testing/tests/xauth-rsa-nosecret/posttest.dat | 2 - testing/tests/xauth-rsa-nosecret/pretest.dat | 4 - testing/tests/xauth-rsa-nosecret/test.conf | 21 - testing/tests/xauth-rsa/description.txt | 9 - testing/tests/xauth-rsa/evaltest.dat | 12 - testing/tests/xauth-rsa/hosts/carol/etc/ipsec.conf | 24 - .../tests/xauth-rsa/hosts/carol/etc/ipsec.secrets | 5 - testing/tests/xauth-rsa/hosts/dave/etc/ipsec.conf | 24 - .../tests/xauth-rsa/hosts/dave/etc/ipsec.secrets | 5 - testing/tests/xauth-rsa/hosts/moon/etc/ipsec.conf | 24 - .../tests/xauth-rsa/hosts/moon/etc/ipsec.secrets | 7 - testing/tests/xauth-rsa/posttest.dat | 9 - testing/tests/xauth-rsa/pretest.dat | 9 - testing/tests/xauth-rsa/test.conf | 21 - 3197 files changed, 263581 insertions(+), 223893 deletions(-) create mode 100644 AUTHORS delete mode 100644 CHANGES create mode 100644 ChangeLog create mode 100644 Doxyfile.in delete mode 100644 LICENSE delete mode 100644 Makefile create mode 100644 Makefile.am create mode 100644 Makefile.in delete mode 100644 Makefile.inc delete mode 100644 Makefile.ver create mode 100644 NEWS create mode 100644 TODO create mode 100644 aclocal.m4 create mode 100755 config.guess create mode 100755 config.sub create mode 100755 configure create mode 100644 configure.in create mode 100755 depcomp create mode 100755 install-sh delete mode 100644 lib/.cvsignore delete mode 100644 lib/COPYING.LIB delete mode 100644 lib/Makefile delete mode 100644 lib/Makefile.kernel delete mode 100644 lib/README delete mode 100644 lib/libcrypto/include/cbc_generic.h delete mode 100644 lib/libcrypto/include/hmac_generic.h delete mode 100644 lib/libcrypto/include/md32_common.h delete mode 100644 lib/libcrypto/libaes/Makefile delete mode 100644 lib/libcrypto/libaes/aes.c delete mode 100644 lib/libcrypto/libaes/aes.h delete mode 100644 lib/libcrypto/libaes/aes_cbc.c delete mode 100644 lib/libcrypto/libaes/aes_cbc.h delete mode 100644 lib/libcrypto/libaes/aes_xcbc_mac.c delete mode 100644 lib/libcrypto/libaes/aes_xcbc_mac.h delete mode 100644 lib/libcrypto/libaes/asm/aes-i586.S delete mode 100644 lib/libcrypto/libaes/test_main.c delete mode 100644 lib/libcrypto/libaes/test_main_mac.c delete mode 100644 lib/libcrypto/libblowfish/COPYRIGHT delete mode 100644 lib/libcrypto/libblowfish/INSTALL delete mode 100644 lib/libcrypto/libblowfish/Makefile delete mode 100644 lib/libcrypto/libblowfish/Makefile.ssl delete mode 100644 lib/libcrypto/libblowfish/README delete mode 100644 lib/libcrypto/libblowfish/VERSION delete mode 100644 lib/libcrypto/libblowfish/asm/bf-586.pl delete mode 100644 lib/libcrypto/libblowfish/asm/bf-686.pl delete mode 100644 lib/libcrypto/libblowfish/asm/readme delete mode 100644 lib/libcrypto/libblowfish/bf_enc.c delete mode 100644 lib/libcrypto/libblowfish/bf_locl.h delete mode 100644 lib/libcrypto/libblowfish/bf_pi.h delete mode 100644 lib/libcrypto/libblowfish/bf_skey.c delete mode 100644 lib/libcrypto/libblowfish/blowfish.h delete mode 100644 lib/libcrypto/libserpent/Makefile delete mode 100644 lib/libcrypto/libserpent/serpent.c delete mode 100644 lib/libcrypto/libserpent/serpent.h delete mode 100644 lib/libcrypto/libserpent/serpent_cbc.c delete mode 100644 lib/libcrypto/libserpent/serpent_cbc.h delete mode 100644 lib/libcrypto/libserpent/test_main.c delete mode 100644 lib/libcrypto/libsha2/Makefile delete mode 100644 lib/libcrypto/libsha2/hmac_sha2.c delete mode 100644 lib/libcrypto/libsha2/hmac_sha2.h delete mode 100644 lib/libcrypto/libsha2/sha2.c delete mode 100644 lib/libcrypto/libsha2/sha2.h delete mode 100644 lib/libcrypto/libtwofish/Makefile delete mode 100644 lib/libcrypto/libtwofish/test_main.c delete mode 100644 lib/libcrypto/libtwofish/twofish.c delete mode 100644 lib/libcrypto/libtwofish/twofish.h delete mode 100644 lib/libcrypto/libtwofish/twofish_cbc.c delete mode 100644 lib/libcrypto/libtwofish/twofish_cbc.h delete mode 100644 lib/libcrypto/perlasm/LICENSE delete mode 100644 lib/libcrypto/perlasm/alpha.pl delete mode 100644 lib/libcrypto/perlasm/cbc.pl delete mode 100644 lib/libcrypto/perlasm/readme delete mode 100644 lib/libcrypto/perlasm/version delete mode 100644 lib/libcrypto/perlasm/x86asm.pl delete mode 100644 lib/libcrypto/perlasm/x86ms.pl delete mode 100644 lib/libcrypto/perlasm/x86nasm.pl delete mode 100644 lib/libcrypto/perlasm/x86unix.pl delete mode 100644 lib/libdes/.cvsignore delete mode 100644 lib/libdes/Makefile delete mode 100644 lib/libfreeswan/.cvsignore delete mode 100644 lib/libfreeswan/Makefile delete mode 100644 lib/libipsecpolicy/.cvsignore delete mode 100644 lib/libipsecpolicy/Makefile delete mode 100644 lib/libipsecpolicy/cgipolicy.c delete mode 100644 lib/libipsecpolicy/libipsecpolicy.h delete mode 100644 lib/libipsecpolicy/policyquery.c delete mode 100644 lib/libipsecpolicy/version.in.c delete mode 100644 lib/liblwres/Makefile delete mode 100644 lib/liblwres/api delete mode 100644 lib/liblwres/assert_p.h delete mode 100644 lib/liblwres/async.c delete mode 100644 lib/liblwres/config.h delete mode 100644 lib/liblwres/context.c delete mode 100644 lib/liblwres/context_p.h delete mode 100644 lib/liblwres/gai_strerror.c delete mode 100644 lib/liblwres/getaddrinfo.c delete mode 100644 lib/liblwres/gethost.c delete mode 100644 lib/liblwres/getipnode.c delete mode 100644 lib/liblwres/getnameinfo.c delete mode 100644 lib/liblwres/getrrset.c delete mode 100644 lib/liblwres/getrrset2.c delete mode 100644 lib/liblwres/herror.c delete mode 100644 lib/liblwres/include/lwres/async.h delete mode 100644 lib/liblwres/include/lwres/context.h delete mode 100644 lib/liblwres/include/lwres/int.h delete mode 100644 lib/liblwres/include/lwres/ipv6.h delete mode 100644 lib/liblwres/include/lwres/lang.h delete mode 100644 lib/liblwres/include/lwres/list.h delete mode 100644 lib/liblwres/include/lwres/lwbuffer.h delete mode 100644 lib/liblwres/include/lwres/lwpacket.h delete mode 100644 lib/liblwres/include/lwres/lwres.h delete mode 100644 lib/liblwres/include/lwres/netdb.h delete mode 100644 lib/liblwres/include/lwres/netdb.h.in delete mode 100644 lib/liblwres/include/lwres/platform.h delete mode 100644 lib/liblwres/include/lwres/platform.h.in delete mode 100644 lib/liblwres/include/lwres/result.h delete mode 100644 lib/liblwres/lwbuffer.c delete mode 100644 lib/liblwres/lwconfig.c delete mode 100644 lib/liblwres/lwinetaton.c delete mode 100644 lib/liblwres/lwinetntop.c delete mode 100644 lib/liblwres/lwinetpton.c delete mode 100644 lib/liblwres/lwpacket.c delete mode 100644 lib/liblwres/lwres_gabn.c delete mode 100644 lib/liblwres/lwres_gnba.c delete mode 100644 lib/liblwres/lwres_grbn.c delete mode 100644 lib/liblwres/lwres_noop.c delete mode 100644 lib/liblwres/lwresutil.c delete mode 100644 lib/liblwres/man/Makefile.in delete mode 100644 lib/liblwres/man/lwres.3 delete mode 100644 lib/liblwres/man/lwres.docbook delete mode 100644 lib/liblwres/man/lwres.html delete mode 100644 lib/liblwres/man/lwres_buffer.3 delete mode 100644 lib/liblwres/man/lwres_buffer.docbook delete mode 100644 lib/liblwres/man/lwres_buffer.html delete mode 100644 lib/liblwres/man/lwres_config.3 delete mode 100644 lib/liblwres/man/lwres_config.docbook delete mode 100644 lib/liblwres/man/lwres_config.html delete mode 100644 lib/liblwres/man/lwres_context.3 delete mode 100644 lib/liblwres/man/lwres_context.docbook delete mode 100644 lib/liblwres/man/lwres_context.html delete mode 100644 lib/liblwres/man/lwres_gabn.3 delete mode 100644 lib/liblwres/man/lwres_gabn.docbook delete mode 100644 lib/liblwres/man/lwres_gabn.html delete mode 100644 lib/liblwres/man/lwres_gai_strerror.3 delete mode 100644 lib/liblwres/man/lwres_gai_strerror.docbook delete mode 100644 lib/liblwres/man/lwres_gai_strerror.html delete mode 100644 lib/liblwres/man/lwres_getaddrinfo.3 delete mode 100644 lib/liblwres/man/lwres_getaddrinfo.docbook delete mode 100644 lib/liblwres/man/lwres_getaddrinfo.html delete mode 100644 lib/liblwres/man/lwres_gethostent.3 delete mode 100644 lib/liblwres/man/lwres_gethostent.docbook delete mode 100644 lib/liblwres/man/lwres_gethostent.html delete mode 100644 lib/liblwres/man/lwres_getipnode.3 delete mode 100644 lib/liblwres/man/lwres_getipnode.docbook delete mode 100644 lib/liblwres/man/lwres_getipnode.html delete mode 100644 lib/liblwres/man/lwres_getnameinfo.3 delete mode 100644 lib/liblwres/man/lwres_getnameinfo.docbook delete mode 100644 lib/liblwres/man/lwres_getnameinfo.html delete mode 100644 lib/liblwres/man/lwres_getrrsetbyname.3 delete mode 100644 lib/liblwres/man/lwres_getrrsetbyname.docbook delete mode 100644 lib/liblwres/man/lwres_getrrsetbyname.html delete mode 100644 lib/liblwres/man/lwres_gnba.3 delete mode 100644 lib/liblwres/man/lwres_gnba.docbook delete mode 100644 lib/liblwres/man/lwres_gnba.html delete mode 100644 lib/liblwres/man/lwres_hstrerror.3 delete mode 100644 lib/liblwres/man/lwres_hstrerror.docbook delete mode 100644 lib/liblwres/man/lwres_hstrerror.html delete mode 100644 lib/liblwres/man/lwres_inetntop.3 delete mode 100644 lib/liblwres/man/lwres_inetntop.docbook delete mode 100644 lib/liblwres/man/lwres_inetntop.html delete mode 100644 lib/liblwres/man/lwres_noop.3 delete mode 100644 lib/liblwres/man/lwres_noop.docbook delete mode 100644 lib/liblwres/man/lwres_noop.html delete mode 100644 lib/liblwres/man/lwres_packet.3 delete mode 100644 lib/liblwres/man/lwres_packet.docbook delete mode 100644 lib/liblwres/man/lwres_packet.html delete mode 100644 lib/liblwres/man/lwres_resutil.3 delete mode 100644 lib/liblwres/man/lwres_resutil.docbook delete mode 100644 lib/liblwres/man/lwres_resutil.html delete mode 100644 lib/liblwres/unix/include/lwres/net.h delete mode 100644 lib/liblwres/version.c delete mode 100644 linux/Documentation/Configure.help.fs2_0.patch delete mode 100644 linux/Documentation/Configure.help.fs2_2.patch delete mode 100644 linux/Documentation/Configure.help.fs2_4.patch delete mode 100644 linux/Makefile delete mode 100644 linux/README.freeswan delete mode 100644 linux/crypto/ciphers/des/COPYRIGHT delete mode 100644 linux/crypto/ciphers/des/INSTALL delete mode 100644 linux/crypto/ciphers/des/Makefile.objs delete mode 100644 linux/crypto/ciphers/des/README delete mode 100644 linux/crypto/ciphers/des/README.freeswan delete mode 100644 linux/crypto/ciphers/des/VERSION delete mode 100644 linux/crypto/ciphers/des/asm/crypt586.pl delete mode 100644 linux/crypto/ciphers/des/asm/des-586.pl delete mode 100644 linux/crypto/ciphers/des/asm/des686.pl delete mode 100644 linux/crypto/ciphers/des/asm/desboth.pl delete mode 100644 linux/crypto/ciphers/des/asm/perlasm/cbc.pl delete mode 100644 linux/crypto/ciphers/des/asm/perlasm/readme delete mode 100644 linux/crypto/ciphers/des/asm/perlasm/x86asm.pl delete mode 100644 linux/crypto/ciphers/des/asm/perlasm/x86ms.pl delete mode 100644 linux/crypto/ciphers/des/asm/perlasm/x86unix.pl delete mode 100644 linux/crypto/ciphers/des/asm/readme delete mode 100644 linux/crypto/ciphers/des/cbc_enc.c delete mode 100644 linux/crypto/ciphers/des/des.doc delete mode 100644 linux/crypto/ciphers/des/des_crypt.man delete mode 100644 linux/crypto/ciphers/des/des_enc.c delete mode 100644 linux/crypto/ciphers/des/des_locl.h delete mode 100644 linux/crypto/ciphers/des/des_opts.c delete mode 100644 linux/crypto/ciphers/des/des_ver.h delete mode 100644 linux/crypto/ciphers/des/destest.c delete mode 100644 linux/crypto/ciphers/des/dx86unix.S delete mode 100644 linux/crypto/ciphers/des/ecb_enc.c delete mode 100644 linux/crypto/ciphers/des/fcrypt.c delete mode 100644 linux/crypto/ciphers/des/fcrypt_b.c delete mode 100644 linux/crypto/ciphers/des/options.txt delete mode 100644 linux/crypto/ciphers/des/podd.h delete mode 100644 linux/crypto/ciphers/des/set_key.c delete mode 100644 linux/crypto/ciphers/des/sk.h delete mode 100644 linux/crypto/ciphers/des/speed.c delete mode 100644 linux/crypto/ciphers/des/spr.h delete mode 100644 linux/include/crypto/des.h delete mode 100644 linux/include/freeswan.h delete mode 100644 linux/include/freeswan/ipcomp.h delete mode 100644 linux/include/freeswan/ipsec_ah.h delete mode 100644 linux/include/freeswan/ipsec_alg.h delete mode 100644 linux/include/freeswan/ipsec_encap.h delete mode 100644 linux/include/freeswan/ipsec_eroute.h delete mode 100644 linux/include/freeswan/ipsec_errs.h delete mode 100644 linux/include/freeswan/ipsec_esp.h delete mode 100644 linux/include/freeswan/ipsec_ipe4.h delete mode 100644 linux/include/freeswan/ipsec_kversion.h delete mode 100644 linux/include/freeswan/ipsec_life.h delete mode 100644 linux/include/freeswan/ipsec_md5h.h delete mode 100644 linux/include/freeswan/ipsec_param.h delete mode 100644 linux/include/freeswan/ipsec_policy.h delete mode 100644 linux/include/freeswan/ipsec_proto.h delete mode 100644 linux/include/freeswan/ipsec_radij.h delete mode 100644 linux/include/freeswan/ipsec_rcv.h delete mode 100644 linux/include/freeswan/ipsec_sa.h delete mode 100644 linux/include/freeswan/ipsec_sha1.h delete mode 100644 linux/include/freeswan/ipsec_stats.h delete mode 100644 linux/include/freeswan/ipsec_tunnel.h delete mode 100644 linux/include/freeswan/ipsec_xform.h delete mode 100644 linux/include/freeswan/ipsec_xmit.h delete mode 100644 linux/include/freeswan/radij.h delete mode 100644 linux/include/mast.h delete mode 100644 linux/include/pfkey.h delete mode 100644 linux/include/pfkeyv2.h delete mode 100644 linux/include/zlib/zlib.h delete mode 100644 linux/include/zlib/zutil.h delete mode 100644 linux/lib/libfreeswan/Makefile.objs delete mode 100644 linux/lib/libfreeswan/addrtoa.c delete mode 100644 linux/lib/libfreeswan/addrtot.c delete mode 100644 linux/lib/libfreeswan/addrtypeof.c delete mode 100644 linux/lib/libfreeswan/anyaddr.3 delete mode 100644 linux/lib/libfreeswan/anyaddr.c delete mode 100644 linux/lib/libfreeswan/atoaddr.3 delete mode 100644 linux/lib/libfreeswan/atoaddr.c delete mode 100644 linux/lib/libfreeswan/atoasr.3 delete mode 100644 linux/lib/libfreeswan/atoasr.c delete mode 100644 linux/lib/libfreeswan/atosa.3 delete mode 100644 linux/lib/libfreeswan/atosa.c delete mode 100644 linux/lib/libfreeswan/atosubnet.c delete mode 100644 linux/lib/libfreeswan/atoul.3 delete mode 100644 linux/lib/libfreeswan/atoul.c delete mode 100644 linux/lib/libfreeswan/copyright.c delete mode 100644 linux/lib/libfreeswan/datatot.c delete mode 100644 linux/lib/libfreeswan/goodmask.3 delete mode 100644 linux/lib/libfreeswan/goodmask.c delete mode 100644 linux/lib/libfreeswan/initaddr.3 delete mode 100644 linux/lib/libfreeswan/initaddr.c delete mode 100644 linux/lib/libfreeswan/initsaid.c delete mode 100644 linux/lib/libfreeswan/initsubnet.3 delete mode 100644 linux/lib/libfreeswan/initsubnet.c delete mode 100644 linux/lib/libfreeswan/internal.h delete mode 100644 linux/lib/libfreeswan/keyblobtoid.3 delete mode 100644 linux/lib/libfreeswan/keyblobtoid.c delete mode 100644 linux/lib/libfreeswan/optionsfrom.3 delete mode 100644 linux/lib/libfreeswan/optionsfrom.c delete mode 100644 linux/lib/libfreeswan/pfkey_v2_build.c delete mode 100644 linux/lib/libfreeswan/pfkey_v2_debug.c delete mode 100644 linux/lib/libfreeswan/pfkey_v2_ext_bits.c delete mode 100644 linux/lib/libfreeswan/pfkey_v2_parse.c delete mode 100644 linux/lib/libfreeswan/portof.3 delete mode 100644 linux/lib/libfreeswan/portof.c delete mode 100644 linux/lib/libfreeswan/prng.3 delete mode 100644 linux/lib/libfreeswan/prng.c delete mode 100644 linux/lib/libfreeswan/rangetoa.c delete mode 100644 linux/lib/libfreeswan/rangetosubnet.3 delete mode 100644 linux/lib/libfreeswan/rangetosubnet.c delete mode 100644 linux/lib/libfreeswan/sameaddr.3 delete mode 100644 linux/lib/libfreeswan/sameaddr.c delete mode 100644 linux/lib/libfreeswan/satoa.c delete mode 100644 linux/lib/libfreeswan/satot.c delete mode 100644 linux/lib/libfreeswan/subnetof.3 delete mode 100644 linux/lib/libfreeswan/subnetof.c delete mode 100644 linux/lib/libfreeswan/subnettoa.c delete mode 100644 linux/lib/libfreeswan/subnettot.c delete mode 100644 linux/lib/libfreeswan/subnettypeof.c delete mode 100644 linux/lib/libfreeswan/ttoaddr.3 delete mode 100644 linux/lib/libfreeswan/ttoaddr.c delete mode 100644 linux/lib/libfreeswan/ttodata.3 delete mode 100644 linux/lib/libfreeswan/ttodata.c delete mode 100644 linux/lib/libfreeswan/ttoprotoport.c delete mode 100644 linux/lib/libfreeswan/ttosa.3 delete mode 100644 linux/lib/libfreeswan/ttosa.c delete mode 100644 linux/lib/libfreeswan/ttosubnet.c delete mode 100644 linux/lib/libfreeswan/ttoul.3 delete mode 100644 linux/lib/libfreeswan/ttoul.c delete mode 100644 linux/lib/libfreeswan/ultoa.c delete mode 100644 linux/lib/libfreeswan/ultot.c delete mode 100644 linux/lib/libfreeswan/version.3 delete mode 100644 linux/lib/libfreeswan/version.in.c delete mode 100644 linux/lib/zlib/Makefile delete mode 100644 linux/lib/zlib/Makefile.objs delete mode 100644 linux/lib/zlib/README delete mode 100644 linux/lib/zlib/README.freeswan delete mode 100644 linux/lib/zlib/adler32.c delete mode 100644 linux/lib/zlib/deflate.c delete mode 100644 linux/lib/zlib/deflate.h delete mode 100644 linux/lib/zlib/infblock.c delete mode 100644 linux/lib/zlib/infblock.h delete mode 100644 linux/lib/zlib/infcodes.c delete mode 100644 linux/lib/zlib/infcodes.h delete mode 100644 linux/lib/zlib/inffast.c delete mode 100644 linux/lib/zlib/inffast.h delete mode 100644 linux/lib/zlib/inffixed.h delete mode 100644 linux/lib/zlib/inflate.c delete mode 100644 linux/lib/zlib/inftrees.c delete mode 100644 linux/lib/zlib/inftrees.h delete mode 100644 linux/lib/zlib/infutil.c delete mode 100644 linux/lib/zlib/infutil.h delete mode 100644 linux/lib/zlib/match586.S delete mode 100644 linux/lib/zlib/match686.S delete mode 100644 linux/lib/zlib/trees.c delete mode 100644 linux/lib/zlib/trees.h delete mode 100644 linux/lib/zlib/zconf.h delete mode 100644 linux/lib/zlib/zutil.c delete mode 100644 linux/net/Config.in.fs2_0.patch delete mode 100644 linux/net/Config.in.fs2_2.patch delete mode 100644 linux/net/Config.in.fs2_4.patch delete mode 100644 linux/net/Makefile.fs2_0.patch delete mode 100644 linux/net/Makefile.fs2_2.patch delete mode 100644 linux/net/Makefile.fs2_4.ipsec_alg.patch delete mode 100644 linux/net/Makefile.fs2_4.patch delete mode 100644 linux/net/include.net.sock.h.fs2_2.patch delete mode 100644 linux/net/include.net.sock.h.fs2_4.patch delete mode 100644 linux/net/ipsec/.cvsignore delete mode 100644 linux/net/ipsec/Config.in delete mode 100644 linux/net/ipsec/Makefile delete mode 100644 linux/net/ipsec/Makefile.algtest delete mode 100644 linux/net/ipsec/alg/Config.alg_aes.in delete mode 100644 linux/net/ipsec/alg/Config.alg_blowfish.in delete mode 100644 linux/net/ipsec/alg/Config.alg_cryptoapi.in delete mode 100644 linux/net/ipsec/alg/Config.alg_serpent.in delete mode 100644 linux/net/ipsec/alg/Config.alg_sha2.in delete mode 100644 linux/net/ipsec/alg/Config.alg_twofish.in delete mode 100644 linux/net/ipsec/alg/Config.in delete mode 100644 linux/net/ipsec/alg/Makefile delete mode 100644 linux/net/ipsec/alg/Makefile.alg_aes delete mode 100644 linux/net/ipsec/alg/Makefile.alg_blowfish delete mode 100644 linux/net/ipsec/alg/Makefile.alg_cryptoapi delete mode 100644 linux/net/ipsec/alg/Makefile.alg_serpent delete mode 100644 linux/net/ipsec/alg/Makefile.alg_sha2 delete mode 100644 linux/net/ipsec/alg/Makefile.alg_twofish delete mode 100644 linux/net/ipsec/alg/ipsec_alg_aes.c delete mode 100644 linux/net/ipsec/alg/ipsec_alg_blowfish.c delete mode 100644 linux/net/ipsec/alg/ipsec_alg_cryptoapi.c delete mode 100644 linux/net/ipsec/alg/ipsec_alg_serpent.c delete mode 100644 linux/net/ipsec/alg/ipsec_alg_sha2.c delete mode 100644 linux/net/ipsec/alg/ipsec_alg_twofish.c delete mode 100644 linux/net/ipsec/alg/scripts/mk-static_init.c.sh delete mode 100644 linux/net/ipsec/defconfig delete mode 100644 linux/net/ipsec/ipcomp.c delete mode 100644 linux/net/ipsec/ipsec_alg.c delete mode 100644 linux/net/ipsec/ipsec_init.c delete mode 100644 linux/net/ipsec/ipsec_life.c delete mode 100644 linux/net/ipsec/ipsec_mast.c delete mode 100644 linux/net/ipsec/ipsec_md5c.c delete mode 100644 linux/net/ipsec/ipsec_proc.c delete mode 100644 linux/net/ipsec/ipsec_radij.c delete mode 100644 linux/net/ipsec/ipsec_rcv.c delete mode 100644 linux/net/ipsec/ipsec_sa.c delete mode 100644 linux/net/ipsec/ipsec_sha1.c delete mode 100644 linux/net/ipsec/ipsec_tunnel.c delete mode 100644 linux/net/ipsec/ipsec_xform.c delete mode 100644 linux/net/ipsec/ipsec_xmit.c delete mode 100644 linux/net/ipsec/pfkey_v2.c delete mode 100644 linux/net/ipsec/pfkey_v2_ext_process.c delete mode 100644 linux/net/ipsec/pfkey_v2_parser.c delete mode 100644 linux/net/ipsec/radij.c delete mode 100644 linux/net/ipsec/sysctl_net_ipsec.c delete mode 100644 linux/net/ipsec/tagsfile.mak delete mode 100644 linux/net/ipv4/af_inet.c.fs2_0.patch delete mode 100644 linux/net/ipv4/af_inet.c.fs2_2.patch delete mode 100644 linux/net/ipv4/af_inet.c.fs2_4.patch delete mode 100644 linux/net/ipv4/udp.c.fs2_2.patch delete mode 100644 linux/net/ipv4/udp.c.fs2_4.patch create mode 100644 ltmain.sh create mode 100755 missing delete mode 100644 packaging/ipkg/conffiles delete mode 100644 packaging/ipkg/control-freeswan-module.dist delete mode 100644 packaging/ipkg/control-freeswan.dist delete mode 100644 packaging/ipkg/debian-binary delete mode 100755 packaging/ipkg/generate-ipkg delete mode 100644 packaging/linus/config-all.h delete mode 100644 packaging/makefiles/module.make delete mode 100644 packaging/redhat/.cvsignore delete mode 100644 packaging/redhat/Makefile delete mode 100644 packaging/redhat/config-athlon-smp.h delete mode 100644 packaging/redhat/config-athlon.h delete mode 100644 packaging/redhat/config-i386-smp.h delete mode 100644 packaging/redhat/config-i386.h delete mode 100644 packaging/redhat/config-i586-smp.h delete mode 100644 packaging/redhat/config-i586-up.h delete mode 100644 packaging/redhat/config-i586.h delete mode 100644 packaging/redhat/config-i686-bigmem.h delete mode 100644 packaging/redhat/config-i686-smp.h delete mode 100644 packaging/redhat/config-i686.h delete mode 100644 packaging/redhat/freeswan.spec delete mode 100644 packaging/redhat/kernel-list.txt delete mode 100644 packaging/redhat/rpm.in delete mode 100755 packaging/utils/backup delete mode 100755 packaging/utils/branch delete mode 100755 packaging/utils/canrel delete mode 100644 packaging/utils/disttools.pl delete mode 100755 packaging/utils/errcheck delete mode 100644 packaging/utils/kernel.patch.gen.sh delete mode 100755 packaging/utils/kerneldiff delete mode 100755 packaging/utils/kernelpatch delete mode 100755 packaging/utils/kernelversion delete mode 100755 packaging/utils/kernelversion-short delete mode 100755 packaging/utils/manlink delete mode 100755 packaging/utils/maysnap delete mode 100755 packaging/utils/maytest delete mode 100755 packaging/utils/mkcand delete mode 100755 packaging/utils/mkrel delete mode 100755 packaging/utils/mksnap delete mode 100755 packaging/utils/mvcand delete mode 100755 packaging/utils/mvrel delete mode 100755 packaging/utils/patcher delete mode 100755 packaging/utils/prepcand delete mode 100755 packaging/utils/recan delete mode 100755 packaging/utils/setup delete mode 100755 packaging/utils/sshenv delete mode 100755 packaging/utils/tattle delete mode 100755 packaging/utils/wantsnap delete mode 100755 packaging/utils/wanttest delete mode 100644 programs/Makefile delete mode 100644 programs/Makefile.program delete mode 100644 programs/_confread/.cvsignore delete mode 100644 programs/_confread/Makefile delete mode 100644 programs/_confread/README.conf.V2 delete mode 100644 programs/_confread/_confread.8 delete mode 100755 programs/_confread/_confread.in delete mode 100644 programs/_confread/block.in delete mode 100644 programs/_confread/clear-or-private.in delete mode 100644 programs/_confread/clear.in delete mode 100644 programs/_confread/ipsec.conf.5 delete mode 100644 programs/_confread/ipsec.conf.in delete mode 100644 programs/_confread/private-or-clear.in delete mode 100644 programs/_confread/private.in delete mode 100755 programs/_confread/randomize delete mode 100644 programs/_copyright/.cvsignore delete mode 100644 programs/_copyright/Makefile delete mode 100644 programs/_copyright/_copyright.8 delete mode 100644 programs/_copyright/_copyright.c delete mode 100644 programs/_include/.cvsignore delete mode 100644 programs/_include/Makefile delete mode 100644 programs/_include/_include.8 delete mode 100755 programs/_include/_include.in delete mode 100644 programs/_keycensor/.cvsignore delete mode 100644 programs/_keycensor/Makefile delete mode 100644 programs/_keycensor/_keycensor.8 delete mode 100755 programs/_keycensor/_keycensor.in delete mode 100644 programs/_plutoload/.cvsignore delete mode 100644 programs/_plutoload/Makefile delete mode 100644 programs/_plutoload/_plutoload.8 delete mode 100755 programs/_plutoload/_plutoload.in delete mode 100644 programs/_plutorun/.cvsignore delete mode 100644 programs/_plutorun/Makefile delete mode 100644 programs/_plutorun/_plutorun.8 delete mode 100755 programs/_plutorun/_plutorun.in delete mode 100644 programs/_realsetup/.cvsignore delete mode 100644 programs/_realsetup/Makefile delete mode 100644 programs/_realsetup/_realsetup.8 delete mode 100755 programs/_realsetup/_realsetup.in delete mode 100644 programs/_secretcensor/.cvsignore delete mode 100644 programs/_secretcensor/Makefile delete mode 100644 programs/_secretcensor/_secretcensor.8 delete mode 100755 programs/_secretcensor/_secretcensor.in delete mode 100644 programs/_startklips/.cvsignore delete mode 100644 programs/_startklips/Makefile delete mode 100644 programs/_startklips/_startklips.8 delete mode 100755 programs/_startklips/_startklips.in delete mode 100644 programs/_updown/.cvsignore delete mode 100644 programs/_updown/Makefile delete mode 100644 programs/_updown/_updown.8 delete mode 100755 programs/_updown/_updown.in delete mode 100644 programs/_updown_espmark/Makefile delete mode 100644 programs/_updown_espmark/_updown_espmark.8 delete mode 100644 programs/_updown_espmark/_updown_espmark.in delete mode 100644 programs/auto/.cvsignore delete mode 100644 programs/auto/Makefile delete mode 100644 programs/auto/auto.8 delete mode 100755 programs/auto/auto.in delete mode 100644 programs/barf/.cvsignore delete mode 100644 programs/barf/Makefile delete mode 100644 programs/barf/barf.8 delete mode 100755 programs/barf/barf.in delete mode 100644 programs/calcgoo/.cvsignore delete mode 100644 programs/calcgoo/Makefile delete mode 100644 programs/calcgoo/calcgoo.8 delete mode 100644 programs/calcgoo/calcgoo.in delete mode 100644 programs/eroute/.cvsignore delete mode 100644 programs/eroute/Makefile delete mode 100644 programs/eroute/eroute.5 delete mode 100644 programs/eroute/eroute.8 delete mode 100644 programs/eroute/eroute.c delete mode 100644 programs/examples/Makefile delete mode 100644 programs/examples/oe.conf.in delete mode 100644 programs/ikeping/.cvsignore delete mode 100644 programs/ikeping/Makefile delete mode 100644 programs/ikeping/ikeping.8 delete mode 100644 programs/ikeping/ikeping.c delete mode 100644 programs/ipsec/.cvsignore delete mode 100644 programs/ipsec/Makefile delete mode 100644 programs/ipsec/distro.txt delete mode 100644 programs/ipsec/ipsec.8 delete mode 100755 programs/ipsec/ipsec.in delete mode 100644 programs/klipsdebug/.cvsignore delete mode 100644 programs/klipsdebug/Makefile delete mode 100644 programs/klipsdebug/klipsdebug.5 delete mode 100644 programs/klipsdebug/klipsdebug.8 delete mode 100644 programs/klipsdebug/klipsdebug.c delete mode 100644 programs/look/.cvsignore delete mode 100644 programs/look/Makefile delete mode 100644 programs/look/look.8 delete mode 100755 programs/look/look.in delete mode 100644 programs/lwdnsq/.cvsignore delete mode 100644 programs/lwdnsq/CONTRACT.txt delete mode 100644 programs/lwdnsq/Makefile delete mode 100644 programs/lwdnsq/cmds.c delete mode 100644 programs/lwdnsq/lookup.c delete mode 100644 programs/lwdnsq/lwdnsq.8 delete mode 100644 programs/lwdnsq/lwdnsq.c delete mode 100644 programs/lwdnsq/lwdnsq.h delete mode 100644 programs/lwdnsq/lwdnsq.xml.in delete mode 100644 programs/lwdnsq/states.fig delete mode 100644 programs/lwdnsq/states.png delete mode 100644 programs/mailkey/.cvsignore delete mode 100644 programs/mailkey/Makefile delete mode 100644 programs/mailkey/mailkey.8 delete mode 100755 programs/mailkey/mailkey.in delete mode 100644 programs/manual/.cvsignore delete mode 100644 programs/manual/Makefile delete mode 100644 programs/manual/manual.8 delete mode 100755 programs/manual/manual.in delete mode 100644 programs/openac/Makefile delete mode 100644 programs/openac/build.c delete mode 100644 programs/openac/build.h delete mode 100644 programs/openac/loglite.c delete mode 100644 programs/openac/openac.8 delete mode 100755 programs/openac/openac.c delete mode 100644 programs/pf_key/.cvsignore delete mode 100644 programs/pf_key/Makefile delete mode 100644 programs/pf_key/pf_key.5 delete mode 100644 programs/pf_key/pf_key.8 delete mode 100644 programs/pf_key/pf_key.c delete mode 100644 programs/pluto/.cvsignore delete mode 100644 programs/pluto/Makefile delete mode 100644 programs/pluto/PLUTO-CONVENTIONS delete mode 100644 programs/pluto/TODO delete mode 100644 programs/pluto/ac.c delete mode 100644 programs/pluto/ac.h delete mode 100644 programs/pluto/adns.c delete mode 100644 programs/pluto/adns.h delete mode 100644 programs/pluto/alg/Config.ike_alg delete mode 100644 programs/pluto/alg/Makefile delete mode 100644 programs/pluto/alg/Makefile.ike_alg_aes delete mode 100644 programs/pluto/alg/Makefile.ike_alg_blowfish delete mode 100644 programs/pluto/alg/Makefile.ike_alg_serpent delete mode 100644 programs/pluto/alg/Makefile.ike_alg_sha2 delete mode 100644 programs/pluto/alg/Makefile.ike_alg_twofish delete mode 100644 programs/pluto/alg/ike_alg_aes.c delete mode 100644 programs/pluto/alg/ike_alg_blowfish.c delete mode 100644 programs/pluto/alg/ike_alg_serpent.c delete mode 100644 programs/pluto/alg/ike_alg_sha2.c delete mode 100644 programs/pluto/alg/ike_alg_twofish.c delete mode 100644 programs/pluto/alg_info.c delete mode 100644 programs/pluto/alg_info.h delete mode 100644 programs/pluto/asn1.c delete mode 100644 programs/pluto/asn1.h delete mode 100644 programs/pluto/ca.c delete mode 100644 programs/pluto/ca.h delete mode 100644 programs/pluto/certs.c delete mode 100644 programs/pluto/certs.h delete mode 100644 programs/pluto/connections.c delete mode 100644 programs/pluto/connections.h delete mode 100644 programs/pluto/constants.c delete mode 100644 programs/pluto/constants.h delete mode 100644 programs/pluto/cookie.c delete mode 100644 programs/pluto/cookie.h delete mode 100644 programs/pluto/crl.c delete mode 100644 programs/pluto/crl.h delete mode 100644 programs/pluto/crypto.c delete mode 100644 programs/pluto/crypto.h delete mode 100644 programs/pluto/db_ops.c delete mode 100644 programs/pluto/db_ops.h delete mode 100644 programs/pluto/defs.c delete mode 100644 programs/pluto/defs.h delete mode 100644 programs/pluto/demux.c delete mode 100644 programs/pluto/demux.h delete mode 100644 programs/pluto/dnskey.c delete mode 100644 programs/pluto/dnskey.h delete mode 100644 programs/pluto/dsa.c delete mode 100644 programs/pluto/dsa.h delete mode 100644 programs/pluto/elgamal.c delete mode 100644 programs/pluto/elgamal.h delete mode 100644 programs/pluto/fetch.c delete mode 100644 programs/pluto/fetch.h delete mode 100644 programs/pluto/foodgroups.c delete mode 100644 programs/pluto/foodgroups.h delete mode 100644 programs/pluto/gcryptfix.c delete mode 100644 programs/pluto/gcryptfix.h delete mode 100644 programs/pluto/id.c delete mode 100644 programs/pluto/id.h delete mode 100644 programs/pluto/ike_alg.c delete mode 100644 programs/pluto/ike_alg.h delete mode 100644 programs/pluto/ipsec.secrets.5 delete mode 100644 programs/pluto/ipsec_doi.c delete mode 100644 programs/pluto/ipsec_doi.h delete mode 100644 programs/pluto/kameipsec.h delete mode 100644 programs/pluto/kernel.c delete mode 100644 programs/pluto/kernel.h delete mode 100644 programs/pluto/kernel_alg.c delete mode 100644 programs/pluto/kernel_alg.h delete mode 100644 programs/pluto/kernel_netlink.c delete mode 100644 programs/pluto/kernel_netlink.h delete mode 100644 programs/pluto/kernel_noklips.c delete mode 100644 programs/pluto/kernel_noklips.h delete mode 100644 programs/pluto/kernel_pfkey.c delete mode 100644 programs/pluto/kernel_pfkey.h delete mode 100644 programs/pluto/keys.c delete mode 100644 programs/pluto/keys.h delete mode 100644 programs/pluto/lex.c delete mode 100644 programs/pluto/lex.h delete mode 100644 programs/pluto/linux26/netlink.h delete mode 100644 programs/pluto/linux26/rtnetlink.h delete mode 100644 programs/pluto/linux26/xfrm.h delete mode 100644 programs/pluto/log.c delete mode 100644 programs/pluto/log.h delete mode 100644 programs/pluto/md2.c delete mode 100644 programs/pluto/md2.h delete mode 100644 programs/pluto/md5.c delete mode 100644 programs/pluto/md5.h delete mode 100644 programs/pluto/modecfg.c delete mode 100644 programs/pluto/modecfg.h delete mode 100644 programs/pluto/mp_defs.c delete mode 100644 programs/pluto/mp_defs.h delete mode 100644 programs/pluto/nat_traversal.c delete mode 100644 programs/pluto/nat_traversal.h delete mode 100644 programs/pluto/ocsp.c delete mode 100644 programs/pluto/ocsp.h delete mode 100644 programs/pluto/oid.c delete mode 100644 programs/pluto/oid.h delete mode 100644 programs/pluto/oid.pl delete mode 100644 programs/pluto/oid.txt delete mode 100644 programs/pluto/packet.c delete mode 100644 programs/pluto/packet.h delete mode 100644 programs/pluto/pem.c delete mode 100644 programs/pluto/pem.h delete mode 100644 programs/pluto/pgp.c delete mode 100644 programs/pluto/pgp.h delete mode 100644 programs/pluto/pkcs1.c delete mode 100644 programs/pluto/pkcs1.h delete mode 100644 programs/pluto/pkcs7.c delete mode 100644 programs/pluto/pkcs7.h delete mode 100644 programs/pluto/pluto-style.el delete mode 100644 programs/pluto/pluto.8 delete mode 100644 programs/pluto/plutomain.c delete mode 100644 programs/pluto/primegen.c delete mode 100644 programs/pluto/rcv_whack.c delete mode 100644 programs/pluto/rcv_whack.h delete mode 100644 programs/pluto/rnd.c delete mode 100644 programs/pluto/rnd.h delete mode 100644 programs/pluto/routing.txt delete mode 100644 programs/pluto/rsaref/pkcs11.h delete mode 100644 programs/pluto/rsaref/pkcs11f.h delete mode 100644 programs/pluto/rsaref/pkcs11t.h delete mode 100644 programs/pluto/rsaref/unix.h delete mode 100644 programs/pluto/server.c delete mode 100644 programs/pluto/server.h delete mode 100644 programs/pluto/sha1.c delete mode 100644 programs/pluto/sha1.h delete mode 100644 programs/pluto/smallprime.c delete mode 100644 programs/pluto/smartcard.c delete mode 100644 programs/pluto/smartcard.h delete mode 100644 programs/pluto/spdb.c delete mode 100644 programs/pluto/spdb.h delete mode 100644 programs/pluto/state.c delete mode 100644 programs/pluto/state.h delete mode 100644 programs/pluto/timer.c delete mode 100644 programs/pluto/timer.h delete mode 100644 programs/pluto/vendor.c delete mode 100644 programs/pluto/vendor.h delete mode 100644 programs/pluto/virtual.c delete mode 100644 programs/pluto/virtual.h delete mode 100644 programs/pluto/whack.c delete mode 100644 programs/pluto/whack.h delete mode 100644 programs/pluto/x509.c delete mode 100644 programs/pluto/x509.h delete mode 100644 programs/pluto/xauth.c delete mode 100644 programs/pluto/xauth.h delete mode 100644 programs/proc/Makefile delete mode 100644 programs/proc/trap_count.5 delete mode 100644 programs/proc/trap_sendcount.5 delete mode 100644 programs/proc/version.5 delete mode 100644 programs/ranbits/.cvsignore delete mode 100644 programs/ranbits/Makefile delete mode 100644 programs/ranbits/ranbits.8 delete mode 100644 programs/ranbits/ranbits.c delete mode 100644 programs/rsasigkey/.cvsignore delete mode 100644 programs/rsasigkey/Makefile delete mode 100644 programs/rsasigkey/rsasigkey.8 delete mode 100644 programs/rsasigkey/rsasigkey.c delete mode 100644 programs/scepclient/Makefile delete mode 100644 programs/scepclient/pkcs10.c delete mode 100644 programs/scepclient/pkcs10.h delete mode 100644 programs/scepclient/rsakey.c delete mode 100644 programs/scepclient/rsakey.h delete mode 100644 programs/scepclient/scep.c delete mode 100644 programs/scepclient/scep.h delete mode 100644 programs/scepclient/scepclient.8 delete mode 100644 programs/scepclient/scepclient.c delete mode 100644 programs/secrets/Makefile delete mode 100644 programs/secrets/secrets.8 delete mode 100644 programs/secrets/secrets.in delete mode 100644 programs/send-pr/.cvsignore delete mode 100644 programs/send-pr/Makefile delete mode 100644 programs/send-pr/ipsec_pr.template delete mode 100644 programs/send-pr/send-pr.8 delete mode 100755 programs/send-pr/send-pr.in delete mode 100644 programs/setup/.cvsignore delete mode 100644 programs/setup/Makefile delete mode 100644 programs/setup/setup.8 delete mode 100755 programs/setup/setup.in delete mode 100644 programs/showdefaults/.cvsignore delete mode 100644 programs/showdefaults/Makefile delete mode 100644 programs/showdefaults/showdefaults.8 delete mode 100755 programs/showdefaults/showdefaults.in delete mode 100644 programs/showhostkey/.cvsignore delete mode 100644 programs/showhostkey/Makefile delete mode 100644 programs/showhostkey/showhostkey.8 delete mode 100755 programs/showhostkey/showhostkey.in delete mode 100644 programs/showpolicy/.cvsignore delete mode 100644 programs/showpolicy/Makefile delete mode 100644 programs/showpolicy/showpolicy.8 delete mode 100644 programs/showpolicy/showpolicy.c delete mode 100644 programs/spi/.cvsignore delete mode 100644 programs/spi/Makefile delete mode 100644 programs/spi/spi.5 delete mode 100644 programs/spi/spi.8 delete mode 100644 programs/spi/spi.c delete mode 100644 programs/spigrp/.cvsignore delete mode 100644 programs/spigrp/Makefile delete mode 100644 programs/spigrp/spigrp.5 delete mode 100644 programs/spigrp/spigrp.8 delete mode 100644 programs/spigrp/spigrp.c delete mode 100644 programs/starter/Makefile delete mode 100644 programs/starter/README delete mode 100644 programs/starter/args.c delete mode 100644 programs/starter/args.h delete mode 100644 programs/starter/cmp.c delete mode 100644 programs/starter/cmp.h delete mode 100644 programs/starter/confread.c delete mode 100644 programs/starter/confread.h delete mode 100644 programs/starter/exec.c delete mode 100644 programs/starter/exec.h delete mode 100644 programs/starter/files.h delete mode 100644 programs/starter/interfaces.c delete mode 100644 programs/starter/interfaces.h delete mode 100644 programs/starter/invokepluto.c delete mode 100644 programs/starter/invokepluto.h delete mode 100644 programs/starter/keywords.c delete mode 100644 programs/starter/keywords.h delete mode 100644 programs/starter/keywords.txt delete mode 100644 programs/starter/klips.c delete mode 100644 programs/starter/klips.h delete mode 100644 programs/starter/lex.yy.c delete mode 100644 programs/starter/netkey.c delete mode 100644 programs/starter/netkey.h delete mode 100644 programs/starter/parser.h delete mode 100644 programs/starter/parser.l delete mode 100644 programs/starter/parser.output delete mode 100644 programs/starter/parser.tab.c delete mode 100644 programs/starter/parser.tab.h delete mode 100644 programs/starter/parser.y delete mode 100644 programs/starter/starter.8 delete mode 100644 programs/starter/starter.c delete mode 100644 programs/starter/starterwhack.c delete mode 100644 programs/starter/starterwhack.h delete mode 100644 programs/tncfg/.cvsignore delete mode 100644 programs/tncfg/Makefile delete mode 100644 programs/tncfg/tncfg.5 delete mode 100644 programs/tncfg/tncfg.8 delete mode 100644 programs/tncfg/tncfg.c create mode 100644 src/Makefile.am create mode 100644 src/Makefile.in create mode 100644 src/_copyright/Makefile.am create mode 100644 src/_copyright/Makefile.in create mode 100644 src/_copyright/_copyright.8 create mode 100644 src/_copyright/_copyright.c create mode 100644 src/_updown/Makefile.am create mode 100644 src/_updown/Makefile.in create mode 100755 src/_updown/_updown create mode 100644 src/_updown/_updown.8 create mode 100644 src/_updown_espmark/Makefile.am create mode 100644 src/_updown_espmark/Makefile.in create mode 100644 src/_updown_espmark/_updown_espmark create mode 100644 src/_updown_espmark/_updown_espmark.8 create mode 100644 src/charon/Makefile.am create mode 100644 src/charon/Makefile.in create mode 100644 src/charon/bus/bus.c create mode 100644 src/charon/bus/bus.h create mode 100644 src/charon/bus/listeners/file_logger.c create mode 100644 src/charon/bus/listeners/file_logger.h create mode 100644 src/charon/bus/listeners/sys_logger.c create mode 100644 src/charon/bus/listeners/sys_logger.h create mode 100755 src/charon/config/configuration.c create mode 100755 src/charon/config/configuration.h create mode 100644 src/charon/config/connections/connection.c create mode 100644 src/charon/config/connections/connection.h create mode 100755 src/charon/config/connections/connection_store.h create mode 100644 src/charon/config/connections/local_connection_store.c create mode 100644 src/charon/config/connections/local_connection_store.h create mode 100644 src/charon/config/credentials/local_credential_store.c create mode 100644 src/charon/config/credentials/local_credential_store.h create mode 100644 src/charon/config/policies/local_policy_store.c create mode 100644 src/charon/config/policies/local_policy_store.h create mode 100644 src/charon/config/policies/policy.c create mode 100644 src/charon/config/policies/policy.h create mode 100755 src/charon/config/policies/policy_store.h create mode 100644 src/charon/config/proposal.c create mode 100644 src/charon/config/proposal.h create mode 100644 src/charon/config/traffic_selector.c create mode 100644 src/charon/config/traffic_selector.h create mode 100644 src/charon/daemon.c create mode 100644 src/charon/daemon.h create mode 100644 src/charon/encoding/generator.c create mode 100644 src/charon/encoding/generator.h create mode 100644 src/charon/encoding/message.c create mode 100644 src/charon/encoding/message.h create mode 100644 src/charon/encoding/parser.c create mode 100644 src/charon/encoding/parser.h create mode 100644 src/charon/encoding/payloads/auth_payload.c create mode 100644 src/charon/encoding/payloads/auth_payload.h create mode 100644 src/charon/encoding/payloads/cert_payload.c create mode 100644 src/charon/encoding/payloads/cert_payload.h create mode 100644 src/charon/encoding/payloads/certreq_payload.c create mode 100644 src/charon/encoding/payloads/certreq_payload.h create mode 100644 src/charon/encoding/payloads/configuration_attribute.c create mode 100644 src/charon/encoding/payloads/configuration_attribute.h create mode 100644 src/charon/encoding/payloads/cp_payload.c create mode 100644 src/charon/encoding/payloads/cp_payload.h create mode 100644 src/charon/encoding/payloads/delete_payload.c create mode 100644 src/charon/encoding/payloads/delete_payload.h create mode 100644 src/charon/encoding/payloads/eap_payload.c create mode 100644 src/charon/encoding/payloads/eap_payload.h create mode 100644 src/charon/encoding/payloads/encodings.c create mode 100644 src/charon/encoding/payloads/encodings.h create mode 100644 src/charon/encoding/payloads/encryption_payload.c create mode 100644 src/charon/encoding/payloads/encryption_payload.h create mode 100644 src/charon/encoding/payloads/id_payload.c create mode 100644 src/charon/encoding/payloads/id_payload.h create mode 100644 src/charon/encoding/payloads/ike_header.c create mode 100644 src/charon/encoding/payloads/ike_header.h create mode 100644 src/charon/encoding/payloads/ke_payload.c create mode 100644 src/charon/encoding/payloads/ke_payload.h create mode 100644 src/charon/encoding/payloads/nonce_payload.c create mode 100644 src/charon/encoding/payloads/nonce_payload.h create mode 100644 src/charon/encoding/payloads/notify_payload.c create mode 100644 src/charon/encoding/payloads/notify_payload.h create mode 100644 src/charon/encoding/payloads/payload.c create mode 100644 src/charon/encoding/payloads/payload.h create mode 100644 src/charon/encoding/payloads/proposal_substructure.c create mode 100644 src/charon/encoding/payloads/proposal_substructure.h create mode 100644 src/charon/encoding/payloads/sa_payload.c create mode 100644 src/charon/encoding/payloads/sa_payload.h create mode 100644 src/charon/encoding/payloads/traffic_selector_substructure.c create mode 100644 src/charon/encoding/payloads/traffic_selector_substructure.h create mode 100644 src/charon/encoding/payloads/transform_attribute.c create mode 100644 src/charon/encoding/payloads/transform_attribute.h create mode 100644 src/charon/encoding/payloads/transform_substructure.c create mode 100644 src/charon/encoding/payloads/transform_substructure.h create mode 100644 src/charon/encoding/payloads/ts_payload.c create mode 100644 src/charon/encoding/payloads/ts_payload.h create mode 100644 src/charon/encoding/payloads/unknown_payload.c create mode 100644 src/charon/encoding/payloads/unknown_payload.h create mode 100644 src/charon/encoding/payloads/vendor_id_payload.c create mode 100644 src/charon/encoding/payloads/vendor_id_payload.h create mode 100644 src/charon/network/packet.c create mode 100644 src/charon/network/packet.h create mode 100644 src/charon/network/socket.c create mode 100644 src/charon/network/socket.h create mode 100644 src/charon/queues/event_queue.c create mode 100644 src/charon/queues/event_queue.h create mode 100644 src/charon/queues/job_queue.c create mode 100644 src/charon/queues/job_queue.h create mode 100644 src/charon/queues/jobs/acquire_job.c create mode 100644 src/charon/queues/jobs/acquire_job.h create mode 100644 src/charon/queues/jobs/delete_child_sa_job.c create mode 100644 src/charon/queues/jobs/delete_child_sa_job.h create mode 100644 src/charon/queues/jobs/delete_ike_sa_job.c create mode 100644 src/charon/queues/jobs/delete_ike_sa_job.h create mode 100644 src/charon/queues/jobs/initiate_job.c create mode 100644 src/charon/queues/jobs/initiate_job.h create mode 100644 src/charon/queues/jobs/job.c create mode 100644 src/charon/queues/jobs/job.h create mode 100644 src/charon/queues/jobs/process_message_job.c create mode 100644 src/charon/queues/jobs/process_message_job.h create mode 100644 src/charon/queues/jobs/rekey_child_sa_job.c create mode 100644 src/charon/queues/jobs/rekey_child_sa_job.h create mode 100644 src/charon/queues/jobs/rekey_ike_sa_job.c create mode 100644 src/charon/queues/jobs/rekey_ike_sa_job.h create mode 100644 src/charon/queues/jobs/retransmit_job.c create mode 100644 src/charon/queues/jobs/retransmit_job.h create mode 100644 src/charon/queues/jobs/route_job.c create mode 100644 src/charon/queues/jobs/route_job.h create mode 100644 src/charon/queues/jobs/send_dpd_job.c create mode 100644 src/charon/queues/jobs/send_dpd_job.h create mode 100644 src/charon/queues/jobs/send_keepalive_job.c create mode 100644 src/charon/queues/jobs/send_keepalive_job.h create mode 100644 src/charon/sa/authenticators/authenticator.c create mode 100644 src/charon/sa/authenticators/authenticator.h create mode 100644 src/charon/sa/authenticators/eap/eap_identity.c create mode 100644 src/charon/sa/authenticators/eap/eap_identity.h create mode 100644 src/charon/sa/authenticators/eap/eap_method.c create mode 100644 src/charon/sa/authenticators/eap/eap_method.h create mode 100644 src/charon/sa/authenticators/eap/eap_sim.c create mode 100644 src/charon/sa/authenticators/eap/eap_sim.h create mode 100644 src/charon/sa/authenticators/eap_authenticator.c create mode 100644 src/charon/sa/authenticators/eap_authenticator.h create mode 100644 src/charon/sa/authenticators/psk_authenticator.c create mode 100644 src/charon/sa/authenticators/psk_authenticator.h create mode 100644 src/charon/sa/authenticators/rsa_authenticator.c create mode 100644 src/charon/sa/authenticators/rsa_authenticator.h create mode 100644 src/charon/sa/child_sa.c create mode 100644 src/charon/sa/child_sa.h create mode 100644 src/charon/sa/ike_sa.c create mode 100644 src/charon/sa/ike_sa.h create mode 100644 src/charon/sa/ike_sa_id.c create mode 100644 src/charon/sa/ike_sa_id.h create mode 100644 src/charon/sa/ike_sa_manager.c create mode 100644 src/charon/sa/ike_sa_manager.h create mode 100644 src/charon/sa/task_manager.c create mode 100644 src/charon/sa/task_manager.h create mode 100644 src/charon/sa/tasks/child_create.c create mode 100644 src/charon/sa/tasks/child_create.h create mode 100644 src/charon/sa/tasks/child_delete.c create mode 100644 src/charon/sa/tasks/child_delete.h create mode 100644 src/charon/sa/tasks/child_rekey.c create mode 100644 src/charon/sa/tasks/child_rekey.h create mode 100644 src/charon/sa/tasks/ike_auth.c create mode 100644 src/charon/sa/tasks/ike_auth.h create mode 100644 src/charon/sa/tasks/ike_cert.c create mode 100644 src/charon/sa/tasks/ike_cert.h create mode 100644 src/charon/sa/tasks/ike_config.c create mode 100644 src/charon/sa/tasks/ike_config.h create mode 100644 src/charon/sa/tasks/ike_delete.c create mode 100644 src/charon/sa/tasks/ike_delete.h create mode 100644 src/charon/sa/tasks/ike_dpd.c create mode 100644 src/charon/sa/tasks/ike_dpd.h create mode 100644 src/charon/sa/tasks/ike_init.c create mode 100644 src/charon/sa/tasks/ike_init.h create mode 100644 src/charon/sa/tasks/ike_natd.c create mode 100644 src/charon/sa/tasks/ike_natd.h create mode 100644 src/charon/sa/tasks/ike_rekey.c create mode 100644 src/charon/sa/tasks/ike_rekey.h create mode 100644 src/charon/sa/tasks/task.c create mode 100644 src/charon/sa/tasks/task.h create mode 100644 src/charon/threads/kernel_interface.c create mode 100644 src/charon/threads/kernel_interface.h create mode 100644 src/charon/threads/receiver.c create mode 100644 src/charon/threads/receiver.h create mode 100644 src/charon/threads/scheduler.c create mode 100644 src/charon/threads/scheduler.h create mode 100644 src/charon/threads/sender.c create mode 100644 src/charon/threads/sender.h create mode 100755 src/charon/threads/stroke_interface.c create mode 100644 src/charon/threads/stroke_interface.h create mode 100644 src/charon/threads/thread_pool.c create mode 100644 src/charon/threads/thread_pool.h create mode 100644 src/ipsec/Makefile.am create mode 100644 src/ipsec/Makefile.in create mode 100644 src/ipsec/ipsec.8 create mode 100755 src/ipsec/ipsec.in create mode 100644 src/libcrypto/Makefile.am create mode 100644 src/libcrypto/Makefile.in create mode 100644 src/libcrypto/include/cbc_generic.h create mode 100644 src/libcrypto/include/hmac_generic.h create mode 100644 src/libcrypto/include/md32_common.h create mode 100644 src/libcrypto/libaes/aes.c create mode 100644 src/libcrypto/libaes/aes.h create mode 100644 src/libcrypto/libaes/aes_cbc.c create mode 100644 src/libcrypto/libaes/aes_cbc.h create mode 100644 src/libcrypto/libaes/aes_xcbc_mac.c create mode 100644 src/libcrypto/libaes/aes_xcbc_mac.h create mode 100644 src/libcrypto/libblowfish/bf_enc.c create mode 100644 src/libcrypto/libblowfish/bf_locl.h create mode 100644 src/libcrypto/libblowfish/bf_pi.h create mode 100644 src/libcrypto/libblowfish/bf_skey.c create mode 100644 src/libcrypto/libblowfish/blowfish.h create mode 100644 src/libcrypto/libdes/cbc_enc.c create mode 100644 src/libcrypto/libdes/des.h create mode 100644 src/libcrypto/libdes/des_enc.c create mode 100644 src/libcrypto/libdes/des_locl.h create mode 100644 src/libcrypto/libdes/des_opts.c create mode 100644 src/libcrypto/libdes/des_ver.h create mode 100644 src/libcrypto/libdes/destest.c create mode 100644 src/libcrypto/libdes/ecb_enc.c create mode 100644 src/libcrypto/libdes/fcrypt.c create mode 100644 src/libcrypto/libdes/fcrypt_b.c create mode 100644 src/libcrypto/libdes/podd.h create mode 100644 src/libcrypto/libdes/set_key.c create mode 100644 src/libcrypto/libdes/sk.h create mode 100644 src/libcrypto/libdes/speed.c create mode 100644 src/libcrypto/libdes/spr.h create mode 100644 src/libcrypto/libserpent/serpent.c create mode 100644 src/libcrypto/libserpent/serpent.h create mode 100644 src/libcrypto/libserpent/serpent_cbc.c create mode 100644 src/libcrypto/libserpent/serpent_cbc.h create mode 100644 src/libcrypto/libsha2/hmac_sha2.c create mode 100644 src/libcrypto/libsha2/hmac_sha2.h create mode 100644 src/libcrypto/libsha2/sha2.c create mode 100644 src/libcrypto/libsha2/sha2.h create mode 100644 src/libcrypto/libtwofish/twofish.c create mode 100644 src/libcrypto/libtwofish/twofish.h create mode 100644 src/libcrypto/libtwofish/twofish_cbc.c create mode 100644 src/libcrypto/libtwofish/twofish_cbc.h create mode 100644 src/libfreeswan/Makefile.am create mode 100644 src/libfreeswan/Makefile.in create mode 100644 src/libfreeswan/addrtoa.c create mode 100644 src/libfreeswan/addrtot.c create mode 100644 src/libfreeswan/addrtypeof.c create mode 100644 src/libfreeswan/anyaddr.3 create mode 100644 src/libfreeswan/anyaddr.c create mode 100644 src/libfreeswan/atoaddr.3 create mode 100644 src/libfreeswan/atoaddr.c create mode 100644 src/libfreeswan/atoasr.3 create mode 100644 src/libfreeswan/atoasr.c create mode 100644 src/libfreeswan/atosa.3 create mode 100644 src/libfreeswan/atosa.c create mode 100644 src/libfreeswan/atosubnet.c create mode 100644 src/libfreeswan/atoul.3 create mode 100644 src/libfreeswan/atoul.c create mode 100644 src/libfreeswan/copyright.c create mode 100644 src/libfreeswan/datatot.c create mode 100644 src/libfreeswan/freeswan.h create mode 100644 src/libfreeswan/goodmask.3 create mode 100644 src/libfreeswan/goodmask.c create mode 100644 src/libfreeswan/initaddr.3 create mode 100644 src/libfreeswan/initaddr.c create mode 100644 src/libfreeswan/initsaid.c create mode 100644 src/libfreeswan/initsubnet.3 create mode 100644 src/libfreeswan/initsubnet.c create mode 100644 src/libfreeswan/internal.h create mode 100644 src/libfreeswan/ipcomp.h create mode 100644 src/libfreeswan/ipsec_ah.h create mode 100644 src/libfreeswan/ipsec_alg.h create mode 100644 src/libfreeswan/ipsec_encap.h create mode 100644 src/libfreeswan/ipsec_eroute.h create mode 100644 src/libfreeswan/ipsec_errs.h create mode 100644 src/libfreeswan/ipsec_esp.h create mode 100644 src/libfreeswan/ipsec_ipe4.h create mode 100644 src/libfreeswan/ipsec_kversion.h create mode 100644 src/libfreeswan/ipsec_life.h create mode 100644 src/libfreeswan/ipsec_md5h.h create mode 100644 src/libfreeswan/ipsec_param.h create mode 100644 src/libfreeswan/ipsec_policy.h create mode 100644 src/libfreeswan/ipsec_proto.h create mode 100644 src/libfreeswan/ipsec_radij.h create mode 100644 src/libfreeswan/ipsec_rcv.h create mode 100644 src/libfreeswan/ipsec_sa.h create mode 100644 src/libfreeswan/ipsec_sha1.h create mode 100644 src/libfreeswan/ipsec_stats.h create mode 100644 src/libfreeswan/ipsec_tunnel.h create mode 100644 src/libfreeswan/ipsec_xform.h create mode 100644 src/libfreeswan/ipsec_xmit.h create mode 100644 src/libfreeswan/keyblobtoid.3 create mode 100644 src/libfreeswan/keyblobtoid.c create mode 100644 src/libfreeswan/optionsfrom.3 create mode 100644 src/libfreeswan/optionsfrom.c create mode 100644 src/libfreeswan/pfkey.h create mode 100644 src/libfreeswan/pfkey_v2_build.c create mode 100644 src/libfreeswan/pfkey_v2_debug.c create mode 100644 src/libfreeswan/pfkey_v2_ext_bits.c create mode 100644 src/libfreeswan/pfkey_v2_parse.c create mode 100644 src/libfreeswan/pfkeyv2.h create mode 100644 src/libfreeswan/portof.3 create mode 100644 src/libfreeswan/portof.c create mode 100644 src/libfreeswan/prng.3 create mode 100644 src/libfreeswan/prng.c create mode 100644 src/libfreeswan/radij.h create mode 100644 src/libfreeswan/rangetoa.c create mode 100644 src/libfreeswan/rangetosubnet.3 create mode 100644 src/libfreeswan/rangetosubnet.c create mode 100644 src/libfreeswan/sameaddr.3 create mode 100644 src/libfreeswan/sameaddr.c create mode 100644 src/libfreeswan/satoa.c create mode 100644 src/libfreeswan/satot.c create mode 100644 src/libfreeswan/subnetof.3 create mode 100644 src/libfreeswan/subnetof.c create mode 100644 src/libfreeswan/subnettoa.c create mode 100644 src/libfreeswan/subnettot.c create mode 100644 src/libfreeswan/subnettypeof.c create mode 100644 src/libfreeswan/ttoaddr.3 create mode 100644 src/libfreeswan/ttoaddr.c create mode 100644 src/libfreeswan/ttodata.3 create mode 100644 src/libfreeswan/ttodata.c create mode 100644 src/libfreeswan/ttoprotoport.c create mode 100644 src/libfreeswan/ttosa.3 create mode 100644 src/libfreeswan/ttosa.c create mode 100644 src/libfreeswan/ttosubnet.c create mode 100644 src/libfreeswan/ttoul.3 create mode 100644 src/libfreeswan/ttoul.c create mode 100644 src/libfreeswan/ultoa.c create mode 100644 src/libfreeswan/ultot.c create mode 100644 src/libfreeswan/version.3 create mode 100644 src/libfreeswan/version.c create mode 100644 src/libstrongswan/Makefile.am create mode 100644 src/libstrongswan/Makefile.in create mode 100644 src/libstrongswan/asn1/asn1.c create mode 100644 src/libstrongswan/asn1/asn1.h create mode 100644 src/libstrongswan/asn1/oid.c create mode 100644 src/libstrongswan/asn1/oid.h create mode 100644 src/libstrongswan/asn1/oid.pl create mode 100644 src/libstrongswan/asn1/oid.txt create mode 100755 src/libstrongswan/asn1/pem.c create mode 100755 src/libstrongswan/asn1/pem.h create mode 100644 src/libstrongswan/asn1/ttodata.c create mode 100644 src/libstrongswan/asn1/ttodata.h create mode 100644 src/libstrongswan/chunk.c create mode 100644 src/libstrongswan/chunk.h create mode 100755 src/libstrongswan/credential_store.h create mode 100644 src/libstrongswan/crypto/ca.c create mode 100644 src/libstrongswan/crypto/ca.h create mode 100644 src/libstrongswan/crypto/certinfo.c create mode 100644 src/libstrongswan/crypto/certinfo.h create mode 100755 src/libstrongswan/crypto/crl.c create mode 100755 src/libstrongswan/crypto/crl.h create mode 100644 src/libstrongswan/crypto/crypters/aes_cbc_crypter.c create mode 100644 src/libstrongswan/crypto/crypters/aes_cbc_crypter.h create mode 100644 src/libstrongswan/crypto/crypters/crypter.c create mode 100644 src/libstrongswan/crypto/crypters/crypter.h create mode 100644 src/libstrongswan/crypto/crypters/des_crypter.c create mode 100644 src/libstrongswan/crypto/crypters/des_crypter.h create mode 100644 src/libstrongswan/crypto/diffie_hellman.c create mode 100644 src/libstrongswan/crypto/diffie_hellman.h create mode 100644 src/libstrongswan/crypto/hashers/hasher.c create mode 100644 src/libstrongswan/crypto/hashers/hasher.h create mode 100644 src/libstrongswan/crypto/hashers/md5_hasher.c create mode 100644 src/libstrongswan/crypto/hashers/md5_hasher.h create mode 100644 src/libstrongswan/crypto/hashers/sha1_hasher.c create mode 100644 src/libstrongswan/crypto/hashers/sha1_hasher.h create mode 100644 src/libstrongswan/crypto/hashers/sha2_hasher.c create mode 100644 src/libstrongswan/crypto/hashers/sha2_hasher.h create mode 100644 src/libstrongswan/crypto/hmac.c create mode 100644 src/libstrongswan/crypto/hmac.h create mode 100644 src/libstrongswan/crypto/ocsp.c create mode 100644 src/libstrongswan/crypto/ocsp.h create mode 100644 src/libstrongswan/crypto/prf_plus.c create mode 100644 src/libstrongswan/crypto/prf_plus.h create mode 100644 src/libstrongswan/crypto/prfs/fips_prf.c create mode 100644 src/libstrongswan/crypto/prfs/fips_prf.h create mode 100644 src/libstrongswan/crypto/prfs/hmac_prf.c create mode 100644 src/libstrongswan/crypto/prfs/hmac_prf.h create mode 100644 src/libstrongswan/crypto/prfs/prf.c create mode 100644 src/libstrongswan/crypto/prfs/prf.h create mode 100644 src/libstrongswan/crypto/rsa/rsa_private_key.c create mode 100644 src/libstrongswan/crypto/rsa/rsa_private_key.h create mode 100644 src/libstrongswan/crypto/rsa/rsa_public_key.c create mode 100644 src/libstrongswan/crypto/rsa/rsa_public_key.h create mode 100644 src/libstrongswan/crypto/signers/hmac_signer.c create mode 100644 src/libstrongswan/crypto/signers/hmac_signer.h create mode 100644 src/libstrongswan/crypto/signers/signer.c create mode 100644 src/libstrongswan/crypto/signers/signer.h create mode 100755 src/libstrongswan/crypto/x509.c create mode 100755 src/libstrongswan/crypto/x509.h create mode 100644 src/libstrongswan/debug.c create mode 100644 src/libstrongswan/debug.h create mode 100644 src/libstrongswan/enum.c create mode 100644 src/libstrongswan/enum.h create mode 100644 src/libstrongswan/library.c create mode 100644 src/libstrongswan/library.h create mode 100644 src/libstrongswan/printf_hook.c create mode 100644 src/libstrongswan/printf_hook.h create mode 100644 src/libstrongswan/utils/fetcher.c create mode 100644 src/libstrongswan/utils/fetcher.h create mode 100644 src/libstrongswan/utils/host.c create mode 100644 src/libstrongswan/utils/host.h create mode 100644 src/libstrongswan/utils/identification.c create mode 100644 src/libstrongswan/utils/identification.h create mode 100644 src/libstrongswan/utils/iterator.h create mode 100644 src/libstrongswan/utils/leak_detective.c create mode 100644 src/libstrongswan/utils/leak_detective.h create mode 100644 src/libstrongswan/utils/lexparser.c create mode 100644 src/libstrongswan/utils/lexparser.h create mode 100644 src/libstrongswan/utils/linked_list.c create mode 100644 src/libstrongswan/utils/linked_list.h create mode 100644 src/libstrongswan/utils/randomizer.c create mode 100644 src/libstrongswan/utils/randomizer.h create mode 100644 src/openac/Makefile.am create mode 100644 src/openac/Makefile.in create mode 100644 src/openac/build.c create mode 100644 src/openac/build.h create mode 100644 src/openac/loglite.c create mode 100644 src/openac/openac.8 create mode 100755 src/openac/openac.c create mode 100644 src/pluto/Makefile.am create mode 100644 src/pluto/Makefile.in create mode 100644 src/pluto/TODO create mode 100644 src/pluto/ac.c create mode 100644 src/pluto/ac.h create mode 100644 src/pluto/adns.c create mode 100644 src/pluto/adns.h create mode 100644 src/pluto/alg/ike_alg_aes.c create mode 100644 src/pluto/alg/ike_alg_blowfish.c create mode 100644 src/pluto/alg/ike_alg_serpent.c create mode 100644 src/pluto/alg/ike_alg_sha2.c create mode 100644 src/pluto/alg/ike_alg_twofish.c create mode 100644 src/pluto/alg/ike_alginit.c create mode 100644 src/pluto/alg_info.c create mode 100644 src/pluto/alg_info.h create mode 100644 src/pluto/asn1.c create mode 100644 src/pluto/asn1.h create mode 100644 src/pluto/ca.c create mode 100644 src/pluto/ca.h create mode 100644 src/pluto/certs.c create mode 100644 src/pluto/certs.h create mode 100644 src/pluto/connections.c create mode 100644 src/pluto/connections.h create mode 100644 src/pluto/constants.c create mode 100644 src/pluto/constants.h create mode 100644 src/pluto/cookie.c create mode 100644 src/pluto/cookie.h create mode 100644 src/pluto/crl.c create mode 100644 src/pluto/crl.h create mode 100644 src/pluto/crypto.c create mode 100644 src/pluto/crypto.h create mode 100644 src/pluto/db_ops.c create mode 100644 src/pluto/db_ops.h create mode 100644 src/pluto/defs.c create mode 100644 src/pluto/defs.h create mode 100644 src/pluto/demux.c create mode 100644 src/pluto/demux.h create mode 100644 src/pluto/dnskey.c create mode 100644 src/pluto/dnskey.h create mode 100644 src/pluto/dsa.c create mode 100644 src/pluto/dsa.h create mode 100644 src/pluto/elgamal.c create mode 100644 src/pluto/elgamal.h create mode 100644 src/pluto/fetch.c create mode 100644 src/pluto/fetch.h create mode 100644 src/pluto/foodgroups.c create mode 100644 src/pluto/foodgroups.h create mode 100644 src/pluto/gcryptfix.c create mode 100644 src/pluto/gcryptfix.h create mode 100644 src/pluto/id.c create mode 100644 src/pluto/id.h create mode 100644 src/pluto/ike_alg.c create mode 100644 src/pluto/ike_alg.h create mode 100644 src/pluto/ipsec.secrets.5 create mode 100644 src/pluto/ipsec_doi.c create mode 100644 src/pluto/ipsec_doi.h create mode 100644 src/pluto/kameipsec.h create mode 100644 src/pluto/kernel.c create mode 100644 src/pluto/kernel.h create mode 100644 src/pluto/kernel_alg.c create mode 100644 src/pluto/kernel_alg.h create mode 100644 src/pluto/kernel_netlink.c create mode 100644 src/pluto/kernel_netlink.h create mode 100644 src/pluto/kernel_noklips.c create mode 100644 src/pluto/kernel_noklips.h create mode 100644 src/pluto/kernel_pfkey.c create mode 100644 src/pluto/kernel_pfkey.h create mode 100644 src/pluto/keys.c create mode 100644 src/pluto/keys.h create mode 100644 src/pluto/lex.c create mode 100644 src/pluto/lex.h create mode 100644 src/pluto/linux26/netlink.h create mode 100644 src/pluto/linux26/rtnetlink.h create mode 100644 src/pluto/linux26/xfrm.h create mode 100644 src/pluto/log.c create mode 100644 src/pluto/log.h create mode 100644 src/pluto/md2.c create mode 100644 src/pluto/md2.h create mode 100644 src/pluto/md5.c create mode 100644 src/pluto/md5.h create mode 100644 src/pluto/modecfg.c create mode 100644 src/pluto/modecfg.h create mode 100644 src/pluto/mp_defs.c create mode 100644 src/pluto/mp_defs.h create mode 100644 src/pluto/nat_traversal.c create mode 100644 src/pluto/nat_traversal.h create mode 100644 src/pluto/ocsp.c create mode 100644 src/pluto/ocsp.h create mode 100644 src/pluto/oid.c create mode 100644 src/pluto/oid.h create mode 100644 src/pluto/oid.pl create mode 100644 src/pluto/oid.txt create mode 100644 src/pluto/packet.c create mode 100644 src/pluto/packet.h create mode 100644 src/pluto/pem.c create mode 100644 src/pluto/pem.h create mode 100644 src/pluto/pgp.c create mode 100644 src/pluto/pgp.h create mode 100644 src/pluto/pkcs1.c create mode 100644 src/pluto/pkcs1.h create mode 100644 src/pluto/pkcs7.c create mode 100644 src/pluto/pkcs7.h create mode 100644 src/pluto/pluto.8 create mode 100644 src/pluto/plutomain.c create mode 100644 src/pluto/primegen.c create mode 100644 src/pluto/rcv_whack.c create mode 100644 src/pluto/rcv_whack.h create mode 100644 src/pluto/rnd.c create mode 100644 src/pluto/rnd.h create mode 100644 src/pluto/rsaref/pkcs11.h create mode 100644 src/pluto/rsaref/pkcs11f.h create mode 100644 src/pluto/rsaref/pkcs11t.h create mode 100644 src/pluto/rsaref/unix.h create mode 100644 src/pluto/server.c create mode 100644 src/pluto/server.h create mode 100644 src/pluto/sha1.c create mode 100644 src/pluto/sha1.h create mode 100644 src/pluto/smallprime.c create mode 100644 src/pluto/smartcard.c create mode 100644 src/pluto/smartcard.h create mode 100644 src/pluto/spdb.c create mode 100644 src/pluto/spdb.h create mode 100644 src/pluto/state.c create mode 100644 src/pluto/state.h create mode 100644 src/pluto/timer.c create mode 100644 src/pluto/timer.h create mode 100644 src/pluto/vendor.c create mode 100644 src/pluto/vendor.h create mode 100644 src/pluto/virtual.c create mode 100644 src/pluto/virtual.h create mode 100644 src/pluto/x509.c create mode 100644 src/pluto/x509.h create mode 100644 src/pluto/xauth.c create mode 100644 src/pluto/xauth.h create mode 100644 src/scepclient/Makefile.am create mode 100644 src/scepclient/Makefile.in create mode 100644 src/scepclient/pkcs10.c create mode 100644 src/scepclient/pkcs10.h create mode 100644 src/scepclient/rsakey.c create mode 100644 src/scepclient/rsakey.h create mode 100644 src/scepclient/scep.c create mode 100644 src/scepclient/scep.h create mode 100644 src/scepclient/scepclient.8 create mode 100644 src/scepclient/scepclient.c create mode 100644 src/starter/Makefile.am create mode 100644 src/starter/Makefile.in create mode 100644 src/starter/README create mode 100644 src/starter/args.c create mode 100644 src/starter/args.h create mode 100644 src/starter/cmp.c create mode 100644 src/starter/cmp.h create mode 100644 src/starter/confread.c create mode 100644 src/starter/confread.h create mode 100644 src/starter/exec.c create mode 100644 src/starter/exec.h create mode 100644 src/starter/files.h create mode 100644 src/starter/interfaces.c create mode 100644 src/starter/interfaces.h create mode 100644 src/starter/invokecharon.c create mode 100644 src/starter/invokecharon.h create mode 100644 src/starter/invokepluto.c create mode 100644 src/starter/invokepluto.h create mode 100644 src/starter/ipsec.conf create mode 100644 src/starter/ipsec.conf.5 create mode 100644 src/starter/keywords.c create mode 100644 src/starter/keywords.h create mode 100644 src/starter/keywords.txt create mode 100644 src/starter/lex.yy.c create mode 100644 src/starter/netkey.c create mode 100644 src/starter/netkey.h create mode 100644 src/starter/parser.h create mode 100644 src/starter/parser.l create mode 100644 src/starter/parser.y create mode 100644 src/starter/starter.c create mode 100644 src/starter/starterstroke.c create mode 100644 src/starter/starterstroke.h create mode 100644 src/starter/starterwhack.c create mode 100644 src/starter/starterwhack.h create mode 100644 src/starter/y.tab.c create mode 100644 src/starter/y.tab.h create mode 100644 src/stroke/Makefile.am create mode 100644 src/stroke/Makefile.in create mode 100644 src/stroke/stroke.c create mode 100644 src/stroke/stroke.h create mode 100644 src/stroke/stroke_keywords.c create mode 100644 src/stroke/stroke_keywords.h create mode 100644 src/stroke/stroke_keywords.txt create mode 100644 src/whack/Makefile.am create mode 100644 src/whack/Makefile.in create mode 100644 src/whack/whack.c create mode 100644 src/whack/whack.h create mode 100644 testing/hosts/winnetou/etc/apache2/httpd.conf create mode 100644 testing/hosts/winnetou/etc/apache2/vhosts.d/01_ocsp_vhost.conf create mode 100644 testing/hosts/winnetou/etc/openssl/newcerts/13.pem create mode 100755 testing/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi create mode 100644 testing/hosts/winnetou/etc/openssl/ocspCert-self.pem create mode 100644 testing/hosts/winnetou/etc/openssl/ocspKey-self.pem create mode 100644 testing/hosts/winnetou/etc/openssl/research/newcerts/03.pem create mode 100755 testing/hosts/winnetou/etc/openssl/research/ocsp/ocsp.cgi create mode 100644 testing/hosts/winnetou/etc/openssl/research/ocspCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/research/ocspKey.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sales/newcerts/03.pem create mode 100755 testing/hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi create mode 100644 testing/hosts/winnetou/etc/openssl/sales/ocspCert.pem create mode 100644 testing/hosts/winnetou/etc/openssl/sales/ocspKey.pem delete mode 100755 testing/hosts/winnetou/etc/openssl/start-ocsp create mode 100755 testing/scripts/install-shared create mode 100755 testing/scripts/shutdown-umls delete mode 100644 testing/tests/alg-blowfish/description.txt delete mode 100644 testing/tests/alg-blowfish/evaltest.dat delete mode 100755 testing/tests/alg-blowfish/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/alg-blowfish/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/alg-blowfish/posttest.dat delete mode 100644 testing/tests/alg-blowfish/pretest.dat delete mode 100644 testing/tests/alg-blowfish/test.conf delete mode 100644 testing/tests/alg-serpent/description.txt delete mode 100644 testing/tests/alg-serpent/evaltest.dat delete mode 100755 testing/tests/alg-serpent/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/alg-serpent/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/alg-serpent/posttest.dat delete mode 100644 testing/tests/alg-serpent/pretest.dat delete mode 100644 testing/tests/alg-serpent/test.conf delete mode 100644 testing/tests/alg-sha-equals-sha1/description.txt delete mode 100644 testing/tests/alg-sha-equals-sha1/evaltest.dat delete mode 100755 testing/tests/alg-sha-equals-sha1/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/alg-sha-equals-sha1/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/alg-sha-equals-sha1/posttest.dat delete mode 100644 testing/tests/alg-sha-equals-sha1/pretest.dat delete mode 100644 testing/tests/alg-sha-equals-sha1/test.conf delete mode 100644 testing/tests/alg-sha2_256/description.txt delete mode 100644 testing/tests/alg-sha2_256/evaltest.dat delete mode 100755 testing/tests/alg-sha2_256/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/alg-sha2_256/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/alg-sha2_256/posttest.dat delete mode 100644 testing/tests/alg-sha2_256/pretest.dat delete mode 100644 testing/tests/alg-sha2_256/test.conf delete mode 100644 testing/tests/alg-twofish/description.txt delete mode 100644 testing/tests/alg-twofish/evaltest.dat delete mode 100755 testing/tests/alg-twofish/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/alg-twofish/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/alg-twofish/posttest.dat delete mode 100644 testing/tests/alg-twofish/pretest.dat delete mode 100644 testing/tests/alg-twofish/test.conf delete mode 100644 testing/tests/attr-cert/description.txt delete mode 100644 testing/tests/attr-cert/evaltest.dat delete mode 100755 testing/tests/attr-cert/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/attr-cert/hosts/dave/etc/ipsec.conf delete mode 100755 testing/tests/attr-cert/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem delete mode 100644 testing/tests/attr-cert/hosts/moon/etc/openac/aaKey.pem delete mode 100644 testing/tests/attr-cert/hosts/moon/etc/openac/carolCert.pem delete mode 100644 testing/tests/attr-cert/hosts/moon/etc/openac/daveCert.pem delete mode 100644 testing/tests/attr-cert/hosts/moon/etc/openac/default.conf delete mode 100644 testing/tests/attr-cert/posttest.dat delete mode 100644 testing/tests/attr-cert/pretest.dat delete mode 100644 testing/tests/attr-cert/test.conf delete mode 100644 testing/tests/compress/description.txt delete mode 100644 testing/tests/compress/evaltest.dat delete mode 100755 testing/tests/compress/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/compress/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/compress/posttest.dat delete mode 100644 testing/tests/compress/pretest.dat delete mode 100644 testing/tests/compress/test.conf delete mode 100644 testing/tests/crl-from-cache/description.txt delete mode 100644 testing/tests/crl-from-cache/evaltest.dat delete mode 100755 testing/tests/crl-from-cache/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/crl-from-cache/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/crl-from-cache/posttest.dat delete mode 100644 testing/tests/crl-from-cache/pretest.dat delete mode 100644 testing/tests/crl-from-cache/test.conf delete mode 100644 testing/tests/crl-ldap/description.txt delete mode 100644 testing/tests/crl-ldap/evaltest.dat delete mode 100755 testing/tests/crl-ldap/hosts/carol/etc/init.d/iptables delete mode 100755 testing/tests/crl-ldap/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/crl-ldap/hosts/carol/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl delete mode 100755 testing/tests/crl-ldap/hosts/moon/etc/init.d/iptables delete mode 100755 testing/tests/crl-ldap/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/crl-ldap/hosts/moon/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl delete mode 100644 testing/tests/crl-ldap/posttest.dat delete mode 100644 testing/tests/crl-ldap/pretest.dat delete mode 100644 testing/tests/crl-ldap/test.conf delete mode 100644 testing/tests/crl-revoked/description.txt delete mode 100644 testing/tests/crl-revoked/evaltest.dat delete mode 100755 testing/tests/crl-revoked/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem delete mode 100644 testing/tests/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem delete mode 100644 testing/tests/crl-revoked/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/crl-revoked/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/crl-revoked/posttest.dat delete mode 100644 testing/tests/crl-revoked/pretest.dat delete mode 100644 testing/tests/crl-revoked/test.conf delete mode 100644 testing/tests/crl-strict/description.txt delete mode 100644 testing/tests/crl-strict/evaltest.dat delete mode 100755 testing/tests/crl-strict/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/crl-strict/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/crl-strict/posttest.dat delete mode 100644 testing/tests/crl-strict/pretest.dat delete mode 100644 testing/tests/crl-strict/test.conf delete mode 100644 testing/tests/crl-to-cache/description.txt delete mode 100644 testing/tests/crl-to-cache/evaltest.dat delete mode 100755 testing/tests/crl-to-cache/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/crl-to-cache/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/crl-to-cache/posttest.dat delete mode 100644 testing/tests/crl-to-cache/pretest.dat delete mode 100644 testing/tests/crl-to-cache/test.conf delete mode 100644 testing/tests/default-keys/description.txt delete mode 100644 testing/tests/default-keys/evaltest.dat delete mode 100755 testing/tests/default-keys/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/default-keys/hosts/moon/etc/init.d/iptables delete mode 100755 testing/tests/default-keys/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/default-keys/posttest.dat delete mode 100644 testing/tests/default-keys/pretest.dat delete mode 100644 testing/tests/default-keys/test.conf delete mode 100644 testing/tests/double-nat-net/description.txt delete mode 100644 testing/tests/double-nat-net/evaltest.dat delete mode 100755 testing/tests/double-nat-net/hosts/alice/etc/ipsec.conf delete mode 100755 testing/tests/double-nat-net/hosts/bob/etc/ipsec.conf delete mode 100644 testing/tests/double-nat-net/posttest.dat delete mode 100644 testing/tests/double-nat-net/pretest.dat delete mode 100644 testing/tests/double-nat-net/test.conf delete mode 100644 testing/tests/double-nat/description.txt delete mode 100644 testing/tests/double-nat/evaltest.dat delete mode 100755 testing/tests/double-nat/hosts/alice/etc/ipsec.conf delete mode 100644 testing/tests/double-nat/posttest.dat delete mode 100644 testing/tests/double-nat/pretest.dat delete mode 100644 testing/tests/double-nat/test.conf delete mode 100644 testing/tests/dpd-clear/description.txt delete mode 100644 testing/tests/dpd-clear/evaltest.dat delete mode 100755 testing/tests/dpd-clear/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/dpd-clear/posttest.dat delete mode 100644 testing/tests/dpd-clear/pretest.dat delete mode 100644 testing/tests/dpd-clear/test.conf delete mode 100644 testing/tests/esp-ah-transport/description.txt delete mode 100644 testing/tests/esp-ah-transport/evaltest.dat delete mode 100755 testing/tests/esp-ah-transport/hosts/carol/etc/init.d/iptables delete mode 100755 testing/tests/esp-ah-transport/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/esp-ah-transport/hosts/moon/etc/init.d/iptables delete mode 100755 testing/tests/esp-ah-transport/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/esp-ah-transport/posttest.dat delete mode 100644 testing/tests/esp-ah-transport/pretest.dat delete mode 100644 testing/tests/esp-ah-transport/test.conf delete mode 100644 testing/tests/esp-ah-tunnel/description.txt delete mode 100644 testing/tests/esp-ah-tunnel/evaltest.dat delete mode 100755 testing/tests/esp-ah-tunnel/hosts/carol/etc/init.d/iptables delete mode 100755 testing/tests/esp-ah-tunnel/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/esp-ah-tunnel/hosts/moon/etc/init.d/iptables delete mode 100755 testing/tests/esp-ah-tunnel/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/esp-ah-tunnel/posttest.dat delete mode 100644 testing/tests/esp-ah-tunnel/pretest.dat delete mode 100644 testing/tests/esp-ah-tunnel/test.conf delete mode 100644 testing/tests/esp-alg-des/description.txt delete mode 100644 testing/tests/esp-alg-des/evaltest.dat delete mode 100755 testing/tests/esp-alg-des/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/esp-alg-des/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/esp-alg-des/posttest.dat delete mode 100644 testing/tests/esp-alg-des/pretest.dat delete mode 100644 testing/tests/esp-alg-des/test.conf delete mode 100644 testing/tests/esp-alg-null/description.txt delete mode 100644 testing/tests/esp-alg-null/evaltest.dat delete mode 100755 testing/tests/esp-alg-null/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/esp-alg-null/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/esp-alg-null/posttest.dat delete mode 100644 testing/tests/esp-alg-null/pretest.dat delete mode 100644 testing/tests/esp-alg-null/test.conf delete mode 100644 testing/tests/esp-alg-strict-fail/description.txt delete mode 100644 testing/tests/esp-alg-strict-fail/evaltest.dat delete mode 100755 testing/tests/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/esp-alg-strict-fail/posttest.dat delete mode 100644 testing/tests/esp-alg-strict-fail/pretest.dat delete mode 100644 testing/tests/esp-alg-strict-fail/test.conf delete mode 100644 testing/tests/esp-alg-strict/description.txt delete mode 100644 testing/tests/esp-alg-strict/evaltest.dat delete mode 100755 testing/tests/esp-alg-strict/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/esp-alg-strict/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/esp-alg-strict/posttest.dat delete mode 100644 testing/tests/esp-alg-strict/pretest.dat delete mode 100644 testing/tests/esp-alg-strict/test.conf delete mode 100644 testing/tests/esp-alg-weak/description.txt delete mode 100644 testing/tests/esp-alg-weak/evaltest.dat delete mode 100755 testing/tests/esp-alg-weak/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/esp-alg-weak/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/esp-alg-weak/posttest.dat delete mode 100644 testing/tests/esp-alg-weak/pretest.dat delete mode 100644 testing/tests/esp-alg-weak/test.conf delete mode 100644 testing/tests/host2host-cert/description.txt delete mode 100644 testing/tests/host2host-cert/evaltest.dat delete mode 100644 testing/tests/host2host-cert/posttest.dat delete mode 100644 testing/tests/host2host-cert/pretest.dat delete mode 100644 testing/tests/host2host-cert/test.conf delete mode 100644 testing/tests/host2host-swapped/description.txt delete mode 100644 testing/tests/host2host-swapped/evaltest.dat delete mode 100755 testing/tests/host2host-swapped/hosts/moon/etc/ipsec.conf delete mode 100755 testing/tests/host2host-swapped/hosts/sun/etc/ipsec.conf delete mode 100644 testing/tests/host2host-swapped/posttest.dat delete mode 100644 testing/tests/host2host-swapped/pretest.dat delete mode 100644 testing/tests/host2host-swapped/test.conf delete mode 100644 testing/tests/host2host-transport/description.txt delete mode 100644 testing/tests/host2host-transport/evaltest.dat delete mode 100755 testing/tests/host2host-transport/hosts/moon/etc/ipsec.conf delete mode 100755 testing/tests/host2host-transport/hosts/sun/etc/ipsec.conf delete mode 100644 testing/tests/host2host-transport/posttest.dat delete mode 100644 testing/tests/host2host-transport/pretest.dat delete mode 100644 testing/tests/host2host-transport/test.conf delete mode 100644 testing/tests/ike-alg-sha2_384/description.txt delete mode 100644 testing/tests/ike-alg-sha2_384/evaltest.dat delete mode 100755 testing/tests/ike-alg-sha2_384/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/ike-alg-sha2_384/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ike-alg-sha2_384/posttest.dat delete mode 100644 testing/tests/ike-alg-sha2_384/pretest.dat delete mode 100644 testing/tests/ike-alg-sha2_384/test.conf delete mode 100644 testing/tests/ike-alg-sha2_512/description.txt delete mode 100644 testing/tests/ike-alg-sha2_512/evaltest.dat delete mode 100755 testing/tests/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ike-alg-sha2_512/posttest.dat delete mode 100644 testing/tests/ike-alg-sha2_512/pretest.dat delete mode 100644 testing/tests/ike-alg-sha2_512/test.conf delete mode 100644 testing/tests/ike-alg-strict-fail/description.txt delete mode 100644 testing/tests/ike-alg-strict-fail/evaltest.dat delete mode 100755 testing/tests/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ike-alg-strict-fail/posttest.dat delete mode 100644 testing/tests/ike-alg-strict-fail/pretest.dat delete mode 100644 testing/tests/ike-alg-strict-fail/test.conf delete mode 100644 testing/tests/ike-alg-strict/description.txt delete mode 100644 testing/tests/ike-alg-strict/evaltest.dat delete mode 100755 testing/tests/ike-alg-strict/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/ike-alg-strict/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ike-alg-strict/posttest.dat delete mode 100644 testing/tests/ike-alg-strict/pretest.dat delete mode 100644 testing/tests/ike-alg-strict/test.conf create mode 100644 testing/tests/ike/rw-cert/description.txt create mode 100644 testing/tests/ike/rw-cert/evaltest.dat create mode 100755 testing/tests/ike/rw-cert/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ike/rw-cert/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ike/rw-cert/posttest.dat create mode 100644 testing/tests/ike/rw-cert/pretest.dat create mode 100644 testing/tests/ike/rw-cert/test.conf create mode 100644 testing/tests/ike/rw_v1-net_v2/description.txt create mode 100644 testing/tests/ike/rw_v1-net_v2/evaltest.dat create mode 100755 testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ike/rw_v1-net_v2/posttest.dat create mode 100644 testing/tests/ike/rw_v1-net_v2/pretest.dat create mode 100644 testing/tests/ike/rw_v1-net_v2/test.conf create mode 100644 testing/tests/ikev1/alg-blowfish/description.txt create mode 100644 testing/tests/ikev1/alg-blowfish/evaltest.dat create mode 100755 testing/tests/ikev1/alg-blowfish/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/alg-blowfish/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/alg-blowfish/posttest.dat create mode 100644 testing/tests/ikev1/alg-blowfish/pretest.dat create mode 100644 testing/tests/ikev1/alg-blowfish/test.conf create mode 100644 testing/tests/ikev1/alg-serpent/description.txt create mode 100644 testing/tests/ikev1/alg-serpent/evaltest.dat create mode 100755 testing/tests/ikev1/alg-serpent/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/alg-serpent/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/alg-serpent/posttest.dat create mode 100644 testing/tests/ikev1/alg-serpent/pretest.dat create mode 100644 testing/tests/ikev1/alg-serpent/test.conf create mode 100644 testing/tests/ikev1/alg-sha-equals-sha1/description.txt create mode 100644 testing/tests/ikev1/alg-sha-equals-sha1/evaltest.dat create mode 100755 testing/tests/ikev1/alg-sha-equals-sha1/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/alg-sha-equals-sha1/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/alg-sha-equals-sha1/posttest.dat create mode 100644 testing/tests/ikev1/alg-sha-equals-sha1/pretest.dat create mode 100644 testing/tests/ikev1/alg-sha-equals-sha1/test.conf create mode 100644 testing/tests/ikev1/alg-sha2_256/description.txt create mode 100644 testing/tests/ikev1/alg-sha2_256/evaltest.dat create mode 100755 testing/tests/ikev1/alg-sha2_256/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/alg-sha2_256/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/alg-sha2_256/posttest.dat create mode 100644 testing/tests/ikev1/alg-sha2_256/pretest.dat create mode 100644 testing/tests/ikev1/alg-sha2_256/test.conf create mode 100644 testing/tests/ikev1/alg-twofish/description.txt create mode 100644 testing/tests/ikev1/alg-twofish/evaltest.dat create mode 100755 testing/tests/ikev1/alg-twofish/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/alg-twofish/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/alg-twofish/posttest.dat create mode 100644 testing/tests/ikev1/alg-twofish/pretest.dat create mode 100644 testing/tests/ikev1/alg-twofish/test.conf create mode 100644 testing/tests/ikev1/attr-cert/description.txt create mode 100644 testing/tests/ikev1/attr-cert/evaltest.dat create mode 100755 testing/tests/ikev1/attr-cert/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/attr-cert/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem create mode 100644 testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem create mode 100644 testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/carolCert.pem create mode 100644 testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/daveCert.pem create mode 100644 testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/default.conf create mode 100644 testing/tests/ikev1/attr-cert/posttest.dat create mode 100644 testing/tests/ikev1/attr-cert/pretest.dat create mode 100644 testing/tests/ikev1/attr-cert/test.conf create mode 100644 testing/tests/ikev1/compress/description.txt create mode 100644 testing/tests/ikev1/compress/evaltest.dat create mode 100755 testing/tests/ikev1/compress/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/compress/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/compress/posttest.dat create mode 100644 testing/tests/ikev1/compress/pretest.dat create mode 100644 testing/tests/ikev1/compress/test.conf create mode 100644 testing/tests/ikev1/crl-from-cache/description.txt create mode 100644 testing/tests/ikev1/crl-from-cache/evaltest.dat create mode 100755 testing/tests/ikev1/crl-from-cache/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/crl-from-cache/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/crl-from-cache/posttest.dat create mode 100644 testing/tests/ikev1/crl-from-cache/pretest.dat create mode 100644 testing/tests/ikev1/crl-from-cache/test.conf create mode 100644 testing/tests/ikev1/crl-ldap/description.txt create mode 100644 testing/tests/ikev1/crl-ldap/evaltest.dat create mode 100755 testing/tests/ikev1/crl-ldap/hosts/carol/etc/init.d/iptables create mode 100755 testing/tests/ikev1/crl-ldap/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/crl-ldap/hosts/carol/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl create mode 100755 testing/tests/ikev1/crl-ldap/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/crl-ldap/hosts/moon/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl create mode 100644 testing/tests/ikev1/crl-ldap/posttest.dat create mode 100644 testing/tests/ikev1/crl-ldap/pretest.dat create mode 100644 testing/tests/ikev1/crl-ldap/test.conf create mode 100644 testing/tests/ikev1/crl-revoked/description.txt create mode 100644 testing/tests/ikev1/crl-revoked/evaltest.dat create mode 100755 testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem create mode 100644 testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem create mode 100644 testing/tests/ikev1/crl-revoked/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/crl-revoked/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/crl-revoked/posttest.dat create mode 100644 testing/tests/ikev1/crl-revoked/pretest.dat create mode 100644 testing/tests/ikev1/crl-revoked/test.conf create mode 100644 testing/tests/ikev1/crl-strict/description.txt create mode 100644 testing/tests/ikev1/crl-strict/evaltest.dat create mode 100755 testing/tests/ikev1/crl-strict/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/crl-strict/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/crl-strict/posttest.dat create mode 100644 testing/tests/ikev1/crl-strict/pretest.dat create mode 100644 testing/tests/ikev1/crl-strict/test.conf create mode 100644 testing/tests/ikev1/crl-to-cache/description.txt create mode 100644 testing/tests/ikev1/crl-to-cache/evaltest.dat create mode 100755 testing/tests/ikev1/crl-to-cache/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/crl-to-cache/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/crl-to-cache/posttest.dat create mode 100644 testing/tests/ikev1/crl-to-cache/pretest.dat create mode 100644 testing/tests/ikev1/crl-to-cache/test.conf create mode 100644 testing/tests/ikev1/default-keys/description.txt create mode 100644 testing/tests/ikev1/default-keys/evaltest.dat create mode 100755 testing/tests/ikev1/default-keys/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/default-keys/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev1/default-keys/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/default-keys/posttest.dat create mode 100644 testing/tests/ikev1/default-keys/pretest.dat create mode 100644 testing/tests/ikev1/default-keys/test.conf create mode 100644 testing/tests/ikev1/double-nat-net/description.txt create mode 100644 testing/tests/ikev1/double-nat-net/evaltest.dat create mode 100755 testing/tests/ikev1/double-nat-net/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev1/double-nat-net/hosts/bob/etc/ipsec.conf create mode 100644 testing/tests/ikev1/double-nat-net/posttest.dat create mode 100644 testing/tests/ikev1/double-nat-net/pretest.dat create mode 100644 testing/tests/ikev1/double-nat-net/test.conf create mode 100644 testing/tests/ikev1/double-nat/description.txt create mode 100644 testing/tests/ikev1/double-nat/evaltest.dat create mode 100755 testing/tests/ikev1/double-nat/hosts/alice/etc/ipsec.conf create mode 100644 testing/tests/ikev1/double-nat/posttest.dat create mode 100644 testing/tests/ikev1/double-nat/pretest.dat create mode 100644 testing/tests/ikev1/double-nat/test.conf create mode 100644 testing/tests/ikev1/dpd-clear/description.txt create mode 100644 testing/tests/ikev1/dpd-clear/evaltest.dat create mode 100755 testing/tests/ikev1/dpd-clear/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/dpd-clear/posttest.dat create mode 100644 testing/tests/ikev1/dpd-clear/pretest.dat create mode 100644 testing/tests/ikev1/dpd-clear/test.conf create mode 100644 testing/tests/ikev1/esp-ah-transport/description.txt create mode 100644 testing/tests/ikev1/esp-ah-transport/evaltest.dat create mode 100755 testing/tests/ikev1/esp-ah-transport/hosts/carol/etc/init.d/iptables create mode 100755 testing/tests/ikev1/esp-ah-transport/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-ah-transport/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev1/esp-ah-transport/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-ah-transport/posttest.dat create mode 100644 testing/tests/ikev1/esp-ah-transport/pretest.dat create mode 100644 testing/tests/ikev1/esp-ah-transport/test.conf create mode 100644 testing/tests/ikev1/esp-ah-tunnel/description.txt create mode 100644 testing/tests/ikev1/esp-ah-tunnel/evaltest.dat create mode 100755 testing/tests/ikev1/esp-ah-tunnel/hosts/carol/etc/init.d/iptables create mode 100755 testing/tests/ikev1/esp-ah-tunnel/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-ah-tunnel/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev1/esp-ah-tunnel/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-ah-tunnel/posttest.dat create mode 100644 testing/tests/ikev1/esp-ah-tunnel/pretest.dat create mode 100644 testing/tests/ikev1/esp-ah-tunnel/test.conf create mode 100644 testing/tests/ikev1/esp-alg-des/description.txt create mode 100644 testing/tests/ikev1/esp-alg-des/evaltest.dat create mode 100755 testing/tests/ikev1/esp-alg-des/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-alg-des/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-alg-des/posttest.dat create mode 100644 testing/tests/ikev1/esp-alg-des/pretest.dat create mode 100644 testing/tests/ikev1/esp-alg-des/test.conf create mode 100644 testing/tests/ikev1/esp-alg-null/description.txt create mode 100644 testing/tests/ikev1/esp-alg-null/evaltest.dat create mode 100755 testing/tests/ikev1/esp-alg-null/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-alg-null/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-alg-null/posttest.dat create mode 100644 testing/tests/ikev1/esp-alg-null/pretest.dat create mode 100644 testing/tests/ikev1/esp-alg-null/test.conf create mode 100644 testing/tests/ikev1/esp-alg-strict-fail/description.txt create mode 100644 testing/tests/ikev1/esp-alg-strict-fail/evaltest.dat create mode 100755 testing/tests/ikev1/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-alg-strict-fail/posttest.dat create mode 100644 testing/tests/ikev1/esp-alg-strict-fail/pretest.dat create mode 100644 testing/tests/ikev1/esp-alg-strict-fail/test.conf create mode 100644 testing/tests/ikev1/esp-alg-strict/description.txt create mode 100644 testing/tests/ikev1/esp-alg-strict/evaltest.dat create mode 100755 testing/tests/ikev1/esp-alg-strict/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-alg-strict/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-alg-strict/posttest.dat create mode 100644 testing/tests/ikev1/esp-alg-strict/pretest.dat create mode 100644 testing/tests/ikev1/esp-alg-strict/test.conf create mode 100644 testing/tests/ikev1/esp-alg-weak/description.txt create mode 100644 testing/tests/ikev1/esp-alg-weak/evaltest.dat create mode 100755 testing/tests/ikev1/esp-alg-weak/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/esp-alg-weak/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/esp-alg-weak/posttest.dat create mode 100644 testing/tests/ikev1/esp-alg-weak/pretest.dat create mode 100644 testing/tests/ikev1/esp-alg-weak/test.conf create mode 100644 testing/tests/ikev1/host2host-cert/description.txt create mode 100644 testing/tests/ikev1/host2host-cert/evaltest.dat create mode 100644 testing/tests/ikev1/host2host-cert/posttest.dat create mode 100644 testing/tests/ikev1/host2host-cert/pretest.dat create mode 100644 testing/tests/ikev1/host2host-cert/test.conf create mode 100644 testing/tests/ikev1/host2host-swapped/description.txt create mode 100644 testing/tests/ikev1/host2host-swapped/evaltest.dat create mode 100755 testing/tests/ikev1/host2host-swapped/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev1/host2host-swapped/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/host2host-swapped/posttest.dat create mode 100644 testing/tests/ikev1/host2host-swapped/pretest.dat create mode 100644 testing/tests/ikev1/host2host-swapped/test.conf create mode 100644 testing/tests/ikev1/host2host-transport/description.txt create mode 100644 testing/tests/ikev1/host2host-transport/evaltest.dat create mode 100755 testing/tests/ikev1/host2host-transport/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev1/host2host-transport/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/host2host-transport/posttest.dat create mode 100644 testing/tests/ikev1/host2host-transport/pretest.dat create mode 100644 testing/tests/ikev1/host2host-transport/test.conf create mode 100644 testing/tests/ikev1/ike-alg-sha2_384/description.txt create mode 100644 testing/tests/ikev1/ike-alg-sha2_384/evaltest.dat create mode 100755 testing/tests/ikev1/ike-alg-sha2_384/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/ike-alg-sha2_384/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ike-alg-sha2_384/posttest.dat create mode 100644 testing/tests/ikev1/ike-alg-sha2_384/pretest.dat create mode 100644 testing/tests/ikev1/ike-alg-sha2_384/test.conf create mode 100644 testing/tests/ikev1/ike-alg-sha2_512/description.txt create mode 100644 testing/tests/ikev1/ike-alg-sha2_512/evaltest.dat create mode 100755 testing/tests/ikev1/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ike-alg-sha2_512/posttest.dat create mode 100644 testing/tests/ikev1/ike-alg-sha2_512/pretest.dat create mode 100644 testing/tests/ikev1/ike-alg-sha2_512/test.conf create mode 100644 testing/tests/ikev1/ike-alg-strict-fail/description.txt create mode 100644 testing/tests/ikev1/ike-alg-strict-fail/evaltest.dat create mode 100755 testing/tests/ikev1/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ike-alg-strict-fail/posttest.dat create mode 100644 testing/tests/ikev1/ike-alg-strict-fail/pretest.dat create mode 100644 testing/tests/ikev1/ike-alg-strict-fail/test.conf create mode 100644 testing/tests/ikev1/ike-alg-strict/description.txt create mode 100644 testing/tests/ikev1/ike-alg-strict/evaltest.dat create mode 100755 testing/tests/ikev1/ike-alg-strict/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/ike-alg-strict/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ike-alg-strict/posttest.dat create mode 100644 testing/tests/ikev1/ike-alg-strict/pretest.dat create mode 100644 testing/tests/ikev1/ike-alg-strict/test.conf create mode 100644 testing/tests/ikev1/mode-config-push/description.txt create mode 100644 testing/tests/ikev1/mode-config-push/evaltest.dat create mode 100755 testing/tests/ikev1/mode-config-push/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/mode-config-push/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev1/mode-config-push/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/mode-config-push/posttest.dat create mode 100644 testing/tests/ikev1/mode-config-push/pretest.dat create mode 100644 testing/tests/ikev1/mode-config-push/test.conf create mode 100644 testing/tests/ikev1/mode-config-swapped/description.txt create mode 100644 testing/tests/ikev1/mode-config-swapped/evaltest.dat create mode 100755 testing/tests/ikev1/mode-config-swapped/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/mode-config-swapped/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev1/mode-config-swapped/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/mode-config-swapped/posttest.dat create mode 100644 testing/tests/ikev1/mode-config-swapped/pretest.dat create mode 100644 testing/tests/ikev1/mode-config-swapped/test.conf create mode 100644 testing/tests/ikev1/mode-config/description.txt create mode 100644 testing/tests/ikev1/mode-config/evaltest.dat create mode 100755 testing/tests/ikev1/mode-config/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/mode-config/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev1/mode-config/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/mode-config/posttest.dat create mode 100644 testing/tests/ikev1/mode-config/pretest.dat create mode 100644 testing/tests/ikev1/mode-config/test.conf create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/description.txt create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat create mode 100755 testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem create mode 100755 testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/posttest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/pretest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-ldap/test.conf create mode 100644 testing/tests/ikev1/multi-level-ca-loop/description.txt create mode 100644 testing/tests/ikev1/multi-level-ca-loop/evaltest.dat create mode 100755 testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-loop/posttest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-loop/pretest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-loop/test.conf create mode 100644 testing/tests/ikev1/multi-level-ca-revoked/description.txt create mode 100644 testing/tests/ikev1/multi-level-ca-revoked/evaltest.dat create mode 100755 testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-revoked/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-revoked/posttest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-revoked/pretest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-revoked/test.conf create mode 100644 testing/tests/ikev1/multi-level-ca-strict/description.txt create mode 100644 testing/tests/ikev1/multi-level-ca-strict/evaltest.dat create mode 100755 testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem create mode 100755 testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca-strict/posttest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-strict/pretest.dat create mode 100644 testing/tests/ikev1/multi-level-ca-strict/test.conf create mode 100644 testing/tests/ikev1/multi-level-ca/description.txt create mode 100644 testing/tests/ikev1/multi-level-ca/evaltest.dat create mode 100755 testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem create mode 100755 testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem create mode 100644 testing/tests/ikev1/multi-level-ca/posttest.dat create mode 100644 testing/tests/ikev1/multi-level-ca/pretest.dat create mode 100644 testing/tests/ikev1/multi-level-ca/test.conf create mode 100644 testing/tests/ikev1/nat-before-esp/description.txt create mode 100644 testing/tests/ikev1/nat-before-esp/evaltest.dat create mode 100755 testing/tests/ikev1/nat-before-esp/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev1/nat-before-esp/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev1/nat-before-esp/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/nat-before-esp/posttest.dat create mode 100644 testing/tests/ikev1/nat-before-esp/pretest.dat create mode 100644 testing/tests/ikev1/nat-before-esp/test.conf create mode 100644 testing/tests/ikev1/nat-one-rw/description.txt create mode 100644 testing/tests/ikev1/nat-one-rw/evaltest.dat create mode 100644 testing/tests/ikev1/nat-one-rw/posttest.dat create mode 100644 testing/tests/ikev1/nat-one-rw/pretest.dat create mode 100644 testing/tests/ikev1/nat-one-rw/test.conf create mode 100644 testing/tests/ikev1/nat-two-rw-psk/description.txt create mode 100644 testing/tests/ikev1/nat-two-rw-psk/evaltest.dat create mode 100755 testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/ipsec.conf create mode 100644 testing/tests/ikev1/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/ipsec.conf create mode 100644 testing/tests/ikev1/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/nat-two-rw-psk/posttest.dat create mode 100644 testing/tests/ikev1/nat-two-rw-psk/pretest.dat create mode 100644 testing/tests/ikev1/nat-two-rw-psk/test.conf create mode 100644 testing/tests/ikev1/nat-two-rw/description.txt create mode 100644 testing/tests/ikev1/nat-two-rw/evaltest.dat create mode 100644 testing/tests/ikev1/nat-two-rw/posttest.dat create mode 100644 testing/tests/ikev1/nat-two-rw/pretest.dat create mode 100644 testing/tests/ikev1/nat-two-rw/test.conf create mode 100644 testing/tests/ikev1/net2net-cert/description.txt create mode 100644 testing/tests/ikev1/net2net-cert/evaltest.dat create mode 100644 testing/tests/ikev1/net2net-cert/posttest.dat create mode 100644 testing/tests/ikev1/net2net-cert/pretest.dat create mode 100644 testing/tests/ikev1/net2net-cert/test.conf create mode 100644 testing/tests/ikev1/net2net-pgp/description.txt create mode 100644 testing/tests/ikev1/net2net-pgp/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.d/private/moonKey.asc create mode 100644 testing/tests/ikev1/net2net-pgp/hosts/moon/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/moonCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/certs/sunCert.asc create mode 100644 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.d/private/sunKey.asc create mode 100644 testing/tests/ikev1/net2net-pgp/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/net2net-pgp/posttest.dat create mode 100644 testing/tests/ikev1/net2net-pgp/pretest.dat create mode 100644 testing/tests/ikev1/net2net-pgp/test.conf create mode 100644 testing/tests/ikev1/net2net-psk-fail/description.txt create mode 100644 testing/tests/ikev1/net2net-psk-fail/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/net2net-psk-fail/posttest.dat create mode 100644 testing/tests/ikev1/net2net-psk-fail/pretest.dat create mode 100644 testing/tests/ikev1/net2net-psk-fail/test.conf create mode 100644 testing/tests/ikev1/net2net-psk/description.txt create mode 100644 testing/tests/ikev1/net2net-psk/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-psk/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-psk/hosts/moon/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/net2net-psk/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-psk/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/net2net-psk/posttest.dat create mode 100644 testing/tests/ikev1/net2net-psk/pretest.dat create mode 100644 testing/tests/ikev1/net2net-psk/test.conf create mode 100644 testing/tests/ikev1/net2net-route/description.txt create mode 100644 testing/tests/ikev1/net2net-route/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-route/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-route/posttest.dat create mode 100644 testing/tests/ikev1/net2net-route/pretest.dat create mode 100644 testing/tests/ikev1/net2net-route/test.conf create mode 100644 testing/tests/ikev1/net2net-rsa/description.txt create mode 100644 testing/tests/ikev1/net2net-rsa/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-rsa/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-rsa/hosts/moon/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/net2net-rsa/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-rsa/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/net2net-rsa/posttest.dat create mode 100644 testing/tests/ikev1/net2net-rsa/pretest.dat create mode 100644 testing/tests/ikev1/net2net-rsa/test.conf create mode 100644 testing/tests/ikev1/net2net-start/description.txt create mode 100644 testing/tests/ikev1/net2net-start/evaltest.dat create mode 100755 testing/tests/ikev1/net2net-start/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/net2net-start/posttest.dat create mode 100644 testing/tests/ikev1/net2net-start/pretest.dat create mode 100644 testing/tests/ikev1/net2net-start/test.conf create mode 100644 testing/tests/ikev1/no-priv-key/description.txt create mode 100644 testing/tests/ikev1/no-priv-key/evaltest.dat create mode 100644 testing/tests/ikev1/no-priv-key/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/no-priv-key/posttest.dat create mode 100644 testing/tests/ikev1/no-priv-key/pretest.dat create mode 100644 testing/tests/ikev1/no-priv-key/test.conf create mode 100644 testing/tests/ikev1/ocsp-revoked/description.txt create mode 100644 testing/tests/ikev1/ocsp-revoked/evaltest.dat create mode 100755 testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem create mode 100644 testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem create mode 100644 testing/tests/ikev1/ocsp-revoked/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/ocsp-revoked/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ocsp-revoked/posttest.dat create mode 100644 testing/tests/ikev1/ocsp-revoked/pretest.dat create mode 100644 testing/tests/ikev1/ocsp-revoked/test.conf create mode 100644 testing/tests/ikev1/ocsp-strict/description.txt create mode 100644 testing/tests/ikev1/ocsp-strict/evaltest.dat create mode 100755 testing/tests/ikev1/ocsp-strict/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/ocsp-strict/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/ocsp-strict/posttest.dat create mode 100644 testing/tests/ikev1/ocsp-strict/pretest.dat create mode 100644 testing/tests/ikev1/ocsp-strict/test.conf create mode 100644 testing/tests/ikev1/protoport-dual/description.txt create mode 100644 testing/tests/ikev1/protoport-dual/evaltest.dat create mode 100755 testing/tests/ikev1/protoport-dual/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/protoport-dual/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/protoport-dual/posttest.dat create mode 100644 testing/tests/ikev1/protoport-dual/pretest.dat create mode 100644 testing/tests/ikev1/protoport-dual/test.conf create mode 100644 testing/tests/ikev1/protoport-pass/description.txt create mode 100644 testing/tests/ikev1/protoport-pass/evaltest.dat create mode 100755 testing/tests/ikev1/protoport-pass/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/protoport-pass/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/protoport-pass/posttest.dat create mode 100644 testing/tests/ikev1/protoport-pass/pretest.dat create mode 100644 testing/tests/ikev1/protoport-pass/test.conf create mode 100644 testing/tests/ikev1/protoport-route/description.txt create mode 100644 testing/tests/ikev1/protoport-route/evaltest.dat create mode 100755 testing/tests/ikev1/protoport-route/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/protoport-route/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/protoport-route/posttest.dat create mode 100644 testing/tests/ikev1/protoport-route/pretest.dat create mode 100644 testing/tests/ikev1/protoport-route/test.conf create mode 100644 testing/tests/ikev1/req-pkcs10/description.txt create mode 100644 testing/tests/ikev1/req-pkcs10/evaltest.dat create mode 100755 testing/tests/ikev1/req-pkcs10/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/req-pkcs10/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/req-pkcs10/hosts/carol/etc/scepclient.conf create mode 100644 testing/tests/ikev1/req-pkcs10/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/req-pkcs10/hosts/moon/etc/scepclient.conf create mode 100644 testing/tests/ikev1/req-pkcs10/hosts/winnetou/etc/openssl/yy.txt create mode 100644 testing/tests/ikev1/req-pkcs10/posttest.dat create mode 100644 testing/tests/ikev1/req-pkcs10/pretest.dat create mode 100644 testing/tests/ikev1/req-pkcs10/test.conf create mode 100644 testing/tests/ikev1/rw-cert/description.txt create mode 100644 testing/tests/ikev1/rw-cert/evaltest.dat create mode 100644 testing/tests/ikev1/rw-cert/posttest.dat create mode 100644 testing/tests/ikev1/rw-cert/pretest.dat create mode 100644 testing/tests/ikev1/rw-cert/test.conf create mode 100644 testing/tests/ikev1/rw-psk-fqdn-named/description.txt create mode 100644 testing/tests/ikev1/rw-psk-fqdn-named/evaltest.dat create mode 100755 testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-fqdn-named/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-fqdn-named/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/rw-psk-fqdn-named/posttest.dat create mode 100644 testing/tests/ikev1/rw-psk-fqdn-named/pretest.dat create mode 100644 testing/tests/ikev1/rw-psk-fqdn-named/test.conf create mode 100644 testing/tests/ikev1/rw-psk-fqdn/description.txt create mode 100644 testing/tests/ikev1/rw-psk-fqdn/evaltest.dat create mode 100755 testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/rw-psk-fqdn/posttest.dat create mode 100644 testing/tests/ikev1/rw-psk-fqdn/pretest.dat create mode 100644 testing/tests/ikev1/rw-psk-fqdn/test.conf create mode 100644 testing/tests/ikev1/rw-psk-ipv4/description.txt create mode 100644 testing/tests/ikev1/rw-psk-ipv4/evaltest.dat create mode 100755 testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/rw-psk-ipv4/posttest.dat create mode 100644 testing/tests/ikev1/rw-psk-ipv4/pretest.dat create mode 100644 testing/tests/ikev1/rw-psk-ipv4/test.conf create mode 100644 testing/tests/ikev1/rw-psk-no-policy/description.txt create mode 100644 testing/tests/ikev1/rw-psk-no-policy/evaltest.dat create mode 100755 testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-no-policy/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/rw-psk-no-policy/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-no-policy/posttest.dat create mode 100644 testing/tests/ikev1/rw-psk-no-policy/pretest.dat create mode 100644 testing/tests/ikev1/rw-psk-no-policy/test.conf create mode 100644 testing/tests/ikev1/rw-psk-rsa-mixed/description.txt create mode 100644 testing/tests/ikev1/rw-psk-rsa-mixed/evaltest.dat create mode 100755 testing/tests/ikev1/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/rw-psk-rsa-mixed/posttest.dat create mode 100644 testing/tests/ikev1/rw-psk-rsa-mixed/pretest.dat create mode 100644 testing/tests/ikev1/rw-psk-rsa-mixed/test.conf create mode 100644 testing/tests/ikev1/rw-rsa-no-policy/description.txt create mode 100644 testing/tests/ikev1/rw-rsa-no-policy/evaltest.dat create mode 100755 testing/tests/ikev1/rw-rsa-no-policy/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/rw-rsa-no-policy/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/rw-rsa-no-policy/posttest.dat create mode 100644 testing/tests/ikev1/rw-rsa-no-policy/pretest.dat create mode 100644 testing/tests/ikev1/rw-rsa-no-policy/test.conf create mode 100644 testing/tests/ikev1/self-signed/description.txt create mode 100644 testing/tests/ikev1/self-signed/evaltest.dat create mode 100755 testing/tests/ikev1/self-signed/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/self-signed/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/self-signed/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev1/self-signed/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/self-signed/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/self-signed/hosts/moon/etc/scepclient.conf create mode 100644 testing/tests/ikev1/self-signed/posttest.dat create mode 100644 testing/tests/ikev1/self-signed/pretest.dat create mode 100644 testing/tests/ikev1/self-signed/test.conf create mode 100644 testing/tests/ikev1/starter-also-loop/description.txt create mode 100644 testing/tests/ikev1/starter-also-loop/evaltest.dat create mode 100755 testing/tests/ikev1/starter-also-loop/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/starter-also-loop/posttest.dat create mode 100644 testing/tests/ikev1/starter-also-loop/pretest.dat create mode 100644 testing/tests/ikev1/starter-also-loop/test.conf create mode 100644 testing/tests/ikev1/starter-also/description.txt create mode 100644 testing/tests/ikev1/starter-also/evaltest.dat create mode 100755 testing/tests/ikev1/starter-also/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/starter-also/posttest.dat create mode 100644 testing/tests/ikev1/starter-also/pretest.dat create mode 100644 testing/tests/ikev1/starter-also/test.conf create mode 100644 testing/tests/ikev1/starter-includes/description.txt create mode 100644 testing/tests/ikev1/starter-includes/evaltest.dat create mode 100755 testing/tests/ikev1/starter-includes/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/starter-includes/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.connections create mode 100755 testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.host create mode 100644 testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.carol create mode 100644 testing/tests/ikev1/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.dave create mode 100644 testing/tests/ikev1/starter-includes/posttest.dat create mode 100644 testing/tests/ikev1/starter-includes/pretest.dat create mode 100644 testing/tests/ikev1/starter-includes/test.conf create mode 100644 testing/tests/ikev1/strong-certs/description.txt create mode 100644 testing/tests/ikev1/strong-certs/evaltest.dat create mode 100755 testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem create mode 100644 testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev1/strong-certs/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem create mode 100644 testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem create mode 100644 testing/tests/ikev1/strong-certs/hosts/dave/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem create mode 100644 testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem create mode 100644 testing/tests/ikev1/strong-certs/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/strong-certs/posttest.dat create mode 100644 testing/tests/ikev1/strong-certs/pretest.dat create mode 100644 testing/tests/ikev1/strong-certs/test.conf create mode 100644 testing/tests/ikev1/virtual-ip-swapped/description.txt create mode 100644 testing/tests/ikev1/virtual-ip-swapped/evaltest.dat create mode 100755 testing/tests/ikev1/virtual-ip-swapped/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/virtual-ip-swapped/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/virtual-ip-swapped/posttest.dat create mode 100644 testing/tests/ikev1/virtual-ip-swapped/pretest.dat create mode 100644 testing/tests/ikev1/virtual-ip-swapped/test.conf create mode 100644 testing/tests/ikev1/virtual-ip/description.txt create mode 100644 testing/tests/ikev1/virtual-ip/evaltest.dat create mode 100755 testing/tests/ikev1/virtual-ip/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/virtual-ip/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/virtual-ip/posttest.dat create mode 100644 testing/tests/ikev1/virtual-ip/pretest.dat create mode 100644 testing/tests/ikev1/virtual-ip/test.conf create mode 100644 testing/tests/ikev1/wildcards/description.txt create mode 100644 testing/tests/ikev1/wildcards/evaltest.dat create mode 100755 testing/tests/ikev1/wildcards/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev1/wildcards/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev1/wildcards/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/wildcards/posttest.dat create mode 100644 testing/tests/ikev1/wildcards/pretest.dat create mode 100644 testing/tests/ikev1/wildcards/test.conf create mode 100644 testing/tests/ikev1/wlan/description.txt create mode 100644 testing/tests/ikev1/wlan/evaltest.dat create mode 100755 testing/tests/ikev1/wlan/hosts/alice/etc/init.d/iptables create mode 100755 testing/tests/ikev1/wlan/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev1/wlan/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev1/wlan/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev1/wlan/hosts/venus/etc/init.d/iptables create mode 100755 testing/tests/ikev1/wlan/hosts/venus/etc/ipsec.conf create mode 100644 testing/tests/ikev1/wlan/posttest.dat create mode 100644 testing/tests/ikev1/wlan/pretest.dat create mode 100644 testing/tests/ikev1/wlan/test.conf create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/description.txt create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/evaltest.dat create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/posttest.dat create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/pretest.dat create mode 100644 testing/tests/ikev1/xauth-psk-mode-config/test.conf create mode 100644 testing/tests/ikev1/xauth-psk/description.txt create mode 100644 testing/tests/ikev1/xauth-psk/evaltest.dat create mode 100644 testing/tests/ikev1/xauth-psk/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-psk/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-psk/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-psk/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-psk/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-psk/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-psk/posttest.dat create mode 100644 testing/tests/ikev1/xauth-psk/pretest.dat create mode 100644 testing/tests/ikev1/xauth-psk/test.conf create mode 100644 testing/tests/ikev1/xauth-rsa-fail/description.txt create mode 100644 testing/tests/ikev1/xauth-rsa-fail/evaltest.dat create mode 100755 testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa-fail/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa-fail/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-rsa-fail/posttest.dat create mode 100644 testing/tests/ikev1/xauth-rsa-fail/pretest.dat create mode 100644 testing/tests/ikev1/xauth-rsa-fail/test.conf create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/description.txt create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/evaltest.dat create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/posttest.dat create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/pretest.dat create mode 100644 testing/tests/ikev1/xauth-rsa-mode-config/test.conf create mode 100644 testing/tests/ikev1/xauth-rsa-nosecret/description.txt create mode 100644 testing/tests/ikev1/xauth-rsa-nosecret/evaltest.dat create mode 100755 testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa-nosecret/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa-nosecret/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-rsa-nosecret/posttest.dat create mode 100644 testing/tests/ikev1/xauth-rsa-nosecret/pretest.dat create mode 100644 testing/tests/ikev1/xauth-rsa-nosecret/test.conf create mode 100644 testing/tests/ikev1/xauth-rsa/description.txt create mode 100644 testing/tests/ikev1/xauth-rsa/evaltest.dat create mode 100644 testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa/hosts/carol/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa/hosts/dave/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev1/xauth-rsa/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev1/xauth-rsa/posttest.dat create mode 100644 testing/tests/ikev1/xauth-rsa/pretest.dat create mode 100644 testing/tests/ikev1/xauth-rsa/test.conf create mode 100644 testing/tests/ikev2/config-payload-swapped/description.txt create mode 100644 testing/tests/ikev2/config-payload-swapped/evaltest.dat create mode 100755 testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/config-payload-swapped/posttest.dat create mode 100644 testing/tests/ikev2/config-payload-swapped/pretest.dat create mode 100644 testing/tests/ikev2/config-payload-swapped/test.conf create mode 100644 testing/tests/ikev2/config-payload/description.txt create mode 100644 testing/tests/ikev2/config-payload/evaltest.dat create mode 100755 testing/tests/ikev2/config-payload/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/config-payload/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev2/config-payload/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/config-payload/posttest.dat create mode 100644 testing/tests/ikev2/config-payload/pretest.dat create mode 100644 testing/tests/ikev2/config-payload/test.conf create mode 100644 testing/tests/ikev2/crl-from-cache/description.txt create mode 100644 testing/tests/ikev2/crl-from-cache/evaltest.dat create mode 100755 testing/tests/ikev2/crl-from-cache/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/crl-from-cache/posttest.dat create mode 100644 testing/tests/ikev2/crl-from-cache/pretest.dat create mode 100644 testing/tests/ikev2/crl-from-cache/test.conf create mode 100644 testing/tests/ikev2/crl-ldap/description.txt create mode 100644 testing/tests/ikev2/crl-ldap/evaltest.dat create mode 100755 testing/tests/ikev2/crl-ldap/hosts/carol/etc/init.d/iptables create mode 100755 testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/crl-ldap/hosts/carol/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl create mode 100755 testing/tests/ikev2/crl-ldap/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/crl-ldap/hosts/moon/etc/ipsec.d/crls/5da7dd700651327ee7b66db3b5e5e060ea2e4def.crl create mode 100644 testing/tests/ikev2/crl-ldap/posttest.dat create mode 100644 testing/tests/ikev2/crl-ldap/pretest.dat create mode 100644 testing/tests/ikev2/crl-ldap/test.conf create mode 100644 testing/tests/ikev2/crl-revoked/description.txt create mode 100644 testing/tests/ikev2/crl-revoked/evaltest.dat create mode 100755 testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem create mode 100644 testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem create mode 100644 testing/tests/ikev2/crl-revoked/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/crl-revoked/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/crl-revoked/posttest.dat create mode 100644 testing/tests/ikev2/crl-revoked/pretest.dat create mode 100644 testing/tests/ikev2/crl-revoked/test.conf create mode 100644 testing/tests/ikev2/crl-strict/description.txt create mode 100644 testing/tests/ikev2/crl-strict/evaltest.dat create mode 100755 testing/tests/ikev2/crl-strict/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/crl-strict/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/crl-strict/posttest.dat create mode 100644 testing/tests/ikev2/crl-strict/pretest.dat create mode 100644 testing/tests/ikev2/crl-strict/test.conf create mode 100644 testing/tests/ikev2/crl-to-cache/description.txt create mode 100644 testing/tests/ikev2/crl-to-cache/evaltest.dat create mode 100755 testing/tests/ikev2/crl-to-cache/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/crl-to-cache/posttest.dat create mode 100644 testing/tests/ikev2/crl-to-cache/pretest.dat create mode 100644 testing/tests/ikev2/crl-to-cache/test.conf create mode 100644 testing/tests/ikev2/default-keys/description.txt create mode 100644 testing/tests/ikev2/default-keys/evaltest.dat create mode 100755 testing/tests/ikev2/default-keys/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/default-keys/hosts/moon/etc/init.d/iptables create mode 100755 testing/tests/ikev2/default-keys/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/default-keys/posttest.dat create mode 100644 testing/tests/ikev2/default-keys/pretest.dat create mode 100644 testing/tests/ikev2/default-keys/test.conf create mode 100644 testing/tests/ikev2/double-nat-net/description.txt create mode 100644 testing/tests/ikev2/double-nat-net/evaltest.dat create mode 100755 testing/tests/ikev2/double-nat-net/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev2/double-nat-net/hosts/bob/etc/ipsec.conf create mode 100644 testing/tests/ikev2/double-nat-net/posttest.dat create mode 100644 testing/tests/ikev2/double-nat-net/pretest.dat create mode 100644 testing/tests/ikev2/double-nat-net/test.conf create mode 100644 testing/tests/ikev2/double-nat/description.txt create mode 100644 testing/tests/ikev2/double-nat/evaltest.dat create mode 100755 testing/tests/ikev2/double-nat/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev2/double-nat/hosts/bob/etc/ipsec.conf create mode 100644 testing/tests/ikev2/double-nat/posttest.dat create mode 100644 testing/tests/ikev2/double-nat/pretest.dat create mode 100644 testing/tests/ikev2/double-nat/test.conf create mode 100644 testing/tests/ikev2/dpd-clear/description.txt create mode 100644 testing/tests/ikev2/dpd-clear/evaltest.dat create mode 100755 testing/tests/ikev2/dpd-clear/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/dpd-clear/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/dpd-clear/posttest.dat create mode 100644 testing/tests/ikev2/dpd-clear/pretest.dat create mode 100644 testing/tests/ikev2/dpd-clear/test.conf create mode 100644 testing/tests/ikev2/dpd-hold/description.txt create mode 100644 testing/tests/ikev2/dpd-hold/evaltest.dat create mode 100755 testing/tests/ikev2/dpd-hold/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/dpd-hold/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/dpd-hold/posttest.dat create mode 100644 testing/tests/ikev2/dpd-hold/pretest.dat create mode 100644 testing/tests/ikev2/dpd-hold/test.conf create mode 100644 testing/tests/ikev2/dpd-restart/description.txt create mode 100644 testing/tests/ikev2/dpd-restart/evaltest.dat create mode 100755 testing/tests/ikev2/dpd-restart/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/dpd-restart/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/dpd-restart/posttest.dat create mode 100644 testing/tests/ikev2/dpd-restart/pretest.dat create mode 100644 testing/tests/ikev2/dpd-restart/test.conf create mode 100644 testing/tests/ikev2/host2host-cert/description.txt create mode 100644 testing/tests/ikev2/host2host-cert/evaltest.dat create mode 100755 testing/tests/ikev2/host2host-cert/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/host2host-cert/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/host2host-cert/posttest.dat create mode 100644 testing/tests/ikev2/host2host-cert/pretest.dat create mode 100644 testing/tests/ikev2/host2host-cert/test.conf create mode 100644 testing/tests/ikev2/host2host-swapped/description.txt create mode 100644 testing/tests/ikev2/host2host-swapped/evaltest.dat create mode 100755 testing/tests/ikev2/host2host-swapped/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/host2host-swapped/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/host2host-swapped/posttest.dat create mode 100644 testing/tests/ikev2/host2host-swapped/pretest.dat create mode 100644 testing/tests/ikev2/host2host-swapped/test.conf create mode 100644 testing/tests/ikev2/host2host-transport/description.txt create mode 100644 testing/tests/ikev2/host2host-transport/evaltest.dat create mode 100755 testing/tests/ikev2/host2host-transport/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/host2host-transport/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/host2host-transport/posttest.dat create mode 100644 testing/tests/ikev2/host2host-transport/pretest.dat create mode 100644 testing/tests/ikev2/host2host-transport/test.conf create mode 100644 testing/tests/ikev2/nat-double-snat/description.txt create mode 100644 testing/tests/ikev2/nat-double-snat/evaltest.dat create mode 100644 testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-double-snat/hosts/alice/etc/ipsec.d/certs/bobCert.pem create mode 100644 testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-double-snat/hosts/bob/etc/ipsec.d/certs/aliceCert.pem create mode 100644 testing/tests/ikev2/nat-double-snat/posttest.dat create mode 100644 testing/tests/ikev2/nat-double-snat/pretest.dat create mode 100644 testing/tests/ikev2/nat-double-snat/test.conf create mode 100644 testing/tests/ikev2/nat-one-rw/description.txt create mode 100644 testing/tests/ikev2/nat-one-rw/evaltest.dat create mode 100755 testing/tests/ikev2/nat-one-rw/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev2/nat-one-rw/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-one-rw/posttest.dat create mode 100644 testing/tests/ikev2/nat-one-rw/pretest.dat create mode 100644 testing/tests/ikev2/nat-one-rw/test.conf create mode 100644 testing/tests/ikev2/nat-pf/description.txt create mode 100644 testing/tests/ikev2/nat-pf/evaltest.dat create mode 100644 testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-pf/hosts/alice/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-pf/hosts/carol/etc/ipsec.d/certs/aliceCert.pem create mode 100644 testing/tests/ikev2/nat-pf/posttest.dat create mode 100644 testing/tests/ikev2/nat-pf/pretest.dat create mode 100644 testing/tests/ikev2/nat-pf/test.conf create mode 100644 testing/tests/ikev2/nat-portswitch/description.txt create mode 100644 testing/tests/ikev2/nat-portswitch/evaltest.dat create mode 100644 testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-portswitch/hosts/alice/etc/ipsec.d/certs/sunCert.pem create mode 100644 testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-portswitch/hosts/sun/etc/ipsec.d/certs/aliceCert.pem create mode 100644 testing/tests/ikev2/nat-portswitch/posttest.dat create mode 100644 testing/tests/ikev2/nat-portswitch/pretest.dat create mode 100644 testing/tests/ikev2/nat-portswitch/test.conf create mode 100644 testing/tests/ikev2/nat-rw-mixed/description.txt create mode 100644 testing/tests/ikev2/nat-rw-mixed/evaltest.dat create mode 100644 testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-rw-mixed/hosts/alice/etc/ipsec.d/certs/sunCert.pem create mode 100644 testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/aliceCert.pem create mode 100644 testing/tests/ikev2/nat-rw-mixed/hosts/sun/etc/ipsec.d/certs/venusCert.pem create mode 100644 testing/tests/ikev2/nat-rw-mixed/posttest.dat create mode 100644 testing/tests/ikev2/nat-rw-mixed/pretest.dat create mode 100644 testing/tests/ikev2/nat-rw-mixed/test.conf create mode 100644 testing/tests/ikev2/nat-two-rw-psk/description.txt create mode 100644 testing/tests/ikev2/nat-two-rw-psk/evaltest.dat create mode 100755 testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/nat-two-rw-psk/posttest.dat create mode 100644 testing/tests/ikev2/nat-two-rw-psk/pretest.dat create mode 100644 testing/tests/ikev2/nat-two-rw-psk/test.conf create mode 100644 testing/tests/ikev2/nat-two-rw/description.txt create mode 100644 testing/tests/ikev2/nat-two-rw/evaltest.dat create mode 100755 testing/tests/ikev2/nat-two-rw/hosts/alice/etc/ipsec.conf create mode 100755 testing/tests/ikev2/nat-two-rw/hosts/sun/etc/ipsec.conf create mode 100755 testing/tests/ikev2/nat-two-rw/hosts/venus/etc/ipsec.conf create mode 100644 testing/tests/ikev2/nat-two-rw/posttest.dat create mode 100644 testing/tests/ikev2/nat-two-rw/pretest.dat create mode 100644 testing/tests/ikev2/nat-two-rw/test.conf create mode 100644 testing/tests/ikev2/net2net-cert/description.txt create mode 100644 testing/tests/ikev2/net2net-cert/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-cert/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/net2net-cert/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-cert/posttest.dat create mode 100644 testing/tests/ikev2/net2net-cert/pretest.dat create mode 100644 testing/tests/ikev2/net2net-cert/test.conf create mode 100644 testing/tests/ikev2/net2net-psk/description.txt create mode 100644 testing/tests/ikev2/net2net-psk/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-psk/hosts/moon/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-psk/hosts/sun/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/net2net-psk/posttest.dat create mode 100644 testing/tests/ikev2/net2net-psk/pretest.dat create mode 100644 testing/tests/ikev2/net2net-psk/test.conf create mode 100644 testing/tests/ikev2/net2net-route/description.txt create mode 100644 testing/tests/ikev2/net2net-route/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-route/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/net2net-route/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-route/posttest.dat create mode 100644 testing/tests/ikev2/net2net-route/pretest.dat create mode 100644 testing/tests/ikev2/net2net-route/test.conf create mode 100644 testing/tests/ikev2/net2net-start/description.txt create mode 100644 testing/tests/ikev2/net2net-start/evaltest.dat create mode 100755 testing/tests/ikev2/net2net-start/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/net2net-start/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ikev2/net2net-start/posttest.dat create mode 100644 testing/tests/ikev2/net2net-start/pretest.dat create mode 100644 testing/tests/ikev2/net2net-start/test.conf create mode 100644 testing/tests/ikev2/ocsp-local-cert/description.txt create mode 100644 testing/tests/ikev2/ocsp-local-cert/evaltest.dat create mode 100755 testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/ipsec.d/ocspcerts/ocspCert-self.pem create mode 100755 testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/ipsec.d/ocspcerts/ocspCert-self.pem create mode 100755 testing/tests/ikev2/ocsp-local-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi create mode 100644 testing/tests/ikev2/ocsp-local-cert/posttest.dat create mode 100644 testing/tests/ikev2/ocsp-local-cert/pretest.dat create mode 100644 testing/tests/ikev2/ocsp-local-cert/test.conf create mode 100644 testing/tests/ikev2/ocsp-multi-level/description.txt create mode 100644 testing/tests/ikev2/ocsp-multi-level/evaltest.dat create mode 100755 testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem create mode 100755 testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem create mode 100644 testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem create mode 100644 testing/tests/ikev2/ocsp-multi-level/posttest.dat create mode 100644 testing/tests/ikev2/ocsp-multi-level/pretest.dat create mode 100644 testing/tests/ikev2/ocsp-multi-level/test.conf create mode 100644 testing/tests/ikev2/ocsp-revoked/description.txt create mode 100644 testing/tests/ikev2/ocsp-revoked/evaltest.dat create mode 100755 testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolCert-revoked.pem create mode 100644 testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolKey-revoked.pem create mode 100644 testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-revoked/posttest.dat create mode 100644 testing/tests/ikev2/ocsp-revoked/pretest.dat create mode 100644 testing/tests/ikev2/ocsp-revoked/test.conf create mode 100644 testing/tests/ikev2/ocsp-root-cert/description.txt create mode 100644 testing/tests/ikev2/ocsp-root-cert/evaltest.dat create mode 100755 testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/ocsp-root-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi create mode 100644 testing/tests/ikev2/ocsp-root-cert/posttest.dat create mode 100644 testing/tests/ikev2/ocsp-root-cert/pretest.dat create mode 100644 testing/tests/ikev2/ocsp-root-cert/test.conf create mode 100644 testing/tests/ikev2/ocsp-signer-cert/description.txt create mode 100644 testing/tests/ikev2/ocsp-signer-cert/evaltest.dat create mode 100755 testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem create mode 100644 testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem create mode 100644 testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-signer-cert/posttest.dat create mode 100644 testing/tests/ikev2/ocsp-signer-cert/pretest.dat create mode 100644 testing/tests/ikev2/ocsp-signer-cert/test.conf create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/description.txt create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/evaltest.dat create mode 100755 testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/certs/carolCert-ocsp.pem create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.d/private/carolKey-ocsp.pem create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/ocsp-timeouts-good/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/posttest.dat create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/pretest.dat create mode 100644 testing/tests/ikev2/ocsp-timeouts-good/test.conf create mode 100644 testing/tests/ikev2/ocsp-timeouts-unknown/description.txt create mode 100644 testing/tests/ikev2/ocsp-timeouts-unknown/evaltest.dat create mode 100755 testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/ocsp-timeouts-unknown/posttest.dat create mode 100644 testing/tests/ikev2/ocsp-timeouts-unknown/pretest.dat create mode 100644 testing/tests/ikev2/ocsp-timeouts-unknown/test.conf create mode 100644 testing/tests/ikev2/ocsp-untrusted-cert/description.txt create mode 100644 testing/tests/ikev2/ocsp-untrusted-cert/evaltest.dat create mode 100755 testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ikev2/ocsp-untrusted-cert/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi create mode 100644 testing/tests/ikev2/ocsp-untrusted-cert/posttest.dat create mode 100644 testing/tests/ikev2/ocsp-untrusted-cert/pretest.dat create mode 100644 testing/tests/ikev2/ocsp-untrusted-cert/test.conf create mode 100644 testing/tests/ikev2/protoport-dual/description.txt create mode 100644 testing/tests/ikev2/protoport-dual/evaltest.dat create mode 100755 testing/tests/ikev2/protoport-dual/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/protoport-dual/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/protoport-dual/posttest.dat create mode 100644 testing/tests/ikev2/protoport-dual/pretest.dat create mode 100644 testing/tests/ikev2/protoport-dual/test.conf create mode 100644 testing/tests/ikev2/protoport-route/description.txt create mode 100644 testing/tests/ikev2/protoport-route/evaltest.dat create mode 100755 testing/tests/ikev2/protoport-route/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/protoport-route/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/protoport-route/posttest.dat create mode 100644 testing/tests/ikev2/protoport-route/pretest.dat create mode 100644 testing/tests/ikev2/protoport-route/test.conf create mode 100644 testing/tests/ikev2/rw-cert/description.txt create mode 100644 testing/tests/ikev2/rw-cert/evaltest.dat create mode 100755 testing/tests/ikev2/rw-cert/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/rw-cert/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev2/rw-cert/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-cert/posttest.dat create mode 100644 testing/tests/ikev2/rw-cert/pretest.dat create mode 100644 testing/tests/ikev2/rw-cert/test.conf create mode 100644 testing/tests/ikev2/rw-psk-fqdn/description.txt create mode 100644 testing/tests/ikev2/rw-psk-fqdn/evaltest.dat create mode 100755 testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-psk-fqdn/posttest.dat create mode 100644 testing/tests/ikev2/rw-psk-fqdn/pretest.dat create mode 100644 testing/tests/ikev2/rw-psk-fqdn/test.conf create mode 100644 testing/tests/ikev2/rw-psk-ipv4/description.txt create mode 100644 testing/tests/ikev2/rw-psk-ipv4/evaltest.dat create mode 100755 testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-psk-ipv4/posttest.dat create mode 100644 testing/tests/ikev2/rw-psk-ipv4/pretest.dat create mode 100644 testing/tests/ikev2/rw-psk-ipv4/test.conf create mode 100644 testing/tests/ikev2/rw-psk-no-idr/description.txt create mode 100644 testing/tests/ikev2/rw-psk-no-idr/evaltest.dat create mode 100755 testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-psk-no-idr/posttest.dat create mode 100644 testing/tests/ikev2/rw-psk-no-idr/pretest.dat create mode 100644 testing/tests/ikev2/rw-psk-no-idr/test.conf create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/description.txt create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/evaltest.dat create mode 100755 testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/posttest.dat create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/pretest.dat create mode 100644 testing/tests/ikev2/rw-psk-rsa-mixed/test.conf create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/description.txt create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/evaltest.dat create mode 100755 testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/posttest.dat create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/pretest.dat create mode 100644 testing/tests/ikev2/rw-psk-rsa-split/test.conf create mode 100644 testing/tests/ikev2/strong-keys-certs/description.txt create mode 100644 testing/tests/ikev2/strong-keys-certs/evaltest.dat create mode 100755 testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.conf create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.d/private/carolKey-aes192.pem create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.conf create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.d/private/daveKey-aes256.pem create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/ipsec.secrets create mode 100755 testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.d/private/moonKey-aes128.pem create mode 100644 testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/ipsec.secrets create mode 100644 testing/tests/ikev2/strong-keys-certs/posttest.dat create mode 100644 testing/tests/ikev2/strong-keys-certs/pretest.dat create mode 100644 testing/tests/ikev2/strong-keys-certs/test.conf create mode 100644 testing/tests/ikev2/wildcards/description.txt create mode 100644 testing/tests/ikev2/wildcards/evaltest.dat create mode 100755 testing/tests/ikev2/wildcards/hosts/carol/etc/ipsec.conf create mode 100755 testing/tests/ikev2/wildcards/hosts/dave/etc/ipsec.conf create mode 100755 testing/tests/ikev2/wildcards/hosts/moon/etc/ipsec.conf create mode 100644 testing/tests/ikev2/wildcards/posttest.dat create mode 100644 testing/tests/ikev2/wildcards/pretest.dat create mode 100644 testing/tests/ikev2/wildcards/test.conf create mode 100644 testing/tests/ipv6/host2host-ikev1/description.txt create mode 100644 testing/tests/ipv6/host2host-ikev1/evaltest.dat create mode 100755 testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ipv6/host2host-ikev1/posttest.dat create mode 100644 testing/tests/ipv6/host2host-ikev1/pretest.dat create mode 100644 testing/tests/ipv6/host2host-ikev1/test.conf create mode 100644 testing/tests/ipv6/host2host-ikev2/description.txt create mode 100644 testing/tests/ipv6/host2host-ikev2/evaltest.dat create mode 100755 testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/ipsec.conf create mode 100755 testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/ipsec.conf create mode 100644 testing/tests/ipv6/host2host-ikev2/posttest.dat create mode 100644 testing/tests/ipv6/host2host-ikev2/pretest.dat create mode 100644 testing/tests/ipv6/host2host-ikev2/test.conf delete mode 100644 testing/tests/mode-config-push/description.txt delete mode 100644 testing/tests/mode-config-push/evaltest.dat delete mode 100755 testing/tests/mode-config-push/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/mode-config-push/hosts/dave/etc/ipsec.conf delete mode 100755 testing/tests/mode-config-push/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/mode-config-push/posttest.dat delete mode 100644 testing/tests/mode-config-push/pretest.dat delete mode 100644 testing/tests/mode-config-push/test.conf delete mode 100644 testing/tests/mode-config-swapped/description.txt delete mode 100644 testing/tests/mode-config-swapped/evaltest.dat delete mode 100755 testing/tests/mode-config-swapped/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/mode-config-swapped/hosts/dave/etc/ipsec.conf delete mode 100755 testing/tests/mode-config-swapped/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/mode-config-swapped/posttest.dat delete mode 100644 testing/tests/mode-config-swapped/pretest.dat delete mode 100644 testing/tests/mode-config-swapped/test.conf delete mode 100644 testing/tests/mode-config/description.txt delete mode 100644 testing/tests/mode-config/evaltest.dat delete mode 100755 testing/tests/mode-config/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/mode-config/hosts/dave/etc/ipsec.conf delete mode 100755 testing/tests/mode-config/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/mode-config/posttest.dat delete mode 100644 testing/tests/mode-config/pretest.dat delete mode 100644 testing/tests/mode-config/test.conf delete mode 100644 testing/tests/multi-level-ca-ldap/description.txt delete mode 100644 testing/tests/multi-level-ca-ldap/evaltest.dat delete mode 100755 testing/tests/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem delete mode 100644 testing/tests/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem delete mode 100644 testing/tests/multi-level-ca-ldap/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem delete mode 100644 testing/tests/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem delete mode 100755 testing/tests/multi-level-ca-ldap/hosts/moon/etc/init.d/iptables delete mode 100755 testing/tests/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem delete mode 100644 testing/tests/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem delete mode 100644 testing/tests/multi-level-ca-ldap/posttest.dat delete mode 100644 testing/tests/multi-level-ca-ldap/pretest.dat delete mode 100644 testing/tests/multi-level-ca-ldap/test.conf delete mode 100644 testing/tests/multi-level-ca-loop/description.txt delete mode 100644 testing/tests/multi-level-ca-loop/evaltest.dat delete mode 100755 testing/tests/multi-level-ca-loop/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem delete mode 100644 testing/tests/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem delete mode 100644 testing/tests/multi-level-ca-loop/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/multi-level-ca-loop/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/research_by_salesCert.pem delete mode 100644 testing/tests/multi-level-ca-loop/hosts/moon/etc/ipsec.d/cacerts/sales_by_researchCert.pem delete mode 100644 testing/tests/multi-level-ca-loop/posttest.dat delete mode 100644 testing/tests/multi-level-ca-loop/pretest.dat delete mode 100644 testing/tests/multi-level-ca-loop/test.conf delete mode 100644 testing/tests/multi-level-ca-revoked/description.txt delete mode 100644 testing/tests/multi-level-ca-revoked/evaltest.dat delete mode 100755 testing/tests/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem delete mode 100644 testing/tests/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem delete mode 100644 testing/tests/multi-level-ca-revoked/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-revoked/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem delete mode 100644 testing/tests/multi-level-ca-revoked/posttest.dat delete mode 100644 testing/tests/multi-level-ca-revoked/pretest.dat delete mode 100644 testing/tests/multi-level-ca-revoked/test.conf delete mode 100644 testing/tests/multi-level-ca-strict/description.txt delete mode 100644 testing/tests/multi-level-ca-strict/evaltest.dat delete mode 100755 testing/tests/multi-level-ca-strict/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem delete mode 100644 testing/tests/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem delete mode 100644 testing/tests/multi-level-ca-strict/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/multi-level-ca-strict/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem delete mode 100644 testing/tests/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem delete mode 100755 testing/tests/multi-level-ca-strict/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem delete mode 100644 testing/tests/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem delete mode 100644 testing/tests/multi-level-ca-strict/posttest.dat delete mode 100644 testing/tests/multi-level-ca-strict/pretest.dat delete mode 100644 testing/tests/multi-level-ca-strict/test.conf delete mode 100644 testing/tests/multi-level-ca/description.txt delete mode 100644 testing/tests/multi-level-ca/evaltest.dat delete mode 100755 testing/tests/multi-level-ca/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem delete mode 100644 testing/tests/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem delete mode 100644 testing/tests/multi-level-ca/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/multi-level-ca/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem delete mode 100644 testing/tests/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem delete mode 100755 testing/tests/multi-level-ca/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem delete mode 100644 testing/tests/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem delete mode 100644 testing/tests/multi-level-ca/posttest.dat delete mode 100644 testing/tests/multi-level-ca/pretest.dat delete mode 100644 testing/tests/multi-level-ca/test.conf delete mode 100644 testing/tests/nat-one-rw/description.txt delete mode 100644 testing/tests/nat-one-rw/evaltest.dat delete mode 100644 testing/tests/nat-one-rw/posttest.dat delete mode 100644 testing/tests/nat-one-rw/pretest.dat delete mode 100644 testing/tests/nat-one-rw/test.conf delete mode 100644 testing/tests/nat-two-rw/description.txt delete mode 100644 testing/tests/nat-two-rw/evaltest.dat delete mode 100644 testing/tests/nat-two-rw/posttest.dat delete mode 100644 testing/tests/nat-two-rw/pretest.dat delete mode 100644 testing/tests/nat-two-rw/test.conf delete mode 100644 testing/tests/net2net-cert/description.txt delete mode 100644 testing/tests/net2net-cert/evaltest.dat delete mode 100644 testing/tests/net2net-cert/posttest.dat delete mode 100644 testing/tests/net2net-cert/pretest.dat delete mode 100644 testing/tests/net2net-cert/test.conf delete mode 100644 testing/tests/net2net-pgp/description.txt delete mode 100644 testing/tests/net2net-pgp/evaltest.dat delete mode 100755 testing/tests/net2net-pgp/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/net2net-pgp/hosts/moon/etc/ipsec.d/certs/moonCert.asc delete mode 100644 testing/tests/net2net-pgp/hosts/moon/etc/ipsec.d/certs/sunCert.asc delete mode 100644 testing/tests/net2net-pgp/hosts/moon/etc/ipsec.d/private/moonKey.asc delete mode 100644 testing/tests/net2net-pgp/hosts/moon/etc/ipsec.secrets delete mode 100755 testing/tests/net2net-pgp/hosts/sun/etc/ipsec.conf delete mode 100644 testing/tests/net2net-pgp/hosts/sun/etc/ipsec.d/certs/moonCert.asc delete mode 100644 testing/tests/net2net-pgp/hosts/sun/etc/ipsec.d/certs/sunCert.asc delete mode 100644 testing/tests/net2net-pgp/hosts/sun/etc/ipsec.d/private/sunKey.asc delete mode 100644 testing/tests/net2net-pgp/hosts/sun/etc/ipsec.secrets delete mode 100644 testing/tests/net2net-pgp/posttest.dat delete mode 100644 testing/tests/net2net-pgp/pretest.dat delete mode 100644 testing/tests/net2net-pgp/test.conf delete mode 100644 testing/tests/net2net-psk-fail/description.txt delete mode 100644 testing/tests/net2net-psk-fail/evaltest.dat delete mode 100755 testing/tests/net2net-psk-fail/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/net2net-psk-fail/hosts/moon/etc/ipsec.secrets delete mode 100755 testing/tests/net2net-psk-fail/hosts/sun/etc/ipsec.conf delete mode 100644 testing/tests/net2net-psk-fail/hosts/sun/etc/ipsec.secrets delete mode 100644 testing/tests/net2net-psk-fail/posttest.dat delete mode 100644 testing/tests/net2net-psk-fail/pretest.dat delete mode 100644 testing/tests/net2net-psk-fail/test.conf delete mode 100644 testing/tests/net2net-psk/description.txt delete mode 100644 testing/tests/net2net-psk/evaltest.dat delete mode 100755 testing/tests/net2net-psk/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/net2net-psk/hosts/moon/etc/ipsec.secrets delete mode 100755 testing/tests/net2net-psk/hosts/sun/etc/ipsec.conf delete mode 100644 testing/tests/net2net-psk/hosts/sun/etc/ipsec.secrets delete mode 100644 testing/tests/net2net-psk/posttest.dat delete mode 100644 testing/tests/net2net-psk/pretest.dat delete mode 100644 testing/tests/net2net-psk/test.conf delete mode 100644 testing/tests/net2net-route/description.txt delete mode 100644 testing/tests/net2net-route/evaltest.dat delete mode 100755 testing/tests/net2net-route/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/net2net-route/posttest.dat delete mode 100644 testing/tests/net2net-route/pretest.dat delete mode 100644 testing/tests/net2net-route/test.conf delete mode 100644 testing/tests/net2net-rsa/description.txt delete mode 100644 testing/tests/net2net-rsa/evaltest.dat delete mode 100755 testing/tests/net2net-rsa/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/net2net-rsa/hosts/moon/etc/ipsec.secrets delete mode 100755 testing/tests/net2net-rsa/hosts/sun/etc/ipsec.conf delete mode 100644 testing/tests/net2net-rsa/hosts/sun/etc/ipsec.secrets delete mode 100644 testing/tests/net2net-rsa/posttest.dat delete mode 100644 testing/tests/net2net-rsa/pretest.dat delete mode 100644 testing/tests/net2net-rsa/test.conf delete mode 100644 testing/tests/net2net-start/description.txt delete mode 100644 testing/tests/net2net-start/evaltest.dat delete mode 100755 testing/tests/net2net-start/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/net2net-start/posttest.dat delete mode 100644 testing/tests/net2net-start/pretest.dat delete mode 100644 testing/tests/net2net-start/test.conf delete mode 100644 testing/tests/no-priv-key/description.txt delete mode 100644 testing/tests/no-priv-key/evaltest.dat delete mode 100644 testing/tests/no-priv-key/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/no-priv-key/posttest.dat delete mode 100644 testing/tests/no-priv-key/pretest.dat delete mode 100644 testing/tests/no-priv-key/test.conf delete mode 100644 testing/tests/ocsp-revoked/description.txt delete mode 100644 testing/tests/ocsp-revoked/evaltest.dat delete mode 100755 testing/tests/ocsp-revoked/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/ocsp-revoked/hosts/carol/etc/ipsec.d/certs/carolRevokedCert.pem delete mode 100644 testing/tests/ocsp-revoked/hosts/carol/etc/ipsec.d/private/carolRevokedKey.pem delete mode 100644 testing/tests/ocsp-revoked/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/ocsp-revoked/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ocsp-revoked/posttest.dat delete mode 100644 testing/tests/ocsp-revoked/pretest.dat delete mode 100644 testing/tests/ocsp-revoked/test.conf delete mode 100644 testing/tests/ocsp-strict/description.txt delete mode 100644 testing/tests/ocsp-strict/evaltest.dat delete mode 100755 testing/tests/ocsp-strict/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/ocsp-strict/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/ocsp-strict/posttest.dat delete mode 100644 testing/tests/ocsp-strict/pretest.dat delete mode 100644 testing/tests/ocsp-strict/test.conf delete mode 100644 testing/tests/protoport-dual/description.txt delete mode 100644 testing/tests/protoport-dual/evaltest.dat delete mode 100755 testing/tests/protoport-dual/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/protoport-dual/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/protoport-dual/posttest.dat delete mode 100644 testing/tests/protoport-dual/pretest.dat delete mode 100644 testing/tests/protoport-dual/test.conf delete mode 100644 testing/tests/protoport-pass/description.txt delete mode 100644 testing/tests/protoport-pass/evaltest.dat delete mode 100755 testing/tests/protoport-pass/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/protoport-pass/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/protoport-pass/posttest.dat delete mode 100644 testing/tests/protoport-pass/pretest.dat delete mode 100644 testing/tests/protoport-pass/test.conf delete mode 100644 testing/tests/protoport-route/description.txt delete mode 100644 testing/tests/protoport-route/evaltest.dat delete mode 100755 testing/tests/protoport-route/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/protoport-route/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/protoport-route/posttest.dat delete mode 100644 testing/tests/protoport-route/pretest.dat delete mode 100644 testing/tests/protoport-route/test.conf delete mode 100644 testing/tests/req-pkcs10/description.txt delete mode 100644 testing/tests/req-pkcs10/evaltest.dat delete mode 100755 testing/tests/req-pkcs10/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/req-pkcs10/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/req-pkcs10/hosts/carol/etc/scepclient.conf delete mode 100644 testing/tests/req-pkcs10/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/req-pkcs10/hosts/moon/etc/scepclient.conf delete mode 100644 testing/tests/req-pkcs10/hosts/winnetou/etc/openssl/yy.txt delete mode 100644 testing/tests/req-pkcs10/posttest.dat delete mode 100644 testing/tests/req-pkcs10/pretest.dat delete mode 100644 testing/tests/req-pkcs10/test.conf delete mode 100644 testing/tests/rw-cert/description.txt delete mode 100644 testing/tests/rw-cert/evaltest.dat delete mode 100644 testing/tests/rw-cert/posttest.dat delete mode 100644 testing/tests/rw-cert/pretest.dat delete mode 100644 testing/tests/rw-cert/test.conf delete mode 100644 testing/tests/rw-psk-fqdn-named/description.txt delete mode 100644 testing/tests/rw-psk-fqdn-named/evaltest.dat delete mode 100755 testing/tests/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-fqdn-named/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-fqdn-named/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/rw-psk-fqdn-named/posttest.dat delete mode 100644 testing/tests/rw-psk-fqdn-named/pretest.dat delete mode 100644 testing/tests/rw-psk-fqdn-named/test.conf delete mode 100644 testing/tests/rw-psk-fqdn/description.txt delete mode 100644 testing/tests/rw-psk-fqdn/evaltest.dat delete mode 100755 testing/tests/rw-psk-fqdn/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-fqdn/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/rw-psk-fqdn/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-fqdn/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/rw-psk-fqdn/posttest.dat delete mode 100644 testing/tests/rw-psk-fqdn/pretest.dat delete mode 100644 testing/tests/rw-psk-fqdn/test.conf delete mode 100644 testing/tests/rw-psk-ipv4/description.txt delete mode 100644 testing/tests/rw-psk-ipv4/evaltest.dat delete mode 100755 testing/tests/rw-psk-ipv4/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-ipv4/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/rw-psk-ipv4/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-ipv4/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/rw-psk-ipv4/posttest.dat delete mode 100644 testing/tests/rw-psk-ipv4/pretest.dat delete mode 100644 testing/tests/rw-psk-ipv4/test.conf delete mode 100644 testing/tests/rw-psk-no-policy/description.txt delete mode 100644 testing/tests/rw-psk-no-policy/evaltest.dat delete mode 100755 testing/tests/rw-psk-no-policy/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-no-policy/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/rw-psk-no-policy/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-no-policy/posttest.dat delete mode 100644 testing/tests/rw-psk-no-policy/pretest.dat delete mode 100644 testing/tests/rw-psk-no-policy/test.conf delete mode 100644 testing/tests/rw-psk-rsa-mixed/description.txt delete mode 100644 testing/tests/rw-psk-rsa-mixed/evaltest.dat delete mode 100755 testing/tests/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/rw-psk-rsa-mixed/posttest.dat delete mode 100644 testing/tests/rw-psk-rsa-mixed/pretest.dat delete mode 100644 testing/tests/rw-psk-rsa-mixed/test.conf delete mode 100644 testing/tests/rw-rsa-no-policy/description.txt delete mode 100644 testing/tests/rw-rsa-no-policy/evaltest.dat delete mode 100755 testing/tests/rw-rsa-no-policy/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/rw-rsa-no-policy/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/rw-rsa-no-policy/posttest.dat delete mode 100644 testing/tests/rw-rsa-no-policy/pretest.dat delete mode 100644 testing/tests/rw-rsa-no-policy/test.conf delete mode 100644 testing/tests/self-signed/description.txt delete mode 100644 testing/tests/self-signed/evaltest.dat delete mode 100755 testing/tests/self-signed/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/self-signed/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/self-signed/hosts/moon/etc/init.d/iptables delete mode 100755 testing/tests/self-signed/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/self-signed/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/self-signed/hosts/moon/etc/scepclient.conf delete mode 100644 testing/tests/self-signed/posttest.dat delete mode 100644 testing/tests/self-signed/pretest.dat delete mode 100644 testing/tests/self-signed/test.conf delete mode 100644 testing/tests/starter-also-loop/description.txt delete mode 100644 testing/tests/starter-also-loop/evaltest.dat delete mode 100755 testing/tests/starter-also-loop/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/starter-also-loop/posttest.dat delete mode 100644 testing/tests/starter-also-loop/pretest.dat delete mode 100644 testing/tests/starter-also-loop/test.conf delete mode 100644 testing/tests/starter-also/description.txt delete mode 100644 testing/tests/starter-also/evaltest.dat delete mode 100755 testing/tests/starter-also/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/starter-also/posttest.dat delete mode 100644 testing/tests/starter-also/pretest.dat delete mode 100644 testing/tests/starter-also/test.conf delete mode 100644 testing/tests/starter-includes/description.txt delete mode 100644 testing/tests/starter-includes/evaltest.dat delete mode 100755 testing/tests/starter-includes/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/starter-includes/hosts/dave/etc/ipsec.conf delete mode 100755 testing/tests/starter-includes/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/starter-includes/hosts/moon/etc/ipsec.connections delete mode 100755 testing/tests/starter-includes/hosts/moon/etc/ipsec.host delete mode 100644 testing/tests/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.carol delete mode 100644 testing/tests/starter-includes/hosts/moon/etc/ipsec.peers/ipsec.dave delete mode 100644 testing/tests/starter-includes/posttest.dat delete mode 100644 testing/tests/starter-includes/pretest.dat delete mode 100644 testing/tests/starter-includes/test.conf delete mode 100644 testing/tests/strong-certs/description.txt delete mode 100644 testing/tests/strong-certs/evaltest.dat delete mode 100755 testing/tests/strong-certs/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/strong-certs/hosts/carol/etc/ipsec.d/certs/carolCert-sha384.pem delete mode 100644 testing/tests/strong-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem delete mode 100644 testing/tests/strong-certs/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/strong-certs/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/strong-certs/hosts/dave/etc/ipsec.d/certs/daveCert-sha512.pem delete mode 100644 testing/tests/strong-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem delete mode 100644 testing/tests/strong-certs/hosts/dave/etc/ipsec.secrets delete mode 100755 testing/tests/strong-certs/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/strong-certs/hosts/moon/etc/ipsec.d/certs/moonCert-sha256.pem delete mode 100644 testing/tests/strong-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem delete mode 100644 testing/tests/strong-certs/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/strong-certs/posttest.dat delete mode 100644 testing/tests/strong-certs/pretest.dat delete mode 100644 testing/tests/strong-certs/test.conf delete mode 100644 testing/tests/virtual-ip-swapped/description.txt delete mode 100644 testing/tests/virtual-ip-swapped/evaltest.dat delete mode 100755 testing/tests/virtual-ip-swapped/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/virtual-ip-swapped/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/virtual-ip-swapped/posttest.dat delete mode 100644 testing/tests/virtual-ip-swapped/pretest.dat delete mode 100644 testing/tests/virtual-ip-swapped/test.conf delete mode 100644 testing/tests/virtual-ip/description.txt delete mode 100644 testing/tests/virtual-ip/evaltest.dat delete mode 100755 testing/tests/virtual-ip/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/virtual-ip/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/virtual-ip/posttest.dat delete mode 100644 testing/tests/virtual-ip/pretest.dat delete mode 100644 testing/tests/virtual-ip/test.conf delete mode 100644 testing/tests/wildcards/description.txt delete mode 100644 testing/tests/wildcards/evaltest.dat delete mode 100755 testing/tests/wildcards/hosts/carol/etc/ipsec.conf delete mode 100755 testing/tests/wildcards/hosts/dave/etc/ipsec.conf delete mode 100755 testing/tests/wildcards/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/wildcards/posttest.dat delete mode 100644 testing/tests/wildcards/pretest.dat delete mode 100644 testing/tests/wildcards/test.conf delete mode 100644 testing/tests/wlan/description.txt delete mode 100644 testing/tests/wlan/evaltest.dat delete mode 100755 testing/tests/wlan/hosts/alice/etc/init.d/iptables delete mode 100755 testing/tests/wlan/hosts/alice/etc/ipsec.conf delete mode 100755 testing/tests/wlan/hosts/moon/etc/init.d/iptables delete mode 100755 testing/tests/wlan/hosts/moon/etc/ipsec.conf delete mode 100755 testing/tests/wlan/hosts/venus/etc/init.d/iptables delete mode 100755 testing/tests/wlan/hosts/venus/etc/ipsec.conf delete mode 100644 testing/tests/wlan/posttest.dat delete mode 100644 testing/tests/wlan/pretest.dat delete mode 100644 testing/tests/wlan/test.conf delete mode 100644 testing/tests/xauth-psk-mode-config/description.txt delete mode 100644 testing/tests/xauth-psk-mode-config/evaltest.dat delete mode 100644 testing/tests/xauth-psk-mode-config/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/xauth-psk-mode-config/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-psk-mode-config/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/xauth-psk-mode-config/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-psk-mode-config/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/xauth-psk-mode-config/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-psk-mode-config/posttest.dat delete mode 100644 testing/tests/xauth-psk-mode-config/pretest.dat delete mode 100644 testing/tests/xauth-psk-mode-config/test.conf delete mode 100644 testing/tests/xauth-psk/description.txt delete mode 100644 testing/tests/xauth-psk/evaltest.dat delete mode 100644 testing/tests/xauth-psk/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/xauth-psk/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-psk/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/xauth-psk/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-psk/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/xauth-psk/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-psk/posttest.dat delete mode 100644 testing/tests/xauth-psk/pretest.dat delete mode 100644 testing/tests/xauth-psk/test.conf delete mode 100644 testing/tests/xauth-rsa-fail/description.txt delete mode 100644 testing/tests/xauth-rsa-fail/evaltest.dat delete mode 100755 testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa-fail/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa-fail/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-rsa-fail/posttest.dat delete mode 100644 testing/tests/xauth-rsa-fail/pretest.dat delete mode 100644 testing/tests/xauth-rsa-fail/test.conf delete mode 100644 testing/tests/xauth-rsa-mode-config/description.txt delete mode 100644 testing/tests/xauth-rsa-mode-config/evaltest.dat delete mode 100644 testing/tests/xauth-rsa-mode-config/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa-mode-config/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-rsa-mode-config/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa-mode-config/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-rsa-mode-config/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa-mode-config/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-rsa-mode-config/posttest.dat delete mode 100644 testing/tests/xauth-rsa-mode-config/pretest.dat delete mode 100644 testing/tests/xauth-rsa-mode-config/test.conf delete mode 100644 testing/tests/xauth-rsa-nosecret/description.txt delete mode 100644 testing/tests/xauth-rsa-nosecret/evaltest.dat delete mode 100755 testing/tests/xauth-rsa-nosecret/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa-nosecret/hosts/carol/etc/ipsec.secrets delete mode 100755 testing/tests/xauth-rsa-nosecret/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa-nosecret/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-rsa-nosecret/posttest.dat delete mode 100644 testing/tests/xauth-rsa-nosecret/pretest.dat delete mode 100644 testing/tests/xauth-rsa-nosecret/test.conf delete mode 100644 testing/tests/xauth-rsa/description.txt delete mode 100644 testing/tests/xauth-rsa/evaltest.dat delete mode 100644 testing/tests/xauth-rsa/hosts/carol/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa/hosts/carol/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-rsa/hosts/dave/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa/hosts/dave/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-rsa/hosts/moon/etc/ipsec.conf delete mode 100644 testing/tests/xauth-rsa/hosts/moon/etc/ipsec.secrets delete mode 100644 testing/tests/xauth-rsa/posttest.dat delete mode 100644 testing/tests/xauth-rsa/pretest.dat delete mode 100644 testing/tests/xauth-rsa/test.conf (limited to 'testing/scripts/kstart-umls') diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 000000000..e69de29bb diff --git a/CHANGES b/CHANGES deleted file mode 100644 index 7b8344fe4..000000000 --- a/CHANGES +++ /dev/null @@ -1,781 +0,0 @@ -strongswan-2.8.3 ----------------- - -- Support of SHA2_384 hash function for protecting IKEv1 - negotiations and support of SHA2 signatures in X.509 certificates. - -- Fixed a serious bug in the computation of the SHA2-512 HMAC - function. Introduced testvector-based self-tests of all IKEv1 hash - and hmac functions during pluto startup. Failure of a self-test - currently issues a warning only but does not exit pluto [yet]. - - -strongswan-2.8.2 ----------------- - -- strongSwan now interoperates with the NCP Secure Entry Client, - the Shrew Soft VPN Client, and the Cisco VPN client, doing both - XAUTH and Mode Config. - -- UNITY attributes are now recognized and UNITY_BANNER is set - to a default string. - - -strongswan-2.8.1 ----------------- - -- Support for extended authentication (XAUTH) in combination - with ISAKMP Main Mode RSA or PSK authentication. Both client and - server side were implemented. Handling of user credentials can - be done by a run-time loadable XAUTH module. By default user - credentials are stored in ipsec.secrets. - -- Mixed PSK/RSA authentication is now possible between two hosts - with static IP addresses. - - -strongswan-2.8.0 ----------------- - -- Implementation of ModeConfig push mode via the new connection keyword - modeconfig=push allows interoperability with Cisco VPN gateways. - -- The command ipsec statusall now shows "DPD active" for all ISAKMP SAs - that are under active Dead Peer Detection control. - - -strongswan-2.7.3 ----------------- - -- "sha" and "sha1" are now treated as synonyms in the ike= and esp= - algorithm configuration statements. - -- Fixed possible segmentation faults in the eroute, klipsdebug, and - other KLIPS-related auxiliary functions by making the USE_NAT_TRAVERSAL - compile-time condition defined in Makefile.inc known in - programs/Makefile.program. - - -strongswan-2.7.2 ----------------- - -- The mixed PSK/RSA roadwarrior detection capability introduced by the - strongswan-2.7.0 release necessitated the pre-parsing of the IKE proposal - payloads by the responder right before any defined IKE Main Mode state had - been established. Although any form of bad proposal syntax was being correctly - detected by the payload parser, the subsequent error handler didn't check - the state pointer before logging current state information, causing an - immediate crash of the pluto keying daemon due to a NULL pointer. - - We strongly recommend to update to the 2.7.2 release which fixes this - vulnerability to malformed proposal payloads that could otherwise be - exploited by Denial-of-Service attacks. - - -strongswan-2.7.1 ----------------- - -- Calling ipsec up|down|route|unroute with a non-empty connection name - caused pluto to crash. As a fix argument checks have been added both - to the ipsec command on the sender end and pluto/rcv_whack.c on the - receiver end. - -- reactivated the PPP pointopoint code in starter/interfaces.c which - creates an ipsecN interface when used with Linux 2.4 KLIPS. - -- replaced free() by curl_free() in pluto/fetch.c thus fixing pluto - crashes occuring on some 64 bit hardware platforms when curl couldn't - successfully resolve a DNS request prior to fetching a CRL. - - -strongswan-2.7.0 ----------------- - -- the dynamic iptables rules from the _updown_x509 template - for KLIPS and the _updown_policy template for NETKEY have - been merged into the default _updown script. The existing - left|rightfirewall keyword causes the automatic insertion - and deletion of ACCEPT rules for tunneled traffic upon - the successful setup and teardown of an IPsec SA, respectively. - left|rightfirwall can be used with KLIPS under any Linux 2.4 - kernel or with NETKEY under a Linux kernel version >= 2.6.16 - in conjuction with iptables >= 1.3.5. For NETKEY under a Linux - kernel version < 2.6.16 which does not support IPsec policy - matching yet, please continue to use a copy of the _updown_espmark - template loaded via the left|rightupdown keyword. - -- a new left|righthostaccess keyword has been introduced which - can be used in conjunction with left|rightfirewall and the - default _updown script. By default leftfirewall=yes inserts - a bi-directional iptables FORWARD rule for a local client network - with a netmask different from 255.255.255.255 (single host). - This does not allow to access the VPN gateway host via its - internal network interface which is part of the client subnet - because an iptables INPUT and OUTPUT rule would be required. - lefthostaccess=yes will cause this additional ACCEPT rules to - be inserted. - -- mixed PSK|RSA roadwarriors are now supported. The ISAKMP proposal - payload is preparsed in order to find out whether the roadwarrior - requests PSK or RSA so that a matching connection candidate can - be found. - - -strongswan-2.6.4 ----------------- - -- the new _updown_policy template allows ipsec policy based - iptables firewall rules. Required are iptables version - >= 1.3.5 and linux kernel >= 2.6.16. This script obsoletes - the _updown_espmark template, so that no INPUT mangle rules - are required any more. - -- added support of DPD restart mode - -- ipsec starter now allows the use of wildcards in include - statements as e.g. in "include /etc/my_ipsec/*.conf". - Patch courtesy of Matthias Haas. - -- the Netscape OID 'employeeNumber' is now recognized and can be - used as a Relative Distinguished Name in certificates. - - -strongswan-2.6.3 ----------------- - -- /etc/init.d/ipsec or /etc/rc.d/ipsec is now a copy of the ipsec - command and not of ipsec setup any more. - -- ipsec starter now supports AH authentication in conjunction with - ESP encryption. AH authentication is configured in ipsec.conf - via the auth=ah parameter. - -- The command ipsec scencrypt|scdecrypt is now an alias for - ipsec whack --scencrypt|scdecrypt . - -- get_sa_info() now determines for the native netkey IPsec stack - the exact time of the last use of an active eroute. This information - is used by the Dead Peer Detection algorithm and is also displayed by - the ipsec status command. - - -strongswan-2.6.2 ----------------- - -- running under the native Linux 2.6 IPsec stack, the function - get_sa_info() is called by ipsec auto --status to display the current - number of transmitted bytes per IPsec SA. - -- get_sa_info() is also used by the Dead Peer Detection process to detect - recent ESP activity. If ESP traffic was received from the peer within - the last dpd_delay interval then no R_Y_THERE notification must be sent. - -- strongSwan now supports the Relative Distinguished Name "unstructuredName" - in ID_DER_ASN1_DN identities. The following notations are possible: - - rightid="unstructuredName=John Doe" - rightid="UN=John Doe" - -- fixed a long-standing bug which caused PSK-based roadwarrior connections - to segfault in the function id.c:same_id() called by keys.c:get_secret() - if an FQDN, USER_FQDN, or Key ID was defined, as in the following example. - - conn rw - right=%any - rightid=@foo.bar - authby=secret - -- the ipsec command now supports most ipsec auto commands (e.g. ipsec listall). - -- ipsec starter didn't set host_addr and client.addr ports in whack msg. - -- in order to guarantee backwards-compatibility with the script-based - auto function (e.g. auto --replace), the ipsec starter scripts stores - the defaultroute information in the temporary file /var/run/ipsec.info. - -- The compile-time option USE_XAUTH_VID enables the sending of the XAUTH - Vendor ID which is expected by Cisco PIX 7 boxes that act as IKE Mode Config - servers. - -- the ipsec starter now also recognizes the parameters authby=never and - type=passthrough|pass|drop|reject. - - -strongswan-2.6.1 ----------------- - -- ipsec starter now supports the also parameter which allows - a modular structure of the connection definitions. Thus - "ipsec start" is now ready to replace "ipsec setup". - - -strongswan-2.6.0 ----------------- - -- Mathieu Lafon's popular ipsec starter tool has been added to the - strongSwan distribution. Many thanks go to Stephan Scholz from astaro - for his integration work. ipsec starter is a C program which is going - to replace the various shell and awk starter scripts (setup, _plutoload, - _plutostart, _realsetup, _startklips, _confread, and auto). Since - ipsec.conf is now parsed only once, the starting of multiple tunnels is - accelerated tremedously. - -- Added support of %defaultroute to the ipsec starter. If the IP address - changes, a HUP signal to the ipsec starter will automatically - reload pluto's connections. - -- moved most compile time configurations from pluto/Makefile to - Makefile.inc by defining the options USE_LIBCURL, USE_LDAP, - USE_SMARTCARD, and USE_NAT_TRAVERSAL_TRANSPORT_MODE. - -- removed the ipsec verify and ipsec newhostkey commands - -- fixed some 64-bit issues in formatted print statements - -- The scepclient functionality implementing the Simple Certificate - Enrollment Protocol (SCEP) is nearly complete but hasn't been - documented yet. - - -strongswan-2.5.7 ----------------- - -- CA certicates are now automatically loaded from a smartcard - or USB crypto token and appear in the ipsec auto --listcacerts - listing. - - -strongswan-2.5.6 ----------------- - -- when using "ipsec whack --scencrypt " with a PKCS#11 - library that does not support the C_Encrypt() Cryptoki - function (e.g. OpenSC), the RSA encryption is done in - software using the public key fetched from the smartcard. - -- The scepclient function now allows to define the - validity of a self-signed certificate using the --days, - --startdate, and --enddate options. The default validity - has been changed from one year to five years. - - -strongswan-2.5.5 ----------------- - -- the config setup parameter pkcs11proxy=yes opens pluto's PKCS#11 - interface to other applications for RSA encryption and decryption - via the whack interface. Notation: - - ipsec whack --scencrypt - [--inbase 16|hex|64|base64|256|text|ascii] - [--outbase 16|hex|64|base64|256|text|ascii] - [--keyid ] - - ipsec whack --scdecrypt - [--inbase 16|hex|64|base64|256|text|ascii] - [--outbase 16|hex|64|base64|256|text|ascii] - [--keyid ] - - The default setting for inbase and outbase is hex. - - The new proxy interface can be used for securing symmetric - encryption keys required by the cryptoloop or dm-crypt - disk encryption schemes, especially in the case when - pkcs11keepstate=yes causes pluto to lock the pkcs11 slot - permanently. - -- if the file /etc/ipsec.secrets is lacking during the startup of - pluto then the root-readable file /etc/ipsec.d/private/myKey.der - containing a 2048 bit RSA private key and a matching self-signed - certificate stored in the file /etc/ipsec.d/certs/selfCert.der - is automatically generated by calling the function - - ipsec scepclient --out pkcs1 --out cert-self - - scepclient was written by Jan Hutter and Martin Willi, students - at the University of Applied Sciences in Rapperswil, Switzerland. - - -strongswan-2.5.4 ----------------- - -- the current extension of the PKCS#7 framework introduced - a parsing error in PKCS#7 wrapped X.509 certificates that are - e.g. transmitted by Windows XP when multi-level CAs are used. - the parsing syntax has been fixed. - -- added a patch by Gerald Richter which tolerates multiple occurrences - of the ipsec0 interface when using KLIPS. - - -strongswan-2.5.3 ----------------- - -- with gawk-3.1.4 the word "default2 has become a protected - keyword for use in switch statements and cannot be used any - more in the strongSwan scripts. This problem has been - solved by renaming "default" to "defaults" and "setdefault" - in the scripts _confread and auto, respectively. - -- introduced the parameter leftsendcert with the values - - always|yes (the default, always send a cert) - ifasked (send the cert only upon a cert request) - never|no (never send a cert, used for raw RSA keys and - self-signed certs) - -- fixed the initialization of the ESP key length to a default of - 128 bits in the case that the peer does not send a key length - attribute for AES encryption. - -- applied Herbert Xu's uniqueIDs patch - -- applied Herbert Xu's CLOEXEC patches - - -strongswan-2.5.2 ----------------- - -- CRLs can now be cached also in the case when the issuer's - certificate does not contain a subjectKeyIdentifier field. - In that case the subjectKeyIdentifier is computed by pluto as the - 160 bit SHA-1 hash of the issuer's public key in compliance - with section 4.2.1.2 of RFC 3280. - -- Fixed a bug introduced by strongswan-2.5.1 which eliminated - not only multiple Quick Modes of a given connection but also - multiple connections between two security gateways. - - -strongswan-2.5.1 ----------------- - -- Under the native IPsec of the Linux 2.6 kernel, a %trap eroute - installed either by setting auto=route in ipsec.conf or by - a connection put into hold, generates an XFRM_AQUIRE event - for each packet that wants to use the not-yet exisiting - tunnel. Up to now each XFRM_AQUIRE event led to an entry in - the Quick Mode queue, causing multiple IPsec SA to be - established in rapid succession. Starting with strongswan-2.5.1 - only a single IPsec SA is established per host-pair connection. - -- Right after loading the PKCS#11 module, all smartcard slots are - searched for certificates. The result can be viewed using - the command - - ipsec auto --listcards - - The certificate objects found in the slots are numbered - starting with #1, #2, etc. This position number can be used to address - certificates (leftcert=%smartcard) and keys (: PIN %smartcard) - in ipsec.conf and ipsec.secrets, respectively: - - %smartcard (selects object #1) - %smartcard#1 (selects object #1) - %smartcard#3 (selects object #3) - - As an alternative the existing retrieval scheme can be used: - - %smartcard:45 (selects object with id=45) - %smartcard0 (selects first object in slot 0) - %smartcard4:45 (selects object in slot 4 with id=45) - -- Depending on the settings of CKA_SIGN and CKA_DECRYPT - private key flags either C_Sign() or C_Decrypt() is used - to generate a signature. - -- The output buffer length parameter siglen in C_Sign() - is now initialized to the actual size of the output - buffer prior to the function call. This fixes the - CKR_BUFFER_TOO_SMALL error that could occur when using - the OpenSC PKCS#11 module. - -- Changed the initialization of the PKCS#11 CK_MECHANISM in - C_SignInit() to mech = { CKM_RSA_PKCS, NULL_PTR, 0 }. - -- Refactored the RSA public/private key code and transferred it - from keys.c to the new pkcs1.c file as a preparatory step - towards the release of the SCEP client. - - -strongswan-2.5.0 ----------------- - -- The loading of a PKCS#11 smartcard library module during - runtime does not require OpenSC library functions any more - because the corresponding code has been integrated into - smartcard.c. Also the RSAREF pkcs11 header files have been - included in a newly created pluto/rsaref directory so that - no external include path has to be defined any longer. - -- A long-awaited feature has been implemented at last: - The local caching of CRLs fetched via HTTP or LDAP, activated - by the parameter cachecrls=yes in the config setup section - of ipsec.conf. The dynamically fetched CRLs are stored under - a unique file name containing the issuer's subjectKeyID - in /etc/ipsec.d/crls. - -- Applied a one-line patch courtesy of Michael Richardson - from the Openswan project which fixes the kernel-oops - in KLIPS when an snmp daemon is running on the same box. - - -strongswan-2.4.4 ----------------- - -- Eliminated null length CRL distribution point strings. - -- Fixed a trust path evaluation bug introduced with 2.4.3 - - -strongswan-2.4.3 ----------------- - -- Improved the joint OCSP / CRL revocation policy. - OCSP responses have precedence over CRL entries. - -- Introduced support of CRLv2 reason codes. - -- Fixed a bug with key-pad equipped readers which caused - pluto to prompt for the pin via the console when the first - occasion to enter the pin via the key-pad was missed. - -- When pluto is built with LDAP_V3 enabled, the library - liblber required by newer versions of openldap is now - included. - - -strongswan-2.4.2 ----------------- - -- Added the _updown_espmark template which requires all - incoming ESP traffic to be marked with a default mark - value of 50. - -- Introduced the pkcs11keepstate parameter in the config setup - section of ipsec.conf. With pkcs11keepstate=yes the PKCS#11 - session and login states are kept as long as possible during - the lifetime of pluto. This means that a PIN entry via a key - pad has to be done only once. - -- Introduced the pkcs11module parameter in the config setup - section of ipsec.conf which specifies the PKCS#11 module - to be used with smart cards. Example: - - pkcs11module=/usr/lib/pkcs11/opensc-pkcs11.lo - -- Added support of smartcard readers equipped with a PIN pad. - -- Added patch by Jay Pfeifer which detects when netkey - modules have been statically built into the Linux 2.6 kernel. - -- Added two patches by Herbert Xu. The first uses ip xfrm - instead of setkey to flush the IPsec policy database. The - second sets the optional flag in inbound IPComp SAs only. - -- Applied Ulrich Weber's patch which fixes an interoperability - problem between native IPsec and KLIPS systems caused by - setting the replay window to 32 instead of 0 for ipcomp. - - -strongswan-2.4.1 ----------------- - -- Fixed a bug which caused an unwanted Mode Config request - to be initiated in the case where "right" was used to denote - the local side in ipsec.conf and "left" the remote side, - contrary to the recommendation that "right" be remote and - "left" be"local". - - -strongswan-2.4.0a ------------------ - -- updated Vendor ID to strongSwan-2.4.0 - -- updated copyright statement to include David Buechi and - Michael Meier - - -strongswan-2.4.0 ----------------- - -- strongSwan now communicates with attached smartcards and - USB crypto tokens via the standardized PKCS #11 interface. - By default the OpenSC library from www.opensc.org is used - but any other PKCS#11 library could be dynamically linked. - strongSwan's PKCS#11 API was implemented by David Buechi - and Michael Meier, both graduates of the Zurich University - of Applied Sciences in Winterthur, Switzerland. - -- When a %trap eroute is triggered by an outgoing IP packet - then the native IPsec stack of the Linux 2.6 kernel [often/ - always?] returns an XFRM_ACQUIRE message with an undefined - protocol family field and the connection setup fails. - As a workaround IPv4 (AF_INET) is now assumed. - -- the results of the UML test scenarios are now enhanced - with block diagrams of the virtual network topology used - in a particular test. - - -strongswan-2.3.2 ----------------- - -- fixed IV used to decrypt informational messages. - This bug was introduced with Mode Config functionality. - -- fixed NCP Vendor ID. - -- undid one of Ulrich Weber's maximum udp size patches - because it caused a segmentation fault with NAT-ed - Delete SA messages. - -- added UML scenarios wildcards and attr-cert which - demonstrate the implementation of IPsec policies based - on wildcard parameters contained in Distinguished Names and - on X.509 attribute certificates, respectively. - - -strongswan-2.3.1 ----------------- - -- Added basic Mode Config functionality - -- Added Mathieu Lafon's patch which upgrades the status of - the NAT-Traversal implementation to RFC 3947. - -- The _startklips script now also loads the xfrm4_tunnel - module. - -- Added Ulrich Weber's netlink replay window size and - maximum udp size patches. - -- UML testing now uses the Linux 2.6.10 UML kernel by default. - - -strongswan-2.3.0 ----------------- - -- Eric Marchionni and Patrik Rayo, both recent graduates from - the Zuercher Hochschule Winterthur in Switzerland, created a - User-Mode-Linux test setup for strongSwan. For more details - please read the INSTALL and README documents in the testing - subdirectory. - -- Full support of group attributes based on X.509 attribute - certificates. Attribute certificates can be generated - using the openac facility. For more details see - - man ipsec_openac. - - The group attributes can be used in connection definitions - in order to give IPsec access to specific user groups. - This is done with the new parameter left|rightgroups as in - - rightgroups="Research, Sales" - - giving access to users possessing the group attributes - Research or Sales, only. - -- In Quick Mode clients with subnet mask /32 are now - coded as IP_V4_ADDRESS or IP_V6_ADDRESS. This should - fix rekeying problems with the SafeNet/SoftRemote and NCP - Secure Entry Clients. - -- Changed the defaults of the ikelifetime and keylife parameters - to 3h and 1h, respectively. The maximum allowable values are - now both set to 24 h. - -- Suppressed notification wars between two IPsec peers that - could e.g. be triggered by incorrect ISAKMP encryption. - -- Public RSA keys can now have identical IDs if either the - issuing CA or the serial number is different. The serial - number of a certificate is now shown by the command - - ipsec auto --listpubkeys - - -strongswan-2.2.2 ----------------- - -- Added Tuomo Soini's sourceip feature which allows a strongSwan - roadwarrior to use a fixed Virtual IP (see README section 2.6) - and reduces the well-known four tunnel case on VPN gateways to - a single tunnel definition (see README section 2.4). - -- Fixed a bug occuring with NAT-Traversal enabled when the responder - suddenly turns initiator and the initiator cannot find a matching - connection because of the floated IKE port 4500. - -- Removed misleading ipsec verify command from barf. - -- Running under the native IP stack, ipsec --version now shows - the Linux kernel version (courtesy to the Openswan project). - - -strongswan-2.2.1 ----------------- - -- Introduced the ipsec auto --listalgs monitoring command which lists - all currently registered IKE and ESP algorithms. - -- Fixed a bug in the ESP algorithm selection occuring when the strict flag - is set and the first proposed transform does not match. - -- Fixed another deadlock in the use of the lock_certs_and_keys() mutex, - occuring when a smartcard is present. - -- Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event. - -- Fixed the printing of the notification names (null) - -- Applied another of Herbert Xu's Netlink patches. - - -strongswan-2.2.0 ----------------- - -- Support of Dead Peer Detection. The connection parameter - - dpdaction=clear|hold - - activates DPD for the given connection. - -- The default Opportunistic Encryption (OE) policy groups are not - automatically included anymore. Those wishing to activate OE can include - the policy group with the following statement in ipsec.conf: - - include /etc/ipsec.d/examples/oe.conf - - The default for [right|left]rsasigkey is now set to %cert. - -- strongSwan now has a Vendor ID of its own which can be activated - using the compile option VENDORID - -- Applied Herbert Xu's patch which sets the compression algorithm correctly. - -- Applied Herbert Xu's patch fixing an ESPINUDP problem - -- Applied Herbert Xu's patch setting source/destination port numbers. - -- Reapplied one of Herbert Xu's NAT-Traversal patches which got - lost during the migration from SuperFreeS/WAN. - -- Fixed a deadlock in the use of the lock_certs_and_keys() mutex. - -- Fixed the unsharing of alg parameters when instantiating group - connection. - - -strongswan-2.1.5 ----------------- - -- Thomas Walpuski made me aware of a potential DoS attack via - a PKCS#7-wrapped certificate bundle which could overwrite valid CA - certificates in Pluto's authority certificate store. This vulnerability - was fixed by establishing trust in CA candidate certificates up to a - trusted root CA prior to insertion into Pluto's chained list. - -- replaced the --assign option by the -v option in the auto awk script - in order to make it run with mawk under debian/woody. - - -strongswan-2.1.4 ----------------- - -- Split of the status information between ipsec auto --status (concise) - and ipsec auto --statusall (verbose). Both commands can be used with - an optional connection selector: - - ipsec auto --status[all] - -- Added the description of X.509 related features to the ipsec_auto(8) - man page. - -- Hardened the ASN.1 parser in debug mode, especially the printing - of malformed distinguished names. - -- The size of an RSA public key received in a certificate is now restricted to - - 512 bits <= modulus length <= 8192 bits. - -- Fixed the debug mode enumeration. - - -strongswan-2.1.3 ----------------- - -- Fixed another PKCS#7 vulnerability which could lead to an - endless loop while following the X.509 trust chain. - - -strongswan-2.1.2 ----------------- - -- Fixed the PKCS#7 vulnerability discovered by Thomas Walpuski - that accepted end certificates having identical issuer and subject - distinguished names in a multi-tier X.509 trust chain. - - -strongswan-2.1.1 ----------------- - -- Removed all remaining references to ipsec_netlink.h in KLIPS. - - -strongswan-2.1.0 ----------------- - -- The new "ca" section allows to define the following parameters: - - ca kool - cacert=koolCA.pem # cacert of kool CA - ocspuri=http://ocsp.kool.net:8001 # ocsp server - ldapserver=ldap.kool.net # default ldap server - crluri=http://www.kool.net/kool.crl # crl distribution point - crluri2="ldap:///O=Kool, C= .." # crl distribution point #2 - auto=add # add, ignore - - The ca definitions can be monitored via the command - - ipsec auto --listcainfos - -- Fixed cosmetic corruption of /proc filesystem by integrating - D. Hugh Redelmeier's freeswan-2.06 kernel fixes. - - -strongswan-2.0.2 ----------------- - -- Added support for the 818043 NAT-Traversal update of Microsoft's - Windows 2000/XP IPsec client which sends an ID_FQDN during Quick Mode. - -- A symbolic link to libcrypto is now added in the kernel sources - during kernel compilation - -- Fixed a couple of 64 bit issues (mostly casts to int). - Thanks to Ken Bantoft who checked my sources on a 64 bit platform. - -- Replaced s[n]printf() statements in the kernel by ipsec_snprintf(). - Credits go to D. Hugh Redelmeier, Michael Richardson, and Sam Sgro - of the FreeS/WAN team who solved this problem with the 2.4.25 kernel. - - -strongswan-2.0.1 ----------------- - -- an empty ASN.1 SEQUENCE OF or SET OF object (e.g. a subjectAltName - certificate extension which contains no generalName item) can cause - a pluto crash. This bug has been fixed. Additionally the ASN.1 parser has - been hardened to make it more robust against malformed ASN.1 objects. - -- applied Herbert Xu's NAT-T patches which fixes NAT-T under the native - Linux 2.6 IPsec stack. - - -strongswan-2.0.0 ----------------- - -- based on freeswan-2.04, x509-1.5.3, nat-0.6c, alg-0.8.1rc12 diff --git a/CREDITS b/CREDITS index a0c8eb2fa..41aa48338 100644 --- a/CREDITS +++ b/CREDITS @@ -107,4 +107,7 @@ The ipsec starter is based on Mathieu Lafon's original work. Jan Hutter and Martin Willi developed the scepclient which fully supports Cisco's Simple Certificate Enrollment Protocol (SCEP). +Tobias Brunner and Daniel Roethlisberger implemented NAT traversal and dead +peer detection for the IKEv2 keying daemon. + This file is RCSID $Id: CREDITS,v 1.6 2006/01/22 21:28:27 as Exp $ diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 000000000..f52898a8e --- /dev/null +++ b/ChangeLog @@ -0,0 +1,1079 @@ + strongswan-4.1.0 / R:2552 +=========================== + +fixed nat detection bug +OCSP support +updated NEWS, TODO and man page +respecting "keyingtries" parameter on IKE_SA setup +cleanups +fixed reset() +not installing a route when policy gets updated +renamed keyingtries attribute +adjusted loglevels +delay OCSP response by 5 seconds +always update reqid on policy install, fixes dpdaction=hold issue +EAP-SIM cleanups +fixed CHILD_SA rekeying/delete bug on 64bit machines +removed obsolete methods in delete_payload +Shortened distribution string +Shortened distribution string +shortened distribution string +add daemon.log to web page +remove /etc/resolv.conf +version bump to 4.1.0 +added apache2/ocsp log directory to winnetou +removed killall openssl +removed killall openssl +deleted +deleted +create apach2/ocsp/ logging directory on winnetou +do not check for type of dpd action any more +create /var/log/apache2/ocsp on winnetou +added +added +added +delete virtual IP addresses after use +deleted +added +fixed case of missing subjectKeyID +corrected typo +version bump to 4.1.0 +added +use CURLOPT_NOSIGNAL +added --with-sim-reader option to configure script +some cleanups in eap_sim +removed dublicated code in eap_authenticator +log reception of trusted signer certificate +version bump to 4.1.0 +deleted +added +changed OCSPSigner to OCSPSigning +fixed carry bug in FIPS prf +user standard cert +deleted +deleted +added +added +modified description.txt and evaltest.dat +version number selection fix +some cleanups +cleaned up and fixed DPD handling code +removed cfg-payload dns test code +added +added +version bump to strongswan-4.1.0 and linux-2.6.20.3 +cosmetics +increased control debugging output +added EAP-SIM authentication + client side only + uses an external SIM reader library specified with SIM_READER_LIB + untested +not detaching from bus when IKE_SA_INIT is retried +added AES-192/256 proposals to IKE +added generic EAP_IDENTITY client implementation using peers IKEv2 ID +fixed compilation warnings and errors when not using curl +results from the single responses is stored in the corresponding certinfo_t structs +moved credential_store.h from charon/config/credentials to libstrongswan +last patch removed, changed CURLOPT_FILE to CURLOPT_WRITEDATA +fixed memory leak by calling curl_slist_free_all(headers) +fixed memory leak by calling curl_slist_free_all(headers) +whitelisting static Curl_getaddrinfo() memory leak +fixed a certinfo_t memory leak in verify() +fixed a memory leak in response_t +ocsp signer certificate and ocsp response signature can be verified +fixed memleaks when using EAP authentication +fixed configuration payloads when using EAP +fixed payload order (again) +including peers certificate when his certreq is empty +implemented cookies as initiator +proper logging of notifies in IKE_SA setup +disabling routing for IPv6, does not work correctly +fixed call of add_auth_certificate() +generalized get_ca_certificate() to get_auth_certificate(auth_flags) +added fetcher_finalize() to clean up libcurl +some cleanups +not installing %any DNS servers +support of setting and getting authority flags +support if ocsp signing certificates +support if ocsp signing certificates +fixed payload order in IKE_AUTH +removed SHA2 kernel proposals from default, the kernel doesn't support them yet +allocation fixes, not complete +handling "No policy found" properly +added more debugging output for policy lookup +returning a (dummy) policy even when TS does not match, so we can properly send a TS_UNACCEPTABLE +fixed CHILD_SA creation within existing IKE_SA +added ocsp_parse_single_response +ported changes from EAP branch, renabling EAP framework +added (not yet supported) sha2 algorithms to kernel +only adding a route if using tunnel mode +added SHA2 MAC and PRF to default proposal +added more debug output +experimental SHA2 HMAC and PRF implementations +parsing basic ocsp response +forgot to assign public.is_ocsp_signer() method +added parsing level to x509_create_from_chunk() +added parsing level to x509_create_from_chunk() and added is_ocsp_signer() method +http post fetching using libcurl implemented +added fetcher.h and fetcher.c +added +corrected @ingroup to utils +corrected comment +start ocsp checking only if there are any ocspuris present +conntrack -F is used to flush the NAT states +the hostaccess=yes parameters are not needed anymore +use conntrack -F to flush NAT states +replaced actual virtual IP addresses by symbolic ones +removed unnecessary double quotes +nonce in ocsp_t was not properly initialized +ocsp request is now fully built but without requestor signature +starting to build ocsp request +prevent from initiating multiple exchanges the same time +updated apidoc documentation +fixed notify handling in IKE_AUTH +moved nonce payload before TS in CHILD_SA setup +moved REKEY_SA notify to the beginning of the message +fixed traffic selector redundancy removal code (not completely tested) +add crl and ocsp uris to linked list after partial verification +added print hook for certinfo_t printing +fixed typo +sending an SPI of 0 as responder when IKE_SA_INIT fails +iterate certinfos linked list for matching serialNumber +some cleanups +not assigning %any virtual IPs to peer anymore +fixed double free bug +added +fixed ID selection bug when peer doesn't include IDr payload +allowing vendor ID in any messag +moved listing of crls to local_credential_store and ca +refactored ca_info_t +refactored ca_info_t +fixed netlink socket receiver code +implemented interface enumeration code with netlink: no getifaddrs reqired anymore +refactored kernel interface, works reliable again +implemented get_iface() using RTM_GETADDR +added support for multi-header netlink messages +really ugly now, need a lot of refactoring +added debuggin for interface lookup +fixed address lookup when !using getifaddrs() +added firewalling support when using virtual IPs +added support for 0.0.0.0/0 traffic selectors +fixed routing to make correct 0.0.0.0/0 routes +config-payload scenario fixes +preparations for PLUTO_MY_SOURCEIP +corrected typo +added cert with OCSP access info +dpd now takes 180 s and 5 retransmits +changed grep to creating aquire job for CHILD SA +replaced actual virtual IPs by place holders +virtual-ip scenario has been replaces by config-payload scenario +added +added +added ocsp.h and ocsp.c +added +r2398 | tobias | 2007-02-28 16:20:10 +0100 (Wed, 28 Feb 2007) | 2 lines +virtual ip uml test +fixed reauthentication when connections other is %any +merged tasking branch into trunk +fixed big endian bug in md5 hasher +cosmetics +added once flag to certinfo_t +cosmetics +added certinfos linked list +changed ca info to ca +support of ca info sections +added support of OCSP accessLocations +correct interface definition +added support of OCSP accessLocations +full support of ca info records +added the create_crluri_iterator method +replace ca is realized as del_ca followed by add_ca +last CA keyword is KW_OCSPURI2 +full support of ca info records +full support of ca info records +alphabetically sorting print commands +listing ca_info items +replace printf.h by stdio.h +addin get_keyid() method +support of ca info records +support of ca info records +version bump to 4.0.8 +support of ca info records +support of ca info records +typo +SHA512-HMAC bug fix and hash function self-test support +SHA512-HMAC bug fix and hash function self-test support +handle strong SHA-2 signatures in X.509 certificates +SHA-2 fixes and add-ons +version bumps +remove strong certs and keys after test +added +using "left" as my host per default, swapping to "right" when needed +respecting source address when sending packets +added PRINT_CAINFO hook +stroke now recognizes the keywords listocspcerts|cainfos|ocsp, rereadocspcerts and purgeocsp +enable IP forwarding +prepared support of ca information records and ocsp functionality +added support of ca information records and ocsp keywords +enabled adding and deleting ca information records +fixed starter crash due to freeing default IPSEC_EAPDIR string +add --eapdir option only if defined in ipsec.conf +removed eap aka module due nda +merged EAP framework from branch into trunk +includes a lot of other modifications +%T requires time_t ptr +removed my time_t printf handler patch, applied the one of andreas (64bit save) +fixed printf() hooks for time +added support for NULL encryption in ESP +be more liberal in accepting notifies with a protocol id +include NO_EXT_SEQUENCE_NUMBER in default proposal +output peer id if RSA public key is not found +fixed typo +version bump to 4.0.8 +added address listing without getifaddrs for uclibc (only IPv4 yet) +added threads to support multiple simultaneous stroke requests +renamed all static clone() functions to avoid naming conflicts with uclibc +sending proper signal to the bus when detecting a dead peer +added configuration of XAUTH and ModeConfig push mode +version bump +version bump +Cisco XAUTH interoperability +XAUTH interoperability with Cisco +removed IPSECPOLICY compile option +unload xauth_module only if XAUTH_DEFAULT_LIB is defined +loading the XAUTH module requires libdl +added some more attributes, inst XAUTH_TYPE in reply +Mode Config refactoring +XAUTH fixes and Cisco Unity support +log APPLICATION_VERSION and UNITY_DDNS_HOSTNAME strings +added Cisco Unity ModeCfg attributes +version bump to 4.0.7 +fixed 64 bit issue with print time +fixed XAUTHResp bug +included xauth.h +use uml_mconsole to check end of booting process +name the created CHILD_SA +doubled PAYLIMIT to 40 payloads +version bump +show rekeying|reauthentication time +show name of created CHILD_SA +combined use_in and use_fwd +corrected typo +cosmetics +cosmetics +fixed an enumeration error, added CISCO_IOS VID +fixed mismatch in interface definition of get_secret() +forward declaration of struct state not needed +cosmetics +added firewall support to scenario +updated changelog for 4.0.6 +fixed crash when CA for certrequest not found +fixed build when !using smartcard +removed unused debugging code +updated NEWS for 4.0.6 + + + strongswan-4.0.6 / R:2131 +=========================== + +updated NEWS for 4.0.6 +readded tranport mode test using new status output +removed dublicated host2host-transport test +fixed reauthentication when using %any hosts +support for transport in create_child_sa +include TRANSPORT/TUNNEL information in statusall +load xauth module via dlopen() +define path to xauth module +added host2host-transport scenario +removed trailing lines +added XAUTH support +fixed typo +added XAUTH server and client support +load and unload XAUTH module +added xauth.h and xauth.c +added enable-cisco-quirks configure option +added xauth scenarios +added config option for BEET mode +fixed reuathentication when connections other host is %any +fixed host conversion length check +negated POLICY_REAUTH to POLICY_DONT_REAUTH +negated POLICY_REAUTH to POLICY_DONT_REAUTH +enable XAUTH_VID by default +added support for transport mode and (experimental!) BEET mode +support for the type=transport/tunnel parameter in charon +fixed charset & cleanups +added XAUTH server and client support +additional parentheses for same_chunk() macro +renamed to appear in doxygen build +added a roadmap of the strongSwan project (TODO) +added some NEWS +first try to update ipsec.conf manual +implemented reauthentication using the new reauth=yes|no parameter +fixed more uClibc issues +should compile against a uClibc > 0.9.28 (untested) +added XAUTH client states +version bump to 4.0.6 +fixed stddef.h include +fixed encoding rules string +updated todo +fixed some byte-order issues +fixed HAVE_BACKTRACE checks +starter Makefile now uses proper $(COMPILE) to build pluto objects +made backtrace() calls optional to support uClibc +XAUTH support +XAUTH support +fixed bug in ifdef CISCO_QUIRKS +added XAUTH support +support of Cisco Unity VID +added new VIDs +version bump to 4.0.6 +fixed case with wildcard peer ID and static peer address +added simple script to port trunk changes into branches +start kdevelop with project file from actual branch +updated changelog +fixed typos + + + strongswan-4.0.5 / R:1447 +=========================== + +fixed typos +improved selection of ipsec status|statusall +fixed NEWS (runtime debug level options) +fixed credits +fixed very old bug in linked_list's remove_first and remove_last +proper "ipsec up" signal handling when initiating to %any +removed iterator hook for replace +fixed output of proto/port selectors +cosmetics +due to console logging, no need for final sleep anymore +adapted checks to changed ipsec status output +due to narrowing no need for rightsubnetwithin +no need to send certreq +fixed ipsec status|statusall +log IKE SPIs on a separate line +redesigned formatting of ipsec status|statusall +cosmetics +version bumps of strongSwan, Linux kernel and Gentoo root file system +corrected description +added dpd-hold scenario +added new features +fixed 64 bit issue +solved 64 bit issue by changing long to int +solved 64 bit issue in push/pop stroke interface +fixed 64 bit issue +some fixes for doxygen +better split up of library files "types.h" & "definitions.h" +centralized all printf specifier character definitions +reuse of arginfo handlers +more cleanups +fixed more AMD64 issues +added DEBUG_LEVEL compile flag to exclude DBGn() statements +added nodebug configure script without any debug messages and without -g +preparations to include certreqs in policy decisions +do not sent certreq payloads when the peer is known to use PSK +position of (myself) moved in log output +do not sent certreq payloads when using self-signed certs +moved (myself) in log output +moved typedefs to beginning of files to solve some include problems +splitted authenticator to have a separate implementation for each auth_method_t +using va_copy to clone va_lists, should fix proplems on AMD64 +some other cleanups +do not sanitize '*' character +fixed SIGSEGV when setup of an additional CHILD_SA fails +added IKEv2 clarifications RFC +changed debug level of certreq log output +cosmetics in debug output +support of certreq payload in IKE_AUTH messages +chunk_to_hex() function declaration deleted +added function certreq_payload_create_from_x509() +send a certreq as initiator if other_ca is set +added method get_ca_certificate() +added methods get_my_ca() and get_other_ca() +added methods get_my_ca() and get_other_ca() +added some missing 'AUD' entries +cosmetics +cosmetics +change due to change debug output +spaces should not be sanitized +fixed due to new logging concept +some improvements in signaling code +include only source NATD payloads really needed +updated for NAT team +improved signal handling and emitting +support of ModeCfg Push mode +support of mixed RSA/PSK static connections +support of ipsec statusall in state output +output of 'DPD active' in ISAKMP SAs +support of ipsec statusall in state output +added natip support +added has_natip flag +added ModeCfg push policy and states +added ModeCfg push policy and states +fixed typo in debug statement +redesigned list output format +added 'modeconfig=pull|push' and 'left|rightnatip' keywords +added has_natip flag +added has_natip flag +added 'exit' statement in listcerts,.. case +fixed two bugs in the time_t and chunk_ct print functions +redesigned format of print function +replaced 'times' by 'dates' +added private flag to asn1_init +added private flag to asn1_ctx_t +removed DES-EDE3-CBC only comment +removed deprecated iterator methods (has_next & current) +added iterator hook to manipulate iterator the clean way +linked list cleanups +added list methods invoke(), destroy_offset(), destroy_function() +simplified list destruction when destroying its items +added verbosity level to stroke +upgrade to new Gentoo root file system and tcpdump command +added +deleted +renamed ikev1 scenario and added ikev2 scenario +added new scenarios +Version bumps of UML kernel, Gentoo root file system and strongSwan release +code cleanups in printf handlers +added eap authentication draft for ikev2 +updated stroke to allow run-time manipulation of debug levels +added charondebug config parameter to set debug level at startup +introduced new logging subsystem using bus: + passive listeners can register on the bus + active listeners wait for signals actively + multiplexing allows multiple listeners to receive debug signals + a lot more... +updated file filter for kdev project +include CREDITS file in distribution +moved various scripts in scripts/ dir +add configure script wrappers +removed txt files from doxygen +removed module tests, outdated. We need something more system-test like +added missing -DDEBUG compile option +fixed auxillary message data parsing for IPV6 socket +using SOL_* constants for socket level +fixed IPV6_PKTINFO setsockopt() to work with most kernel headers +replaced strerror(errno) with %m printf specifier +added stronger certs for moon, carol, and dave +added IPv6 hw and multicast addresses +adapted to new tcpdump ipv6 output +multi-level-ca scenarios use unencrypted private key +added scenario +fixed timing +new gentoo root file system +fixed bug with openldap 2.3 +removed ipsec.conf version information +carolKey.pem is now protected by 3DES passphrase +updated net runlevel scripts +updated net init scripts +new net configuration format +HW addresses must be predefined +cosmetics +added USE_LIBCURL +cosmetics +found libraries are not appended to LIBS anymore +version bump to 4.0.5 +fixed DPD to survive IKE_SA rekeying +introduced printf() specifiers for: + host_t (%H) + identification_t (%D) + chunk pointers (%B) + memory pointer/length (%b) +added a signaling bus: + receives event and debug messages, sends them to its listeners + stream_logger, sys_logger, file_logger added, listen to bus +some other tweaks here and there +added often used RFCs and drafts +DES for private key encryption is not supported +updated NEWS and ChangeLog for 4.0.4 release +fixed retransmission policy for responder +fixed dpd for responder +added ID_ANY check to matches_binary() +replaced 'missing value' warning by zero length chunk_t value +defined maximum hash size +support of AES-192-CBC private key encryption +added hostaccess support +added hostaccess support +moved auth_method to policy +added hostaccess support +added hostaccess support +more consistent authentication logging +added hostaccess support +moved auth_method to policy +moved auth_method to policy +added hostaccess support; moved auth_method to policy +added hostaccess support +added hostaccess support +added new test scenarios +fixed some compiler warnings + + + strongswan-4.0.4 / R:1289 +=========================== + +fixed some compiler warnings +extended statusall output + added job/event-queue statistics + added allocation statistics when using LEAK_DETECTIVE +fixed include typo +public declaration of all HASH_SIZEs in hasher.h +support of encrypted private key files +added copyright notice to sha2_hasher +included SHA2 in build process +implemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512 +added support for 3DES encryption algorithm in IKE +fixed the ids parsing bug +fixed the ids parsing bug +updated TODOs +fixed memleak +fixed proper handling of id parsing errors +proper return value when no PSK found +added HOST_ACCESS for firewall script as default +more debugging output for PSK authentication +some cleanups here and there +added auth_method field +added auth_method field +cosmetics +verify_emsa_pkcs1_signature returns status_t +cosmetics +added PSK support +enabled firewall support +proper error handling for socket creation +handle certificate parsing error more generous +fixed certificate verification bug! +fixed memleak when receiving invalid certificate +version bump to 4.0.4 +version bump to 4.0.4 +two new test scenarios +fixed path to images directory +implemented updown script to handle firewalling +add priority management for kernel policy +let ROUTED policies installed, until manuall removed +introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs +ike_sa_manager cleanups +implemented handling of dpdaction and dpddelay ipsec.conf parameters +reuse reqid when a ROUTED child_sa gets INSTALLED +fixed a bug in retransmission code +added support for the "keyingtries" ipsec.conf parameter +added support for the "dpddelay" ipsec.conf parameter +done some work for "dpdaction" behavior +some other cleanups and fixes +fixed a at-least-one-year-old bug which caused crashed in the scheduler +added raw socket filter for IPv6 +implemented NAT detection for IPv6 +removed unneeded constructor +initial support for IPv6 (more testing needed) + socket works (without v6 filter) + traffic selector handle IPv4/v4 cleanly + improvements in traffic selector code + kernel interface accepts v6 traffic selectors and hosts + host_t class has full IPv6 support +added stddef.h include for compilers which do not support the offsetof() directive +moved interface enumeration code to socket, where it belongs +query interfaces every time we need it to respect changes in network config +added address listing on startup and "ipsec statusall" +version bump of UML kernel to 2.6.17.11 +fixed crash bug when doing "ipsec down" with an unknown connection +added name property in CHILD_SA, allows proper status output +fixed bug which prevented port float when nat is detected +version bumps +'sha' and 'sha1' are now treated as synonyms +updated Changelog and other docs + + + strongswan-4.0.3 / R:1235 +=========================== + +fixed rekeying behavior when proposing an inacceptable DH group (INVALID_KE_PAYLOAD) +implement proper handling of most simultaneous IKE_SA rekeying cases +version bump to 4.0.3 +implemented proper refcounting using atomic operations +implemented IKE_SA rekeying + uses ikelifetime, rekeymargin and rekeyfuzz config settings + no handling of simultaneus exchanges yet! +added possibility to route CHILD_SAs, without to set them up + support for auto=route parameter + support for ipsec route and ipsec unroute + initiating of CHILD and/or IKE_SAs based on kernel acquires +reuse an existing IKE_SA to set up additional CHILD_SAs +introduced refcounting on policy and connections + aren't stored in the IKE_SA anymore, they are queried on the fly + are immutable now, allows it to share them +policy selection based on traffic selectors, leads to valid lookup results + rekeying queries the policy based on its traffic selectors +cleanups in kernel interface code +added proper traffic selector to string conversion +some cleanups here & there +X.509 certificate trust path verification +added +fixed UDP decapsulation by adding inbound bypass policy for send socket +updated mixed tests to new charon output +corrected DPD entry +reenabled module tests for charon +fixed bug which erroneously detected KE payload when rekeying +added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT +improved logging on verify errors for some payloads +enforcing IKE_SA shutdown, even when transactions are outstanding +proper reject of CREATE_CHILD_SA message with KE payload +added test cases from NAT team +updated all IKEv2 tests to work with new status output +added tcpdumpcount function from NATT guys +added possibility to mount the strongswan tree into all UMLs +added script for installing from shared tree in all UMLs +added script to shut down all UMLs properly +removed in favour of tests from NAT team +fixed CREATE_CHILD_SA transaction dispatching +added CHILD_SA states, which allows us to detect further simultaneous transactions +reimplemented the buggy message id handling +updated some inline docs +fixed crypter/signer in/out to conform with standard +fixed payload order +added message id logging +added all currently known notify payload types +added policy cache to kernel interface + allows refcounting of multiple installed policies + finally brings us stable simultaneous rekeying +leak detective blanks memory on free & alloc, allows further membug detection +code cleanups +identification_t.matches() supports multiple wildcard counts +identification_t.matches() supports multiple wildcard counts +further work done for simultaneous rekeying/delete + still some cases which cause trouble +fixed compiler warnings in parser when using -O2 +reenabled check_expiry +updated copyright information +reimplemented CHILD_SA rekeying & delete + no simultanous transaction with CHILD_SAs yet! +removed NAT_TRAVERSAL and VIRTUAL_IP compile options +removed NAT_TRAVERSAL compile option +removed NAT_TRAVERSAL and VIRTUAL_IP compile options +added +updated NEWS +added support for leftprotoport and rightprotoport +improved CHILD_SA output for "ipsec statusall" +updated whitelist (getprotobynumber) +redesigned IKE_SA using a transaction mechanism: + removed old state machine + reimplemented IKE_SA setup and delete + implemented dead peer detection + implemented keep-alives + a lot of fixes + no rekeying yet +fixed compiler warnings +made thread ids unsigned again, to avoid negative thread ids on some systems +fixed memleak when initiating a connection already up +updated leak detective whitelist +applied latest NATT patch with some fixes and cleanups +test currently without firewall +added +added +added +removed +removed version information from ipsec.conf +log entries start with lowcercase character +restored lost IKEv2 packet suppression +added USE_LEAK_DETECTIVE option +fixed natd_hash memory leak +tests with subdirectory structure +removed tests +introduced subdirectory structure +support of cert payloads +lowercase log entries +distributed by ITA +added support of updown parameter +generation of default key +cosmetics +added support of updown parameter +version bump to 4.0.2 +added X.509 trust chain verification +version bump to 4.0.2 +ESP packet size changed +fixed bad_proposal_syntax bug +updated ingorelist for stroke_keywords.c +applied new changes from NATT team + DPD only done when no IPsec and IKE traffic processed + minor changes here and there +some message code cleanups +fixed identification_t clone to apply function pointers +cleaner error handling on UDP encapsultion sockopt failure +added mysterious UDP encapsulation socket option to get encapsulation working +fixed BAD_PROPOSAL_SYNTAX vulnerability +first merge of NATT code +fixed testing build +updated for 4.0.1 release +updated news for 4.0.1 release +fixed whitelist detection + + + strongswan-4.0.1 / R:1144 +=========================== + +fixed whitelist detection +reworked function ignore mechanism to not-report whitelist + rather than overriding functions +fixed execv call args to work when using strictcrl and syslog +fixed bug: usage of already freed mem +readded local_credential_store +added sendcert policy to connection +some other cleanups +implemented rereadcrls rereadcacerts +implemented rereadcrls rereadcacerts +implemented rereadcrls rereadcacerts +removed local_credential_store +fixed SPI when acting as initiator of rekeying +fixed SPI when rekeying and deleting CHILD_SAs +change key derivation order to fullfill RFC +added crl support +added listcrls +added chunk_equals_or_null() +added crl support +changed tabs from 8 to 4 spaces +added crl support +cosmetics +cosmetics (space) +fixed compilation error +updated for release +fixed aes code, we support now aes128, aes192, aes256 in IKE +added support for "ike" and "esp" keywords +fixed bugs in proposal code +algorithm selection for charon works now with ipsec.conf +a lot of other fixes +implemented clean spi allocation behavior when using multiple proposals +fixed logleve(l) keyword typo +handling of "rekey=no" parameter added +changed default algorithms to: + ike: aes128-sha-modp2048 + esp: aes128-sha1, 3des-md5 +added default CRL directory path +added strictcrlpolicy command line argument +added option parsing +added local CRLs +added rekeying parameters +corrected some descriptions +moved RSA key size constraints to definitions.h +fixed down keyword +debug and logging improvements +support for stroke listcerts|listcacerts|listcrls|listall +support for stroke listcerts|listcacerts|listall and left|rightca= +gperf creates optimum hash table for stroke keywords +using same reqid if a child sa rekeys an existing one +NULL string argument is treated as %any +add_certificate() now returns pointer to added cert +cosmetics +single tests now start up faster +workaround for peers rekeying at the same time +loading lifetime policies from ipsec.conf +old child_sa gets deleted after rekeying +rekeying almost complete, but: + IKE_SA get in an invalid state when both initiate rekeying at the same time, +corrected type +improved kernel interface logging +fixed clone/destroy behavior when not using CAs +specifying keysize in bits, as it is required in IKEv2 +added generic kernel SA algorithm handling, which brings us: + aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs +added support for leftsendcert= and left|rightca= parameters +discard cert if CA basic constraints flag is not set and warn if cert is not valide +added public methods is_ca() and is_valid() +changed ASN.1 CONTROL log output to LEVEL2 +cosmetics +removed unused Makefile +stroke.h requires libstrongswan/types.h +fixed compile warnings when using -Wall +further CHILD_SA rekeying work done: + creation of a new CHILD_SA on a expire from a kernel works + delete of old CHILD_SA still missing + some issues when both initiate rekeing +updated INSTALL to conform with autotools +added a short HACKING introduction +further work for rekeying: + get liftimes from policy + added new state + initiation of rekeying done +proposal redone: + removed support for AH+ESP proposals +proper leak detective hook for realloc +excluded pthread_setspecific from leak detective +fixed a memleak +cosmetics +ipv6-host2host scenario added +created IPv6 environment +job management: + moved job code from thread_pool to job, jobs have an "execute" method now + added two new jobs: delete_child_sa & rekey_child_sa +kernel interface: + listens now for ACQUIRE & EXPIRE + supports hard and soft lifetimes + fires jobs for delete and rekey child sa +ike sa manager: + can checkout IKE SAs by requid of owned CHILD SAs +we have now the infrastructure to do the rekeying... :-) +fixed some memleaks/freebugs +leak detective works almost usable now (?!) +added host2host test for ikev2 +fixed host-host tunnel traffic selection, host-host works now +bug fixed circumventing an assertion in delete_connection when ikev1 is not set +minimized prefixed on stroke logger output +charon outputs strongSwan version +tests with subjectAltNames now +fixed event queue for events >36min +included charons module tests to build & dist +full support of ikev1 and ikev2 connection flags +cosmetics in log_status output +use of streq +added testing files to dist + required the use of the "ustar" format to support + filenames longer than 99 chars +lookup of private key based on keyid of public key +new functions to add certificates and retrieve private and public keys +changed log level +list ca certificates +computation of SHA-1 hash over publicKeyInfo object +moved abbreviated thread_id in front of brackets +added has_key parameter to log_certificates() +log_certificates() now shows keyid and availability of matching private key +indented loaded file log entry +moved TIMETOA_BUF definition to types.h +moved TIMETOA_BUF definition from asn1.h +define default CA_CERTIFICATE_DIR +load all ca certificates +fixed daemon destruction order to prevent + crashes on termination +fixed memleak when deleting a connection +updated todo list +policies contain a connections name now + used for initiate and delete +connections won't get initiated twice anymore +deleting of connections is now possible, which allows us to use + ipsec update and ipsec reload +changed iterator->remove behavior +ipsec up|down|route|delete require a connection name +stroke now uses constant size string buffer +changed to standard connection log output +reworked parsing and matching of subjectAltNames +added memeq() macro +moved timetoa() from asn1.c to types.c +corrected type +some logging improvements and cosmetics +handle IKE_SA setup without a piggy-packed CHILD_SA + more IKEv2 conform +initiate IKE_SA deletion befor manager destruction +improved code of chunk_equals +added streq() macro and defined default BUF_LEN +typo +build gets perl and gperf from configure now +moved built sources to maintainer-clean +show connection templates in status & statusall +don't complain on termination of IKEv1 connections +updated ipsec.conf manual to reflect actual state of + keyexchange-parameter +using hubs instead of switches, which allows us + to sniff the traffic from the host system. +changed config load strategy: + starter loads both connections in charon & pluto, + charon ignores anything with keyexchange!=ikev2. + pluto needs the same behavior. + changed build order to fix build error after distclean +load_end_certificate() now loads certificates +cosmetics +moved definition of generalNames_t to identification.h; initialized subjectKeyID, authKeyID and authKeySerialNumber +moved definition of generalNames_t to identification.h +corrrected description +reimplemented proper IKE SA deletion using a seperate state, + should conform now to IKEv2 +fixed build when using --enable-leak-detective +added removed files to svn:ignore +fixed bug in pluto/Makefile.am +removed perl-generated oid.c/h from svn, + added them to "dist" and "distclean" +removed lex, yacc and gperf output from svn, + added them to "dist" and "distclean" +storing release revision in svn property "release-revision", because I forget it all the times +fixed ignorelist, should work now +added ingorelist for builded files +re-added doxygen apidoc, buildable with "make apidoc" +added missing ipsec.conf.5 to distribution :-/ +fixed another typo +added missing ipsec.conf ipsec.conf.5 +existing ipsec.conf won't get overwritten anymore +fixed typo in Makefile which corrupted the build +applied patch from the NAT-T team fixing several typos +applied patch from andreas, which allows certificate listing via stroke +added ipsec.conf template and man page back +removed old Makefiles +added new strongswan KDevelop project & startup hack +fixed Revision in changelog fo 4.0.0 +started ChangeLog +simple script for ChangeLog update via "svn log" +fixed compliation error using --enable-smartcard +added test for ikev1-ikev2 mixed mode +added test ikev2 roadwarrior scenario +applied andreas's patch + logger output improvements + testin gupdates + and a lot more +updated testsuite to autotools +added random source ./configure options +fixed default-pkcs11 option +testcommit +fixed errors when --enable-pkcs11 +added autogen script +introduced autotools + first working version + make dist should work + things to do: + UML testing! + more cleanups +fixed build +started to rebuild source layout +fixed stroke error output to starter +using random SPIs now, but without collision checks +applied some -W's from strongswan +fixed that warnings +removed IKEV2 ifdefs +applied patch from andreas + added charonstart option to config + new ikev2 tests for UML + + strongSwan-4.0.0 / R:967 +========================== + +removed IKEV2 ifdefs +applied patch from andreas + added charonstart option to config + new ikev2 tests for UML +applied patch from andreas + pem loading + secrets file parsing + ikev2 testcase + some other additions here and there +connection termination is handled cleanly by name now +fixed bad bug, certs load now cleanly again +fixed make install (subdir order) +fixed include path +added missing script +finished initial import of strongswan file tree +removed a lot of old and unused stuff +moved RFCs from ikev2 into doc dir +added missing files for starter +applied patch for charon (this time really) +import of strongswan-2.7.0 +applied patch for charon +renamed get_block_size of hasher +reworked usage of IDs in various states +using ID_ANY for any, not NULL as before +initiator sends IDr payload in IKE_AUTH when ID unique +fixed charon checks +using status & statusall +patch for 2.7.0 +add connection names to connections +stroke status / ipsec status shows them +added statusall for stroke +added status by connection name +some tests repaired, more to come +fixed spi conversion +improved "stroke status" output +setup PID file after daemon initilization, to correctly inform + starter about daemon startup +added separate implementation for connection_store, credential_store, policy_store +added folder structure to config +credentials are fetched solely on IDs now +identification_t supports now almost all id types +x509 certificates work with identification_t now +fixes here, fixes there +fixed doxygen build +seperates now in lib and charon +library initialization done at a central point (library.c) +some leak_detective fixes +updated Todos +fixed log-to-syslog behavior +added patch against strongswan-2.6.4 +x509 certificate loading with pluto asn1 code +x509 needs a lot more attention! +renamed some files +using asn1 pluto stuff now +removed, since we use pluto asn1 stuff +leak detective is usable, but does not show static function names + a script which gets address via ldd and resolves address via addr2line would be nice +fixed a leak in child_sa with new detective ;-) +some improvements to new asn1 stuff +to be continued +fixed bad bugs in kernel interface +added some logging info +works now much more stable +startet importing pluto ASN1 stuff +der PKCS#1 key loading works (as it did with der_decoder) +split up in libstrong, charon, stroke, testing done +new leak detective with malloc hook in library + useable, but needs improvements +logger_manager has now a single instance per library + allows use of loggers from any linking prog +a LOT of other things +../svn-commit.tmp +added misssing stroke.h +improved strokeing + down connection + status +some other tweaks +rewrote a lot of RSA stuff +done major work for ASN1/decoder +allow loading of ASN1 der encoded private keys, public keys and certificates +extracting public key from certificates +passing certificates from stroke to charon +=> basic authentication with RSA certificates works! +starter work on asn1 with der de/encoder +RSA private and public key can load read key from ASN1 DER +some other fixes here and there +rewrite of logger_manager, uses now one instance per context +cleanups for logger here and there +removed critical flag check in payload verification (conformance to IKEv2) +so thats and theres everywere... ;-) +patch for strongswan-2.6.3 +added charon support for strongswan build process +ipsec starter supports charon startup and control +removed old diploma thesis scripts +some cleanups +compatibility to strongswan, Makefile can be called by "make programs" + and "make install" (ikev2 patch must be applied to strongswan) +first version of stroke control utility +moved output to doc/api, since doc is used for other docs now +some first documentation in english +removed old eclipse project files +works quite well now with ipsec.conf & ipsec starter +belongs to previous commit ;-) +reworked configuration framework completly +configuration is now split up in: connections, policies, credentials and daemon config +further alloc/free fixes needed! +first attempt for connection loading and starting via "stroke" +some improvements here and there +configuration_manager replaced by configuration_t interface +current configuration_manager is now static_configuration (testing) +first draft of starter_configuration, which should once interact with ipsec starter (via whack?) +some cleanups +socket_t uses RAW socket, which allows parallel service of pluto/charon +comments and cleanups +working policy installation and removal +fixed policy setup bug +proposal setup implementation begun +fixed socket code, so we know on which address we receive traffic +AH/ESP setup in kernel is working now!!! :-))) +installing of child sa works +need correct IP adresses to actually use IPsec +new RFCs of IKEv2, IKEv2 algs and IPSec arch added +update of IKEv2 clarification document +refactored ike proposal +uses now proposal_t, wich is also used by child proposals +ike key derivation refactored +crypter_t api has get_key_size now +some other improvements here and there +config uses uml hosts alice and bob +key derivation for child_sa works +some fixes here and there +fixed memleaks +works with new proposal code +still some(!) memleaks +fixed alot of bugs in child_proposal +near to working state ;-) +dead end implementation + +... there is a lot more of it, but nothing of interest diff --git a/Doxyfile.in b/Doxyfile.in new file mode 100644 index 000000000..4e7cebb85 --- /dev/null +++ b/Doxyfile.in @@ -0,0 +1,220 @@ +# Doxyfile 1.4.1-KDevelop + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- +PROJECT_NAME = "@PACKAGE_NAME@" +PROJECT_NUMBER = "@PACKAGE_VERSION@" +OUTPUT_DIRECTORY = apidoc +CREATE_SUBDIRS = NO +OUTPUT_LANGUAGE = English +USE_WINDOWS_ENCODING = NO +BRIEF_MEMBER_DESC = YES +REPEAT_BRIEF = YES +ABBREVIATE_BRIEF = +ALWAYS_DETAILED_SEC = NO +INLINE_INHERITED_MEMB = NO +FULL_PATH_NAMES = YES +STRIP_FROM_PATH = +STRIP_FROM_INC_PATH = +SHORT_NAMES = NO +JAVADOC_AUTOBRIEF = YES +MULTILINE_CPP_IS_BRIEF = NO +DETAILS_AT_TOP = YES +INHERIT_DOCS = YES +DISTRIBUTE_GROUP_DOC = NO +TAB_SIZE = 1 +ALIASES = +OPTIMIZE_OUTPUT_FOR_C = NO +OPTIMIZE_OUTPUT_JAVA = NO +SUBGROUPING = YES +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- +EXTRACT_ALL = NO +EXTRACT_PRIVATE = NO +EXTRACT_STATIC = NO +EXTRACT_LOCAL_CLASSES = NO +EXTRACT_LOCAL_METHODS = NO +HIDE_UNDOC_MEMBERS = NO +HIDE_UNDOC_CLASSES = NO +HIDE_FRIEND_COMPOUNDS = NO +HIDE_IN_BODY_DOCS = NO +INTERNAL_DOCS = NO +CASE_SENSE_NAMES = YES +HIDE_SCOPE_NAMES = NO +SHOW_INCLUDE_FILES = YES +INLINE_INFO = YES +SORT_MEMBER_DOCS = YES +SORT_BRIEF_DOCS = NO +SORT_BY_SCOPE_NAME = NO +GENERATE_TODOLIST = YES +GENERATE_TESTLIST = NO +GENERATE_BUGLIST = YES +GENERATE_DEPRECATEDLIST = YES +ENABLED_SECTIONS = +MAX_INITIALIZER_LINES = 30 +SHOW_USED_FILES = YES +SHOW_DIRECTORIES = NO +FILE_VERSION_FILTER = +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- +QUIET = NO +WARNINGS = YES +WARN_IF_UNDOCUMENTED = YES +WARN_IF_DOC_ERROR = YES +WARN_NO_PARAMDOC = NO +WARN_FORMAT = "$file:$line: $text" +WARN_LOGFILE = +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- +INPUT = src/libstrongswan src/charon +FILE_PATTERNS = *.h +RECURSIVE = YES +EXCLUDE = +EXCLUDE_SYMLINKS = NO +EXCLUDE_PATTERNS = +EXAMPLE_PATH = +EXAMPLE_PATTERNS = +EXAMPLE_RECURSIVE = NO +IMAGE_PATH = +INPUT_FILTER = +FILTER_PATTERNS = +FILTER_SOURCE_FILES = NO +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- +SOURCE_BROWSER = NO +INLINE_SOURCES = NO +STRIP_CODE_COMMENTS = NO +REFERENCED_BY_RELATION = NO +REFERENCES_RELATION = NO +VERBATIM_HEADERS = YES +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- +ALPHABETICAL_INDEX = NO +COLS_IN_ALPHA_INDEX = 5 +IGNORE_PREFIX = +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- +GENERATE_HTML = YES +HTML_OUTPUT = . +HTML_FILE_EXTENSION = .html +HTML_HEADER = +HTML_FOOTER = +HTML_STYLESHEET = +HTML_ALIGN_MEMBERS = YES +GENERATE_HTMLHELP = NO +CHM_FILE = +HHC_LOCATION = +GENERATE_CHI = NO +BINARY_TOC = NO +TOC_EXPAND = NO +DISABLE_INDEX = YES +ENUM_VALUES_PER_LINE = 1 +GENERATE_TREEVIEW = YES +TREEVIEW_WIDTH = 250 +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- +GENERATE_LATEX = NO +LATEX_OUTPUT = latex +LATEX_CMD_NAME = latex +MAKEINDEX_CMD_NAME = makeindex +COMPACT_LATEX = NO +PAPER_TYPE = a4wide +EXTRA_PACKAGES = +LATEX_HEADER = +PDF_HYPERLINKS = NO +USE_PDFLATEX = NO +LATEX_BATCHMODE = NO +LATEX_HIDE_INDICES = NO +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- +GENERATE_RTF = NO +RTF_OUTPUT = rtf +COMPACT_RTF = NO +RTF_HYPERLINKS = NO +RTF_STYLESHEET_FILE = +RTF_EXTENSIONS_FILE = +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- +GENERATE_MAN = NO +MAN_OUTPUT = man +MAN_EXTENSION = .3 +MAN_LINKS = YES +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- +GENERATE_XML = NO +XML_OUTPUT = xml +XML_SCHEMA = +XML_DTD = +XML_PROGRAMLISTING = YES +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- +GENERATE_AUTOGEN_DEF = NO +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- +GENERATE_PERLMOD = NO +PERLMOD_LATEX = NO +PERLMOD_PRETTY = YES +PERLMOD_MAKEVAR_PREFIX = +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- +ENABLE_PREPROCESSING = YES +MACRO_EXPANSION = YES +EXPAND_ONLY_PREDEF = NO +SEARCH_INCLUDES = YES +INCLUDE_PATH = +INCLUDE_FILE_PATTERNS = +PREDEFINED = LEAK_DETECTIVE +EXPAND_AS_DEFINED = +SKIP_FUNCTION_MACROS = YES +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- +TAGFILES = +GENERATE_TAGFILE = +ALLEXTERNALS = NO +EXTERNAL_GROUPS = YES +PERL_PATH = /usr/bin/perl +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- +CLASS_DIAGRAMS = YES +HIDE_UNDOC_RELATIONS = YES +HAVE_DOT = NO +CLASS_GRAPH = YES +COLLABORATION_GRAPH = YES +GROUP_GRAPHS = YES +UML_LOOK = NO +TEMPLATE_RELATIONS = NO +INCLUDE_GRAPH = YES +INCLUDED_BY_GRAPH = YES +CALL_GRAPH = NO +GRAPHICAL_HIERARCHY = YES +DIRECTORY_GRAPH = YES +DOT_IMAGE_FORMAT = png +DOT_PATH = +DOTFILE_DIRS = +MAX_DOT_GRAPH_WIDTH = 1024 +MAX_DOT_GRAPH_HEIGHT = 1024 +MAX_DOT_GRAPH_DEPTH = 0 +DOT_TRANSPARENT = NO +DOT_MULTI_TARGETS = NO +GENERATE_LEGEND = YES +DOT_CLEANUP = YES +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- +SEARCHENGINE = NO diff --git a/INSTALL b/INSTALL index ff5b2f80c..72c26929a 100644 --- a/INSTALL +++ b/INSTALL @@ -1,246 +1,175 @@ --------------------------- - strongSwan - Installation + strongSwan - Installation --------------------------- Contents -------- - 1. Required packages - 2. Optional packages - 2.1 libcurl - 2.2 OpenLDAP - 2.3 PKCS#11 smartcard library modules - 3. Building strongSwan with a Linux 2.4 kernel - 4. Updating strongSwan with a Linux 2.4 kernel - 5. Building strongSwan with a Linux 2.6 kernel + 1. Overview + 2. Required packages + 3. Optional packages + 3.1 libcurl + 3.2 OpenLDAP + 3.3 PKCS#11 smartcard library modules + 4. Kernel configuration - -1. Required packages - ----------------- - - In order to be able to build strongSwan you'll need the GNU Multiprecision - Arithmetic Library (GMP) available from http://www.swox.com/gmp/. - - The libgmp library and the corresponding header file gmp.h are usually - included in the form of one or two packages in the major Linux - distributions (SuSE: gmp; Debian unstable: libgmp3, libgmp3-dev). - - -2. Optional packages - ----------------- - -2.1 libcurl - ------- - - If you intend to dynamically fetch Certificate Revocation Lists (CRLs) - from an HTTP server or as an alternative want to use the Online - Certificate Status Protocol (OCSP) then you will need the libcurl library - available from http://curl.haxx.se/. - - In order to keep the library as compact as possible for use with strongSwan - you can build libcurl from the sources with the optimized options - - ./configure --prefix= --without-ssl \ - --disable-ldap --disable-telnet \ - --disable-dict --disable-gopher \ - --disable-debug \ - --enable-nonblocking --enable-thread - - As an alternative you can use the ready-made packages included with your - favorite Linux distribution (SuSE: curl, curl-devel). - - In order to activate the use of the libcurl library in strongSwan you must - set the USE_LIBCURL option in "Makefile.inc": - - # include libcurl support (CRL fetching, OCSP and SCEP) - USE_LIBCURL?=true - - Under Gentoo emerge strongSwan with - - USE="curl -ssl" emerge strongswan - - -2.2 OpenLDAP +1. Overview -------- - If you intend to dynamically fetch Certificate Revocation Lists (CRLs) - from an LDAP server then you will need the libldap library available - from http://www.openldap.org/. - - OpenLDAP is usually included with your Linux distribution. You will need - both the run-time and development environments (SuSE: openldap2, - openldap2-devel). - - In order to activate the use of the libldap library in strongSwan you must - set the USE_LDAP option in "Makefile.inc": + The strongSwan 4.x branch introduces a new build environment featuring + GNU autotools. This should simplify the build process and package + maintenance. + First check for the availability of required packages on your system + (section 2.). You may want to include support for additional features, which + require other packages to be installed (section 3.). + To compile an extracted tarball, run the ./configure script first: - # include LDAP support (CRL fetching) - USE_LDAP?=true + ./configure - Depending upon whether your LDAP server understands the V3 (preferred) or - V2 LDAP protocol, uncomment one ot the two following lines: + You may want to specify some arguments listed in section 3., or see the + available options of the script using "./configure --help". - # Uncomment to enable dynamic CRL fetching using LDAP V3 - LDAP_VERSION=3 - # Uncomment to enable dynamic CRL fetching using LDAP V2 - #LDAP_VERSION=2 + After a successful run of the script, run - The latest OpenLDAP releases use the LDAP V3 protocol, whereas older - versions require LDAP V2. + make - Under Gentoo emerge strongSwan with + followed by - USE="ldap -ssl" emerge strongswan - - -2.3 PKCS#11 smartcard library modules - --------------------------------- - - If you want to securely store your X.509 certificates and private RSA keys - on a smart card or a USB crypto token then you will need a PKCS #11 library - for the smart card of your choice. The OpenSC PKCS#11 library (use - versions >= 0.9.4) available from http://www.opensc.org/ supports quite a - selection of cards and tokens (e.g. Aladdin eToken Pro32k, Schlumberger - Cryptoflex e-gate, Oberthur AuthentIC, etc.) but requires that a PKCS#15 - directory structure be present on the smart card. But in principle - any other PKCS#11 library could be used since the PKCS#11 API hides the - internal data representation on the card. - - For USB crypto token support you must add the OpenCT driver library - (version >= 0.6.2) from the OpenSC site, whereas for serial smartcard - readers you'll need the pcsc-lite library and the matching driver from the - M.U.S.C.L.E project http://www.linuxnet.com/ . - - In order to activate the PKCS#11-based smartcard support in strongSwan - you must set the USE_SMARTCARD option in "Makefile.inc": - - #include PKCS11-based smartcard support - USE_SMARTCARD?=true - - During compilation no externel smart card libraries must be present. - strongSwan directly references a copy of the standard RSAREF pkcs11.h - header files stored in the pluto/rsaref sub directory. During compile - time a pathname to a default PKCS#11 dynamical library can be specified - in "Makefile.inc" - - # Uncomment this line if using OpenSC <= 0.9.6 - #PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\" - # Uncomment tis line if using OpenSC >= 0.10.0 - PKCS11_DEFAULT_LIB=\"usr/lib/opensc-pkcs11.so\" - - This default path to the easily-obtainable OpenSC library module can be - simply overridden during run-time by specifying an alternative path in - ipsec.conf pointing to any dynamic PKCS#11 library of your choice. - - config setup - pkcs11module="/usr/lib/xyz-pkcs11.so" + make install - Under Gentoo emerge strongSwan with + in the usual manner. - USE="smartcard usb -pam -X" emerge strongswan + To check if your kernel fullfills the requirements, see section 4. + Next add your connections to "/etc/ipsec.conf" and your secrets to + "/etc/ipsec.secrets". Connections that are to be negotiated by the new + IKEv2 charon keying daemon should be designated by "keyexchange=ikev2" and + those by the IKEv1 pluto keying daemon either by "keyexchange=ikev1" or + the default "keyexchange=ike". -3. Building strongSwan with a Linux 2.4 kernel - ------------------------------------------- + At last start strongSwan with - * Building strongSwan with a Linux 2.4 kernel requires the presence of the - matching kernel sources referenced via the symbolic link /usr/src/linux. - The use of the vanilla kernel sources from ftp.kernel.org is strongly - recommended. + ipsec start - Before building strongSwan you must have compiled the kernel sources at - least once: - make menuconfig; make dep; make bzImage; make modules +2. Required packages + ----------------- - * Now change into the strongswan-2.x.x source directory. + In order to be able to build strongSwan you'll need the GNU Multiprecision + Arithmetic Library (GMP) available from http://www.swox.com/gmp/. At least + version 4.1.5 of libgmp is required. - First select any desired compile options in "Makefile.inc" (see section 2. - Optional packages). Then in the top source directory type + The libgmp library and the corresponding header file gmp.h are usually + included in the form of one or two packages in the major Linux + distributions (SuSE: gmp; Debian unstable: libgmp3, libgmp3-dev). - make menumod - This command applies an ESP_IN_UDP encapsulation patch which is required - for NAT-Traversal to the kernel sources. +3. Optional packages + ----------------- - In the "Networking options" menu set +3.1 libcurl + ------- - IP Security Protocol (strongSwan IPsec) + If you intend to dynamically fetch Certificate Revocation Lists (CRLs) + from an HTTP server or as an alternative want to use the Online + Certificate Status Protocol (OCSP) then you will need the libcurl library + available from http://curl.haxx.se/. - in order to build KLIPS as a loadable kernel module "ipsec.o". Do not - forget to save the modified configuration file when leaving "menumod". + In order to keep the library as compact as possible for use with strongSwan + you can build libcurl from the sources with the optimized options - The strongSwan userland programs are now automatically built and - installed, whereas the ipsec.o kernel module and the crypto modules - are only built and must be installed with the command + ./configure --prefix= --without-ssl \ + --disable-ldap --disable-telnet \ + --disable-dict --disable-gopher \ + --disable-debug \ + --enable-nonblocking --enable-thread - make minstall + As an alternative you can use the ready-made packages included with your + favorite Linux distribution (SuSE: curl, curl-devel). - * If you intend to use the NAT-Traversal feature then you must compile the - patched kernel sources again by executing + In order to activate the use of the libcurl library in strongSwan you must + enable the ./configure switch: - make bzImage + ./configure [...] --enable-http - and then install and boot the modified kernel. - * Next add your connections to "/etc/ipsec.conf" and your secrets to - "/etc/ipsec.secrets" and start strongSwan with +3.2 OpenLDAP + -------- - ipsec start + If you intend to dynamically fetch Certificate Revocation Lists (CRLs) + from an LDAP server then you will need the libldap library available + from http://www.openldap.org/. + OpenLDAP is usually included with your Linux distribution. You will need + both the run-time and development environments (SuSE: openldap2, + openldap2-devel). -4. Updating strongSwan with a Linux 2.4 kernel - ------------------------------------------- + In order to activate the use of the libldap library in strongSwan you must + enable the ./configure switch: - * If you have already successfully installed strongSwan and want to update - to a newer version then the following shortcut can be taken: + ./configure [...] --enable-ldap - First select any desired compile options in "Makefile.inc" (see section 2. - Optional packages). Then in the strongwan-2.x.x top directory type + LDAP Protocl version 2 is not supported anymore, --enable-ldap uses always + version 3 of the LDAP protocol - make programs; make install - followed by +3.3 PKCS#11 smartcard library modules + --------------------------------- - make module; make minstall + If you want to securely store your X.509 certificates and private RSA keys + on a smart card or a USB crypto token then you will need a PKCS #11 library + for the smart card of your choice. The OpenSC PKCS#11 library (use + versions >= 0.9.4) available from http://www.opensc.org/ supports quite a + selection of cards and tokens (e.g. Aladdin eToken Pro32k, Schlumberger + Cryptoflex e-gate, Oberthur AuthentIC, etc.) but requires that a PKCS#15 + directory structure be present on the smart card. But in principle + any other PKCS#11 library could be used since the PKCS#11 API hides the + internal data representation on the card. - * You can then start the updated strongSwan version with + For USB crypto token support you must add the OpenCT driver library + (version >= 0.6.2) from the OpenSC site, whereas for serial smartcard + readers you'll need the pcsc-lite library and the matching driver from the + M.U.S.C.L.E project http://www.linuxnet.com/ . - ipsec restart + In order to activate the PKCS#11-based smartcard support in strongSwan + you must enable the smartcard ./configure switch: + ./configure [...] --enable-smartcard -5. Building strongSwan with a Linux 2.6 kernel - ------------------------------------------- + During compilation no externel smart card libraries must be present. + strongSwan directly references a copy of the standard RSAREF pkcs11.h + header files stored in the pluto/rsaref sub directory. During compile + time a pathname to a default PKCS#11 dynamical library can be specified + with a ./configure flag: - * Because the Linux 2.6 kernel comes with a built-in native IPsec stack, - you won't need to build the strongSwan kernel modules. Please make sure - that the the following Linux 2.6 IPsec kernel modules are available: + ./configure --enable-smartcard --with-default-pkcs11=/path/to/lib.so - o af_key - o ah4 - o esp4 - o ipcomp - o xfrm_user - o xfrm4_tunnel - - Also the built-in kernel Cryptoapi modules with selected encryption and - hash algorithms should be available. + This default path to the easily-obtainable OpenSC library module can be + simply overridden during run-time by specifying an alternative path in + ipsec.conf pointing to any dynamic PKCS#11 library of your choice. - * First select any desired compile options in "Makefile.inc" (see section 2. - Optional packages). Then in the strongwan-2.x.x top directory type + config setup + pkcs11module="/usr/lib/xyz-pkcs11.so" - make programs - followed by +4. Kernel configuration + -------------------- - make install + The strongSwan 4.x series currently support only 2.6 kernels and its + native IPsec stack. Please make sure that the following IPsec kernel + modules are available: - * Next add your connections to "/etc/ipsec.conf" and your secrets to - "/etc/ipsec.secrets" and start strongSwan with + o af_key + o ah4 + o esp4 + o ipcomp + o xfrm_user + o xfrm4_tunnel - ipsec start + These may be built into the kernel or as modules. Modules get loaded + automatically at strongSwan startup. ------------------------------------------------------------------------------ + Also the built-in kernel Cryptoapi modules with selected encryption and + hash algorithms should be available. -This file is RCSID $Id: INSTALL,v 1.11 2006/05/19 06:44:17 as Exp $ diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 1dc0f01f0..000000000 --- a/LICENSE +++ /dev/null @@ -1,33 +0,0 @@ -Except for the DES library, MD2 and MD5 code, the PKCS#11 headers, and -linux/net/ipsec/radij.c this software is under the GNU Public License, -see the file COPYING. - -See the file CREDITS for details on origins of more of the code. - -The DES library is under a BSD style license, see - linux/crypto/ciphers/des/COPYRIGHT. -Note that this software has a advertising clause in it. - -The MD2 implementation is from RSA Data Security Inc., so this package must -include the following phrase: "RSA Data Security, Inc. MD2 Message Digest -Algorithm" It is not under the GPL; see details in programs/pluto/md2.c. - -The MD5 implementation is from RSA Data Security Inc., so this package must -include the following phrase: "derived from the RSA Data Security, Inc. -MD5 Message-Digest Algorithm". It is not under the GPL; see details in -linux/net/ipsec/ipsec_md5c.c. - -The PKCS#11 header files in programs/pluto/rsaref/ are from RSA Security Inc., -so they must include the following phrase: "RSA Security Inc. PKCS#11 -Cryptographic Token Interface (Cryptoki)". The headers are not under the GPL; -see details in programs/pluto/rsaref/pkcs11.h. - -The linux/net/ipsec/radij.c code is derived from BSD 4.4lite code -from sys/net/radix.c. - -In addition to the terms set out under the GPL, permission is granted to -link the software against the libdes, md5c.c, and radij.c libraries just -mentioned. - - - diff --git a/Makefile b/Makefile deleted file mode 100644 index 9027df9fe..000000000 --- a/Makefile +++ /dev/null @@ -1,602 +0,0 @@ -# FreeS/WAN master makefile -# Copyright (C) 1998-2002 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.6 2006/11/22 05:47:11 as Exp $ - - -FREESWANSRCDIR=$(shell pwd) -export FREESWANSRCDIR - -include Makefile.inc - - - -PATCHES=linux -# where KLIPS goes in the kernel -# note, some of the patches know the last part of this path -KERNELKLIPS=$(KERNELSRC)/net/ipsec -KERNELCRYPTODES=$(KERNELSRC)/crypto/ciphers/des -KERNELLIBFREESWAN=$(KERNELSRC)/lib/libfreeswan -KERNELLIBZLIB=$(KERNELSRC)/lib/zlib -KERNELLIBCRYPTO=$(KERNELSRC)/lib/libcrypto -KERNELINCLUDE=$(KERNELSRC)/include -KERNELALG=$(KERNELKLIPS)/alg - -MAKEUTILS=packaging/utils -ERRCHECK=${MAKEUTILS}/errcheck -KVUTIL=${MAKEUTILS}/kernelversion -KVSHORTUTIL=${MAKEUTILS}/kernelversion-short - -# kernel details -# what variant of our patches should we use, and where is it -KERNELREL=$(shell ${KVSHORTUTIL} ${KERNELSRC}/Makefile) - -# directories visited by all recursion -SUBDIRS=lib programs linux - -# declaration for make's benefit -.PHONY: def insert kpatch klink klibcryptolink patches _patches _patches2.2 _patches2.4 \ - klipsdefaults programs install clean distclean \ - ogo oldgo menugo xgo \ - omod oldmod menumod xmod \ - pcf ocf mcf xcf rcf nopromptgo \ - precheck verset confcheck kernel module kinstall minstall \ - backup unpatch uinstall install_file_list \ - snapready relready ready buildready devready uml check taroldinstall \ - umluserland - - -# dummy default rule -def: - @echo "Please read doc/intro.html or INSTALL before running make" - @false - -# everything that's necessary to put Klips into the kernel -insert: patches klink klipsdefaults - -kpatch: unapplypatch applypatch klipsdefaults - -unapplypatch: - -if [ -f ${KERNELSRC}/freeswan.patch ]; then \ - echo Undoing previous patches; \ - cat ${KERNELSRC}/freeswan.patch | (cd ${KERNELSRC} && patch -p1 -R --force -E -z .preipsec --reverse --ignore-whitespace ); \ - fi - -applypatch: - echo Now performing forward patches; - make kernelpatch${KERNELREL} | tee ${KERNELSRC}/freeswan.patch | (cd ${KERNELSRC} && patch -p1 -b -z .preipsec --forward --ignore-whitespace ) - -kdiff: - echo Comparing ${KERNELSRC} to ${FREESWANSRCDIR}/linux. - packaging/utils/kerneldiff ${KERNELSRC} - -# create KERNELKLIPS and populate it with symlinks to the sources -klink: - -[ -L $(KERNELKLIPS)/ipsec_init.c ] && rm -rf ${KERNELKLIPS} - -[ -L $(KERNELCRYPTODES)/cbc_enc.c ] && rm -rf ${KERNELCRYPTODES} - -[ -L $(KERNELLIBFREESWAN)/subnettoa.c ] && rm -rf ${KERNELLIBFREESWAN} - -[ -L ${KERNELLIBZLIB}/deflate.c ] && rm -rf ${KERNELLIBZLIB} - -[ -L ${KERNELINCLUDE}/freeswan.h ] && for i in linux/include/*; do rm -f ${KERNELINCLUDE}/$$i; done - -[ -L $(KERNELALG)/Makefile ] && rm -rf $(KERNELALG) - -[ -L $(KERNELLIBCRYPTO) ] && rm -f $(KERNELLIBCRYPTO) - mkdir -p $(KERNELKLIPS) - mkdir -p $(KERNELCRYPTODES) - mkdir -p $(KERNELLIBFREESWAN) - mkdir -p $(KERNELLIBZLIB) - mkdir -p $(KERNELALG) - $(KLIPSLINK) `pwd`/Makefile.ver $(KERNELKLIPS) - $(KLIPSLINK) `pwd`/linux/include/* $(KERNELINCLUDE) - $(KLIPSLINK) `pwd`/linux/net/ipsec/Makefile* $(KERNELKLIPS) - $(KLIPSLINK) `pwd`/linux/net/ipsec/Config.in $(KERNELKLIPS) - $(KLIPSLINK) `pwd`/linux/net/ipsec/defconfig $(KERNELKLIPS) - $(KLIPSLINK) `pwd`/linux/net/ipsec/*.[ch] $(KERNELKLIPS) - $(KLIPSLINK) `pwd`/linux/net/ipsec/alg/Makefile* $(KERNELALG) - $(KLIPSLINK) `pwd`/linux/net/ipsec/alg/Config.* $(KERNELALG) - $(KLIPSLINK) `pwd`/linux/net/ipsec/alg/ipsec_alg*.[ch] $(KERNELALG) - $(KLIPSLINK) `pwd`/linux/net/ipsec/alg/scripts $(KERNELALG) - # Each ALGo does it own symlinks - $(KLIPSLINK) `pwd`/lib/libcrypto $(KERNELLIBCRYPTO) - $(KLIPSLINK) `pwd`/linux/lib/zlib/*.[ch] $(KERNELLIBZLIB) - $(KLIPSLINK) `pwd`/linux/lib/zlib/Makefile* $(KERNELLIBZLIB) - $(KLIPSLINK) `pwd`/linux/lib/libfreeswan/*.[ch] $(KERNELLIBFREESWAN) - $(KLIPSLINK) `pwd`/linux/lib/libfreeswan/Makefile* $(KERNELLIBFREESWAN) - $(KLIPSLINK) `pwd`/linux/crypto/ciphers/des/*.[chsS] $(KERNELCRYPTODES) - $(KLIPSLINK) `pwd`/linux/crypto/ciphers/des/Makefile* $(KERNELCRYPTODES) - sed '/"/s/xxx/$(IPSECVERSION)/' linux/lib/libfreeswan/version.in.c >$(KERNELKLIPS)/version.c - -# create libcrypto symlink -klibcryptolink: - -[ -L $(KERNELLIBCRYPTO) ] && rm -f $(KERNELLIBCRYPTO) - $(KLIPSLINK) `pwd`/lib/libcrypto $(KERNELLIBCRYPTO) - -# patch kernel -PATCHER=packaging/utils/patcher - -patches: - @echo \"make patches\" is obsolete. See \"make kpatch\". - exit 1 - -_patches: - echo "===============" >>out.kpatch - echo "`date` `cd $(KERNELSRC) ; pwd`" >>out.kpatch - $(MAKE) __patches$(KERNELREL) >>out.kpatch - -# Linux-2.0.x version -__patches __patches2.0: - @$(PATCHER) -v $(KERNELSRC) Documentation/Configure.help \ - 'CONFIG_IPSEC' $(PATCHES)/Documentation/Configure.help.fs2_0.patch - @$(PATCHER) -v $(KERNELSRC) net/Config.in \ - 'CONFIG_IPSEC' $(PATCHES)/net/Config.in.fs2_0.patch - @$(PATCHER) -v $(KERNELSRC) net/Makefile \ - 'CONFIG_IPSEC' $(PATCHES)/net/Makefile.fs2_0.patch - @$(PATCHER) -v $(KERNELSRC) net/ipv4/af_inet.c \ - 'CONFIG_IPSEC' $(PATCHES)/net/ipv4/af_inet.c.fs2_0.patch -# Removed patches, will unpatch automatically. - @$(PATCHER) -v $(KERNELSRC) include/linux/proc_fs.h - @$(PATCHER) -v $(KERNELSRC) net/core/dev.c - @$(PATCHER) -v $(KERNELSRC) net/ipv4/protocol.c - @$(PATCHER) -v $(KERNELSRC) drivers/net/Space.c - @$(PATCHER) -v $(KERNELSRC) net/netlink.c - @$(PATCHER) -v $(KERNELSRC) drivers/isdn/isdn_net.c - -# Linux-2.2.x version -PATCHES24=klips/patches2.3 -__patches2.2: - @$(PATCHER) -v -c $(KERNELSRC) Documentation/Configure.help \ - 'CONFIG_IPSEC' $(PATCHES)/Documentation/Configure.help.fs2_2.patch - @$(PATCHER) -v $(KERNELSRC) net/Config.in \ - 'CONFIG_IPSEC' $(PATCHES)/net/Config.in.fs2_2.patch - @$(PATCHER) -v $(KERNELSRC) net/Makefile \ - 'CONFIG_IPSEC' $(PATCHES)/net/Makefile.fs2_2.patch - @$(PATCHER) -v $(KERNELSRC) net/ipv4/af_inet.c \ - 'CONFIG_IPSEC' $(PATCHES)/net/ipv4/af_inet.c.fs2_2.patch - @$(PATCHER) -v $(KERNELSRC) net/ipv4/udp.c \ - 'CONFIG_IPSEC' $(PATCHES)/net/ipv4/udp.c.fs2_2.patch - @$(PATCHER) -v $(KERNELSRC) include/net/sock.h \ - 'CONFIG_IPSEC' $(PATCHES)/net/include.net.sock.h.fs2_2.patch -# Removed patches, will unpatch automatically. - @$(PATCHER) -v $(KERNELSRC) include/linux/proc_fs.h - @$(PATCHER) -v $(KERNELSRC) net/core/dev.c - @$(PATCHER) -v $(KERNELSRC) net/ipv4/protocol.c - @$(PATCHER) -v $(KERNELSRC) drivers/net/Space.c - @$(PATCHER) -v $(KERNELSRC) include/linux/netlink.h - @$(PATCHER) -v $(KERNELSRC) net/netlink/af_netlink.c - @$(PATCHER) -v $(KERNELSRC) net/netlink/netlink_dev.c - @$(PATCHER) -v $(KERNELSRC) include/linux/socket.h - @$(PATCHER) -v $(KERNELSRC) drivers/isdn/isdn_net.c - -# Linux-2.4.0 version -PATCHES22=klips/patches2.2 -__patches2.3 __patches2.4: - @$(PATCHER) -v -c $(KERNELSRC) Documentation/Configure.help \ - 'CONFIG_IPSEC' $(PATCHES)/Documentation/Configure.help.fs2_2.patch - @$(PATCHER) -v $(KERNELSRC) net/Config.in \ - 'CONFIG_IPSEC' $(PATCHES)/net/Config.in.fs2_4.patch - @$(PATCHER) -v $(KERNELSRC) net/Makefile \ - 'CONFIG_IPSEC' $(PATCHES)/net/Makefile.fs2_4.patch - @$(PATCHER) -v $(KERNELSRC) net/ipv4/af_inet.c \ - 'CONFIG_IPSEC' $(PATCHES)/net/ipv4/af_inet.c.fs2_4.patch - @$(PATCHER) -v $(KERNELSRC) net/ipv4/udp.c \ - 'CONFIG_IPSEC' $(PATCHES)/net/ipv4/udp.c.fs2_4.patch - @$(PATCHER) -v $(KERNELSRC) include/net/sock.h \ - 'CONFIG_IPSEC' $(PATCHES)/net/include.net.sock.h.fs2_4.patch -# Removed patches, will unpatch automatically. - @$(PATCHER) -v $(KERNELSRC) include/linux/proc_fs.h - @$(PATCHER) -v $(KERNELSRC) net/core/dev.c - @$(PATCHER) -v $(KERNELSRC) net/ipv4/protocol.c - @$(PATCHER) -v $(KERNELSRC) drivers/net/Space.c - @$(PATCHER) -v $(KERNELSRC) include/linux/netlink.h - @$(PATCHER) -v $(KERNELSRC) net/netlink/af_netlink.c - @$(PATCHER) -v $(KERNELSRC) net/netlink/netlink_dev.c - @$(PATCHER) -v $(KERNELSRC) drivers/isdn/isdn_net.c - -klipsdefaults: - @KERNELDEFCONFIG=$(KERNELSRC)/arch/$(ARCH)/defconfig ; \ - KERNELCONFIG=$(KCFILE) ; \ - if ! egrep -q 'CONFIG_IPSEC' $$KERNELDEFCONFIG ; \ - then \ - set -x ; \ - cp -a $$KERNELDEFCONFIG $$KERNELDEFCONFIG.orig ; \ - chmod u+w $$KERNELDEFCONFIG ; \ - cat $$KERNELDEFCONFIG $(KERNELKLIPS)/defconfig \ - >$$KERNELDEFCONFIG.tmp ; \ - rm -f $$KERNELDEFCONFIG ; \ - cp -a $$KERNELDEFCONFIG.tmp $$KERNELDEFCONFIG ; \ - rm -f $$KERNELDEFCONFIG.tmp ; \ - fi ; \ - if ! egrep -q 'CONFIG_IPSEC' $$KERNELCONFIG ; \ - then \ - set -x ; \ - cp -a $$KERNELCONFIG $$KERNELCONFIG.orig ; \ - chmod u+w $$KERNELCONFIG ; \ - cat $$KERNELCONFIG $(KERNELKLIPS)/defconfig \ - >$$KERNELCONFIG.tmp ; \ - rm -f $$KERNELCONFIG ; \ - cp -a $$KERNELCONFIG.tmp $$KERNELCONFIG ; \ - rm -f $$KERNELCONFIG.tmp ; \ - fi - - - -# programs - -checkv199install: - if [ -f ${LIBDIR}/pluto ]; \ - then \ - echo WARNING: FreeS/WAN 1.99 still installed. ;\ - echo WARNING: moving ${LIBDIR} to ${LIBDIR}.v1 ;\ - mv ${LIBDIR} ${LIBDIR}.v1 ;\ - fi - -install:: checkv199install - -programs install clean checkprograms:: - @for d in $(SUBDIRS) ; \ - do \ - (cd $$d && $(MAKE) FREESWANSRCDIR=.. $@ ) || exit 1; \ - done; - -clean:: - rm -rf $(RPMTMPDIR) $(RPMDEST) - rm -f out.*build out.*install # but leave out.kpatch - rm -f rpm.spec - -distclean: clean - rm -f out.kpatch - if [ -f umlsetup.sh ]; then source umlsetup.sh; if [ -d "$$POOLSPACE" ]; then rm -rf $$POOLSPACE; fi; fi - - - -# proxies for major kernel make operations - -# do-everything entries -KINSERT_PRE=precheck verset insert -PRE=precheck verset kpatch klibcryptolink -POST=confcheck programs kernel install -MPOST=confcheck programs module install -ogo: $(PRE) pcf $(POST) -oldgo: $(PRE) ocf $(POST) -nopromptgo: $(PRE) rcf $(POST) -menugo: $(PRE) mcf $(POST) -xgo: $(PRE) xcf $(POST) -omod: $(PRE) pcf $(MPOST) -oldmod: $(PRE) ocf $(MPOST) -menumod: $(PRE) mcf $(MPOST) -xmod: $(PRE) xcf $(MPOST) - -# preliminaries -precheck: - @if test ! -d $(KERNELSRC) -a ! -L $(KERNELSRC) ; \ - then \ - echo '*** cannot find directory "$(KERNELSRC)"!!' ; \ - echo '*** may be necessary to add symlink to kernel source' ; \ - exit 1 ; \ - fi - @if ! cd $(KERNELSRC) ; \ - then \ - echo '*** cannot "cd $(KERNELSRC)"!!' ; \ - echo '*** may be necessary to add symlink to kernel source' ; \ - exit 1 ; \ - fi - @if test ! -f $(KCFILE) ; \ - then \ - echo '*** cannot find "$(KCFILE)"!!' ; \ - echo '*** perhaps kernel has never been configured?' ; \ - echo '*** please do that first; the results are necessary.' ; \ - exit 1 ; \ - fi - @if test ! -f $(VERFILE) ; \ - then \ - echo '*** cannot find "$(VERFILE)"!!' ; \ - echo '*** perhaps kernel has never been compiled?' ; \ - echo '*** please do that first; the results are necessary.' ; \ - exit 1 ; \ - fi - -# set version code if this is a fresh CVS checkout -ifeq ($(wildcard cvs.datemark),cvs.datemark) -verset Makefile.ver: cvs.datemark - echo IPSECVERSION=`date -r cvs.datemark +cvs%Y%b%d_%H:%M:%S` >Makefile.ver - rm -f cvs.datemark; -else -verset Makefile.ver: - @grep IPSECVERSION Makefile.ver -endif - -Makefile: Makefile.ver - -# configuring (exit statuses disregarded, something fishy here sometimes) -xcf: - -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) xconfig -mcf: - -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) menuconfig -pcf: - -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) config - -ocf: - -cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) oldconfig - -rcf: - cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) oldconfig_nonint /dev/null - -confcheck: - @if test ! -f $(KCFILE) ; \ - then echo '*** no kernel configuration file written!!' ; exit 1 ; \ - fi - @if ! egrep -q '^CONFIG_IPSEC=[my]' $(KCFILE) ; \ - then echo '*** IPsec not in kernel config ($(KCFILE))!!' ; exit 1 ; \ - fi - @if ! egrep -q 'CONFIG_IPSEC[ ]+1' $(ACFILE) && \ - ! egrep -q 'CONFIG_IPSEC_MODULE[ ]+1' $(ACFILE) ; \ - then echo '*** IPsec in kernel config ($(KCFILE)),' ; \ - echo '*** but not in config header file ($(ACFILE))!!' ; \ - exit 1 ; \ - fi - @if egrep -q '^CONFIG_IPSEC=m' $(KCFILE) && \ - ! egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ - then echo '*** IPsec configured as module in kernel with no module support!!' ; exit 1 ; \ - fi - @if ! egrep -q 'CONFIG_IPSEC_AH[ ]+1' $(ACFILE) && \ - ! egrep -q 'CONFIG_IPSEC_ESP[ ]+1' $(ACFILE) ; \ - then echo '*** IPsec configuration must include AH or ESP!!' ; exit 1 ; \ - fi - -# kernel building, with error checks -kernel: - rm -f out.kbuild out.kinstall - # undocumented kernel folklore: clean BEFORE dep. - # we run make dep seperately, because there is no point in running ERRCHECK - # on the make dep output. - # see LKML thread "clean before or after dep?" - ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNCLEAN) $(KERNDEP) ) - ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) $(KERNEL) ) 2>&1 | tee out.kbuild - @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ - then set -x ; \ - ( cd $(KERNELSRC) ; \ - $(MAKE) $(KERNMAKEOPTS) modules 2>&1 ) | tee -a out.kbuild ; \ - fi - ${ERRCHECK} out.kbuild - -# this target takes a kernel source tree and it builds a link tree, -# and then does make oldconfig for each .config file that was found in configs. -# The location for the disk space required for the link tree is found via -# $RH_KERNELSRC_POOL -preprhkern4module: - if [ -z "${RH_KERNELSRC_POOL}" ]; then echo Please set RH_KERNELSRC_POOL.; exit 1; fi - mkdir -p ${RH_KERNELSRC_POOL} - KV=`${KVUTIL} $(RH_KERNELSRC)/Makefile` ; \ - cd ${RH_KERNELSRC_POOL} && \ - mkdir -p $$KV && cd $$KV && \ - for config in ${RH_KERNELSRC}/configs/*; do \ - basecfg=`basename $$config` ;\ - mkdir -p ${RH_KERNELSRC_POOL}/$$KV/$$basecfg && \ - cd ${RH_KERNELSRC_POOL}/$$KV/$$basecfg && \ - lndir ${RH_KERNELSRC} . && \ - rm -rf include/asm && \ - (cd include/linux && sed -e '/#include "\/boot\/kernel.h"/d' rhconfig.h-new && mv rhconfig.h-new rhconfig.h ) && \ - rm -f include/linux/modules/*.stamp && \ - make dep && \ - make oldconfig; \ - done; - -# module-only building, with error checks -ifneq ($(strip $(MODBUILDDIR)),) -${MODBUILDDIR}/Makefile : ${FREESWANSRCDIR}/packaging/makefiles/module.make - mkdir -p ${MODBUILDDIR} - cp ${FREESWANSRCDIR}/packaging/makefiles/module.make ${MODBUILDDIR}/Makefile - echo "# " >>${MODBUILDDIR}/Makefile - echo "# Local Variables: " >>${MODBUILDDIR}/Makefile - echo "# compile-command: \"${MAKE} FREESWANSRCDIR=${FREESWANSRCDIR} ARCH=${ARCH} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} ipsec.o\"" >>${MODBUILDDIR}/Makefile - echo "# End: " >>${MODBUILDDIR}/Makefile - -# clean out the linux/net/ipsec directory so that VPATH will work properly -module: ${MODBUILDDIR}/Makefile - ${MAKE} -C linux/net/ipsec ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} clean - ${MAKE} -C ${MODBUILDDIR} ARCH=${ARCH} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} ipsec.o - ${MAKE} -C ${MODBUILDDIR} ARCH=${ARCH} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} LIBCRYPTO=${FREESWANSRCDIR}/lib/libcrypto MODULE_FLAGS="$(MODULE_FLAGS)" alg_modules - -modclean: ${MODBUILDDIR}/Makefile - ${MAKE} -C ${MODBUILDDIR} clean - -# module-only install, with error checks -minstall: - ( FSMODLIB=`make -C $(KERNELSRC) -p dummy | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ - if [ -z "$$FSMODLIB" ] ; then \ - FSMODLIB=`make -C $(KERNELSRC) -n -p modules_install | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ - fi ; \ - if [ -z "$$FSMODLIB" ] ; then \ - echo "No known place to install module. Aborting." ; \ - exit 93 ; \ - fi ; \ - set -x ; \ - mkdir -p $$FSMODLIB/kernel/net/ipsec ; \ - cp $(MODBUILDDIR)/ipsec.o $$FSMODLIB/kernel/net/ipsec ; \ - mkdir -p $$FSMODLIB/kernel/net/ipsec/alg ; \ - for i in `sed -n '/IPSEC_ALG/s/CONFIG_IPSEC_ALG_\(.*\)=[Mm]/ipsec_\1.o/p' $(KCFILE) | tr '[A-Z]' '[a-z]'`;do \ - echo "installing $$i"; \ - cp $(MODBUILDDIR)/alg/$$i $$FSMODLIB/kernel/net/ipsec/alg ;\ - done ) - -else -module: - ${MAKE} -C linux/net/ipsec ARCH=${ARCH} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} ipsec.o - ${MAKE} -C linux/net/ipsec ARCH=${ARCH} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} LIBCRYPTO=${FREESWANSRCDIR}/lib/libcrypto MODULE_FLAGS="$(MODULE_FLAGS)" alg_modules - -modclean: - ${MAKE} -C linux/net/ipsec ARCH=${ARCH} ${MODULE_FLAGS} MODULE_DEF_INCLUDE=${MODULE_DEF_INCLUDE} clean - -# module-only install, with error checks -minstall: - ( FSMODLIB=`make -C $(KERNELSRC) -p dummy | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ - if [ -z "$$FSMODLIB" ] ; then \ - FSMODLIB=`make -C $(KERNELSRC) -n -p modules_install | ( sed -n -e '/^MODLIB/p' -e '/^MODLIB/q' ; cat > /dev/null ) | sed -e 's/^MODLIB[ :=]*\([^;]*\).*/\1/'` ; \ - fi ; \ - if [ -z "$$FSMODLIB" ] ; then \ - echo "No known place to install module. Aborting." ; \ - exit 93 ; \ - fi ; \ - set -x ; \ - mkdir -p $$FSMODLIB/kernel/net/ipsec ; \ - cp linux/net/ipsec/ipsec.o $$FSMODLIB/kernel/net/ipsec ; \ - mkdir -p $$FSMODLIB/kernel/net/ipsec/alg ; \ - for i in `sed -n '/IPSEC_ALG/s/CONFIG_IPSEC_ALG_\(.*\)=[Mm]/ipsec_\1.o/p' $(KCFILE) | tr '[A-Z]' '[a-z]'`;do \ - echo "installing $$i"; \ - cp linux/net/ipsec/alg/$$i $$FSMODLIB/kernel/net/ipsec/alg ;\ - done ) - -endif - -# kernel install, with error checks -kinstall: - rm -f out.kinstall - >out.kinstall - # undocumented kernel folklore: modules_install must precede install (observed on RHL8.0) - @if egrep -q '^CONFIG_MODULES=y' $(KCFILE) ; \ - then set -x ; \ - ( cd $(KERNELSRC) ; \ - $(MAKE) $(KERNMAKEOPTS) modules_install 2>&1 ) | tee -a out.kinstall ; \ - fi - ( cd $(KERNELSRC) ; $(MAKE) $(KERNMAKEOPTS) install ) 2>&1 | tee -a out.kinstall - ${ERRCHECK} out.kinstall - -kernelpatch2.5: - packaging/utils/kernelpatch 2.5 - -kernelpatch2.4 kernelpatch: - packaging/utils/kernelpatch 2.4 - -kernelpatch2.2: - packaging/utils/kernelpatch 2.2 - -kernelpatch2.0: - packaging/utils/kernelpatch 2.0 - -install_file_list: - @for d in $(SUBDIRS) ; \ - do \ - (cd $$d && $(MAKE) --no-print-directory FREESWANSRCDIR=.. install_file_list ) || exit 1; \ - done; - -# take all the patches out of the kernel -# (Note, a couple of files are modified by non-patch means; they are -# included in "make backup".) -unpatch: - @echo \"make unpatch\" is obsolete. See make unapplypatch. - exit 1 - -_unpatch: - for f in `find $(KERNELSRC)/. -name '*.preipsec' -print` ; \ - do \ - echo "restoring $$f:" ; \ - dir=`dirname $$f` ; \ - core=`basename $$f .preipsec` ; \ - cd $$dir ; \ - mv -f $$core.preipsec $$core ; \ - rm -f $$core.wipsec $$core.ipsecmd5 ; \ - done - -# uninstall, as much as possible -uninstall: - $(MAKE) --no-print-directory install_file_list | egrep -v '(/ipsec.conf$$|/ipsec.d/)' | xargs rm -f - -taroldinstall: - tar --ignore-failed-read -c -z -f oldFreeSWAN.tar.gz `$(MAKE) --no-print-directory install_file_list` - -# some oddities meant for the developers, probably of no use to users - -# make tags and TAGS files from ctags and etags for vi and emacs, respectively. -tags TAGS: dummy - etags `find lib programs linux -name '*.[ch]'` - ctags `find lib programs linux -name '*.[ch]'` - -dummy: - -# at the moment there is no difference between snapshot and release build -snapready: buildready -relready: buildready -ready: devready - -# set up for build -buildready: - rm -f dtrmakefile cvs.datemark - cd doc ; $(MAKE) -s - -uml: programs checkprograms - @echo XXX do some checks to see if all the manual pieces are done. - -chmod +x testing/utils/make-uml.sh - testing/utils/make-uml.sh `pwd` - -umluserland: - (touch Makefile.inc && source umlsetup.sh && cd $$POOLSPACE && make $$FREESWANHOSTS $$REGULARHOSTS ) - - -# DESTDIR is normally set in Makefile.inc -# These recipes explicitly pass it to the second-level makes so that -# DESTDIR can be adjusted for building for UML without changing Makefile.inc -# See testing/utils/functions.sh -# testing/utils/make-uml.sh -# testing/utils/uml-functions.sh -check: uml Makefile.ver -ifneq ($(strip(${REGRESSRESULTS})),) - mkdir -p ${REGRESSRESULTS} -endif - @for d in $(SUBDIRS); do (cd $$d && $(MAKE) DESTDIR=${DESTDIR} checkprograms || exit 1); done - @for d in $(SUBDIRS); \ - do \ - echo ===================================; \ - echo Now making check in $$d; \ - echo ===================================; \ - (cd $$d && $(MAKE) DESTDIR=${DESTDIR} check || exit 1);\ - done -ifneq ($(strip(${REGRESSRESULTS})),) - -perl testing/utils/regress-summarize-results.pl ${REGRESSRESULTS} -endif - - -rpm: - @echo please cd packaging/redhat and - @echo run "make RH_KERNELSRC=/some/path/to/kernel/src rpm" - -ipkg_strip: - @echo "Minimizing size for ipkg binaries..." - @cd $(DESTDIR)$(INC_USRLOCAL)/lib/ipsec && \ - for f in *; do (if file $$f | grep ARM > /dev/null; then ( $(STRIP) --strip-unneeded $$f); fi); done - @rm -r $(DESTDIR)$(INC_USRLOCAL)/man - @rm -f $(DESTDIR)$(INC_RCDEFAULT)/*.old - @rm -f $(DESTDIR)$(INC_USRLOCAL)/lib/ipsec/*.old - @rm -f $(DESTDIR)$(INC_USRLOCAL)/libexec/ipsec/*.old - @rm -f $(DESTDIR)$(INC_USRLOCAL)/sbin/*.old - -ipkg_module: - @echo "Moving ipsec.o into temporary location..." - KV=$(shell ${KVUTIL} ${KERNELSRC}/Makefile) && \ - mkdir -p $(FREESWANSRCDIR)/packaging/ipkg/kernel-module/lib/modules/$$KV/net/ipsec - KV=$(shell ${KVUTIL} ${KERNELSRC}/Makefile) && \ - cp linux/net/ipsec/ipsec.o $(FREESWANSRCDIR)/packaging/ipkg/kernel-module/lib/modules/$$KV/net/ipsec/ - KV=$(shell ${KVUTIL} ${KERNELSRC}/Makefile) - -ipkg_clean: - rm -rf $(FREESWANSRCDIR)/packaging/ipkg/kernel-module/ - rm -rf $(FREESWANSRCDIR)/packaging/ipkg/ipkg/ - rm -f $(FREESWANSRCDIR)/packaging/ipkg/control-freeswan - rm -f $(FREESWANSRCDIR)/packaging/ipkg/control-freeswan-module - - -ipkg: programs install ipkg_strip ipkg_module - @echo "Generating ipkg..."; - DESTDIR=${DESTDIR} FREESWANSRCDIR=${FREESWANSRCDIR} ARCH=${ARCH} IPSECVERSION=${IPSECVERSION} ./packaging/ipkg/generate-ipkg - - - - diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 000000000..575eb0668 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,15 @@ +SUBDIRS = src +EXTRA_DIST = Doxyfile.in testing CREDITS +CLEANFILES = apidoc Doxyfile + +Doxyfile : Doxyfile.in + sed \ + -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \ + -e "s:\@PACKAGE_NAME\@:$(PACKAGE_NAME):" \ + $< > $@ + +apidoc : Doxyfile + doxygen + +dist-hook : + rm -rf `find $(distdir)/testing -name .svn` diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 000000000..436b675c8 --- /dev/null +++ b/Makefile.in @@ -0,0 +1,638 @@ +# Makefile.in generated by automake 1.9.6 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = . +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(top_srcdir)/configure AUTHORS COPYING \ + ChangeLog INSTALL NEWS TODO config.guess config.sub depcomp \ + install-sh ltmain.sh missing +subdir = . +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno configure.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-exec-recursive install-info-recursive \ + install-recursive installcheck-recursive installdirs-recursive \ + pdf-recursive ps-recursive uninstall-info-recursive \ + uninstall-recursive +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + { test ! -d $(distdir) \ + || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -fr $(distdir); }; } +DIST_ARCHIVES = $(distdir).tar.gz +GZIP_ENV = --best +distuninstallcheck_listfiles = find . -type f -print +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BUILD_EAP_SIM_FALSE = @BUILD_EAP_SIM_FALSE@ +BUILD_EAP_SIM_TRUE = @BUILD_EAP_SIM_TRUE@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +RANLIB = @RANLIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +USE_CISCO_QUIRKS_FALSE = @USE_CISCO_QUIRKS_FALSE@ +USE_CISCO_QUIRKS_TRUE = @USE_CISCO_QUIRKS_TRUE@ +USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@ +USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@ +USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@ +USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@ +USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@ +USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@ +USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@ +USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@ +USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@ +USE_SMARTCARD_TRUE = @USE_SMARTCARD_TRUE@ +USE_VENDORID_FALSE = @USE_VENDORID_FALSE@ +USE_VENDORID_TRUE = @USE_VENDORID_TRUE@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +confdir = @confdir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +eapdir = @eapdir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +SUBDIRS = src +EXTRA_DIST = Doxyfile.in testing CREDITS +CLEANFILES = apidoc Doxyfile +all: all-recursive + +.SUFFIXES: +am--refresh: + @: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --gnu '; \ + cd $(srcdir) && $(AUTOMAKE) --gnu \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool +uninstall-info-am: + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +mostlyclean-recursive clean-recursive distclean-recursive \ +maintainer-clean-recursive: + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + $(am__remove_distdir) + mkdir $(distdir) + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkdir_p) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(mkdir_p) "$(distdir)/$$subdir" \ + || exit 1; \ + distdir=`$(am__cd) $(distdir) && pwd`; \ + top_distdir=`$(am__cd) $(top_distdir) && pwd`; \ + (cd $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$top_distdir" \ + distdir="$$distdir/$$subdir" \ + distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook + -find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(SHELL) $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r $(distdir) +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 + $(am__remove_distdir) + +dist-tarZ: distdir + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__remove_distdir) + +dist-shar: distdir + shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + $(am__remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__remove_distdir) + +dist dist-all: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir); chmod a+w $(distdir) + mkdir $(distdir)/_build + mkdir $(distdir)/_inst + chmod a-w $(distdir) + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && cd $(distdir)/_build \ + && ../configure --srcdir=.. --prefix="$$dc_install_base" \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck + $(am__remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e '1{h;s/./=/g;p;x;}' -e '$${p;x;}' +distuninstallcheck: + @cd $(distuninstallcheck_dir) \ + && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-libtool \ + distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +info: info-recursive + +info-am: + +install-data-am: + +install-exec-am: + +install-info: install-info-recursive + +install-man: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-info-am + +uninstall-info: uninstall-info-recursive + +.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am am--refresh check \ + check-am clean clean-generic clean-libtool clean-recursive \ + ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \ + dist-hook dist-shar dist-tarZ dist-zip distcheck distclean \ + distclean-generic distclean-libtool distclean-recursive \ + distclean-tags distcleancheck distdir distuninstallcheck dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-exec install-exec-am \ + install-info install-info-am install-man install-strip \ + installcheck installcheck-am installdirs installdirs-am \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-recursive mostlyclean mostlyclean-generic \ + mostlyclean-libtool mostlyclean-recursive pdf pdf-am ps ps-am \ + tags tags-recursive uninstall uninstall-am uninstall-info-am + + +Doxyfile : Doxyfile.in + sed \ + -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \ + -e "s:\@PACKAGE_NAME\@:$(PACKAGE_NAME):" \ + $< > $@ + +apidoc : Doxyfile + doxygen + +dist-hook : + rm -rf `find $(distdir)/testing -name .svn` +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/Makefile.inc b/Makefile.inc deleted file mode 100644 index f09ec409b..000000000 --- a/Makefile.inc +++ /dev/null @@ -1,330 +0,0 @@ -# FreeS/WAN pathnames and other master configuration -# Copyright (C) 2001, 2002 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile.inc,v 1.14 2007/01/29 08:19:56 as Exp $ - - -# Variables in this file with names starting with INC_ are not for use -# by Makefiles which include it; they are subject to change without warning. -# -# "Final" and "finally" refer to where the files will end up on the -# running IPsec system, as opposed to where they get installed by our -# Makefiles. (The two are different for cross-compiles and the like, -# where our Makefiles are not the end of the installation process.) -# Paths with FINAL in their names are the only ones that the installed -# software itself depends on. (Very few things should know about the -# FINAL paths; think twice and consult Henry before making something new -# depend on them.) All other paths are install targets. -# See also DESTDIR, below. - - -### boilerplate, do not change -SHELL=/bin/sh - -### paths within the source tree - -KLIPSINC=${FREESWANSRCDIR}/linux/include -KLIPSSRC=${FREESWANSRCDIR}/linux/net/ipsec - -LIBFREESWANDIR=${FREESWANSRCDIR}/linux/lib/libfreeswan -FREESWANLIB=${FREESWANSRCDIR}/lib/libfreeswan/libfreeswan.a - -LWRESDIR=${FREESWANSRCDIR}/lib/liblwres -LWRESLIB=${LWRESDIR}/liblwres.a - -LIBDESSRCDIR=${FREESWANSRCDIR}/linux/crypto/ciphers/des -LIBDESLITE=${FREESWANSRCDIR}/lib/libdes/libdes.a - -LIBPOLICYDIR=${FREESWANSRCDIR}/linux/lib/libipsecpolicy -POLICYLIB=${FREESWANSRCDIR}/lib/libipsecpolicy/libipsecpolicy.a - -.PHONY: programs checkprograms clean - -### install pathnames - -# DESTDIR can be used to supply a prefix to all install targets. -# (Note that "final" pathnames, signifying where files will eventually -# reside rather than where install puts them, are exempt from this.) -# The prefixing is done in this file, so as to have central control over -# it; DESTDIR itself should never appear in any other Makefile. -DESTDIR?= - -# "local" part of tree, used in building other pathnames -INC_USRLOCAL=/usr/local - -# PUBDIR is where the "ipsec" command goes; beware, many things define PATH -# settings which are assumed to include it (or at least, to include *some* -# copy of the "ipsec" command). -PUBDIR=$(DESTDIR)$(INC_USRLOCAL)/sbin - -# BINDIR is where sub-commands get put, FINALBINDIR is where the "ipsec" -# command will look for them when it is run. Also called LIBEXECDIR. -FINALLIBEXECDIR=$(INC_USRLOCAL)/libexec/ipsec -LIBEXECDIR=$(DESTDIR)$(FINALBINDIR) - -FINALBINDIR=${FINALLIBEXECDIR} -BINDIR=${LIBEXECDIR} - - -# SBINDIR is where the user interface command goes. -FINALSBINDIR=$(INC_USRLOCAL)/sbin -SBINDIR=$(DESTDIR)$(FINALSBINDIR) - -# libdir is where utility files go -FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec -LIBDIR=$(DESTDIR)$(FINALLIBDIR) - - -# where the appropriate manpage tree is located -# location within INC_USRLOCAL -INC_MANDIR=man -# the full pathname -MANTREE=$(DESTDIR)$(INC_USRLOCAL)/$(INC_MANDIR) -# all relevant subdirectories of MANTREE -MANPLACES=man3 man5 man8 - -# where configuration files go -FINALCONFFILE?=/etc/ipsec.conf -CONFFILE=$(DESTDIR)$(FINALCONFFILE) - -FINALCONFDIR?=/etc -CONFDIR=$(DESTDIR)$(FINALCONFDIR) - -FINALCONFDDIR?=${FINALCONFDIR}/ipsec.d -CONFDDIR=$(DESTDIR)$(FINALCONFDDIR) - -# sample configuration files go into -INC_DOCDIR?=share/doc -FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/strongswan -EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR} - -FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/strongswan -DOCDIR=${DESTDIR}${FINALDOCDIR} - -# where per-conn pluto logs go -VARDIR?=/var -LOGDIR?=${VARDIR}/log -FINALLOGDIR?=${DESTDIR}${LOGDIR} - - -# An attempt is made to automatically figure out where boot/shutdown scripts -# will finally go: the first directory in INC_RCDIRS which exists gets them. -# If none of those exists (or INC_RCDIRS is empty), INC_RCDEFAULT gets them. -# With a non-null DESTDIR, INC_RCDEFAULT will be used unless one of the -# INC_RCDIRS directories has been pre-created under DESTDIR. -INC_RCDIRS=/etc/rc.d/init.d /etc/rc.d /etc/init.d /sbin/init.d -INC_RCDEFAULT=/etc/rc.d/init.d - -# RCDIR is where boot/shutdown scripts go; FINALRCDIR is where they think -# will finally be (so utils/Makefile can create a symlink in BINDIR to the -# place where the boot/shutdown script will finally be, rather than the -# place where it is installed). -FINALRCDIR=$(shell for d in $(INC_RCDIRS) ; \ - do if test -d $(DESTDIR)/$$d ; \ - then echo $$d ; exit 0 ; \ - fi ; done ; echo $(INC_RCDEFAULT) ) -RCDIR=$(DESTDIR)$(FINALRCDIR) - - - -### kernel pathnames - -# Kernel location: where patches are inserted, where kernel builds are done. - -# this is a hack using the wildcard to look for existence of a file/dir -ifneq ($(wildcard /usr/src/linux-2.4),) -KERNELSRC?=/usr/src/linux-2.4 -else -KERNELSRC?=/usr/src/linux -endif - - -# where kernel configuration outputs are located -KCFILE=$(KERNELSRC)/.config -ACFILE=$(KERNELSRC)/include/linux/autoconf.h -VERFILE=$(KERNELSRC)/include/linux/version.h - - - -### misc installation stuff - -# what program to use when installing things -INSTALL=install - -# flags to the install program, for programs, manpages, and config files -# -b has install make backups (n.b., unlinks original), --suffix controls -# how backup names are composed. -# Note that the install procedures will never overwrite an existing config -# file, which is why -b is not specified for them. -INSTBINFLAGS=-b --suffix=.old -INSTMANFLAGS= -INSTCONFFLAGS= - - -### misc configuration, included here in hopes that other files will not -### have to be changed for common customizations. - -# extra compile flags, for userland and kernel stuff, e.g. -g for debug info -# (caution, this stuff is still being sorted out, will change in future) -USERCOMPILE?=-g -O3 -KLIPSCOMPILE=-O3 - -# command used to link/copy KLIPS into kernel source tree -# There are good reasons why this is "ln -s"; only people like distribution -# builders should ever change it. -KLIPSLINK=ln -s -f - -# extra options for use in kernel build -KERNMAKEOPTS= - -# kernel Makefile targets to be done before build -# Can be overridden if you are *sure* your kernel doesn't need them. (2.2.xx -# and later reportedly do not.) -KERNDEP=dep -KERNCLEAN=clean - -# kernel make name: zImage for 2.0.xx, bzImage for 2.2.xx and later, and -# boot on non-x86s (what ever happened to standards?) -INC_B=$(shell test -d $(DIRIN22) && echo b) -KERNEL=$(shell if expr " `uname -m`" : ' i.86' >/dev/null ; \ - then echo $(INC_B)zImage ; \ - else echo boot ; \ - fi) - -# temporary directory to be used when building RPMs, and where to put the -# resulting RPM tree -RPMKERNDIR := $(shell echo `pwd`/tmp.rpmkernel) -RPMTMPDIR := $(shell echo `pwd`/tmp.rpmbuild) -RPMDEST := $(shell echo `pwd`/rpms) - -# Newer versions of RPM do not permit building of packages with the "rpm" -# command. For RedHat systems with older version of RPM, use: -# RPMBUILD=rpm -# instead. -RPMBUILD=rpmbuild - -### paths to resources on the host system -# -# Set this to a RedHat kernel-sources RPM. This normally extracts into -# /usr/src/linux-2.4, but you might have extracted it elsewhere with -# rpm2cpio. -# -RH_KERNELSRC?=/usr/src/linux-2.4 - -## build environment variations -## - -# set this to a place where you have installed a bind9.3 -# snapshot (20021115 or better). A bind 9.2, particularly a RedHat -# installed one in RH 7.2, won't work - you wind up depending upon -# openssl. - -BIND9STATICLIBDIR?=/usr/local/lib - -# FreeSWAN 3.x will require bind9. -USE_LWRES?=false - -# whether or not to use iproute2 based commands. -# -USE_IPROUTE2?=true - -# what kind of firewalling to use: -# 2.0 - ipfwadm -# 2.2 - ipchains -# 2.4 - iptables -IPSEC_FIREWALLTYPE=iptables - -# include IKEPING in the distribution -USE_IKEPING?=false - -# include support for KEY RR -# this will become false in late 2003. -USE_KEYRR?=true - -# include support for KERNEL 2.5/2.6 IPsec in pluto -USE_KERNEL26?=true - -# whether or not pluto sends its strongSwan Vendor ID -USE_VENDORID?=true - -# whether to tolerate some non-conformities (interoperability with Cisco VPN client) -USE_CISCO_QUIRKS?=false - -# whether to support NAT Traversal (aka NAT-T) -USE_NAT_TRAVERSAL?=true - -# whether to support NAT-T in transport mode (needed for Win2K NAT-T Interop) -USE_NAT_TRAVERSAL_TRANSPORT_MODE?=false - -# include libcurl support (currently used for fetching CRLs, OCSP and SCEP) -USE_LIBCURL?=false - -# include LDAP support (currently used for fetching CRLs) -USE_LDAP?=false - -# uncomment this line if using the LDAPv3 protocol -LDAP_VERSION=3 -# uncomment this line if using the LDAPv2 protocol -#LDAP_VERSION=2 - -# include PKCS11-based smartcard support -USE_SMARTCARD?=false - -# Default PKCS11 library -# Uncomment this line if using OpenSC <= 0.9.6 -#PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\" -# Uncomment this line if using OpenSC >= 0.10.0 -PKCS11_DEFAULT_LIB=\"/usr/lib/opensc-pkcs11.so\" -# Uncomment and complete this line if using another default library -#PKCS11_DEFAULT_LIB=\"/usr/lib/...\" - -# Uncomment if you want to specify a path to an XAUTH library module -#XAUTH_DEFAULT_LIB= - -# Enable the leak detective to find memory leaks -USE_LEAK_DETECTIVE?=false - -# set this to space where a linked/configured tree can be created by -# preprhkern4module. Only needed if you are going to be created RPMs -# outside of a distribution (as the FS team does for RedHat). -#RH_KERNELSRC_POOL=/c2/freeswan/rh_kern - -# the following is a list of symbols which will be used to construct -# the module goo to identify which module goes with each kernel. -MODULE_GOO_LIST=irq_stat netif_rx register_sysctl_table send_sig -MODULE_GOO_LIST+=kmalloc __kfree_skb __ip_select_ident alloc_skb -MODULE_GOO_LIST+=icmp_send ip_fragment sock_register - -MODULE_DEF_INCLUDE=${FREESWANSRCDIR}/packaging/linus/config-all.h -MODULE_DEFCONFIG?=${KLIPSSRC}/defconfig - -MODULE_FLAGS:=KLIPSMODULE=true TOPDIR=${KERNELSRC} -f ${MODULE_DEFCONFIG} -f Makefile - -# supply kernel-configuration ARCH defaults -ifeq ($(ARCH),) -ARCH := $(shell uname -m) -endif -# always sanitize $(ARCH) -ARCH := $(shell echo $(ARCH) | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/) - -# export everything so that scripts can use them. -export LIBFREESWANDIR FREESWANSRCDIR FREESWANLIB - --include ${FREESWANSRCDIR}/Makefile.ver - -# for emacs -# -# Local Variables: ;;; -# mode: makefile ;;; -# End Variables: ;;; -# diff --git a/Makefile.ver b/Makefile.ver deleted file mode 100644 index 98bef89bb..000000000 --- a/Makefile.ver +++ /dev/null @@ -1 +0,0 @@ -IPSECVERSION=2.8.3 diff --git a/NEWS b/NEWS new file mode 100644 index 000000000..ab92d22e5 --- /dev/null +++ b/NEWS @@ -0,0 +1,962 @@ +strongswan-4.1.1 +---------------- + +- Server side cookie support. If to may IKE_SAs are in CONNECTING state, + cookies are enabled and protect against DoS attacks with faked source + addresses. Number of IKE_SAs in CONNECTING state is also limited per + peer address to avoid resource exhaustion. IKE_SA_INIT messages are + compared to properly detect retransmissions and incoming retransmits are + detected even if the IKE_SA is blocked (e.g. doing OCSP fetches). + +- The IKEv2 daemon charon now supports dynamic http- and ldap-based CRL + fetching enabled by crlcheckinterval > 0 and caching fetched CRLs + enabled by cachecrls=yes. + +- Added the configuration options --enable-nat-transport which enables + the potentially insecure NAT traversal for IPsec transport mode and + --disable-vendor-id which disables the sending of the strongSwan + vendor ID. + +- Fixed a long-standing bug in the pluto IKEv1 daemon which caused + a segmentation fault if a malformed payload was detected in the + IKE MR2 message and pluto tried to send an encrypted notification + message. + +- Added the NATT_IETF_02_N Vendor ID in order to support IKEv1 connections + with Windows 2003 Server which uses a wrong VID hash. + + +strongswan-4.1.0 +---------------- + +- Support of SHA2_384 hash function for protecting IKEv1 + negotiations and support of SHA2 signatures in X.509 certificates. + +- Fixed a serious bug in the computation of the SHA2-512 HMAC + function. Introduced automatic self-test of all IKEv1 hash + and hmac functions during pluto startup. Failure of a self-test + currently issues a warning only but does not exit pluto [yet]. + +- Support for SHA2-256/384/512 PRF and HMAC functions in IKEv2. + +- Full support of CA information sections. ipsec listcainfos + now shows all collected crlDistributionPoints and OCSP + accessLocations. + +- Support of the Online Certificate Status Protocol (OCSP) for IKEv2. + This feature requires the HTTP fetching capabilities of the libcurl + library which must be enabled by setting the --enable-http configure + option. + +- Refactored core of the IKEv2 message processing code, allowing better + code reuse and separation. + +- Virtual IP support in IKEv2 using INTERNAL_IP4/6_ADDRESS configuration + payload. Additionally, the INTERNAL_IP4/6_DNS attribute is interpreted + by the requestor and installed in a resolv.conf file. + +- The IKEv2 daemon charon installs a route for each IPsec policy to use + the correct source address even if an application does not explicitly + specify it. + +- Integrated the EAP framework into charon which loads pluggable EAP library + modules. The ipsec.conf parameter authby=eap initiates EAP authentication + on the client side, while the "eap" parameter on the server side defines + the EAP method to use for client authentication. + A generic client side EAP-Identity module and an EAP-SIM authentication + module using a third party card reader implementation are included. + +- Added client side support for cookies. + +- Integrated the fixes done at the IKEv2 interoperability bakeoff, including + strict payload order, correct INVALID_KE_PAYLOAD rejection and other minor + fixes to enhance interoperability with other implementations. + +strongswan-4.0.7 +---------------- + +- strongSwan now interoperates with the NCP Secure Entry Client, + the Shrew Soft VPN Client, and the Cisco VPN client, doing both + XAUTH and Mode Config. + +- UNITY attributes are now recognized and UNITY_BANNER is set + to a default string. + + +strongswan-4.0.6 +---------------- + +- IKEv1: Support for extended authentication (XAUTH) in combination + with ISAKMP Main Mode RSA or PSK authentication. Both client and + server side were implemented. Handling of user credentials can + be done by a run-time loadable XAUTH module. By default user + credentials are stored in ipsec.secrets. + +- IKEv2: Support for reauthentication when rekeying + +- IKEv2: Support for transport mode + +- fixed a lot of bugs related to byte order + +- various other bugfixes + + +strongswan-4.0.5 +---------------- + +- IKEv1: Implementation of ModeConfig push mode via the new connection + keyword modeconfig=push allows interoperability with Cisco VPN gateways. + +- IKEv1: The command ipsec statusall now shows "DPD active" for all + ISAKMP SAs that are under active Dead Peer Detection control. + +- IKEv2: Charon's logging and debugging framework has been completely rewritten. + Instead of logger, special printf() functions are used to directly + print objects like hosts (%H) identifications (%D), certificates (%Q), + etc. The number of debugging levels have been reduced to: + + 0 (audit), 1 (control), 2 (controlmore), 3 (raw), 4 (private) + + The debugging levels can either be specified statically in ipsec.conf as + + config setup + charondebug="lib 1, cfg 3, net 2" + + or changed at runtime via stroke as + + ipsec stroke loglevel cfg 2 + + +strongswan-4.0.4 +---------------- + +- Implemented full support for IPv6-in-IPv6 tunnels. + +- Added configuration options for dead peer detection in IKEv2. dpd_action + types "clear", "hold" and "restart" are supported. The dpd_timeout + value is not used, as the normal retransmission policy applies to + detect dead peers. The dpd_delay parameter enables sending of empty + informational message to detect dead peers in case of inactivity. + +- Added support for preshared keys in IKEv2. PSK keys configured in + ipsec.secrets are loaded. The authby parameter specifies the authentication + method to authentificate ourself, the other peer may use PSK or RSA. + +- Changed retransmission policy to respect the keyingtries parameter. + +- Added private key decryption. PEM keys encrypted with AES-128/192/256 + or 3DES are supported. + +- Implemented DES/3DES algorithms in libstrongswan. 3DES can be used to + encrypt IKE traffic. + +- Implemented SHA-256/384/512 in libstrongswan, allows usage of certificates + signed with such a hash algorithm. + +- Added initial support for updown scripts. The actions up-host/client and + down-host/client are executed. The leftfirewall=yes parameter + uses the default updown script to insert dynamic firewall rules, a custom + updown script may be specified with the leftupdown parameter. + + +strongswan-4.0.3 +---------------- + +- Added support for the auto=route ipsec.conf parameter and the + ipsec route/unroute commands for IKEv2. This allows to set up IKE_SAs and + CHILD_SAs dynamically on demand when traffic is detected by the + kernel. + +- Added support for rekeying IKE_SAs in IKEv2 using the ikelifetime parameter. + As specified in IKEv2, no reauthentication is done (unlike in IKEv1), only + new keys are generated using perfect forward secrecy. An optional flag + which enforces reauthentication will be implemented later. + +- "sha" and "sha1" are now treated as synonyms in the ike= and esp= + algorithm configuration statements. + + +strongswan-4.0.2 +---------------- + +- Full X.509 certificate trust chain verification has been implemented. + End entity certificates can be exchanged via CERT payloads. The current + default is leftsendcert=always, since CERTREQ payloads are not supported + yet. Optional CRLs must be imported locally into /etc/ipsec.d/crls. + +- Added support for leftprotoport/rightprotoport parameters in IKEv2. IKEv2 + would offer more possibilities for traffic selection, but the Linux kernel + currently does not support it. That's why we stick with these simple + ipsec.conf rules for now. + +- Added Dead Peer Detection (DPD) which checks liveliness of remote peer if no + IKE or ESP traffic is received. DPD is currently hardcoded (dpdaction=clear, + dpddelay=60s). + +- Initial NAT traversal support in IKEv2. Charon includes NAT detection + notify payloads to detect NAT routers between the peers. It switches + to port 4500, uses UDP encapsulated ESP packets, handles peer address + changes gracefully and sends keep alive message periodically. + +- Reimplemented IKE_SA state machine for charon, which allows simultaneous + rekeying, more shared code, cleaner design, proper retransmission + and a more extensible code base. + +- The mixed PSK/RSA roadwarrior detection capability introduced by the + strongswan-2.7.0 release necessitated the pre-parsing of the IKE proposal + payloads by the responder right before any defined IKE Main Mode state had + been established. Although any form of bad proposal syntax was being correctly + detected by the payload parser, the subsequent error handler didn't check + the state pointer before logging current state information, causing an + immediate crash of the pluto keying daemon due to a NULL pointer. + + +strongswan-4.0.1 +---------------- + +- Added algorithm selection to charon: New default algorithms for + ike=aes128-sha-modp2048, as both daemons support it. The default + for IPsec SAs is now esp=aes128-sha,3des-md5. charon handles + the ike/esp parameter the same way as pluto. As this syntax does + not allow specification of a pseudo random function, the same + algorithm as for integrity is used (currently sha/md5). Supported + algorithms for IKE: + Encryption: aes128, aes192, aes256 + Integrity/PRF: md5, sha (using hmac) + DH-Groups: modp768, 1024, 1536, 2048, 4096, 8192 + and for ESP: + Encryption: aes128, aes192, aes256, 3des, blowfish128, + blowfish192, blowfish256 + Integrity: md5, sha1 + More IKE encryption algorithms will come after porting libcrypto into + libstrongswan. + +- initial support for rekeying CHILD_SAs using IKEv2. Currently no + perfect forward secrecy is used. The rekeying parameters rekey, + rekeymargin, rekeyfuzz and keylife from ipsec.conf are now supported + when using IKEv2. WARNING: charon currently is unable to handle + simultaneous rekeying. To avoid such a situation, use a large + rekeyfuzz, or even better, set rekey=no on one peer. + +- support for host2host, net2net, host2net (roadwarrior) tunnels + using predefined RSA certificates (see uml scenarios for + configuration examples). + +- new build environment featuring autotools. Features such + as HTTP, LDAP and smartcard support may be enabled using + the ./configure script. Changing install directories + is possible, too. See ./configure --help for more details. + +- better integration of charon with ipsec starter, which allows + (almost) transparent operation with both daemons. charon + handles ipsec commands up, down, status, statusall, listall, + listcerts and allows proper load, reload and delete of connections + via ipsec starter. + + +strongswan-4.0.0 +---------------- + +- initial support of the IKEv2 protocol. Connections in + ipsec.conf designated by keyexchange=ikev2 are negotiated + by the new IKEv2 charon keying daemon whereas those marked + by keyexchange=ikev1 or the default keyexchange=ike are + handled thy the IKEv1 pluto keying daemon. Currently only + a limited subset of functions are available with IKEv2 + (Default AES encryption, authentication based on locally + imported X.509 certificates, unencrypted private RSA keys + in PKCS#1 file format, limited functionality of the ipsec + status command). + + +strongswan-2.7.0 +---------------- + +- the dynamic iptables rules from the _updown_x509 template + for KLIPS and the _updown_policy template for NETKEY have + been merged into the default _updown script. The existing + left|rightfirewall keyword causes the automatic insertion + and deletion of ACCEPT rules for tunneled traffic upon + the successful setup and teardown of an IPsec SA, respectively. + left|rightfirwall can be used with KLIPS under any Linux 2.4 + kernel or with NETKEY under a Linux kernel version >= 2.6.16 + in conjuction with iptables >= 1.3.5. For NETKEY under a Linux + kernel version < 2.6.16 which does not support IPsec policy + matching yet, please continue to use a copy of the _updown_espmark + template loaded via the left|rightupdown keyword. + +- a new left|righthostaccess keyword has been introduced which + can be used in conjunction with left|rightfirewall and the + default _updown script. By default leftfirewall=yes inserts + a bi-directional iptables FORWARD rule for a local client network + with a netmask different from 255.255.255.255 (single host). + This does not allow to access the VPN gateway host via its + internal network interface which is part of the client subnet + because an iptables INPUT and OUTPUT rule would be required. + lefthostaccess=yes will cause this additional ACCEPT rules to + be inserted. + +- mixed PSK|RSA roadwarriors are now supported. The ISAKMP proposal + payload is preparsed in order to find out whether the roadwarrior + requests PSK or RSA so that a matching connection candidate can + be found. + + +strongswan-2.6.4 +---------------- + +- the new _updown_policy template allows ipsec policy based + iptables firewall rules. Required are iptables version + >= 1.3.5 and linux kernel >= 2.6.16. This script obsoletes + the _updown_espmark template, so that no INPUT mangle rules + are required any more. + +- added support of DPD restart mode + +- ipsec starter now allows the use of wildcards in include + statements as e.g. in "include /etc/my_ipsec/*.conf". + Patch courtesy of Matthias Haas. + +- the Netscape OID 'employeeNumber' is now recognized and can be + used as a Relative Distinguished Name in certificates. + + +strongswan-2.6.3 +---------------- + +- /etc/init.d/ipsec or /etc/rc.d/ipsec is now a copy of the ipsec + command and not of ipsec setup any more. + +- ipsec starter now supports AH authentication in conjunction with + ESP encryption. AH authentication is configured in ipsec.conf + via the auth=ah parameter. + +- The command ipsec scencrypt|scdecrypt is now an alias for + ipsec whack --scencrypt|scdecrypt . + +- get_sa_info() now determines for the native netkey IPsec stack + the exact time of the last use of an active eroute. This information + is used by the Dead Peer Detection algorithm and is also displayed by + the ipsec status command. + + +strongswan-2.6.2 +---------------- + +- running under the native Linux 2.6 IPsec stack, the function + get_sa_info() is called by ipsec auto --status to display the current + number of transmitted bytes per IPsec SA. + +- get_sa_info() is also used by the Dead Peer Detection process to detect + recent ESP activity. If ESP traffic was received from the peer within + the last dpd_delay interval then no R_Y_THERE notification must be sent. + +- strongSwan now supports the Relative Distinguished Name "unstructuredName" + in ID_DER_ASN1_DN identities. The following notations are possible: + + rightid="unstructuredName=John Doe" + rightid="UN=John Doe" + +- fixed a long-standing bug which caused PSK-based roadwarrior connections + to segfault in the function id.c:same_id() called by keys.c:get_secret() + if an FQDN, USER_FQDN, or Key ID was defined, as in the following example. + + conn rw + right=%any + rightid=@foo.bar + authby=secret + +- the ipsec command now supports most ipsec auto commands (e.g. ipsec listall). + +- ipsec starter didn't set host_addr and client.addr ports in whack msg. + +- in order to guarantee backwards-compatibility with the script-based + auto function (e.g. auto --replace), the ipsec starter scripts stores + the defaultroute information in the temporary file /var/run/ipsec.info. + +- The compile-time option USE_XAUTH_VID enables the sending of the XAUTH + Vendor ID which is expected by Cisco PIX 7 boxes that act as IKE Mode Config + servers. + +- the ipsec starter now also recognizes the parameters authby=never and + type=passthrough|pass|drop|reject. + + +strongswan-2.6.1 +---------------- + +- ipsec starter now supports the also parameter which allows + a modular structure of the connection definitions. Thus + "ipsec start" is now ready to replace "ipsec setup". + + +strongswan-2.6.0 +---------------- + +- Mathieu Lafon's popular ipsec starter tool has been added to the + strongSwan distribution. Many thanks go to Stephan Scholz from astaro + for his integration work. ipsec starter is a C program which is going + to replace the various shell and awk starter scripts (setup, _plutoload, + _plutostart, _realsetup, _startklips, _confread, and auto). Since + ipsec.conf is now parsed only once, the starting of multiple tunnels is + accelerated tremedously. + +- Added support of %defaultroute to the ipsec starter. If the IP address + changes, a HUP signal to the ipsec starter will automatically + reload pluto's connections. + +- moved most compile time configurations from pluto/Makefile to + Makefile.inc by defining the options USE_LIBCURL, USE_LDAP, + USE_SMARTCARD, and USE_NAT_TRAVERSAL_TRANSPORT_MODE. + +- removed the ipsec verify and ipsec newhostkey commands + +- fixed some 64-bit issues in formatted print statements + +- The scepclient functionality implementing the Simple Certificate + Enrollment Protocol (SCEP) is nearly complete but hasn't been + documented yet. + + +strongswan-2.5.7 +---------------- + +- CA certicates are now automatically loaded from a smartcard + or USB crypto token and appear in the ipsec auto --listcacerts + listing. + + +strongswan-2.5.6 +---------------- + +- when using "ipsec whack --scencrypt " with a PKCS#11 + library that does not support the C_Encrypt() Cryptoki + function (e.g. OpenSC), the RSA encryption is done in + software using the public key fetched from the smartcard. + +- The scepclient function now allows to define the + validity of a self-signed certificate using the --days, + --startdate, and --enddate options. The default validity + has been changed from one year to five years. + + +strongswan-2.5.5 +---------------- + +- the config setup parameter pkcs11proxy=yes opens pluto's PKCS#11 + interface to other applications for RSA encryption and decryption + via the whack interface. Notation: + + ipsec whack --scencrypt + [--inbase 16|hex|64|base64|256|text|ascii] + [--outbase 16|hex|64|base64|256|text|ascii] + [--keyid ] + + ipsec whack --scdecrypt + [--inbase 16|hex|64|base64|256|text|ascii] + [--outbase 16|hex|64|base64|256|text|ascii] + [--keyid ] + + The default setting for inbase and outbase is hex. + + The new proxy interface can be used for securing symmetric + encryption keys required by the cryptoloop or dm-crypt + disk encryption schemes, especially in the case when + pkcs11keepstate=yes causes pluto to lock the pkcs11 slot + permanently. + +- if the file /etc/ipsec.secrets is lacking during the startup of + pluto then the root-readable file /etc/ipsec.d/private/myKey.der + containing a 2048 bit RSA private key and a matching self-signed + certificate stored in the file /etc/ipsec.d/certs/selfCert.der + is automatically generated by calling the function + + ipsec scepclient --out pkcs1 --out cert-self + + scepclient was written by Jan Hutter and Martin Willi, students + at the University of Applied Sciences in Rapperswil, Switzerland. + + +strongswan-2.5.4 +---------------- + +- the current extension of the PKCS#7 framework introduced + a parsing error in PKCS#7 wrapped X.509 certificates that are + e.g. transmitted by Windows XP when multi-level CAs are used. + the parsing syntax has been fixed. + +- added a patch by Gerald Richter which tolerates multiple occurrences + of the ipsec0 interface when using KLIPS. + + +strongswan-2.5.3 +---------------- + +- with gawk-3.1.4 the word "default2 has become a protected + keyword for use in switch statements and cannot be used any + more in the strongSwan scripts. This problem has been + solved by renaming "default" to "defaults" and "setdefault" + in the scripts _confread and auto, respectively. + +- introduced the parameter leftsendcert with the values + + always|yes (the default, always send a cert) + ifasked (send the cert only upon a cert request) + never|no (never send a cert, used for raw RSA keys and + self-signed certs) + +- fixed the initialization of the ESP key length to a default of + 128 bits in the case that the peer does not send a key length + attribute for AES encryption. + +- applied Herbert Xu's uniqueIDs patch + +- applied Herbert Xu's CLOEXEC patches + + +strongswan-2.5.2 +---------------- + +- CRLs can now be cached also in the case when the issuer's + certificate does not contain a subjectKeyIdentifier field. + In that case the subjectKeyIdentifier is computed by pluto as the + 160 bit SHA-1 hash of the issuer's public key in compliance + with section 4.2.1.2 of RFC 3280. + +- Fixed a bug introduced by strongswan-2.5.1 which eliminated + not only multiple Quick Modes of a given connection but also + multiple connections between two security gateways. + + +strongswan-2.5.1 +---------------- + +- Under the native IPsec of the Linux 2.6 kernel, a %trap eroute + installed either by setting auto=route in ipsec.conf or by + a connection put into hold, generates an XFRM_AQUIRE event + for each packet that wants to use the not-yet exisiting + tunnel. Up to now each XFRM_AQUIRE event led to an entry in + the Quick Mode queue, causing multiple IPsec SA to be + established in rapid succession. Starting with strongswan-2.5.1 + only a single IPsec SA is established per host-pair connection. + +- Right after loading the PKCS#11 module, all smartcard slots are + searched for certificates. The result can be viewed using + the command + + ipsec auto --listcards + + The certificate objects found in the slots are numbered + starting with #1, #2, etc. This position number can be used to address + certificates (leftcert=%smartcard) and keys (: PIN %smartcard) + in ipsec.conf and ipsec.secrets, respectively: + + %smartcard (selects object #1) + %smartcard#1 (selects object #1) + %smartcard#3 (selects object #3) + + As an alternative the existing retrieval scheme can be used: + + %smartcard:45 (selects object with id=45) + %smartcard0 (selects first object in slot 0) + %smartcard4:45 (selects object in slot 4 with id=45) + +- Depending on the settings of CKA_SIGN and CKA_DECRYPT + private key flags either C_Sign() or C_Decrypt() is used + to generate a signature. + +- The output buffer length parameter siglen in C_Sign() + is now initialized to the actual size of the output + buffer prior to the function call. This fixes the + CKR_BUFFER_TOO_SMALL error that could occur when using + the OpenSC PKCS#11 module. + +- Changed the initialization of the PKCS#11 CK_MECHANISM in + C_SignInit() to mech = { CKM_RSA_PKCS, NULL_PTR, 0 }. + +- Refactored the RSA public/private key code and transferred it + from keys.c to the new pkcs1.c file as a preparatory step + towards the release of the SCEP client. + + +strongswan-2.5.0 +---------------- + +- The loading of a PKCS#11 smartcard library module during + runtime does not require OpenSC library functions any more + because the corresponding code has been integrated into + smartcard.c. Also the RSAREF pkcs11 header files have been + included in a newly created pluto/rsaref directory so that + no external include path has to be defined any longer. + +- A long-awaited feature has been implemented at last: + The local caching of CRLs fetched via HTTP or LDAP, activated + by the parameter cachecrls=yes in the config setup section + of ipsec.conf. The dynamically fetched CRLs are stored under + a unique file name containing the issuer's subjectKeyID + in /etc/ipsec.d/crls. + +- Applied a one-line patch courtesy of Michael Richardson + from the Openswan project which fixes the kernel-oops + in KLIPS when an snmp daemon is running on the same box. + + +strongswan-2.4.4 +---------------- + +- Eliminated null length CRL distribution point strings. + +- Fixed a trust path evaluation bug introduced with 2.4.3 + + +strongswan-2.4.3 +---------------- + +- Improved the joint OCSP / CRL revocation policy. + OCSP responses have precedence over CRL entries. + +- Introduced support of CRLv2 reason codes. + +- Fixed a bug with key-pad equipped readers which caused + pluto to prompt for the pin via the console when the first + occasion to enter the pin via the key-pad was missed. + +- When pluto is built with LDAP_V3 enabled, the library + liblber required by newer versions of openldap is now + included. + + +strongswan-2.4.2 +---------------- + +- Added the _updown_espmark template which requires all + incoming ESP traffic to be marked with a default mark + value of 50. + +- Introduced the pkcs11keepstate parameter in the config setup + section of ipsec.conf. With pkcs11keepstate=yes the PKCS#11 + session and login states are kept as long as possible during + the lifetime of pluto. This means that a PIN entry via a key + pad has to be done only once. + +- Introduced the pkcs11module parameter in the config setup + section of ipsec.conf which specifies the PKCS#11 module + to be used with smart cards. Example: + + pkcs11module=/usr/lib/pkcs11/opensc-pkcs11.lo + +- Added support of smartcard readers equipped with a PIN pad. + +- Added patch by Jay Pfeifer which detects when netkey + modules have been statically built into the Linux 2.6 kernel. + +- Added two patches by Herbert Xu. The first uses ip xfrm + instead of setkey to flush the IPsec policy database. The + second sets the optional flag in inbound IPComp SAs only. + +- Applied Ulrich Weber's patch which fixes an interoperability + problem between native IPsec and KLIPS systems caused by + setting the replay window to 32 instead of 0 for ipcomp. + + +strongswan-2.4.1 +---------------- + +- Fixed a bug which caused an unwanted Mode Config request + to be initiated in the case where "right" was used to denote + the local side in ipsec.conf and "left" the remote side, + contrary to the recommendation that "right" be remote and + "left" be"local". + + +strongswan-2.4.0a +----------------- + +- updated Vendor ID to strongSwan-2.4.0 + +- updated copyright statement to include David Buechi and + Michael Meier + + +strongswan-2.4.0 +---------------- + +- strongSwan now communicates with attached smartcards and + USB crypto tokens via the standardized PKCS #11 interface. + By default the OpenSC library from www.opensc.org is used + but any other PKCS#11 library could be dynamically linked. + strongSwan's PKCS#11 API was implemented by David Buechi + and Michael Meier, both graduates of the Zurich University + of Applied Sciences in Winterthur, Switzerland. + +- When a %trap eroute is triggered by an outgoing IP packet + then the native IPsec stack of the Linux 2.6 kernel [often/ + always?] returns an XFRM_ACQUIRE message with an undefined + protocol family field and the connection setup fails. + As a workaround IPv4 (AF_INET) is now assumed. + +- the results of the UML test scenarios are now enhanced + with block diagrams of the virtual network topology used + in a particular test. + + +strongswan-2.3.2 +---------------- + +- fixed IV used to decrypt informational messages. + This bug was introduced with Mode Config functionality. + +- fixed NCP Vendor ID. + +- undid one of Ulrich Weber's maximum udp size patches + because it caused a segmentation fault with NAT-ed + Delete SA messages. + +- added UML scenarios wildcards and attr-cert which + demonstrate the implementation of IPsec policies based + on wildcard parameters contained in Distinguished Names and + on X.509 attribute certificates, respectively. + + +strongswan-2.3.1 +---------------- + +- Added basic Mode Config functionality + +- Added Mathieu Lafon's patch which upgrades the status of + the NAT-Traversal implementation to RFC 3947. + +- The _startklips script now also loads the xfrm4_tunnel + module. + +- Added Ulrich Weber's netlink replay window size and + maximum udp size patches. + +- UML testing now uses the Linux 2.6.10 UML kernel by default. + + +strongswan-2.3.0 +---------------- + +- Eric Marchionni and Patrik Rayo, both recent graduates from + the Zuercher Hochschule Winterthur in Switzerland, created a + User-Mode-Linux test setup for strongSwan. For more details + please read the INSTALL and README documents in the testing + subdirectory. + +- Full support of group attributes based on X.509 attribute + certificates. Attribute certificates can be generated + using the openac facility. For more details see + + man ipsec_openac. + + The group attributes can be used in connection definitions + in order to give IPsec access to specific user groups. + This is done with the new parameter left|rightgroups as in + + rightgroups="Research, Sales" + + giving access to users possessing the group attributes + Research or Sales, only. + +- In Quick Mode clients with subnet mask /32 are now + coded as IP_V4_ADDRESS or IP_V6_ADDRESS. This should + fix rekeying problems with the SafeNet/SoftRemote and NCP + Secure Entry Clients. + +- Changed the defaults of the ikelifetime and keylife parameters + to 3h and 1h, respectively. The maximum allowable values are + now both set to 24 h. + +- Suppressed notification wars between two IPsec peers that + could e.g. be triggered by incorrect ISAKMP encryption. + +- Public RSA keys can now have identical IDs if either the + issuing CA or the serial number is different. The serial + number of a certificate is now shown by the command + + ipsec auto --listpubkeys + + +strongswan-2.2.2 +---------------- + +- Added Tuomo Soini's sourceip feature which allows a strongSwan + roadwarrior to use a fixed Virtual IP (see README section 2.6) + and reduces the well-known four tunnel case on VPN gateways to + a single tunnel definition (see README section 2.4). + +- Fixed a bug occuring with NAT-Traversal enabled when the responder + suddenly turns initiator and the initiator cannot find a matching + connection because of the floated IKE port 4500. + +- Removed misleading ipsec verify command from barf. + +- Running under the native IP stack, ipsec --version now shows + the Linux kernel version (courtesy to the Openswan project). + + +strongswan-2.2.1 +---------------- + +- Introduced the ipsec auto --listalgs monitoring command which lists + all currently registered IKE and ESP algorithms. + +- Fixed a bug in the ESP algorithm selection occuring when the strict flag + is set and the first proposed transform does not match. + +- Fixed another deadlock in the use of the lock_certs_and_keys() mutex, + occuring when a smartcard is present. + +- Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event. + +- Fixed the printing of the notification names (null) + +- Applied another of Herbert Xu's Netlink patches. + + +strongswan-2.2.0 +---------------- + +- Support of Dead Peer Detection. The connection parameter + + dpdaction=clear|hold + + activates DPD for the given connection. + +- The default Opportunistic Encryption (OE) policy groups are not + automatically included anymore. Those wishing to activate OE can include + the policy group with the following statement in ipsec.conf: + + include /etc/ipsec.d/examples/oe.conf + + The default for [right|left]rsasigkey is now set to %cert. + +- strongSwan now has a Vendor ID of its own which can be activated + using the compile option VENDORID + +- Applied Herbert Xu's patch which sets the compression algorithm correctly. + +- Applied Herbert Xu's patch fixing an ESPINUDP problem + +- Applied Herbert Xu's patch setting source/destination port numbers. + +- Reapplied one of Herbert Xu's NAT-Traversal patches which got + lost during the migration from SuperFreeS/WAN. + +- Fixed a deadlock in the use of the lock_certs_and_keys() mutex. + +- Fixed the unsharing of alg parameters when instantiating group + connection. + + +strongswan-2.1.5 +---------------- + +- Thomas Walpuski made me aware of a potential DoS attack via + a PKCS#7-wrapped certificate bundle which could overwrite valid CA + certificates in Pluto's authority certificate store. This vulnerability + was fixed by establishing trust in CA candidate certificates up to a + trusted root CA prior to insertion into Pluto's chained list. + +- replaced the --assign option by the -v option in the auto awk script + in order to make it run with mawk under debian/woody. + + +strongswan-2.1.4 +---------------- + +- Split of the status information between ipsec auto --status (concise) + and ipsec auto --statusall (verbose). Both commands can be used with + an optional connection selector: + + ipsec auto --status[all] + +- Added the description of X.509 related features to the ipsec_auto(8) + man page. + +- Hardened the ASN.1 parser in debug mode, especially the printing + of malformed distinguished names. + +- The size of an RSA public key received in a certificate is now restricted to + + 512 bits <= modulus length <= 8192 bits. + +- Fixed the debug mode enumeration. + + +strongswan-2.1.3 +---------------- + +- Fixed another PKCS#7 vulnerability which could lead to an + endless loop while following the X.509 trust chain. + + +strongswan-2.1.2 +---------------- + +- Fixed the PKCS#7 vulnerability discovered by Thomas Walpuski + that accepted end certificates having identical issuer and subject + distinguished names in a multi-tier X.509 trust chain. + + +strongswan-2.1.1 +---------------- + +- Removed all remaining references to ipsec_netlink.h in KLIPS. + + +strongswan-2.1.0 +---------------- + +- The new "ca" section allows to define the following parameters: + + ca kool + cacert=koolCA.pem # cacert of kool CA + ocspuri=http://ocsp.kool.net:8001 # ocsp server + ldapserver=ldap.kool.net # default ldap server + crluri=http://www.kool.net/kool.crl # crl distribution point + crluri2="ldap:///O=Kool, C= .." # crl distribution point #2 + auto=add # add, ignore + + The ca definitions can be monitored via the command + + ipsec auto --listcainfos + +- Fixed cosmetic corruption of /proc filesystem by integrating + D. Hugh Redelmeier's freeswan-2.06 kernel fixes. + + +strongswan-2.0.2 +---------------- + +- Added support for the 818043 NAT-Traversal update of Microsoft's + Windows 2000/XP IPsec client which sends an ID_FQDN during Quick Mode. + +- A symbolic link to libcrypto is now added in the kernel sources + during kernel compilation + +- Fixed a couple of 64 bit issues (mostly casts to int). + Thanks to Ken Bantoft who checked my sources on a 64 bit platform. + +- Replaced s[n]printf() statements in the kernel by ipsec_snprintf(). + Credits go to D. Hugh Redelmeier, Michael Richardson, and Sam Sgro + of the FreeS/WAN team who solved this problem with the 2.4.25 kernel. + + +strongswan-2.0.1 +---------------- + +- an empty ASN.1 SEQUENCE OF or SET OF object (e.g. a subjectAltName + certificate extension which contains no generalName item) can cause + a pluto crash. This bug has been fixed. Additionally the ASN.1 parser has + been hardened to make it more robust against malformed ASN.1 objects. + +- applied Herbert Xu's NAT-T patches which fixes NAT-T under the native + Linux 2.6 IPsec stack. + + +strongswan-2.0.0 +---------------- + +- based on freeswan-2.04, x509-1.5.3, nat-0.6c, alg-0.8.1rc12 diff --git a/README b/README index 371a6068c..a37e637da 100644 --- a/README +++ b/README @@ -3147,5 +3147,5 @@ by the pluto/xauth.h header file. for more details. ----------------------------------------------------------------------------- -This file is RCSID $Id: README,v 1.39 2007/01/30 14:43:12 as Exp $ +This file is RCSID $Id: README,v 1.38 2007/01/14 18:16:51 as Exp $ diff --git a/TODO b/TODO new file mode 100644 index 000000000..91363e38b --- /dev/null +++ b/TODO @@ -0,0 +1,69 @@ + ------------------------- + strongSwan - Roadmap + ------------------------- + +These notes mostly belong to charon, the new IKEv2 daemon. The plan is to +migrate IKEv1 into charon. It's hard to say how much effort is needed to +do that, and how much code we can reuse from pluto. But a port IS necessary to +gain hassle-free confiugration, version negotiation and maintainability. + +Roadmap 2007 +============ + + Mar ! - Cookie support, IP filter, other fixes to mature against DoS + ! - release IKEv2 p2p NATT draft 00 + ! + Apr ! - PRF in CHILD_SA rekeying + ! - configuration managament refactoring + ! - credentials backend redesign + ! - interface in charon for the XML based SMP management interface + ! - reimplement IKEv2 p2p NATT support + ! + May ! - SMP configuration client + ! + Jun ! - start with IKEv1 migration strategy + ! + Jul ! + ! + Aug ! + ! + Sep ! + ! + Oct ! + ! + Nov ! + ! + Dec ! + ! + + +TODO-List +========= + +A set of TODOs. This is only a list of things I write down to not forget them. +Watch out for TODOs in the code. + +Build system +------------ +- configure flag which allows to ommit vendor id in pluto +- reduce printf handlers count to 10, as uClibc does not support more + +Certificate support +------------------- +- New trustchain mechanism? +- proper handling of multiple certificate payloads (import order) +- synchronized CRL fetcher +- Smartcard interface +- Attribute certificates + +Stroke interface +---------------- +- add a Rekey-Counter for SAs in "statusall" +- ipsec statusall bytecount +- proper handling of CTRL+C console detach (SIG_PIPE) + +Misc +---- +- PFS support for creating/rekeying CHILD_SAs +- Address pool/backend for virtual IP assignement +- fix iterator->insert_before/after diff --git a/aclocal.m4 b/aclocal.m4 new file mode 100644 index 000000000..8fcf50ac3 --- /dev/null +++ b/aclocal.m4 @@ -0,0 +1,7324 @@ +# generated automatically by aclocal 1.9.6 -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005 Free Software Foundation, Inc. +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- + +# serial 48 AC_PROG_LIBTOOL + + +# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED) +# ----------------------------------------------------------- +# If this macro is not defined by Autoconf, define it here. +m4_ifdef([AC_PROVIDE_IFELSE], + [], + [m4_define([AC_PROVIDE_IFELSE], + [m4_ifdef([AC_PROVIDE_$1], + [$2], [$3])])]) + + +# AC_PROG_LIBTOOL +# --------------- +AC_DEFUN([AC_PROG_LIBTOOL], +[AC_REQUIRE([_AC_PROG_LIBTOOL])dnl +dnl If AC_PROG_CXX has already been expanded, run AC_LIBTOOL_CXX +dnl immediately, otherwise, hook it in at the end of AC_PROG_CXX. + AC_PROVIDE_IFELSE([AC_PROG_CXX], + [AC_LIBTOOL_CXX], + [define([AC_PROG_CXX], defn([AC_PROG_CXX])[AC_LIBTOOL_CXX + ])]) +dnl And a similar setup for Fortran 77 support + AC_PROVIDE_IFELSE([AC_PROG_F77], + [AC_LIBTOOL_F77], + [define([AC_PROG_F77], defn([AC_PROG_F77])[AC_LIBTOOL_F77 +])]) + +dnl Quote A][M_PROG_GCJ so that aclocal doesn't bring it in needlessly. +dnl If either AC_PROG_GCJ or A][M_PROG_GCJ have already been expanded, run +dnl AC_LIBTOOL_GCJ immediately, otherwise, hook it in at the end of both. + AC_PROVIDE_IFELSE([AC_PROG_GCJ], + [AC_LIBTOOL_GCJ], + [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], + [AC_LIBTOOL_GCJ], + [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ], + [AC_LIBTOOL_GCJ], + [ifdef([AC_PROG_GCJ], + [define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[AC_LIBTOOL_GCJ])]) + ifdef([A][M_PROG_GCJ], + [define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[AC_LIBTOOL_GCJ])]) + ifdef([LT_AC_PROG_GCJ], + [define([LT_AC_PROG_GCJ], + defn([LT_AC_PROG_GCJ])[AC_LIBTOOL_GCJ])])])]) +])])# AC_PROG_LIBTOOL + + +# _AC_PROG_LIBTOOL +# ---------------- +AC_DEFUN([_AC_PROG_LIBTOOL], +[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl +AC_BEFORE([$0],[AC_LIBTOOL_CXX])dnl +AC_BEFORE([$0],[AC_LIBTOOL_F77])dnl +AC_BEFORE([$0],[AC_LIBTOOL_GCJ])dnl + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' +AC_SUBST(LIBTOOL)dnl + +# Prevent multiple expansion +define([AC_PROG_LIBTOOL], []) +])# _AC_PROG_LIBTOOL + + +# AC_LIBTOOL_SETUP +# ---------------- +AC_DEFUN([AC_LIBTOOL_SETUP], +[AC_PREREQ(2.50)dnl +AC_REQUIRE([AC_ENABLE_SHARED])dnl +AC_REQUIRE([AC_ENABLE_STATIC])dnl +AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_LD])dnl +AC_REQUIRE([AC_PROG_LD_RELOAD_FLAG])dnl +AC_REQUIRE([AC_PROG_NM])dnl + +AC_REQUIRE([AC_PROG_LN_S])dnl +AC_REQUIRE([AC_DEPLIBS_CHECK_METHOD])dnl +# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers! +AC_REQUIRE([AC_OBJEXT])dnl +AC_REQUIRE([AC_EXEEXT])dnl +dnl + +AC_LIBTOOL_SYS_MAX_CMD_LEN +AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE +AC_LIBTOOL_OBJDIR + +AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl +_LT_AC_PROG_ECHO_BACKSLASH + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed='sed -e 1s/^X//' +[sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'] + +# Same as above, but do not quote variable references. +[double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'] + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +# Constants: +rm="rm -f" + +# Global variables: +default_ofile=libtool +can_build_shared=yes + +# All known linkers require a `.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a +ltmain="$ac_aux_dir/ltmain.sh" +ofile="$default_ofile" +with_gnu_ld="$lt_cv_prog_gnu_ld" + +AC_CHECK_TOOL(AR, ar, false) +AC_CHECK_TOOL(RANLIB, ranlib, :) +AC_CHECK_TOOL(STRIP, strip, :) + +old_CC="$CC" +old_CFLAGS="$CFLAGS" + +# Set sane defaults for various variables +test -z "$AR" && AR=ar +test -z "$AR_FLAGS" && AR_FLAGS=cru +test -z "$AS" && AS=as +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$DLLTOOL" && DLLTOOL=dlltool +test -z "$LD" && LD=ld +test -z "$LN_S" && LN_S="ln -s" +test -z "$MAGIC_CMD" && MAGIC_CMD=file +test -z "$NM" && NM=nm +test -z "$SED" && SED=sed +test -z "$OBJDUMP" && OBJDUMP=objdump +test -z "$RANLIB" && RANLIB=: +test -z "$STRIP" && STRIP=: +test -z "$ac_objext" && ac_objext=o + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" +fi + +_LT_CC_BASENAME([$compiler]) + +# Only perform the check for file, if the check method requires it +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + AC_PATH_MAGIC + fi + ;; +esac + +AC_PROVIDE_IFELSE([AC_LIBTOOL_DLOPEN], enable_dlopen=yes, enable_dlopen=no) +AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL], +enable_win32_dll=yes, enable_win32_dll=no) + +AC_ARG_ENABLE([libtool-lock], + [AC_HELP_STRING([--disable-libtool-lock], + [avoid locking (might break parallel builds)])]) +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +AC_ARG_WITH([pic], + [AC_HELP_STRING([--with-pic], + [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], + [pic_mode="$withval"], + [pic_mode=default]) +test -z "$pic_mode" && pic_mode=default + +# Check if we have a version mismatch between libtool.m4 and ltmain.sh. +# +# Note: This should be in AC_LIBTOOL_SETUP, _after_ $ltmain have been defined. +# We also should do it _before_ AC_LIBTOOL_LANG_C_CONFIG that actually +# calls AC_LIBTOOL_CONFIG and creates libtool. +# +_LT_VERSION_CHECK + +# Use C for the default configuration in the libtool script +tagname= +AC_LIBTOOL_LANG_C_CONFIG +_LT_AC_TAGCONFIG +])# AC_LIBTOOL_SETUP + + +# _LT_VERSION_CHECK +# ----------------- +AC_DEFUN([_LT_VERSION_CHECK], +[AC_MSG_CHECKING([for correct ltmain.sh version]) +if test "x$ltmain" = "x" ; then + AC_MSG_RESULT(no) + AC_MSG_ERROR([ + +*** @<:@Gentoo@:>@ sanity check failed! *** +*** \$ltmain is not defined, please check the patch for consistency! *** +]) +fi +gentoo_lt_version="1.5.22" +gentoo_ltmain_version=`sed -n '/^[[ ]]*VERSION=/{s/^[[ ]]*VERSION=//;p;q;}' "$ltmain"` +if test "x$gentoo_lt_version" != "x$gentoo_ltmain_version" ; then + AC_MSG_RESULT(no) + AC_MSG_ERROR([ + +*** @<:@Gentoo@:>@ sanity check failed! *** +*** libtool.m4 and ltmain.sh have a version mismatch! *** +*** (libtool.m4 = $gentoo_lt_version, ltmain.sh = $gentoo_ltmain_version) *** + +Please run: + + libtoolize --copy --force + +if appropriate, please contact the maintainer of this +package (or your distribution) for help. +]) +else + AC_MSG_RESULT(yes) +fi +])# _LT_VERSION_CHECK + + +# _LT_AC_SYS_COMPILER +# ------------------- +AC_DEFUN([_LT_AC_SYS_COMPILER], +[AC_REQUIRE([AC_PROG_CC])dnl + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC +])# _LT_AC_SYS_COMPILER + + +# _LT_CC_BASENAME(CC) +# ------------------- +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +AC_DEFUN([_LT_CC_BASENAME], +[for cc_temp in $1""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` +]) + + +# _LT_COMPILER_BOILERPLATE +# ------------------------ +# Check for compiler boilerplate output or warnings with +# the simple compiler test code. +AC_DEFUN([_LT_COMPILER_BOILERPLATE], +[ac_outfile=conftest.$ac_objext +printf "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$rm conftest* +])# _LT_COMPILER_BOILERPLATE + + +# _LT_LINKER_BOILERPLATE +# ---------------------- +# Check for linker boilerplate output or warnings with +# the simple link test code. +AC_DEFUN([_LT_LINKER_BOILERPLATE], +[ac_outfile=conftest.$ac_objext +printf "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$rm conftest* +])# _LT_LINKER_BOILERPLATE + + +# _LT_AC_SYS_LIBPATH_AIX +# ---------------------- +# Links a minimal program and checks the executable +# for the system default hardcoded library path. In most cases, +# this is /usr/lib:/lib, but when the MPI compilers are used +# the location of the communication and MPI libs are included too. +# If we don't find anything, use the default library path according +# to the aix ld manual. +AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX], +[AC_LINK_IFELSE(AC_LANG_PROGRAM,[ +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'`; fi],[]) +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi +])# _LT_AC_SYS_LIBPATH_AIX + + +# _LT_AC_SHELL_INIT(ARG) +# ---------------------- +AC_DEFUN([_LT_AC_SHELL_INIT], +[ifdef([AC_DIVERSION_NOTICE], + [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)], + [AC_DIVERT_PUSH(NOTICE)]) +$1 +AC_DIVERT_POP +])# _LT_AC_SHELL_INIT + + +# _LT_AC_PROG_ECHO_BACKSLASH +# -------------------------- +# Add some code to the start of the generated configure script which +# will find an echo command which doesn't interpret backslashes. +AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH], +[_LT_AC_SHELL_INIT([ +# Check that we are running under the correct shell. +SHELL=${CONFIG_SHELL-/bin/sh} + +case X$ECHO in +X*--fallback-echo) + # Remove one level of quotation (which was required for Make). + ECHO=`echo "$ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','` + ;; +esac + +echo=${ECHO-echo} +if test "X[$]1" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. + shift +elif test "X[$]1" = X--fallback-echo; then + # Avoid inline document here, it may be left over + : +elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then + # Yippee, $echo works! + : +else + # Restart under the correct shell. + exec $SHELL "[$]0" --no-reexec ${1+"[$]@"} +fi + +if test "X[$]1" = X--fallback-echo; then + # used as fallback echo + shift + cat </dev/null 2>&1 && unset CDPATH + +if test -z "$ECHO"; then +if test "X${echo_test_string+set}" != Xset; then +# find a string as large as possible, as long as the shell can cope with it + for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do + # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... + if (echo_test_string=`eval $cmd`) 2>/dev/null && + echo_test_string=`eval $cmd` && + (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null + then + break + fi + done +fi + +if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + : +else + # The Solaris, AIX, and Digital Unix default echo programs unquote + # backslashes. This makes it impossible to quote backslashes using + # echo "$something" | sed 's/\\/\\\\/g' + # + # So, first we look for a working echo in the user's PATH. + + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for dir in $PATH /usr/ucb; do + IFS="$lt_save_ifs" + if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && + test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + echo="$dir/echo" + break + fi + done + IFS="$lt_save_ifs" + + if test "X$echo" = Xecho; then + # We didn't find a better echo, so look for alternatives. + if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # This shell has a builtin print -r that does the trick. + echo='print -r' + elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) && + test "X$CONFIG_SHELL" != X/bin/ksh; then + # If we have ksh, try running configure again with it. + ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} + export ORIGINAL_CONFIG_SHELL + CONFIG_SHELL=/bin/ksh + export CONFIG_SHELL + exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"} + else + # Try using printf. + echo='printf %s\n' + if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # Cool, printf works + : + elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL + export CONFIG_SHELL + SHELL="$CONFIG_SHELL" + export SHELL + echo="$CONFIG_SHELL [$]0 --fallback-echo" + elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + echo="$CONFIG_SHELL [$]0 --fallback-echo" + else + # maybe with a smaller string... + prev=: + + for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do + if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null + then + break + fi + prev="$cmd" + done + + if test "$prev" != 'sed 50q "[$]0"'; then + echo_test_string=`eval $prev` + export echo_test_string + exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"} + else + # Oops. We lost completely, so just stick with echo. + echo=echo + fi + fi + fi + fi +fi +fi + +# Copy echo and quote the copy suitably for passing to libtool from +# the Makefile, instead of quoting the original, which is used later. +ECHO=$echo +if test "X$ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then + ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo" +fi + +AC_SUBST(ECHO) +])])# _LT_AC_PROG_ECHO_BACKSLASH + + +# _LT_AC_LOCK +# ----------- +AC_DEFUN([_LT_AC_LOCK], +[AC_ARG_ENABLE([libtool-lock], + [AC_HELP_STRING([--disable-libtool-lock], + [avoid locking (might break parallel builds)])]) +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '[#]line __oline__ "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, + [AC_LANG_PUSH(C) + AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) + AC_LANG_POP]) + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +sparc*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) LD="${LD-ld} -m elf64_sparc" ;; + *) LD="${LD-ld} -64" ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +AC_PROVIDE_IFELSE([AC_LIBTOOL_WIN32_DLL], +[*-*-cygwin* | *-*-mingw* | *-*-pw32*) + AC_CHECK_TOOL(DLLTOOL, dlltool, false) + AC_CHECK_TOOL(AS, as, false) + AC_CHECK_TOOL(OBJDUMP, objdump, false) + ;; + ]) +esac + +need_locks="$enable_libtool_lock" + +])# _LT_AC_LOCK + + +# AC_LIBTOOL_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------------------- +# Check whether the given compiler option works +AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], +[AC_REQUIRE([LT_AC_PROG_SED]) +AC_CACHE_CHECK([$1], [$2], + [$2=no + ifelse([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$3" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + fi + $rm conftest* +]) + +if test x"[$]$2" = xyes; then + ifelse([$5], , :, [$5]) +else + ifelse([$6], , :, [$6]) +fi +])# AC_LIBTOOL_COMPILER_OPTION + + +# AC_LIBTOOL_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [ACTION-SUCCESS], [ACTION-FAILURE]) +# ------------------------------------------------------------ +# Check whether the given compiler option works +AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], +[AC_CACHE_CHECK([$1], [$2], + [$2=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $3" + printf "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&AS_MESSAGE_LOG_FD + $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + else + $2=yes + fi + fi + $rm conftest* + LDFLAGS="$save_LDFLAGS" +]) + +if test x"[$]$2" = xyes; then + ifelse([$4], , :, [$4]) +else + ifelse([$5], , :, [$5]) +fi +])# AC_LIBTOOL_LINKER_OPTION + + +# AC_LIBTOOL_SYS_MAX_CMD_LEN +# -------------------------- +AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], +[# find the maximum length of command line arguments +AC_MSG_CHECKING([the maximum length of command line arguments]) +AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl + i=0 + teststring="ABCD" + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + while (test "X"`$SHELL [$]0 --fallback-echo "X$teststring" 2>/dev/null` \ + = "XX$teststring") >/dev/null 2>&1 && + new_result=`expr "X$teststring" : ".*" 2>&1` && + lt_cv_sys_max_cmd_len=$new_result && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + teststring= + # Add a significant safety factor because C++ compilers can tack on massive + # amounts of additional arguments before passing them to the linker. + # It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + ;; + esac +]) +if test -n $lt_cv_sys_max_cmd_len ; then + AC_MSG_RESULT($lt_cv_sys_max_cmd_len) +else + AC_MSG_RESULT(none) +fi +])# AC_LIBTOOL_SYS_MAX_CMD_LEN + + +# _LT_AC_CHECK_DLFCN +# ------------------ +AC_DEFUN([_LT_AC_CHECK_DLFCN], +[AC_CHECK_HEADERS(dlfcn.h)dnl +])# _LT_AC_CHECK_DLFCN + + +# _LT_AC_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, +# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) +# --------------------------------------------------------------------- +AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF], +[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl +if test "$cross_compiling" = yes; then : + [$4] +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext < +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +#ifdef __cplusplus +extern "C" void exit (int); +#endif + +void fnord() { int i=42;} +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + /* dlclose (self); */ + } + else + puts (dlerror ()); + + exit (status); +}] +EOF + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) $1 ;; + x$lt_dlneed_uscore) $2 ;; + x$lt_dlunknown|x*) $3 ;; + esac + else : + # compilation failed + $3 + fi +fi +rm -fr conftest* +])# _LT_AC_TRY_DLOPEN_SELF + + +# AC_LIBTOOL_DLOPEN_SELF +# ---------------------- +AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], +[AC_REQUIRE([_LT_AC_CHECK_DLFCN])dnl +if test "x$enable_dlopen" != xyes; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen="load_add_on" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32*) + lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen="dlopen" + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ + lt_cv_dlopen="dyld" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ]) + ;; + + *) + AC_CHECK_FUNC([shl_load], + [lt_cv_dlopen="shl_load"], + [AC_CHECK_LIB([dld], [shl_load], + [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld"], + [AC_CHECK_FUNC([dlopen], + [lt_cv_dlopen="dlopen"], + [AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], + [AC_CHECK_LIB([svld], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], + [AC_CHECK_LIB([dld], [dld_link], + [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld"]) + ]) + ]) + ]) + ]) + ]) + ;; + esac + + if test "x$lt_cv_dlopen" != xno; then + enable_dlopen=yes + else + enable_dlopen=no + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS="$CPPFLAGS" + test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS="$LDFLAGS" + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS="$LIBS" + LIBS="$lt_cv_dlopen_libs $LIBS" + + AC_CACHE_CHECK([whether a program can dlopen itself], + lt_cv_dlopen_self, [dnl + _LT_AC_TRY_DLOPEN_SELF( + lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, + lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) + ]) + + if test "x$lt_cv_dlopen_self" = xyes; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + AC_CACHE_CHECK([whether a statically linked program can dlopen itself], + lt_cv_dlopen_self_static, [dnl + _LT_AC_TRY_DLOPEN_SELF( + lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, + lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) + ]) + fi + + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi +])# AC_LIBTOOL_DLOPEN_SELF + + +# AC_LIBTOOL_PROG_CC_C_O([TAGNAME]) +# --------------------------------- +# Check to see if options -c and -o are simultaneously supported by compiler +AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O], +[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl +AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], + [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)], + [_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no + $rm -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + _LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + fi + fi + chmod u+w . 2>&AS_MESSAGE_LOG_FD + $rm conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files + $rm out/* && rmdir out + cd .. + rmdir conftest + $rm conftest* +]) +])# AC_LIBTOOL_PROG_CC_C_O + + +# AC_LIBTOOL_SYS_HARD_LINK_LOCKS([TAGNAME]) +# ----------------------------------------- +# Check to see if we can do hard links to lock some files if needed +AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], +[AC_REQUIRE([_LT_AC_LOCK])dnl + +hard_links="nottested" +if test "$_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + AC_MSG_CHECKING([if we can lock with hard links]) + hard_links=yes + $rm conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + AC_MSG_RESULT([$hard_links]) + if test "$hard_links" = no; then + AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) + need_locks=warn + fi +else + need_locks=no +fi +])# AC_LIBTOOL_SYS_HARD_LINK_LOCKS + + +# AC_LIBTOOL_OBJDIR +# ----------------- +AC_DEFUN([AC_LIBTOOL_OBJDIR], +[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], +[rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null]) +objdir=$lt_cv_objdir +])# AC_LIBTOOL_OBJDIR + + +# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH([TAGNAME]) +# ---------------------------------------------- +# Check hardcoding attributes. +AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], +[AC_MSG_CHECKING([how to hardcode library paths into programs]) +_LT_AC_TAGVAR(hardcode_action, $1)= +if test -n "$_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)" || \ + test -n "$_LT_AC_TAGVAR(runpath_var, $1)" || \ + test "X$_LT_AC_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then + + # We can hardcode non-existant directories. + if test "$_LT_AC_TAGVAR(hardcode_direct, $1)" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)" != no && + test "$_LT_AC_TAGVAR(hardcode_minus_L, $1)" != no; then + # Linking always hardcodes the temporary library directory. + _LT_AC_TAGVAR(hardcode_action, $1)=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + _LT_AC_TAGVAR(hardcode_action, $1)=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + _LT_AC_TAGVAR(hardcode_action, $1)=unsupported +fi +AC_MSG_RESULT([$_LT_AC_TAGVAR(hardcode_action, $1)]) + +if test "$_LT_AC_TAGVAR(hardcode_action, $1)" = relink; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi +])# AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH + + +# AC_LIBTOOL_SYS_LIB_STRIP +# ------------------------ +AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP], +[striplib= +old_striplib= +AC_MSG_CHECKING([whether stripping libraries is possible]) +if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT([yes]) +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) +fi + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac +fi +])# AC_LIBTOOL_SYS_LIB_STRIP + + +# AC_LIBTOOL_SYS_DYNAMIC_LINKER +# ----------------------------- +# PORTME Fill in your ld.so characteristics +AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER], +[AC_MSG_CHECKING([dynamic linker characteristics]) +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix4* | aix5*) + version_type=linux + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[[01]] | aix4.[[01]].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[[45]]*) + version_type=linux + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$host_os in + yes,cygwin* | yes,mingw* | yes,pw32*) + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $rm \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" + ;; + mingw*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | [grep ';[c-zC-Z]:/' >/dev/null]; then + # It is most probably a Windows format PATH printed by + # mingw gcc, but we are running on Cygwin. Gcc prints its search + # path with ; separators, and with drive letters. We can handle the + # drive letters (cygwin fileutils understands them), so leave them, + # especially as we might pass files found there to a mingw objdump, + # which wouldn't understand a cygwinified path. Ahh. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + ;; + esac + ;; + + linux*) + if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ [01].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + if test $supports_anon_versioning = yes; then + archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~ +cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ +$echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + else + $archive_expsym_cmds="$archive_cmds" + fi + else + ld_shlibs=no + fi + ;; + + *) + library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' + ;; + esac + dynamic_linker='Win32 ld.exe' + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. + if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` + else + sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' + fi + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd1*) + dynamic_linker=no + ;; + +kfreebsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[[123]]*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + # Handle Gentoo/FreeBSD as it was Linux + case $host_vendor in + gentoo) + version_type=linux ;; + *) + version_type=freebsd-$objformat ;; + esac + + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + linux) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + need_lib_prefix=no + need_version=no + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[[01]]* | freebsdelf3.[[01]]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ + freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + freebsd*) # from 4.6 on + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555. + postinstall_cmds='chmod 555 $lib' + ;; + +interix3*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be Linux ELF. +linux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +knetbsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +nto-qnx*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[[89]] | openbsd2.[[89]].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +solaris*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + export_dynamic_flag_spec='${wl}-Blargedynsym' + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + shlibpath_overrides_runpath=no + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + shlibpath_overrides_runpath=yes + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +uts4*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +AC_MSG_RESULT([$dynamic_linker]) +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi +])# AC_LIBTOOL_SYS_DYNAMIC_LINKER + + +# _LT_AC_TAGCONFIG +# ---------------- +AC_DEFUN([_LT_AC_TAGCONFIG], +[AC_ARG_WITH([tags], + [AC_HELP_STRING([--with-tags@<:@=TAGS@:>@], + [include additional configurations @<:@automatic@:>@])], + [tagnames="$withval"]) + +if test -f "$ltmain" && test -n "$tagnames"; then + if test ! -f "${ofile}"; then + AC_MSG_WARN([output file `$ofile' does not exist]) + fi + + if test -z "$LTCC"; then + eval "`$SHELL ${ofile} --config | grep '^LTCC='`" + if test -z "$LTCC"; then + AC_MSG_WARN([output file `$ofile' does not look like a libtool script]) + else + AC_MSG_WARN([using `LTCC=$LTCC', extracted from `$ofile']) + fi + fi + if test -z "$LTCFLAGS"; then + eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`" + fi + + # Extract list of available tagged configurations in $ofile. + # Note that this assumes the entire list is on one line. + available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'` + + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for tagname in $tagnames; do + IFS="$lt_save_ifs" + # Check whether tagname contains only valid characters + case `$echo "X$tagname" | $Xsed -e 's:[[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]]::g'` in + "") ;; + *) AC_MSG_ERROR([invalid tag name: $tagname]) + ;; + esac + + if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null + then + AC_MSG_ERROR([tag name \"$tagname\" already exists]) + fi + + # Update the list of available tags. + if test -n "$tagname"; then + echo appending configuration tag \"$tagname\" to $ofile + + case $tagname in + CXX) + if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + AC_LIBTOOL_LANG_CXX_CONFIG + else + tagname="" + fi + ;; + + F77) + if test -n "$F77" && test "X$F77" != "Xno"; then + AC_LIBTOOL_LANG_F77_CONFIG + else + tagname="" + fi + ;; + + GCJ) + if test -n "$GCJ" && test "X$GCJ" != "Xno"; then + AC_LIBTOOL_LANG_GCJ_CONFIG + else + tagname="" + fi + ;; + + RC) + AC_LIBTOOL_LANG_RC_CONFIG + ;; + + *) + AC_MSG_ERROR([Unsupported tag name: $tagname]) + ;; + esac + + # Append the new tag name to the list of available tags. + if test -n "$tagname" ; then + available_tags="$available_tags $tagname" + fi + fi + done + IFS="$lt_save_ifs" + + # Now substitute the updated list of available tags. + if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then + mv "${ofile}T" "$ofile" + chmod +x "$ofile" + else + rm -f "${ofile}T" + AC_MSG_ERROR([unable to update list of available tagged configurations.]) + fi +fi +])# _LT_AC_TAGCONFIG + + +# AC_LIBTOOL_DLOPEN +# ----------------- +# enable checks for dlopen support +AC_DEFUN([AC_LIBTOOL_DLOPEN], + [AC_BEFORE([$0],[AC_LIBTOOL_SETUP]) +])# AC_LIBTOOL_DLOPEN + + +# AC_LIBTOOL_WIN32_DLL +# -------------------- +# declare package support for building win32 DLLs +AC_DEFUN([AC_LIBTOOL_WIN32_DLL], +[AC_BEFORE([$0], [AC_LIBTOOL_SETUP]) +])# AC_LIBTOOL_WIN32_DLL + + +# AC_ENABLE_SHARED([DEFAULT]) +# --------------------------- +# implement the --enable-shared flag +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +AC_DEFUN([AC_ENABLE_SHARED], +[define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl +AC_ARG_ENABLE([shared], + [AC_HELP_STRING([--enable-shared@<:@=PKGS@:>@], + [build shared libraries @<:@default=]AC_ENABLE_SHARED_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_shared=]AC_ENABLE_SHARED_DEFAULT) +])# AC_ENABLE_SHARED + + +# AC_DISABLE_SHARED +# ----------------- +# set the default shared flag to --disable-shared +AC_DEFUN([AC_DISABLE_SHARED], +[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl +AC_ENABLE_SHARED(no) +])# AC_DISABLE_SHARED + + +# AC_ENABLE_STATIC([DEFAULT]) +# --------------------------- +# implement the --enable-static flag +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +AC_DEFUN([AC_ENABLE_STATIC], +[define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl +AC_ARG_ENABLE([static], + [AC_HELP_STRING([--enable-static@<:@=PKGS@:>@], + [build static libraries @<:@default=]AC_ENABLE_STATIC_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_static=]AC_ENABLE_STATIC_DEFAULT) +])# AC_ENABLE_STATIC + + +# AC_DISABLE_STATIC +# ----------------- +# set the default static flag to --disable-static +AC_DEFUN([AC_DISABLE_STATIC], +[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl +AC_ENABLE_STATIC(no) +])# AC_DISABLE_STATIC + + +# AC_ENABLE_FAST_INSTALL([DEFAULT]) +# --------------------------------- +# implement the --enable-fast-install flag +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +AC_DEFUN([AC_ENABLE_FAST_INSTALL], +[define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl +AC_ARG_ENABLE([fast-install], + [AC_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], + [optimize for fast installation @<:@default=]AC_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_fast_install=]AC_ENABLE_FAST_INSTALL_DEFAULT) +])# AC_ENABLE_FAST_INSTALL + + +# AC_DISABLE_FAST_INSTALL +# ----------------------- +# set the default to --disable-fast-install +AC_DEFUN([AC_DISABLE_FAST_INSTALL], +[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl +AC_ENABLE_FAST_INSTALL(no) +])# AC_DISABLE_FAST_INSTALL + + +# AC_LIBTOOL_PICMODE([MODE]) +# -------------------------- +# implement the --with-pic flag +# MODE is either `yes' or `no'. If omitted, it defaults to `both'. +AC_DEFUN([AC_LIBTOOL_PICMODE], +[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl +pic_mode=ifelse($#,1,$1,default) +])# AC_LIBTOOL_PICMODE + + +# AC_PROG_EGREP +# ------------- +# This is predefined starting with Autoconf 2.54, so this conditional +# definition can be removed once we require Autoconf 2.54 or later. +m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP], +[AC_CACHE_CHECK([for egrep], [ac_cv_prog_egrep], + [if echo a | (grep -E '(a|b)') >/dev/null 2>&1 + then ac_cv_prog_egrep='grep -E' + else ac_cv_prog_egrep='egrep' + fi]) + EGREP=$ac_cv_prog_egrep + AC_SUBST([EGREP]) +])]) + + +# AC_PATH_TOOL_PREFIX +# ------------------- +# find a file program which can recognise shared library +AC_DEFUN([AC_PATH_TOOL_PREFIX], +[AC_REQUIRE([AC_PROG_EGREP])dnl +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, +[case $MAGIC_CMD in +[[\\/*] | ?:[\\/]*]) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR +dnl $ac_dummy forces splitting on constant user-supplied paths. +dnl POSIX.2 word splitting is done only on the output of word expansions, +dnl not every word. This closes a longstanding sh security hole. + ac_dummy="ifelse([$2], , $PATH, [$2])" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$1; then + lt_cv_path_MAGIC_CMD="$ac_dir/$1" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac]) +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + AC_MSG_RESULT($MAGIC_CMD) +else + AC_MSG_RESULT(no) +fi +])# AC_PATH_TOOL_PREFIX + + +# AC_PATH_MAGIC +# ------------- +# find a file program which can recognise a shared library +AC_DEFUN([AC_PATH_MAGIC], +[AC_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + AC_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) + else + MAGIC_CMD=: + fi +fi +])# AC_PATH_MAGIC + + +# AC_PROG_LD +# ---------- +# find the pathname to the GNU or non-GNU linker +AC_DEFUN([AC_PROG_LD], +[AC_ARG_WITH([gnu-ld], + [AC_HELP_STRING([--with-gnu-ld], + [assume the C compiler uses GNU ld @<:@default=no@:>@])], + [test "$withval" = no || with_gnu_ld=yes], + [with_gnu_ld=no]) +AC_REQUIRE([LT_AC_PROG_SED])dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by $CC]) + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'` + while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do + ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) +fi +AC_CACHE_VAL(lt_cv_path_LD, +[if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'] + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix3*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be Linux ELF. +linux*) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +nto-qnx*) + lt_cv_deplibs_check_method=unknown + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; +esac +]) +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown +])# AC_DEPLIBS_CHECK_METHOD + + +# AC_PROG_NM +# ---------- +# find the pathname to a BSD-compatible name lister +AC_DEFUN([AC_PROG_NM], +[AC_CACHE_CHECK([for BSD-compatible nm], lt_cv_path_NM, +[if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM="$NM" +else + lt_nm_to_check="${ac_tool_prefix}nm" + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + tmp_nm="$ac_dir/$lt_tmp_nm" + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in + */dev/null* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS="$lt_save_ifs" + done + test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm +fi]) +NM="$lt_cv_path_NM" +])# AC_PROG_NM + + +# AC_CHECK_LIBM +# ------------- +# check for math library +AC_DEFUN([AC_CHECK_LIBM], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +LIBM= +case $host in +*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*) + # These system don't have libm, or don't need it + ;; +*-ncr-sysv4.3*) + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") + AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") + ;; +*) + AC_CHECK_LIB(m, cos, LIBM="-lm") + ;; +esac +])# AC_CHECK_LIBM + + +# AC_LIBLTDL_CONVENIENCE([DIRECTORY]) +# ----------------------------------- +# sets LIBLTDL to the link flags for the libltdl convenience library and +# LTDLINCL to the include flags for the libltdl header and adds +# --enable-ltdl-convenience to the configure arguments. Note that +# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided, +# it is assumed to be `libltdl'. LIBLTDL will be prefixed with +# '${top_builddir}/' and LTDLINCL will be prefixed with '${top_srcdir}/' +# (note the single quotes!). If your package is not flat and you're not +# using automake, define top_builddir and top_srcdir appropriately in +# the Makefiles. +AC_DEFUN([AC_LIBLTDL_CONVENIENCE], +[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl + case $enable_ltdl_convenience in + no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;; + "") enable_ltdl_convenience=yes + ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;; + esac + LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdlc.la + LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl']) + # For backwards non-gettext consistent compatibility... + INCLTDL="$LTDLINCL" +])# AC_LIBLTDL_CONVENIENCE + + +# AC_LIBLTDL_INSTALLABLE([DIRECTORY]) +# ----------------------------------- +# sets LIBLTDL to the link flags for the libltdl installable library and +# LTDLINCL to the include flags for the libltdl header and adds +# --enable-ltdl-install to the configure arguments. Note that +# AC_CONFIG_SUBDIRS is not called here. If DIRECTORY is not provided, +# and an installed libltdl is not found, it is assumed to be `libltdl'. +# LIBLTDL will be prefixed with '${top_builddir}/'# and LTDLINCL with +# '${top_srcdir}/' (note the single quotes!). If your package is not +# flat and you're not using automake, define top_builddir and top_srcdir +# appropriately in the Makefiles. +# In the future, this macro may have to be called after AC_PROG_LIBTOOL. +AC_DEFUN([AC_LIBLTDL_INSTALLABLE], +[AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl + AC_CHECK_LIB(ltdl, lt_dlinit, + [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no], + [if test x"$enable_ltdl_install" = xno; then + AC_MSG_WARN([libltdl not installed, but installation disabled]) + else + enable_ltdl_install=yes + fi + ]) + if test x"$enable_ltdl_install" = x"yes"; then + ac_configure_args="$ac_configure_args --enable-ltdl-install" + LIBLTDL='${top_builddir}/'ifelse($#,1,[$1],['libltdl'])/libltdl.la + LTDLINCL='-I${top_srcdir}/'ifelse($#,1,[$1],['libltdl']) + else + ac_configure_args="$ac_configure_args --enable-ltdl-install=no" + LIBLTDL="-lltdl" + LTDLINCL= + fi + # For backwards non-gettext consistent compatibility... + INCLTDL="$LTDLINCL" +])# AC_LIBLTDL_INSTALLABLE + + +# AC_LIBTOOL_CXX +# -------------- +# enable support for C++ libraries +AC_DEFUN([AC_LIBTOOL_CXX], +[AC_REQUIRE([_LT_AC_LANG_CXX]) +])# AC_LIBTOOL_CXX + + +# _LT_AC_LANG_CXX +# --------------- +AC_DEFUN([_LT_AC_LANG_CXX], +[AC_REQUIRE([AC_PROG_CXX]) +AC_REQUIRE([_LT_AC_PROG_CXXCPP]) +_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}CXX]) +])# _LT_AC_LANG_CXX + +# _LT_AC_PROG_CXXCPP +# ------------------ +AC_DEFUN([_LT_AC_PROG_CXXCPP], +[ +AC_REQUIRE([AC_PROG_CXX]) +if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + AC_PROG_CXXCPP +fi +])# _LT_AC_PROG_CXXCPP + +# AC_LIBTOOL_F77 +# -------------- +# enable support for Fortran 77 libraries +AC_DEFUN([AC_LIBTOOL_F77], +[AC_REQUIRE([_LT_AC_LANG_F77]) +])# AC_LIBTOOL_F77 + + +# _LT_AC_LANG_F77 +# --------------- +AC_DEFUN([_LT_AC_LANG_F77], +[AC_REQUIRE([AC_PROG_F77]) +_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}F77]) +])# _LT_AC_LANG_F77 + + +# AC_LIBTOOL_GCJ +# -------------- +# enable support for GCJ libraries +AC_DEFUN([AC_LIBTOOL_GCJ], +[AC_REQUIRE([_LT_AC_LANG_GCJ]) +])# AC_LIBTOOL_GCJ + + +# _LT_AC_LANG_GCJ +# --------------- +AC_DEFUN([_LT_AC_LANG_GCJ], +[AC_PROVIDE_IFELSE([AC_PROG_GCJ],[], + [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],[], + [AC_PROVIDE_IFELSE([LT_AC_PROG_GCJ],[], + [ifdef([AC_PROG_GCJ],[AC_REQUIRE([AC_PROG_GCJ])], + [ifdef([A][M_PROG_GCJ],[AC_REQUIRE([A][M_PROG_GCJ])], + [AC_REQUIRE([A][C_PROG_GCJ_OR_A][M_PROG_GCJ])])])])])]) +_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}GCJ]) +])# _LT_AC_LANG_GCJ + + +# AC_LIBTOOL_RC +# ------------- +# enable support for Windows resource files +AC_DEFUN([AC_LIBTOOL_RC], +[AC_REQUIRE([LT_AC_PROG_RC]) +_LT_AC_SHELL_INIT([tagnames=${tagnames+${tagnames},}RC]) +])# AC_LIBTOOL_RC + + +# AC_LIBTOOL_LANG_C_CONFIG +# ------------------------ +# Ensure that the configuration vars for the C compiler are +# suitably defined. Those variables are subsequently used by +# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'. +AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG], [_LT_AC_LANG_C_CONFIG]) +AC_DEFUN([_LT_AC_LANG_C_CONFIG], +[lt_save_CC="$CC" +AC_LANG_PUSH(C) + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +_LT_AC_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;\n" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}\n' + +_LT_AC_SYS_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +AC_LIBTOOL_PROG_COMPILER_NO_RTTI($1) +AC_LIBTOOL_PROG_COMPILER_PIC($1) +AC_LIBTOOL_PROG_CC_C_O($1) +AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1) +AC_LIBTOOL_PROG_LD_SHLIBS($1) +AC_LIBTOOL_SYS_DYNAMIC_LINKER($1) +AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) +AC_LIBTOOL_SYS_LIB_STRIP +AC_LIBTOOL_DLOPEN_SELF + +# Report which library types will actually be built +AC_MSG_CHECKING([if libtool supports shared libraries]) +AC_MSG_RESULT([$can_build_shared]) + +AC_MSG_CHECKING([whether to build shared libraries]) +test "$can_build_shared" = "no" && enable_shared=no + +# On AIX, shared libraries and static libraries use the same namespace, and +# are all built from PIC. +case $host_os in +aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + +aix4* | aix5*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; +esac +AC_MSG_RESULT([$enable_shared]) + +AC_MSG_CHECKING([whether to build static libraries]) +# Make sure either enable_shared or enable_static is yes. +test "$enable_shared" = yes || enable_static=yes +AC_MSG_RESULT([$enable_static]) + +AC_LIBTOOL_CONFIG($1) + +AC_LANG_POP +CC="$lt_save_CC" +])# AC_LIBTOOL_LANG_C_CONFIG + + +# AC_LIBTOOL_LANG_CXX_CONFIG +# -------------------------- +# Ensure that the configuration vars for the C compiler are +# suitably defined. Those variables are subsequently used by +# AC_LIBTOOL_CONFIG to write the compiler configuration to `libtool'. +AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG], [_LT_AC_LANG_CXX_CONFIG(CXX)]) +AC_DEFUN([_LT_AC_LANG_CXX_CONFIG], +[AC_LANG_PUSH(C++) +AC_REQUIRE([AC_PROG_CXX]) +AC_REQUIRE([_LT_AC_PROG_CXXCPP]) + +_LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_AC_TAGVAR(allow_undefined_flag, $1)= +_LT_AC_TAGVAR(always_export_symbols, $1)=no +_LT_AC_TAGVAR(archive_expsym_cmds, $1)= +_LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_AC_TAGVAR(hardcode_direct, $1)=no +_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= +_LT_AC_TAGVAR(hardcode_libdir_separator, $1)= +_LT_AC_TAGVAR(hardcode_minus_L, $1)=no +_LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported +_LT_AC_TAGVAR(hardcode_automatic, $1)=no +_LT_AC_TAGVAR(module_cmds, $1)= +_LT_AC_TAGVAR(module_expsym_cmds, $1)= +_LT_AC_TAGVAR(link_all_deplibs, $1)=unknown +_LT_AC_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_AC_TAGVAR(no_undefined_flag, $1)= +_LT_AC_TAGVAR(whole_archive_flag_spec, $1)= +_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Dependencies to place before and after the object being linked: +_LT_AC_TAGVAR(predep_objects, $1)= +_LT_AC_TAGVAR(postdep_objects, $1)= +_LT_AC_TAGVAR(predeps, $1)= +_LT_AC_TAGVAR(postdeps, $1)= +_LT_AC_TAGVAR(compiler_lib_search_path, $1)= + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +_LT_AC_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;\n" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }\n' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_AC_SYS_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_LD=$LD +lt_save_GCC=$GCC +GCC=$GXX +lt_save_with_gnu_ld=$with_gnu_ld +lt_save_path_LD=$lt_cv_path_LD +if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx +else + $as_unset lt_cv_prog_gnu_ld +fi +if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX +else + $as_unset lt_cv_path_LD +fi +test -z "${LDCXX+set}" || LD=$LDCXX +CC=${CXX-"c++"} +compiler=$CC +_LT_AC_TAGVAR(compiler, $1)=$CC +_LT_CC_BASENAME([$compiler]) + +# We don't want -fno-exception wen compiling C++ code, so set the +# no_builtin_flag separately +if test "$GXX" = yes; then + _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' +else + _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= +fi + +if test "$GXX" = yes; then + # Set up default GNU C++ configuration + + AC_PROG_LD + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test "$with_gnu_ld" = yes; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='${wl}' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | \ + grep 'no-whole-archive' > /dev/null; then + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' + +else + GXX=no + with_gnu_ld=no + wlarc= +fi + +# PORTME: fill in a description of your system's C++ link characteristics +AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) +_LT_AC_TAGVAR(ld_shlibs, $1)=yes +case $host_os in + aix3*) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + aix4* | aix5*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_AC_TAGVAR(archive_cmds, $1)='' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + + if test "$GXX" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && \ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + else + # We have old collect2 + _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + _LT_AC_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an empty executable. + _LT_AC_SYS_LIBPATH_AIX + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + + _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an empty executable. + _LT_AC_SYS_LIBPATH_AIX + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared libraries. + _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + cygwin* | mingw* | pw32*) + # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_AC_TAGVAR(always_export_symbols, $1)=no + _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + darwin* | rhapsody*) + case $host_os in + rhapsody* | darwin1.[[012]]) + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress' + ;; + *) # Darwin 1.3 on + if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + else + case ${MACOSX_DEPLOYMENT_TARGET} in + 10.[[012]]) + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + ;; + 10.*) + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup' + ;; + esac + fi + ;; + esac + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_AC_TAGVAR(hardcode_direct, $1)=no + _LT_AC_TAGVAR(hardcode_automatic, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='' + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + + if test "$GXX" = yes ; then + lt_int_apple_cc_single_mod=no + output_verbose_link_cmd='echo' + if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then + lt_int_apple_cc_single_mod=yes + fi + if test "X$lt_int_apple_cc_single_mod" = Xyes ; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' + else + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring' + fi + _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + if test "X$lt_int_apple_cc_single_mod" = Xyes ; then + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + else + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + else + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' + _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + esac + fi + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + freebsd[[12]]*) + # C++ shared libraries reported to be fairly broken before switch to ELF + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + freebsd-elf*) + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + ;; + freebsd* | kfreebsd*-gnu | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + _LT_AC_TAGVAR(ld_shlibs, $1)=yes + ;; + gnu*) + ;; + hpux9*) + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[[-]]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + *) + if test "$GXX" = yes; then + _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + hpux10*|hpux11*) + if test $with_gnu_ld = no; then + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' + ;; + *) + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + _LT_AC_TAGVAR(hardcode_direct, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + *) + if test "$GXX" = yes; then + if test $with_gnu_ld = no; then + case $host_cpu in + hppa*64*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + interix3*) + _LT_AC_TAGVAR(hardcode_direct, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test "$GXX" = yes; then + if test "$with_gnu_ld" = no; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib' + fi + fi + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + ;; + esac + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + linux*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath,$libdir' + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc*) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + ;; + pgCC*) + # Portland Group C++ compiler + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + ;; + cxx*) + # Compaq C++ + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + esac + ;; + lynxos*) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + m88k*) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + openbsd2*) + # C++ shared libraries are fairly broken + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + openbsd*) + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + fi + output_verbose_link_cmd='echo' + ;; + osf3*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' + + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + cxx*) + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + *) + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' + + else + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_AC_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + cxx*) + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~ + $rm $lib.exp' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + *) + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' + + else + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + psos*) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + solaris*) + case $cc_basename in + CC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_AC_TAGVAR(archive_cmds_need_lc,$1)=yes + _LT_AC_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The C++ compiler is used as linker so we must use $wl + # flag to pass the commands to the underlying system + # linker. We must also pass each convience library through + # to the system linker between allextract/defaultextract. + # The C++ compiler will combine linker options so we + # cannot just pass the convience library names through + # without $wl. + # Supported since Solaris 2.6 (maybe 2.5.1?) + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' + ;; + esac + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + + output_verbose_link_cmd='echo' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + _LT_AC_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' + if $CC --version | grep -v '^2\.7' > /dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" + else + # g++ 2.7 appears to require `-G' NOT `-shared' on this + # platform. + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" + fi + + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' + fi + ;; + esac + ;; + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + # So that behaviour is only enabled if SCOABSPATH is set to a + # non-empty value in the environment. Most likely only useful for + # creating official distributions of packages. + # This is a hack until libtool officially supports absolute path + # names for shared libraries. + _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + vxworks*) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; +esac +AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)]) +test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + +_LT_AC_TAGVAR(GCC, $1)="$GXX" +_LT_AC_TAGVAR(LD, $1)="$LD" + +AC_LIBTOOL_POSTDEP_PREDEP($1) +AC_LIBTOOL_PROG_COMPILER_PIC($1) +AC_LIBTOOL_PROG_CC_C_O($1) +AC_LIBTOOL_SYS_HARD_LINK_LOCKS($1) +AC_LIBTOOL_PROG_LD_SHLIBS($1) +AC_LIBTOOL_SYS_DYNAMIC_LINKER($1) +AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH($1) + +AC_LIBTOOL_CONFIG($1) + +AC_LANG_POP +CC=$lt_save_CC +LDCXX=$LD +LD=$lt_save_LD +GCC=$lt_save_GCC +with_gnu_ldcxx=$with_gnu_ld +with_gnu_ld=$lt_save_with_gnu_ld +lt_cv_path_LDCXX=$lt_cv_path_LD +lt_cv_path_LD=$lt_save_path_LD +lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld +lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld +])# AC_LIBTOOL_LANG_CXX_CONFIG + +# AC_LIBTOOL_POSTDEP_PREDEP([TAGNAME]) +# ------------------------------------ +# Figure out "hidden" library dependencies from verbose +# compiler output when linking a shared library. +# Parse the compiler output and extract the necessary +# objects, libraries and library flags. +AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP],[ +dnl we can't use the lt_simple_compile_test_code here, +dnl because it contains code intended for an executable, +dnl not a library. It's possible we should let each +dnl tag define a new lt_????_link_test_code variable, +dnl but it's only used here... +ifelse([$1],[],[cat > conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext < conftest.$ac_ext <> "$cfgfile" +ifelse([$1], [], +[#! $SHELL + +# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001 +# Free Software Foundation, Inc. +# +# This file is part of GNU Libtool: +# Originally by Gordon Matzigkeit , 1996 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="$SED -e 1s/^X//" + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# The names of the tagged configurations supported by this script. +available_tags= + +# ### BEGIN LIBTOOL CONFIG], +[# ### BEGIN LIBTOOL TAG CONFIG: $tagname]) + +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$_LT_AC_TAGVAR(archive_cmds_need_lc, $1) + +# Whether or not to disallow shared libs when runtime libs are static +allow_libtool_libs_with_static_runtimes=$_LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1) + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# An echo program that does not interpret backslashes. +echo=$lt_echo + +# The archiver. +AR=$lt_AR +AR_FLAGS=$lt_AR_FLAGS + +# A C compiler. +LTCC=$lt_LTCC + +# LTCC compiler flags. +LTCFLAGS=$lt_LTCFLAGS + +# A language-specific compiler. +CC=$lt_[]_LT_AC_TAGVAR(compiler, $1) + +# Is the compiler the GNU C compiler? +with_gcc=$_LT_AC_TAGVAR(GCC, $1) + +# An ERE matcher. +EGREP=$lt_EGREP + +# The linker used to build libraries. +LD=$lt_[]_LT_AC_TAGVAR(LD, $1) + +# Whether we need hard or soft links. +LN_S=$lt_LN_S + +# A BSD-compatible nm program. +NM=$lt_NM + +# A symbol stripping program +STRIP=$lt_STRIP + +# Used to examine libraries when file_magic_cmd begins "file" +MAGIC_CMD=$MAGIC_CMD + +# Used on cygwin: DLL creation program. +DLLTOOL="$DLLTOOL" + +# Used on cygwin: object dumper. +OBJDUMP="$OBJDUMP" + +# Used on cygwin: assembler. +AS="$AS" + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# How to pass a linker flag through the compiler. +wl=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) + +# Object file suffix (normally "o"). +objext="$ac_objext" + +# Old archive suffix (normally "a"). +libext="$libext" + +# Shared library suffix (normally ".so"). +shrext_cmds='$shrext_cmds' + +# Executable file suffix (normally ""). +exeext="$exeext" + +# Additional compiler flags for building library objects. +pic_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) +pic_mode=$pic_mode + +# What is the maximum length of a command? +max_cmd_len=$lt_cv_sys_max_cmd_len + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_[]_LT_AC_TAGVAR(lt_cv_prog_compiler_c_o, $1) + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Do we need the lib prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_static, $1) + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_[]_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_[]_LT_AC_TAGVAR(export_dynamic_flag_spec, $1) + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_[]_LT_AC_TAGVAR(whole_archive_flag_spec, $1) + +# Compiler flag to generate thread-safe objects. +thread_safe_flag_spec=$lt_[]_LT_AC_TAGVAR(thread_safe_flag_spec, $1) + +# Library versioning type. +version_type=$version_type + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME. +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Commands used to build and install an old-style archive. +RANLIB=$lt_RANLIB +old_archive_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_cmds, $1) +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_new_cmds, $1) + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_[]_LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1) + +# Commands used to build and install a shared archive. +archive_cmds=$lt_[]_LT_AC_TAGVAR(archive_cmds, $1) +archive_expsym_cmds=$lt_[]_LT_AC_TAGVAR(archive_expsym_cmds, $1) +postinstall_cmds=$lt_postinstall_cmds +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to build a loadable module (assumed same as above if empty) +module_cmds=$lt_[]_LT_AC_TAGVAR(module_cmds, $1) +module_expsym_cmds=$lt_[]_LT_AC_TAGVAR(module_expsym_cmds, $1) + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + +# Dependencies to place before the objects being linked to create a +# shared library. +predep_objects=$lt_[]_LT_AC_TAGVAR(predep_objects, $1) + +# Dependencies to place after the objects being linked to create a +# shared library. +postdep_objects=$lt_[]_LT_AC_TAGVAR(postdep_objects, $1) + +# Dependencies to place before the objects being linked to create a +# shared library. +predeps=$lt_[]_LT_AC_TAGVAR(predeps, $1) + +# Dependencies to place after the objects being linked to create a +# shared library. +postdeps=$lt_[]_LT_AC_TAGVAR(postdeps, $1) + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_[]_LT_AC_TAGVAR(compiler_lib_search_path, $1) + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method == file_magic. +file_magic_cmd=$lt_file_magic_cmd + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_[]_LT_AC_TAGVAR(allow_undefined_flag, $1) + +# Flag that forces no undefined symbols. +no_undefined_flag=$lt_[]_LT_AC_TAGVAR(no_undefined_flag, $1) + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# Same as above, but a single script fragment to be evaled but not shown. +finish_eval=$lt_finish_eval + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# This is the shared library runtime path variable. +runpath_var=$runpath_var + +# This is the shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# How to hardcode a shared library path into an executable. +hardcode_action=$_LT_AC_TAGVAR(hardcode_action, $1) + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist. +hardcode_libdir_flag_spec=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) + +# If ld is used when linking, flag to hardcode \$libdir into +# a binary during linking. This must work even if \$libdir does +# not exist. +hardcode_libdir_flag_spec_ld=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1) + +# Whether we need a single -rpath flag with a separated argument. +hardcode_libdir_separator=$lt_[]_LT_AC_TAGVAR(hardcode_libdir_separator, $1) + +# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the +# resulting binary. +hardcode_direct=$_LT_AC_TAGVAR(hardcode_direct, $1) + +# Set to yes if using the -LDIR flag during linking hardcodes DIR into the +# resulting binary. +hardcode_minus_L=$_LT_AC_TAGVAR(hardcode_minus_L, $1) + +# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into +# the resulting binary. +hardcode_shlibpath_var=$_LT_AC_TAGVAR(hardcode_shlibpath_var, $1) + +# Set to yes if building a shared library automatically hardcodes DIR into the library +# and all subsequent libraries and executables linked against it. +hardcode_automatic=$_LT_AC_TAGVAR(hardcode_automatic, $1) + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at relink time. +variables_saved_for_relink="$variables_saved_for_relink" + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$_LT_AC_TAGVAR(link_all_deplibs, $1) + +# Compile-time system search path for libraries +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Fix the shell variable \$srcfile for the compiler. +fix_srcfile_path="$_LT_AC_TAGVAR(fix_srcfile_path, $1)" + +# Set to yes if exported symbols are required. +always_export_symbols=$_LT_AC_TAGVAR(always_export_symbols, $1) + +# The commands to list exported symbols. +export_symbols_cmds=$lt_[]_LT_AC_TAGVAR(export_symbols_cmds, $1) + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_[]_LT_AC_TAGVAR(exclude_expsyms, $1) + +# Symbols that must always be exported. +include_expsyms=$lt_[]_LT_AC_TAGVAR(include_expsyms, $1) + +ifelse([$1],[], +[# ### END LIBTOOL CONFIG], +[# ### END LIBTOOL TAG CONFIG: $tagname]) + +__EOF__ + +ifelse([$1],[], [ + case $host_os in + aix3*) + cat <<\EOF >> "$cfgfile" + +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +EOF + ;; + esac + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || \ + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" +]) +else + # If there is no Makefile yet, we rely on a make rule to execute + # `config.status --recheck' to rerun these tests and create the + # libtool script then. + ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` + if test -f "$ltmain_in"; then + test -f Makefile && make "$ltmain" + fi +fi +])# AC_LIBTOOL_CONFIG + + +# AC_LIBTOOL_PROG_COMPILER_NO_RTTI([TAGNAME]) +# ------------------------------------------- +AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], +[AC_REQUIRE([_LT_AC_SYS_COMPILER])dnl + +_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + +if test "$GCC" = yes; then + _LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + + AC_LIBTOOL_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], + lt_cv_prog_compiler_rtti_exceptions, + [-fno-rtti -fno-exceptions], [], + [_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) +fi +])# AC_LIBTOOL_PROG_COMPILER_NO_RTTI + + +# AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE +# --------------------------------- +AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], +[AC_REQUIRE([AC_CANONICAL_HOST]) +AC_REQUIRE([AC_PROG_NM]) +AC_REQUIRE([AC_OBJEXT]) +# Check for command to grab the raw symbol name followed by C symbol from nm. +AC_MSG_CHECKING([command to parse $NM output from $compiler object]) +AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], +[ +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[[BCDEGRST]]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' + +# Transform an extracted symbol line into a proper C declaration +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[[BCDT]]' + ;; +cygwin* | mingw* | pw32*) + symcode='[[ABCDGISTW]]' + ;; +hpux*) # Its linker distinguishes data from code symbols + if test "$host_cpu" = ia64; then + symcode='[[ABCDEGRST]]' + fi + lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" + ;; +linux*) + if test "$host_cpu" = ia64; then + symcode='[[ABCDGIRSTW]]' + lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" + fi + ;; +irix* | nonstopux*) + symcode='[[BCDEGRST]]' + ;; +osf*) + symcode='[[BCDEGQRST]]' + ;; +solaris*) + symcode='[[BDRT]]' + ;; +sco3.2v5*) + symcode='[[DT]]' + ;; +sysv4.2uw2*) + symcode='[[DT]]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[[ABDT]]' + ;; +sysv4) + symcode='[[DFNSTU]]' + ;; +esac + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[[ABCDGIRSTW]]' ;; +esac + +# Try without a prefix undercore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext < $nlist) && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if grep ' nm_test_var$' "$nlist" >/dev/null; then + if grep ' nm_test_func$' "$nlist" >/dev/null; then + cat < conftest.$ac_ext +#ifdef __cplusplus +extern "C" { +#endif + +EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext' + + cat <> conftest.$ac_ext +#if defined (__STDC__) && __STDC__ +# define lt_ptr_t void * +#else +# define lt_ptr_t char * +# define const +#endif + +/* The mapping between symbol names and symbols. */ +const struct { + const char *name; + lt_ptr_t address; +} +lt_preloaded_symbols[[]] = +{ +EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext + cat <<\EOF >> conftest.$ac_ext + {0, (lt_ptr_t) 0} +}; + +#ifdef __cplusplus +} +#endif +EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_save_LIBS="$LIBS" + lt_save_CFLAGS="$CFLAGS" + LIBS="conftstm.$ac_objext" + CFLAGS="$CFLAGS$_LT_AC_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then + pipe_works=yes + fi + LIBS="$lt_save_LIBS" + CFLAGS="$lt_save_CFLAGS" + else + echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD + fi + else + echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD + cat conftest.$ac_ext >&5 + fi + rm -f conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test "$pipe_works" = yes; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done +]) +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + AC_MSG_RESULT(failed) +else + AC_MSG_RESULT(ok) +fi +]) # AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE + + +# AC_LIBTOOL_PROG_COMPILER_PIC([TAGNAME]) +# --------------------------------------- +AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC], +[_LT_AC_TAGVAR(lt_prog_compiler_wl, $1)= +_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= +_LT_AC_TAGVAR(lt_prog_compiler_static, $1)= + +AC_MSG_CHECKING([for $compiler option to produce PIC]) + ifelse([$1],[CXX],[ + # C++ specific cases for pic, static, wl, etc. + if test "$GXX" = yes; then + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + amigaos*) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | os2* | pw32*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT' + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + interix3*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + *) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + case $host_os in + aix4* | aix5*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_AC_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + darwin*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + case $cc_basename in + xlc*) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon' + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + ;; + esac + ;; + dgux*) + case $cc_basename in + ec++*) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | kfreebsd*-gnu | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + if test "$host_cpu" != ia64; then + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + fi + ;; + aCC*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux*) + case $cc_basename in + KCC*) + # KAI C++ Compiler + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + icpc* | ecpc*) + # Intel C++ + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgCC*) + # Portland Group C++ compiler. + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + *) + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd*) + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + cxx*) + # Digital/Compaq C++ + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + lcc*) + # Lucid + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + vxworks*) + ;; + *) + _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +], +[ + if test "$GCC" = yes; then + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + amigaos*) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + + beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT' + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + + interix3*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + enable_shared=no + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + + hpux*) + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + + *) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + darwin*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + case $cc_basename in + xlc*) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-qnocommon' + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + ;; + esac + ;; + + mingw* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT' + ;; + + hpux9* | hpux10* | hpux11*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC (with -KPIC) is the default. + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + newsos6) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + linux*) + case $cc_basename in + icc* | ecc*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + ccc*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All Alpha code is PIC. + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + esac + ;; + + osf3* | osf4* | osf5*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All OSF/1 code is PIC. + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + solaris*) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + case $cc_basename in + f77* | f90* | f95*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; + *) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; + esac + ;; + + sunos4*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + unicos*) + _LT_AC_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + + uts4*) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_AC_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *) + _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +]) +AC_MSG_RESULT([$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)]) + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)"; then + AC_LIBTOOL_COMPILER_OPTION([if $compiler PIC flag $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) works], + _LT_AC_TAGVAR(lt_prog_compiler_pic_works, $1), + [$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])], [], + [case $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) in + "" | " "*) ;; + *) _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)" ;; + esac], + [_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_AC_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) +fi +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + *) + _LT_AC_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1)ifelse([$1],[],[ -DPIC],[ifelse([$1],[CXX],[ -DPIC],[])])" + ;; +esac + +# +# Check to make sure the static flag actually works. +# +wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_AC_TAGVAR(lt_prog_compiler_static, $1)\" +AC_LIBTOOL_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], + _LT_AC_TAGVAR(lt_prog_compiler_static_works, $1), + $lt_tmp_static_flag, + [], + [_LT_AC_TAGVAR(lt_prog_compiler_static, $1)=]) +]) + + +# AC_LIBTOOL_PROG_LD_SHLIBS([TAGNAME]) +# ------------------------------------ +# See if the linker supports building shared libraries. +AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS], +[AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) +ifelse([$1],[CXX],[ + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + case $host_os in + aix4* | aix5*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | grep 'GNU' > /dev/null; then + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' + else + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + _LT_AC_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" + ;; + cygwin* | mingw*) + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([[^ ]]*\) [[^ ]]*/\1 DATA/;/^I /d;/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols' + ;; + *) + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac +],[ + runpath_var= + _LT_AC_TAGVAR(allow_undefined_flag, $1)= + _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=no + _LT_AC_TAGVAR(archive_cmds, $1)= + _LT_AC_TAGVAR(archive_expsym_cmds, $1)= + _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)= + _LT_AC_TAGVAR(old_archive_from_expsyms_cmds, $1)= + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= + _LT_AC_TAGVAR(thread_safe_flag_spec, $1)= + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= + _LT_AC_TAGVAR(hardcode_direct, $1)=no + _LT_AC_TAGVAR(hardcode_minus_L, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_AC_TAGVAR(link_all_deplibs, $1)=unknown + _LT_AC_TAGVAR(hardcode_automatic, $1)=no + _LT_AC_TAGVAR(module_cmds, $1)= + _LT_AC_TAGVAR(module_expsym_cmds, $1)= + _LT_AC_TAGVAR(always_export_symbols, $1)=no + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + _LT_AC_TAGVAR(include_expsyms, $1)= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + _LT_AC_TAGVAR(exclude_expsyms, $1)="_GLOBAL_OFFSET_TABLE_" + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + extract_expsyms_cmds= + # Just being paranoid about ensuring that cc_basename is set. + _LT_CC_BASENAME([$compiler]) + case $host_os in + cygwin* | mingw* | pw32*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + esac + + _LT_AC_TAGVAR(ld_shlibs, $1)=yes + if test "$with_gnu_ld" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= + fi + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix3* | aix4* | aix5*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + _LT_AC_TAGVAR(ld_shlibs, $1)=no + cat <&2 + +*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to modify your PATH +*** so that a non-GNU linker is found, and then restart. + +EOF + fi + ;; + + amigaos*) + _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + + # Samuel A. Falvo II reports + # that the semantics of dynamic libraries on AmigaOS, at least up + # to version 4, is to share data among multiple programs linked + # with the same dynamic library. Since this doesn't match the + # behavior of shared libraries on other platforms, we can't use + # them. + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + + beos*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + cygwin* | mingw* | pw32*) + # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_AC_TAGVAR(always_export_symbols, $1)=no + _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]] /s/.* \([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]] /s/.* //'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + interix3*) + _LT_AC_TAGVAR(hardcode_direct, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + linux*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + tmp_addflag= + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + esac + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test $supports_anon_versioning = yes; then + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + $echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + else + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then + _LT_AC_TAGVAR(ld_shlibs, $1)=no + cat <&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +EOF + elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) + _LT_AC_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' + else + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + sunos4*) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_AC_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + + if test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no; then + runpath_var= + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_AC_TAGVAR(always_export_symbols, $1)=yes + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported + fi + ;; + + aix4* | aix5*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | grep 'GNU' > /dev/null; then + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' + else + _LT_AC_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\[$]2 == "T") || (\[$]2 == "D") || (\[$]2 == "B")) && ([substr](\[$]3,1,1) != ".")) { print \[$]3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix5*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_AC_TAGVAR(archive_cmds, $1)='' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + + if test "$GCC" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && \ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + else + # We have old collect2 + _LT_AC_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + _LT_AC_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_AC_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an empty executable. + _LT_AC_SYS_LIBPATH_AIX + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_AC_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an empty executable. + _LT_AC_SYS_LIBPATH_AIX + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_AC_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared libraries. + _LT_AC_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + # see comment about different semantics on the GNU ld section + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + + bsdi[[45]]*) + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic + ;; + + cygwin* | mingw* | pw32*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='true' + # FIXME: Should let the user specify the lib program. + _LT_AC_TAGVAR(old_archive_cmds, $1)='lib /OUT:$oldlib$oldobjs$old_deplibs' + _LT_AC_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`' + _LT_AC_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + + darwin* | rhapsody*) + case $host_os in + rhapsody* | darwin1.[[012]]) + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}suppress' + ;; + *) # Darwin 1.3 on + if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + else + case ${MACOSX_DEPLOYMENT_TARGET} in + 10.[[012]]) + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + ;; + 10.*) + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-undefined ${wl}dynamic_lookup' + ;; + esac + fi + ;; + esac + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_AC_TAGVAR(hardcode_direct, $1)=no + _LT_AC_TAGVAR(hardcode_automatic, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='' + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + if test "$GCC" = yes ; then + output_verbose_link_cmd='echo' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' + _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + else + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' + _LT_AC_TAGVAR(module_cmds, $1)='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + _LT_AC_TAGVAR(module_expsym_cmds, $1)='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + esac + fi + ;; + + dgux*) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + freebsd1*) + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2*) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | kfreebsd*-gnu | dragonfly*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + hpux9*) + if test "$GCC" = yes; then + _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + _LT_AC_TAGVAR(archive_cmds, $1)='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + fi + if test "$with_gnu_ld" = no; then + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' + _LT_AC_TAGVAR(hardcode_direct, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' + fi + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + newsos6) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + openbsd*) + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + else + case $host_os in + openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + ;; + *) + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + ;; + esac + fi + ;; + + os2*) + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + _LT_AC_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_AC_TAGVAR(archive_cmds, $1)='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + _LT_AC_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + fi + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + else + _LT_AC_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ + $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' + + # Both c and cxx compiler support -rpath directly + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + fi + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + solaris*) + _LT_AC_TAGVAR(no_undefined_flag, $1)=' -z text' + if test "$GCC" = yes; then + wlarc='${wl}' + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' + else + wlarc='' + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' + fi + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine linker options so we + # cannot just pass the convience library names through + # without $wl, iff we do not link with $LD. + # Luckily, gcc supports the same syntax we need for Sun Studio. + # Supported since Solaris 2.6 (maybe 2.5.1?) + case $wlarc in + '') + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; + *) + _LT_AC_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; + esac ;; + esac + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes + _LT_AC_TAGVAR(hardcode_minus_L, $1)=yes + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4) + case $host_vendor in + sni) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(hardcode_direct, $1)=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' + _LT_AC_TAGVAR(hardcode_direct, $1)=no + ;; + motorola) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4.3*) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + _LT_AC_TAGVAR(ld_shlibs, $1)=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7*) + _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_AC_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_AC_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + _LT_AC_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_AC_TAGVAR(link_all_deplibs, $1)=yes + _LT_AC_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_AC_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_AC_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + _LT_AC_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_AC_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + _LT_AC_TAGVAR(ld_shlibs, $1)=no + ;; + esac + fi +]) +AC_MSG_RESULT([$_LT_AC_TAGVAR(ld_shlibs, $1)]) +test "$_LT_AC_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + +# +# Do we need to explicitly link libc? +# +case "x$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)" in +x|xyes) + # Assume -lc should be added + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $_LT_AC_TAGVAR(archive_cmds, $1) in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + AC_MSG_CHECKING([whether -lc should be explicitly linked in]) + $rm conftest* + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$_LT_AC_TAGVAR(lt_prog_compiler_wl, $1) + pic_flag=$_LT_AC_TAGVAR(lt_prog_compiler_pic, $1) + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$_LT_AC_TAGVAR(allow_undefined_flag, $1) + _LT_AC_TAGVAR(allow_undefined_flag, $1)= + if AC_TRY_EVAL(_LT_AC_TAGVAR(archive_cmds, $1) 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) + then + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=no + else + _LT_AC_TAGVAR(archive_cmds_need_lc, $1)=yes + fi + _LT_AC_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $rm conftest* + AC_MSG_RESULT([$_LT_AC_TAGVAR(archive_cmds_need_lc, $1)]) + ;; + esac + fi + ;; +esac +])# AC_LIBTOOL_PROG_LD_SHLIBS + + +# _LT_AC_FILE_LTDLL_C +# ------------------- +# Be careful that the start marker always follows a newline. +AC_DEFUN([_LT_AC_FILE_LTDLL_C], [ +# /* ltdll.c starts here */ +# #define WIN32_LEAN_AND_MEAN +# #include +# #undef WIN32_LEAN_AND_MEAN +# #include +# +# #ifndef __CYGWIN__ +# # ifdef __CYGWIN32__ +# # define __CYGWIN__ __CYGWIN32__ +# # endif +# #endif +# +# #ifdef __cplusplus +# extern "C" { +# #endif +# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved); +# #ifdef __cplusplus +# } +# #endif +# +# #ifdef __CYGWIN__ +# #include +# DECLARE_CYGWIN_DLL( DllMain ); +# #endif +# HINSTANCE __hDllInstance_base; +# +# BOOL APIENTRY +# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved) +# { +# __hDllInstance_base = hInst; +# return TRUE; +# } +# /* ltdll.c ends here */ +])# _LT_AC_FILE_LTDLL_C + + +# _LT_AC_TAGVAR(VARNAME, [TAGNAME]) +# --------------------------------- +AC_DEFUN([_LT_AC_TAGVAR], [ifelse([$2], [], [$1], [$1_$2])]) + + +# old names +AC_DEFUN([AM_PROG_LIBTOOL], [AC_PROG_LIBTOOL]) +AC_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) +AC_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) +AC_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) +AC_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) +AC_DEFUN([AM_PROG_LD], [AC_PROG_LD]) +AC_DEFUN([AM_PROG_NM], [AC_PROG_NM]) + +# This is just to silence aclocal about the macro not being used +ifelse([AC_DISABLE_FAST_INSTALL]) + +AC_DEFUN([LT_AC_PROG_GCJ], +[AC_CHECK_TOOL(GCJ, gcj, no) + test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" + AC_SUBST(GCJFLAGS) +]) + +AC_DEFUN([LT_AC_PROG_RC], +[AC_CHECK_TOOL(RC, windres, no) +]) + +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_SED. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +# LT_AC_PROG_SED +# -------------- +# Check for a fully-functional sed program, that truncates +# as few characters as possible. Prefer GNU sed if found. +AC_DEFUN([LT_AC_PROG_SED], +[AC_MSG_CHECKING([for a sed that does not truncate output]) +AC_CACHE_VAL(lt_cv_path_SED, +[# Loop through the user's path and test for sed and gsed. +# Then use that list of sed's as ones to test for truncation. +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done +done +lt_ac_max=0 +lt_ac_count=0 +# Add /usr/xpg4/bin/sed as it is typically found on Solaris +# along with /bin/sed that truncates output. +for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do + test ! -f $lt_ac_sed && continue + cat /dev/null > conftest.in + lt_ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >conftest.in + # Check for GNU sed and select it if it is found. + if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then + lt_cv_path_SED=$lt_ac_sed + break + fi + while true; do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo >>conftest.nl + $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break + cmp -s conftest.out conftest.nl || break + # 10000 chars as input seems more than enough + test $lt_ac_count -gt 10 && break + lt_ac_count=`expr $lt_ac_count + 1` + if test $lt_ac_count -gt $lt_ac_max; then + lt_ac_max=$lt_ac_count + lt_cv_path_SED=$lt_ac_sed + fi + done +done +]) +SED=$lt_cv_path_SED +AC_MSG_RESULT([$SED]) +]) + +# Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version="1.9"]) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION so it can be traced. +# This function is AC_REQUIREd by AC_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], + [AM_AUTOMAKE_VERSION([1.9.6])]) + +# AM_AUX_DIR_EXPAND -*- Autoconf -*- + +# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets +# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to +# `$srcdir', `$srcdir/..', or `$srcdir/../..'. +# +# Of course, Automake must honor this variable whenever it calls a +# tool from the auxiliary directory. The problem is that $srcdir (and +# therefore $ac_aux_dir as well) can be either absolute or relative, +# depending on how configure is run. This is pretty annoying, since +# it makes $ac_aux_dir quite unusable in subdirectories: in the top +# source directory, any form will work fine, but in subdirectories a +# relative path needs to be adjusted first. +# +# $ac_aux_dir/missing +# fails when called from a subdirectory if $ac_aux_dir is relative +# $top_srcdir/$ac_aux_dir/missing +# fails if $ac_aux_dir is absolute, +# fails when called from a subdirectory in a VPATH build with +# a relative $ac_aux_dir +# +# The reason of the latter failure is that $top_srcdir and $ac_aux_dir +# are both prefixed by $srcdir. In an in-source build this is usually +# harmless because $srcdir is `.', but things will broke when you +# start a VPATH build or use an absolute $srcdir. +# +# So we could use something similar to $top_srcdir/$ac_aux_dir/missing, +# iff we strip the leading $srcdir from $ac_aux_dir. That would be: +# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` +# and then we would define $MISSING as +# MISSING="\${SHELL} $am_aux_dir/missing" +# This will work as long as MISSING is not called from configure, because +# unfortunately $(top_srcdir) has no meaning in configure. +# However there are other variables, like CC, which are often used in +# configure, and could therefore not use this "fixed" $ac_aux_dir. +# +# Another solution, used here, is to always expand $ac_aux_dir to an +# absolute PATH. The drawback is that using absolute paths prevent a +# configured tree to be moved without reconfiguration. + +AC_DEFUN([AM_AUX_DIR_EXPAND], +[dnl Rely on autoconf to set up CDPATH properly. +AC_PREREQ([2.50])dnl +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` +]) + +# AM_CONDITIONAL -*- Autoconf -*- + +# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 7 + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[AC_PREREQ(2.52)dnl + ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE]) +AC_SUBST([$1_FALSE]) +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([[conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]]) +fi])]) + + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 8 + +# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "GCJ", or "OBJC". +# We try a few techniques and use that to set a single cache variable. +# +# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was +# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular +# dependency, and given that the user is not expected to run this macro, +# just rely on AC_PROG_CC. +AC_DEFUN([_AM_DEPENDENCIES], +[AC_REQUIRE([AM_SET_DEPDIR])dnl +AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl +AC_REQUIRE([AM_MAKE_INCLUDE])dnl +AC_REQUIRE([AM_DEP_TRACK])dnl + +ifelse([$1], CC, [depcc="$CC" am_compiler_list=], + [$1], CXX, [depcc="$CXX" am_compiler_list=], + [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) + +AC_CACHE_CHECK([dependency style of $depcc], + [am_cv_$1_dependencies_compiler_type], +[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_$1_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` + fi + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + case $depmode in + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + none) break ;; + esac + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. + if depmode=$depmode \ + source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_$1_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_$1_dependencies_compiler_type=none +fi +]) +AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) +AM_CONDITIONAL([am__fastdep$1], [ + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) +]) + + +# AM_SET_DEPDIR +# ------------- +# Choose a directory name for dependency files. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES +AC_DEFUN([AM_SET_DEPDIR], +[AC_REQUIRE([AM_SET_LEADING_DOT])dnl +AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl +]) + + +# AM_DEP_TRACK +# ------------ +AC_DEFUN([AM_DEP_TRACK], +[AC_ARG_ENABLE(dependency-tracking, +[ --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors]) +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' +fi +AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) +AC_SUBST([AMDEPBACKSLASH]) +]) + +# Generate code to set up dependency tracking. -*- Autoconf -*- + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +#serial 3 + +# _AM_OUTPUT_DEPENDENCY_COMMANDS +# ------------------------------ +AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], +[for mf in $CONFIG_FILES; do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # So let's grep whole file. + if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then + dirpart=`AS_DIRNAME("$mf")` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`AS_DIRNAME(["$file"])` + AS_MKDIR_P([$dirpart/$fdir]) + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done +done +])# _AM_OUTPUT_DEPENDENCY_COMMANDS + + +# AM_OUTPUT_DEPENDENCY_COMMANDS +# ----------------------------- +# This macro should only be invoked once -- use via AC_REQUIRE. +# +# This code is only required when automatic dependency tracking +# is enabled. FIXME. This creates each `.P' file that we will +# need in order to bootstrap the dependency handling code. +AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], +[AC_CONFIG_COMMANDS([depfiles], + [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], + [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) +]) + +# Do all the work for Automake. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 12 + +# This macro actually does too much. Some checks are only needed if +# your package does certain things. But this isn't really a big deal. + +# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) +# AM_INIT_AUTOMAKE([OPTIONS]) +# ----------------------------------------------- +# The call with PACKAGE and VERSION arguments is the old style +# call (pre autoconf-2.50), which is being phased out. PACKAGE +# and VERSION should now be passed to AC_INIT and removed from +# the call to AM_INIT_AUTOMAKE. +# We support both call styles for the transition. After +# the next Automake release, Autoconf can make the AC_INIT +# arguments mandatory, and then we can depend on a new Autoconf +# release and drop the old call support. +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_PREREQ([2.58])dnl +dnl Autoconf wants to disallow AM_ names. We explicitly allow +dnl the ones we care about. +m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl +AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL])dnl +# test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && + test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi +AC_SUBST([CYGPATH_W]) + +# Define the identity of the package. +dnl Distinguish between old-style and new-style calls. +m4_ifval([$2], +[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + AC_SUBST([PACKAGE], [$1])dnl + AC_SUBST([VERSION], [$2])], +[_AM_SET_OPTIONS([$1])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl + AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl + +_AM_IF_OPTION([no-define],, +[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) + AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl + +# Some tools Automake needs. +AC_REQUIRE([AM_SANITY_CHECK])dnl +AC_REQUIRE([AC_ARG_PROGRAM])dnl +AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) +AM_MISSING_PROG(AUTOCONF, autoconf) +AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) +AM_MISSING_PROG(AUTOHEADER, autoheader) +AM_MISSING_PROG(MAKEINFO, makeinfo) +AM_PROG_INSTALL_SH +AM_PROG_INSTALL_STRIP +AC_REQUIRE([AM_PROG_MKDIR_P])dnl +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_PROG_MAKE_SET])dnl +AC_REQUIRE([AM_SET_LEADING_DOT])dnl +_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) +_AM_IF_OPTION([no-dependencies],, +[AC_PROVIDE_IFELSE([AC_PROG_CC], + [_AM_DEPENDENCIES(CC)], + [define([AC_PROG_CC], + defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl +AC_PROVIDE_IFELSE([AC_PROG_CXX], + [_AM_DEPENDENCIES(CXX)], + [define([AC_PROG_CXX], + defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl +]) +]) + + +# When config.status generates a header, we must update the stamp-h file. +# This file resides in the same directory as the config header +# that is generated. The stamp files are numbered to have different names. + +# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the +# loop where config.status creates the headers, so we can generate +# our stamp files there. +AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], +[# Compute $1's index in $config_headers. +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $1 | $1:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $1" >`AS_DIRNAME([$1])`/stamp-h[]$_am_stamp_count]) + +# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_SH +# ------------------ +# Define $install_sh. +AC_DEFUN([AM_PROG_INSTALL_SH], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +install_sh=${install_sh-"$am_aux_dir/install-sh"} +AC_SUBST(install_sh)]) + +# Copyright (C) 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# Check whether the underlying file-system supports filenames +# with a leading dot. For instance MS-DOS doesn't. +AC_DEFUN([AM_SET_LEADING_DOT], +[rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +AC_SUBST([am__leading_dot])]) + +# Check to see how 'make' treats includes. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 3 + +# AM_MAKE_INCLUDE() +# ----------------- +# Check to see how make treats includes. +AC_DEFUN([AM_MAKE_INCLUDE], +[am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo done +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +AC_MSG_CHECKING([for style of include used by $am_make]) +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# We grep out `Entering directory' and `Leaving directory' +# messages which can occur if `w' ends up in MAKEFLAGS. +# In particular we don't look at `^make:' because GNU make might +# be invoked under some other name (usually "gmake"), in which +# case it prints its new name instead of `make'. +if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then + am__include=include + am__quote= + _am_result=GNU +fi +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then + am__include=.include + am__quote="\"" + _am_result=BSD + fi +fi +AC_SUBST([am__include]) +AC_SUBST([am__quote]) +AC_MSG_RESULT([$_am_result]) +rm -f confinc confmf +]) + +# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- + +# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# AM_MISSING_PROG(NAME, PROGRAM) +# ------------------------------ +AC_DEFUN([AM_MISSING_PROG], +[AC_REQUIRE([AM_MISSING_HAS_RUN]) +$1=${$1-"${am_missing_run}$2"} +AC_SUBST($1)]) + + +# AM_MISSING_HAS_RUN +# ------------------ +# Define MISSING if not defined so far and test if it supports --run. +# If it does, set am_missing_run to use it, otherwise, to nothing. +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + AC_MSG_WARN([`missing' script is too old or missing]) +fi +]) + +# Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_MKDIR_P +# --------------- +# Check whether `mkdir -p' is supported, fallback to mkinstalldirs otherwise. +# +# Automake 1.8 used `mkdir -m 0755 -p --' to ensure that directories +# created by `make install' are always world readable, even if the +# installer happens to have an overly restrictive umask (e.g. 077). +# This was a mistake. There are at least two reasons why we must not +# use `-m 0755': +# - it causes special bits like SGID to be ignored, +# - it may be too restrictive (some setups expect 775 directories). +# +# Do not use -m 0755 and let people choose whatever they expect by +# setting umask. +# +# We cannot accept any implementation of `mkdir' that recognizes `-p'. +# Some implementations (such as Solaris 8's) are not thread-safe: if a +# parallel make tries to run `mkdir -p a/b' and `mkdir -p a/c' +# concurrently, both version can detect that a/ is missing, but only +# one can create it and the other will error out. Consequently we +# restrict ourselves to GNU make (using the --version option ensures +# this.) +AC_DEFUN([AM_PROG_MKDIR_P], +[if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then + # We used to keeping the `.' as first argument, in order to + # allow $(mkdir_p) to be used without argument. As in + # $(mkdir_p) $(somedir) + # where $(somedir) is conditionally defined. However this is wrong + # for two reasons: + # 1. if the package is installed by a user who cannot write `.' + # make install will fail, + # 2. the above comment should most certainly read + # $(mkdir_p) $(DESTDIR)$(somedir) + # so it does not work when $(somedir) is undefined and + # $(DESTDIR) is not. + # To support the latter case, we have to write + # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir), + # so the `.' trick is pointless. + mkdir_p='mkdir -p --' +else + # On NextStep and OpenStep, the `mkdir' command does not + # recognize any option. It will interpret all options as + # directories to create, and then abort because `.' already + # exists. + for d in ./-p ./--version; + do + test -d $d && rmdir $d + done + # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists. + if test -f "$ac_aux_dir/mkinstalldirs"; then + mkdir_p='$(mkinstalldirs)' + else + mkdir_p='$(install_sh) -d' + fi +fi +AC_SUBST([mkdir_p])]) + +# Helper functions for option handling. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 3 + +# _AM_MANGLE_OPTION(NAME) +# ----------------------- +AC_DEFUN([_AM_MANGLE_OPTION], +[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) + +# _AM_SET_OPTION(NAME) +# ------------------------------ +# Set option NAME. Presently that only means defining a flag for this option. +AC_DEFUN([_AM_SET_OPTION], +[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) + +# _AM_SET_OPTIONS(OPTIONS) +# ---------------------------------- +# OPTIONS is a space-separated list of Automake options. +AC_DEFUN([_AM_SET_OPTIONS], +[AC_FOREACH([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) + +# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) +# ------------------------------------------- +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +AC_DEFUN([_AM_IF_OPTION], +[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) + +# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_RUN_LOG(COMMAND) +# ------------------- +# Run COMMAND, save the exit status in ac_status, and log it. +# (This has been adapted from Autoconf's _AC_RUN_LOG macro.) +AC_DEFUN([AM_RUN_LOG], +[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD + ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + (exit $ac_status); }]) + +# Check to make sure that the build environment is sane. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# AM_SANITY_CHECK +# --------------- +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftest.file +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftest.file` + fi + rm -f conftest.file + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "$[2]" = conftest.file + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +AC_MSG_RESULT(yes)]) + +# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_STRIP +# --------------------- +# One issue with vendor `install' (even GNU) is that you can't +# specify the program used to strip binaries. This is especially +# annoying in cross-compiling environments, where the build's strip +# is unlikely to handle the host's binaries. +# Fortunately install-sh will honor a STRIPPROG variable, so we +# always use install-sh in `make install-strip', and initialize +# STRIPPROG with the value of the STRIP variable (set by the user). +AC_DEFUN([AM_PROG_INSTALL_STRIP], +[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be `maybe'. +if test "$cross_compiling" != no; then + AC_CHECK_TOOL([STRIP], [strip], :) +fi +INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s" +AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +# Check how to create a tarball. -*- Autoconf -*- + +# Copyright (C) 2004, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# _AM_PROG_TAR(FORMAT) +# -------------------- +# Check how to create a tarball in format FORMAT. +# FORMAT should be one of `v7', `ustar', or `pax'. +# +# Substitute a variable $(am__tar) that is a command +# writing to stdout a FORMAT-tarball containing the directory +# $tardir. +# tardir=directory && $(am__tar) > result.tar +# +# Substitute a variable $(am__untar) that extract such +# a tarball read from stdin. +# $(am__untar) < result.tar +AC_DEFUN([_AM_PROG_TAR], +[# Always define AMTAR for backward compatibility. +AM_MISSING_PROG([AMTAR], [tar]) +m4_if([$1], [v7], + [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'], + [m4_case([$1], [ustar],, [pax],, + [m4_fatal([Unknown tar format])]) +AC_MSG_CHECKING([how to create a $1 tar archive]) +# Loop over all known methods to create a tar archive until one works. +_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' +_am_tools=${am_cv_prog_tar_$1-$_am_tools} +# Do not fold the above two line into one, because Tru64 sh and +# Solaris sh will not grok spaces in the rhs of `-'. +for _am_tool in $_am_tools +do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; + do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break + + # tar/untar a dummy directory, and stop if the command works + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi +done +rm -rf conftest.dir + +AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) +AC_MSG_RESULT([$am_cv_prog_tar_$1])]) +AC_SUBST([am__tar]) +AC_SUBST([am__untar]) +]) # _AM_PROG_TAR + diff --git a/config.guess b/config.guess new file mode 100755 index 000000000..af7f02dc7 --- /dev/null +++ b/config.guess @@ -0,0 +1,1519 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, +# Inc. + +timestamp='2006-07-02' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Originally written by Per Bothner . +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; set_cc_for_build= ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +if [ "${UNAME_SYSTEM}" = "Linux" ] ; then + eval $set_cc_for_build + cat << EOF > $dummy.c + #include + #ifdef __UCLIBC__ + # ifdef __UCLIBC_CONFIG_VERSION__ + LIBC=uclibc __UCLIBC_CONFIG_VERSION__ + # else + LIBC=uclibc + # endif + #else + LIBC=gnu + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep LIBC= | sed -e 's: ::g'` +fi + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + *:SolidBSD:*:*) + echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; + arm:riscos:*:*|arm:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos${UNAME_RELEASE} + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep __LP64__ >/dev/null + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) + case ${UNAME_MACHINE} in + pc98) + echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit ;; + x86:Interix*:[3456]*) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + EM64T:Interix*:[3456]*) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + *:GNU:*:*) + # the GNU system + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + cris:Linux:*:*) + echo cris-axis-linux-${LIBC} + exit ;; + crisv32:Linux:*:*) + echo crisv32-axis-linux-${LIBC} + exit ;; + frv:Linux:*:*) + echo frv-unknown-linux-${LIBC} + exit ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips + #undef mipsel + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mipsel + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips + #else + CPU= + #endif + #endif +EOF + eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' + /^CPU/{ + s: ::g + p + }'`" + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + ;; + mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips64 + #undef mips64el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mips64el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips64 + #else + CPU= + #endif + #endif +EOF + eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' + /^CPU/{ + s: ::g + p + }'`" + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + ;; + or32:Linux:*:*) + echo or32-unknown-linux-${LIBC} + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-${LIBC} + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; + esac + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-${LIBC} + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-${LIBC} + exit ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-${LIBC} + exit ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + # Set LC_ALL=C to ensure ld outputs messages in English. + ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-${LIBC}" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-${LIBC}aout" + exit ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-${LIBC}coff" + exit ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-${LIBC}oldld" + exit ;; + esac + # This should get integrated into the C code below, but now we hack + if [ "$LIBC" != "gnu" ] ; then echo "$TENTATIVE" && exit 0 ; fi + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + #ifdef __ELF__ + # ifdef __GLIBC__ + # if __GLIBC__ >= 2 + LIBC=gnu + # else + LIBC=gnulibc1 + # endif + # else + LIBC=gnulibc1 + # endif + #else + #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) + LIBC=gnu + #else + LIBC=gnuaout + #endif + #endif + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' + /^LIBC/{ + s: ::g + p + }'`" + test x"${LIBC}" != x && { + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit + } + test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in + unknown) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NSE-?:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; + i*86:rdos:*:*) + echo ${UNAME_MACHINE}-pc-rdos + exit ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix\n"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + c34*) + echo c34-convex-bsd + exit ;; + c38*) + echo c38-convex-bsd + exit ;; + c4*) + echo c4-convex-bsd + exit ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/config.sub b/config.sub new file mode 100755 index 000000000..ae0b3ddff --- /dev/null +++ b/config.sub @@ -0,0 +1,1626 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, +# Inc. + +timestamp='2006-07-02' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ + uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray) + os= + basic_machine=$1 + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco6) + os=-sco5v6 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ + | bfin \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx | dvp \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64vr | mips64vrel \ + | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | mt \ + | msp430 \ + | nios | nios2 \ + | ns16k | ns32k \ + | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[1234] | sh[24]a | sh[24]a*eb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu | strongarm \ + | tahoe | thumb | tic4x | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ + | z8k) + basic_machine=$basic_machine-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + ms1) + basic_machine=mt-unknown + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ + | nios-* | nios2-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]a*eb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ + | xstormy16-* | xtensa-* \ + | ymp-* \ + | z8k-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16c) + basic_machine=cr16c-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mipsEE* | ee | ps2) + basic_machine=mips64r5900el-scei + case $os in + -linux*) + ;; + *) + os=-elf + ;; + esac + ;; + iop) + basic_machine=mipsel-scei + os=-irx + ;; + dvp) + basic_machine=dvp-scei + os=-elf + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pc98) + basic_machine=i386-pc + ;; + pc98-*) + basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rdos) + basic_machine=i386-pc + os=-rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tic55x | c55x*) + basic_machine=tic55x-unknown + os=-coff + ;; + tic6x | c6x*) + basic_machine=tic6x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ + | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -irx*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; + -zvmoe) + os=-zvmoe + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + spu-*) + os=-elf + ;; + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-haiku) + os=-haiku + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/configure b/configure new file mode 100755 index 000000000..96e6d5f72 --- /dev/null +++ b/configure @@ -0,0 +1,23369 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.61 for strongSwan 4.1.1. +# +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + + + +# PATH needs CR +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +as_nl=' +' +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + { (exit 1); exit 1; } +fi + +# Work around bugs in pre-3.0 UWIN ksh. +for as_var in ENV MAIL MAILPATH +do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# CDPATH. +$as_unset CDPATH + + +if test "x$CONFIG_SHELL" = x; then + if (eval ":") 2>/dev/null; then + as_have_required=yes +else + as_have_required=no +fi + + if test $as_have_required = yes && (eval ": +(as_func_return () { + (exit \$1) +} +as_func_success () { + as_func_return 0 +} +as_func_failure () { + as_func_return 1 +} +as_func_ret_success () { + return 0 +} +as_func_ret_failure () { + return 1 +} + +exitcode=0 +if as_func_success; then + : +else + exitcode=1 + echo as_func_success failed. +fi + +if as_func_failure; then + exitcode=1 + echo as_func_failure succeeded. +fi + +if as_func_ret_success; then + : +else + exitcode=1 + echo as_func_ret_success failed. +fi + +if as_func_ret_failure; then + exitcode=1 + echo as_func_ret_failure succeeded. +fi + +if ( set x; as_func_ret_success y && test x = \"\$1\" ); then + : +else + exitcode=1 + echo positional parameters were not saved. +fi + +test \$exitcode = 0) || { (exit 1); exit 1; } + +( + as_lineno_1=\$LINENO + as_lineno_2=\$LINENO + test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && + test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } +") 2> /dev/null; then + : +else + as_candidate_shells= + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + case $as_dir in + /*) + for as_base in sh bash ksh sh5; do + as_candidate_shells="$as_candidate_shells $as_dir/$as_base" + done;; + esac +done +IFS=$as_save_IFS + + + for as_shell in $as_candidate_shells $SHELL; do + # Try only shells that exist, to save several forks. + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { ("$as_shell") 2> /dev/null <<\_ASEOF +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + +: +_ASEOF +}; then + CONFIG_SHELL=$as_shell + as_have_required=yes + if { "$as_shell" 2> /dev/null <<\_ASEOF +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + +: +(as_func_return () { + (exit $1) +} +as_func_success () { + as_func_return 0 +} +as_func_failure () { + as_func_return 1 +} +as_func_ret_success () { + return 0 +} +as_func_ret_failure () { + return 1 +} + +exitcode=0 +if as_func_success; then + : +else + exitcode=1 + echo as_func_success failed. +fi + +if as_func_failure; then + exitcode=1 + echo as_func_failure succeeded. +fi + +if as_func_ret_success; then + : +else + exitcode=1 + echo as_func_ret_success failed. +fi + +if as_func_ret_failure; then + exitcode=1 + echo as_func_ret_failure succeeded. +fi + +if ( set x; as_func_ret_success y && test x = "$1" ); then + : +else + exitcode=1 + echo positional parameters were not saved. +fi + +test $exitcode = 0) || { (exit 1); exit 1; } + +( + as_lineno_1=$LINENO + as_lineno_2=$LINENO + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } + +_ASEOF +}; then + break +fi + +fi + + done + + if test "x$CONFIG_SHELL" != x; then + for as_var in BASH_ENV ENV + do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var + done + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} +fi + + + if test $as_have_required = no; then + echo This script requires a shell more modern than all the + echo shells that I found on your system. Please install a + echo modern shell, or manually run the script under such a + echo shell if you do have one. + { (exit 1); exit 1; } +fi + + +fi + +fi + + + +(eval "as_func_return () { + (exit \$1) +} +as_func_success () { + as_func_return 0 +} +as_func_failure () { + as_func_return 1 +} +as_func_ret_success () { + return 0 +} +as_func_ret_failure () { + return 1 +} + +exitcode=0 +if as_func_success; then + : +else + exitcode=1 + echo as_func_success failed. +fi + +if as_func_failure; then + exitcode=1 + echo as_func_failure succeeded. +fi + +if as_func_ret_success; then + : +else + exitcode=1 + echo as_func_ret_success failed. +fi + +if as_func_ret_failure; then + exitcode=1 + echo as_func_ret_failure succeeded. +fi + +if ( set x; as_func_ret_success y && test x = \"\$1\" ); then + : +else + exitcode=1 + echo positional parameters were not saved. +fi + +test \$exitcode = 0") || { + echo No shell found that supports shell functions. + echo Please tell autoconf@gnu.org about your system, + echo including any error possibly output before this + echo message +} + + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line after each line using $LINENO; the second 'sed' + # does the real work. The second script uses 'N' to pair each + # line-number line with the line containing $LINENO, and appends + # trailing '-' during substitution so that $LINENO is not a special + # case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # scripts with optimization help from Paolo Bonzini. Blame Lee + # E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in +-n*) + case `echo 'x\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + *) ECHO_C='\c';; + esac;; +*) + ECHO_N='-n';; +esac + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir +fi +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + + + +# Check that we are running under the correct shell. +SHELL=${CONFIG_SHELL-/bin/sh} + +case X$ECHO in +X*--fallback-echo) + # Remove one level of quotation (which was required for Make). + ECHO=`echo "$ECHO" | sed 's,\\\\\$\\$0,'$0','` + ;; +esac + +echo=${ECHO-echo} +if test "X$1" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. + shift +elif test "X$1" = X--fallback-echo; then + # Avoid inline document here, it may be left over + : +elif test "X`($echo '\t') 2>/dev/null`" = 'X\t' ; then + # Yippee, $echo works! + : +else + # Restart under the correct shell. + exec $SHELL "$0" --no-reexec ${1+"$@"} +fi + +if test "X$1" = X--fallback-echo; then + # used as fallback echo + shift + cat </dev/null 2>&1 && unset CDPATH + +if test -z "$ECHO"; then +if test "X${echo_test_string+set}" != Xset; then +# find a string as large as possible, as long as the shell can cope with it + for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do + # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... + if (echo_test_string=`eval $cmd`) 2>/dev/null && + echo_test_string=`eval $cmd` && + (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null + then + break + fi + done +fi + +if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + : +else + # The Solaris, AIX, and Digital Unix default echo programs unquote + # backslashes. This makes it impossible to quote backslashes using + # echo "$something" | sed 's/\\/\\\\/g' + # + # So, first we look for a working echo in the user's PATH. + + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for dir in $PATH /usr/ucb; do + IFS="$lt_save_ifs" + if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && + test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + echo="$dir/echo" + break + fi + done + IFS="$lt_save_ifs" + + if test "X$echo" = Xecho; then + # We didn't find a better echo, so look for alternatives. + if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # This shell has a builtin print -r that does the trick. + echo='print -r' + elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) && + test "X$CONFIG_SHELL" != X/bin/ksh; then + # If we have ksh, try running configure again with it. + ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} + export ORIGINAL_CONFIG_SHELL + CONFIG_SHELL=/bin/ksh + export CONFIG_SHELL + exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"} + else + # Try using printf. + echo='printf %s\n' + if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && + echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + # Cool, printf works + : + elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL + export CONFIG_SHELL + SHELL="$CONFIG_SHELL" + export SHELL + echo="$CONFIG_SHELL $0 --fallback-echo" + elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && + test "X$echo_testing_string" = 'X\t' && + echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && + test "X$echo_testing_string" = "X$echo_test_string"; then + echo="$CONFIG_SHELL $0 --fallback-echo" + else + # maybe with a smaller string... + prev=: + + for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do + if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null + then + break + fi + prev="$cmd" + done + + if test "$prev" != 'sed 50q "$0"'; then + echo_test_string=`eval $prev` + export echo_test_string + exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"} + else + # Oops. We lost completely, so just stick with echo. + echo=echo + fi + fi + fi + fi +fi +fi + +# Copy echo and quote the copy suitably for passing to libtool from +# the Makefile, instead of quoting the original, which is used later. +ECHO=$echo +if test "X$ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then + ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo" +fi + + + + +tagnames=${tagnames+${tagnames},}CXX + +tagnames=${tagnames+${tagnames},}F77 + +exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Identity of this package. +PACKAGE_NAME='strongSwan' +PACKAGE_TARNAME='strongswan' +PACKAGE_VERSION='4.1.1' +PACKAGE_STRING='strongSwan 4.1.1' +PACKAGE_BUGREPORT='' + +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='SHELL +PATH_SEPARATOR +PACKAGE_NAME +PACKAGE_TARNAME +PACKAGE_VERSION +PACKAGE_STRING +PACKAGE_BUGREPORT +exec_prefix +prefix +program_transform_name +bindir +sbindir +libexecdir +datarootdir +datadir +sysconfdir +sharedstatedir +localstatedir +includedir +oldincludedir +docdir +infodir +htmldir +dvidir +pdfdir +psdir +libdir +localedir +mandir +DEFS +ECHO_C +ECHO_N +ECHO_T +LIBS +build_alias +host_alias +target_alias +INSTALL_PROGRAM +INSTALL_SCRIPT +INSTALL_DATA +CYGPATH_W +PACKAGE +VERSION +ACLOCAL +AUTOCONF +AUTOMAKE +AUTOHEADER +MAKEINFO +install_sh +STRIP +INSTALL_STRIP_PROGRAM +mkdir_p +AWK +SET_MAKE +am__leading_dot +AMTAR +am__tar +am__untar +CC +CFLAGS +LDFLAGS +CPPFLAGS +ac_ct_CC +EXEEXT +OBJEXT +DEPDIR +am__include +am__quote +AMDEP_TRUE +AMDEP_FALSE +AMDEPBACKSLASH +CCDEPMODE +am__fastdepCC_TRUE +am__fastdepCC_FALSE +CPP +GREP +EGREP +confdir +ipsecdir +piddir +eapdir +USE_LIBCURL_TRUE +USE_LIBCURL_FALSE +USE_LIBLDAP_TRUE +USE_LIBLDAP_FALSE +USE_SMARTCARD_TRUE +USE_SMARTCARD_FALSE +USE_CISCO_QUIRKS_TRUE +USE_CISCO_QUIRKS_FALSE +USE_LEAK_DETECTIVE_TRUE +USE_LEAK_DETECTIVE_FALSE +BUILD_EAP_SIM_TRUE +BUILD_EAP_SIM_FALSE +USE_NAT_TRANSPORT_TRUE +USE_NAT_TRANSPORT_FALSE +USE_VENDORID_TRUE +USE_VENDORID_FALSE +build +build_cpu +build_vendor +build_os +host +host_cpu +host_vendor +host_os +LN_S +ECHO +AR +RANLIB +CXX +CXXFLAGS +ac_ct_CXX +CXXDEPMODE +am__fastdepCXX_TRUE +am__fastdepCXX_FALSE +CXXCPP +F77 +FFLAGS +ac_ct_F77 +LIBTOOL +LEX +LEX_OUTPUT_ROOT +LEXLIB +YACC +YFLAGS +GPERF +PERL +LIBOBJS +LTLIBOBJS' +ac_subst_files='' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP +CXX +CXXFLAGS +CCC +CXXCPP +F77 +FFLAGS +YACC +YFLAGS' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` + eval enable_$ac_feature=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` + eval enable_$ac_feature=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/[-.]/_/g'` + eval with_$ac_package=\$ac_optarg ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/[-.]/_/g'` + eval with_$ac_package=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } +fi + +# Be sure to have absolute directory names. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; } +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + { echo "$as_me: error: Working directory cannot be determined" >&2 + { (exit 1); exit 1; }; } +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + { echo "$as_me: error: pwd does not report name of working directory" >&2 + { (exit 1); exit 1; }; } + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$0" || +$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$0" : 'X\(//\)[^/]' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +echo X"$0" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 + { (exit 1); exit 1; }; } +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2 + { (exit 1); exit 1; }; } + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures strongSwan 4.1.1 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/strongswan] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of strongSwan 4.1.1:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors + --enable-http enable OCSP and fetching of Certificates and CRLs + over HTTP (default is NO). Requires libcurl. + --enable-ldap enable fetching of CRLs from LDAP (default is NO). + Requires openLDAP. + --enable-smartcard enable smartcard support (default is NO). + --enable-cisco-quirks enable support of Cisco VPN client (default is NO). + --enable-leak-detective enable malloc hooks to find memory leaks (default is + NO). + --enable-eap-sim build SIM authenication module for EAP (default is + NO). + --enable-nat-transport enable NAT traversal with IPsec transport mode + (default is NO). + --disable-vendor-id disable the sending of the strongSwan vendor ID + (default is NO). + --enable-shared[=PKGS] build shared libraries [default=yes] + --enable-static[=PKGS] build static libraries [default=yes] + --enable-fast-install[=PKGS] + optimize for fast installation [default=yes] + --disable-libtool-lock avoid locking (might break parallel builds) + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-default-pkcs11=lib + set the default PKCS11 library other than + "/usr/lib/opensc-pkcs11.so" + --with-xauth-module=lib set the path to the XAUTH module + --with-random-device=dev + set the device for real random data other than + "/dev/random" + --with-resolv-conf=file set the file to store DNS server information other + than "sysconfdir/resolv.conf" + --with-urandom-device=dev + set the device for pseudo random data other than + "/dev/urandom" + --with-ipsecdir=dir installation path for ipsec tools other than + "libexecdir/ipsec" + --with-piddir=dir path for PID and UNIX socket files other than + "/var/run" + --with-eapdir=dir path for pluggable EAP modules other than + "ipsecdir/eap" + --with-sim-reader=library.so + library containing the sim_run_alg() function for + EAP-SIM + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-pic try to use only PIC/non-PIC objects [default=use + both] + --with-tags[=TAGS] include additional configurations [automatic] + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + CXX C++ compiler command + CXXFLAGS C++ compiler flags + CXXCPP C++ preprocessor + F77 Fortran 77 compiler command + FFLAGS Fortran 77 compiler flags + YACC The `Yet Another C Compiler' implementation to use. Defaults to + the first program found out of: `bison -y', `byacc', `yacc'. + YFLAGS The list of arguments that will be passed by default to $YACC. + This script will default YFLAGS to the empty string to avoid a + default value of `-d' given by some make applications. + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +strongSwan configure 4.1.1 +generated by GNU Autoconf 2.61 + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by strongSwan $as_me 4.1.1, which was +generated by GNU Autoconf 2.61. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + echo "PATH: $as_dir" +done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 2) + ac_configure_args1="$ac_configure_args1 '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + ac_configure_args="$ac_configure_args '$ac_arg'" + ;; + esac + done +done +$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } +$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + cat <<\_ASBOX +## ---------------- ## +## Cache variables. ## +## ---------------- ## +_ASBOX + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 +echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + *) $as_unset $ac_var ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + cat <<\_ASBOX +## ----------------- ## +## Output variables. ## +## ----------------- ## +_ASBOX + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + cat <<\_ASBOX +## ------------------- ## +## File substitutions. ## +## ------------------- ## +_ASBOX + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + cat <<\_ASBOX +## ----------- ## +## confdefs.h. ## +## ----------- ## +_ASBOX + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + echo "$as_me: caught signal $ac_signal" + echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer explicitly selected file to automatically selected ones. +if test -n "$CONFIG_SITE"; then + set x "$CONFIG_SITE" +elif test "x$prefix" != xNONE; then + set x "$prefix/share/config.site" "$prefix/etc/config.site" +else + set x "$ac_default_prefix/share/config.site" \ + "$ac_default_prefix/etc/config.site" +fi +shift +for ac_site_file +do + if test -r "$ac_site_file"; then + { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 +echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { echo "$as_me:$LINENO: loading cache $cache_file" >&5 +echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { echo "$as_me:$LINENO: creating cache $cache_file" >&5 +echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 +echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 +echo "$as_me: former value: $ac_old_val" >&2;} + { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 +echo "$as_me: current value: $ac_new_val" >&2;} + ac_cache_corrupted=: + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 +echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } +fi + + + + + + + + + + + + + + + + + + + + + + + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +am__api_version="1.9" +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5 +echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;} + { (exit 1); exit 1; }; } +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; } +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + done + done + ;; +esac +done +IFS=$as_save_IFS + + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ echo "$as_me:$LINENO: result: $INSTALL" >&5 +echo "${ECHO_T}$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ echo "$as_me:$LINENO: checking whether build environment is sane" >&5 +echo $ECHO_N "checking whether build environment is sane... $ECHO_C" >&6; } +# Just in case +sleep 1 +echo timestamp > conftest.file +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftest.file` + fi + rm -f conftest.file + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + { { echo "$as_me:$LINENO: error: ls -t appears to fail. Make sure there is not a broken +alias in your environment" >&5 +echo "$as_me: error: ls -t appears to fail. Make sure there is not a broken +alias in your environment" >&2;} + { (exit 1); exit 1; }; } + fi + + test "$2" = conftest.file + ) +then + # Ok. + : +else + { { echo "$as_me:$LINENO: error: newly created file is older than distributed files! +Check your system clock" >&5 +echo "$as_me: error: newly created file is older than distributed files! +Check your system clock" >&2;} + { (exit 1); exit 1; }; } +fi +{ echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. echo might interpret backslashes. +# By default was `s,x,x', remove it if useless. +cat <<\_ACEOF >conftest.sed +s/[\\$]/&&/g;s/;s,x,x,$// +_ACEOF +program_transform_name=`echo $program_transform_name | sed -f conftest.sed` +rm -f conftest.sed + +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` + +test x"${MISSING+set}" = xset || MISSING="\${SHELL} $am_aux_dir/missing" +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + { echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5 +echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} +fi + +if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then + # We used to keeping the `.' as first argument, in order to + # allow $(mkdir_p) to be used without argument. As in + # $(mkdir_p) $(somedir) + # where $(somedir) is conditionally defined. However this is wrong + # for two reasons: + # 1. if the package is installed by a user who cannot write `.' + # make install will fail, + # 2. the above comment should most certainly read + # $(mkdir_p) $(DESTDIR)$(somedir) + # so it does not work when $(somedir) is undefined and + # $(DESTDIR) is not. + # To support the latter case, we have to write + # test -z "$(somedir)" || $(mkdir_p) $(DESTDIR)$(somedir), + # so the `.' trick is pointless. + mkdir_p='mkdir -p --' +else + # On NextStep and OpenStep, the `mkdir' command does not + # recognize any option. It will interpret all options as + # directories to create, and then abort because `.' already + # exists. + for d in ./-p ./--version; + do + test -d $d && rmdir $d + done + # $(mkinstalldirs) is defined by Automake if mkinstalldirs exists. + if test -f "$ac_aux_dir/mkinstalldirs"; then + mkdir_p='$(mkinstalldirs)' + else + mkdir_p='$(install_sh) -d' + fi +fi + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_AWK+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AWK="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { echo "$as_me:$LINENO: result: $AWK" >&5 +echo "${ECHO_T}$AWK" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$AWK" && break +done + +{ echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; } +set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + SET_MAKE= +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null + +# test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && + test -f $srcdir/config.status; then + { { echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5 +echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;} + { (exit 1); exit 1; }; } +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE='strongswan' + VERSION='4.1.1' + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +install_sh=${install_sh-"$am_aux_dir/install-sh"} + +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_STRIP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { echo "$as_me:$LINENO: result: $STRIP" >&5 +echo "${ECHO_T}$STRIP" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 +echo "${ECHO_T}$ac_ct_STRIP" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\${SHELL} \$(install_sh) -c -s" + +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +# Always define AMTAR for backward compatibility. + +AMTAR=${AMTAR-"${am_missing_run}tar"} + + +{ echo "$as_me:$LINENO: checking how to create a ustar tar archive" >&5 +echo $ECHO_N "checking how to create a ustar tar archive... $ECHO_C" >&6; } +# Loop over all known methods to create a tar archive until one works. +_am_tools='gnutar plaintar pax cpio none' +_am_tools=${am_cv_prog_tar_ustar-$_am_tools} +# Do not fold the above two line into one, because Tru64 sh and +# Solaris sh will not grok spaces in the rhs of `-'. +for _am_tool in $_am_tools +do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; + do + { echo "$as_me:$LINENO: $_am_tar --version" >&5 + ($_am_tar --version) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && break + done + am__tar="$_am_tar --format=ustar -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=ustar -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x ustar -w "$$tardir"' + am__tar_='pax -L -x ustar -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H ustar -L' + am__tar_='find "$tardir" -print | cpio -o -H ustar -L' + am__untar='cpio -i -H ustar -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_ustar}" && break + + # tar/untar a dummy directory, and stop if the command works + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5 + (tardir=conftest.dir && eval $am__tar_ >conftest.tar) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + rm -rf conftest.dir + if test -s conftest.tar; then + { echo "$as_me:$LINENO: $am__untar &5 + ($am__untar &5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + grep GrepMe conftest.dir/file >/dev/null 2>&1 && break + fi +done +rm -rf conftest.dir + +if test "${am_cv_prog_tar_ustar+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + am_cv_prog_tar_ustar=$_am_tool +fi + +{ echo "$as_me:$LINENO: result: $am_cv_prog_tar_ustar" >&5 +echo "${ECHO_T}$am_cv_prog_tar_ustar" >&6; } + + + + + +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + + +am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo done +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +{ echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5 +echo $ECHO_N "checking for style of include used by $am_make... $ECHO_C" >&6; } +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# We grep out `Entering directory' and `Leaving directory' +# messages which can occur if `w' ends up in MAKEFLAGS. +# In particular we don't look at `^make:' because GNU make might +# be invoked under some other name (usually "gmake"), in which +# case it prints its new name instead of `make'. +if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then + am__include=include + am__quote= + _am_result=GNU +fi +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then + am__include=.include + am__quote="\"" + _am_result=BSD + fi +fi + + +{ echo "$as_me:$LINENO: result: $_am_result" >&5 +echo "${ECHO_T}$_am_result" >&6; } +rm -f confinc confmf + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' +fi + + +if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO: checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (ac_try="$ac_compiler --version >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler --version >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -v >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler -v >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -V >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler -V >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; } +ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +# +# List of possible output files, starting from the most likely. +# The algorithm is not robust to junk in `.', hence go to wildcards (a.*) +# only as a last resort. b.out is created by i960 compilers. +ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out' +# +# The IRIX 6 linker writes into existing files which may not be +# executable, retaining their permissions. Remove them first so a +# subsequent execution test works. +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { (ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi + +{ echo "$as_me:$LINENO: result: $ac_file" >&5 +echo "${ECHO_T}$ac_file" >&6; } +if test -z "$ac_file"; then + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: C compiler cannot create executables +See \`config.log' for more details." >&5 +echo "$as_me: error: C compiler cannot create executables +See \`config.log' for more details." >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext + +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; } +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { echo "$as_me:$LINENO: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + fi + fi +fi +{ echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + +rm -f a.out a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; } +{ echo "$as_me:$LINENO: result: $cross_compiling" >&5 +echo "${ECHO_T}$cross_compiling" >&6; } + +{ echo "$as_me:$LINENO: checking for suffix of executables" >&5 +echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; } +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +echo "${ECHO_T}$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +{ echo "$as_me:$LINENO: checking for suffix of object files" >&5 +echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; } +if test "${ac_cv_objext+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +echo "${ECHO_T}$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; } +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_compiler_gnu=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; } +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; } +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + CFLAGS="" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 +echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } +if test "${ac_cv_prog_cc_c89+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_c89=$ac_arg +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6; } ;; + xno) + { echo "$as_me:$LINENO: result: unsupported" >&5 +echo "${ECHO_T}unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; +esac + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +depcc="$CC" am_compiler_list= + +{ echo "$as_me:$LINENO: checking dependency style of $depcc" >&5 +echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6; } +if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + case $depmode in + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + none) break ;; + esac + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. + if depmode=$depmode \ + source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5 +echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + + +if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi + +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi + +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ echo "$as_me:$LINENO: result: $CPP" >&5 +echo "${ECHO_T}$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi + +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi + +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&5 +echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 +echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; } +if test "${ac_cv_path_GREP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Extract the first word of "grep ggrep" to use in msg output +if test -z "$GREP"; then +set dummy grep ggrep; ac_prog_name=$2 +if test "${ac_cv_path_GREP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_path_GREP_found=false +# Loop through the user's path and test for each of PROGNAME-LIST +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue + # Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + ac_count=`expr $ac_count + 1` + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + + $ac_path_GREP_found && break 3 + done +done + +done +IFS=$as_save_IFS + + +fi + +GREP="$ac_cv_path_GREP" +if test -z "$GREP"; then + { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 +echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} + { (exit 1); exit 1; }; } +fi + +else + ac_cv_path_GREP=$GREP +fi + + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 +echo "${ECHO_T}$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ echo "$as_me:$LINENO: checking for egrep" >&5 +echo $ECHO_N "checking for egrep... $ECHO_C" >&6; } +if test "${ac_cv_path_EGREP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + # Extract the first word of "egrep" to use in msg output +if test -z "$EGREP"; then +set dummy egrep; ac_prog_name=$2 +if test "${ac_cv_path_EGREP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_path_EGREP_found=false +# Loop through the user's path and test for each of PROGNAME-LIST +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue + # Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + ac_count=`expr $ac_count + 1` + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + + $ac_path_EGREP_found && break 3 + done +done + +done +IFS=$as_save_IFS + + +fi + +EGREP="$ac_cv_path_EGREP" +if test -z "$EGREP"; then + { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 +echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} + { (exit 1); exit 1; }; } +fi + +else + ac_cv_path_EGREP=$EGREP +fi + + + fi +fi +{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 +echo "${ECHO_T}$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; } +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_header_stdc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_header_stdc=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi + + +fi +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. + + + + + + + + + +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default + +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_Header=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +ac_res=`eval echo '${'$as_ac_Header'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +{ echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5 +echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6; } +if test "${ac_cv_c_bigendian+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # See if sys/param.h defines the BYTE_ORDER macro. +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include + +int +main () +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN && defined LITTLE_ENDIAN \ + && BYTE_ORDER && BIG_ENDIAN && LITTLE_ENDIAN) + bogus endian macros +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + # It does; now see whether it defined to BIG_ENDIAN or not. +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_c_bigendian=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_c_bigendian=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # It does not; compile a test program. +if test "$cross_compiling" = yes; then + # try to guess the endianness by grepping values into an object file + ac_cv_c_bigendian=unknown + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; +short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; +void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; } +short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; +short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; +void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; } +int +main () +{ + _ascii (); _ebcdic (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then + ac_cv_c_bigendian=yes +fi +if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi +fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_bigendian=no +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5 +echo "${ECHO_T}$ac_cv_c_bigendian" >&6; } +case $ac_cv_c_bigendian in + yes) + +cat >>confdefs.h <<\_ACEOF +#define WORDS_BIGENDIAN 1 +_ACEOF + ;; + no) + ;; + *) + { { echo "$as_me:$LINENO: error: unknown endianness +presetting ac_cv_c_bigendian=no (or yes) will help" >&5 +echo "$as_me: error: unknown endianness +presetting ac_cv_c_bigendian=no (or yes) will help" >&2;} + { (exit 1); exit 1; }; } ;; +esac + +confdir='${sysconfdir}' + + + + + +# Check whether --with-default-pkcs11 was given. +if test "${with_default_pkcs11+set}" = set; then + withval=$with_default_pkcs11; cat >>confdefs.h <<_ACEOF +#define PKCS11_DEFAULT_LIB "$withval" +_ACEOF + +else + cat >>confdefs.h <<_ACEOF +#define PKCS11_DEFAULT_LIB "/usr/lib/opensc-pkcs11.so" +_ACEOF + + +fi + + + +# Check whether --with-xauth-module was given. +if test "${with_xauth_module+set}" = set; then + withval=$with_xauth_module; cat >>confdefs.h <<_ACEOF +#define XAUTH_DEFAULT_LIB "$withval" +_ACEOF + +fi + + + +# Check whether --with-random-device was given. +if test "${with_random_device+set}" = set; then + withval=$with_random_device; cat >>confdefs.h <<_ACEOF +#define DEV_RANDOM "$withval" +_ACEOF + +else + cat >>confdefs.h <<_ACEOF +#define DEV_RANDOM "/dev/random" +_ACEOF + + +fi + + +# Check whether --with-resolv-conf was given. +if test "${with_resolv_conf+set}" = set; then + withval=$with_resolv_conf; cat >>confdefs.h <<_ACEOF +#define RESOLV_CONF "$withval" +_ACEOF + +else + cat >>confdefs.h <<_ACEOF +#define RESOLV_CONF "${sysconfdir}/resolv.conf" +_ACEOF + + +fi + + + +# Check whether --with-urandom-device was given. +if test "${with_urandom_device+set}" = set; then + withval=$with_urandom_device; cat >>confdefs.h <<_ACEOF +#define DEV_URANDOM "$withval" +_ACEOF + +else + cat >>confdefs.h <<_ACEOF +#define DEV_URANDOM "/dev/urandom" +_ACEOF + + +fi + + + +# Check whether --with-ipsecdir was given. +if test "${with_ipsecdir+set}" = set; then + withval=$with_ipsecdir; ipsecdir="$withval" + +else + ipsecdir="${libexecdir}/ipsec" + + +fi + + + +# Check whether --with-piddir was given. +if test "${with_piddir+set}" = set; then + withval=$with_piddir; piddir="$withval" + +else + piddir="/var/run" + + +fi + + + +# Check whether --with-eapdir was given. +if test "${with_eapdir+set}" = set; then + withval=$with_eapdir; eapdir="$withval" + +else + eapdir="${ipsecdir}/eap" + + +fi + + + +# Check whether --with-sim-reader was given. +if test "${with_sim_reader+set}" = set; then + withval=$with_sim_reader; cat >>confdefs.h <<_ACEOF +#define SIM_READER_LIB "$withval" +_ACEOF + + +fi + + +# Check whether --enable-http was given. +if test "${enable_http+set}" = set; then + enableval=$enable_http; if test x$enableval = xyes; then + http=true + cat >>confdefs.h <<\_ACEOF +#define LIBCURL 1 +_ACEOF + + fi + +fi + + + +if test x$http = xtrue; then + USE_LIBCURL_TRUE= + USE_LIBCURL_FALSE='#' +else + USE_LIBCURL_TRUE='#' + USE_LIBCURL_FALSE= +fi + + +# Check whether --enable-ldap was given. +if test "${enable_ldap+set}" = set; then + enableval=$enable_ldap; if test x$enableval = xyes; then + ldap=true + cat >>confdefs.h <<\_ACEOF +#define LIBLDAP 1 +_ACEOF + + fi + +fi + + + +if test x$ldap = xtrue; then + USE_LIBLDAP_TRUE= + USE_LIBLDAP_FALSE='#' +else + USE_LIBLDAP_TRUE='#' + USE_LIBLDAP_FALSE= +fi + + +# Check whether --enable-smartcard was given. +if test "${enable_smartcard+set}" = set; then + enableval=$enable_smartcard; if test x$enableval = xyes; then + smartcard=true + cat >>confdefs.h <<\_ACEOF +#define SMARTCARD 1 +_ACEOF + + fi + +fi + + + +if test x$smartcard = xtrue; then + USE_SMARTCARD_TRUE= + USE_SMARTCARD_FALSE='#' +else + USE_SMARTCARD_TRUE='#' + USE_SMARTCARD_FALSE= +fi + + +# Check whether --enable-cisco-quirks was given. +if test "${enable_cisco_quirks+set}" = set; then + enableval=$enable_cisco_quirks; if test x$enableval = xyes; then + cisco_quirks=true + fi + +fi + + + +if test x$cisco_quirks = xtrue; then + USE_CISCO_QUIRKS_TRUE= + USE_CISCO_QUIRKS_FALSE='#' +else + USE_CISCO_QUIRKS_TRUE='#' + USE_CISCO_QUIRKS_FALSE= +fi + + +# Check whether --enable-leak-detective was given. +if test "${enable_leak_detective+set}" = set; then + enableval=$enable_leak_detective; if test x$enableval = xyes; then + leak_detective=true + fi + +fi + + + +if test x$leak_detective = xtrue; then + USE_LEAK_DETECTIVE_TRUE= + USE_LEAK_DETECTIVE_FALSE='#' +else + USE_LEAK_DETECTIVE_TRUE='#' + USE_LEAK_DETECTIVE_FALSE= +fi + + +# Check whether --enable-eap-sim was given. +if test "${enable_eap_sim+set}" = set; then + enableval=$enable_eap_sim; if test x$enableval = xyes; then + eap_sim=true + fi + +fi + + + +if test x$eap_sim = xtrue; then + BUILD_EAP_SIM_TRUE= + BUILD_EAP_SIM_FALSE='#' +else + BUILD_EAP_SIM_TRUE='#' + BUILD_EAP_SIM_FALSE= +fi + + +# Check whether --enable-nat-transport was given. +if test "${enable_nat_transport+set}" = set; then + enableval=$enable_nat_transport; if test x$enableval = xyes; then + nat_transport=true + fi + +fi + + + +if test x$nat_transport = xtrue; then + USE_NAT_TRANSPORT_TRUE= + USE_NAT_TRANSPORT_FALSE='#' +else + USE_NAT_TRANSPORT_TRUE='#' + USE_NAT_TRANSPORT_FALSE= +fi + + +# Check whether --enable-vendor-id was given. +if test "${enable_vendor_id+set}" = set; then + enableval=$enable_vendor_id; if test x$enableval = xyes; then + vendor_id=true + else + vendor_id=false + fi +else + vendor_id=true + +fi + + + +if test x$vendor_id = xtrue; then + USE_VENDORID_TRUE= + USE_VENDORID_FALSE='#' +else + USE_VENDORID_TRUE='#' + USE_VENDORID_FALSE= +fi + + + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; } +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + done + done + ;; +esac +done +IFS=$as_save_IFS + + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ echo "$as_me:$LINENO: result: $INSTALL" >&5 +echo "${ECHO_T}$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +# Check whether --enable-shared was given. +if test "${enable_shared+set}" = set; then + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_shared=yes +fi + + +# Check whether --enable-static was given. +if test "${enable_static+set}" = set; then + enableval=$enable_static; p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_static=yes +fi + + +# Check whether --enable-fast-install was given. +if test "${enable_fast_install+set}" = set; then + enableval=$enable_fast_install; p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_fast_install=yes +fi + + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5 +echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;} + { (exit 1); exit 1; }; } + +{ echo "$as_me:$LINENO: checking build system type" >&5 +echo $ECHO_N "checking build system type... $ECHO_C" >&6; } +if test "${ac_cv_build+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 +echo "$as_me: error: cannot guess build type; you must specify one" >&2;} + { (exit 1); exit 1; }; } +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5 +echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;} + { (exit 1); exit 1; }; } + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_build" >&5 +echo "${ECHO_T}$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5 +echo "$as_me: error: invalid value of canonical build" >&2;} + { (exit 1); exit 1; }; };; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ echo "$as_me:$LINENO: checking host system type" >&5 +echo $ECHO_N "checking host system type... $ECHO_C" >&6; } +if test "${ac_cv_host+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5 +echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;} + { (exit 1); exit 1; }; } +fi + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_host" >&5 +echo "${ECHO_T}$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5 +echo "$as_me: error: invalid value of canonical host" >&2;} + { (exit 1); exit 1; }; };; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + +{ echo "$as_me:$LINENO: checking for a sed that does not truncate output" >&5 +echo $ECHO_N "checking for a sed that does not truncate output... $ECHO_C" >&6; } +if test "${lt_cv_path_SED+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Loop through the user's path and test for sed and gsed. +# Then use that list of sed's as ones to test for truncation. +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done +done +lt_ac_max=0 +lt_ac_count=0 +# Add /usr/xpg4/bin/sed as it is typically found on Solaris +# along with /bin/sed that truncates output. +for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do + test ! -f $lt_ac_sed && continue + cat /dev/null > conftest.in + lt_ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >conftest.in + # Check for GNU sed and select it if it is found. + if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then + lt_cv_path_SED=$lt_ac_sed + break + fi + while true; do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo >>conftest.nl + $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break + cmp -s conftest.out conftest.nl || break + # 10000 chars as input seems more than enough + test $lt_ac_count -gt 10 && break + lt_ac_count=`expr $lt_ac_count + 1` + if test $lt_ac_count -gt $lt_ac_max; then + lt_ac_max=$lt_ac_count + lt_cv_path_SED=$lt_ac_sed + fi + done +done + +fi + +SED=$lt_cv_path_SED +{ echo "$as_me:$LINENO: result: $SED" >&5 +echo "${ECHO_T}$SED" >&6; } + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then + withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + { echo "$as_me:$LINENO: checking for ld used by $CC" >&5 +echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'` + while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do + ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + { echo "$as_me:$LINENO: checking for GNU ld" >&5 +echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; } +else + { echo "$as_me:$LINENO: checking for non-GNU ld" >&5 +echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; } +fi +if test "${lt_cv_path_LD+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +echo "${ECHO_T}$LD" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi +test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5 +echo "$as_me: error: no acceptable ld found in \$PATH" >&2;} + { (exit 1); exit 1; }; } +{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5 +echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; } +if test "${lt_cv_prog_gnu_ld+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + +{ echo "$as_me:$LINENO: checking for $LD option to reload object files" >&5 +echo $ECHO_N "checking for $LD option to reload object files... $ECHO_C" >&6; } +if test "${lt_cv_ld_reload_flag+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_cv_ld_reload_flag='-r' +fi +{ echo "$as_me:$LINENO: result: $lt_cv_ld_reload_flag" >&5 +echo "${ECHO_T}$lt_cv_ld_reload_flag" >&6; } +reload_flag=$lt_cv_ld_reload_flag +case $reload_flag in +"" | " "*) ;; +*) reload_flag=" $reload_flag" ;; +esac +reload_cmds='$LD$reload_flag -o $output$reload_objs' +case $host_os in + darwin*) + if test "$GCC" = yes; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' + else + reload_cmds='$LD$reload_flag -o $output$reload_objs' + fi + ;; +esac + +{ echo "$as_me:$LINENO: checking for BSD-compatible nm" >&5 +echo $ECHO_N "checking for BSD-compatible nm... $ECHO_C" >&6; } +if test "${lt_cv_path_NM+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM="$NM" +else + lt_nm_to_check="${ac_tool_prefix}nm" + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + tmp_nm="$ac_dir/$lt_tmp_nm" + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in + */dev/null* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS="$lt_save_ifs" + done + test -z "$lt_cv_path_NM" && lt_cv_path_NM=nm +fi +fi +{ echo "$as_me:$LINENO: result: $lt_cv_path_NM" >&5 +echo "${ECHO_T}$lt_cv_path_NM" >&6; } +NM="$lt_cv_path_NM" + +{ echo "$as_me:$LINENO: checking whether ln -s works" >&5 +echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +else + { echo "$as_me:$LINENO: result: no, using $LN_S" >&5 +echo "${ECHO_T}no, using $LN_S" >&6; } +fi + +{ echo "$as_me:$LINENO: checking how to recognise dependent libraries" >&5 +echo $ECHO_N "checking how to recognise dependent libraries... $ECHO_C" >&6; } +if test "${lt_cv_deplibs_check_method+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# `unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# which responds to the $file_magic_cmd with a given extended regex. +# If you have `file' or equivalent on your system and you're not sure +# whether `pass_all' will *always* work, you probably want this one. + +case $host_os in +aix4* | aix5*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[45]*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump'. + lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | kfreebsd*-gnu | dragonfly*) + if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]' + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix3*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be Linux ELF. +linux*) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +nto-qnx*) + lt_cv_deplibs_check_method=unknown + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; +esac + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_deplibs_check_method" >&5 +echo "${ECHO_T}$lt_cv_deplibs_check_method" >&6; } +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + +# Check whether --enable-libtool-lock was given. +if test "${enable_libtool_lock+set}" = set; then + enableval=$enable_libtool_lock; +fi + +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '#line 5513 "configure"' > conftest.$ac_ext + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*|s390*-*linux*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + { echo "$as_me:$LINENO: checking whether the C compiler needs -belf" >&5 +echo $ECHO_N "checking whether the C compiler needs -belf... $ECHO_C" >&6; } +if test "${lt_cv_cc_needs_belf+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + lt_cv_cc_needs_belf=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + lt_cv_cc_needs_belf=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_cc_needs_belf" >&5 +echo "${ECHO_T}$lt_cv_cc_needs_belf" >&6; } + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +sparc*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) LD="${LD-ld} -m elf64_sparc" ;; + *) LD="${LD-ld} -64" ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + + +esac + +need_locks="$enable_libtool_lock" + + + +for ac_header in dlfcn.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + { echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +ac_res=`eval echo '${'$as_ac_Header'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +else + # Is the header compilable? +{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6; } + +# Is the header present? +{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +ac_res=`eval echo '${'$as_ac_Header'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +if test -z "$CXX"; then + if test -n "$CCC"; then + CXX=$CCC + else + if test -n "$ac_tool_prefix"; then + for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CXX+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CXX"; then + ac_cv_prog_CXX="$CXX" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CXX="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CXX=$ac_cv_prog_CXX +if test -n "$CXX"; then + { echo "$as_me:$LINENO: result: $CXX" >&5 +echo "${ECHO_T}$CXX" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$CXX" && break + done +fi +if test -z "$CXX"; then + ac_ct_CXX=$CXX + for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CXX"; then + ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CXX="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CXX=$ac_cv_prog_ac_ct_CXX +if test -n "$ac_ct_CXX"; then + { echo "$as_me:$LINENO: result: $ac_ct_CXX" >&5 +echo "${ECHO_T}$ac_ct_CXX" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$ac_ct_CXX" && break +done + + if test "x$ac_ct_CXX" = x; then + CXX="g++" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CXX=$ac_ct_CXX + fi +fi + + fi +fi +# Provide some information about the compiler. +echo "$as_me:$LINENO: checking for C++ compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (ac_try="$ac_compiler --version >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler --version >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -v >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler -v >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -V >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler -V >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +{ echo "$as_me:$LINENO: checking whether we are using the GNU C++ compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C++ compiler... $ECHO_C" >&6; } +if test "${ac_cv_cxx_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_compiler_gnu=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_cxx_compiler_gnu=$ac_compiler_gnu + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_cxx_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_cxx_compiler_gnu" >&6; } +GXX=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CXXFLAGS=${CXXFLAGS+set} +ac_save_CXXFLAGS=$CXXFLAGS +{ echo "$as_me:$LINENO: checking whether $CXX accepts -g" >&5 +echo $ECHO_N "checking whether $CXX accepts -g... $ECHO_C" >&6; } +if test "${ac_cv_prog_cxx_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_save_cxx_werror_flag=$ac_cxx_werror_flag + ac_cxx_werror_flag=yes + ac_cv_prog_cxx_g=no + CXXFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cxx_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + CXXFLAGS="" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cxx_werror_flag=$ac_save_cxx_werror_flag + CXXFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cxx_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cxx_werror_flag=$ac_save_cxx_werror_flag +fi +{ echo "$as_me:$LINENO: result: $ac_cv_prog_cxx_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cxx_g" >&6; } +if test "$ac_test_CXXFLAGS" = set; then + CXXFLAGS=$ac_save_CXXFLAGS +elif test $ac_cv_prog_cxx_g = yes; then + if test "$GXX" = yes; then + CXXFLAGS="-g -O2" + else + CXXFLAGS="-g" + fi +else + if test "$GXX" = yes; then + CXXFLAGS="-O2" + else + CXXFLAGS= + fi +fi +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + +depcc="$CXX" am_compiler_list= + +{ echo "$as_me:$LINENO: checking dependency style of $depcc" >&5 +echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6; } +if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CXX_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + case $depmode in + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + none) break ;; + esac + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. + if depmode=$depmode \ + source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CXX_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CXX_dependencies_compiler_type=none +fi + +fi +{ echo "$as_me:$LINENO: result: $am_cv_CXX_dependencies_compiler_type" >&5 +echo "${ECHO_T}$am_cv_CXX_dependencies_compiler_type" >&6; } +CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type + + + +if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then + am__fastdepCXX_TRUE= + am__fastdepCXX_FALSE='#' +else + am__fastdepCXX_TRUE='#' + am__fastdepCXX_FALSE= +fi + + + + +if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +{ echo "$as_me:$LINENO: checking how to run the C++ preprocessor" >&5 +echo $ECHO_N "checking how to run the C++ preprocessor... $ECHO_C" >&6; } +if test -z "$CXXCPP"; then + if test "${ac_cv_prog_CXXCPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Double quotes because CXXCPP needs to be expanded + for CXXCPP in "$CXX -E" "/lib/cpp" + do + ac_preproc_ok=false +for ac_cxx_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || + test ! -s conftest.err + }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi + +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || + test ! -s conftest.err + }; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi + +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CXXCPP=$CXXCPP + +fi + CXXCPP=$ac_cv_prog_CXXCPP +else + ac_cv_prog_CXXCPP=$CXXCPP +fi +{ echo "$as_me:$LINENO: result: $CXXCPP" >&5 +echo "${ECHO_T}$CXXCPP" >&6; } +ac_preproc_ok=false +for ac_cxx_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || + test ! -s conftest.err + }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi + +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || + test ! -s conftest.err + }; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi + +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check +See \`config.log' for more details." >&5 +echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + +fi + + +ac_ext=f +ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5' +ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_f77_compiler_gnu +if test -n "$ac_tool_prefix"; then + for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_F77+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$F77"; then + ac_cv_prog_F77="$F77" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_F77="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +F77=$ac_cv_prog_F77 +if test -n "$F77"; then + { echo "$as_me:$LINENO: result: $F77" >&5 +echo "${ECHO_T}$F77" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$F77" && break + done +fi +if test -z "$F77"; then + ac_ct_F77=$F77 + for ac_prog in g77 xlf f77 frt pgf77 cf77 fort77 fl32 af77 xlf90 f90 pgf90 pghpf epcf90 gfortran g95 xlf95 f95 fort ifort ifc efc pgf95 lf95 ftn +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_F77+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_F77"; then + ac_cv_prog_ac_ct_F77="$ac_ct_F77" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_F77="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_F77=$ac_cv_prog_ac_ct_F77 +if test -n "$ac_ct_F77"; then + { echo "$as_me:$LINENO: result: $ac_ct_F77" >&5 +echo "${ECHO_T}$ac_ct_F77" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$ac_ct_F77" && break +done + + if test "x$ac_ct_F77" = x; then + F77="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + F77=$ac_ct_F77 + fi +fi + + +# Provide some information about the compiler. +echo "$as_me:$LINENO: checking for Fortran 77 compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (ac_try="$ac_compiler --version >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler --version >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -v >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler -v >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -V >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler -V >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +rm -f a.out + +# If we don't use `.F' as extension, the preprocessor is not run on the +# input file. (Note that this only needs to work for GNU compilers.) +ac_save_ext=$ac_ext +ac_ext=F +{ echo "$as_me:$LINENO: checking whether we are using the GNU Fortran 77 compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU Fortran 77 compiler... $ECHO_C" >&6; } +if test "${ac_cv_f77_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF + program main +#ifndef __GNUC__ + choke me +#endif + + end +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_f77_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_compiler_gnu=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_f77_compiler_gnu=$ac_compiler_gnu + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_f77_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_f77_compiler_gnu" >&6; } +ac_ext=$ac_save_ext +ac_test_FFLAGS=${FFLAGS+set} +ac_save_FFLAGS=$FFLAGS +FFLAGS= +{ echo "$as_me:$LINENO: checking whether $F77 accepts -g" >&5 +echo $ECHO_N "checking whether $F77 accepts -g... $ECHO_C" >&6; } +if test "${ac_cv_prog_f77_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + FFLAGS=-g +cat >conftest.$ac_ext <<_ACEOF + program main + + end +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_f77_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_f77_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_prog_f77_g=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_prog_f77_g" >&5 +echo "${ECHO_T}$ac_cv_prog_f77_g" >&6; } +if test "$ac_test_FFLAGS" = set; then + FFLAGS=$ac_save_FFLAGS +elif test $ac_cv_prog_f77_g = yes; then + if test "x$ac_cv_f77_compiler_gnu" = xyes; then + FFLAGS="-g -O2" + else + FFLAGS="-g" + fi +else + if test "x$ac_cv_f77_compiler_gnu" = xyes; then + FFLAGS="-O2" + else + FFLAGS= + fi +fi + +G77=`test $ac_compiler_gnu = yes && echo yes` +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +# Autoconf 2.13's AC_OBJEXT and AC_EXEEXT macros only works for C compilers! + +# find the maximum length of command line arguments +{ echo "$as_me:$LINENO: checking the maximum length of command line arguments" >&5 +echo $ECHO_N "checking the maximum length of command line arguments... $ECHO_C" >&6; } +if test "${lt_cv_sys_max_cmd_len+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + i=0 + teststring="ABCD" + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + while (test "X"`$SHELL $0 --fallback-echo "X$teststring" 2>/dev/null` \ + = "XX$teststring") >/dev/null 2>&1 && + new_result=`expr "X$teststring" : ".*" 2>&1` && + lt_cv_sys_max_cmd_len=$new_result && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + teststring= + # Add a significant safety factor because C++ compilers can tack on massive + # amounts of additional arguments before passing them to the linker. + # It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + ;; + esac + +fi + +if test -n $lt_cv_sys_max_cmd_len ; then + { echo "$as_me:$LINENO: result: $lt_cv_sys_max_cmd_len" >&5 +echo "${ECHO_T}$lt_cv_sys_max_cmd_len" >&6; } +else + { echo "$as_me:$LINENO: result: none" >&5 +echo "${ECHO_T}none" >&6; } +fi + + + + +# Check for command to grab the raw symbol name followed by C symbol from nm. +{ echo "$as_me:$LINENO: checking command to parse $NM output from $compiler object" >&5 +echo $ECHO_N "checking command to parse $NM output from $compiler object... $ECHO_C" >&6; } +if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[BCDEGRST]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([_A-Za-z][_A-Za-z0-9]*\)' + +# Transform an extracted symbol line into a proper C declaration +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern int \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[BCDT]' + ;; +cygwin* | mingw* | pw32*) + symcode='[ABCDGISTW]' + ;; +hpux*) # Its linker distinguishes data from code symbols + if test "$host_cpu" = ia64; then + symcode='[ABCDEGRST]' + fi + lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" + ;; +linux*) + if test "$host_cpu" = ia64; then + symcode='[ABCDGIRSTW]' + lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (lt_ptr) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (lt_ptr) \&\2},/p'" + fi + ;; +irix* | nonstopux*) + symcode='[BCDEGRST]' + ;; +osf*) + symcode='[BCDEGQRST]' + ;; +solaris*) + symcode='[BDRT]' + ;; +sco3.2v5*) + symcode='[DT]' + ;; +sysv4.2uw2*) + symcode='[DT]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[ABDT]' + ;; +sysv4) + symcode='[DFNSTU]' + ;; +esac + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[ABCDGIRSTW]' ;; +esac + +# Try without a prefix undercore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Now try to grab the symbols. + nlist=conftest.nm + if { (eval echo "$as_me:$LINENO: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\"") >&5 + (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if grep ' nm_test_var$' "$nlist" >/dev/null; then + if grep ' nm_test_func$' "$nlist" >/dev/null; then + cat < conftest.$ac_ext +#ifdef __cplusplus +extern "C" { +#endif + +EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | grep -v main >> conftest.$ac_ext' + + cat <> conftest.$ac_ext +#if defined (__STDC__) && __STDC__ +# define lt_ptr_t void * +#else +# define lt_ptr_t char * +# define const +#endif + +/* The mapping between symbol names and symbols. */ +const struct { + const char *name; + lt_ptr_t address; +} +lt_preloaded_symbols[] = +{ +EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" | grep -v main >> conftest.$ac_ext + cat <<\EOF >> conftest.$ac_ext + {0, (lt_ptr_t) 0} +}; + +#ifdef __cplusplus +} +#endif +EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_save_LIBS="$LIBS" + lt_save_CFLAGS="$CFLAGS" + LIBS="conftstm.$ac_objext" + CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" + if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && test -s conftest${ac_exeext}; then + pipe_works=yes + fi + LIBS="$lt_save_LIBS" + CFLAGS="$lt_save_CFLAGS" + else + echo "cannot find nm_test_func in $nlist" >&5 + fi + else + echo "cannot find nm_test_var in $nlist" >&5 + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 + fi + else + echo "$progname: failed program was:" >&5 + cat conftest.$ac_ext >&5 + fi + rm -f conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test "$pipe_works" = yes; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done + +fi + +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + { echo "$as_me:$LINENO: result: failed" >&5 +echo "${ECHO_T}failed" >&6; } +else + { echo "$as_me:$LINENO: result: ok" >&5 +echo "${ECHO_T}ok" >&6; } +fi + +{ echo "$as_me:$LINENO: checking for objdir" >&5 +echo $ECHO_N "checking for objdir... $ECHO_C" >&6; } +if test "${lt_cv_objdir+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null +fi +{ echo "$as_me:$LINENO: result: $lt_cv_objdir" >&5 +echo "${ECHO_T}$lt_cv_objdir" >&6; } +objdir=$lt_cv_objdir + + + + + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed='sed -e 1s/^X//' +sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +# Constants: +rm="rm -f" + +# Global variables: +default_ofile=libtool +can_build_shared=yes + +# All known linkers require a `.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a +ltmain="$ac_aux_dir/ltmain.sh" +ofile="$default_ofile" +with_gnu_ld="$lt_cv_prog_gnu_ld" + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. +set dummy ${ac_tool_prefix}ar; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_AR+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AR="${ac_tool_prefix}ar" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { echo "$as_me:$LINENO: result: $AR" >&5 +echo "${ECHO_T}$AR" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_AR"; then + ac_ct_AR=$AR + # Extract the first word of "ar", so it can be a program name with args. +set dummy ar; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_AR+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_AR="ar" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { echo "$as_me:$LINENO: result: $ac_ct_AR" >&5 +echo "${ECHO_T}$ac_ct_AR" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +else + AR="$ac_cv_prog_AR" +fi + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_RANLIB+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { echo "$as_me:$LINENO: result: $RANLIB" >&5 +echo "${ECHO_T}$RANLIB" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5 +echo "${ECHO_T}$ac_ct_RANLIB" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_STRIP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { echo "$as_me:$LINENO: result: $STRIP" >&5 +echo "${ECHO_T}$STRIP" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5 +echo "${ECHO_T}$ac_ct_STRIP" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + + +old_CC="$CC" +old_CFLAGS="$CFLAGS" + +# Set sane defaults for various variables +test -z "$AR" && AR=ar +test -z "$AR_FLAGS" && AR_FLAGS=cru +test -z "$AS" && AS=as +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$DLLTOOL" && DLLTOOL=dlltool +test -z "$LD" && LD=ld +test -z "$LN_S" && LN_S="ln -s" +test -z "$MAGIC_CMD" && MAGIC_CMD=file +test -z "$NM" && NM=nm +test -z "$SED" && SED=sed +test -z "$OBJDUMP" && OBJDUMP=objdump +test -z "$RANLIB" && RANLIB=: +test -z "$STRIP" && STRIP=: +test -z "$ac_objext" && ac_objext=o + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" +fi + +for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` + + +# Only perform the check for file, if the check method requires it +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + { echo "$as_me:$LINENO: checking for ${ac_tool_prefix}file" >&5 +echo $ECHO_N "checking for ${ac_tool_prefix}file... $ECHO_C" >&6; } +if test "${lt_cv_path_MAGIC_CMD+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/${ac_tool_prefix}file; then + lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac +fi + +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5 +echo "${ECHO_T}$MAGIC_CMD" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + { echo "$as_me:$LINENO: checking for file" >&5 +echo $ECHO_N "checking for file... $ECHO_C" >&6; } +if test "${lt_cv_path_MAGIC_CMD+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/file; then + lt_cv_path_MAGIC_CMD="$ac_dir/file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac +fi + +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + { echo "$as_me:$LINENO: result: $MAGIC_CMD" >&5 +echo "${ECHO_T}$MAGIC_CMD" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + else + MAGIC_CMD=: + fi +fi + + fi + ;; +esac + +enable_dlopen=no +enable_win32_dll=no + +# Check whether --enable-libtool-lock was given. +if test "${enable_libtool_lock+set}" = set; then + enableval=$enable_libtool_lock; +fi + +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + + +# Check whether --with-pic was given. +if test "${with_pic+set}" = set; then + withval=$with_pic; pic_mode="$withval" +else + pic_mode=default +fi + +test -z "$pic_mode" && pic_mode=default + +# Check if we have a version mismatch between libtool.m4 and ltmain.sh. +# +# Note: This should be in AC_LIBTOOL_SETUP, _after_ $ltmain have been defined. +# We also should do it _before_ AC_LIBTOOL_LANG_C_CONFIG that actually +# calls AC_LIBTOOL_CONFIG and creates libtool. +# +{ echo "$as_me:$LINENO: checking for correct ltmain.sh version" >&5 +echo $ECHO_N "checking for correct ltmain.sh version... $ECHO_C" >&6; } +if test "x$ltmain" = "x" ; then + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { { echo "$as_me:$LINENO: error: + +*** [Gentoo] sanity check failed! *** +*** \$ltmain is not defined, please check the patch for consistency! *** +" >&5 +echo "$as_me: error: + +*** [Gentoo] sanity check failed! *** +*** \$ltmain is not defined, please check the patch for consistency! *** +" >&2;} + { (exit 1); exit 1; }; } +fi +gentoo_lt_version="1.5.22" +gentoo_ltmain_version=`sed -n '/^[ ]*VERSION=/{s/^[ ]*VERSION=//;p;q;}' "$ltmain"` +if test "x$gentoo_lt_version" != "x$gentoo_ltmain_version" ; then + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { { echo "$as_me:$LINENO: error: + +*** [Gentoo] sanity check failed! *** +*** libtool.m4 and ltmain.sh have a version mismatch! *** +*** (libtool.m4 = $gentoo_lt_version, ltmain.sh = $gentoo_ltmain_version) *** + +Please run: + + libtoolize --copy --force + +if appropriate, please contact the maintainer of this +package (or your distribution) for help. +" >&5 +echo "$as_me: error: + +*** [Gentoo] sanity check failed! *** +*** libtool.m4 and ltmain.sh have a version mismatch! *** +*** (libtool.m4 = $gentoo_lt_version, ltmain.sh = $gentoo_ltmain_version) *** + +Please run: + + libtoolize --copy --force + +if appropriate, please contact the maintainer of this +package (or your distribution) for help. +" >&2;} + { (exit 1); exit 1; }; } +else + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +fi + + +# Use C for the default configuration in the libtool script +tagname= +lt_save_CC="$CC" +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +objext=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;\n" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}\n' + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +printf "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$rm conftest* + +ac_outfile=conftest.$ac_objext +printf "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$rm conftest* + + + +lt_prog_compiler_no_builtin_flag= + +if test "$GCC" = yes; then + lt_prog_compiler_no_builtin_flag=' -fno-builtin' + + +{ echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; } +if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:7827: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:7831: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_rtti_exceptions=yes + fi + fi + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; } + +if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then + lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" +else + : +fi + +fi + +lt_prog_compiler_wl= +lt_prog_compiler_pic= +lt_prog_compiler_static= + +{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 +echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } + + if test "$GCC" = yes; then + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_static='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + fi + ;; + + amigaos*) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + + beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + ;; + + interix3*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared=no + enable_shared=no + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic=-Kconform_pic + fi + ;; + + hpux*) + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + else + lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' + fi + ;; + darwin*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + case $cc_basename in + xlc*) + lt_prog_compiler_pic='-qnocommon' + lt_prog_compiler_wl='-Wl,' + ;; + esac + ;; + + mingw* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static='-non_shared' + ;; + + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + linux*) + case $cc_basename in + icc* | ecc*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + esac + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + case $cc_basename in + f77* | f90* | f95*) + lt_prog_compiler_wl='-Qoption ld ';; + *) + lt_prog_compiler_wl='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl='-Qoption ld ' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + lt_prog_compiler_pic='-Kconform_pic' + lt_prog_compiler_static='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + + uts4*) + lt_prog_compiler_pic='-pic' + lt_prog_compiler_static='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared=no + ;; + esac + fi + +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic" >&5 +echo "${ECHO_T}$lt_prog_compiler_pic" >&6; } + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + +{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic works... $ECHO_C" >&6; } +if test "${lt_prog_compiler_pic_works+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:8095: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:8099: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_prog_compiler_pic_works=yes + fi + fi + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works" >&5 +echo "${ECHO_T}$lt_prog_compiler_pic_works" >&6; } + +if test x"$lt_prog_compiler_pic_works" = xyes; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic= + ;; + *) + lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" + ;; +esac + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } +if test "${lt_prog_compiler_static_works+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_prog_compiler_static_works=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + printf "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_prog_compiler_static_works=yes + fi + else + lt_prog_compiler_static_works=yes + fi + fi + $rm conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works" >&5 +echo "${ECHO_T}$lt_prog_compiler_static_works" >&6; } + +if test x"$lt_prog_compiler_static_works" = xyes; then + : +else + lt_prog_compiler_static= +fi + + +{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 +echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } +if test "${lt_cv_prog_compiler_c_o+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_cv_prog_compiler_c_o=no + $rm -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:8199: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:8203: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $rm conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files + $rm out/* && rmdir out + cd .. + rmdir conftest + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o" >&5 +echo "${ECHO_T}$lt_cv_prog_compiler_c_o" >&6; } + + +hard_links="nottested" +if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 +echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } + hard_links=yes + $rm conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { echo "$as_me:$LINENO: result: $hard_links" >&5 +echo "${ECHO_T}$hard_links" >&6; } + if test "$hard_links" = no; then + { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 +echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + +{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } + + runpath_var= + allow_undefined_flag= + enable_shared_with_static_runtimes=no + archive_cmds= + archive_expsym_cmds= + old_archive_From_new_cmds= + old_archive_from_expsyms_cmds= + export_dynamic_flag_spec= + whole_archive_flag_spec= + thread_safe_flag_spec= + hardcode_libdir_flag_spec= + hardcode_libdir_flag_spec_ld= + hardcode_libdir_separator= + hardcode_direct=no + hardcode_minus_L=no + hardcode_shlibpath_var=unsupported + link_all_deplibs=unknown + hardcode_automatic=no + module_cmds= + module_expsym_cmds= + always_export_symbols=no + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + include_expsyms= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + exclude_expsyms="_GLOBAL_OFFSET_TABLE_" + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + extract_expsyms_cmds= + # Just being paranoid about ensuring that cc_basename is set. + for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` + + case $host_os in + cygwin* | mingw* | pw32*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + esac + + ld_shlibs=yes + if test "$with_gnu_ld" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec='${wl}--rpath ${wl}$libdir' + export_dynamic_flag_spec='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + whole_archive_flag_spec= + fi + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix3* | aix4* | aix5*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + ld_shlibs=no + cat <&2 + +*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to modify your PATH +*** so that a non-GNU linker is found, and then restart. + +EOF + fi + ;; + + amigaos*) + archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + + # Samuel A. Falvo II reports + # that the semantics of dynamic libraries on AmigaOS, at least up + # to version 4, is to share data among multiple programs linked + # with the same dynamic library. Since this doesn't match the + # behavior of shared libraries on other platforms, we can't use + # them. + ld_shlibs=no + ;; + + beos*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + ld_shlibs=no + fi + ;; + + cygwin* | mingw* | pw32*) + # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + allow_undefined_flag=unsupported + always_export_symbols=no + enable_shared_with_static_runtimes=yes + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs=no + fi + ;; + + interix3*) + hardcode_direct=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + export_dynamic_flag_spec='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + linux*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + tmp_addflag= + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + esac + archive_cmds='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test $supports_anon_versioning = yes; then + archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + $echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + else + ld_shlibs=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + cat <&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +EOF + elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + ;; + + sunos4*) + archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + + if test "$ld_shlibs" = no; then + runpath_var= + hardcode_libdir_flag_spec= + export_dynamic_flag_spec= + whole_archive_flag_spec= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + allow_undefined_flag=unsupported + always_export_symbols=yes + archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + + aix4* | aix5*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | grep 'GNU' > /dev/null; then + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix5*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds='' + hardcode_direct=yes + hardcode_libdir_separator=':' + link_all_deplibs=yes + + if test "$GCC" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && \ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 + hardcode_direct=yes + else + # We have old collect2 + hardcode_direct=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag='-berok' + # Determine the default libpath from the value encoded in an empty executable. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'`; fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' + allow_undefined_flag="-z nodefs" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an empty executable. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'`; fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag=' ${wl}-bernotok' + allow_undefined_flag=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec='$convenience' + archive_cmds_need_lc=yes + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + archive_cmds='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + # see comment about different semantics on the GNU ld section + ld_shlibs=no + ;; + + bsdi[45]*) + export_dynamic_flag_spec=-rdynamic + ;; + + cygwin* | mingw* | pw32*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_From_new_cmds='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds='lib /OUT:$oldlib$oldobjs$old_deplibs' + fix_srcfile_path='`cygpath -w "$srcfile"`' + enable_shared_with_static_runtimes=yes + ;; + + darwin* | rhapsody*) + case $host_os in + rhapsody* | darwin1.[012]) + allow_undefined_flag='${wl}-undefined ${wl}suppress' + ;; + *) # Darwin 1.3 on + if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then + allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + else + case ${MACOSX_DEPLOYMENT_TARGET} in + 10.[012]) + allow_undefined_flag='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + ;; + 10.*) + allow_undefined_flag='${wl}-undefined ${wl}dynamic_lookup' + ;; + esac + fi + ;; + esac + archive_cmds_need_lc=no + hardcode_direct=no + hardcode_automatic=yes + hardcode_shlibpath_var=unsupported + whole_archive_flag_spec='' + link_all_deplibs=yes + if test "$GCC" = yes ; then + output_verbose_link_cmd='echo' + archive_cmds='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' + module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + else + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' + archive_cmds='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' + module_cmds='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + archive_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) + ld_shlibs=no + ;; + esac + fi + ;; + + dgux*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + freebsd1*) + ld_shlibs=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | kfreebsd*-gnu | dragonfly*) + archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + hpux9*) + if test "$GCC" = yes; then + archive_cmds='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + archive_cmds='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + export_dynamic_flag_spec='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + + hardcode_direct=yes + export_dynamic_flag_spec='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_libdir_flag_spec_ld='+b $libdir' + hardcode_direct=no + hardcode_shlibpath_var=no + ;; + *) + hardcode_direct=yes + export_dynamic_flag_spec='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + hardcode_libdir_flag_spec_ld='-rpath $libdir' + fi + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + link_all_deplibs=yes + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + newsos6) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_shlibpath_var=no + ;; + + openbsd*) + hardcode_direct=yes + hardcode_shlibpath_var=no + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + export_dynamic_flag_spec='${wl}-E' + else + case $host_os in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac + fi + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + archive_cmds='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + fi + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ + $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' + + # Both c and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + hardcode_libdir_separator=: + ;; + + solaris*) + no_undefined_flag=' -z text' + if test "$GCC" = yes; then + wlarc='${wl}' + archive_cmds='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' + else + wlarc='' + archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_shlibpath_var=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine linker options so we + # cannot just pass the convience library names through + # without $wl, iff we do not link with $LD. + # Luckily, gcc supports the same syntax we need for Sun Studio. + # Supported since Solaris 2.6 (maybe 2.5.1?) + case $wlarc in + '') + whole_archive_flag_spec='-z allextract$convenience -z defaultextract' ;; + *) + whole_archive_flag_spec='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; + esac ;; + esac + link_all_deplibs=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + sysv4) + case $host_vendor in + sni) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' + reload_cmds='$CC -r -o $output$reload_objs' + hardcode_direct=no + ;; + motorola) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + hardcode_shlibpath_var=no + ;; + + sysv4.3*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + export_dynamic_flag_spec='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + ld_shlibs=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) + no_undefined_flag='${wl}-z,text' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag='${wl}-z,text' + allow_undefined_flag='${wl}-z,nodefs' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + hardcode_libdir_separator=':' + link_all_deplibs=yes + export_dynamic_flag_spec='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + *) + ld_shlibs=no + ;; + esac + fi + +{ echo "$as_me:$LINENO: result: $ld_shlibs" >&5 +echo "${ECHO_T}$ld_shlibs" >&6; } +test "$ld_shlibs" = no && can_build_shared=no + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $archive_cmds in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 +echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } + $rm conftest* + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl + pic_flag=$lt_prog_compiler_pic + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag + allow_undefined_flag= + if { (eval echo "$as_me:$LINENO: \"$archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 + (eval $archive_cmds 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + then + archive_cmds_need_lc=no + else + archive_cmds_need_lc=yes + fi + allow_undefined_flag=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $rm conftest* + { echo "$as_me:$LINENO: result: $archive_cmds_need_lc" >&5 +echo "${ECHO_T}$archive_cmds_need_lc" >&6; } + ;; + esac + fi + ;; +esac + +{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 +echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix4* | aix5*) + version_type=linux + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$host_os in + yes,cygwin* | yes,mingw* | yes,pw32*) + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $rm \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" + ;; + mingw*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH printed by + # mingw gcc, but we are running on Cygwin. Gcc prints its search + # path with ; separators, and with drive letters. We can handle the + # drive letters (cygwin fileutils understands them), so leave them, + # especially as we might pass files found there to a mingw objdump, + # which wouldn't understand a cygwinified path. Ahh. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + ;; + esac + ;; + + linux*) + if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ 01.* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + if test $supports_anon_versioning = yes; then + archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~ +cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ +$echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + else + $archive_expsym_cmds="$archive_cmds" + fi + else + ld_shlibs=no + fi + ;; + + *) + library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + ;; + esac + dynamic_linker='Win32 ld.exe' + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. + if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` + else + sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' + fi + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd1*) + dynamic_linker=no + ;; + +kfreebsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[123]*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + # Handle Gentoo/FreeBSD as it was Linux + case $host_vendor in + gentoo) + version_type=linux ;; + *) + version_type=freebsd-$objformat ;; + esac + + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + linux) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + need_lib_prefix=no + need_version=no + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + freebsd*) # from 4.6 on + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555. + postinstall_cmds='chmod 555 $lib' + ;; + +interix3*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be Linux ELF. +linux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +knetbsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +nto-qnx*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[89] | openbsd2.[89].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +solaris*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + export_dynamic_flag_spec='${wl}-Blargedynsym' + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + shlibpath_overrides_runpath=no + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + shlibpath_overrides_runpath=yes + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +uts4*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5 +echo "${ECHO_T}$dynamic_linker" >&6; } +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 +echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } +hardcode_action= +if test -n "$hardcode_libdir_flag_spec" || \ + test -n "$runpath_var" || \ + test "X$hardcode_automatic" = "Xyes" ; then + + # We can hardcode non-existant directories. + if test "$hardcode_direct" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, )" != no && + test "$hardcode_minus_L" != no; then + # Linking always hardcodes the temporary library directory. + hardcode_action=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action=unsupported +fi +{ echo "$as_me:$LINENO: result: $hardcode_action" >&5 +echo "${ECHO_T}$hardcode_action" >&6; } + +if test "$hardcode_action" = relink; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi + +striplib= +old_striplib= +{ echo "$as_me:$LINENO: checking whether stripping libraries is possible" >&5 +echo $ECHO_N "checking whether stripping libraries is possible... $ECHO_C" >&6; } +if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + ;; + *) + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + esac +fi + +if test "x$enable_dlopen" != xyes; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen="load_add_on" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32*) + lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen="dlopen" + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 +echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; } +if test "${ac_cv_lib_dl_dlopen+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_dl_dlopen=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_dl_dlopen=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 +echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; } +if test $ac_cv_lib_dl_dlopen = yes; then + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" +else + + lt_cv_dlopen="dyld" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + +fi + + ;; + + *) + { echo "$as_me:$LINENO: checking for shl_load" >&5 +echo $ECHO_N "checking for shl_load... $ECHO_C" >&6; } +if test "${ac_cv_func_shl_load+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define shl_load to an innocuous variant, in case declares shl_load. + For example, HP-UX 11i declares gettimeofday. */ +#define shl_load innocuous_shl_load + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char shl_load (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef shl_load + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_shl_load || defined __stub___shl_load +choke me +#endif + +int +main () +{ +return shl_load (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_func_shl_load=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_func_shl_load=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_func_shl_load" >&5 +echo "${ECHO_T}$ac_cv_func_shl_load" >&6; } +if test $ac_cv_func_shl_load = yes; then + lt_cv_dlopen="shl_load" +else + { echo "$as_me:$LINENO: checking for shl_load in -ldld" >&5 +echo $ECHO_N "checking for shl_load in -ldld... $ECHO_C" >&6; } +if test "${ac_cv_lib_dld_shl_load+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (); +int +main () +{ +return shl_load (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_dld_shl_load=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_dld_shl_load=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_shl_load" >&5 +echo "${ECHO_T}$ac_cv_lib_dld_shl_load" >&6; } +if test $ac_cv_lib_dld_shl_load = yes; then + lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-dld" +else + { echo "$as_me:$LINENO: checking for dlopen" >&5 +echo $ECHO_N "checking for dlopen... $ECHO_C" >&6; } +if test "${ac_cv_func_dlopen+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define dlopen to an innocuous variant, in case declares dlopen. + For example, HP-UX 11i declares gettimeofday. */ +#define dlopen innocuous_dlopen + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char dlopen (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef dlopen + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_dlopen || defined __stub___dlopen +choke me +#endif + +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_func_dlopen=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_func_dlopen=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +{ echo "$as_me:$LINENO: result: $ac_cv_func_dlopen" >&5 +echo "${ECHO_T}$ac_cv_func_dlopen" >&6; } +if test $ac_cv_func_dlopen = yes; then + lt_cv_dlopen="dlopen" +else + { echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 +echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; } +if test "${ac_cv_lib_dl_dlopen+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_dl_dlopen=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_dl_dlopen=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 +echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; } +if test $ac_cv_lib_dl_dlopen = yes; then + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" +else + { echo "$as_me:$LINENO: checking for dlopen in -lsvld" >&5 +echo $ECHO_N "checking for dlopen in -lsvld... $ECHO_C" >&6; } +if test "${ac_cv_lib_svld_dlopen+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsvld $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_svld_dlopen=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_svld_dlopen=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_svld_dlopen" >&5 +echo "${ECHO_T}$ac_cv_lib_svld_dlopen" >&6; } +if test $ac_cv_lib_svld_dlopen = yes; then + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" +else + { echo "$as_me:$LINENO: checking for dld_link in -ldld" >&5 +echo $ECHO_N "checking for dld_link in -ldld... $ECHO_C" >&6; } +if test "${ac_cv_lib_dld_dld_link+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dld_link (); +int +main () +{ +return dld_link (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_dld_dld_link=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_dld_dld_link=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_dld_dld_link" >&5 +echo "${ECHO_T}$ac_cv_lib_dld_dld_link" >&6; } +if test $ac_cv_lib_dld_dld_link = yes; then + lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-dld" +fi + + +fi + + +fi + + +fi + + +fi + + +fi + + ;; + esac + + if test "x$lt_cv_dlopen" != xno; then + enable_dlopen=yes + else + enable_dlopen=no + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS="$CPPFLAGS" + test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS="$LDFLAGS" + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS="$LIBS" + LIBS="$lt_cv_dlopen_libs $LIBS" + + { echo "$as_me:$LINENO: checking whether a program can dlopen itself" >&5 +echo $ECHO_N "checking whether a program can dlopen itself... $ECHO_C" >&6; } +if test "${lt_cv_dlopen_self+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then : + lt_cv_dlopen_self=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext < +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +#ifdef __cplusplus +extern "C" void exit (int); +#endif + +void fnord() { int i=42;} +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + /* dlclose (self); */ + } + else + puts (dlerror ()); + + exit (status); +} +EOF + if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self=no + fi +fi +rm -fr conftest* + + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self" >&5 +echo "${ECHO_T}$lt_cv_dlopen_self" >&6; } + + if test "x$lt_cv_dlopen_self" = xyes; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + { echo "$as_me:$LINENO: checking whether a statically linked program can dlopen itself" >&5 +echo $ECHO_N "checking whether a statically linked program can dlopen itself... $ECHO_C" >&6; } +if test "${lt_cv_dlopen_self_static+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$cross_compiling" = yes; then : + lt_cv_dlopen_self_static=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext < +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +#ifdef __cplusplus +extern "C" void exit (int); +#endif + +void fnord() { int i=42;} +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + /* dlclose (self); */ + } + else + puts (dlerror ()); + + exit (status); +} +EOF + if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self_static=no + fi +fi +rm -fr conftest* + + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_dlopen_self_static" >&5 +echo "${ECHO_T}$lt_cv_dlopen_self_static" >&6; } + fi + + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi + + +# Report which library types will actually be built +{ echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5 +echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; } +{ echo "$as_me:$LINENO: result: $can_build_shared" >&5 +echo "${ECHO_T}$can_build_shared" >&6; } + +{ echo "$as_me:$LINENO: checking whether to build shared libraries" >&5 +echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; } +test "$can_build_shared" = "no" && enable_shared=no + +# On AIX, shared libraries and static libraries use the same namespace, and +# are all built from PIC. +case $host_os in +aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + +aix4* | aix5*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; +esac +{ echo "$as_me:$LINENO: result: $enable_shared" >&5 +echo "${ECHO_T}$enable_shared" >&6; } + +{ echo "$as_me:$LINENO: checking whether to build static libraries" >&5 +echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; } +# Make sure either enable_shared or enable_static is yes. +test "$enable_shared" = yes || enable_static=yes +{ echo "$as_me:$LINENO: result: $enable_static" >&5 +echo "${ECHO_T}$enable_static" >&6; } + +# The else clause should only fire when bootstrapping the +# libtool distribution, otherwise you forgot to ship ltmain.sh +# with your package, and you will get complaints that there are +# no rules to generate ltmain.sh. +if test -f "$ltmain"; then + # See if we are running on zsh, and set the options which allow our commands through + # without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + # Now quote all the things that may contain metacharacters while being + # careful not to overquote the AC_SUBSTed values. We take copies of the + # variables and quote the copies for generation of the libtool script. + for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ + SED SHELL STRIP \ + libname_spec library_names_spec soname_spec extract_expsyms_cmds \ + old_striplib striplib file_magic_cmd finish_cmds finish_eval \ + deplibs_check_method reload_flag reload_cmds need_locks \ + lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ + lt_cv_sys_global_symbol_to_c_name_address \ + sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ + old_postinstall_cmds old_postuninstall_cmds \ + compiler \ + CC \ + LD \ + lt_prog_compiler_wl \ + lt_prog_compiler_pic \ + lt_prog_compiler_static \ + lt_prog_compiler_no_builtin_flag \ + export_dynamic_flag_spec \ + thread_safe_flag_spec \ + whole_archive_flag_spec \ + enable_shared_with_static_runtimes \ + old_archive_cmds \ + old_archive_from_new_cmds \ + predep_objects \ + postdep_objects \ + predeps \ + postdeps \ + compiler_lib_search_path \ + archive_cmds \ + archive_expsym_cmds \ + postinstall_cmds \ + postuninstall_cmds \ + old_archive_from_expsyms_cmds \ + allow_undefined_flag \ + no_undefined_flag \ + export_symbols_cmds \ + hardcode_libdir_flag_spec \ + hardcode_libdir_flag_spec_ld \ + hardcode_libdir_separator \ + hardcode_automatic \ + module_cmds \ + module_expsym_cmds \ + lt_cv_prog_compiler_c_o \ + exclude_expsyms \ + include_expsyms; do + + case $var in + old_archive_cmds | \ + old_archive_from_new_cmds | \ + archive_cmds | \ + archive_expsym_cmds | \ + module_cmds | \ + module_expsym_cmds | \ + old_archive_from_expsyms_cmds | \ + export_symbols_cmds | \ + extract_expsyms_cmds | reload_cmds | finish_cmds | \ + postinstall_cmds | postuninstall_cmds | \ + old_postinstall_cmds | old_postuninstall_cmds | \ + sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) + # Double-quote double-evaled strings. + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" + ;; + *) + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" + ;; + esac + done + + case $lt_echo in + *'\$0 --fallback-echo"') + lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` + ;; + esac + +cfgfile="${ofile}T" + trap "$rm \"$cfgfile\"; exit 1" 1 2 15 + $rm -f "$cfgfile" + { echo "$as_me:$LINENO: creating $ofile" >&5 +echo "$as_me: creating $ofile" >&6;} + + cat <<__EOF__ >> "$cfgfile" +#! $SHELL + +# `$echo "$cfgfile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001 +# Free Software Foundation, Inc. +# +# This file is part of GNU Libtool: +# Originally by Gordon Matzigkeit , 1996 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="$SED -e 1s/^X//" + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# The names of the tagged configurations supported by this script. +available_tags= + +# ### BEGIN LIBTOOL CONFIG + +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc + +# Whether or not to disallow shared libs when runtime libs are static +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# An echo program that does not interpret backslashes. +echo=$lt_echo + +# The archiver. +AR=$lt_AR +AR_FLAGS=$lt_AR_FLAGS + +# A C compiler. +LTCC=$lt_LTCC + +# LTCC compiler flags. +LTCFLAGS=$lt_LTCFLAGS + +# A language-specific compiler. +CC=$lt_compiler + +# Is the compiler the GNU C compiler? +with_gcc=$GCC + +# An ERE matcher. +EGREP=$lt_EGREP + +# The linker used to build libraries. +LD=$lt_LD + +# Whether we need hard or soft links. +LN_S=$lt_LN_S + +# A BSD-compatible nm program. +NM=$lt_NM + +# A symbol stripping program +STRIP=$lt_STRIP + +# Used to examine libraries when file_magic_cmd begins "file" +MAGIC_CMD=$MAGIC_CMD + +# Used on cygwin: DLL creation program. +DLLTOOL="$DLLTOOL" + +# Used on cygwin: object dumper. +OBJDUMP="$OBJDUMP" + +# Used on cygwin: assembler. +AS="$AS" + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl + +# Object file suffix (normally "o"). +objext="$ac_objext" + +# Old archive suffix (normally "a"). +libext="$libext" + +# Shared library suffix (normally ".so"). +shrext_cmds='$shrext_cmds' + +# Executable file suffix (normally ""). +exeext="$exeext" + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic +pic_mode=$pic_mode + +# What is the maximum length of a command? +max_cmd_len=$lt_cv_sys_max_cmd_len + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Do we need the lib prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec + +# Compiler flag to generate thread-safe objects. +thread_safe_flag_spec=$lt_thread_safe_flag_spec + +# Library versioning type. +version_type=$version_type + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME. +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Commands used to build and install an old-style archive. +RANLIB=$lt_RANLIB +old_archive_cmds=$lt_old_archive_cmds +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds + +# Commands used to build and install a shared archive. +archive_cmds=$lt_archive_cmds +archive_expsym_cmds=$lt_archive_expsym_cmds +postinstall_cmds=$lt_postinstall_cmds +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to build a loadable module (assumed same as above if empty) +module_cmds=$lt_module_cmds +module_expsym_cmds=$lt_module_expsym_cmds + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + +# Dependencies to place before the objects being linked to create a +# shared library. +predep_objects=$lt_predep_objects + +# Dependencies to place after the objects being linked to create a +# shared library. +postdep_objects=$lt_postdep_objects + +# Dependencies to place before the objects being linked to create a +# shared library. +predeps=$lt_predeps + +# Dependencies to place after the objects being linked to create a +# shared library. +postdeps=$lt_postdeps + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method == file_magic. +file_magic_cmd=$lt_file_magic_cmd + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag + +# Flag that forces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# Same as above, but a single script fragment to be evaled but not shown. +finish_eval=$lt_finish_eval + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# This is the shared library runtime path variable. +runpath_var=$runpath_var + +# This is the shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist. +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec + +# If ld is used when linking, flag to hardcode \$libdir into +# a binary during linking. This must work even if \$libdir does +# not exist. +hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld + +# Whether we need a single -rpath flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator + +# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the +# resulting binary. +hardcode_direct=$hardcode_direct + +# Set to yes if using the -LDIR flag during linking hardcodes DIR into the +# resulting binary. +hardcode_minus_L=$hardcode_minus_L + +# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into +# the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var + +# Set to yes if building a shared library automatically hardcodes DIR into the library +# and all subsequent libraries and executables linked against it. +hardcode_automatic=$hardcode_automatic + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at relink time. +variables_saved_for_relink="$variables_saved_for_relink" + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs + +# Compile-time system search path for libraries +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Fix the shell variable \$srcfile for the compiler. +fix_srcfile_path="$fix_srcfile_path" + +# Set to yes if exported symbols are required. +always_export_symbols=$always_export_symbols + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms + +# ### END LIBTOOL CONFIG + +__EOF__ + + + case $host_os in + aix3*) + cat <<\EOF >> "$cfgfile" + +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +EOF + ;; + esac + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || \ + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" + +else + # If there is no Makefile yet, we rely on a make rule to execute + # `config.status --recheck' to rerun these tests and create the + # libtool script then. + ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` + if test -f "$ltmain_in"; then + test -f Makefile && make "$ltmain" + fi +fi + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC="$lt_save_CC" + + +# Check whether --with-tags was given. +if test "${with_tags+set}" = set; then + withval=$with_tags; tagnames="$withval" +fi + + +if test -f "$ltmain" && test -n "$tagnames"; then + if test ! -f "${ofile}"; then + { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not exist" >&5 +echo "$as_me: WARNING: output file \`$ofile' does not exist" >&2;} + fi + + if test -z "$LTCC"; then + eval "`$SHELL ${ofile} --config | grep '^LTCC='`" + if test -z "$LTCC"; then + { echo "$as_me:$LINENO: WARNING: output file \`$ofile' does not look like a libtool script" >&5 +echo "$as_me: WARNING: output file \`$ofile' does not look like a libtool script" >&2;} + else + { echo "$as_me:$LINENO: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&5 +echo "$as_me: WARNING: using \`LTCC=$LTCC', extracted from \`$ofile'" >&2;} + fi + fi + if test -z "$LTCFLAGS"; then + eval "`$SHELL ${ofile} --config | grep '^LTCFLAGS='`" + fi + + # Extract list of available tagged configurations in $ofile. + # Note that this assumes the entire list is on one line. + available_tags=`grep "^available_tags=" "${ofile}" | $SED -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'` + + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for tagname in $tagnames; do + IFS="$lt_save_ifs" + # Check whether tagname contains only valid characters + case `$echo "X$tagname" | $Xsed -e 's:[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]::g'` in + "") ;; + *) { { echo "$as_me:$LINENO: error: invalid tag name: $tagname" >&5 +echo "$as_me: error: invalid tag name: $tagname" >&2;} + { (exit 1); exit 1; }; } + ;; + esac + + if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "${ofile}" > /dev/null + then + { { echo "$as_me:$LINENO: error: tag name \"$tagname\" already exists" >&5 +echo "$as_me: error: tag name \"$tagname\" already exists" >&2;} + { (exit 1); exit 1; }; } + fi + + # Update the list of available tags. + if test -n "$tagname"; then + echo appending configuration tag \"$tagname\" to $ofile + + case $tagname in + CXX) + if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + + + + +archive_cmds_need_lc_CXX=no +allow_undefined_flag_CXX= +always_export_symbols_CXX=no +archive_expsym_cmds_CXX= +export_dynamic_flag_spec_CXX= +hardcode_direct_CXX=no +hardcode_libdir_flag_spec_CXX= +hardcode_libdir_flag_spec_ld_CXX= +hardcode_libdir_separator_CXX= +hardcode_minus_L_CXX=no +hardcode_shlibpath_var_CXX=unsupported +hardcode_automatic_CXX=no +module_cmds_CXX= +module_expsym_cmds_CXX= +link_all_deplibs_CXX=unknown +old_archive_cmds_CXX=$old_archive_cmds +no_undefined_flag_CXX= +whole_archive_flag_spec_CXX= +enable_shared_with_static_runtimes_CXX=no + +# Dependencies to place before and after the object being linked: +predep_objects_CXX= +postdep_objects_CXX= +predeps_CXX= +postdeps_CXX= +compiler_lib_search_path_CXX= + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +objext_CXX=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;\n" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(int, char *[]) { return(0); }\n' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +printf "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$rm conftest* + +ac_outfile=conftest.$ac_objext +printf "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$rm conftest* + + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_LD=$LD +lt_save_GCC=$GCC +GCC=$GXX +lt_save_with_gnu_ld=$with_gnu_ld +lt_save_path_LD=$lt_cv_path_LD +if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx +else + $as_unset lt_cv_prog_gnu_ld +fi +if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX +else + $as_unset lt_cv_path_LD +fi +test -z "${LDCXX+set}" || LD=$LDCXX +CC=${CXX-"c++"} +compiler=$CC +compiler_CXX=$CC +for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` + + +# We don't want -fno-exception wen compiling C++ code, so set the +# no_builtin_flag separately +if test "$GXX" = yes; then + lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin' +else + lt_prog_compiler_no_builtin_flag_CXX= +fi + +if test "$GXX" = yes; then + # Set up default GNU C++ configuration + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then + withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + { echo "$as_me:$LINENO: checking for ld used by $CC" >&5 +echo $ECHO_N "checking for ld used by $CC... $ECHO_C" >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`echo $ac_prog| $SED 's%\\\\%/%g'` + while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do + ac_prog=`echo $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + { echo "$as_me:$LINENO: checking for GNU ld" >&5 +echo $ECHO_N "checking for GNU ld... $ECHO_C" >&6; } +else + { echo "$as_me:$LINENO: checking for non-GNU ld" >&5 +echo $ECHO_N "checking for non-GNU ld... $ECHO_C" >&6; } +fi +if test "${lt_cv_path_LD+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +echo "${ECHO_T}$LD" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi +test -z "$LD" && { { echo "$as_me:$LINENO: error: no acceptable ld found in \$PATH" >&5 +echo "$as_me: error: no acceptable ld found in \$PATH" >&2;} + { (exit 1); exit 1; }; } +{ echo "$as_me:$LINENO: checking if the linker ($LD) is GNU ld" >&5 +echo $ECHO_N "checking if the linker ($LD) is GNU ld... $ECHO_C" >&6; } +if test "${lt_cv_prog_gnu_ld+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +echo "${ECHO_T}$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test "$with_gnu_ld" = yes; then + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + + hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir' + export_dynamic_flag_spec_CXX='${wl}--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='${wl}' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | \ + grep 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + whole_archive_flag_spec_CXX= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' + +else + GXX=no + with_gnu_ld=no + wlarc= +fi + +# PORTME: fill in a description of your system's C++ link characteristics +{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } +ld_shlibs_CXX=yes +case $host_os in + aix3*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + aix4* | aix5*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix5*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds_CXX='' + hardcode_direct_CXX=yes + hardcode_libdir_separator_CXX=':' + link_all_deplibs_CXX=yes + + if test "$GXX" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && \ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 + hardcode_direct_CXX=yes + else + # We have old collect2 + hardcode_direct_CXX=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L_CXX=yes + hardcode_libdir_flag_spec_CXX='-L$libdir' + hardcode_libdir_separator_CXX= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols_CXX=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag_CXX='-berok' + # Determine the default libpath from the value encoded in an empty executable. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'`; fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath" + + archive_expsym_cmds_CXX="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib' + allow_undefined_flag_CXX="-z nodefs" + archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an empty executable. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'`; fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag_CXX=' ${wl}-bernotok' + allow_undefined_flag_CXX=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec_CXX='$convenience' + archive_cmds_need_lc_CXX=yes + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag_CXX=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + ld_shlibs_CXX=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + cygwin* | mingw* | pw32*) + # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec_CXX='-L$libdir' + allow_undefined_flag_CXX=unsupported + always_export_symbols_CXX=no + enable_shared_with_static_runtimes_CXX=yes + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs_CXX=no + fi + ;; + darwin* | rhapsody*) + case $host_os in + rhapsody* | darwin1.[012]) + allow_undefined_flag_CXX='${wl}-undefined ${wl}suppress' + ;; + *) # Darwin 1.3 on + if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then + allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + else + case ${MACOSX_DEPLOYMENT_TARGET} in + 10.[012]) + allow_undefined_flag_CXX='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + ;; + 10.*) + allow_undefined_flag_CXX='${wl}-undefined ${wl}dynamic_lookup' + ;; + esac + fi + ;; + esac + archive_cmds_need_lc_CXX=no + hardcode_direct_CXX=no + hardcode_automatic_CXX=yes + hardcode_shlibpath_var_CXX=unsupported + whole_archive_flag_spec_CXX='' + link_all_deplibs_CXX=yes + + if test "$GXX" = yes ; then + lt_int_apple_cc_single_mod=no + output_verbose_link_cmd='echo' + if $CC -dumpspecs 2>&1 | $EGREP 'single_module' >/dev/null ; then + lt_int_apple_cc_single_mod=yes + fi + if test "X$lt_int_apple_cc_single_mod" = Xyes ; then + archive_cmds_CXX='$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' + else + archive_cmds_CXX='$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring' + fi + module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + if test "X$lt_int_apple_cc_single_mod" = Xyes ; then + archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib -single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + else + archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -r -keep_private_externs -nostdlib -o ${lib}-master.o $libobjs~$CC -dynamiclib $allow_undefined_flag -o $lib ${lib}-master.o $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + else + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' + archive_cmds_CXX='$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' + module_cmds_CXX='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + archive_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj ${wl}-single_module $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds_CXX='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) + ld_shlibs_CXX=no + ;; + esac + fi + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + freebsd[12]*) + # C++ shared libraries reported to be fairly broken before switch to ELF + ld_shlibs_CXX=no + ;; + freebsd-elf*) + archive_cmds_need_lc_CXX=no + ;; + freebsd* | kfreebsd*-gnu | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + ld_shlibs_CXX=yes + ;; + gnu*) + ;; + hpux9*) + hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir' + hardcode_libdir_separator_CXX=: + export_dynamic_flag_spec_CXX='${wl}-E' + hardcode_direct_CXX=yes + hardcode_minus_L_CXX=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + aCC*) + archive_cmds_CXX='$rm $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "[-]L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + *) + if test "$GXX" = yes; then + archive_cmds_CXX='$rm $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + hpux10*|hpux11*) + if test $with_gnu_ld = no; then + hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir' + hardcode_libdir_separator_CXX=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_libdir_flag_spec_ld_CXX='+b $libdir' + ;; + *) + export_dynamic_flag_spec_CXX='${wl}-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct_CXX=no + hardcode_shlibpath_var_CXX=no + ;; + *) + hardcode_direct_CXX=yes + hardcode_minus_L_CXX=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | grep "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + *) + if test "$GXX" = yes; then + if test $with_gnu_ld = no; then + case $host_cpu in + hppa*64*) + archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + interix3*) + hardcode_direct_CXX=no + hardcode_shlibpath_var_CXX=no + hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' + export_dynamic_flag_spec_CXX='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test "$GXX" = yes; then + if test "$with_gnu_ld" = no; then + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` -o $lib' + fi + fi + link_all_deplibs_CXX=yes + ;; + esac + hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_CXX=: + ;; + linux*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | grep "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + + hardcode_libdir_flag_spec_CXX='${wl}--rpath,$libdir' + export_dynamic_flag_spec_CXX='${wl}--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc*) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + archive_cmds_need_lc_CXX=no + hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' + export_dynamic_flag_spec_CXX='${wl}--export-dynamic' + whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + ;; + pgCC*) + # Portland Group C++ compiler + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + + hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir' + export_dynamic_flag_spec_CXX='${wl}--export-dynamic' + whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + ;; + cxx*) + # Compaq C++ + archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec_CXX='-rpath $libdir' + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + esac + ;; + lynxos*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + m88k*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + hardcode_libdir_flag_spec_CXX='-R$libdir' + hardcode_direct_CXX=yes + hardcode_shlibpath_var_CXX=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + openbsd2*) + # C++ shared libraries are fairly broken + ld_shlibs_CXX=no + ;; + openbsd*) + hardcode_direct_CXX=yes + hardcode_shlibpath_var_CXX=no + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' + export_dynamic_flag_spec_CXX='${wl}-E' + whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + fi + output_verbose_link_cmd='echo' + ;; + osf3*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' + hardcode_libdir_separator_CXX=: + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' + + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + cxx*) + allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && echo ${wl}-set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + + hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + *) + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + + hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' + + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir' + hardcode_libdir_separator_CXX=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + cxx*) + allow_undefined_flag_CXX=' -expect_unresolved \*' + archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname -Wl,-input -Wl,$lib.exp `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~ + $rm $lib.exp' + + hardcode_libdir_flag_spec_CXX='-rpath $libdir' + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "ld" | grep -v "ld:"`; templist=`echo $templist | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; echo $list' + ;; + *) + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + + hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep "\-L"' + + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + psos*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + solaris*) + case $cc_basename in + CC*) + # Sun C++ 4.2, 5.x and Centerline C++ + archive_cmds_need_lc_CXX=yes + no_undefined_flag_CXX=' -zdefs' + archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' + + hardcode_libdir_flag_spec_CXX='-R$libdir' + hardcode_shlibpath_var_CXX=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The C++ compiler is used as linker so we must use $wl + # flag to pass the commands to the underlying system + # linker. We must also pass each convience library through + # to the system linker between allextract/defaultextract. + # The C++ compiler will combine linker options so we + # cannot just pass the convience library names through + # without $wl. + # Supported since Solaris 2.6 (maybe 2.5.1?) + whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' + ;; + esac + link_all_deplibs_CXX=yes + + output_verbose_link_cmd='echo' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + no_undefined_flag_CXX=' ${wl}-z ${wl}defs' + if $CC --version | grep -v '^2\.7' > /dev/null; then + archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd="$CC -shared $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" + else + # g++ 2.7 appears to require `-G' NOT `-shared' on this + # platform. + archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + archive_expsym_cmds_CXX='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$rm $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd="$CC -G $CFLAGS -v conftest.$objext 2>&1 | grep \"\-L\"" + fi + + hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir' + fi + ;; + esac + ;; + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag_CXX='${wl}-z,text' + archive_cmds_need_lc_CXX=no + hardcode_shlibpath_var_CXX=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + # So that behaviour is only enabled if SCOABSPATH is set to a + # non-empty value in the environment. Most likely only useful for + # creating official distributions of packages. + # This is a hack until libtool officially supports absolute path + # names for shared libraries. + no_undefined_flag_CXX='${wl}-z,text' + allow_undefined_flag_CXX='${wl}-z,nodefs' + archive_cmds_need_lc_CXX=no + hardcode_shlibpath_var_CXX=no + hardcode_libdir_flag_spec_CXX='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + hardcode_libdir_separator_CXX=':' + link_all_deplibs_CXX=yes + export_dynamic_flag_spec_CXX='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + archive_cmds_CXX='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + vxworks*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; +esac +{ echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5 +echo "${ECHO_T}$ld_shlibs_CXX" >&6; } +test "$ld_shlibs_CXX" = no && can_build_shared=no + +GCC_CXX="$GXX" +LD_CXX="$LD" + + +cat > conftest.$ac_ext <&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Parse the compiler output and extract the necessary + # objects, libraries and library flags. + + # Sentinel used to keep track of whether or not we are before + # the conftest object file. + pre_test_object_deps_done=no + + # The `*' in the case matches for architectures that use `case' in + # $output_verbose_cmd can trigger glob expansion during the loop + # eval without this substitution. + output_verbose_link_cmd=`$echo "X$output_verbose_link_cmd" | $Xsed -e "$no_glob_subst"` + + for p in `eval $output_verbose_link_cmd`; do + case $p in + + -L* | -R* | -l*) + # Some compilers place space between "-{L,R}" and the path. + # Remove the space. + if test $p = "-L" \ + || test $p = "-R"; then + prev=$p + continue + else + prev= + fi + + if test "$pre_test_object_deps_done" = no; then + case $p in + -L* | -R*) + # Internal compiler library paths should come after those + # provided the user. The postdeps already come after the + # user supplied libs so there is no need to process them. + if test -z "$compiler_lib_search_path_CXX"; then + compiler_lib_search_path_CXX="${prev}${p}" + else + compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}" + fi + ;; + # The "-l" case would never come before the object being + # linked, so don't bother handling this case. + esac + else + if test -z "$postdeps_CXX"; then + postdeps_CXX="${prev}${p}" + else + postdeps_CXX="${postdeps_CXX} ${prev}${p}" + fi + fi + ;; + + *.$objext) + # This assumes that the test object file only shows up + # once in the compiler output. + if test "$p" = "conftest.$objext"; then + pre_test_object_deps_done=yes + continue + fi + + if test "$pre_test_object_deps_done" = no; then + if test -z "$predep_objects_CXX"; then + predep_objects_CXX="$p" + else + predep_objects_CXX="$predep_objects_CXX $p" + fi + else + if test -z "$postdep_objects_CXX"; then + postdep_objects_CXX="$p" + else + postdep_objects_CXX="$postdep_objects_CXX $p" + fi + fi + ;; + + *) ;; # Ignore the rest. + + esac + done + + # Clean up. + rm -f a.out a.exe +else + echo "libtool.m4: error: problem compiling CXX test program" +fi + +$rm -f confest.$objext + +# PORTME: override above test on systems where it is broken +case $host_os in +interix3*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + predep_objects_CXX= + postdep_objects_CXX= + postdeps_CXX= + ;; + +solaris*) + case $cc_basename in + CC*) + # Adding this requires a known-good setup of shared libraries for + # Sun compiler versions before 5.6, else PIC objects from an old + # archive will be linked into the output, leading to subtle bugs. + postdeps_CXX='-lCstd -lCrun' + ;; + esac + ;; +esac + + +case " $postdeps_CXX " in +*" -lc "*) archive_cmds_need_lc_CXX=no ;; +esac + +lt_prog_compiler_wl_CXX= +lt_prog_compiler_pic_CXX= +lt_prog_compiler_static_CXX= + +{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 +echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } + + # C++ specific cases for pic, static, wl, etc. + if test "$GXX" = yes; then + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_CXX='-Bstatic' + fi + ;; + amigaos*) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' + ;; + beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | os2* | pw32*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_CXX='-DDLL_EXPORT' + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic_CXX='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + lt_prog_compiler_pic_CXX= + ;; + interix3*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic_CXX=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + lt_prog_compiler_pic_CXX='-fPIC' + ;; + esac + ;; + *) + lt_prog_compiler_pic_CXX='-fPIC' + ;; + esac + else + case $host_os in + aix4* | aix5*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_CXX='-Bstatic' + else + lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_AC_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + darwin*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + case $cc_basename in + xlc*) + lt_prog_compiler_pic_CXX='-qnocommon' + lt_prog_compiler_wl_CXX='-Wl,' + ;; + esac + ;; + dgux*) + case $cc_basename in + ec++*) + lt_prog_compiler_pic_CXX='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + lt_prog_compiler_pic_CXX='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | kfreebsd*-gnu | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='${wl}-a ${wl}archive' + if test "$host_cpu" != ia64; then + lt_prog_compiler_pic_CXX='+Z' + fi + ;; + aCC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='${wl}-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic_CXX='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux*) + case $cc_basename in + KCC*) + # KAI C++ Compiler + lt_prog_compiler_wl_CXX='--backend -Wl,' + lt_prog_compiler_pic_CXX='-fPIC' + ;; + icpc* | ecpc*) + # Intel C++ + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-static' + ;; + pgCC*) + # Portland Group C++ compiler. + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-fpic' + lt_prog_compiler_static_CXX='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + lt_prog_compiler_pic_CXX= + lt_prog_compiler_static_CXX='-non_shared' + ;; + *) + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + lt_prog_compiler_pic_CXX='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd*) + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + lt_prog_compiler_wl_CXX='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + lt_prog_compiler_pic_CXX='-pic' + ;; + cxx*) + # Digital/Compaq C++ + lt_prog_compiler_wl_CXX='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + lt_prog_compiler_pic_CXX= + lt_prog_compiler_static_CXX='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC*) + # Sun C++ 4.2, 5.x and Centerline C++ + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-Bstatic' + lt_prog_compiler_wl_CXX='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + lt_prog_compiler_pic_CXX='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + lt_prog_compiler_pic_CXX='-pic' + lt_prog_compiler_static_CXX='-Bstatic' + ;; + lcc*) + # Lucid + lt_prog_compiler_pic_CXX='-pic' + ;; + *) + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + lt_prog_compiler_pic_CXX='-KPIC' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-Bstatic' + ;; + esac + ;; + vxworks*) + ;; + *) + lt_prog_compiler_can_build_shared_CXX=no + ;; + esac + fi + +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_CXX" >&5 +echo "${ECHO_T}$lt_prog_compiler_pic_CXX" >&6; } + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic_CXX"; then + +{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5 +echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... $ECHO_C" >&6; } +if test "${lt_prog_compiler_pic_works_CXX+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_prog_compiler_pic_works_CXX=no + ac_outfile=conftest.$ac_objext + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:12980: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:12984: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_prog_compiler_pic_works_CXX=yes + fi + fi + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_CXX" >&5 +echo "${ECHO_T}$lt_prog_compiler_pic_works_CXX" >&6; } + +if test x"$lt_prog_compiler_pic_works_CXX" = xyes; then + case $lt_prog_compiler_pic_CXX in + "" | " "*) ;; + *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;; + esac +else + lt_prog_compiler_pic_CXX= + lt_prog_compiler_can_build_shared_CXX=no +fi + +fi +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic_CXX= + ;; + *) + lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC" + ;; +esac + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\" +{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } +if test "${lt_prog_compiler_static_works_CXX+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_prog_compiler_static_works_CXX=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + printf "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_prog_compiler_static_works_CXX=yes + fi + else + lt_prog_compiler_static_works_CXX=yes + fi + fi + $rm conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_CXX" >&5 +echo "${ECHO_T}$lt_prog_compiler_static_works_CXX" >&6; } + +if test x"$lt_prog_compiler_static_works_CXX" = xyes; then + : +else + lt_prog_compiler_static_CXX= +fi + + +{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 +echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } +if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_cv_prog_compiler_c_o_CXX=no + $rm -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:13084: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:13088: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o_CXX=yes + fi + fi + chmod u+w . 2>&5 + $rm conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files + $rm out/* && rmdir out + cd .. + rmdir conftest + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_CXX" >&5 +echo "${ECHO_T}$lt_cv_prog_compiler_c_o_CXX" >&6; } + + +hard_links="nottested" +if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 +echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } + hard_links=yes + $rm conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { echo "$as_me:$LINENO: result: $hard_links" >&5 +echo "${ECHO_T}$hard_links" >&6; } + if test "$hard_links" = no; then + { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 +echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + +{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } + + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + case $host_os in + aix4* | aix5*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | grep 'GNU' > /dev/null; then + export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + export_symbols_cmds_CXX="$ltdll_cmds" + ;; + cygwin* | mingw*) + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/;/^.* __nm__/s/^.* __nm__\([^ ]*\) [^ ]*/\1 DATA/;/^I /d;/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' + ;; + *) + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac + +{ echo "$as_me:$LINENO: result: $ld_shlibs_CXX" >&5 +echo "${ECHO_T}$ld_shlibs_CXX" >&6; } +test "$ld_shlibs_CXX" = no && can_build_shared=no + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc_CXX" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc_CXX=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $archive_cmds_CXX in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 +echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } + $rm conftest* + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl_CXX + pic_flag=$lt_prog_compiler_pic_CXX + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag_CXX + allow_undefined_flag_CXX= + if { (eval echo "$as_me:$LINENO: \"$archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 + (eval $archive_cmds_CXX 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + then + archive_cmds_need_lc_CXX=no + else + archive_cmds_need_lc_CXX=yes + fi + allow_undefined_flag_CXX=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $rm conftest* + { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_CXX" >&5 +echo "${ECHO_T}$archive_cmds_need_lc_CXX" >&6; } + ;; + esac + fi + ;; +esac + +{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 +echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix4* | aix5*) + version_type=linux + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$host_os in + yes,cygwin* | yes,mingw* | yes,pw32*) + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $rm \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" + ;; + mingw*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH printed by + # mingw gcc, but we are running on Cygwin. Gcc prints its search + # path with ; separators, and with drive letters. We can handle the + # drive letters (cygwin fileutils understands them), so leave them, + # especially as we might pass files found there to a mingw objdump, + # which wouldn't understand a cygwinified path. Ahh. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + ;; + esac + ;; + + linux*) + if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ 01.* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + if test $supports_anon_versioning = yes; then + archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~ +cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ +$echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + else + $archive_expsym_cmds="$archive_cmds" + fi + else + ld_shlibs=no + fi + ;; + + *) + library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + ;; + esac + dynamic_linker='Win32 ld.exe' + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. + if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` + else + sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' + fi + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd1*) + dynamic_linker=no + ;; + +kfreebsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[123]*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + # Handle Gentoo/FreeBSD as it was Linux + case $host_vendor in + gentoo) + version_type=linux ;; + *) + version_type=freebsd-$objformat ;; + esac + + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + linux) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + need_lib_prefix=no + need_version=no + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + freebsd*) # from 4.6 on + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555. + postinstall_cmds='chmod 555 $lib' + ;; + +interix3*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be Linux ELF. +linux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +knetbsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +nto-qnx*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[89] | openbsd2.[89].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +solaris*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + export_dynamic_flag_spec='${wl}-Blargedynsym' + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + shlibpath_overrides_runpath=no + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + shlibpath_overrides_runpath=yes + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +uts4*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5 +echo "${ECHO_T}$dynamic_linker" >&6; } +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 +echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } +hardcode_action_CXX= +if test -n "$hardcode_libdir_flag_spec_CXX" || \ + test -n "$runpath_var_CXX" || \ + test "X$hardcode_automatic_CXX" = "Xyes" ; then + + # We can hardcode non-existant directories. + if test "$hardcode_direct_CXX" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, CXX)" != no && + test "$hardcode_minus_L_CXX" != no; then + # Linking always hardcodes the temporary library directory. + hardcode_action_CXX=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action_CXX=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action_CXX=unsupported +fi +{ echo "$as_me:$LINENO: result: $hardcode_action_CXX" >&5 +echo "${ECHO_T}$hardcode_action_CXX" >&6; } + +if test "$hardcode_action_CXX" = relink; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + +# The else clause should only fire when bootstrapping the +# libtool distribution, otherwise you forgot to ship ltmain.sh +# with your package, and you will get complaints that there are +# no rules to generate ltmain.sh. +if test -f "$ltmain"; then + # See if we are running on zsh, and set the options which allow our commands through + # without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + # Now quote all the things that may contain metacharacters while being + # careful not to overquote the AC_SUBSTed values. We take copies of the + # variables and quote the copies for generation of the libtool script. + for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ + SED SHELL STRIP \ + libname_spec library_names_spec soname_spec extract_expsyms_cmds \ + old_striplib striplib file_magic_cmd finish_cmds finish_eval \ + deplibs_check_method reload_flag reload_cmds need_locks \ + lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ + lt_cv_sys_global_symbol_to_c_name_address \ + sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ + old_postinstall_cmds old_postuninstall_cmds \ + compiler_CXX \ + CC_CXX \ + LD_CXX \ + lt_prog_compiler_wl_CXX \ + lt_prog_compiler_pic_CXX \ + lt_prog_compiler_static_CXX \ + lt_prog_compiler_no_builtin_flag_CXX \ + export_dynamic_flag_spec_CXX \ + thread_safe_flag_spec_CXX \ + whole_archive_flag_spec_CXX \ + enable_shared_with_static_runtimes_CXX \ + old_archive_cmds_CXX \ + old_archive_from_new_cmds_CXX \ + predep_objects_CXX \ + postdep_objects_CXX \ + predeps_CXX \ + postdeps_CXX \ + compiler_lib_search_path_CXX \ + archive_cmds_CXX \ + archive_expsym_cmds_CXX \ + postinstall_cmds_CXX \ + postuninstall_cmds_CXX \ + old_archive_from_expsyms_cmds_CXX \ + allow_undefined_flag_CXX \ + no_undefined_flag_CXX \ + export_symbols_cmds_CXX \ + hardcode_libdir_flag_spec_CXX \ + hardcode_libdir_flag_spec_ld_CXX \ + hardcode_libdir_separator_CXX \ + hardcode_automatic_CXX \ + module_cmds_CXX \ + module_expsym_cmds_CXX \ + lt_cv_prog_compiler_c_o_CXX \ + exclude_expsyms_CXX \ + include_expsyms_CXX; do + + case $var in + old_archive_cmds_CXX | \ + old_archive_from_new_cmds_CXX | \ + archive_cmds_CXX | \ + archive_expsym_cmds_CXX | \ + module_cmds_CXX | \ + module_expsym_cmds_CXX | \ + old_archive_from_expsyms_cmds_CXX | \ + export_symbols_cmds_CXX | \ + extract_expsyms_cmds | reload_cmds | finish_cmds | \ + postinstall_cmds | postuninstall_cmds | \ + old_postinstall_cmds | old_postuninstall_cmds | \ + sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) + # Double-quote double-evaled strings. + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" + ;; + *) + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" + ;; + esac + done + + case $lt_echo in + *'\$0 --fallback-echo"') + lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` + ;; + esac + +cfgfile="$ofile" + + cat <<__EOF__ >> "$cfgfile" +# ### BEGIN LIBTOOL TAG CONFIG: $tagname + +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc_CXX + +# Whether or not to disallow shared libs when runtime libs are static +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# An echo program that does not interpret backslashes. +echo=$lt_echo + +# The archiver. +AR=$lt_AR +AR_FLAGS=$lt_AR_FLAGS + +# A C compiler. +LTCC=$lt_LTCC + +# LTCC compiler flags. +LTCFLAGS=$lt_LTCFLAGS + +# A language-specific compiler. +CC=$lt_compiler_CXX + +# Is the compiler the GNU C compiler? +with_gcc=$GCC_CXX + +# An ERE matcher. +EGREP=$lt_EGREP + +# The linker used to build libraries. +LD=$lt_LD_CXX + +# Whether we need hard or soft links. +LN_S=$lt_LN_S + +# A BSD-compatible nm program. +NM=$lt_NM + +# A symbol stripping program +STRIP=$lt_STRIP + +# Used to examine libraries when file_magic_cmd begins "file" +MAGIC_CMD=$MAGIC_CMD + +# Used on cygwin: DLL creation program. +DLLTOOL="$DLLTOOL" + +# Used on cygwin: object dumper. +OBJDUMP="$OBJDUMP" + +# Used on cygwin: assembler. +AS="$AS" + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl_CXX + +# Object file suffix (normally "o"). +objext="$ac_objext" + +# Old archive suffix (normally "a"). +libext="$libext" + +# Shared library suffix (normally ".so"). +shrext_cmds='$shrext_cmds' + +# Executable file suffix (normally ""). +exeext="$exeext" + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic_CXX +pic_mode=$pic_mode + +# What is the maximum length of a command? +max_cmd_len=$lt_cv_sys_max_cmd_len + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Do we need the lib prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static_CXX + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX + +# Compiler flag to generate thread-safe objects. +thread_safe_flag_spec=$lt_thread_safe_flag_spec_CXX + +# Library versioning type. +version_type=$version_type + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME. +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Commands used to build and install an old-style archive. +RANLIB=$lt_RANLIB +old_archive_cmds=$lt_old_archive_cmds_CXX +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX + +# Commands used to build and install a shared archive. +archive_cmds=$lt_archive_cmds_CXX +archive_expsym_cmds=$lt_archive_expsym_cmds_CXX +postinstall_cmds=$lt_postinstall_cmds +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to build a loadable module (assumed same as above if empty) +module_cmds=$lt_module_cmds_CXX +module_expsym_cmds=$lt_module_expsym_cmds_CXX + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + +# Dependencies to place before the objects being linked to create a +# shared library. +predep_objects=$lt_predep_objects_CXX + +# Dependencies to place after the objects being linked to create a +# shared library. +postdep_objects=$lt_postdep_objects_CXX + +# Dependencies to place before the objects being linked to create a +# shared library. +predeps=$lt_predeps_CXX + +# Dependencies to place after the objects being linked to create a +# shared library. +postdeps=$lt_postdeps_CXX + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path_CXX + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method == file_magic. +file_magic_cmd=$lt_file_magic_cmd + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag_CXX + +# Flag that forces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag_CXX + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# Same as above, but a single script fragment to be evaled but not shown. +finish_eval=$lt_finish_eval + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# This is the shared library runtime path variable. +runpath_var=$runpath_var + +# This is the shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action_CXX + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist. +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX + +# If ld is used when linking, flag to hardcode \$libdir into +# a binary during linking. This must work even if \$libdir does +# not exist. +hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX + +# Whether we need a single -rpath flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX + +# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the +# resulting binary. +hardcode_direct=$hardcode_direct_CXX + +# Set to yes if using the -LDIR flag during linking hardcodes DIR into the +# resulting binary. +hardcode_minus_L=$hardcode_minus_L_CXX + +# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into +# the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX + +# Set to yes if building a shared library automatically hardcodes DIR into the library +# and all subsequent libraries and executables linked against it. +hardcode_automatic=$hardcode_automatic_CXX + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at relink time. +variables_saved_for_relink="$variables_saved_for_relink" + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs_CXX + +# Compile-time system search path for libraries +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Fix the shell variable \$srcfile for the compiler. +fix_srcfile_path="$fix_srcfile_path_CXX" + +# Set to yes if exported symbols are required. +always_export_symbols=$always_export_symbols_CXX + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds_CXX + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms_CXX + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms_CXX + +# ### END LIBTOOL TAG CONFIG: $tagname + +__EOF__ + + +else + # If there is no Makefile yet, we rely on a make rule to execute + # `config.status --recheck' to rerun these tests and create the + # libtool script then. + ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` + if test -f "$ltmain_in"; then + test -f Makefile && make "$ltmain" + fi +fi + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC=$lt_save_CC +LDCXX=$LD +LD=$lt_save_LD +GCC=$lt_save_GCC +with_gnu_ldcxx=$with_gnu_ld +with_gnu_ld=$lt_save_with_gnu_ld +lt_cv_path_LDCXX=$lt_cv_path_LD +lt_cv_path_LD=$lt_save_path_LD +lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld +lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld + + else + tagname="" + fi + ;; + + F77) + if test -n "$F77" && test "X$F77" != "Xno"; then + +ac_ext=f +ac_compile='$F77 -c $FFLAGS conftest.$ac_ext >&5' +ac_link='$F77 -o conftest$ac_exeext $FFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_f77_compiler_gnu + + +archive_cmds_need_lc_F77=no +allow_undefined_flag_F77= +always_export_symbols_F77=no +archive_expsym_cmds_F77= +export_dynamic_flag_spec_F77= +hardcode_direct_F77=no +hardcode_libdir_flag_spec_F77= +hardcode_libdir_flag_spec_ld_F77= +hardcode_libdir_separator_F77= +hardcode_minus_L_F77=no +hardcode_automatic_F77=no +module_cmds_F77= +module_expsym_cmds_F77= +link_all_deplibs_F77=unknown +old_archive_cmds_F77=$old_archive_cmds +no_undefined_flag_F77= +whole_archive_flag_spec_F77= +enable_shared_with_static_runtimes_F77=no + +# Source file extension for f77 test sources. +ac_ext=f + +# Object file extension for compiled f77 test sources. +objext=o +objext_F77=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code=" subroutine t\n return\n end\n" + +# Code to be used in simple link tests +lt_simple_link_test_code=" program t\n end\n" + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +printf "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$rm conftest* + +ac_outfile=conftest.$ac_objext +printf "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$rm conftest* + + +# Allow CC to be a program name with arguments. +lt_save_CC="$CC" +CC=${F77-"f77"} +compiler=$CC +compiler_F77=$CC +for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` + + +{ echo "$as_me:$LINENO: checking if libtool supports shared libraries" >&5 +echo $ECHO_N "checking if libtool supports shared libraries... $ECHO_C" >&6; } +{ echo "$as_me:$LINENO: result: $can_build_shared" >&5 +echo "${ECHO_T}$can_build_shared" >&6; } + +{ echo "$as_me:$LINENO: checking whether to build shared libraries" >&5 +echo $ECHO_N "checking whether to build shared libraries... $ECHO_C" >&6; } +test "$can_build_shared" = "no" && enable_shared=no + +# On AIX, shared libraries and static libraries use the same namespace, and +# are all built from PIC. +case $host_os in +aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; +aix4* | aix5*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; +esac +{ echo "$as_me:$LINENO: result: $enable_shared" >&5 +echo "${ECHO_T}$enable_shared" >&6; } + +{ echo "$as_me:$LINENO: checking whether to build static libraries" >&5 +echo $ECHO_N "checking whether to build static libraries... $ECHO_C" >&6; } +# Make sure either enable_shared or enable_static is yes. +test "$enable_shared" = yes || enable_static=yes +{ echo "$as_me:$LINENO: result: $enable_static" >&5 +echo "${ECHO_T}$enable_static" >&6; } + +GCC_F77="$G77" +LD_F77="$LD" + +lt_prog_compiler_wl_F77= +lt_prog_compiler_pic_F77= +lt_prog_compiler_static_F77= + +{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 +echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } + + if test "$GCC" = yes; then + lt_prog_compiler_wl_F77='-Wl,' + lt_prog_compiler_static_F77='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_F77='-Bstatic' + fi + ;; + + amigaos*) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + lt_prog_compiler_pic_F77='-m68020 -resident32 -malways-restore-a4' + ;; + + beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_F77='-DDLL_EXPORT' + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic_F77='-fno-common' + ;; + + interix3*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared_F77=no + enable_shared=no + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic_F77=-Kconform_pic + fi + ;; + + hpux*) + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic_F77='-fPIC' + ;; + esac + ;; + + *) + lt_prog_compiler_pic_F77='-fPIC' + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl_F77='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_F77='-Bstatic' + else + lt_prog_compiler_static_F77='-bnso -bI:/lib/syscalls.exp' + fi + ;; + darwin*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + case $cc_basename in + xlc*) + lt_prog_compiler_pic_F77='-qnocommon' + lt_prog_compiler_wl_F77='-Wl,' + ;; + esac + ;; + + mingw* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_F77='-DDLL_EXPORT' + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl_F77='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic_F77='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static_F77='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl_F77='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static_F77='-non_shared' + ;; + + newsos6) + lt_prog_compiler_pic_F77='-KPIC' + lt_prog_compiler_static_F77='-Bstatic' + ;; + + linux*) + case $cc_basename in + icc* | ecc*) + lt_prog_compiler_wl_F77='-Wl,' + lt_prog_compiler_pic_F77='-KPIC' + lt_prog_compiler_static_F77='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl_F77='-Wl,' + lt_prog_compiler_pic_F77='-fpic' + lt_prog_compiler_static_F77='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl_F77='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static_F77='-non_shared' + ;; + esac + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl_F77='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static_F77='-non_shared' + ;; + + solaris*) + lt_prog_compiler_pic_F77='-KPIC' + lt_prog_compiler_static_F77='-Bstatic' + case $cc_basename in + f77* | f90* | f95*) + lt_prog_compiler_wl_F77='-Qoption ld ';; + *) + lt_prog_compiler_wl_F77='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl_F77='-Qoption ld ' + lt_prog_compiler_pic_F77='-PIC' + lt_prog_compiler_static_F77='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl_F77='-Wl,' + lt_prog_compiler_pic_F77='-KPIC' + lt_prog_compiler_static_F77='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + lt_prog_compiler_pic_F77='-Kconform_pic' + lt_prog_compiler_static_F77='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl_F77='-Wl,' + lt_prog_compiler_pic_F77='-KPIC' + lt_prog_compiler_static_F77='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl_F77='-Wl,' + lt_prog_compiler_can_build_shared_F77=no + ;; + + uts4*) + lt_prog_compiler_pic_F77='-pic' + lt_prog_compiler_static_F77='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared_F77=no + ;; + esac + fi + +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_F77" >&5 +echo "${ECHO_T}$lt_prog_compiler_pic_F77" >&6; } + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic_F77"; then + +{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works" >&5 +echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_F77 works... $ECHO_C" >&6; } +if test "${lt_prog_compiler_pic_works_F77+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_prog_compiler_pic_works_F77=no + ac_outfile=conftest.$ac_objext + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic_F77" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:14691: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:14695: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_prog_compiler_pic_works_F77=yes + fi + fi + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_F77" >&5 +echo "${ECHO_T}$lt_prog_compiler_pic_works_F77" >&6; } + +if test x"$lt_prog_compiler_pic_works_F77" = xyes; then + case $lt_prog_compiler_pic_F77 in + "" | " "*) ;; + *) lt_prog_compiler_pic_F77=" $lt_prog_compiler_pic_F77" ;; + esac +else + lt_prog_compiler_pic_F77= + lt_prog_compiler_can_build_shared_F77=no +fi + +fi +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic_F77= + ;; + *) + lt_prog_compiler_pic_F77="$lt_prog_compiler_pic_F77" + ;; +esac + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl_F77 eval lt_tmp_static_flag=\"$lt_prog_compiler_static_F77\" +{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } +if test "${lt_prog_compiler_static_works_F77+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_prog_compiler_static_works_F77=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + printf "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_prog_compiler_static_works_F77=yes + fi + else + lt_prog_compiler_static_works_F77=yes + fi + fi + $rm conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_F77" >&5 +echo "${ECHO_T}$lt_prog_compiler_static_works_F77" >&6; } + +if test x"$lt_prog_compiler_static_works_F77" = xyes; then + : +else + lt_prog_compiler_static_F77= +fi + + +{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 +echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } +if test "${lt_cv_prog_compiler_c_o_F77+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_cv_prog_compiler_c_o_F77=no + $rm -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:14795: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:14799: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o_F77=yes + fi + fi + chmod u+w . 2>&5 + $rm conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files + $rm out/* && rmdir out + cd .. + rmdir conftest + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_F77" >&5 +echo "${ECHO_T}$lt_cv_prog_compiler_c_o_F77" >&6; } + + +hard_links="nottested" +if test "$lt_cv_prog_compiler_c_o_F77" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 +echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } + hard_links=yes + $rm conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { echo "$as_me:$LINENO: result: $hard_links" >&5 +echo "${ECHO_T}$hard_links" >&6; } + if test "$hard_links" = no; then + { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 +echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + +{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } + + runpath_var= + allow_undefined_flag_F77= + enable_shared_with_static_runtimes_F77=no + archive_cmds_F77= + archive_expsym_cmds_F77= + old_archive_From_new_cmds_F77= + old_archive_from_expsyms_cmds_F77= + export_dynamic_flag_spec_F77= + whole_archive_flag_spec_F77= + thread_safe_flag_spec_F77= + hardcode_libdir_flag_spec_F77= + hardcode_libdir_flag_spec_ld_F77= + hardcode_libdir_separator_F77= + hardcode_direct_F77=no + hardcode_minus_L_F77=no + hardcode_shlibpath_var_F77=unsupported + link_all_deplibs_F77=unknown + hardcode_automatic_F77=no + module_cmds_F77= + module_expsym_cmds_F77= + always_export_symbols_F77=no + export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + include_expsyms_F77= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + exclude_expsyms_F77="_GLOBAL_OFFSET_TABLE_" + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + extract_expsyms_cmds= + # Just being paranoid about ensuring that cc_basename is set. + for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` + + case $host_os in + cygwin* | mingw* | pw32*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + esac + + ld_shlibs_F77=yes + if test "$with_gnu_ld" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec_F77='${wl}--rpath ${wl}$libdir' + export_dynamic_flag_spec_F77='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec_F77="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + whole_archive_flag_spec_F77= + fi + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix3* | aix4* | aix5*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + ld_shlibs_F77=no + cat <&2 + +*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to modify your PATH +*** so that a non-GNU linker is found, and then restart. + +EOF + fi + ;; + + amigaos*) + archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec_F77='-L$libdir' + hardcode_minus_L_F77=yes + + # Samuel A. Falvo II reports + # that the semantics of dynamic libraries on AmigaOS, at least up + # to version 4, is to share data among multiple programs linked + # with the same dynamic library. Since this doesn't match the + # behavior of shared libraries on other platforms, we can't use + # them. + ld_shlibs_F77=no + ;; + + beos*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag_F77=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds_F77='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + ld_shlibs_F77=no + fi + ;; + + cygwin* | mingw* | pw32*) + # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, F77) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec_F77='-L$libdir' + allow_undefined_flag_F77=unsupported + always_export_symbols_F77=no + enable_shared_with_static_runtimes_F77=yes + export_symbols_cmds_F77='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds_F77='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs_F77=no + fi + ;; + + interix3*) + hardcode_direct_F77=no + hardcode_shlibpath_var_F77=no + hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' + export_dynamic_flag_spec_F77='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds_F77='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds_F77='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + linux*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + tmp_addflag= + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers + whole_archive_flag_spec_F77='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + esac + archive_cmds_F77='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test $supports_anon_versioning = yes; then + archive_expsym_cmds_F77='$echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + $echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + else + ld_shlibs_F77=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_F77='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then + ld_shlibs_F77=no + cat <&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +EOF + elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs_F77=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs_F77=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' + archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' + archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' + else + ld_shlibs_F77=no + fi + ;; + esac + ;; + + sunos4*) + archive_cmds_F77='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + hardcode_direct_F77=yes + hardcode_shlibpath_var_F77=no + ;; + + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs_F77=no + fi + ;; + esac + + if test "$ld_shlibs_F77" = no; then + runpath_var= + hardcode_libdir_flag_spec_F77= + export_dynamic_flag_spec_F77= + whole_archive_flag_spec_F77= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + allow_undefined_flag_F77=unsupported + always_export_symbols_F77=yes + archive_expsym_cmds_F77='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L_F77=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct_F77=unsupported + fi + ;; + + aix4* | aix5*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | grep 'GNU' > /dev/null; then + export_symbols_cmds_F77='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds_F77='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix5*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds_F77='' + hardcode_direct_F77=yes + hardcode_libdir_separator_F77=':' + link_all_deplibs_F77=yes + + if test "$GCC" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && \ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 + hardcode_direct_F77=yes + else + # We have old collect2 + hardcode_direct_F77=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L_F77=yes + hardcode_libdir_flag_spec_F77='-L$libdir' + hardcode_libdir_separator_F77= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols_F77=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag_F77='-berok' + # Determine the default libpath from the value encoded in an empty executable. + cat >conftest.$ac_ext <<_ACEOF + program main + + end +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_f77_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'`; fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds_F77="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec_F77='${wl}-R $libdir:/usr/lib:/lib' + allow_undefined_flag_F77="-z nodefs" + archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an empty executable. + cat >conftest.$ac_ext <<_ACEOF + program main + + end +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_f77_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'`; fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec_F77='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag_F77=' ${wl}-bernotok' + allow_undefined_flag_F77=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec_F77='$convenience' + archive_cmds_need_lc_F77=yes + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds_F77="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + archive_cmds_F77='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec_F77='-L$libdir' + hardcode_minus_L_F77=yes + # see comment about different semantics on the GNU ld section + ld_shlibs_F77=no + ;; + + bsdi[45]*) + export_dynamic_flag_spec_F77=-rdynamic + ;; + + cygwin* | mingw* | pw32*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec_F77=' ' + allow_undefined_flag_F77=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds_F77='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_From_new_cmds_F77='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds_F77='lib /OUT:$oldlib$oldobjs$old_deplibs' + fix_srcfile_path_F77='`cygpath -w "$srcfile"`' + enable_shared_with_static_runtimes_F77=yes + ;; + + darwin* | rhapsody*) + case $host_os in + rhapsody* | darwin1.[012]) + allow_undefined_flag_F77='${wl}-undefined ${wl}suppress' + ;; + *) # Darwin 1.3 on + if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then + allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + else + case ${MACOSX_DEPLOYMENT_TARGET} in + 10.[012]) + allow_undefined_flag_F77='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + ;; + 10.*) + allow_undefined_flag_F77='${wl}-undefined ${wl}dynamic_lookup' + ;; + esac + fi + ;; + esac + archive_cmds_need_lc_F77=no + hardcode_direct_F77=no + hardcode_automatic_F77=yes + hardcode_shlibpath_var_F77=unsupported + whole_archive_flag_spec_F77='' + link_all_deplibs_F77=yes + if test "$GCC" = yes ; then + output_verbose_link_cmd='echo' + archive_cmds_F77='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' + module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + else + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' + archive_cmds_F77='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' + module_cmds_F77='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + archive_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds_F77='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) + ld_shlibs_F77=no + ;; + esac + fi + ;; + + dgux*) + archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec_F77='-L$libdir' + hardcode_shlibpath_var_F77=no + ;; + + freebsd1*) + ld_shlibs_F77=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + hardcode_libdir_flag_spec_F77='-R$libdir' + hardcode_direct_F77=yes + hardcode_shlibpath_var_F77=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2*) + archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct_F77=yes + hardcode_minus_L_F77=yes + hardcode_shlibpath_var_F77=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | kfreebsd*-gnu | dragonfly*) + archive_cmds_F77='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec_F77='-R$libdir' + hardcode_direct_F77=yes + hardcode_shlibpath_var_F77=no + ;; + + hpux9*) + if test "$GCC" = yes; then + archive_cmds_F77='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + archive_cmds_F77='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir' + hardcode_libdir_separator_F77=: + hardcode_direct_F77=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L_F77=yes + export_dynamic_flag_spec_F77='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds_F77='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir' + hardcode_libdir_separator_F77=: + + hardcode_direct_F77=yes + export_dynamic_flag_spec_F77='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L_F77=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds_F77='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds_F77='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds_F77='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec_F77='${wl}+b ${wl}$libdir' + hardcode_libdir_separator_F77=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_libdir_flag_spec_ld_F77='+b $libdir' + hardcode_direct_F77=no + hardcode_shlibpath_var_F77=no + ;; + *) + hardcode_direct_F77=yes + export_dynamic_flag_spec_F77='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L_F77=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + archive_cmds_F77='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + archive_cmds_F77='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + hardcode_libdir_flag_spec_ld_F77='-rpath $libdir' + fi + hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_F77=: + link_all_deplibs_F77=yes + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + archive_cmds_F77='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + hardcode_libdir_flag_spec_F77='-R$libdir' + hardcode_direct_F77=yes + hardcode_shlibpath_var_F77=no + ;; + + newsos6) + archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct_F77=yes + hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_F77=: + hardcode_shlibpath_var_F77=no + ;; + + openbsd*) + hardcode_direct_F77=yes + hardcode_shlibpath_var_F77=no + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' + export_dynamic_flag_spec_F77='${wl}-E' + else + case $host_os in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + archive_cmds_F77='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec_F77='-R$libdir' + ;; + *) + archive_cmds_F77='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec_F77='${wl}-rpath,$libdir' + ;; + esac + fi + ;; + + os2*) + hardcode_libdir_flag_spec_F77='-L$libdir' + hardcode_minus_L_F77=yes + allow_undefined_flag_F77=unsupported + archive_cmds_F77='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + old_archive_From_new_cmds_F77='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + allow_undefined_flag_F77=' -expect_unresolved \*' + archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + fi + hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_F77=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + allow_undefined_flag_F77=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds_F77='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + hardcode_libdir_flag_spec_F77='${wl}-rpath ${wl}$libdir' + else + allow_undefined_flag_F77=' -expect_unresolved \*' + archive_cmds_F77='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds_F77='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ + $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' + + # Both c and cxx compiler support -rpath directly + hardcode_libdir_flag_spec_F77='-rpath $libdir' + fi + hardcode_libdir_separator_F77=: + ;; + + solaris*) + no_undefined_flag_F77=' -z text' + if test "$GCC" = yes; then + wlarc='${wl}' + archive_cmds_F77='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' + else + wlarc='' + archive_cmds_F77='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds_F77='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' + fi + hardcode_libdir_flag_spec_F77='-R$libdir' + hardcode_shlibpath_var_F77=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine linker options so we + # cannot just pass the convience library names through + # without $wl, iff we do not link with $LD. + # Luckily, gcc supports the same syntax we need for Sun Studio. + # Supported since Solaris 2.6 (maybe 2.5.1?) + case $wlarc in + '') + whole_archive_flag_spec_F77='-z allextract$convenience -z defaultextract' ;; + *) + whole_archive_flag_spec_F77='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; + esac ;; + esac + link_all_deplibs_F77=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + archive_cmds_F77='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds_F77='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + hardcode_libdir_flag_spec_F77='-L$libdir' + hardcode_direct_F77=yes + hardcode_minus_L_F77=yes + hardcode_shlibpath_var_F77=no + ;; + + sysv4) + case $host_vendor in + sni) + archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct_F77=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + archive_cmds_F77='$LD -G -o $lib $libobjs $deplibs $linker_flags' + reload_cmds_F77='$CC -r -o $output$reload_objs' + hardcode_direct_F77=no + ;; + motorola) + archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct_F77=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + hardcode_shlibpath_var_F77=no + ;; + + sysv4.3*) + archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var_F77=no + export_dynamic_flag_spec_F77='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var_F77=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + ld_shlibs_F77=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) + no_undefined_flag_F77='${wl}-z,text' + archive_cmds_need_lc_F77=no + hardcode_shlibpath_var_F77=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds_F77='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds_F77='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag_F77='${wl}-z,text' + allow_undefined_flag_F77='${wl}-z,nodefs' + archive_cmds_need_lc_F77=no + hardcode_shlibpath_var_F77=no + hardcode_libdir_flag_spec_F77='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + hardcode_libdir_separator_F77=':' + link_all_deplibs_F77=yes + export_dynamic_flag_spec_F77='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds_F77='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_F77='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds_F77='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_F77='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + archive_cmds_F77='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec_F77='-L$libdir' + hardcode_shlibpath_var_F77=no + ;; + + *) + ld_shlibs_F77=no + ;; + esac + fi + +{ echo "$as_me:$LINENO: result: $ld_shlibs_F77" >&5 +echo "${ECHO_T}$ld_shlibs_F77" >&6; } +test "$ld_shlibs_F77" = no && can_build_shared=no + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc_F77" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc_F77=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $archive_cmds_F77 in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 +echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } + $rm conftest* + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl_F77 + pic_flag=$lt_prog_compiler_pic_F77 + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag_F77 + allow_undefined_flag_F77= + if { (eval echo "$as_me:$LINENO: \"$archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 + (eval $archive_cmds_F77 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + then + archive_cmds_need_lc_F77=no + else + archive_cmds_need_lc_F77=yes + fi + allow_undefined_flag_F77=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $rm conftest* + { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_F77" >&5 +echo "${ECHO_T}$archive_cmds_need_lc_F77" >&6; } + ;; + esac + fi + ;; +esac + +{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 +echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix4* | aix5*) + version_type=linux + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$host_os in + yes,cygwin* | yes,mingw* | yes,pw32*) + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $rm \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" + ;; + mingw*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH printed by + # mingw gcc, but we are running on Cygwin. Gcc prints its search + # path with ; separators, and with drive letters. We can handle the + # drive letters (cygwin fileutils understands them), so leave them, + # especially as we might pass files found there to a mingw objdump, + # which wouldn't understand a cygwinified path. Ahh. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + ;; + esac + ;; + + linux*) + if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ 01.* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + if test $supports_anon_versioning = yes; then + archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~ +cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ +$echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + else + $archive_expsym_cmds="$archive_cmds" + fi + else + ld_shlibs=no + fi + ;; + + *) + library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + ;; + esac + dynamic_linker='Win32 ld.exe' + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. + if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` + else + sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' + fi + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd1*) + dynamic_linker=no + ;; + +kfreebsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[123]*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + # Handle Gentoo/FreeBSD as it was Linux + case $host_vendor in + gentoo) + version_type=linux ;; + *) + version_type=freebsd-$objformat ;; + esac + + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + linux) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + need_lib_prefix=no + need_version=no + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + freebsd*) # from 4.6 on + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555. + postinstall_cmds='chmod 555 $lib' + ;; + +interix3*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be Linux ELF. +linux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +knetbsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +nto-qnx*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[89] | openbsd2.[89].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +solaris*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + export_dynamic_flag_spec='${wl}-Blargedynsym' + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + shlibpath_overrides_runpath=no + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + shlibpath_overrides_runpath=yes + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +uts4*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5 +echo "${ECHO_T}$dynamic_linker" >&6; } +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 +echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } +hardcode_action_F77= +if test -n "$hardcode_libdir_flag_spec_F77" || \ + test -n "$runpath_var_F77" || \ + test "X$hardcode_automatic_F77" = "Xyes" ; then + + # We can hardcode non-existant directories. + if test "$hardcode_direct_F77" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, F77)" != no && + test "$hardcode_minus_L_F77" != no; then + # Linking always hardcodes the temporary library directory. + hardcode_action_F77=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action_F77=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action_F77=unsupported +fi +{ echo "$as_me:$LINENO: result: $hardcode_action_F77" >&5 +echo "${ECHO_T}$hardcode_action_F77" >&6; } + +if test "$hardcode_action_F77" = relink; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + +# The else clause should only fire when bootstrapping the +# libtool distribution, otherwise you forgot to ship ltmain.sh +# with your package, and you will get complaints that there are +# no rules to generate ltmain.sh. +if test -f "$ltmain"; then + # See if we are running on zsh, and set the options which allow our commands through + # without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + # Now quote all the things that may contain metacharacters while being + # careful not to overquote the AC_SUBSTed values. We take copies of the + # variables and quote the copies for generation of the libtool script. + for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ + SED SHELL STRIP \ + libname_spec library_names_spec soname_spec extract_expsyms_cmds \ + old_striplib striplib file_magic_cmd finish_cmds finish_eval \ + deplibs_check_method reload_flag reload_cmds need_locks \ + lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ + lt_cv_sys_global_symbol_to_c_name_address \ + sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ + old_postinstall_cmds old_postuninstall_cmds \ + compiler_F77 \ + CC_F77 \ + LD_F77 \ + lt_prog_compiler_wl_F77 \ + lt_prog_compiler_pic_F77 \ + lt_prog_compiler_static_F77 \ + lt_prog_compiler_no_builtin_flag_F77 \ + export_dynamic_flag_spec_F77 \ + thread_safe_flag_spec_F77 \ + whole_archive_flag_spec_F77 \ + enable_shared_with_static_runtimes_F77 \ + old_archive_cmds_F77 \ + old_archive_from_new_cmds_F77 \ + predep_objects_F77 \ + postdep_objects_F77 \ + predeps_F77 \ + postdeps_F77 \ + compiler_lib_search_path_F77 \ + archive_cmds_F77 \ + archive_expsym_cmds_F77 \ + postinstall_cmds_F77 \ + postuninstall_cmds_F77 \ + old_archive_from_expsyms_cmds_F77 \ + allow_undefined_flag_F77 \ + no_undefined_flag_F77 \ + export_symbols_cmds_F77 \ + hardcode_libdir_flag_spec_F77 \ + hardcode_libdir_flag_spec_ld_F77 \ + hardcode_libdir_separator_F77 \ + hardcode_automatic_F77 \ + module_cmds_F77 \ + module_expsym_cmds_F77 \ + lt_cv_prog_compiler_c_o_F77 \ + exclude_expsyms_F77 \ + include_expsyms_F77; do + + case $var in + old_archive_cmds_F77 | \ + old_archive_from_new_cmds_F77 | \ + archive_cmds_F77 | \ + archive_expsym_cmds_F77 | \ + module_cmds_F77 | \ + module_expsym_cmds_F77 | \ + old_archive_from_expsyms_cmds_F77 | \ + export_symbols_cmds_F77 | \ + extract_expsyms_cmds | reload_cmds | finish_cmds | \ + postinstall_cmds | postuninstall_cmds | \ + old_postinstall_cmds | old_postuninstall_cmds | \ + sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) + # Double-quote double-evaled strings. + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" + ;; + *) + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" + ;; + esac + done + + case $lt_echo in + *'\$0 --fallback-echo"') + lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` + ;; + esac + +cfgfile="$ofile" + + cat <<__EOF__ >> "$cfgfile" +# ### BEGIN LIBTOOL TAG CONFIG: $tagname + +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc_F77 + +# Whether or not to disallow shared libs when runtime libs are static +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_F77 + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# An echo program that does not interpret backslashes. +echo=$lt_echo + +# The archiver. +AR=$lt_AR +AR_FLAGS=$lt_AR_FLAGS + +# A C compiler. +LTCC=$lt_LTCC + +# LTCC compiler flags. +LTCFLAGS=$lt_LTCFLAGS + +# A language-specific compiler. +CC=$lt_compiler_F77 + +# Is the compiler the GNU C compiler? +with_gcc=$GCC_F77 + +# An ERE matcher. +EGREP=$lt_EGREP + +# The linker used to build libraries. +LD=$lt_LD_F77 + +# Whether we need hard or soft links. +LN_S=$lt_LN_S + +# A BSD-compatible nm program. +NM=$lt_NM + +# A symbol stripping program +STRIP=$lt_STRIP + +# Used to examine libraries when file_magic_cmd begins "file" +MAGIC_CMD=$MAGIC_CMD + +# Used on cygwin: DLL creation program. +DLLTOOL="$DLLTOOL" + +# Used on cygwin: object dumper. +OBJDUMP="$OBJDUMP" + +# Used on cygwin: assembler. +AS="$AS" + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl_F77 + +# Object file suffix (normally "o"). +objext="$ac_objext" + +# Old archive suffix (normally "a"). +libext="$libext" + +# Shared library suffix (normally ".so"). +shrext_cmds='$shrext_cmds' + +# Executable file suffix (normally ""). +exeext="$exeext" + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic_F77 +pic_mode=$pic_mode + +# What is the maximum length of a command? +max_cmd_len=$lt_cv_sys_max_cmd_len + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o_F77 + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Do we need the lib prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static_F77 + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_F77 + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_F77 + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec_F77 + +# Compiler flag to generate thread-safe objects. +thread_safe_flag_spec=$lt_thread_safe_flag_spec_F77 + +# Library versioning type. +version_type=$version_type + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME. +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Commands used to build and install an old-style archive. +RANLIB=$lt_RANLIB +old_archive_cmds=$lt_old_archive_cmds_F77 +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_F77 + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_F77 + +# Commands used to build and install a shared archive. +archive_cmds=$lt_archive_cmds_F77 +archive_expsym_cmds=$lt_archive_expsym_cmds_F77 +postinstall_cmds=$lt_postinstall_cmds +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to build a loadable module (assumed same as above if empty) +module_cmds=$lt_module_cmds_F77 +module_expsym_cmds=$lt_module_expsym_cmds_F77 + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + +# Dependencies to place before the objects being linked to create a +# shared library. +predep_objects=$lt_predep_objects_F77 + +# Dependencies to place after the objects being linked to create a +# shared library. +postdep_objects=$lt_postdep_objects_F77 + +# Dependencies to place before the objects being linked to create a +# shared library. +predeps=$lt_predeps_F77 + +# Dependencies to place after the objects being linked to create a +# shared library. +postdeps=$lt_postdeps_F77 + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path_F77 + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method == file_magic. +file_magic_cmd=$lt_file_magic_cmd + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag_F77 + +# Flag that forces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag_F77 + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# Same as above, but a single script fragment to be evaled but not shown. +finish_eval=$lt_finish_eval + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# This is the shared library runtime path variable. +runpath_var=$runpath_var + +# This is the shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action_F77 + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist. +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_F77 + +# If ld is used when linking, flag to hardcode \$libdir into +# a binary during linking. This must work even if \$libdir does +# not exist. +hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_F77 + +# Whether we need a single -rpath flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator_F77 + +# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the +# resulting binary. +hardcode_direct=$hardcode_direct_F77 + +# Set to yes if using the -LDIR flag during linking hardcodes DIR into the +# resulting binary. +hardcode_minus_L=$hardcode_minus_L_F77 + +# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into +# the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var_F77 + +# Set to yes if building a shared library automatically hardcodes DIR into the library +# and all subsequent libraries and executables linked against it. +hardcode_automatic=$hardcode_automatic_F77 + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at relink time. +variables_saved_for_relink="$variables_saved_for_relink" + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs_F77 + +# Compile-time system search path for libraries +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Fix the shell variable \$srcfile for the compiler. +fix_srcfile_path="$fix_srcfile_path_F77" + +# Set to yes if exported symbols are required. +always_export_symbols=$always_export_symbols_F77 + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds_F77 + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms_F77 + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms_F77 + +# ### END LIBTOOL TAG CONFIG: $tagname + +__EOF__ + + +else + # If there is no Makefile yet, we rely on a make rule to execute + # `config.status --recheck' to rerun these tests and create the + # libtool script then. + ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` + if test -f "$ltmain_in"; then + test -f Makefile && make "$ltmain" + fi +fi + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC="$lt_save_CC" + + else + tagname="" + fi + ;; + + GCJ) + if test -n "$GCJ" && test "X$GCJ" != "Xno"; then + + +# Source file extension for Java test sources. +ac_ext=java + +# Object file extension for compiled Java test sources. +objext=o +objext_GCJ=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="class foo {}\n" + +# Code to be used in simple link tests +lt_simple_link_test_code='public class conftest { public static void main(String[] argv) {}; }\n' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +printf "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$rm conftest* + +ac_outfile=conftest.$ac_objext +printf "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$rm conftest* + + +# Allow CC to be a program name with arguments. +lt_save_CC="$CC" +CC=${GCJ-"gcj"} +compiler=$CC +compiler_GCJ=$CC +for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` + + +# GCJ did not exist at the time GCC didn't implicitly link libc in. +archive_cmds_need_lc_GCJ=no + +old_archive_cmds_GCJ=$old_archive_cmds + + +lt_prog_compiler_no_builtin_flag_GCJ= + +if test "$GCC" = yes; then + lt_prog_compiler_no_builtin_flag_GCJ=' -fno-builtin' + + +{ echo "$as_me:$LINENO: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +echo $ECHO_N "checking if $compiler supports -fno-rtti -fno-exceptions... $ECHO_C" >&6; } +if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:17030: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:17034: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_rtti_exceptions=yes + fi + fi + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +echo "${ECHO_T}$lt_cv_prog_compiler_rtti_exceptions" >&6; } + +if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then + lt_prog_compiler_no_builtin_flag_GCJ="$lt_prog_compiler_no_builtin_flag_GCJ -fno-rtti -fno-exceptions" +else + : +fi + +fi + +lt_prog_compiler_wl_GCJ= +lt_prog_compiler_pic_GCJ= +lt_prog_compiler_static_GCJ= + +{ echo "$as_me:$LINENO: checking for $compiler option to produce PIC" >&5 +echo $ECHO_N "checking for $compiler option to produce PIC... $ECHO_C" >&6; } + + if test "$GCC" = yes; then + lt_prog_compiler_wl_GCJ='-Wl,' + lt_prog_compiler_static_GCJ='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_GCJ='-Bstatic' + fi + ;; + + amigaos*) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + lt_prog_compiler_pic_GCJ='-m68020 -resident32 -malways-restore-a4' + ;; + + beos* | cygwin* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic_GCJ='-fno-common' + ;; + + interix3*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared_GCJ=no + enable_shared=no + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic_GCJ=-Kconform_pic + fi + ;; + + hpux*) + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic_GCJ='-fPIC' + ;; + esac + ;; + + *) + lt_prog_compiler_pic_GCJ='-fPIC' + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl_GCJ='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_GCJ='-Bstatic' + else + lt_prog_compiler_static_GCJ='-bnso -bI:/lib/syscalls.exp' + fi + ;; + darwin*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + case $cc_basename in + xlc*) + lt_prog_compiler_pic_GCJ='-qnocommon' + lt_prog_compiler_wl_GCJ='-Wl,' + ;; + esac + ;; + + mingw* | pw32* | os2*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_GCJ='-DDLL_EXPORT' + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl_GCJ='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic_GCJ='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static_GCJ='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl_GCJ='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static_GCJ='-non_shared' + ;; + + newsos6) + lt_prog_compiler_pic_GCJ='-KPIC' + lt_prog_compiler_static_GCJ='-Bstatic' + ;; + + linux*) + case $cc_basename in + icc* | ecc*) + lt_prog_compiler_wl_GCJ='-Wl,' + lt_prog_compiler_pic_GCJ='-KPIC' + lt_prog_compiler_static_GCJ='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl_GCJ='-Wl,' + lt_prog_compiler_pic_GCJ='-fpic' + lt_prog_compiler_static_GCJ='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl_GCJ='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static_GCJ='-non_shared' + ;; + esac + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl_GCJ='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static_GCJ='-non_shared' + ;; + + solaris*) + lt_prog_compiler_pic_GCJ='-KPIC' + lt_prog_compiler_static_GCJ='-Bstatic' + case $cc_basename in + f77* | f90* | f95*) + lt_prog_compiler_wl_GCJ='-Qoption ld ';; + *) + lt_prog_compiler_wl_GCJ='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl_GCJ='-Qoption ld ' + lt_prog_compiler_pic_GCJ='-PIC' + lt_prog_compiler_static_GCJ='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl_GCJ='-Wl,' + lt_prog_compiler_pic_GCJ='-KPIC' + lt_prog_compiler_static_GCJ='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + lt_prog_compiler_pic_GCJ='-Kconform_pic' + lt_prog_compiler_static_GCJ='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl_GCJ='-Wl,' + lt_prog_compiler_pic_GCJ='-KPIC' + lt_prog_compiler_static_GCJ='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl_GCJ='-Wl,' + lt_prog_compiler_can_build_shared_GCJ=no + ;; + + uts4*) + lt_prog_compiler_pic_GCJ='-pic' + lt_prog_compiler_static_GCJ='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared_GCJ=no + ;; + esac + fi + +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_GCJ" >&5 +echo "${ECHO_T}$lt_prog_compiler_pic_GCJ" >&6; } + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic_GCJ"; then + +{ echo "$as_me:$LINENO: checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works" >&5 +echo $ECHO_N "checking if $compiler PIC flag $lt_prog_compiler_pic_GCJ works... $ECHO_C" >&6; } +if test "${lt_prog_compiler_pic_works_GCJ+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_prog_compiler_pic_works_GCJ=no + ac_outfile=conftest.$ac_objext + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic_GCJ" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:17298: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:17302: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_prog_compiler_pic_works_GCJ=yes + fi + fi + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_pic_works_GCJ" >&5 +echo "${ECHO_T}$lt_prog_compiler_pic_works_GCJ" >&6; } + +if test x"$lt_prog_compiler_pic_works_GCJ" = xyes; then + case $lt_prog_compiler_pic_GCJ in + "" | " "*) ;; + *) lt_prog_compiler_pic_GCJ=" $lt_prog_compiler_pic_GCJ" ;; + esac +else + lt_prog_compiler_pic_GCJ= + lt_prog_compiler_can_build_shared_GCJ=no +fi + +fi +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic_GCJ= + ;; + *) + lt_prog_compiler_pic_GCJ="$lt_prog_compiler_pic_GCJ" + ;; +esac + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl_GCJ eval lt_tmp_static_flag=\"$lt_prog_compiler_static_GCJ\" +{ echo "$as_me:$LINENO: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +echo $ECHO_N "checking if $compiler static flag $lt_tmp_static_flag works... $ECHO_C" >&6; } +if test "${lt_prog_compiler_static_works_GCJ+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_prog_compiler_static_works_GCJ=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + printf "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $echo "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_prog_compiler_static_works_GCJ=yes + fi + else + lt_prog_compiler_static_works_GCJ=yes + fi + fi + $rm conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ echo "$as_me:$LINENO: result: $lt_prog_compiler_static_works_GCJ" >&5 +echo "${ECHO_T}$lt_prog_compiler_static_works_GCJ" >&6; } + +if test x"$lt_prog_compiler_static_works_GCJ" = xyes; then + : +else + lt_prog_compiler_static_GCJ= +fi + + +{ echo "$as_me:$LINENO: checking if $compiler supports -c -o file.$ac_objext" >&5 +echo $ECHO_N "checking if $compiler supports -c -o file.$ac_objext... $ECHO_C" >&6; } +if test "${lt_cv_prog_compiler_c_o_GCJ+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + lt_cv_prog_compiler_c_o_GCJ=no + $rm -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:17402: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:17406: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $echo "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o_GCJ=yes + fi + fi + chmod u+w . 2>&5 + $rm conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $rm out/ii_files/* && rmdir out/ii_files + $rm out/* && rmdir out + cd .. + rmdir conftest + $rm conftest* + +fi +{ echo "$as_me:$LINENO: result: $lt_cv_prog_compiler_c_o_GCJ" >&5 +echo "${ECHO_T}$lt_cv_prog_compiler_c_o_GCJ" >&6; } + + +hard_links="nottested" +if test "$lt_cv_prog_compiler_c_o_GCJ" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + { echo "$as_me:$LINENO: checking if we can lock with hard links" >&5 +echo $ECHO_N "checking if we can lock with hard links... $ECHO_C" >&6; } + hard_links=yes + $rm conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { echo "$as_me:$LINENO: result: $hard_links" >&5 +echo "${ECHO_T}$hard_links" >&6; } + if test "$hard_links" = no; then + { echo "$as_me:$LINENO: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 +echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + +{ echo "$as_me:$LINENO: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +echo $ECHO_N "checking whether the $compiler linker ($LD) supports shared libraries... $ECHO_C" >&6; } + + runpath_var= + allow_undefined_flag_GCJ= + enable_shared_with_static_runtimes_GCJ=no + archive_cmds_GCJ= + archive_expsym_cmds_GCJ= + old_archive_From_new_cmds_GCJ= + old_archive_from_expsyms_cmds_GCJ= + export_dynamic_flag_spec_GCJ= + whole_archive_flag_spec_GCJ= + thread_safe_flag_spec_GCJ= + hardcode_libdir_flag_spec_GCJ= + hardcode_libdir_flag_spec_ld_GCJ= + hardcode_libdir_separator_GCJ= + hardcode_direct_GCJ=no + hardcode_minus_L_GCJ=no + hardcode_shlibpath_var_GCJ=unsupported + link_all_deplibs_GCJ=unknown + hardcode_automatic_GCJ=no + module_cmds_GCJ= + module_expsym_cmds_GCJ= + always_export_symbols_GCJ=no + export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + include_expsyms_GCJ= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + exclude_expsyms_GCJ="_GLOBAL_OFFSET_TABLE_" + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + extract_expsyms_cmds= + # Just being paranoid about ensuring that cc_basename is set. + for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` + + case $host_os in + cygwin* | mingw* | pw32*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + esac + + ld_shlibs_GCJ=yes + if test "$with_gnu_ld" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec_GCJ='${wl}--rpath ${wl}$libdir' + export_dynamic_flag_spec_GCJ='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | grep 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec_GCJ="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + whole_archive_flag_spec_GCJ= + fi + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix3* | aix4* | aix5*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + ld_shlibs_GCJ=no + cat <&2 + +*** Warning: the GNU linker, at least up to release 2.9.1, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to modify your PATH +*** so that a non-GNU linker is found, and then restart. + +EOF + fi + ;; + + amigaos*) + archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec_GCJ='-L$libdir' + hardcode_minus_L_GCJ=yes + + # Samuel A. Falvo II reports + # that the semantics of dynamic libraries on AmigaOS, at least up + # to version 4, is to share data among multiple programs linked + # with the same dynamic library. Since this doesn't match the + # behavior of shared libraries on other platforms, we can't use + # them. + ld_shlibs_GCJ=no + ;; + + beos*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag_GCJ=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds_GCJ='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + ld_shlibs_GCJ=no + fi + ;; + + cygwin* | mingw* | pw32*) + # _LT_AC_TAGVAR(hardcode_libdir_flag_spec, GCJ) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec_GCJ='-L$libdir' + allow_undefined_flag_GCJ=unsupported + always_export_symbols_GCJ=no + enable_shared_with_static_runtimes_GCJ=yes + export_symbols_cmds_GCJ='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS] /s/.* \([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW] /s/.* //'\'' | sort | uniq > $export_symbols' + + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds_GCJ='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs_GCJ=no + fi + ;; + + interix3*) + hardcode_direct_GCJ=no + hardcode_shlibpath_var_GCJ=no + hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' + export_dynamic_flag_spec_GCJ='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds_GCJ='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds_GCJ='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + linux*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + tmp_addflag= + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers + whole_archive_flag_spec_GCJ='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + esac + archive_cmds_GCJ='$CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test $supports_anon_versioning = yes; then + archive_expsym_cmds_GCJ='$echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + $echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -shared'"$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + else + ld_shlibs_GCJ=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_GCJ='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then + ld_shlibs_GCJ=no + cat <&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +EOF + elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs_GCJ=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs_GCJ=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' + archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib' + archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname,\${SCOABSPATH:+${install_libdir}/}$soname,-retain-symbols-file,$export_symbols -o $lib' + else + ld_shlibs_GCJ=no + fi + ;; + esac + ;; + + sunos4*) + archive_cmds_GCJ='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + hardcode_direct_GCJ=yes + hardcode_shlibpath_var_GCJ=no + ;; + + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs_GCJ=no + fi + ;; + esac + + if test "$ld_shlibs_GCJ" = no; then + runpath_var= + hardcode_libdir_flag_spec_GCJ= + export_dynamic_flag_spec_GCJ= + whole_archive_flag_spec_GCJ= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + allow_undefined_flag_GCJ=unsupported + always_export_symbols_GCJ=yes + archive_expsym_cmds_GCJ='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L_GCJ=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct_GCJ=unsupported + fi + ;; + + aix4* | aix5*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + if $NM -V 2>&1 | grep 'GNU' > /dev/null; then + export_symbols_cmds_GCJ='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds_GCJ='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix5*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds_GCJ='' + hardcode_direct_GCJ=yes + hardcode_libdir_separator_GCJ=':' + link_all_deplibs_GCJ=yes + + if test "$GCC" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && \ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 + hardcode_direct_GCJ=yes + else + # We have old collect2 + hardcode_direct_GCJ=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L_GCJ=yes + hardcode_libdir_flag_spec_GCJ='-L$libdir' + hardcode_libdir_separator_GCJ= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols_GCJ=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag_GCJ='-berok' + # Determine the default libpath from the value encoded in an empty executable. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'`; fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds_GCJ="\$CC"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then echo "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec_GCJ='${wl}-R $libdir:/usr/lib:/lib' + allow_undefined_flag_GCJ="-z nodefs" + archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an empty executable. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + +aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` +# Check for a 64-bit object if we didn't find anything. +if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'`; fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi + + hardcode_libdir_flag_spec_GCJ='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag_GCJ=' ${wl}-bernotok' + allow_undefined_flag_GCJ=' ${wl}-berok' + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec_GCJ='$convenience' + archive_cmds_need_lc_GCJ=yes + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds_GCJ="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + archive_cmds_GCJ='$rm $output_objdir/a2ixlibrary.data~$echo "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$echo "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$echo "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$echo "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec_GCJ='-L$libdir' + hardcode_minus_L_GCJ=yes + # see comment about different semantics on the GNU ld section + ld_shlibs_GCJ=no + ;; + + bsdi[45]*) + export_dynamic_flag_spec_GCJ=-rdynamic + ;; + + cygwin* | mingw* | pw32*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec_GCJ=' ' + allow_undefined_flag_GCJ=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds_GCJ='$CC -o $lib $libobjs $compiler_flags `echo "$deplibs" | $SED -e '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_From_new_cmds_GCJ='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds_GCJ='lib /OUT:$oldlib$oldobjs$old_deplibs' + fix_srcfile_path_GCJ='`cygpath -w "$srcfile"`' + enable_shared_with_static_runtimes_GCJ=yes + ;; + + darwin* | rhapsody*) + case $host_os in + rhapsody* | darwin1.[012]) + allow_undefined_flag_GCJ='${wl}-undefined ${wl}suppress' + ;; + *) # Darwin 1.3 on + if test -z ${MACOSX_DEPLOYMENT_TARGET} ; then + allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + else + case ${MACOSX_DEPLOYMENT_TARGET} in + 10.[012]) + allow_undefined_flag_GCJ='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' + ;; + 10.*) + allow_undefined_flag_GCJ='${wl}-undefined ${wl}dynamic_lookup' + ;; + esac + fi + ;; + esac + archive_cmds_need_lc_GCJ=no + hardcode_direct_GCJ=no + hardcode_automatic_GCJ=yes + hardcode_shlibpath_var_GCJ=unsupported + whole_archive_flag_spec_GCJ='' + link_all_deplibs_GCJ=yes + if test "$GCC" = yes ; then + output_verbose_link_cmd='echo' + archive_cmds_GCJ='$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring' + module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -dynamiclib $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags -install_name $rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + else + case $cc_basename in + xlc*) + output_verbose_link_cmd='echo' + archive_cmds_GCJ='$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}`echo $rpath/$soname` $verstring' + module_cmds_GCJ='$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags' + # Don't fix this by using the ld -exported_symbols_list flag, it doesn't exist in older darwin lds + archive_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC -qmkshrobj $allow_undefined_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-install_name ${wl}$rpath/$soname $verstring~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + module_expsym_cmds_GCJ='sed -e "s,#.*,," -e "s,^[ ]*,," -e "s,^\(..*\),_&," < $export_symbols > $output_objdir/${libname}-symbols.expsym~$CC $allow_undefined_flag -o $lib -bundle $libobjs $deplibs$compiler_flags~nmedit -s $output_objdir/${libname}-symbols.expsym ${lib}' + ;; + *) + ld_shlibs_GCJ=no + ;; + esac + fi + ;; + + dgux*) + archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec_GCJ='-L$libdir' + hardcode_shlibpath_var_GCJ=no + ;; + + freebsd1*) + ld_shlibs_GCJ=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + hardcode_libdir_flag_spec_GCJ='-R$libdir' + hardcode_direct_GCJ=yes + hardcode_shlibpath_var_GCJ=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2*) + archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct_GCJ=yes + hardcode_minus_L_GCJ=yes + hardcode_shlibpath_var_GCJ=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | kfreebsd*-gnu | dragonfly*) + archive_cmds_GCJ='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec_GCJ='-R$libdir' + hardcode_direct_GCJ=yes + hardcode_shlibpath_var_GCJ=no + ;; + + hpux9*) + if test "$GCC" = yes; then + archive_cmds_GCJ='$rm $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + archive_cmds_GCJ='$rm $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir' + hardcode_libdir_separator_GCJ=: + hardcode_direct_GCJ=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L_GCJ=yes + export_dynamic_flag_spec_GCJ='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds_GCJ='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir' + hardcode_libdir_separator_GCJ=: + + hardcode_direct_GCJ=yes + export_dynamic_flag_spec_GCJ='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L_GCJ=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes -a "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds_GCJ='$CC -shared ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds_GCJ='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds_GCJ='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec_GCJ='${wl}+b ${wl}$libdir' + hardcode_libdir_separator_GCJ=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_libdir_flag_spec_ld_GCJ='+b $libdir' + hardcode_direct_GCJ=no + hardcode_shlibpath_var_GCJ=no + ;; + *) + hardcode_direct_GCJ=yes + export_dynamic_flag_spec_GCJ='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L_GCJ=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + archive_cmds_GCJ='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + archive_cmds_GCJ='$LD -shared $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + hardcode_libdir_flag_spec_ld_GCJ='-rpath $libdir' + fi + hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_GCJ=: + link_all_deplibs_GCJ=yes + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + archive_cmds_GCJ='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + hardcode_libdir_flag_spec_GCJ='-R$libdir' + hardcode_direct_GCJ=yes + hardcode_shlibpath_var_GCJ=no + ;; + + newsos6) + archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct_GCJ=yes + hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_GCJ=: + hardcode_shlibpath_var_GCJ=no + ;; + + openbsd*) + hardcode_direct_GCJ=yes + hardcode_shlibpath_var_GCJ=no + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' + export_dynamic_flag_spec_GCJ='${wl}-E' + else + case $host_os in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + archive_cmds_GCJ='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec_GCJ='-R$libdir' + ;; + *) + archive_cmds_GCJ='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec_GCJ='${wl}-rpath,$libdir' + ;; + esac + fi + ;; + + os2*) + hardcode_libdir_flag_spec_GCJ='-L$libdir' + hardcode_minus_L_GCJ=yes + allow_undefined_flag_GCJ=unsupported + archive_cmds_GCJ='$echo "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$echo "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$echo DATA >> $output_objdir/$libname.def~$echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~$echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + old_archive_From_new_cmds_GCJ='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + allow_undefined_flag_GCJ=' -expect_unresolved \*' + archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + fi + hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator_GCJ=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + allow_undefined_flag_GCJ=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds_GCJ='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && echo ${wl}-set_version ${wl}$verstring` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + hardcode_libdir_flag_spec_GCJ='${wl}-rpath ${wl}$libdir' + else + allow_undefined_flag_GCJ=' -expect_unresolved \*' + archive_cmds_GCJ='$LD -shared${allow_undefined_flag} $libobjs $deplibs $linker_flags -msym -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds_GCJ='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; echo "-hidden">> $lib.exp~ + $LD -shared${allow_undefined_flag} -input $lib.exp $linker_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && echo -set_version $verstring` -update_registry ${output_objdir}/so_locations -o $lib~$rm $lib.exp' + + # Both c and cxx compiler support -rpath directly + hardcode_libdir_flag_spec_GCJ='-rpath $libdir' + fi + hardcode_libdir_separator_GCJ=: + ;; + + solaris*) + no_undefined_flag_GCJ=' -z text' + if test "$GCC" = yes; then + wlarc='${wl}' + archive_cmds_GCJ='$CC -shared ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $CC -shared ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$rm $lib.exp' + else + wlarc='' + archive_cmds_GCJ='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds_GCJ='$echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~$echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$rm $lib.exp' + fi + hardcode_libdir_flag_spec_GCJ='-R$libdir' + hardcode_shlibpath_var_GCJ=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine linker options so we + # cannot just pass the convience library names through + # without $wl, iff we do not link with $LD. + # Luckily, gcc supports the same syntax we need for Sun Studio. + # Supported since Solaris 2.6 (maybe 2.5.1?) + case $wlarc in + '') + whole_archive_flag_spec_GCJ='-z allextract$convenience -z defaultextract' ;; + *) + whole_archive_flag_spec_GCJ='${wl}-z ${wl}allextract`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $echo \"$new_convenience\"` ${wl}-z ${wl}defaultextract' ;; + esac ;; + esac + link_all_deplibs_GCJ=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + archive_cmds_GCJ='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds_GCJ='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + hardcode_libdir_flag_spec_GCJ='-L$libdir' + hardcode_direct_GCJ=yes + hardcode_minus_L_GCJ=yes + hardcode_shlibpath_var_GCJ=no + ;; + + sysv4) + case $host_vendor in + sni) + archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct_GCJ=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + archive_cmds_GCJ='$LD -G -o $lib $libobjs $deplibs $linker_flags' + reload_cmds_GCJ='$CC -r -o $output$reload_objs' + hardcode_direct_GCJ=no + ;; + motorola) + archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct_GCJ=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + hardcode_shlibpath_var_GCJ=no + ;; + + sysv4.3*) + archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var_GCJ=no + export_dynamic_flag_spec_GCJ='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var_GCJ=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + ld_shlibs_GCJ=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) + no_undefined_flag_GCJ='${wl}-z,text' + archive_cmds_need_lc_GCJ=no + hardcode_shlibpath_var_GCJ=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds_GCJ='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds_GCJ='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag_GCJ='${wl}-z,text' + allow_undefined_flag_GCJ='${wl}-z,nodefs' + archive_cmds_need_lc_GCJ=no + hardcode_shlibpath_var_GCJ=no + hardcode_libdir_flag_spec_GCJ='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + hardcode_libdir_separator_GCJ=':' + link_all_deplibs_GCJ=yes + export_dynamic_flag_spec_GCJ='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds_GCJ='$CC -shared ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_GCJ='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds_GCJ='$CC -G ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_GCJ='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,\${SCOABSPATH:+${install_libdir}/}$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + archive_cmds_GCJ='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec_GCJ='-L$libdir' + hardcode_shlibpath_var_GCJ=no + ;; + + *) + ld_shlibs_GCJ=no + ;; + esac + fi + +{ echo "$as_me:$LINENO: result: $ld_shlibs_GCJ" >&5 +echo "${ECHO_T}$ld_shlibs_GCJ" >&6; } +test "$ld_shlibs_GCJ" = no && can_build_shared=no + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc_GCJ" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc_GCJ=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $archive_cmds_GCJ in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { echo "$as_me:$LINENO: checking whether -lc should be explicitly linked in" >&5 +echo $ECHO_N "checking whether -lc should be explicitly linked in... $ECHO_C" >&6; } + $rm conftest* + printf "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl_GCJ + pic_flag=$lt_prog_compiler_pic_GCJ + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag_GCJ + allow_undefined_flag_GCJ= + if { (eval echo "$as_me:$LINENO: \"$archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1\"") >&5 + (eval $archive_cmds_GCJ 2\>\&1 \| grep \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + then + archive_cmds_need_lc_GCJ=no + else + archive_cmds_need_lc_GCJ=yes + fi + allow_undefined_flag_GCJ=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $rm conftest* + { echo "$as_me:$LINENO: result: $archive_cmds_need_lc_GCJ" >&5 +echo "${ECHO_T}$archive_cmds_need_lc_GCJ" >&6; } + ;; + esac + fi + ;; +esac + +{ echo "$as_me:$LINENO: checking dynamic linker characteristics" >&5 +echo $ECHO_N "checking dynamic linker characteristics... $ECHO_C" >&6; } +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | grep ';' >/dev/null ; then + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix4* | aix5*) + version_type=linux + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$host_os in + yes,cygwin* | yes,mingw* | yes,pw32*) + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i;echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $rm \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" + ;; + mingw*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` + if echo "$sys_lib_search_path_spec" | grep ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH printed by + # mingw gcc, but we are running on Cygwin. Gcc prints its search + # path with ; separators, and with drive letters. We can handle the + # drive letters (cygwin fileutils understands them), so leave them, + # especially as we might pass files found there to a mingw objdump, + # which wouldn't understand a cygwinified path. Ahh. + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`echo "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + ;; + esac + ;; + + linux*) + if $LD --help 2>&1 | egrep ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + supports_anon_versioning=no + case `$LD -v 2>/dev/null` in + *\ 01.* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + if test $supports_anon_versioning = yes; then + archive_expsym_cmds='$echo "{ global:" > $output_objdir/$libname.ver~ +cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ +$echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + else + $archive_expsym_cmds="$archive_cmds" + fi + else + ld_shlibs=no + fi + ;; + + *) + library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + ;; + esac + dynamic_linker='Win32 ld.exe' + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${versuffix}$shared_ext ${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + # Apple's gcc prints 'gcc -print-search-dirs' doesn't operate the same. + if test "$GCC" = yes; then + sys_lib_search_path_spec=`$CC -print-search-dirs | tr "\n" "$PATH_SEPARATOR" | sed -e 's/libraries:/@libraries:/' | tr "@" "\n" | grep "^libraries:" | sed -e "s/^libraries://" -e "s,=/,/,g" -e "s,$PATH_SEPARATOR, ,g" -e "s,.*,& /lib /usr/lib /usr/local/lib,g"` + else + sys_lib_search_path_spec='/lib /usr/lib /usr/local/lib' + fi + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd1*) + dynamic_linker=no + ;; + +kfreebsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[123]*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + # Handle Gentoo/FreeBSD as it was Linux + case $host_vendor in + gentoo) + version_type=linux ;; + *) + version_type=freebsd-$objformat ;; + esac + + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + linux) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + need_lib_prefix=no + need_version=no + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + freebsd*) # from 4.6 on + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555. + postinstall_cmds='chmod 555 $lib' + ;; + +interix3*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be Linux ELF. +linux*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +knetbsd*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='GNU ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +nto-qnx*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[89] | openbsd2.[89].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +solaris*) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + export_dynamic_flag_spec='${wl}-Blargedynsym' + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + shlibpath_overrides_runpath=no + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + shlibpath_overrides_runpath=yes + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +uts4*) + version_type=linux + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ echo "$as_me:$LINENO: result: $dynamic_linker" >&5 +echo "${ECHO_T}$dynamic_linker" >&6; } +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +{ echo "$as_me:$LINENO: checking how to hardcode library paths into programs" >&5 +echo $ECHO_N "checking how to hardcode library paths into programs... $ECHO_C" >&6; } +hardcode_action_GCJ= +if test -n "$hardcode_libdir_flag_spec_GCJ" || \ + test -n "$runpath_var_GCJ" || \ + test "X$hardcode_automatic_GCJ" = "Xyes" ; then + + # We can hardcode non-existant directories. + if test "$hardcode_direct_GCJ" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_AC_TAGVAR(hardcode_shlibpath_var, GCJ)" != no && + test "$hardcode_minus_L_GCJ" != no; then + # Linking always hardcodes the temporary library directory. + hardcode_action_GCJ=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action_GCJ=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action_GCJ=unsupported +fi +{ echo "$as_me:$LINENO: result: $hardcode_action_GCJ" >&5 +echo "${ECHO_T}$hardcode_action_GCJ" >&6; } + +if test "$hardcode_action_GCJ" = relink; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + +# The else clause should only fire when bootstrapping the +# libtool distribution, otherwise you forgot to ship ltmain.sh +# with your package, and you will get complaints that there are +# no rules to generate ltmain.sh. +if test -f "$ltmain"; then + # See if we are running on zsh, and set the options which allow our commands through + # without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + # Now quote all the things that may contain metacharacters while being + # careful not to overquote the AC_SUBSTed values. We take copies of the + # variables and quote the copies for generation of the libtool script. + for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ + SED SHELL STRIP \ + libname_spec library_names_spec soname_spec extract_expsyms_cmds \ + old_striplib striplib file_magic_cmd finish_cmds finish_eval \ + deplibs_check_method reload_flag reload_cmds need_locks \ + lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ + lt_cv_sys_global_symbol_to_c_name_address \ + sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ + old_postinstall_cmds old_postuninstall_cmds \ + compiler_GCJ \ + CC_GCJ \ + LD_GCJ \ + lt_prog_compiler_wl_GCJ \ + lt_prog_compiler_pic_GCJ \ + lt_prog_compiler_static_GCJ \ + lt_prog_compiler_no_builtin_flag_GCJ \ + export_dynamic_flag_spec_GCJ \ + thread_safe_flag_spec_GCJ \ + whole_archive_flag_spec_GCJ \ + enable_shared_with_static_runtimes_GCJ \ + old_archive_cmds_GCJ \ + old_archive_from_new_cmds_GCJ \ + predep_objects_GCJ \ + postdep_objects_GCJ \ + predeps_GCJ \ + postdeps_GCJ \ + compiler_lib_search_path_GCJ \ + archive_cmds_GCJ \ + archive_expsym_cmds_GCJ \ + postinstall_cmds_GCJ \ + postuninstall_cmds_GCJ \ + old_archive_from_expsyms_cmds_GCJ \ + allow_undefined_flag_GCJ \ + no_undefined_flag_GCJ \ + export_symbols_cmds_GCJ \ + hardcode_libdir_flag_spec_GCJ \ + hardcode_libdir_flag_spec_ld_GCJ \ + hardcode_libdir_separator_GCJ \ + hardcode_automatic_GCJ \ + module_cmds_GCJ \ + module_expsym_cmds_GCJ \ + lt_cv_prog_compiler_c_o_GCJ \ + exclude_expsyms_GCJ \ + include_expsyms_GCJ; do + + case $var in + old_archive_cmds_GCJ | \ + old_archive_from_new_cmds_GCJ | \ + archive_cmds_GCJ | \ + archive_expsym_cmds_GCJ | \ + module_cmds_GCJ | \ + module_expsym_cmds_GCJ | \ + old_archive_from_expsyms_cmds_GCJ | \ + export_symbols_cmds_GCJ | \ + extract_expsyms_cmds | reload_cmds | finish_cmds | \ + postinstall_cmds | postuninstall_cmds | \ + old_postinstall_cmds | old_postuninstall_cmds | \ + sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) + # Double-quote double-evaled strings. + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" + ;; + *) + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" + ;; + esac + done + + case $lt_echo in + *'\$0 --fallback-echo"') + lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` + ;; + esac + +cfgfile="$ofile" + + cat <<__EOF__ >> "$cfgfile" +# ### BEGIN LIBTOOL TAG CONFIG: $tagname + +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc_GCJ + +# Whether or not to disallow shared libs when runtime libs are static +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_GCJ + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# An echo program that does not interpret backslashes. +echo=$lt_echo + +# The archiver. +AR=$lt_AR +AR_FLAGS=$lt_AR_FLAGS + +# A C compiler. +LTCC=$lt_LTCC + +# LTCC compiler flags. +LTCFLAGS=$lt_LTCFLAGS + +# A language-specific compiler. +CC=$lt_compiler_GCJ + +# Is the compiler the GNU C compiler? +with_gcc=$GCC_GCJ + +# An ERE matcher. +EGREP=$lt_EGREP + +# The linker used to build libraries. +LD=$lt_LD_GCJ + +# Whether we need hard or soft links. +LN_S=$lt_LN_S + +# A BSD-compatible nm program. +NM=$lt_NM + +# A symbol stripping program +STRIP=$lt_STRIP + +# Used to examine libraries when file_magic_cmd begins "file" +MAGIC_CMD=$MAGIC_CMD + +# Used on cygwin: DLL creation program. +DLLTOOL="$DLLTOOL" + +# Used on cygwin: object dumper. +OBJDUMP="$OBJDUMP" + +# Used on cygwin: assembler. +AS="$AS" + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl_GCJ + +# Object file suffix (normally "o"). +objext="$ac_objext" + +# Old archive suffix (normally "a"). +libext="$libext" + +# Shared library suffix (normally ".so"). +shrext_cmds='$shrext_cmds' + +# Executable file suffix (normally ""). +exeext="$exeext" + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic_GCJ +pic_mode=$pic_mode + +# What is the maximum length of a command? +max_cmd_len=$lt_cv_sys_max_cmd_len + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o_GCJ + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Do we need the lib prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static_GCJ + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_GCJ + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_GCJ + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec_GCJ + +# Compiler flag to generate thread-safe objects. +thread_safe_flag_spec=$lt_thread_safe_flag_spec_GCJ + +# Library versioning type. +version_type=$version_type + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME. +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Commands used to build and install an old-style archive. +RANLIB=$lt_RANLIB +old_archive_cmds=$lt_old_archive_cmds_GCJ +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_GCJ + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_GCJ + +# Commands used to build and install a shared archive. +archive_cmds=$lt_archive_cmds_GCJ +archive_expsym_cmds=$lt_archive_expsym_cmds_GCJ +postinstall_cmds=$lt_postinstall_cmds +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to build a loadable module (assumed same as above if empty) +module_cmds=$lt_module_cmds_GCJ +module_expsym_cmds=$lt_module_expsym_cmds_GCJ + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + +# Dependencies to place before the objects being linked to create a +# shared library. +predep_objects=$lt_predep_objects_GCJ + +# Dependencies to place after the objects being linked to create a +# shared library. +postdep_objects=$lt_postdep_objects_GCJ + +# Dependencies to place before the objects being linked to create a +# shared library. +predeps=$lt_predeps_GCJ + +# Dependencies to place after the objects being linked to create a +# shared library. +postdeps=$lt_postdeps_GCJ + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path_GCJ + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method == file_magic. +file_magic_cmd=$lt_file_magic_cmd + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag_GCJ + +# Flag that forces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag_GCJ + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# Same as above, but a single script fragment to be evaled but not shown. +finish_eval=$lt_finish_eval + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# This is the shared library runtime path variable. +runpath_var=$runpath_var + +# This is the shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action_GCJ + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist. +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_GCJ + +# If ld is used when linking, flag to hardcode \$libdir into +# a binary during linking. This must work even if \$libdir does +# not exist. +hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_GCJ + +# Whether we need a single -rpath flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator_GCJ + +# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the +# resulting binary. +hardcode_direct=$hardcode_direct_GCJ + +# Set to yes if using the -LDIR flag during linking hardcodes DIR into the +# resulting binary. +hardcode_minus_L=$hardcode_minus_L_GCJ + +# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into +# the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var_GCJ + +# Set to yes if building a shared library automatically hardcodes DIR into the library +# and all subsequent libraries and executables linked against it. +hardcode_automatic=$hardcode_automatic_GCJ + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at relink time. +variables_saved_for_relink="$variables_saved_for_relink" + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs_GCJ + +# Compile-time system search path for libraries +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Fix the shell variable \$srcfile for the compiler. +fix_srcfile_path="$fix_srcfile_path_GCJ" + +# Set to yes if exported symbols are required. +always_export_symbols=$always_export_symbols_GCJ + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds_GCJ + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms_GCJ + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms_GCJ + +# ### END LIBTOOL TAG CONFIG: $tagname + +__EOF__ + + +else + # If there is no Makefile yet, we rely on a make rule to execute + # `config.status --recheck' to rerun these tests and create the + # libtool script then. + ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` + if test -f "$ltmain_in"; then + test -f Makefile && make "$ltmain" + fi +fi + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC="$lt_save_CC" + + else + tagname="" + fi + ;; + + RC) + + +# Source file extension for RC test sources. +ac_ext=rc + +# Object file extension for compiled RC test sources. +objext=o +objext_RC=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }\n' + +# Code to be used in simple link tests +lt_simple_link_test_code="$lt_simple_compile_test_code" + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +printf "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$rm conftest* + +ac_outfile=conftest.$ac_objext +printf "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$rm conftest* + + +# Allow CC to be a program name with arguments. +lt_save_CC="$CC" +CC=${RC-"windres"} +compiler=$CC +compiler_RC=$CC +for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$echo "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` + +lt_cv_prog_compiler_c_o_RC=yes + +# The else clause should only fire when bootstrapping the +# libtool distribution, otherwise you forgot to ship ltmain.sh +# with your package, and you will get complaints that there are +# no rules to generate ltmain.sh. +if test -f "$ltmain"; then + # See if we are running on zsh, and set the options which allow our commands through + # without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + # Now quote all the things that may contain metacharacters while being + # careful not to overquote the AC_SUBSTed values. We take copies of the + # variables and quote the copies for generation of the libtool script. + for var in echo old_CC old_CFLAGS AR AR_FLAGS EGREP RANLIB LN_S LTCC LTCFLAGS NM \ + SED SHELL STRIP \ + libname_spec library_names_spec soname_spec extract_expsyms_cmds \ + old_striplib striplib file_magic_cmd finish_cmds finish_eval \ + deplibs_check_method reload_flag reload_cmds need_locks \ + lt_cv_sys_global_symbol_pipe lt_cv_sys_global_symbol_to_cdecl \ + lt_cv_sys_global_symbol_to_c_name_address \ + sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ + old_postinstall_cmds old_postuninstall_cmds \ + compiler_RC \ + CC_RC \ + LD_RC \ + lt_prog_compiler_wl_RC \ + lt_prog_compiler_pic_RC \ + lt_prog_compiler_static_RC \ + lt_prog_compiler_no_builtin_flag_RC \ + export_dynamic_flag_spec_RC \ + thread_safe_flag_spec_RC \ + whole_archive_flag_spec_RC \ + enable_shared_with_static_runtimes_RC \ + old_archive_cmds_RC \ + old_archive_from_new_cmds_RC \ + predep_objects_RC \ + postdep_objects_RC \ + predeps_RC \ + postdeps_RC \ + compiler_lib_search_path_RC \ + archive_cmds_RC \ + archive_expsym_cmds_RC \ + postinstall_cmds_RC \ + postuninstall_cmds_RC \ + old_archive_from_expsyms_cmds_RC \ + allow_undefined_flag_RC \ + no_undefined_flag_RC \ + export_symbols_cmds_RC \ + hardcode_libdir_flag_spec_RC \ + hardcode_libdir_flag_spec_ld_RC \ + hardcode_libdir_separator_RC \ + hardcode_automatic_RC \ + module_cmds_RC \ + module_expsym_cmds_RC \ + lt_cv_prog_compiler_c_o_RC \ + exclude_expsyms_RC \ + include_expsyms_RC; do + + case $var in + old_archive_cmds_RC | \ + old_archive_from_new_cmds_RC | \ + archive_cmds_RC | \ + archive_expsym_cmds_RC | \ + module_cmds_RC | \ + module_expsym_cmds_RC | \ + old_archive_from_expsyms_cmds_RC | \ + export_symbols_cmds_RC | \ + extract_expsyms_cmds | reload_cmds | finish_cmds | \ + postinstall_cmds | postuninstall_cmds | \ + old_postinstall_cmds | old_postuninstall_cmds | \ + sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) + # Double-quote double-evaled strings. + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" + ;; + *) + eval "lt_$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" + ;; + esac + done + + case $lt_echo in + *'\$0 --fallback-echo"') + lt_echo=`$echo "X$lt_echo" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` + ;; + esac + +cfgfile="$ofile" + + cat <<__EOF__ >> "$cfgfile" +# ### BEGIN LIBTOOL TAG CONFIG: $tagname + +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc_RC + +# Whether or not to disallow shared libs when runtime libs are static +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_RC + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# An echo program that does not interpret backslashes. +echo=$lt_echo + +# The archiver. +AR=$lt_AR +AR_FLAGS=$lt_AR_FLAGS + +# A C compiler. +LTCC=$lt_LTCC + +# LTCC compiler flags. +LTCFLAGS=$lt_LTCFLAGS + +# A language-specific compiler. +CC=$lt_compiler_RC + +# Is the compiler the GNU C compiler? +with_gcc=$GCC_RC + +# An ERE matcher. +EGREP=$lt_EGREP + +# The linker used to build libraries. +LD=$lt_LD_RC + +# Whether we need hard or soft links. +LN_S=$lt_LN_S + +# A BSD-compatible nm program. +NM=$lt_NM + +# A symbol stripping program +STRIP=$lt_STRIP + +# Used to examine libraries when file_magic_cmd begins "file" +MAGIC_CMD=$MAGIC_CMD + +# Used on cygwin: DLL creation program. +DLLTOOL="$DLLTOOL" + +# Used on cygwin: object dumper. +OBJDUMP="$OBJDUMP" + +# Used on cygwin: assembler. +AS="$AS" + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl_RC + +# Object file suffix (normally "o"). +objext="$ac_objext" + +# Old archive suffix (normally "a"). +libext="$libext" + +# Shared library suffix (normally ".so"). +shrext_cmds='$shrext_cmds' + +# Executable file suffix (normally ""). +exeext="$exeext" + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic_RC +pic_mode=$pic_mode + +# What is the maximum length of a command? +max_cmd_len=$lt_cv_sys_max_cmd_len + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o_RC + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Do we need the lib prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static_RC + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_RC + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_RC + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec_RC + +# Compiler flag to generate thread-safe objects. +thread_safe_flag_spec=$lt_thread_safe_flag_spec_RC + +# Library versioning type. +version_type=$version_type + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME. +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Commands used to build and install an old-style archive. +RANLIB=$lt_RANLIB +old_archive_cmds=$lt_old_archive_cmds_RC +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_RC + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_RC + +# Commands used to build and install a shared archive. +archive_cmds=$lt_archive_cmds_RC +archive_expsym_cmds=$lt_archive_expsym_cmds_RC +postinstall_cmds=$lt_postinstall_cmds +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to build a loadable module (assumed same as above if empty) +module_cmds=$lt_module_cmds_RC +module_expsym_cmds=$lt_module_expsym_cmds_RC + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + +# Dependencies to place before the objects being linked to create a +# shared library. +predep_objects=$lt_predep_objects_RC + +# Dependencies to place after the objects being linked to create a +# shared library. +postdep_objects=$lt_postdep_objects_RC + +# Dependencies to place before the objects being linked to create a +# shared library. +predeps=$lt_predeps_RC + +# Dependencies to place after the objects being linked to create a +# shared library. +postdeps=$lt_postdeps_RC + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path_RC + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method == file_magic. +file_magic_cmd=$lt_file_magic_cmd + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag_RC + +# Flag that forces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag_RC + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# Same as above, but a single script fragment to be evaled but not shown. +finish_eval=$lt_finish_eval + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# This is the shared library runtime path variable. +runpath_var=$runpath_var + +# This is the shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action_RC + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist. +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_RC + +# If ld is used when linking, flag to hardcode \$libdir into +# a binary during linking. This must work even if \$libdir does +# not exist. +hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_RC + +# Whether we need a single -rpath flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator_RC + +# Set to yes if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the +# resulting binary. +hardcode_direct=$hardcode_direct_RC + +# Set to yes if using the -LDIR flag during linking hardcodes DIR into the +# resulting binary. +hardcode_minus_L=$hardcode_minus_L_RC + +# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into +# the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var_RC + +# Set to yes if building a shared library automatically hardcodes DIR into the library +# and all subsequent libraries and executables linked against it. +hardcode_automatic=$hardcode_automatic_RC + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at relink time. +variables_saved_for_relink="$variables_saved_for_relink" + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs_RC + +# Compile-time system search path for libraries +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Fix the shell variable \$srcfile for the compiler. +fix_srcfile_path="$fix_srcfile_path_RC" + +# Set to yes if exported symbols are required. +always_export_symbols=$always_export_symbols_RC + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds_RC + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms_RC + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms_RC + +# ### END LIBTOOL TAG CONFIG: $tagname + +__EOF__ + + +else + # If there is no Makefile yet, we rely on a make rule to execute + # `config.status --recheck' to rerun these tests and create the + # libtool script then. + ltmain_in=`echo $ltmain | sed -e 's/\.sh$/.in/'` + if test -f "$ltmain_in"; then + test -f Makefile && make "$ltmain" + fi +fi + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC="$lt_save_CC" + + ;; + + *) + { { echo "$as_me:$LINENO: error: Unsupported tag name: $tagname" >&5 +echo "$as_me: error: Unsupported tag name: $tagname" >&2;} + { (exit 1); exit 1; }; } + ;; + esac + + # Append the new tag name to the list of available tags. + if test -n "$tagname" ; then + available_tags="$available_tags $tagname" + fi + fi + done + IFS="$lt_save_ifs" + + # Now substitute the updated list of available tags. + if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' \"$ofile\" > \"${ofile}T\""; then + mv "${ofile}T" "$ofile" + chmod +x "$ofile" + else + rm -f "${ofile}T" + { { echo "$as_me:$LINENO: error: unable to update list of available tagged configurations." >&5 +echo "$as_me: error: unable to update list of available tagged configurations." >&2;} + { (exit 1); exit 1; }; } + fi +fi + + + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ac_aux_dir/ltmain.sh" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' + +# Prevent multiple expansion + + + + + + + + + + + + + + + + + + + + +for ac_prog in flex lex +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_LEX+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$LEX"; then + ac_cv_prog_LEX="$LEX" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_LEX="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +LEX=$ac_cv_prog_LEX +if test -n "$LEX"; then + { echo "$as_me:$LINENO: result: $LEX" >&5 +echo "${ECHO_T}$LEX" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$LEX" && break +done +test -n "$LEX" || LEX=":" + +if test "x$LEX" != "x:"; then + cat >conftest.l <<_ACEOF +%% +a { ECHO; } +b { REJECT; } +c { yymore (); } +d { yyless (1); } +e { yyless (input () != 0); } +f { unput (yytext[0]); } +. { BEGIN INITIAL; } +%% +#ifdef YYTEXT_POINTER +extern char *yytext; +#endif +int +main (void) +{ + return ! yylex () + ! yywrap (); +} +_ACEOF +{ (ac_try="$LEX conftest.l" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$LEX conftest.l") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ echo "$as_me:$LINENO: checking lex output file root" >&5 +echo $ECHO_N "checking lex output file root... $ECHO_C" >&6; } +if test "${ac_cv_prog_lex_root+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + +if test -f lex.yy.c; then + ac_cv_prog_lex_root=lex.yy +elif test -f lexyy.c; then + ac_cv_prog_lex_root=lexyy +else + { { echo "$as_me:$LINENO: error: cannot find output from $LEX; giving up" >&5 +echo "$as_me: error: cannot find output from $LEX; giving up" >&2;} + { (exit 1); exit 1; }; } +fi +fi +{ echo "$as_me:$LINENO: result: $ac_cv_prog_lex_root" >&5 +echo "${ECHO_T}$ac_cv_prog_lex_root" >&6; } +LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root + +if test -z "${LEXLIB+set}"; then + { echo "$as_me:$LINENO: checking lex library" >&5 +echo $ECHO_N "checking lex library... $ECHO_C" >&6; } +if test "${ac_cv_lib_lex+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + + ac_save_LIBS=$LIBS + ac_cv_lib_lex='none needed' + for ac_lib in '' -lfl -ll; do + LIBS="$ac_lib $ac_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +`cat $LEX_OUTPUT_ROOT.c` +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_lex=$ac_lib +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext + test "$ac_cv_lib_lex" != 'none needed' && break + done + LIBS=$ac_save_LIBS + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_lex" >&5 +echo "${ECHO_T}$ac_cv_lib_lex" >&6; } + test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex +fi + + +{ echo "$as_me:$LINENO: checking whether yytext is a pointer" >&5 +echo $ECHO_N "checking whether yytext is a pointer... $ECHO_C" >&6; } +if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # POSIX says lex can declare yytext either as a pointer or an array; the +# default is implementation-dependent. Figure out which it is, since +# not all implementations provide the %pointer and %array declarations. +ac_cv_prog_lex_yytext_pointer=no +ac_save_LIBS=$LIBS +LIBS="$LEXLIB $ac_save_LIBS" +cat >conftest.$ac_ext <<_ACEOF +#define YYTEXT_POINTER 1 +`cat $LEX_OUTPUT_ROOT.c` +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_prog_lex_yytext_pointer=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_save_LIBS + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_prog_lex_yytext_pointer" >&5 +echo "${ECHO_T}$ac_cv_prog_lex_yytext_pointer" >&6; } +if test $ac_cv_prog_lex_yytext_pointer = yes; then + +cat >>confdefs.h <<\_ACEOF +#define YYTEXT_POINTER 1 +_ACEOF + +fi +rm -f conftest.l $LEX_OUTPUT_ROOT.c + +fi +for ac_prog in 'bison -y' byacc +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_YACC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$YACC"; then + ac_cv_prog_YACC="$YACC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_YACC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +YACC=$ac_cv_prog_YACC +if test -n "$YACC"; then + { echo "$as_me:$LINENO: result: $YACC" >&5 +echo "${ECHO_T}$YACC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$YACC" && break +done +test -n "$YACC" || YACC="yacc" + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO: checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (ac_try="$ac_compiler --version >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler --version >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -v >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler -v >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (ac_try="$ac_compiler -V >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compiler -V >&5") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; } +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_compiler_gnu=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; } +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; } +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + CFLAGS="" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 +echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } +if test "${ac_cv_prog_cc_c89+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_cv_prog_cc_c89=$ac_arg +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi + +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6; } ;; + xno) + { echo "$as_me:$LINENO: result: unsupported" >&5 +echo "${ECHO_T}unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; +esac + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +depcc="$CC" am_compiler_list= + +{ echo "$as_me:$LINENO: checking dependency style of $depcc" >&5 +echo $ECHO_N "checking dependency style of $depcc... $ECHO_C" >&6; } +if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + case $depmode in + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + none) break ;; + esac + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. + if depmode=$depmode \ + source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5 +echo "${ECHO_T}$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + + +if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + +# Extract the first word of "gperf", so it can be a program name with args. +set dummy gperf; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_path_GPERF+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $GPERF in + [\\/]* | ?:[\\/]*) + ac_cv_path_GPERF="$GPERF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/bin:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_GPERF="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + + ;; +esac +fi +GPERF=$ac_cv_path_GPERF +if test -n "$GPERF"; then + { echo "$as_me:$LINENO: result: $GPERF" >&5 +echo "${ECHO_T}$GPERF" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +# Extract the first word of "perl", so it can be a program name with args. +set dummy perl; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_path_PERL+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $PERL in + [\\/]* | ?:[\\/]*) + ac_cv_path_PERL="$PERL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/bin:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + + ;; +esac +fi +PERL=$ac_cv_path_PERL +if test -n "$PERL"; then + { echo "$as_me:$LINENO: result: $PERL" >&5 +echo "${ECHO_T}$PERL" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + + + +for ac_func in backtrace +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } +if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case declares $ac_func. + For example, HP-UX 11i declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $ac_func + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$ac_func || defined __stub___$ac_func +choke me +#endif + +int +main () +{ +return $ac_func (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_var=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +ac_res=`eval echo '${'$as_ac_var'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +for ac_func in getifaddrs +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +{ echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } +if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case declares $ac_func. + For example, HP-UX 11i declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $ac_func + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$ac_func || defined __stub___$ac_func +choke me +#endif + +int +main () +{ +return $ac_func (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + eval "$as_ac_var=no" +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +fi +ac_res=`eval echo '${'$as_ac_var'}'` + { echo "$as_me:$LINENO: result: $ac_res" >&5 +echo "${ECHO_T}$ac_res" >&6; } +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +{ echo "$as_me:$LINENO: checking for main in -lgmp" >&5 +echo $ECHO_N "checking for main in -lgmp... $ECHO_C" >&6; } +if test "${ac_cv_lib_gmp_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgmp $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_gmp_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_gmp_main=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_gmp_main" >&5 +echo "${ECHO_T}$ac_cv_lib_gmp_main" >&6; } +if test $ac_cv_lib_gmp_main = yes; then + LIBS="$LIBS" +else + { { echo "$as_me:$LINENO: error: GNU Multi Precision library gmp not found" >&5 +echo "$as_me: error: GNU Multi Precision library gmp not found" >&2;} + { (exit 1); exit 1; }; } +fi +ac_cv_lib_gmp=ac_cv_lib_gmp_main + +if test "$ldap" = "true"; then + { echo "$as_me:$LINENO: checking for main in -lldap" >&5 +echo $ECHO_N "checking for main in -lldap... $ECHO_C" >&6; } +if test "${ac_cv_lib_ldap_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lldap $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_ldap_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_ldap_main=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_ldap_main" >&5 +echo "${ECHO_T}$ac_cv_lib_ldap_main" >&6; } +if test $ac_cv_lib_ldap_main = yes; then + LIBS="$LIBS" +else + { { echo "$as_me:$LINENO: error: LDAP enabled, but library ldap not found" >&5 +echo "$as_me: error: LDAP enabled, but library ldap not found" >&2;} + { (exit 1); exit 1; }; } +fi +ac_cv_lib_ldap=ac_cv_lib_ldap_main + + { echo "$as_me:$LINENO: checking for main in -llber" >&5 +echo $ECHO_N "checking for main in -llber... $ECHO_C" >&6; } +if test "${ac_cv_lib_lber_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-llber $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_lber_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_lber_main=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_lber_main" >&5 +echo "${ECHO_T}$ac_cv_lib_lber_main" >&6; } +if test $ac_cv_lib_lber_main = yes; then + LIBS="$LIBS" +else + { { echo "$as_me:$LINENO: error: LDAP enabled, but library lber not found" >&5 +echo "$as_me: error: LDAP enabled, but library lber not found" >&2;} + { (exit 1); exit 1; }; } +fi +ac_cv_lib_lber=ac_cv_lib_lber_main + +fi +if test "$http" = "true"; then + { echo "$as_me:$LINENO: checking for main in -lcurl" >&5 +echo $ECHO_N "checking for main in -lcurl... $ECHO_C" >&6; } +if test "${ac_cv_lib_curl_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcurl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_curl_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_curl_main=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_curl_main" >&5 +echo "${ECHO_T}$ac_cv_lib_curl_main" >&6; } +if test $ac_cv_lib_curl_main = yes; then + LIBS="$LIBS" +else + { { echo "$as_me:$LINENO: error: HTTP enabled, but library curl not found" >&5 +echo "$as_me: error: HTTP enabled, but library curl not found" >&2;} + { (exit 1); exit 1; }; } +fi +ac_cv_lib_curl=ac_cv_lib_curl_main + +fi + + + + +{ echo "$as_me:$LINENO: checking gmp.h version >= 4.1.4" >&5 +echo $ECHO_N "checking gmp.h version >= 4.1.4... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include "gmp.h" +int +main () +{ + + #if (__GNU_MP_VERSION*100 + __GNU_MP_VERSION_MINOR*10 + __GNU_MP_VERSION_PATCHLEVEL) < 414 + #error bad gmp + #endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; }; { { echo "$as_me:$LINENO: error: No usable gmp.h found!" >&5 +echo "$as_me: error: No usable gmp.h found!" >&2;} + { (exit 1); exit 1; }; } + +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +if test "$ldap" = "true"; then + if test "${ac_cv_header_ldap_h+set}" = set; then + { echo "$as_me:$LINENO: checking for ldap.h" >&5 +echo $ECHO_N "checking for ldap.h... $ECHO_C" >&6; } +if test "${ac_cv_header_ldap_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_ldap_h" >&5 +echo "${ECHO_T}$ac_cv_header_ldap_h" >&6; } +else + # Is the header compilable? +{ echo "$as_me:$LINENO: checking ldap.h usability" >&5 +echo $ECHO_N "checking ldap.h usability... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6; } + +# Is the header present? +{ echo "$as_me:$LINENO: checking ldap.h presence" >&5 +echo $ECHO_N "checking ldap.h presence... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: ldap.h: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: ldap.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap.h: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: ldap.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: ldap.h: present but cannot be compiled" >&5 +echo "$as_me: WARNING: ldap.h: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap.h: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: ldap.h: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap.h: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: ldap.h: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap.h: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: ldap.h: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap.h: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: ldap.h: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: ldap.h: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: ldap.h: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ echo "$as_me:$LINENO: checking for ldap.h" >&5 +echo $ECHO_N "checking for ldap.h... $ECHO_C" >&6; } +if test "${ac_cv_header_ldap_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_header_ldap_h=$ac_header_preproc +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_ldap_h" >&5 +echo "${ECHO_T}$ac_cv_header_ldap_h" >&6; } + +fi +if test $ac_cv_header_ldap_h = yes; then + : +else + { { echo "$as_me:$LINENO: error: LDAP enabled, but ldap.h not found!" >&5 +echo "$as_me: error: LDAP enabled, but ldap.h not found!" >&2;} + { (exit 1); exit 1; }; } +fi + + +fi +if test "$http" = "true"; then + if test "${ac_cv_header_curl_curl_h+set}" = set; then + { echo "$as_me:$LINENO: checking for curl/curl.h" >&5 +echo $ECHO_N "checking for curl/curl.h... $ECHO_C" >&6; } +if test "${ac_cv_header_curl_curl_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_curl_curl_h" >&5 +echo "${ECHO_T}$ac_cv_header_curl_curl_h" >&6; } +else + # Is the header compilable? +{ echo "$as_me:$LINENO: checking curl/curl.h usability" >&5 +echo $ECHO_N "checking curl/curl.h usability... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6; } + +# Is the header present? +{ echo "$as_me:$LINENO: checking curl/curl.h presence" >&5 +echo $ECHO_N "checking curl/curl.h presence... $ECHO_C" >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: curl/curl.h: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: curl/curl.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: curl/curl.h: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: curl/curl.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: curl/curl.h: present but cannot be compiled" >&5 +echo "$as_me: WARNING: curl/curl.h: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: curl/curl.h: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: curl/curl.h: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: curl/curl.h: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: curl/curl.h: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: curl/curl.h: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: curl/curl.h: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: curl/curl.h: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: curl/curl.h: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: curl/curl.h: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: curl/curl.h: in the future, the compiler will take precedence" >&2;} + + ;; +esac +{ echo "$as_me:$LINENO: checking for curl/curl.h" >&5 +echo $ECHO_N "checking for curl/curl.h... $ECHO_C" >&6; } +if test "${ac_cv_header_curl_curl_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_header_curl_curl_h=$ac_header_preproc +fi +{ echo "$as_me:$LINENO: result: $ac_cv_header_curl_curl_h" >&5 +echo "${ECHO_T}$ac_cv_header_curl_curl_h" >&6; } + +fi +if test $ac_cv_header_curl_curl_h = yes; then + : +else + { { echo "$as_me:$LINENO: error: HTTP enabled, but curl.h not found!" >&5 +echo "$as_me: error: HTTP enabled, but curl.h not found!" >&2;} + { (exit 1); exit 1; }; } +fi + + +fi + + +ac_config_files="$ac_config_files Makefile src/Makefile src/libstrongswan/Makefile src/libcrypto/Makefile src/libfreeswan/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 +echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + *) $as_unset $ac_var ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + test "x$cache_file" != "x/dev/null" && + { echo "$as_me:$LINENO: updating cache $cache_file" >&5 +echo "$as_me: updating cache $cache_file" >&6;} + cat confcache >$cache_file + else + { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 +echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +# +# If the first sed substitution is executed (which looks for macros that +# take arguments), then branch to the quote section. Otherwise, +# look for a macro that doesn't take arguments. +ac_script=' +t clear +:clear +s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g +t quote +s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g +t quote +b any +:quote +s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g +s/\[/\\&/g +s/\]/\\&/g +s/\$/$$/g +H +:any +${ + g + s/^\n// + s/\n/ /g + p +} +' +DEFS=`sed -n "$ac_script" confdefs.h` + + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${USE_LIBCURL_TRUE}" && test -z "${USE_LIBCURL_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_LIBCURL\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_LIBCURL\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${USE_LIBLDAP_TRUE}" && test -z "${USE_LIBLDAP_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_LIBLDAP\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_LIBLDAP\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${USE_SMARTCARD_TRUE}" && test -z "${USE_SMARTCARD_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_SMARTCARD\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_SMARTCARD\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${USE_CISCO_QUIRKS_TRUE}" && test -z "${USE_CISCO_QUIRKS_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_CISCO_QUIRKS\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_CISCO_QUIRKS\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${USE_LEAK_DETECTIVE_TRUE}" && test -z "${USE_LEAK_DETECTIVE_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_LEAK_DETECTIVE\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_LEAK_DETECTIVE\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${BUILD_EAP_SIM_TRUE}" && test -z "${BUILD_EAP_SIM_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"BUILD_EAP_SIM\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"BUILD_EAP_SIM\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${USE_NAT_TRANSPORT_TRUE}" && test -z "${USE_NAT_TRANSPORT_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_NAT_TRANSPORT\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_NAT_TRANSPORT\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${USE_VENDORID_TRUE}" && test -z "${USE_VENDORID_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"USE_VENDORID\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"USE_VENDORID\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCXX\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi + +: ${CONFIG_STATUS=./config.status} +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in + *posix*) set -o posix ;; +esac + +fi + + + + +# PATH needs CR +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +as_nl=' +' +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + { (exit 1); exit 1; } +fi + +# Work around bugs in pre-3.0 UWIN ksh. +for as_var in ENV MAIL MAILPATH +do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# CDPATH. +$as_unset CDPATH + + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line after each line using $LINENO; the second 'sed' + # does the real work. The second script uses 'N' to pair each + # line-number line with the line containing $LINENO, and appends + # trailing '-' during substitution so that $LINENO is not a special + # case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # scripts with optimization help from Paolo Bonzini. Blame Lee + # E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in +-n*) + case `echo 'x\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + *) ECHO_C='\c';; + esac;; +*) + ECHO_N='-n';; +esac + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir +fi +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 + +# Save the log message, to keep $[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by strongSwan $as_me 4.1.1, which was +generated by GNU Autoconf 2.61. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +# Files that config.status was made for. +config_files="$ac_config_files" +config_commands="$ac_config_commands" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + +Configuration files: +$config_files + +Configuration commands: +$config_commands + +Report bugs to ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +ac_cs_version="\\ +strongSwan config.status 4.1.1 +configured by $0, generated by GNU Autoconf 2.61, + with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2006 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + echo "$ac_cs_version"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + CONFIG_FILES="$CONFIG_FILES $ac_optarg" + ac_need_defaults=false;; + --he | --h | --help | --hel | -h ) + echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +if \$ac_cs_recheck; then + echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 + CONFIG_SHELL=$SHELL + export CONFIG_SHELL + exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "src/libstrongswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/Makefile" ;; + "src/libcrypto/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcrypto/Makefile" ;; + "src/libfreeswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfreeswan/Makefile" ;; + "src/pluto/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/Makefile" ;; + "src/whack/Makefile") CONFIG_FILES="$CONFIG_FILES src/whack/Makefile" ;; + "src/charon/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/Makefile" ;; + "src/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/stroke/Makefile" ;; + "src/ipsec/Makefile") CONFIG_FILES="$CONFIG_FILES src/ipsec/Makefile" ;; + "src/starter/Makefile") CONFIG_FILES="$CONFIG_FILES src/starter/Makefile" ;; + "src/_updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/_updown/Makefile" ;; + "src/_updown_espmark/Makefile") CONFIG_FILES="$CONFIG_FILES src/_updown_espmark/Makefile" ;; + "src/_copyright/Makefile") CONFIG_FILES="$CONFIG_FILES src/_copyright/Makefile" ;; + "src/openac/Makefile") CONFIG_FILES="$CONFIG_FILES src/openac/Makefile" ;; + "src/scepclient/Makefile") CONFIG_FILES="$CONFIG_FILES src/scepclient/Makefile" ;; + + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= + trap 'exit_status=$? + { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status +' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || +{ + echo "$me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +# +# Set up the sed scripts for CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "$CONFIG_FILES"; then + +_ACEOF + + + +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + cat >conf$$subs.sed <<_ACEOF +SHELL!$SHELL$ac_delim +PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim +PACKAGE_NAME!$PACKAGE_NAME$ac_delim +PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim +PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim +PACKAGE_STRING!$PACKAGE_STRING$ac_delim +PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim +exec_prefix!$exec_prefix$ac_delim +prefix!$prefix$ac_delim +program_transform_name!$program_transform_name$ac_delim +bindir!$bindir$ac_delim +sbindir!$sbindir$ac_delim +libexecdir!$libexecdir$ac_delim +datarootdir!$datarootdir$ac_delim +datadir!$datadir$ac_delim +sysconfdir!$sysconfdir$ac_delim +sharedstatedir!$sharedstatedir$ac_delim +localstatedir!$localstatedir$ac_delim +includedir!$includedir$ac_delim +oldincludedir!$oldincludedir$ac_delim +docdir!$docdir$ac_delim +infodir!$infodir$ac_delim +htmldir!$htmldir$ac_delim +dvidir!$dvidir$ac_delim +pdfdir!$pdfdir$ac_delim +psdir!$psdir$ac_delim +libdir!$libdir$ac_delim +localedir!$localedir$ac_delim +mandir!$mandir$ac_delim +DEFS!$DEFS$ac_delim +ECHO_C!$ECHO_C$ac_delim +ECHO_N!$ECHO_N$ac_delim +ECHO_T!$ECHO_T$ac_delim +LIBS!$LIBS$ac_delim +build_alias!$build_alias$ac_delim +host_alias!$host_alias$ac_delim +target_alias!$target_alias$ac_delim +INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim +INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim +INSTALL_DATA!$INSTALL_DATA$ac_delim +CYGPATH_W!$CYGPATH_W$ac_delim +PACKAGE!$PACKAGE$ac_delim +VERSION!$VERSION$ac_delim +ACLOCAL!$ACLOCAL$ac_delim +AUTOCONF!$AUTOCONF$ac_delim +AUTOMAKE!$AUTOMAKE$ac_delim +AUTOHEADER!$AUTOHEADER$ac_delim +MAKEINFO!$MAKEINFO$ac_delim +install_sh!$install_sh$ac_delim +STRIP!$STRIP$ac_delim +INSTALL_STRIP_PROGRAM!$INSTALL_STRIP_PROGRAM$ac_delim +mkdir_p!$mkdir_p$ac_delim +AWK!$AWK$ac_delim +SET_MAKE!$SET_MAKE$ac_delim +am__leading_dot!$am__leading_dot$ac_delim +AMTAR!$AMTAR$ac_delim +am__tar!$am__tar$ac_delim +am__untar!$am__untar$ac_delim +CC!$CC$ac_delim +CFLAGS!$CFLAGS$ac_delim +LDFLAGS!$LDFLAGS$ac_delim +CPPFLAGS!$CPPFLAGS$ac_delim +ac_ct_CC!$ac_ct_CC$ac_delim +EXEEXT!$EXEEXT$ac_delim +OBJEXT!$OBJEXT$ac_delim +DEPDIR!$DEPDIR$ac_delim +am__include!$am__include$ac_delim +am__quote!$am__quote$ac_delim +AMDEP_TRUE!$AMDEP_TRUE$ac_delim +AMDEP_FALSE!$AMDEP_FALSE$ac_delim +AMDEPBACKSLASH!$AMDEPBACKSLASH$ac_delim +CCDEPMODE!$CCDEPMODE$ac_delim +am__fastdepCC_TRUE!$am__fastdepCC_TRUE$ac_delim +am__fastdepCC_FALSE!$am__fastdepCC_FALSE$ac_delim +CPP!$CPP$ac_delim +GREP!$GREP$ac_delim +EGREP!$EGREP$ac_delim +confdir!$confdir$ac_delim +ipsecdir!$ipsecdir$ac_delim +piddir!$piddir$ac_delim +eapdir!$eapdir$ac_delim +USE_LIBCURL_TRUE!$USE_LIBCURL_TRUE$ac_delim +USE_LIBCURL_FALSE!$USE_LIBCURL_FALSE$ac_delim +USE_LIBLDAP_TRUE!$USE_LIBLDAP_TRUE$ac_delim +USE_LIBLDAP_FALSE!$USE_LIBLDAP_FALSE$ac_delim +USE_SMARTCARD_TRUE!$USE_SMARTCARD_TRUE$ac_delim +USE_SMARTCARD_FALSE!$USE_SMARTCARD_FALSE$ac_delim +USE_CISCO_QUIRKS_TRUE!$USE_CISCO_QUIRKS_TRUE$ac_delim +USE_CISCO_QUIRKS_FALSE!$USE_CISCO_QUIRKS_FALSE$ac_delim +USE_LEAK_DETECTIVE_TRUE!$USE_LEAK_DETECTIVE_TRUE$ac_delim +USE_LEAK_DETECTIVE_FALSE!$USE_LEAK_DETECTIVE_FALSE$ac_delim +BUILD_EAP_SIM_TRUE!$BUILD_EAP_SIM_TRUE$ac_delim +BUILD_EAP_SIM_FALSE!$BUILD_EAP_SIM_FALSE$ac_delim +USE_NAT_TRANSPORT_TRUE!$USE_NAT_TRANSPORT_TRUE$ac_delim +USE_NAT_TRANSPORT_FALSE!$USE_NAT_TRANSPORT_FALSE$ac_delim +USE_VENDORID_TRUE!$USE_VENDORID_TRUE$ac_delim +USE_VENDORID_FALSE!$USE_VENDORID_FALSE$ac_delim +_ACEOF + + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then + break + elif $ac_last_try; then + { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 +echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` +if test -n "$ac_eof"; then + ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` + ac_eof=`expr $ac_eof + 1` +fi + +cat >>$CONFIG_STATUS <<_ACEOF +cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +_ACEOF +sed ' +s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g +s/^/s,@/; s/!/@,|#_!!_#|/ +:n +t n +s/'"$ac_delim"'$/,g/; t +s/$/\\/; p +N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n +' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF +CEOF$ac_eof +_ACEOF + + +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + cat >conf$$subs.sed <<_ACEOF +build!$build$ac_delim +build_cpu!$build_cpu$ac_delim +build_vendor!$build_vendor$ac_delim +build_os!$build_os$ac_delim +host!$host$ac_delim +host_cpu!$host_cpu$ac_delim +host_vendor!$host_vendor$ac_delim +host_os!$host_os$ac_delim +LN_S!$LN_S$ac_delim +ECHO!$ECHO$ac_delim +AR!$AR$ac_delim +RANLIB!$RANLIB$ac_delim +CXX!$CXX$ac_delim +CXXFLAGS!$CXXFLAGS$ac_delim +ac_ct_CXX!$ac_ct_CXX$ac_delim +CXXDEPMODE!$CXXDEPMODE$ac_delim +am__fastdepCXX_TRUE!$am__fastdepCXX_TRUE$ac_delim +am__fastdepCXX_FALSE!$am__fastdepCXX_FALSE$ac_delim +CXXCPP!$CXXCPP$ac_delim +F77!$F77$ac_delim +FFLAGS!$FFLAGS$ac_delim +ac_ct_F77!$ac_ct_F77$ac_delim +LIBTOOL!$LIBTOOL$ac_delim +LEX!$LEX$ac_delim +LEX_OUTPUT_ROOT!$LEX_OUTPUT_ROOT$ac_delim +LEXLIB!$LEXLIB$ac_delim +YACC!$YACC$ac_delim +YFLAGS!$YFLAGS$ac_delim +GPERF!$GPERF$ac_delim +PERL!$PERL$ac_delim +LIBOBJS!$LIBOBJS$ac_delim +LTLIBOBJS!$LTLIBOBJS$ac_delim +_ACEOF + + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 32; then + break + elif $ac_last_try; then + { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 +echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} + { (exit 1); exit 1; }; } + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` +if test -n "$ac_eof"; then + ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` + ac_eof=`expr $ac_eof + 1` +fi + +cat >>$CONFIG_STATUS <<_ACEOF +cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end +_ACEOF +sed ' +s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g +s/^/s,@/; s/!/@,|#_!!_#|/ +:n +t n +s/'"$ac_delim"'$/,g/; t +s/$/\\/; p +N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n +' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF +:end +s/|#_!!_#|//g +CEOF$ac_eof +_ACEOF + + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/ +s/:*\${srcdir}:*/:/ +s/:*@srcdir@:*/:/ +s/^\([^=]*=[ ]*\):*/\1/ +s/:*$// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF +fi # test -n "$CONFIG_FILES" + + +for ac_tag in :F $CONFIG_FILES :C $CONFIG_COMMANDS +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5 +echo "$as_me: error: Invalid tag $ac_tag." >&2;} + { (exit 1); exit 1; }; };; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 +echo "$as_me: error: cannot find input file: $ac_f" >&2;} + { (exit 1); exit 1; }; };; + esac + ac_file_inputs="$ac_file_inputs $ac_f" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input="Generated from "`IFS=: + echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure." + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + fi + + case $ac_tag in + *:-:* | *:-) cat >"$tmp/stdin";; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + { as_dir="$ac_dir" + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 +echo "$as_me: error: cannot create directory $as_dir" >&2;} + { (exit 1); exit 1; }; }; } + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= + +case `sed -n '/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p +' $ac_file_inputs` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s&@configure_input@&$configure_input&;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +$ac_datarootdir_hack +" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" >$tmp/out + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && + { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined." >&5 +echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined." >&2;} + + rm -f "$tmp/stdin" + case $ac_file in + -) cat "$tmp/out"; rm -f "$tmp/out";; + *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;; + esac + ;; + + + :C) { echo "$as_me:$LINENO: executing $ac_file commands" >&5 +echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || for mf in $CONFIG_FILES; do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # So let's grep whole file. + if grep '^#.*generated by automake' $mf > /dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| . 2>/dev/null || +echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| . 2>/dev/null || +echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + { as_dir=$dirpart/$fdir + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 +echo "$as_me: error: cannot create directory $as_dir" >&2;} + { (exit 1); exit 1; }; }; } + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done +done + ;; + + esac +done # for ac_tag + + +{ (exit 0); exit 0; } +_ACEOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi + diff --git a/configure.in b/configure.in new file mode 100644 index 000000000..725be81e6 --- /dev/null +++ b/configure.in @@ -0,0 +1,240 @@ +dnl configure.in for linux strongSwan +dnl Copyright (C) 2006 Martin Willi +dnl Hochschule fuer Technik Rapperswil +dnl +dnl This program is free software; you can redistribute it and/or modify it +dnl under the terms of the GNU General Public License as published by the +dnl Free Software Foundation; either version 2 of the License, or (at your +dnl option) any later version. See . +dnl +dnl This program is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +dnl or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +dnl for more details. + +dnl =========================== +dnl initialize & set some vars +dnl =========================== + +AC_INIT(strongSwan,4.1.1) +AM_INIT_AUTOMAKE(tar-ustar) +AC_C_BIGENDIAN +AC_SUBST(confdir, '${sysconfdir}') + +dnl ================================= +dnl check --enable-xxx & --with-xxx +dnl ================================= + + +AC_ARG_WITH( + [default-pkcs11], + AS_HELP_STRING([--with-default-pkcs11=lib],[set the default PKCS11 library other than "/usr/lib/opensc-pkcs11.so"]), + [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "$withval")], + [AC_DEFINE_UNQUOTED(PKCS11_DEFAULT_LIB, "/usr/lib/opensc-pkcs11.so")] +) + +AC_ARG_WITH( + [xauth-module], + AS_HELP_STRING([--with-xauth-module=lib],[set the path to the XAUTH module]), + [AC_DEFINE_UNQUOTED(XAUTH_DEFAULT_LIB, "$withval")], +) + +AC_ARG_WITH( + [random-device], + AS_HELP_STRING([--with-random-device=dev],[set the device for real random data other than "/dev/random"]), + [AC_DEFINE_UNQUOTED(DEV_RANDOM, "$withval")], + [AC_DEFINE_UNQUOTED(DEV_RANDOM, "/dev/random")] +) +AC_ARG_WITH( + [resolv-conf], + AS_HELP_STRING([--with-resolv-conf=file],[set the file to store DNS server information other than "sysconfdir/resolv.conf"]), + [AC_DEFINE_UNQUOTED(RESOLV_CONF, "$withval")], + [AC_DEFINE_UNQUOTED(RESOLV_CONF, "${sysconfdir}/resolv.conf")] +) + +AC_ARG_WITH( + [urandom-device], + AS_HELP_STRING([--with-urandom-device=dev],[set the device for pseudo random data other than "/dev/urandom"]), + [AC_DEFINE_UNQUOTED(DEV_URANDOM, "$withval")], + [AC_DEFINE_UNQUOTED(DEV_URANDOM, "/dev/urandom")] +) + +AC_ARG_WITH( + [ipsecdir], + AS_HELP_STRING([--with-ipsecdir=dir],[installation path for ipsec tools other than "libexecdir/ipsec"]), + [AC_SUBST(ipsecdir, "$withval")], + [AC_SUBST(ipsecdir, "${libexecdir}/ipsec")] +) + +AC_ARG_WITH( + [piddir], + AS_HELP_STRING([--with-piddir=dir],[path for PID and UNIX socket files other than "/var/run"]), + [AC_SUBST(piddir, "$withval")], + [AC_SUBST(piddir, "/var/run")] +) + +AC_ARG_WITH( + [eapdir], + AS_HELP_STRING([--with-eapdir=dir],[path for pluggable EAP modules other than "ipsecdir/eap"]), + [AC_SUBST(eapdir, "$withval")], + [AC_SUBST(eapdir, "${ipsecdir}/eap")] +) + +AC_ARG_WITH( + [sim-reader], + AS_HELP_STRING([--with-sim-reader=library.so],[library containing the sim_run_alg() function for EAP-SIM]), + [AC_DEFINE_UNQUOTED(SIM_READER_LIB, "$withval")] +) + +AC_ARG_ENABLE( + [http], + AS_HELP_STRING([--enable-http],[enable OCSP and fetching of Certificates and CRLs over HTTP (default is NO). Requires libcurl.]), + [if test x$enableval = xyes; then + http=true + AC_DEFINE(LIBCURL) + fi] +) +AM_CONDITIONAL(USE_LIBCURL, test x$http = xtrue) + +AC_ARG_ENABLE( + [ldap], + AS_HELP_STRING([--enable-ldap],[enable fetching of CRLs from LDAP (default is NO). Requires openLDAP.]), + [if test x$enableval = xyes; then + ldap=true + AC_DEFINE(LIBLDAP) + fi] +) +AM_CONDITIONAL(USE_LIBLDAP, test x$ldap = xtrue) + +AC_ARG_ENABLE( + [smartcard], + AS_HELP_STRING([--enable-smartcard],[enable smartcard support (default is NO).]), + [if test x$enableval = xyes; then + smartcard=true + AC_DEFINE(SMARTCARD) + fi] +) +AM_CONDITIONAL(USE_SMARTCARD, test x$smartcard = xtrue) + +AC_ARG_ENABLE( + [cisco-quirks], + AS_HELP_STRING([--enable-cisco-quirks],[enable support of Cisco VPN client (default is NO).]), + [if test x$enableval = xyes; then + cisco_quirks=true + fi] +) +AM_CONDITIONAL(USE_CISCO_QUIRKS, test x$cisco_quirks = xtrue) + +AC_ARG_ENABLE( + [leak-detective], + AS_HELP_STRING([--enable-leak-detective],[enable malloc hooks to find memory leaks (default is NO).]), + [if test x$enableval = xyes; then + leak_detective=true + fi] +) +AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue) + +AC_ARG_ENABLE( + [eap-sim], + AS_HELP_STRING([--enable-eap-sim],[build SIM authenication module for EAP (default is NO).]), + [if test x$enableval = xyes; then + eap_sim=true + fi] +) +AM_CONDITIONAL(BUILD_EAP_SIM, test x$eap_sim = xtrue) + +AC_ARG_ENABLE( + [nat-transport], + AS_HELP_STRING([--enable-nat-transport],[enable NAT traversal with IPsec transport mode (default is NO).]), + [if test x$enableval = xyes; then + nat_transport=true + fi] +) +AM_CONDITIONAL(USE_NAT_TRANSPORT, test x$nat_transport = xtrue) + +AC_ARG_ENABLE( + [vendor-id], + AS_HELP_STRING([--disable-vendor-id],[disable the sending of the strongSwan vendor ID (default is NO).]), + [if test x$enableval = xyes; then + vendor_id=true + else + vendor_id=false + fi], + vendor_id=true +) +AM_CONDITIONAL(USE_VENDORID, test x$vendor_id = xtrue) + +dnl ========================= +dnl check required programs +dnl ========================= + +AC_PROG_INSTALL +AC_PROG_LIBTOOL +AC_PROG_LEX +AC_PROG_YACC +AC_PROG_CC() +AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin]) +AC_PATH_PROG([PERL], [perl], [], [$PATH:/bin:/usr/bin:/usr/local/bin]) + +dnl ========================== +dnl check required libraries +dnl ========================== + +AC_CHECK_FUNCS(backtrace) +AC_CHECK_FUNCS(getifaddrs) + +AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])]) +if test "$ldap" = "true"; then + AC_HAVE_LIBRARY([ldap],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library ldap not found])]) + AC_HAVE_LIBRARY([lber],[LIBS="$LIBS"],[AC_MSG_ERROR([LDAP enabled, but library lber not found])]) +fi +if test "$http" = "true"; then + AC_HAVE_LIBRARY([curl],[LIBS="$LIBS"],[AC_MSG_ERROR([HTTP enabled, but library curl not found])]) +fi + + +dnl ============================= +dnl check required header files +dnl ============================= + + +AC_MSG_CHECKING([gmp.h version >= 4.1.4]) +AC_TRY_COMPILE( + [#include "gmp.h"], + [ + #if (__GNU_MP_VERSION*100 + __GNU_MP_VERSION_MINOR*10 + __GNU_MP_VERSION_PATCHLEVEL) < 414 + #error bad gmp + #endif + ], + [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]); AC_MSG_ERROR([No usable gmp.h found!])] +) +if test "$ldap" = "true"; then + AC_CHECK_HEADER([ldap.h],,[AC_MSG_ERROR([LDAP enabled, but ldap.h not found!])]) +fi +if test "$http" = "true"; then + AC_CHECK_HEADER([curl/curl.h],,[AC_MSG_ERROR([HTTP enabled, but curl.h not found!])]) +fi + +dnl ============================== +dnl build Makefiles +dnl ============================== + +AC_OUTPUT( + Makefile + src/Makefile + src/libstrongswan/Makefile + src/libcrypto/Makefile + src/libfreeswan/Makefile + src/pluto/Makefile + src/whack/Makefile + src/charon/Makefile +dnl src/charon/testing/Makefile + src/stroke/Makefile + src/ipsec/Makefile + src/starter/Makefile + src/_updown/Makefile + src/_updown_espmark/Makefile + src/_copyright/Makefile + src/openac/Makefile + src/scepclient/Makefile +) diff --git a/depcomp b/depcomp new file mode 100755 index 000000000..04701da53 --- /dev/null +++ b/depcomp @@ -0,0 +1,530 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2005-07-09.11 + +# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +case $1 in + '') + echo "$0: No command. Try \`$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by `PROGRAMS ARGS'. + object Object file output by `PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputing dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. + "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +## The second -e expression handles DOS-style file names with drive letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the `deleted header file' problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. + tr ' ' ' +' < "$tmpdepfile" | +## Some versions of gcc put a space before the `:'. On the theory +## that the space means something, we add a space to the output as +## well. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like `#:fec' to the end of the + # dependency line. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ + tr ' +' ' ' >> $depfile + echo >> $depfile + + # The second pass generates a dummy entry for each header file. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> $depfile + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts `$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'` + tmpdepfile="$stripped.u" + if test "$libtool" = yes; then + "$@" -Wc,-M + else + "$@" -M + fi + stat=$? + + if test -f "$tmpdepfile"; then : + else + stripped=`echo "$stripped" | sed 's,^.*/,,'` + tmpdepfile="$stripped.u" + fi + + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + + if test -f "$tmpdepfile"; then + outname="$stripped.o" + # Each line is of the form `foo.o: dependent.h'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile" + sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile" + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +icc) + # Intel's C compiler understands `-MD -MF file'. However on + # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c + # ICC 7.0 will fill foo.d with something like + # foo.o: sub/foo.c + # foo.o: sub/foo.h + # which is wrong. We want: + # sub/foo.o: sub/foo.c + # sub/foo.o: sub/foo.h + # sub/foo.c: + # sub/foo.h: + # ICC 7.1 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using \ : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | + sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in `foo.d' instead, so we check for that too. + # Subdirectories are respected. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + + if test "$libtool" = yes; then + # With Tru64 cc, shared objects can also be used to make a + # static library. This mecanism is used in libtool 1.4 series to + # handle both shared and static libraries in a single compilation. + # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. + # + # With libtool 1.5 this exception was removed, and libtool now + # generates 2 separate objects for the 2 libraries. These two + # compilations output dependencies in in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 + tmpdepfile2=$dir$base.o.d # libtool 1.5 + tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 + tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.o.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + tmpdepfile4=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + else + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test $1 != '--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for `:' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. + "$@" $dashmflag | + sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + tr ' ' ' +' < "$tmpdepfile" | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test $1 != '--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no + for arg in "$@"; do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix="`echo $object | sed 's/^.*\././'`" + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + sed '1,2d' "$tmpdepfile" | tr ' ' ' +' | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test $1 != '--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E | + sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | + sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o, + # because we must use -o when running libtool. + "$@" || exit $? + IFS=" " + for arg + do + case "$arg" in + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" + echo " " >> "$depfile" + . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/install-sh b/install-sh new file mode 100755 index 000000000..4d4a9519e --- /dev/null +++ b/install-sh @@ -0,0 +1,323 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2005-05-14.22 + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +chmodcmd="$chmodprog 0755" +chowncmd= +chgrpcmd= +stripcmd= +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src= +dst= +dir_arg= +dstarg= +no_target_directory= + +usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: +-c (ignored) +-d create directories instead of installing files. +-g GROUP $chgrpprog installed files to GROUP. +-m MODE $chmodprog installed files to MODE. +-o USER $chownprog installed files to USER. +-s $stripprog installed files. +-t DIRECTORY install into DIRECTORY. +-T report an error if DSTFILE is a directory. +--help display this help and exit. +--version display version info and exit. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG +" + +while test -n "$1"; do + case $1 in + -c) shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + --help) echo "$usage"; exit $?;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -s) stripcmd=$stripprog + shift + continue;; + + -t) dstarg=$2 + shift + shift + continue;; + + -T) no_target_directory=true + shift + continue;; + + --version) echo "$0 $scriptversion"; exit $?;; + + *) # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + test -n "$dir_arg$dstarg" && break + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dstarg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dstarg" + shift # fnord + fi + shift # arg + dstarg=$arg + done + break;; + esac +done + +if test -z "$1"; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call `install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +for src +do + # Protect names starting with `-'. + case $src in + -*) src=./$src ;; + esac + + if test -n "$dir_arg"; then + dst=$src + src= + + if test -d "$dst"; then + mkdircmd=: + chmodcmd= + else + mkdircmd=$mkdirprog + fi + else + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dstarg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + + dst=$dstarg + # Protect names starting with `-'. + case $dst in + -*) dst=./$dst ;; + esac + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dstarg: Is a directory" >&2 + exit 1 + fi + dst=$dst/`basename "$src"` + fi + fi + + # This sed command emulates the dirname command. + dstdir=`echo "$dst" | sed -e 's,/*$,,;s,[^/]*$,,;s,/*$,,;s,^$,.,'` + + # Make sure that the destination directory exists. + + # Skip lots of stat calls in the usual case. + if test ! -d "$dstdir"; then + defaultIFS=' + ' + IFS="${IFS-$defaultIFS}" + + oIFS=$IFS + # Some sh's can't handle IFS=/ for some reason. + IFS='%' + set x `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'` + shift + IFS=$oIFS + + pathcomp= + + while test $# -ne 0 ; do + pathcomp=$pathcomp$1 + shift + if test ! -d "$pathcomp"; then + $mkdirprog "$pathcomp" + # mkdir can fail with a `File exist' error in case several + # install-sh are creating the directory concurrently. This + # is OK. + test -d "$pathcomp" || exit + fi + pathcomp=$pathcomp/ + done + fi + + if test -n "$dir_arg"; then + $doit $mkdircmd "$dst" \ + && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \ + && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \ + && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \ + && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; } + + else + dstfile=`basename "$dst"` + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + trap '(exit $?); exit' 1 2 13 15 + + # Copy the file name to the temp name. + $doit $cpprog "$src" "$dsttmp" && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \ + && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \ + && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \ + && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } && + + # Now rename the file to the real destination. + { $doit $mvcmd -f "$dsttmp" "$dstdir/$dstfile" 2>/dev/null \ + || { + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + if test -f "$dstdir/$dstfile"; then + $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \ + || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \ + || { + echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2 + (exit 1); exit 1 + } + else + : + fi + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dstdir/$dstfile" + } + } + fi || { (exit 1); exit 1; } +done + +# The final little trick to "correctly" pass the exit status to the exit trap. +{ + (exit 0); exit 0 +} + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/lib/.cvsignore b/lib/.cvsignore deleted file mode 100644 index aa84dc001..000000000 --- a/lib/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -ktmp -version.c diff --git a/lib/COPYING.LIB b/lib/COPYING.LIB deleted file mode 100644 index 92b8903ff..000000000 --- a/lib/COPYING.LIB +++ /dev/null @@ -1,481 +0,0 @@ - GNU LIBRARY GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - -[This is the first released version of the library GPL. It is - numbered 2 because it goes with version 2 of the ordinary GPL.] - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -Licenses are intended to guarantee your freedom to share and change -free software--to make sure the software is free for all its users. - - This license, the Library General Public License, applies to some -specially designated Free Software Foundation software, and to any -other libraries whose authors decide to use it. You can use it for -your libraries, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if -you distribute copies of the library, or if you modify it. - - For example, if you distribute copies of the library, whether gratis -or for a fee, you must give the recipients all the rights that we gave -you. You must make sure that they, too, receive or can get the source -code. If you link a program with the library, you must provide -complete object files to the recipients so that they can relink them -with the library, after making changes to the library and recompiling -it. And you must show them these terms so they know their rights. - - Our method of protecting your rights has two steps: (1) copyright -the library, and (2) offer you this license which gives you legal -permission to copy, distribute and/or modify the library. - - Also, for each distributor's protection, we want to make certain -that everyone understands that there is no warranty for this free -library. If the library is modified by someone else and passed on, we -want its recipients to know that what they have is not the original -version, so that any problems introduced by others will not reflect on -the original authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that companies distributing free -software will individually obtain patent licenses, thus in effect -transforming the program into proprietary software. To prevent this, -we have made it clear that any patent must be licensed for everyone's -free use or not licensed at all. - - Most GNU software, including some libraries, is covered by the ordinary -GNU General Public License, which was designed for utility programs. This -license, the GNU Library General Public License, applies to certain -designated libraries. This license is quite different from the ordinary -one; be sure to read it in full, and don't assume that anything in it is -the same as in the ordinary license. - - The reason we have a separate public license for some libraries is that -they blur the distinction we usually make between modifying or adding to a -program and simply using it. Linking a program with a library, without -changing the library, is in some sense simply using the library, and is -analogous to running a utility program or application program. However, in -a textual and legal sense, the linked executable is a combined work, a -derivative of the original library, and the ordinary General Public License -treats it as such. - - Because of this blurred distinction, using the ordinary General -Public License for libraries did not effectively promote software -sharing, because most developers did not use the libraries. We -concluded that weaker conditions might promote sharing better. - - However, unrestricted linking of non-free programs would deprive the -users of those programs of all benefit from the free status of the -libraries themselves. This Library General Public License is intended to -permit developers of non-free programs to use free libraries, while -preserving your freedom as a user of such programs to change the free -libraries that are incorporated in them. (We have not seen how to achieve -this as regards changes in header files, but we have achieved it as regards -changes in the actual functions of the Library.) The hope is that this -will lead to faster development of free libraries. - - The precise terms and conditions for copying, distribution and -modification follow. Pay close attention to the difference between a -"work based on the library" and a "work that uses the library". The -former contains code derived from the library, while the latter only -works together with the library. - - Note that it is possible for a library to be covered by the ordinary -General Public License rather than by this special one. - - GNU LIBRARY GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License Agreement applies to any software library which -contains a notice placed by the copyright holder or other authorized -party saying it may be distributed under the terms of this Library -General Public License (also called "this License"). Each licensee is -addressed as "you". - - A "library" means a collection of software functions and/or data -prepared so as to be conveniently linked with application programs -(which use some of those functions and data) to form executables. - - The "Library", below, refers to any such software library or work -which has been distributed under these terms. A "work based on the -Library" means either the Library or any derivative work under -copyright law: that is to say, a work containing the Library or a -portion of it, either verbatim or with modifications and/or translated -straightforwardly into another language. (Hereinafter, translation is -included without limitation in the term "modification".) - - "Source code" for a work means the preferred form of the work for -making modifications to it. For a library, complete source code means -all the source code for all modules it contains, plus any associated -interface definition files, plus the scripts used to control compilation -and installation of the library. - - Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running a program using the Library is not restricted, and output from -such a program is covered only if its contents constitute a work based -on the Library (independent of the use of the Library in a tool for -writing it). Whether that is true depends on what the Library does -and what the program that uses the Library does. - - 1. You may copy and distribute verbatim copies of the Library's -complete source code as you receive it, in any medium, provided that -you conspicuously and appropriately publish on each copy an -appropriate copyright notice and disclaimer of warranty; keep intact -all the notices that refer to this License and to the absence of any -warranty; and distribute a copy of this License along with the -Library. - - You may charge a fee for the physical act of transferring a copy, -and you may at your option offer warranty protection in exchange for a -fee. - - 2. You may modify your copy or copies of the Library or any portion -of it, thus forming a work based on the Library, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) The modified work must itself be a software library. - - b) You must cause the files modified to carry prominent notices - stating that you changed the files and the date of any change. - - c) You must cause the whole of the work to be licensed at no - charge to all third parties under the terms of this License. - - d) If a facility in the modified Library refers to a function or a - table of data to be supplied by an application program that uses - the facility, other than as an argument passed when the facility - is invoked, then you must make a good faith effort to ensure that, - in the event an application does not supply such function or - table, the facility still operates, and performs whatever part of - its purpose remains meaningful. - - (For example, a function in a library to compute square roots has - a purpose that is entirely well-defined independent of the - application. Therefore, Subsection 2d requires that any - application-supplied function or table used by this function must - be optional: if the application does not supply it, the square - root function must still compute square roots.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Library, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Library, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote -it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Library. - -In addition, mere aggregation of another work not based on the Library -with the Library (or with a work based on the Library) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may opt to apply the terms of the ordinary GNU General Public -License instead of this License to a given copy of the Library. To do -this, you must alter all the notices that refer to this License, so -that they refer to the ordinary GNU General Public License, version 2, -instead of to this License. (If a newer version than version 2 of the -ordinary GNU General Public License has appeared, then you can specify -that version instead if you wish.) Do not make any other change in -these notices. - - Once this change is made in a given copy, it is irreversible for -that copy, so the ordinary GNU General Public License applies to all -subsequent copies and derivative works made from that copy. - - This option is useful when you wish to copy part of the code of -the Library into a program that is not a library. - - 4. You may copy and distribute the Library (or a portion or -derivative of it, under Section 2) in object code or executable form -under the terms of Sections 1 and 2 above provided that you accompany -it with the complete corresponding machine-readable source code, which -must be distributed under the terms of Sections 1 and 2 above on a -medium customarily used for software interchange. - - If distribution of object code is made by offering access to copy -from a designated place, then offering equivalent access to copy the -source code from the same place satisfies the requirement to -distribute the source code, even though third parties are not -compelled to copy the source along with the object code. - - 5. A program that contains no derivative of any portion of the -Library, but is designed to work with the Library by being compiled or -linked with it, is called a "work that uses the Library". Such a -work, in isolation, is not a derivative work of the Library, and -therefore falls outside the scope of this License. - - However, linking a "work that uses the Library" with the Library -creates an executable that is a derivative of the Library (because it -contains portions of the Library), rather than a "work that uses the -library". The executable is therefore covered by this License. -Section 6 states terms for distribution of such executables. - - When a "work that uses the Library" uses material from a header file -that is part of the Library, the object code for the work may be a -derivative work of the Library even though the source code is not. -Whether this is true is especially significant if the work can be -linked without the Library, or if the work is itself a library. The -threshold for this to be true is not precisely defined by law. - - If such an object file uses only numerical parameters, data -structure layouts and accessors, and small macros and small inline -functions (ten lines or less in length), then the use of the object -file is unrestricted, regardless of whether it is legally a derivative -work. (Executables containing this object code plus portions of the -Library will still fall under Section 6.) - - Otherwise, if the work is a derivative of the Library, you may -distribute the object code for the work under the terms of Section 6. -Any executables containing that work also fall under Section 6, -whether or not they are linked directly with the Library itself. - - 6. As an exception to the Sections above, you may also compile or -link a "work that uses the Library" with the Library to produce a -work containing portions of the Library, and distribute that work -under terms of your choice, provided that the terms permit -modification of the work for the customer's own use and reverse -engineering for debugging such modifications. - - You must give prominent notice with each copy of the work that the -Library is used in it and that the Library and its use are covered by -this License. You must supply a copy of this License. If the work -during execution displays copyright notices, you must include the -copyright notice for the Library among them, as well as a reference -directing the user to the copy of this License. Also, you must do one -of these things: - - a) Accompany the work with the complete corresponding - machine-readable source code for the Library including whatever - changes were used in the work (which must be distributed under - Sections 1 and 2 above); and, if the work is an executable linked - with the Library, with the complete machine-readable "work that - uses the Library", as object code and/or source code, so that the - user can modify the Library and then relink to produce a modified - executable containing the modified Library. (It is understood - that the user who changes the contents of definitions files in the - Library will not necessarily be able to recompile the application - to use the modified definitions.) - - b) Accompany the work with a written offer, valid for at - least three years, to give the same user the materials - specified in Subsection 6a, above, for a charge no more - than the cost of performing this distribution. - - c) If distribution of the work is made by offering access to copy - from a designated place, offer equivalent access to copy the above - specified materials from the same place. - - d) Verify that the user has already received a copy of these - materials or that you have already sent this user a copy. - - For an executable, the required form of the "work that uses the -Library" must include any data and utility programs needed for -reproducing the executable from it. However, as a special exception, -the source code distributed need not include anything that is normally -distributed (in either source or binary form) with the major -components (compiler, kernel, and so on) of the operating system on -which the executable runs, unless that component itself accompanies -the executable. - - It may happen that this requirement contradicts the license -restrictions of other proprietary libraries that do not normally -accompany the operating system. Such a contradiction means you cannot -use both them and the Library together in an executable that you -distribute. - - 7. You may place library facilities that are a work based on the -Library side-by-side in a single library together with other library -facilities not covered by this License, and distribute such a combined -library, provided that the separate distribution of the work based on -the Library and of the other library facilities is otherwise -permitted, and provided that you do these two things: - - a) Accompany the combined library with a copy of the same work - based on the Library, uncombined with any other library - facilities. This must be distributed under the terms of the - Sections above. - - b) Give prominent notice with the combined library of the fact - that part of it is a work based on the Library, and explaining - where to find the accompanying uncombined form of the same work. - - 8. You may not copy, modify, sublicense, link with, or distribute -the Library except as expressly provided under this License. Any -attempt otherwise to copy, modify, sublicense, link with, or -distribute the Library is void, and will automatically terminate your -rights under this License. However, parties who have received copies, -or rights, from you under this License will not have their licenses -terminated so long as such parties remain in full compliance. - - 9. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Library or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Library (or any work based on the -Library), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Library or works based on it. - - 10. Each time you redistribute the Library (or any work based on the -Library), the recipient automatically receives a license from the -original licensor to copy, distribute, link with or modify the Library -subject to these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 11. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Library at all. For example, if a patent -license would not permit royalty-free redistribution of the Library by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Library. - -If any portion of this section is held invalid or unenforceable under any -particular circumstance, the balance of the section is intended to apply, -and the section as a whole is intended to apply in other circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 12. If the distribution and/or use of the Library is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Library under this License may add -an explicit geographical distribution limitation excluding those countries, -so that distribution is permitted only in or among countries not thus -excluded. In such case, this License incorporates the limitation as if -written in the body of this License. - - 13. The Free Software Foundation may publish revised and/or new -versions of the Library General Public License from time to time. -Such new versions will be similar in spirit to the present version, -but may differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Library -specifies a version number of this License which applies to it and -"any later version", you have the option of following the terms and -conditions either of that version or of any later version published by -the Free Software Foundation. If the Library does not specify a -license version number, you may choose any version ever published by -the Free Software Foundation. - - 14. If you wish to incorporate parts of the Library into other free -programs whose distribution conditions are incompatible with these, -write to the author to ask for permission. For software which is -copyrighted by the Free Software Foundation, write to the Free -Software Foundation; we sometimes make exceptions for this. Our -decision will be guided by the two goals of preserving the free status -of all derivatives of our free software and of promoting the sharing -and reuse of software generally. - - NO WARRANTY - - 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO -WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. -EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR -OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY -KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME -THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN -WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY -AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU -FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR -CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE -LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING -RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A -FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF -SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Libraries - - If you develop a new library, and you want it to be of the greatest -possible use to the public, we recommend making it free software that -everyone can redistribute and change. You can do so by permitting -redistribution under these terms (or, alternatively, under the terms of the -ordinary General Public License). - - To apply these terms, attach the following notices to the library. It is -safest to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least the -"copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -Also add information on how to contact you by electronic and paper mail. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the library, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the - library `Frob' (a library for tweaking knobs) written by James Random Hacker. - - , 1 April 1990 - Ty Coon, President of Vice - -That's all there is to it! diff --git a/lib/Makefile b/lib/Makefile deleted file mode 100644 index 8f0b6ec24..000000000 --- a/lib/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# Makefile for the KLIPS interface utilities -# Copyright (C) 1998, 1999 Henry Spencer. -# Copyright (C) 1999, 2000, 2001 Richard Guy Briggs -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.2 2006/10/19 18:12:45 as Exp $ - -FREESWANSRCDIR=.. -include ${FREESWANSRCDIR}/Makefile.inc - -SUBDIRS=libfreeswan libdes - -ifeq ($(USE_LWRES),true) -SUBDIRS+=liblwres -endif - -ifeq ($(USE_IPSECPOLICY),true) -SUBDIRS+=libipsecpolicy -endif - -def: - @echo "Please read doc/intro.html or INSTALL before running make" - @false - -# programs - -cleanall distclean mostlyclean realclean install programs checkprograms check clean spotless install_file_list: - @for d in $(SUBDIRS) ; \ - do \ - (cd $$d && $(MAKE) FREESWANSRCDIR=$(FREESWANSRCDIR)/.. $@ ) || exit 1; \ - done; diff --git a/lib/Makefile.kernel b/lib/Makefile.kernel deleted file mode 100644 index f32a4f0b7..000000000 --- a/lib/Makefile.kernel +++ /dev/null @@ -1,65 +0,0 @@ -# FreeS/WAN library -# Copyright (C) 1998-2002 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile.kernel,v 1.1 2004/03/15 20:35:24 as Exp $ - - - -include ../Makefile.inc -include ../Makefile.ver - - - -ifndef TOPDIR -TOPDIR := /usr/src/linux -endif - -L_TARGET := libkernel.a - -obj-y := addrtoa.o datatot.o goodmask.o \ - pfkey_v2_build.o pfkey_v2_debug.o pfkey_v2_ext_bits.o pfkey_v2_parse.o \ - prng.o rangetoa.o satoa.o \ - subnetof.o subnettoa.o ultoa.o version.o - -HDRS=freeswan.h internal.h - -EXTRA_CFLAGS += -I. $(KLIPSCOMPILE) - -EXTRA_CFLAGS += -Wall -#EXTRA_CFLAGS += -Wconversion -#EXTRA_CFLAGS += -Wmissing-prototypes -EXTRA_CFLAGS += -Wpointer-arith -#EXTRA_CFLAGS += -Wcast-qual -#EXTRA_CFLAGS += -Wmissing-declarations -EXTRA_CFLAGS += -Wstrict-prototypes -#EXTRA_CFLAGS += -pedantic -#EXTRA_CFLAGS += -W -#EXTRA_CFLAGS += -Wwrite-strings -#EXTRA_CFLAGS += -Wbad-function-cast - -active-objs := $(sort $(obj-y) $(obj-m)) -L_OBJS := $(obj-y) -M_OBJS := $(obj-m) -MIX_OBJS := $(filter $(export-objs), $(active-objs)) - -include $(TOPDIR)/Rules.make - -$(obj-y): $(HDRS) - -# build version.c using version number from Makefile.ver -version.c: version.in.c - sed '/"/s/xxx/$(IPSECVERSION)/' version.in.c >$@ - -clean: - rm -f $(L_TARGET) *.o try* core *.core version.c - ( cd des && $(MAKE) clean ) diff --git a/lib/README b/lib/README deleted file mode 100644 index 1834a8792..000000000 --- a/lib/README +++ /dev/null @@ -1,3 +0,0 @@ -These are general library functions used in many places in FreeS/WAN. - -They are under the GNU library license; see COPYING.LIB. diff --git a/lib/libcrypto/include/cbc_generic.h b/lib/libcrypto/include/cbc_generic.h deleted file mode 100644 index 0dd3a77d6..000000000 --- a/lib/libcrypto/include/cbc_generic.h +++ /dev/null @@ -1,110 +0,0 @@ -#ifndef _CBC_GENERIC_H -#define _CBC_GENERIC_H -/* - * CBC macro helpers - * - * Author: JuanJo Ciarlante - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - */ - -/* - * Heavily inspired in loop_AES - */ -#define CBC_IMPL_BLK16(name, ctx_type, addr_type, enc_func, dec_func) \ -int name(ctx_type *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) { \ - int ret=ilen, pos; \ - const u_int32_t *iv_i; \ - if ((ilen) % 16) return 0; \ - if (encrypt) { \ - pos=0; \ - while(pos=0) { \ - dec_func(ctx, (const addr_type) in, (addr_type) out); \ - if (pos==0) \ - iv_i=(const u_int32_t*) (iv); \ - else \ - iv_i=(const u_int32_t*) (in-16); \ - *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; \ - *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; \ - *((u_int32_t *)(&out[ 8])) ^= iv_i[2]; \ - *((u_int32_t *)(&out[12])) ^= iv_i[3]; \ - in-=16; \ - out-=16; \ - pos-=16; \ - } \ - } \ - return ret; \ -} -#define CBC_IMPL_BLK8(name, ctx_type, addr_type, enc_func, dec_func) \ -int name(ctx_type *ctx, u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) { \ - int ret=ilen, pos; \ - const u_int32_t *iv_i; \ - if ((ilen) % 8) return 0; \ - if (encrypt) { \ - pos=0; \ - while(pos=0) { \ - dec_func(ctx, (const addr_type)in, (addr_type)out); \ - if (pos==0) \ - iv_i=(const u_int32_t*) (iv); \ - else \ - iv_i=(const u_int32_t*) (in-8); \ - *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; \ - *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; \ - in-=8; \ - out-=8; \ - pos-=8; \ - } \ - } \ - return ret; \ -} -#define CBC_DECL(name, ctx_type) \ -int name(ctx_type *ctx, u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt) -/* -Eg.: -CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt); -CBC_DECL(AES_cbc_encrypt, aes_context); -*/ -#endif /* _CBC_GENERIC_H */ diff --git a/lib/libcrypto/include/hmac_generic.h b/lib/libcrypto/include/hmac_generic.h deleted file mode 100644 index a749228e3..000000000 --- a/lib/libcrypto/include/hmac_generic.h +++ /dev/null @@ -1,60 +0,0 @@ -#ifndef _HMAC_GENERIC_H -#define _HMAC_GENERIC_H -/* - * HMAC macro helpers - * - * Author: JuanJo Ciarlante - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - */ - -#ifndef DIVUP -#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */ -#endif -#ifndef HMAC_IPAD -#define HMAC_IPAD 0x36 -#define HMAC_OPAD 0x5C -#endif -#define HMAC_SET_KEY_IMPL(func_name, hctx_t, blocksize, func_init, func_update) \ -void func_name(hctx_t *hctx, const u_int8_t * key, int keylen) { \ - int i;\ - u_int8_t kb[blocksize]; \ - for (i = 0; i < DIVUP(keylen*8, 8); i++) { \ - kb[i] = key[i] ^ HMAC_IPAD; \ - } \ - for (; i < blocksize; i++) { \ - kb[i] = HMAC_IPAD; \ - } \ - func_init(&hctx->ictx); \ - func_update(&hctx->ictx, kb, blocksize); \ - for (i = 0; i < blocksize; i++) { \ - kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); \ - } \ - func_init(&hctx->octx); \ - func_update(&hctx->octx, kb, blocksize); \ -} -#define HMAC_HASH_IMPL(func_name, hctx_t, ctx_t, ahlen, func_update, func_result ) \ -void func_name(hctx_t *hctx, const u_int8_t * dat, int len, u_int8_t * hash, int hashlen) { \ - ctx_t ctx; \ - ctx=hctx->ictx; \ - if (dat) func_update(&ctx, dat, len); \ - if (hash) { \ - u_int8_t hash_buf[ahlen]; \ - func_result(&ctx, hash_buf, ahlen); \ - ctx=hctx->octx; \ - func_update(&ctx, hash_buf, ahlen); \ - func_result(&ctx, hash, hashlen); \ - memset(&ctx, 0, sizeof (ctx)); \ - memset(&hash_buf, 0, sizeof (hash_buf));\ - } \ -} -#endif /* _HMAC_GENERIC_H */ diff --git a/lib/libcrypto/include/md32_common.h b/lib/libcrypto/include/md32_common.h deleted file mode 100644 index 1a404a458..000000000 --- a/lib/libcrypto/include/md32_common.h +++ /dev/null @@ -1,607 +0,0 @@ -/* crypto/md32_common.h */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* - * This is a generic 32 bit "collector" for message digest algorithms. - * Whenever needed it collects input character stream into chunks of - * 32 bit values and invokes a block function that performs actual hash - * calculations. - * - * Porting guide. - * - * Obligatory macros: - * - * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN - * this macro defines byte order of input stream. - * HASH_CBLOCK - * size of a unit chunk HASH_BLOCK operates on. - * HASH_LONG - * has to be at lest 32 bit wide, if it's wider, then - * HASH_LONG_LOG2 *has to* be defined along - * HASH_CTX - * context structure that at least contains following - * members: - * typedef struct { - * ... - * HASH_LONG Nl,Nh; - * HASH_LONG data[HASH_LBLOCK]; - * int num; - * ... - * } HASH_CTX; - * HASH_UPDATE - * name of "Update" function, implemented here. - * HASH_TRANSFORM - * name of "Transform" function, implemented here. - * HASH_FINAL - * name of "Final" function, implemented here. - * HASH_BLOCK_HOST_ORDER - * name of "block" function treating *aligned* input message - * in host byte order, implemented externally. - * HASH_BLOCK_DATA_ORDER - * name of "block" function treating *unaligned* input message - * in original (data) byte order, implemented externally (it - * actually is optional if data and host are of the same - * "endianess"). - * HASH_MAKE_STRING - * macro convering context variables to an ASCII hash string. - * - * Optional macros: - * - * B_ENDIAN or L_ENDIAN - * defines host byte-order. - * HASH_LONG_LOG2 - * defaults to 2 if not states otherwise. - * HASH_LBLOCK - * assumed to be HASH_CBLOCK/4 if not stated otherwise. - * HASH_BLOCK_DATA_ORDER_ALIGNED - * alternative "block" function capable of treating - * aligned input message in original (data) order, - * implemented externally. - * - * MD5 example: - * - * #define DATA_ORDER_IS_LITTLE_ENDIAN - * - * #define HASH_LONG MD5_LONG - * #define HASH_LONG_LOG2 MD5_LONG_LOG2 - * #define HASH_CTX MD5_CTX - * #define HASH_CBLOCK MD5_CBLOCK - * #define HASH_LBLOCK MD5_LBLOCK - * #define HASH_UPDATE MD5_Update - * #define HASH_TRANSFORM MD5_Transform - * #define HASH_FINAL MD5_Final - * #define HASH_BLOCK_HOST_ORDER md5_block_host_order - * #define HASH_BLOCK_DATA_ORDER md5_block_data_order - * - * - */ - -#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) -#error "DATA_ORDER must be defined!" -#endif - -#ifndef HASH_CBLOCK -#error "HASH_CBLOCK must be defined!" -#endif -#ifndef HASH_LONG -#error "HASH_LONG must be defined!" -#endif -#ifndef HASH_CTX -#error "HASH_CTX must be defined!" -#endif - -#ifndef HASH_UPDATE -#error "HASH_UPDATE must be defined!" -#endif -#ifndef HASH_TRANSFORM -#error "HASH_TRANSFORM must be defined!" -#endif -#ifndef HASH_FINAL -#error "HASH_FINAL must be defined!" -#endif - -#ifndef HASH_BLOCK_HOST_ORDER -#error "HASH_BLOCK_HOST_ORDER must be defined!" -#endif - -#if 0 -/* - * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED - * isn't defined. - */ -#ifndef HASH_BLOCK_DATA_ORDER -#error "HASH_BLOCK_DATA_ORDER must be defined!" -#endif -#endif - -#ifndef HASH_LBLOCK -#define HASH_LBLOCK (HASH_CBLOCK/4) -#endif - -#ifndef HASH_LONG_LOG2 -#define HASH_LONG_LOG2 2 -#endif - -/* - * Engage compiler specific rotate intrinsic function if available. - */ -#undef ROTATE -#ifndef PEDANTIC -# if defined(_MSC_VER) -# define ROTATE(a,n) _lrotl(a,n) -# elif defined(__MWERKS__) -# if defined(__POWERPC__) -# define ROTATE(a,n) __rlwinm(a,n,0,31) -# elif defined(__MC68K__) - /* Motorola specific tweak. */ -# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) -# else -# define ROTATE(a,n) __rol(a,n) -# endif -# elif defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM) - /* - * Some GNU C inline assembler templates. Note that these are - * rotates by *constant* number of bits! But that's exactly - * what we need here... - * - * - */ -# if defined(__i386) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "roll %1,%0" \ - : "=r"(ret) \ - : "I"(n), "0"(a) \ - : "cc"); \ - ret; \ - }) -# elif defined(__powerpc) || defined(__ppc) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "rlwinm %0,%1,%2,0,31" \ - : "=r"(ret) \ - : "r"(a), "I"(n)); \ - ret; \ - }) -# endif -# endif - -/* - * Engage compiler specific "fetch in reverse byte order" - * intrinsic function if available. - */ -# if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM) - /* some GNU C inline assembler templates by */ -# if defined(__i386) && !defined(I386_ONLY) -# define BE_FETCH32(a) ({ register unsigned int l=(a);\ - asm ( \ - "bswapl %0" \ - : "=r"(l) : "0"(l)); \ - l; \ - }) -# elif defined(__powerpc) -# define LE_FETCH32(a) ({ register unsigned int l; \ - asm ( \ - "lwbrx %0,0,%1" \ - : "=r"(l) \ - : "r"(a)); \ - l; \ - }) - -# elif defined(__sparc) && defined(ULTRASPARC) -# define LE_FETCH32(a) ({ register unsigned int l; \ - asm ( \ - "lda [%1]#ASI_PRIMARY_LITTLE,%0"\ - : "=r"(l) \ - : "r"(a)); \ - l; \ - }) -# endif -# endif -#endif /* PEDANTIC */ - -#if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */ -/* A nice byte order reversal from Wei Dai */ -#ifdef ROTATE -/* 5 instructions with rotate instruction, else 9 */ -#define REVERSE_FETCH32(a,l) ( \ - l=*(const HASH_LONG *)(a), \ - ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \ - ) -#else -/* 6 instructions with rotate instruction, else 8 */ -#define REVERSE_FETCH32(a,l) ( \ - l=*(const HASH_LONG *)(a), \ - l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \ - ROTATE(l,16) \ - ) -/* - * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|... - * It's rewritten as above for two reasons: - * - RISCs aren't good at long constants and have to explicitely - * compose 'em with several (well, usually 2) instructions in a - * register before performing the actual operation and (as you - * already realized:-) having same constant should inspire the - * compiler to permanently allocate the only register for it; - * - most modern CPUs have two ALUs, but usually only one has - * circuitry for shifts:-( this minor tweak inspires compiler - * to schedule shift instructions in a better way... - * - * - */ -#endif -#endif - -#ifndef ROTATE -#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) -#endif - -/* - * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED - * and HASH_BLOCK_HOST_ORDER ought to be the same if input data - * and host are of the same "endianess". It's possible to mask - * this with blank #define HASH_BLOCK_DATA_ORDER though... - * - * - */ -#if defined(B_ENDIAN) -# if defined(DATA_ORDER_IS_BIG_ENDIAN) -# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 -# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER -# endif -# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# ifndef HOST_FETCH32 -# ifdef LE_FETCH32 -# define HOST_FETCH32(p,l) LE_FETCH32(p) -# elif defined(REVERSE_FETCH32) -# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) -# endif -# endif -# endif -#elif defined(L_ENDIAN) -# if defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 -# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER -# endif -# elif defined(DATA_ORDER_IS_BIG_ENDIAN) -# ifndef HOST_FETCH32 -# ifdef BE_FETCH32 -# define HOST_FETCH32(p,l) BE_FETCH32(p) -# elif defined(REVERSE_FETCH32) -# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) -# endif -# endif -# endif -#endif - -#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) -#ifndef HASH_BLOCK_DATA_ORDER -#error "HASH_BLOCK_DATA_ORDER must be defined!" -#endif -#endif - -#if defined(DATA_ORDER_IS_BIG_ENDIAN) - -#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++))) ), \ - l) -#define HOST_p_c2l(c,l,n) { \ - switch (n) { \ - case 0: l =((unsigned long)(*((c)++)))<<24; \ - case 1: l|=((unsigned long)(*((c)++)))<<16; \ - case 2: l|=((unsigned long)(*((c)++)))<< 8; \ - case 3: l|=((unsigned long)(*((c)++))); \ - } } -#define HOST_p_c2l_p(c,l,sc,len) { \ - switch (sc) { \ - case 0: l =((unsigned long)(*((c)++)))<<24; \ - if (--len == 0) break; \ - case 1: l|=((unsigned long)(*((c)++)))<<16; \ - if (--len == 0) break; \ - case 2: l|=((unsigned long)(*((c)++)))<< 8; \ - } } -/* NOTE the pointer is not incremented at the end of this */ -#define HOST_c2l_p(c,l,n) { \ - l=0; (c)+=n; \ - switch (n) { \ - case 3: l =((unsigned long)(*(--(c))))<< 8; \ - case 2: l|=((unsigned long)(*(--(c))))<<16; \ - case 1: l|=((unsigned long)(*(--(c))))<<24; \ - } } -#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff), \ - l) - -#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) - -#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24), \ - l) -#define HOST_p_c2l(c,l,n) { \ - switch (n) { \ - case 0: l =((unsigned long)(*((c)++))); \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - case 3: l|=((unsigned long)(*((c)++)))<<24; \ - } } -#define HOST_p_c2l_p(c,l,sc,len) { \ - switch (sc) { \ - case 0: l =((unsigned long)(*((c)++))); \ - if (--len == 0) break; \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - if (--len == 0) break; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - } } -/* NOTE the pointer is not incremented at the end of this */ -#define HOST_c2l_p(c,l,n) { \ - l=0; (c)+=n; \ - switch (n) { \ - case 3: l =((unsigned long)(*(--(c))))<<16; \ - case 2: l|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l|=((unsigned long)(*(--(c)))); \ - } } -#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - l) - -#endif - -/* - * Time for some action:-) - */ - -void HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) - { - const unsigned char *data=data_; - register HASH_LONG * p; - register unsigned long l; - int sw,sc,ew,ec; - - if (len==0) return; - - l=(c->Nl+(len<<3))&0xffffffffL; - /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to - * Wei Dai for pointing it out. */ - if (l < c->Nl) /* overflow */ - c->Nh++; - c->Nh+=(len>>29); - c->Nl=l; - - if (c->num != 0) - { - p=c->data; - sw=c->num>>2; - sc=c->num&0x03; - - if ((c->num+len) >= HASH_CBLOCK) - { - l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; - for (; swnum); - c->num=0; - /* drop through and do the rest */ - } - else - { - c->num+=len; - if ((sc+len) < 4) /* ugly, add char's to a word */ - { - l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l; - } - else - { - ew=(c->num>>2); - ec=(c->num&0x03); - l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; - for (; sw < ew; sw++) - { - HOST_c2l(data,l); p[sw]=l; - } - if (ec) - { - HOST_c2l_p(data,l,ec); p[sw]=l; - } - } - return; - } - } - - sw=len/HASH_CBLOCK; - if (sw > 0) - { -#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) - /* - * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined - * only if sizeof(HASH_LONG)==4. - */ - if ((((unsigned long)data)%4) == 0) - { - /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw); - sw*=HASH_CBLOCK; - data+=sw; - len-=sw; - } - else -#if !defined(HASH_BLOCK_DATA_ORDER) - while (sw--) - { - memcpy (p=c->data,data,HASH_CBLOCK); - HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1); - data+=HASH_CBLOCK; - len-=HASH_CBLOCK; - } -#endif -#endif -#if defined(HASH_BLOCK_DATA_ORDER) - { - HASH_BLOCK_DATA_ORDER(c,data,sw); - sw*=HASH_CBLOCK; - data+=sw; - len-=sw; - } -#endif - } - - if (len!=0) - { - p = c->data; - c->num = len; - ew=len>>2; /* words to copy */ - ec=len&0x03; - for (; ew; ew--,p++) - { - HOST_c2l(data,l); *p=l; - } - HOST_c2l_p(data,l,ec); - *p=l; - } - } - - -void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) - { -#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) - if ((((unsigned long)data)%4) == 0) - /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1); - else -#if !defined(HASH_BLOCK_DATA_ORDER) - { - memcpy (c->data,data,HASH_CBLOCK); - HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1); - } -#endif -#endif -#if defined(HASH_BLOCK_DATA_ORDER) - HASH_BLOCK_DATA_ORDER (c,data,1); -#endif - } - - -void HASH_FINAL (unsigned char *md, HASH_CTX *c) - { - register HASH_LONG *p; - register unsigned long l; - register int i,j; - static const unsigned char end[4]={0x80,0x00,0x00,0x00}; - const unsigned char *cp=end; - - /* c->num should definitly have room for at least one more byte. */ - p=c->data; - i=c->num>>2; - j=c->num&0x03; - -#if 0 - /* purify often complains about the following line as an - * Uninitialized Memory Read. While this can be true, the - * following p_c2l macro will reset l when that case is true. - * This is because j&0x03 contains the number of 'valid' bytes - * already in p[i]. If and only if j&0x03 == 0, the UMR will - * occur but this is also the only time p_c2l will do - * l= *(cp++) instead of l|= *(cp++) - * Many thanks to Alex Tang for pickup this - * 'potential bug' */ -#ifdef PURIFY - if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */ -#endif - l=p[i]; -#else - l = (j==0) ? 0 : p[i]; -#endif - HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */ - - if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */ - { - if (iNh; - p[HASH_LBLOCK-1]=c->Nl; -#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) - p[HASH_LBLOCK-2]=c->Nl; - p[HASH_LBLOCK-1]=c->Nh; -#endif - HASH_BLOCK_HOST_ORDER (c,p,1); - -#ifndef HASH_MAKE_STRING -#error "HASH_MAKE_STRING must be defined!" -#else - HASH_MAKE_STRING(c,md); -#endif - - c->num=0; - /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack - * but I'm not worried :-) - memset((void *)c,0,sizeof(HASH_CTX)); - */ - } diff --git a/lib/libcrypto/libaes/Makefile b/lib/libcrypto/libaes/Makefile deleted file mode 100644 index 7e4cff6e8..000000000 --- a/lib/libcrypto/libaes/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -CFLAGS=-O3 -fomit-frame-pointer -D__KERNEL__ -Wall -Wcast-qual $(EXTRA_CFLAGS) -INC=-I../include - -AES_CORE_OBJ:=aes.o - -ASM-$(ARCH_ASM):=1 -ASM_X86:=$(ASM-i586)$(ASM-i686) -ifneq ($(strip $(ASM_X86)),) -AES_CORE_OBJ:= asm/aes-i586.o -endif - -LIBOBJ := aes_xcbc_mac.o aes_cbc.o $(AES_CORE_OBJ) -LDLIBS := -laes -LDFLAGS := -L. - -BLIB := libaes.a - -L_TARGET := $(BLIB) - -.c.o: - $(CC) $(CPPFLAGS) $(CFLAGS) $(INC) -c $< -o $@ - -.S.o: - $(CC) $(AFLAGS) -c $< -o $@ - -$(BLIB): $(LIBOBJ) - /bin/rm -f $(BLIB) - ar cr $(BLIB) $(LIBOBJ) - -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ - else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ - else exit 0; fi; fi - -testx: test_main_mac.o $(BLIB) - $(CC) -o $@ $^ - -test: test_main.o $(BLIB) - $(CC) -o $@ $^ - -clean: - rm -f *.[oa] asm/*.o core $(TARGET) test testx diff --git a/lib/libcrypto/libaes/aes.c b/lib/libcrypto/libaes/aes.c deleted file mode 100644 index 1748119ac..000000000 --- a/lib/libcrypto/libaes/aes.c +++ /dev/null @@ -1,1415 +0,0 @@ -// I retain copyright in this code but I encourage its free use provided -// that I don't carry any responsibility for the results. I am especially -// happy to see it used in free and open source software. If you do use -// it I would appreciate an acknowledgement of its origin in the code or -// the product that results and I would also appreciate knowing a little -// about the use to which it is being put. I am grateful to Frank Yellin -// for some ideas that are used in this implementation. -// -// Dr B. R. Gladman 6th April 2001. -// -// This is an implementation of the AES encryption algorithm (Rijndael) -// designed by Joan Daemen and Vincent Rijmen. This version is designed -// to provide both fixed and dynamic block and key lengths and can also -// run with either big or little endian internal byte order (see aes.h). -// It inputs block and key lengths in bytes with the legal values being -// 16, 24 and 32. - -/* - * Modified by Jari Ruusu, May 1 2001 - * - Fixed some compile warnings, code was ok but gcc warned anyway. - * - Changed basic types: byte -> unsigned char, word -> u_int32_t - * - Major name space cleanup: Names visible to outside now begin - * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c - * - Removed C++ and DLL support as part of name space cleanup. - * - Eliminated unnecessary recomputation of tables. (actual bug fix) - * - Merged precomputed constant tables to aes.c file. - * - Removed data alignment restrictions for portability reasons. - * - Made block and key lengths accept bit count (128/192/256) - * as well byte count (16/24/32). - * - Removed all error checks. This change also eliminated the need - * to preinitialize the context struct to zero. - * - Removed some totally unused constants. - */ - -#include "aes.h" - -// CONFIGURATION OPTIONS (see also aes.h) -// -// 1. Define UNROLL for full loop unrolling in encryption and decryption. -// 2. Define PARTIAL_UNROLL to unroll two loops in encryption and decryption. -// 3. Define FIXED_TABLES for compiled rather than dynamic tables. -// 4. Define FF_TABLES to use tables for field multiplies and inverses. -// Do not enable this without understanding stack space requirements. -// 5. Define ARRAYS to use arrays to hold the local state block. If this -// is not defined, individually declared 32-bit words are used. -// 6. Define FAST_VARIABLE if a high speed variable block implementation -// is needed (essentially three separate fixed block size code sequences) -// 7. Define either ONE_TABLE or FOUR_TABLES for a fast table driven -// version using 1 table (2 kbytes of table space) or 4 tables (8 -// kbytes of table space) for higher speed. -// 8. Define either ONE_LR_TABLE or FOUR_LR_TABLES for a further speed -// increase by using tables for the last rounds but with more table -// space (2 or 8 kbytes extra). -// 9. If neither ONE_TABLE nor FOUR_TABLES is defined, a compact but -// slower version is provided. -// 10. If fast decryption key scheduling is needed define ONE_IM_TABLE -// or FOUR_IM_TABLES for higher speed (2 or 8 kbytes extra). - -#define UNROLL -//#define PARTIAL_UNROLL - -#define FIXED_TABLES -//#define FF_TABLES -//#define ARRAYS -#define FAST_VARIABLE - -//#define ONE_TABLE -#define FOUR_TABLES - -//#define ONE_LR_TABLE -#define FOUR_LR_TABLES - -//#define ONE_IM_TABLE -#define FOUR_IM_TABLES - -#if defined(UNROLL) && defined (PARTIAL_UNROLL) -#error both UNROLL and PARTIAL_UNROLL are defined -#endif - -#if defined(ONE_TABLE) && defined (FOUR_TABLES) -#error both ONE_TABLE and FOUR_TABLES are defined -#endif - -#if defined(ONE_LR_TABLE) && defined (FOUR_LR_TABLES) -#error both ONE_LR_TABLE and FOUR_LR_TABLES are defined -#endif - -#if defined(ONE_IM_TABLE) && defined (FOUR_IM_TABLES) -#error both ONE_IM_TABLE and FOUR_IM_TABLES are defined -#endif - -#if defined(AES_BLOCK_SIZE) && AES_BLOCK_SIZE != 16 && AES_BLOCK_SIZE != 24 && AES_BLOCK_SIZE != 32 -#error an illegal block size has been specified -#endif - -// upr(x,n): rotates bytes within words by n positions, moving bytes -// to higher index positions with wrap around into low positions -// ups(x,n): moves bytes by n positions to higher index positions in -// words but without wrap around -// bval(x,n): extracts a byte from a word - -#define upr(x,n) (((x) << 8 * (n)) | ((x) >> (32 - 8 * (n)))) -#define ups(x,n) ((x) << 8 * (n)) -#define bval(x,n) ((unsigned char)((x) >> 8 * (n))) -#define bytes2word(b0, b1, b2, b3) \ - ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0)) - - -/* little endian processor without data alignment restrictions: AES_LE_OK */ -/* original code: i386 */ -#if defined(i386) || defined(_I386) || defined(__i386__) || defined(__i386) -#define AES_LE_OK 1 -/* added (tested): alpha --jjo */ -#elif defined(__alpha__)|| defined (__alpha) -#define AES_LE_OK 1 -/* added (tested): ia64 --jjo */ -#elif defined(__ia64__)|| defined (__ia64) -#define AES_LE_OK 1 -#endif - -#ifdef AES_LE_OK -/* little endian processor without data alignment restrictions */ -#define word_in(x) *(u_int32_t*)(x) -#define const_word_in(x) *(const u_int32_t*)(x) -#define word_out(x,v) *(u_int32_t*)(x) = (v) -#define const_word_out(x,v) *(const u_int32_t*)(x) = (v) -#else -/* slower but generic big endian or with data alignment restrictions */ -/* some additional "const" touches to stop "gcc -Wcast-qual" complains --jjo */ -#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24)) -#define const_word_in(x) ((const u_int32_t)(((const unsigned char *)(x))[0])|((const u_int32_t)(((const unsigned char *)(x))[1])<<8)|((const u_int32_t)(((const unsigned char *)(x))[2])<<16)|((const u_int32_t)(((const unsigned char *)(x))[3])<<24)) -#define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24) -#define const_word_out(x,v) ((const unsigned char *)(x))[0]=(v),((const unsigned char *)(x))[1]=((v)>>8),((const unsigned char *)(x))[2]=((v)>>16),((const unsigned char *)(x))[3]=((v)>>24) -#endif - -// Disable at least some poor combinations of options - -#if !defined(ONE_TABLE) && !defined(FOUR_TABLES) -#define FIXED_TABLES -#undef UNROLL -#undef ONE_LR_TABLE -#undef FOUR_LR_TABLES -#undef ONE_IM_TABLE -#undef FOUR_IM_TABLES -#elif !defined(FOUR_TABLES) -#ifdef FOUR_LR_TABLES -#undef FOUR_LR_TABLES -#define ONE_LR_TABLE -#endif -#ifdef FOUR_IM_TABLES -#undef FOUR_IM_TABLES -#define ONE_IM_TABLE -#endif -#elif !defined(AES_BLOCK_SIZE) -#if defined(UNROLL) -#define PARTIAL_UNROLL -#undef UNROLL -#endif -#endif - -// the finite field modular polynomial and elements - -#define ff_poly 0x011b -#define ff_hi 0x80 - -// multiply four bytes in GF(2^8) by 'x' {02} in parallel - -#define m1 0x80808080 -#define m2 0x7f7f7f7f -#define m3 0x0000001b -#define FFmulX(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * m3)) - -// The following defines provide alternative definitions of FFmulX that might -// give improved performance if a fast 32-bit multiply is not available. Note -// that a temporary variable u needs to be defined where FFmulX is used. - -// #define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) -// #define m4 0x1b1b1b1b -// #define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) - -// perform column mix operation on four bytes in parallel - -#define fwd_mcol(x) (f2 = FFmulX(x), f2 ^ upr(x ^ f2,3) ^ upr(x,2) ^ upr(x,1)) - -#if defined(FIXED_TABLES) - -// the S-Box table - -static const unsigned char s_box[256] = -{ - 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, - 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, - 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, - 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, - 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, - 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, - 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, - 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, - 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, - 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, - 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, - 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, - 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, - 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, - 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, - 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, - 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, - 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, - 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, - 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, - 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, - 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, - 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, - 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, - 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, - 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, - 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, - 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, - 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, - 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, - 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, - 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -}; - -// the inverse S-Box table - -static const unsigned char inv_s_box[256] = -{ - 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, - 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, - 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, - 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, - 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, - 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, - 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, - 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, - 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, - 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, - 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, - 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, - 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, - 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, - 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, - 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, - 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, - 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, - 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, - 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, - 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, - 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, - 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, - 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, - 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, - 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, - 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, - 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, - 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, - 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, - 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, - 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d -}; - -#define w0(p) 0x000000##p - -// Number of elements required in this table for different -// block and key lengths is: -// -// Nk = 4 6 8 -// ---------- -// Nb = 4 | 10 8 7 -// 6 | 19 12 11 -// 8 | 29 19 14 -// -// this table can be a table of bytes if the key schedule -// code is adjusted accordingly - -static const u_int32_t rcon_tab[29] = -{ - w0(01), w0(02), w0(04), w0(08), - w0(10), w0(20), w0(40), w0(80), - w0(1b), w0(36), w0(6c), w0(d8), - w0(ab), w0(4d), w0(9a), w0(2f), - w0(5e), w0(bc), w0(63), w0(c6), - w0(97), w0(35), w0(6a), w0(d4), - w0(b3), w0(7d), w0(fa), w0(ef), - w0(c5) -}; - -#undef w0 - -#define r0(p,q,r,s) 0x##p##q##r##s -#define r1(p,q,r,s) 0x##q##r##s##p -#define r2(p,q,r,s) 0x##r##s##p##q -#define r3(p,q,r,s) 0x##s##p##q##r -#define w0(p) 0x000000##p -#define w1(p) 0x0000##p##00 -#define w2(p) 0x00##p##0000 -#define w3(p) 0x##p##000000 - -#if defined(FIXED_TABLES) && (defined(ONE_TABLE) || defined(FOUR_TABLES)) - -// data for forward tables (other than last round) - -#define f_table \ - r(a5,63,63,c6), r(84,7c,7c,f8), r(99,77,77,ee), r(8d,7b,7b,f6),\ - r(0d,f2,f2,ff), r(bd,6b,6b,d6), r(b1,6f,6f,de), r(54,c5,c5,91),\ - r(50,30,30,60), r(03,01,01,02), r(a9,67,67,ce), r(7d,2b,2b,56),\ - r(19,fe,fe,e7), r(62,d7,d7,b5), r(e6,ab,ab,4d), r(9a,76,76,ec),\ - r(45,ca,ca,8f), r(9d,82,82,1f), r(40,c9,c9,89), r(87,7d,7d,fa),\ - r(15,fa,fa,ef), r(eb,59,59,b2), r(c9,47,47,8e), r(0b,f0,f0,fb),\ - r(ec,ad,ad,41), r(67,d4,d4,b3), r(fd,a2,a2,5f), r(ea,af,af,45),\ - r(bf,9c,9c,23), r(f7,a4,a4,53), r(96,72,72,e4), r(5b,c0,c0,9b),\ - r(c2,b7,b7,75), r(1c,fd,fd,e1), r(ae,93,93,3d), r(6a,26,26,4c),\ - r(5a,36,36,6c), r(41,3f,3f,7e), r(02,f7,f7,f5), r(4f,cc,cc,83),\ - r(5c,34,34,68), r(f4,a5,a5,51), r(34,e5,e5,d1), r(08,f1,f1,f9),\ - r(93,71,71,e2), r(73,d8,d8,ab), r(53,31,31,62), r(3f,15,15,2a),\ - r(0c,04,04,08), r(52,c7,c7,95), r(65,23,23,46), r(5e,c3,c3,9d),\ - r(28,18,18,30), r(a1,96,96,37), r(0f,05,05,0a), r(b5,9a,9a,2f),\ - r(09,07,07,0e), r(36,12,12,24), r(9b,80,80,1b), r(3d,e2,e2,df),\ - r(26,eb,eb,cd), r(69,27,27,4e), r(cd,b2,b2,7f), r(9f,75,75,ea),\ - r(1b,09,09,12), r(9e,83,83,1d), r(74,2c,2c,58), r(2e,1a,1a,34),\ - r(2d,1b,1b,36), r(b2,6e,6e,dc), r(ee,5a,5a,b4), r(fb,a0,a0,5b),\ - r(f6,52,52,a4), r(4d,3b,3b,76), r(61,d6,d6,b7), r(ce,b3,b3,7d),\ - r(7b,29,29,52), r(3e,e3,e3,dd), r(71,2f,2f,5e), r(97,84,84,13),\ - r(f5,53,53,a6), r(68,d1,d1,b9), r(00,00,00,00), r(2c,ed,ed,c1),\ - r(60,20,20,40), r(1f,fc,fc,e3), r(c8,b1,b1,79), r(ed,5b,5b,b6),\ - r(be,6a,6a,d4), r(46,cb,cb,8d), r(d9,be,be,67), r(4b,39,39,72),\ - r(de,4a,4a,94), r(d4,4c,4c,98), r(e8,58,58,b0), r(4a,cf,cf,85),\ - r(6b,d0,d0,bb), r(2a,ef,ef,c5), r(e5,aa,aa,4f), r(16,fb,fb,ed),\ - r(c5,43,43,86), r(d7,4d,4d,9a), r(55,33,33,66), r(94,85,85,11),\ - r(cf,45,45,8a), r(10,f9,f9,e9), r(06,02,02,04), r(81,7f,7f,fe),\ - r(f0,50,50,a0), r(44,3c,3c,78), r(ba,9f,9f,25), r(e3,a8,a8,4b),\ - r(f3,51,51,a2), r(fe,a3,a3,5d), r(c0,40,40,80), r(8a,8f,8f,05),\ - r(ad,92,92,3f), r(bc,9d,9d,21), r(48,38,38,70), r(04,f5,f5,f1),\ - r(df,bc,bc,63), r(c1,b6,b6,77), r(75,da,da,af), r(63,21,21,42),\ - r(30,10,10,20), r(1a,ff,ff,e5), r(0e,f3,f3,fd), r(6d,d2,d2,bf),\ - r(4c,cd,cd,81), r(14,0c,0c,18), r(35,13,13,26), r(2f,ec,ec,c3),\ - r(e1,5f,5f,be), r(a2,97,97,35), r(cc,44,44,88), r(39,17,17,2e),\ - r(57,c4,c4,93), r(f2,a7,a7,55), r(82,7e,7e,fc), r(47,3d,3d,7a),\ - r(ac,64,64,c8), r(e7,5d,5d,ba), r(2b,19,19,32), r(95,73,73,e6),\ - r(a0,60,60,c0), r(98,81,81,19), r(d1,4f,4f,9e), r(7f,dc,dc,a3),\ - r(66,22,22,44), r(7e,2a,2a,54), r(ab,90,90,3b), r(83,88,88,0b),\ - r(ca,46,46,8c), r(29,ee,ee,c7), r(d3,b8,b8,6b), r(3c,14,14,28),\ - r(79,de,de,a7), r(e2,5e,5e,bc), r(1d,0b,0b,16), r(76,db,db,ad),\ - r(3b,e0,e0,db), r(56,32,32,64), r(4e,3a,3a,74), r(1e,0a,0a,14),\ - r(db,49,49,92), r(0a,06,06,0c), r(6c,24,24,48), r(e4,5c,5c,b8),\ - r(5d,c2,c2,9f), r(6e,d3,d3,bd), r(ef,ac,ac,43), r(a6,62,62,c4),\ - r(a8,91,91,39), r(a4,95,95,31), r(37,e4,e4,d3), r(8b,79,79,f2),\ - r(32,e7,e7,d5), r(43,c8,c8,8b), r(59,37,37,6e), r(b7,6d,6d,da),\ - r(8c,8d,8d,01), r(64,d5,d5,b1), r(d2,4e,4e,9c), r(e0,a9,a9,49),\ - r(b4,6c,6c,d8), r(fa,56,56,ac), r(07,f4,f4,f3), r(25,ea,ea,cf),\ - r(af,65,65,ca), r(8e,7a,7a,f4), r(e9,ae,ae,47), r(18,08,08,10),\ - r(d5,ba,ba,6f), r(88,78,78,f0), r(6f,25,25,4a), r(72,2e,2e,5c),\ - r(24,1c,1c,38), r(f1,a6,a6,57), r(c7,b4,b4,73), r(51,c6,c6,97),\ - r(23,e8,e8,cb), r(7c,dd,dd,a1), r(9c,74,74,e8), r(21,1f,1f,3e),\ - r(dd,4b,4b,96), r(dc,bd,bd,61), r(86,8b,8b,0d), r(85,8a,8a,0f),\ - r(90,70,70,e0), r(42,3e,3e,7c), r(c4,b5,b5,71), r(aa,66,66,cc),\ - r(d8,48,48,90), r(05,03,03,06), r(01,f6,f6,f7), r(12,0e,0e,1c),\ - r(a3,61,61,c2), r(5f,35,35,6a), r(f9,57,57,ae), r(d0,b9,b9,69),\ - r(91,86,86,17), r(58,c1,c1,99), r(27,1d,1d,3a), r(b9,9e,9e,27),\ - r(38,e1,e1,d9), r(13,f8,f8,eb), r(b3,98,98,2b), r(33,11,11,22),\ - r(bb,69,69,d2), r(70,d9,d9,a9), r(89,8e,8e,07), r(a7,94,94,33),\ - r(b6,9b,9b,2d), r(22,1e,1e,3c), r(92,87,87,15), r(20,e9,e9,c9),\ - r(49,ce,ce,87), r(ff,55,55,aa), r(78,28,28,50), r(7a,df,df,a5),\ - r(8f,8c,8c,03), r(f8,a1,a1,59), r(80,89,89,09), r(17,0d,0d,1a),\ - r(da,bf,bf,65), r(31,e6,e6,d7), r(c6,42,42,84), r(b8,68,68,d0),\ - r(c3,41,41,82), r(b0,99,99,29), r(77,2d,2d,5a), r(11,0f,0f,1e),\ - r(cb,b0,b0,7b), r(fc,54,54,a8), r(d6,bb,bb,6d), r(3a,16,16,2c) - -// data for inverse tables (other than last round) - -#define i_table \ - r(50,a7,f4,51), r(53,65,41,7e), r(c3,a4,17,1a), r(96,5e,27,3a),\ - r(cb,6b,ab,3b), r(f1,45,9d,1f), r(ab,58,fa,ac), r(93,03,e3,4b),\ - r(55,fa,30,20), r(f6,6d,76,ad), r(91,76,cc,88), r(25,4c,02,f5),\ - r(fc,d7,e5,4f), r(d7,cb,2a,c5), r(80,44,35,26), r(8f,a3,62,b5),\ - r(49,5a,b1,de), r(67,1b,ba,25), r(98,0e,ea,45), r(e1,c0,fe,5d),\ - r(02,75,2f,c3), r(12,f0,4c,81), r(a3,97,46,8d), r(c6,f9,d3,6b),\ - r(e7,5f,8f,03), r(95,9c,92,15), r(eb,7a,6d,bf), r(da,59,52,95),\ - r(2d,83,be,d4), r(d3,21,74,58), r(29,69,e0,49), r(44,c8,c9,8e),\ - r(6a,89,c2,75), r(78,79,8e,f4), r(6b,3e,58,99), r(dd,71,b9,27),\ - r(b6,4f,e1,be), r(17,ad,88,f0), r(66,ac,20,c9), r(b4,3a,ce,7d),\ - r(18,4a,df,63), r(82,31,1a,e5), r(60,33,51,97), r(45,7f,53,62),\ - r(e0,77,64,b1), r(84,ae,6b,bb), r(1c,a0,81,fe), r(94,2b,08,f9),\ - r(58,68,48,70), r(19,fd,45,8f), r(87,6c,de,94), r(b7,f8,7b,52),\ - r(23,d3,73,ab), r(e2,02,4b,72), r(57,8f,1f,e3), r(2a,ab,55,66),\ - r(07,28,eb,b2), r(03,c2,b5,2f), r(9a,7b,c5,86), r(a5,08,37,d3),\ - r(f2,87,28,30), r(b2,a5,bf,23), r(ba,6a,03,02), r(5c,82,16,ed),\ - r(2b,1c,cf,8a), r(92,b4,79,a7), r(f0,f2,07,f3), r(a1,e2,69,4e),\ - r(cd,f4,da,65), r(d5,be,05,06), r(1f,62,34,d1), r(8a,fe,a6,c4),\ - r(9d,53,2e,34), r(a0,55,f3,a2), r(32,e1,8a,05), r(75,eb,f6,a4),\ - r(39,ec,83,0b), r(aa,ef,60,40), r(06,9f,71,5e), r(51,10,6e,bd),\ - r(f9,8a,21,3e), r(3d,06,dd,96), r(ae,05,3e,dd), r(46,bd,e6,4d),\ - r(b5,8d,54,91), r(05,5d,c4,71), r(6f,d4,06,04), r(ff,15,50,60),\ - r(24,fb,98,19), r(97,e9,bd,d6), r(cc,43,40,89), r(77,9e,d9,67),\ - r(bd,42,e8,b0), r(88,8b,89,07), r(38,5b,19,e7), r(db,ee,c8,79),\ - r(47,0a,7c,a1), r(e9,0f,42,7c), r(c9,1e,84,f8), r(00,00,00,00),\ - r(83,86,80,09), r(48,ed,2b,32), r(ac,70,11,1e), r(4e,72,5a,6c),\ - r(fb,ff,0e,fd), r(56,38,85,0f), r(1e,d5,ae,3d), r(27,39,2d,36),\ - r(64,d9,0f,0a), r(21,a6,5c,68), r(d1,54,5b,9b), r(3a,2e,36,24),\ - r(b1,67,0a,0c), r(0f,e7,57,93), r(d2,96,ee,b4), r(9e,91,9b,1b),\ - r(4f,c5,c0,80), r(a2,20,dc,61), r(69,4b,77,5a), r(16,1a,12,1c),\ - r(0a,ba,93,e2), r(e5,2a,a0,c0), r(43,e0,22,3c), r(1d,17,1b,12),\ - r(0b,0d,09,0e), r(ad,c7,8b,f2), r(b9,a8,b6,2d), r(c8,a9,1e,14),\ - r(85,19,f1,57), r(4c,07,75,af), r(bb,dd,99,ee), r(fd,60,7f,a3),\ - r(9f,26,01,f7), r(bc,f5,72,5c), r(c5,3b,66,44), r(34,7e,fb,5b),\ - r(76,29,43,8b), r(dc,c6,23,cb), r(68,fc,ed,b6), r(63,f1,e4,b8),\ - r(ca,dc,31,d7), r(10,85,63,42), r(40,22,97,13), r(20,11,c6,84),\ - r(7d,24,4a,85), r(f8,3d,bb,d2), r(11,32,f9,ae), r(6d,a1,29,c7),\ - r(4b,2f,9e,1d), r(f3,30,b2,dc), r(ec,52,86,0d), r(d0,e3,c1,77),\ - r(6c,16,b3,2b), r(99,b9,70,a9), r(fa,48,94,11), r(22,64,e9,47),\ - r(c4,8c,fc,a8), r(1a,3f,f0,a0), r(d8,2c,7d,56), r(ef,90,33,22),\ - r(c7,4e,49,87), r(c1,d1,38,d9), r(fe,a2,ca,8c), r(36,0b,d4,98),\ - r(cf,81,f5,a6), r(28,de,7a,a5), r(26,8e,b7,da), r(a4,bf,ad,3f),\ - r(e4,9d,3a,2c), r(0d,92,78,50), r(9b,cc,5f,6a), r(62,46,7e,54),\ - r(c2,13,8d,f6), r(e8,b8,d8,90), r(5e,f7,39,2e), r(f5,af,c3,82),\ - r(be,80,5d,9f), r(7c,93,d0,69), r(a9,2d,d5,6f), r(b3,12,25,cf),\ - r(3b,99,ac,c8), r(a7,7d,18,10), r(6e,63,9c,e8), r(7b,bb,3b,db),\ - r(09,78,26,cd), r(f4,18,59,6e), r(01,b7,9a,ec), r(a8,9a,4f,83),\ - r(65,6e,95,e6), r(7e,e6,ff,aa), r(08,cf,bc,21), r(e6,e8,15,ef),\ - r(d9,9b,e7,ba), r(ce,36,6f,4a), r(d4,09,9f,ea), r(d6,7c,b0,29),\ - r(af,b2,a4,31), r(31,23,3f,2a), r(30,94,a5,c6), r(c0,66,a2,35),\ - r(37,bc,4e,74), r(a6,ca,82,fc), r(b0,d0,90,e0), r(15,d8,a7,33),\ - r(4a,98,04,f1), r(f7,da,ec,41), r(0e,50,cd,7f), r(2f,f6,91,17),\ - r(8d,d6,4d,76), r(4d,b0,ef,43), r(54,4d,aa,cc), r(df,04,96,e4),\ - r(e3,b5,d1,9e), r(1b,88,6a,4c), r(b8,1f,2c,c1), r(7f,51,65,46),\ - r(04,ea,5e,9d), r(5d,35,8c,01), r(73,74,87,fa), r(2e,41,0b,fb),\ - r(5a,1d,67,b3), r(52,d2,db,92), r(33,56,10,e9), r(13,47,d6,6d),\ - r(8c,61,d7,9a), r(7a,0c,a1,37), r(8e,14,f8,59), r(89,3c,13,eb),\ - r(ee,27,a9,ce), r(35,c9,61,b7), r(ed,e5,1c,e1), r(3c,b1,47,7a),\ - r(59,df,d2,9c), r(3f,73,f2,55), r(79,ce,14,18), r(bf,37,c7,73),\ - r(ea,cd,f7,53), r(5b,aa,fd,5f), r(14,6f,3d,df), r(86,db,44,78),\ - r(81,f3,af,ca), r(3e,c4,68,b9), r(2c,34,24,38), r(5f,40,a3,c2),\ - r(72,c3,1d,16), r(0c,25,e2,bc), r(8b,49,3c,28), r(41,95,0d,ff),\ - r(71,01,a8,39), r(de,b3,0c,08), r(9c,e4,b4,d8), r(90,c1,56,64),\ - r(61,84,cb,7b), r(70,b6,32,d5), r(74,5c,6c,48), r(42,57,b8,d0) - -// generate the required tables in the desired endian format - -#undef r -#define r r0 - -#if defined(ONE_TABLE) -static const u_int32_t ft_tab[256] = - { f_table }; -#elif defined(FOUR_TABLES) -static const u_int32_t ft_tab[4][256] = -{ { f_table }, -#undef r -#define r r1 - { f_table }, -#undef r -#define r r2 - { f_table }, -#undef r -#define r r3 - { f_table } -}; -#endif - -#undef r -#define r r0 -#if defined(ONE_TABLE) -static const u_int32_t it_tab[256] = - { i_table }; -#elif defined(FOUR_TABLES) -static const u_int32_t it_tab[4][256] = -{ { i_table }, -#undef r -#define r r1 - { i_table }, -#undef r -#define r r2 - { i_table }, -#undef r -#define r r3 - { i_table } -}; -#endif - -#endif - -#if defined(FIXED_TABLES) && (defined(ONE_LR_TABLE) || defined(FOUR_LR_TABLES)) - -// data for inverse tables (last round) - -#define li_table \ - w(52), w(09), w(6a), w(d5), w(30), w(36), w(a5), w(38),\ - w(bf), w(40), w(a3), w(9e), w(81), w(f3), w(d7), w(fb),\ - w(7c), w(e3), w(39), w(82), w(9b), w(2f), w(ff), w(87),\ - w(34), w(8e), w(43), w(44), w(c4), w(de), w(e9), w(cb),\ - w(54), w(7b), w(94), w(32), w(a6), w(c2), w(23), w(3d),\ - w(ee), w(4c), w(95), w(0b), w(42), w(fa), w(c3), w(4e),\ - w(08), w(2e), w(a1), w(66), w(28), w(d9), w(24), w(b2),\ - w(76), w(5b), w(a2), w(49), w(6d), w(8b), w(d1), w(25),\ - w(72), w(f8), w(f6), w(64), w(86), w(68), w(98), w(16),\ - w(d4), w(a4), w(5c), w(cc), w(5d), w(65), w(b6), w(92),\ - w(6c), w(70), w(48), w(50), w(fd), w(ed), w(b9), w(da),\ - w(5e), w(15), w(46), w(57), w(a7), w(8d), w(9d), w(84),\ - w(90), w(d8), w(ab), w(00), w(8c), w(bc), w(d3), w(0a),\ - w(f7), w(e4), w(58), w(05), w(b8), w(b3), w(45), w(06),\ - w(d0), w(2c), w(1e), w(8f), w(ca), w(3f), w(0f), w(02),\ - w(c1), w(af), w(bd), w(03), w(01), w(13), w(8a), w(6b),\ - w(3a), w(91), w(11), w(41), w(4f), w(67), w(dc), w(ea),\ - w(97), w(f2), w(cf), w(ce), w(f0), w(b4), w(e6), w(73),\ - w(96), w(ac), w(74), w(22), w(e7), w(ad), w(35), w(85),\ - w(e2), w(f9), w(37), w(e8), w(1c), w(75), w(df), w(6e),\ - w(47), w(f1), w(1a), w(71), w(1d), w(29), w(c5), w(89),\ - w(6f), w(b7), w(62), w(0e), w(aa), w(18), w(be), w(1b),\ - w(fc), w(56), w(3e), w(4b), w(c6), w(d2), w(79), w(20),\ - w(9a), w(db), w(c0), w(fe), w(78), w(cd), w(5a), w(f4),\ - w(1f), w(dd), w(a8), w(33), w(88), w(07), w(c7), w(31),\ - w(b1), w(12), w(10), w(59), w(27), w(80), w(ec), w(5f),\ - w(60), w(51), w(7f), w(a9), w(19), w(b5), w(4a), w(0d),\ - w(2d), w(e5), w(7a), w(9f), w(93), w(c9), w(9c), w(ef),\ - w(a0), w(e0), w(3b), w(4d), w(ae), w(2a), w(f5), w(b0),\ - w(c8), w(eb), w(bb), w(3c), w(83), w(53), w(99), w(61),\ - w(17), w(2b), w(04), w(7e), w(ba), w(77), w(d6), w(26),\ - w(e1), w(69), w(14), w(63), w(55), w(21), w(0c), w(7d), - -// generate the required tables in the desired endian format - -#undef r -#define r(p,q,r,s) w0(q) -#if defined(ONE_LR_TABLE) -static const u_int32_t fl_tab[256] = - { f_table }; -#elif defined(FOUR_LR_TABLES) -static const u_int32_t fl_tab[4][256] = -{ { f_table }, -#undef r -#define r(p,q,r,s) w1(q) - { f_table }, -#undef r -#define r(p,q,r,s) w2(q) - { f_table }, -#undef r -#define r(p,q,r,s) w3(q) - { f_table } -}; -#endif - -#undef w -#define w w0 -#if defined(ONE_LR_TABLE) -static const u_int32_t il_tab[256] = - { li_table }; -#elif defined(FOUR_LR_TABLES) -static const u_int32_t il_tab[4][256] = -{ { li_table }, -#undef w -#define w w1 - { li_table }, -#undef w -#define w w2 - { li_table }, -#undef w -#define w w3 - { li_table } -}; -#endif - -#endif - -#if defined(FIXED_TABLES) && (defined(ONE_IM_TABLE) || defined(FOUR_IM_TABLES)) - -#define m_table \ - r(00,00,00,00), r(0b,0d,09,0e), r(16,1a,12,1c), r(1d,17,1b,12),\ - r(2c,34,24,38), r(27,39,2d,36), r(3a,2e,36,24), r(31,23,3f,2a),\ - r(58,68,48,70), r(53,65,41,7e), r(4e,72,5a,6c), r(45,7f,53,62),\ - r(74,5c,6c,48), r(7f,51,65,46), r(62,46,7e,54), r(69,4b,77,5a),\ - r(b0,d0,90,e0), r(bb,dd,99,ee), r(a6,ca,82,fc), r(ad,c7,8b,f2),\ - r(9c,e4,b4,d8), r(97,e9,bd,d6), r(8a,fe,a6,c4), r(81,f3,af,ca),\ - r(e8,b8,d8,90), r(e3,b5,d1,9e), r(fe,a2,ca,8c), r(f5,af,c3,82),\ - r(c4,8c,fc,a8), r(cf,81,f5,a6), r(d2,96,ee,b4), r(d9,9b,e7,ba),\ - r(7b,bb,3b,db), r(70,b6,32,d5), r(6d,a1,29,c7), r(66,ac,20,c9),\ - r(57,8f,1f,e3), r(5c,82,16,ed), r(41,95,0d,ff), r(4a,98,04,f1),\ - r(23,d3,73,ab), r(28,de,7a,a5), r(35,c9,61,b7), r(3e,c4,68,b9),\ - r(0f,e7,57,93), r(04,ea,5e,9d), r(19,fd,45,8f), r(12,f0,4c,81),\ - r(cb,6b,ab,3b), r(c0,66,a2,35), r(dd,71,b9,27), r(d6,7c,b0,29),\ - r(e7,5f,8f,03), r(ec,52,86,0d), r(f1,45,9d,1f), r(fa,48,94,11),\ - r(93,03,e3,4b), r(98,0e,ea,45), r(85,19,f1,57), r(8e,14,f8,59),\ - r(bf,37,c7,73), r(b4,3a,ce,7d), r(a9,2d,d5,6f), r(a2,20,dc,61),\ - r(f6,6d,76,ad), r(fd,60,7f,a3), r(e0,77,64,b1), r(eb,7a,6d,bf),\ - r(da,59,52,95), r(d1,54,5b,9b), r(cc,43,40,89), r(c7,4e,49,87),\ - r(ae,05,3e,dd), r(a5,08,37,d3), r(b8,1f,2c,c1), r(b3,12,25,cf),\ - r(82,31,1a,e5), r(89,3c,13,eb), r(94,2b,08,f9), r(9f,26,01,f7),\ - r(46,bd,e6,4d), r(4d,b0,ef,43), r(50,a7,f4,51), r(5b,aa,fd,5f),\ - r(6a,89,c2,75), r(61,84,cb,7b), r(7c,93,d0,69), r(77,9e,d9,67),\ - r(1e,d5,ae,3d), r(15,d8,a7,33), r(08,cf,bc,21), r(03,c2,b5,2f),\ - r(32,e1,8a,05), r(39,ec,83,0b), r(24,fb,98,19), r(2f,f6,91,17),\ - r(8d,d6,4d,76), r(86,db,44,78), r(9b,cc,5f,6a), r(90,c1,56,64),\ - r(a1,e2,69,4e), r(aa,ef,60,40), r(b7,f8,7b,52), r(bc,f5,72,5c),\ - r(d5,be,05,06), r(de,b3,0c,08), r(c3,a4,17,1a), r(c8,a9,1e,14),\ - r(f9,8a,21,3e), r(f2,87,28,30), r(ef,90,33,22), r(e4,9d,3a,2c),\ - r(3d,06,dd,96), r(36,0b,d4,98), r(2b,1c,cf,8a), r(20,11,c6,84),\ - r(11,32,f9,ae), r(1a,3f,f0,a0), r(07,28,eb,b2), r(0c,25,e2,bc),\ - r(65,6e,95,e6), r(6e,63,9c,e8), r(73,74,87,fa), r(78,79,8e,f4),\ - r(49,5a,b1,de), r(42,57,b8,d0), r(5f,40,a3,c2), r(54,4d,aa,cc),\ - r(f7,da,ec,41), r(fc,d7,e5,4f), r(e1,c0,fe,5d), r(ea,cd,f7,53),\ - r(db,ee,c8,79), r(d0,e3,c1,77), r(cd,f4,da,65), r(c6,f9,d3,6b),\ - r(af,b2,a4,31), r(a4,bf,ad,3f), r(b9,a8,b6,2d), r(b2,a5,bf,23),\ - r(83,86,80,09), r(88,8b,89,07), r(95,9c,92,15), r(9e,91,9b,1b),\ - r(47,0a,7c,a1), r(4c,07,75,af), r(51,10,6e,bd), r(5a,1d,67,b3),\ - r(6b,3e,58,99), r(60,33,51,97), r(7d,24,4a,85), r(76,29,43,8b),\ - r(1f,62,34,d1), r(14,6f,3d,df), r(09,78,26,cd), r(02,75,2f,c3),\ - r(33,56,10,e9), r(38,5b,19,e7), r(25,4c,02,f5), r(2e,41,0b,fb),\ - r(8c,61,d7,9a), r(87,6c,de,94), r(9a,7b,c5,86), r(91,76,cc,88),\ - r(a0,55,f3,a2), r(ab,58,fa,ac), r(b6,4f,e1,be), r(bd,42,e8,b0),\ - r(d4,09,9f,ea), r(df,04,96,e4), r(c2,13,8d,f6), r(c9,1e,84,f8),\ - r(f8,3d,bb,d2), r(f3,30,b2,dc), r(ee,27,a9,ce), r(e5,2a,a0,c0),\ - r(3c,b1,47,7a), r(37,bc,4e,74), r(2a,ab,55,66), r(21,a6,5c,68),\ - r(10,85,63,42), r(1b,88,6a,4c), r(06,9f,71,5e), r(0d,92,78,50),\ - r(64,d9,0f,0a), r(6f,d4,06,04), r(72,c3,1d,16), r(79,ce,14,18),\ - r(48,ed,2b,32), r(43,e0,22,3c), r(5e,f7,39,2e), r(55,fa,30,20),\ - r(01,b7,9a,ec), r(0a,ba,93,e2), r(17,ad,88,f0), r(1c,a0,81,fe),\ - r(2d,83,be,d4), r(26,8e,b7,da), r(3b,99,ac,c8), r(30,94,a5,c6),\ - r(59,df,d2,9c), r(52,d2,db,92), r(4f,c5,c0,80), r(44,c8,c9,8e),\ - r(75,eb,f6,a4), r(7e,e6,ff,aa), r(63,f1,e4,b8), r(68,fc,ed,b6),\ - r(b1,67,0a,0c), r(ba,6a,03,02), r(a7,7d,18,10), r(ac,70,11,1e),\ - r(9d,53,2e,34), r(96,5e,27,3a), r(8b,49,3c,28), r(80,44,35,26),\ - r(e9,0f,42,7c), r(e2,02,4b,72), r(ff,15,50,60), r(f4,18,59,6e),\ - r(c5,3b,66,44), r(ce,36,6f,4a), r(d3,21,74,58), r(d8,2c,7d,56),\ - r(7a,0c,a1,37), r(71,01,a8,39), r(6c,16,b3,2b), r(67,1b,ba,25),\ - r(56,38,85,0f), r(5d,35,8c,01), r(40,22,97,13), r(4b,2f,9e,1d),\ - r(22,64,e9,47), r(29,69,e0,49), r(34,7e,fb,5b), r(3f,73,f2,55),\ - r(0e,50,cd,7f), r(05,5d,c4,71), r(18,4a,df,63), r(13,47,d6,6d),\ - r(ca,dc,31,d7), r(c1,d1,38,d9), r(dc,c6,23,cb), r(d7,cb,2a,c5),\ - r(e6,e8,15,ef), r(ed,e5,1c,e1), r(f0,f2,07,f3), r(fb,ff,0e,fd),\ - r(92,b4,79,a7), r(99,b9,70,a9), r(84,ae,6b,bb), r(8f,a3,62,b5),\ - r(be,80,5d,9f), r(b5,8d,54,91), r(a8,9a,4f,83), r(a3,97,46,8d) - -#undef r -#define r r0 - -#if defined(ONE_IM_TABLE) -static const u_int32_t im_tab[256] = - { m_table }; -#elif defined(FOUR_IM_TABLES) -static const u_int32_t im_tab[4][256] = -{ { m_table }, -#undef r -#define r r1 - { m_table }, -#undef r -#define r r2 - { m_table }, -#undef r -#define r r3 - { m_table } -}; -#endif - -#endif - -#else - -static int tab_gen = 0; - -static unsigned char s_box[256]; // the S box -static unsigned char inv_s_box[256]; // the inverse S box -static u_int32_t rcon_tab[AES_RC_LENGTH]; // table of round constants - -#if defined(ONE_TABLE) -static u_int32_t ft_tab[256]; -static u_int32_t it_tab[256]; -#elif defined(FOUR_TABLES) -static u_int32_t ft_tab[4][256]; -static u_int32_t it_tab[4][256]; -#endif - -#if defined(ONE_LR_TABLE) -static u_int32_t fl_tab[256]; -static u_int32_t il_tab[256]; -#elif defined(FOUR_LR_TABLES) -static u_int32_t fl_tab[4][256]; -static u_int32_t il_tab[4][256]; -#endif - -#if defined(ONE_IM_TABLE) -static u_int32_t im_tab[256]; -#elif defined(FOUR_IM_TABLES) -static u_int32_t im_tab[4][256]; -#endif - -// Generate the tables for the dynamic table option - -#if !defined(FF_TABLES) - -// It will generally be sensible to use tables to compute finite -// field multiplies and inverses but where memory is scarse this -// code might sometimes be better. - -// return 2 ^ (n - 1) where n is the bit number of the highest bit -// set in x with x in the range 1 < x < 0x00000200. This form is -// used so that locals within FFinv can be bytes rather than words - -static unsigned char hibit(const u_int32_t x) -{ unsigned char r = (unsigned char)((x >> 1) | (x >> 2)); - - r |= (r >> 2); - r |= (r >> 4); - return (r + 1) >> 1; -} - -// return the inverse of the finite field element x - -static unsigned char FFinv(const unsigned char x) -{ unsigned char p1 = x, p2 = 0x1b, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0; - - if(x < 2) return x; - - for(;;) - { - if(!n1) return v1; - - while(n2 >= n1) - { - n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2); - } - - if(!n2) return v2; - - while(n1 >= n2) - { - n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1); - } - } -} - -// define the finite field multiplies required for Rijndael - -#define FFmul02(x) ((((x) & 0x7f) << 1) ^ ((x) & 0x80 ? 0x1b : 0)) -#define FFmul03(x) ((x) ^ FFmul02(x)) -#define FFmul09(x) ((x) ^ FFmul02(FFmul02(FFmul02(x)))) -#define FFmul0b(x) ((x) ^ FFmul02((x) ^ FFmul02(FFmul02(x)))) -#define FFmul0d(x) ((x) ^ FFmul02(FFmul02((x) ^ FFmul02(x)))) -#define FFmul0e(x) FFmul02((x) ^ FFmul02((x) ^ FFmul02(x))) - -#else - -#define FFinv(x) ((x) ? pow[255 - log[x]]: 0) - -#define FFmul02(x) (x ? pow[log[x] + 0x19] : 0) -#define FFmul03(x) (x ? pow[log[x] + 0x01] : 0) -#define FFmul09(x) (x ? pow[log[x] + 0xc7] : 0) -#define FFmul0b(x) (x ? pow[log[x] + 0x68] : 0) -#define FFmul0d(x) (x ? pow[log[x] + 0xee] : 0) -#define FFmul0e(x) (x ? pow[log[x] + 0xdf] : 0) - -#endif - -// The forward and inverse affine transformations used in the S-box - -#define fwd_affine(x) \ - (w = (u_int32_t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(unsigned char)(w^(w>>8))) - -#define inv_affine(x) \ - (w = (u_int32_t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(unsigned char)(w^(w>>8))) - -static void gen_tabs(void) -{ u_int32_t i, w; - -#if defined(FF_TABLES) - - unsigned char pow[512], log[256]; - - // log and power tables for GF(2^8) finite field with - // 0x011b as modular polynomial - the simplest primitive - // root is 0x03, used here to generate the tables - - i = 0; w = 1; - do - { - pow[i] = (unsigned char)w; - pow[i + 255] = (unsigned char)w; - log[w] = (unsigned char)i++; - w ^= (w << 1) ^ (w & ff_hi ? ff_poly : 0); - } - while (w != 1); - -#endif - - for(i = 0, w = 1; i < AES_RC_LENGTH; ++i) - { - rcon_tab[i] = bytes2word(w, 0, 0, 0); - w = (w << 1) ^ (w & ff_hi ? ff_poly : 0); - } - - for(i = 0; i < 256; ++i) - { unsigned char b; - - s_box[i] = b = fwd_affine(FFinv((unsigned char)i)); - - w = bytes2word(b, 0, 0, 0); -#if defined(ONE_LR_TABLE) - fl_tab[i] = w; -#elif defined(FOUR_LR_TABLES) - fl_tab[0][i] = w; - fl_tab[1][i] = upr(w,1); - fl_tab[2][i] = upr(w,2); - fl_tab[3][i] = upr(w,3); -#endif - w = bytes2word(FFmul02(b), b, b, FFmul03(b)); -#if defined(ONE_TABLE) - ft_tab[i] = w; -#elif defined(FOUR_TABLES) - ft_tab[0][i] = w; - ft_tab[1][i] = upr(w,1); - ft_tab[2][i] = upr(w,2); - ft_tab[3][i] = upr(w,3); -#endif - inv_s_box[i] = b = FFinv(inv_affine((unsigned char)i)); - - w = bytes2word(b, 0, 0, 0); -#if defined(ONE_LR_TABLE) - il_tab[i] = w; -#elif defined(FOUR_LR_TABLES) - il_tab[0][i] = w; - il_tab[1][i] = upr(w,1); - il_tab[2][i] = upr(w,2); - il_tab[3][i] = upr(w,3); -#endif - w = bytes2word(FFmul0e(b), FFmul09(b), FFmul0d(b), FFmul0b(b)); -#if defined(ONE_TABLE) - it_tab[i] = w; -#elif defined(FOUR_TABLES) - it_tab[0][i] = w; - it_tab[1][i] = upr(w,1); - it_tab[2][i] = upr(w,2); - it_tab[3][i] = upr(w,3); -#endif -#if defined(ONE_IM_TABLE) - im_tab[b] = w; -#elif defined(FOUR_IM_TABLES) - im_tab[0][b] = w; - im_tab[1][b] = upr(w,1); - im_tab[2][b] = upr(w,2); - im_tab[3][b] = upr(w,3); -#endif - - } -} - -#endif - -#define no_table(x,box,vf,rf,c) bytes2word( \ - box[bval(vf(x,0,c),rf(0,c))], \ - box[bval(vf(x,1,c),rf(1,c))], \ - box[bval(vf(x,2,c),rf(2,c))], \ - box[bval(vf(x,3,c),rf(3,c))]) - -#define one_table(x,op,tab,vf,rf,c) \ - ( tab[bval(vf(x,0,c),rf(0,c))] \ - ^ op(tab[bval(vf(x,1,c),rf(1,c))],1) \ - ^ op(tab[bval(vf(x,2,c),rf(2,c))],2) \ - ^ op(tab[bval(vf(x,3,c),rf(3,c))],3)) - -#define four_tables(x,tab,vf,rf,c) \ - ( tab[0][bval(vf(x,0,c),rf(0,c))] \ - ^ tab[1][bval(vf(x,1,c),rf(1,c))] \ - ^ tab[2][bval(vf(x,2,c),rf(2,c))] \ - ^ tab[3][bval(vf(x,3,c),rf(3,c))]) - -#define vf1(x,r,c) (x) -#define rf1(r,c) (r) -#define rf2(r,c) ((r-c)&3) - -#if defined(FOUR_LR_TABLES) -#define ls_box(x,c) four_tables(x,fl_tab,vf1,rf2,c) -#elif defined(ONE_LR_TABLE) -#define ls_box(x,c) one_table(x,upr,fl_tab,vf1,rf2,c) -#else -#define ls_box(x,c) no_table(x,s_box,vf1,rf2,c) -#endif - -#if defined(FOUR_IM_TABLES) -#define inv_mcol(x) four_tables(x,im_tab,vf1,rf1,0) -#elif defined(ONE_IM_TABLE) -#define inv_mcol(x) one_table(x,upr,im_tab,vf1,rf1,0) -#else -#define inv_mcol(x) \ - (f9 = (x),f2 = FFmulX(f9), f4 = FFmulX(f2), f8 = FFmulX(f4), f9 ^= f8, \ - f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1)) -#endif - -// Subroutine to set the block size (if variable) in bytes, legal -// values being 16, 24 and 32. - -#if defined(AES_BLOCK_SIZE) -#define nc (AES_BLOCK_SIZE / 4) -#else -#define nc (cx->aes_Ncol) - -void aes_set_blk(aes_context *cx, int n_bytes) -{ -#if !defined(FIXED_TABLES) - if(!tab_gen) { gen_tabs(); tab_gen = 1; } -#endif - - switch(n_bytes) { - case 32: /* bytes */ - case 256: /* bits */ - nc = 8; - break; - case 24: /* bytes */ - case 192: /* bits */ - nc = 6; - break; - case 16: /* bytes */ - case 128: /* bits */ - default: - nc = 4; - break; - } -} - -#endif - -// Initialise the key schedule from the user supplied key. The key -// length is now specified in bytes - 16, 24 or 32 as appropriate. -// This corresponds to bit lengths of 128, 192 and 256 bits, and -// to Nk values of 4, 6 and 8 respectively. - -#define mx(t,f) (*t++ = inv_mcol(*f),f++) -#define cp(t,f) *t++ = *f++ - -#if AES_BLOCK_SIZE == 16 -#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s) -#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s) -#elif AES_BLOCK_SIZE == 24 -#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s); \ - cp(d,s); cp(d,s) -#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s); \ - mx(d,s); mx(d,s) -#elif AES_BLOCK_SIZE == 32 -#define cpy(d,s) cp(d,s); cp(d,s); cp(d,s); cp(d,s); \ - cp(d,s); cp(d,s); cp(d,s); cp(d,s) -#define mix(d,s) mx(d,s); mx(d,s); mx(d,s); mx(d,s); \ - mx(d,s); mx(d,s); mx(d,s); mx(d,s) -#else - -#define cpy(d,s) \ -switch(nc) \ -{ case 8: cp(d,s); cp(d,s); \ - case 6: cp(d,s); cp(d,s); \ - case 4: cp(d,s); cp(d,s); \ - cp(d,s); cp(d,s); \ -} - -#define mix(d,s) \ -switch(nc) \ -{ case 8: mx(d,s); mx(d,s); \ - case 6: mx(d,s); mx(d,s); \ - case 4: mx(d,s); mx(d,s); \ - mx(d,s); mx(d,s); \ -} - -#endif - -void aes_set_key(aes_context *cx, const unsigned char in_key[], int n_bytes, const int f) -{ u_int32_t *kf, *kt, rci; - -#if !defined(FIXED_TABLES) - if(!tab_gen) { gen_tabs(); tab_gen = 1; } -#endif - - switch(n_bytes) { - case 32: /* bytes */ - case 256: /* bits */ - cx->aes_Nkey = 8; - break; - case 24: /* bytes */ - case 192: /* bits */ - cx->aes_Nkey = 6; - break; - case 16: /* bytes */ - case 128: /* bits */ - default: - cx->aes_Nkey = 4; - break; - } - - cx->aes_Nrnd = (cx->aes_Nkey > nc ? cx->aes_Nkey : nc) + 6; - - cx->aes_e_key[0] = const_word_in(in_key ); - cx->aes_e_key[1] = const_word_in(in_key + 4); - cx->aes_e_key[2] = const_word_in(in_key + 8); - cx->aes_e_key[3] = const_word_in(in_key + 12); - - kf = cx->aes_e_key; - kt = kf + nc * (cx->aes_Nrnd + 1) - cx->aes_Nkey; - rci = 0; - - switch(cx->aes_Nkey) - { - case 4: do - { kf[4] = kf[0] ^ ls_box(kf[3],3) ^ rcon_tab[rci++]; - kf[5] = kf[1] ^ kf[4]; - kf[6] = kf[2] ^ kf[5]; - kf[7] = kf[3] ^ kf[6]; - kf += 4; - } - while(kf < kt); - break; - - case 6: cx->aes_e_key[4] = const_word_in(in_key + 16); - cx->aes_e_key[5] = const_word_in(in_key + 20); - do - { kf[ 6] = kf[0] ^ ls_box(kf[5],3) ^ rcon_tab[rci++]; - kf[ 7] = kf[1] ^ kf[ 6]; - kf[ 8] = kf[2] ^ kf[ 7]; - kf[ 9] = kf[3] ^ kf[ 8]; - kf[10] = kf[4] ^ kf[ 9]; - kf[11] = kf[5] ^ kf[10]; - kf += 6; - } - while(kf < kt); - break; - - case 8: cx->aes_e_key[4] = const_word_in(in_key + 16); - cx->aes_e_key[5] = const_word_in(in_key + 20); - cx->aes_e_key[6] = const_word_in(in_key + 24); - cx->aes_e_key[7] = const_word_in(in_key + 28); - do - { kf[ 8] = kf[0] ^ ls_box(kf[7],3) ^ rcon_tab[rci++]; - kf[ 9] = kf[1] ^ kf[ 8]; - kf[10] = kf[2] ^ kf[ 9]; - kf[11] = kf[3] ^ kf[10]; - kf[12] = kf[4] ^ ls_box(kf[11],0); - kf[13] = kf[5] ^ kf[12]; - kf[14] = kf[6] ^ kf[13]; - kf[15] = kf[7] ^ kf[14]; - kf += 8; - } - while (kf < kt); - break; - } - - if(!f) - { u_int32_t i; - - kt = cx->aes_d_key + nc * cx->aes_Nrnd; - kf = cx->aes_e_key; - - cpy(kt, kf); kt -= 2 * nc; - - for(i = 1; i < cx->aes_Nrnd; ++i) - { -#if defined(ONE_TABLE) || defined(FOUR_TABLES) -#if !defined(ONE_IM_TABLE) && !defined(FOUR_IM_TABLES) - u_int32_t f2, f4, f8, f9; -#endif - mix(kt, kf); -#else - cpy(kt, kf); -#endif - kt -= 2 * nc; - } - - cpy(kt, kf); - } -} - -// y = output word, x = input word, r = row, c = column -// for r = 0, 1, 2 and 3 = column accessed for row r - -#if defined(ARRAYS) -#define s(x,c) x[c] -#else -#define s(x,c) x##c -#endif - -// I am grateful to Frank Yellin for the following constructions -// which, given the column (c) of the output state variable that -// is being computed, return the input state variables which are -// needed for each row (r) of the state - -// For the fixed block size options, compilers reduce these two -// expressions to fixed variable references. For variable block -// size code conditional clauses will sometimes be returned - -#define unused 77 // Sunset Strip - -#define fwd_var(x,r,c) \ - ( r==0 ? \ - ( c==0 ? s(x,0) \ - : c==1 ? s(x,1) \ - : c==2 ? s(x,2) \ - : c==3 ? s(x,3) \ - : c==4 ? s(x,4) \ - : c==5 ? s(x,5) \ - : c==6 ? s(x,6) \ - : s(x,7)) \ - : r==1 ? \ - ( c==0 ? s(x,1) \ - : c==1 ? s(x,2) \ - : c==2 ? s(x,3) \ - : c==3 ? nc==4 ? s(x,0) : s(x,4) \ - : c==4 ? s(x,5) \ - : c==5 ? nc==8 ? s(x,6) : s(x,0) \ - : c==6 ? s(x,7) \ - : s(x,0)) \ - : r==2 ? \ - ( c==0 ? nc==8 ? s(x,3) : s(x,2) \ - : c==1 ? nc==8 ? s(x,4) : s(x,3) \ - : c==2 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \ - : c==3 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \ - : c==4 ? nc==8 ? s(x,7) : s(x,0) \ - : c==5 ? nc==8 ? s(x,0) : s(x,1) \ - : c==6 ? s(x,1) \ - : s(x,2)) \ - : \ - ( c==0 ? nc==8 ? s(x,4) : s(x,3) \ - : c==1 ? nc==4 ? s(x,0) : nc==8 ? s(x,5) : s(x,4) \ - : c==2 ? nc==4 ? s(x,1) : nc==8 ? s(x,6) : s(x,5) \ - : c==3 ? nc==4 ? s(x,2) : nc==8 ? s(x,7) : s(x,0) \ - : c==4 ? nc==8 ? s(x,0) : s(x,1) \ - : c==5 ? nc==8 ? s(x,1) : s(x,2) \ - : c==6 ? s(x,2) \ - : s(x,3))) - -#define inv_var(x,r,c) \ - ( r==0 ? \ - ( c==0 ? s(x,0) \ - : c==1 ? s(x,1) \ - : c==2 ? s(x,2) \ - : c==3 ? s(x,3) \ - : c==4 ? s(x,4) \ - : c==5 ? s(x,5) \ - : c==6 ? s(x,6) \ - : s(x,7)) \ - : r==1 ? \ - ( c==0 ? nc==4 ? s(x,3) : nc==8 ? s(x,7) : s(x,5) \ - : c==1 ? s(x,0) \ - : c==2 ? s(x,1) \ - : c==3 ? s(x,2) \ - : c==4 ? s(x,3) \ - : c==5 ? s(x,4) \ - : c==6 ? s(x,5) \ - : s(x,6)) \ - : r==2 ? \ - ( c==0 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \ - : c==1 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \ - : c==2 ? nc==8 ? s(x,7) : s(x,0) \ - : c==3 ? nc==8 ? s(x,0) : s(x,1) \ - : c==4 ? nc==8 ? s(x,1) : s(x,2) \ - : c==5 ? nc==8 ? s(x,2) : s(x,3) \ - : c==6 ? s(x,3) \ - : s(x,4)) \ - : \ - ( c==0 ? nc==4 ? s(x,1) : nc==8 ? s(x,4) : s(x,3) \ - : c==1 ? nc==4 ? s(x,2) : nc==8 ? s(x,5) : s(x,4) \ - : c==2 ? nc==4 ? s(x,3) : nc==8 ? s(x,6) : s(x,5) \ - : c==3 ? nc==8 ? s(x,7) : s(x,0) \ - : c==4 ? nc==8 ? s(x,0) : s(x,1) \ - : c==5 ? nc==8 ? s(x,1) : s(x,2) \ - : c==6 ? s(x,2) \ - : s(x,3))) - -#define si(y,x,k,c) s(y,c) = const_word_in(x + 4 * c) ^ k[c] -#define so(y,x,c) word_out(y + 4 * c, s(x,c)) - -#if defined(FOUR_TABLES) -#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,ft_tab,fwd_var,rf1,c) -#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,it_tab,inv_var,rf1,c) -#elif defined(ONE_TABLE) -#define fwd_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,ft_tab,fwd_var,rf1,c) -#define inv_rnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,upr,it_tab,inv_var,rf1,c) -#else -#define fwd_rnd(y,x,k,c) s(y,c) = fwd_mcol(no_table(x,s_box,fwd_var,rf1,c)) ^ (k)[c] -#define inv_rnd(y,x,k,c) s(y,c) = inv_mcol(no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c]) -#endif - -#if defined(FOUR_LR_TABLES) -#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,fl_tab,fwd_var,rf1,c) -#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ four_tables(x,il_tab,inv_var,rf1,c) -#elif defined(ONE_LR_TABLE) -#define fwd_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,fl_tab,fwd_var,rf1,c) -#define inv_lrnd(y,x,k,c) s(y,c)= (k)[c] ^ one_table(x,ups,il_tab,inv_var,rf1,c) -#else -#define fwd_lrnd(y,x,k,c) s(y,c) = no_table(x,s_box,fwd_var,rf1,c) ^ (k)[c] -#define inv_lrnd(y,x,k,c) s(y,c) = no_table(x,inv_s_box,inv_var,rf1,c) ^ (k)[c] -#endif - -#if AES_BLOCK_SIZE == 16 - -#if defined(ARRAYS) -#define locals(y,x) x[4],y[4] -#else -#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3 -// the following defines prevent the compiler requiring the declaration -// of generated but unused variables in the fwd_var and inv_var macros -#define b04 unused -#define b05 unused -#define b06 unused -#define b07 unused -#define b14 unused -#define b15 unused -#define b16 unused -#define b17 unused -#endif -#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ - s(y,2) = s(x,2); s(y,3) = s(x,3); -#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3) -#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3) -#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3) - -#elif AES_BLOCK_SIZE == 24 - -#if defined(ARRAYS) -#define locals(y,x) x[6],y[6] -#else -#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5, \ - y##0,y##1,y##2,y##3,y##4,y##5 -#define b06 unused -#define b07 unused -#define b16 unused -#define b17 unused -#endif -#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ - s(y,2) = s(x,2); s(y,3) = s(x,3); \ - s(y,4) = s(x,4); s(y,5) = s(x,5); -#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); \ - si(y,x,k,3); si(y,x,k,4); si(y,x,k,5) -#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); \ - so(y,x,3); so(y,x,4); so(y,x,5) -#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); \ - rm(y,x,k,3); rm(y,x,k,4); rm(y,x,k,5) -#else - -#if defined(ARRAYS) -#define locals(y,x) x[8],y[8] -#else -#define locals(y,x) x##0,x##1,x##2,x##3,x##4,x##5,x##6,x##7, \ - y##0,y##1,y##2,y##3,y##4,y##5,y##6,y##7 -#endif -#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \ - s(y,2) = s(x,2); s(y,3) = s(x,3); \ - s(y,4) = s(x,4); s(y,5) = s(x,5); \ - s(y,6) = s(x,6); s(y,7) = s(x,7); - -#if AES_BLOCK_SIZE == 32 - -#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3); \ - si(y,x,k,4); si(y,x,k,5); si(y,x,k,6); si(y,x,k,7) -#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3); \ - so(y,x,4); so(y,x,5); so(y,x,6); so(y,x,7) -#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3); \ - rm(y,x,k,4); rm(y,x,k,5); rm(y,x,k,6); rm(y,x,k,7) -#else - -#define state_in(y,x,k) \ -switch(nc) \ -{ case 8: si(y,x,k,7); si(y,x,k,6); \ - case 6: si(y,x,k,5); si(y,x,k,4); \ - case 4: si(y,x,k,3); si(y,x,k,2); \ - si(y,x,k,1); si(y,x,k,0); \ -} - -#define state_out(y,x) \ -switch(nc) \ -{ case 8: so(y,x,7); so(y,x,6); \ - case 6: so(y,x,5); so(y,x,4); \ - case 4: so(y,x,3); so(y,x,2); \ - so(y,x,1); so(y,x,0); \ -} - -#if defined(FAST_VARIABLE) - -#define round(rm,y,x,k) \ -switch(nc) \ -{ case 8: rm(y,x,k,7); rm(y,x,k,6); \ - rm(y,x,k,5); rm(y,x,k,4); \ - rm(y,x,k,3); rm(y,x,k,2); \ - rm(y,x,k,1); rm(y,x,k,0); \ - break; \ - case 6: rm(y,x,k,5); rm(y,x,k,4); \ - rm(y,x,k,3); rm(y,x,k,2); \ - rm(y,x,k,1); rm(y,x,k,0); \ - break; \ - case 4: rm(y,x,k,3); rm(y,x,k,2); \ - rm(y,x,k,1); rm(y,x,k,0); \ - break; \ -} -#else - -#define round(rm,y,x,k) \ -switch(nc) \ -{ case 8: rm(y,x,k,7); rm(y,x,k,6); \ - case 6: rm(y,x,k,5); rm(y,x,k,4); \ - case 4: rm(y,x,k,3); rm(y,x,k,2); \ - rm(y,x,k,1); rm(y,x,k,0); \ -} - -#endif - -#endif -#endif - -void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[]) -{ u_int32_t locals(b0, b1); - const u_int32_t *kp = cx->aes_e_key; - -#if !defined(ONE_TABLE) && !defined(FOUR_TABLES) - u_int32_t f2; -#endif - - state_in(b0, in_blk, kp); kp += nc; - -#if defined(UNROLL) - - switch(cx->aes_Nrnd) - { - case 14: round(fwd_rnd, b1, b0, kp ); - round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 12: round(fwd_rnd, b1, b0, kp ); - round(fwd_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 10: round(fwd_rnd, b1, b0, kp ); - round(fwd_rnd, b0, b1, kp + nc); - round(fwd_rnd, b1, b0, kp + 2 * nc); - round(fwd_rnd, b0, b1, kp + 3 * nc); - round(fwd_rnd, b1, b0, kp + 4 * nc); - round(fwd_rnd, b0, b1, kp + 5 * nc); - round(fwd_rnd, b1, b0, kp + 6 * nc); - round(fwd_rnd, b0, b1, kp + 7 * nc); - round(fwd_rnd, b1, b0, kp + 8 * nc); - round(fwd_lrnd, b0, b1, kp + 9 * nc); - } - -#elif defined(PARTIAL_UNROLL) - { u_int32_t rnd; - - for(rnd = 0; rnd < (cx->aes_Nrnd >> 1) - 1; ++rnd) - { - round(fwd_rnd, b1, b0, kp); - round(fwd_rnd, b0, b1, kp + nc); kp += 2 * nc; - } - - round(fwd_rnd, b1, b0, kp); - round(fwd_lrnd, b0, b1, kp + nc); - } -#else - { u_int32_t rnd; - - for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd) - { - round(fwd_rnd, b1, b0, kp); - l_copy(b0, b1); kp += nc; - } - - round(fwd_lrnd, b0, b1, kp); - } -#endif - - state_out(out_blk, b0); -} - -void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[]) -{ u_int32_t locals(b0, b1); - const u_int32_t *kp = cx->aes_d_key; - -#if !defined(ONE_TABLE) && !defined(FOUR_TABLES) - u_int32_t f2, f4, f8, f9; -#endif - - state_in(b0, in_blk, kp); kp += nc; - -#if defined(UNROLL) - - switch(cx->aes_Nrnd) - { - case 14: round(inv_rnd, b1, b0, kp ); - round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 12: round(inv_rnd, b1, b0, kp ); - round(inv_rnd, b0, b1, kp + nc ); kp += 2 * nc; - case 10: round(inv_rnd, b1, b0, kp ); - round(inv_rnd, b0, b1, kp + nc); - round(inv_rnd, b1, b0, kp + 2 * nc); - round(inv_rnd, b0, b1, kp + 3 * nc); - round(inv_rnd, b1, b0, kp + 4 * nc); - round(inv_rnd, b0, b1, kp + 5 * nc); - round(inv_rnd, b1, b0, kp + 6 * nc); - round(inv_rnd, b0, b1, kp + 7 * nc); - round(inv_rnd, b1, b0, kp + 8 * nc); - round(inv_lrnd, b0, b1, kp + 9 * nc); - } - -#elif defined(PARTIAL_UNROLL) - { u_int32_t rnd; - - for(rnd = 0; rnd < (cx->aes_Nrnd >> 1) - 1; ++rnd) - { - round(inv_rnd, b1, b0, kp); - round(inv_rnd, b0, b1, kp + nc); kp += 2 * nc; - } - - round(inv_rnd, b1, b0, kp); - round(inv_lrnd, b0, b1, kp + nc); - } -#else - { u_int32_t rnd; - - for(rnd = 0; rnd < cx->aes_Nrnd - 1; ++rnd) - { - round(inv_rnd, b1, b0, kp); - l_copy(b0, b1); kp += nc; - } - - round(inv_lrnd, b0, b1, kp); - } -#endif - - state_out(out_blk, b0); -} diff --git a/lib/libcrypto/libaes/aes.h b/lib/libcrypto/libaes/aes.h deleted file mode 100644 index 4f1e3b335..000000000 --- a/lib/libcrypto/libaes/aes.h +++ /dev/null @@ -1,97 +0,0 @@ -// I retain copyright in this code but I encourage its free use provided -// that I don't carry any responsibility for the results. I am especially -// happy to see it used in free and open source software. If you do use -// it I would appreciate an acknowledgement of its origin in the code or -// the product that results and I would also appreciate knowing a little -// about the use to which it is being put. I am grateful to Frank Yellin -// for some ideas that are used in this implementation. -// -// Dr B. R. Gladman 6th April 2001. -// -// This is an implementation of the AES encryption algorithm (Rijndael) -// designed by Joan Daemen and Vincent Rijmen. This version is designed -// to provide both fixed and dynamic block and key lengths and can also -// run with either big or little endian internal byte order (see aes.h). -// It inputs block and key lengths in bytes with the legal values being -// 16, 24 and 32. - -/* - * Modified by Jari Ruusu, May 1 2001 - * - Fixed some compile warnings, code was ok but gcc warned anyway. - * - Changed basic types: byte -> unsigned char, word -> u_int32_t - * - Major name space cleanup: Names visible to outside now begin - * with "aes_" or "AES_". A lot of stuff moved from aes.h to aes.c - * - Removed C++ and DLL support as part of name space cleanup. - * - Eliminated unnecessary recomputation of tables. (actual bug fix) - * - Merged precomputed constant tables to aes.c file. - * - Removed data alignment restrictions for portability reasons. - * - Made block and key lengths accept bit count (128/192/256) - * as well byte count (16/24/32). - * - Removed all error checks. This change also eliminated the need - * to preinitialize the context struct to zero. - * - Removed some totally unused constants. - */ - -#ifndef _AES_H -#define _AES_H - -#if defined(__linux__) && defined(__KERNEL__) -# include -#else -# include -#endif - -// CONFIGURATION OPTIONS (see also aes.c) -// -// Define AES_BLOCK_SIZE to set the cipher block size (16, 24 or 32) or -// leave this undefined for dynamically variable block size (this will -// result in much slower code). -// IMPORTANT NOTE: AES_BLOCK_SIZE is in BYTES (16, 24, 32 or undefined). If -// left undefined a slower version providing variable block length is compiled - -#define AES_BLOCK_SIZE 16 - -// The number of key schedule words for different block and key lengths -// allowing for method of computation which requires the length to be a -// multiple of the key length -// -// Nk = 4 6 8 -// ------------- -// Nb = 4 | 60 60 64 -// 6 | 96 90 96 -// 8 | 120 120 120 - -#if !defined(AES_BLOCK_SIZE) || (AES_BLOCK_SIZE == 32) -#define AES_KS_LENGTH 120 -#define AES_RC_LENGTH 29 -#else -#define AES_KS_LENGTH 4 * AES_BLOCK_SIZE -#define AES_RC_LENGTH (9 * AES_BLOCK_SIZE) / 8 - 8 -#endif - -typedef struct -{ - u_int32_t aes_Nkey; // the number of words in the key input block - u_int32_t aes_Nrnd; // the number of cipher rounds - u_int32_t aes_e_key[AES_KS_LENGTH]; // the encryption key schedule - u_int32_t aes_d_key[AES_KS_LENGTH]; // the decryption key schedule -#if !defined(AES_BLOCK_SIZE) - u_int32_t aes_Ncol; // the number of columns in the cipher state -#endif -} aes_context; - -// THE CIPHER INTERFACE - -#if !defined(AES_BLOCK_SIZE) -extern void aes_set_blk(aes_context *, const int); -#endif -extern void aes_set_key(aes_context *, const unsigned char [], const int, const int); -extern void aes_encrypt(const aes_context *, const unsigned char [], unsigned char []); -extern void aes_decrypt(const aes_context *, const unsigned char [], unsigned char []); - -// The block length inputs to aes_set_block and aes_set_key are in numbers -// of bytes or bits. The calls to subroutines must be made in the above -// order but multiple calls can be made without repeating earlier calls -// if their parameters have not changed. - -#endif // _AES_H diff --git a/lib/libcrypto/libaes/aes_cbc.c b/lib/libcrypto/libaes/aes_cbc.c deleted file mode 100644 index 962dd1a35..000000000 --- a/lib/libcrypto/libaes/aes_cbc.c +++ /dev/null @@ -1,13 +0,0 @@ -#ifdef __KERNEL__ -#include -#else -#include -#endif -#include "aes_cbc.h" -#include "cbc_generic.h" -/* returns bool success */ -int AES_set_key(aes_context *aes_ctx, const u_int8_t *key, int keysize) { - aes_set_key(aes_ctx, key, keysize, 0); - return 1; -} -CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt); diff --git a/lib/libcrypto/libaes/aes_cbc.h b/lib/libcrypto/libaes/aes_cbc.h deleted file mode 100644 index 92f5d77f5..000000000 --- a/lib/libcrypto/libaes/aes_cbc.h +++ /dev/null @@ -1,4 +0,0 @@ -/* Glue header */ -#include "aes.h" -int AES_set_key(aes_context *aes_ctx, const u_int8_t * key, int keysize); -int AES_cbc_encrypt(aes_context *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt); diff --git a/lib/libcrypto/libaes/aes_xcbc_mac.c b/lib/libcrypto/libaes/aes_xcbc_mac.c deleted file mode 100644 index 89d7bc067..000000000 --- a/lib/libcrypto/libaes/aes_xcbc_mac.c +++ /dev/null @@ -1,67 +0,0 @@ -#ifdef __KERNEL__ -#include -#include -#define DEBUG(x) -#else -#include -#include -#define DEBUG(x) x -#endif - -#include "aes.h" -#include "aes_xcbc_mac.h" - -int AES_xcbc_mac_set_key(aes_context_mac *ctxm, const u_int8_t *key, int keylen) -{ - int ret=1; - aes_block kn[3] = { - { 0x01010101, 0x01010101, 0x01010101, 0x01010101 }, - { 0x02020202, 0x02020202, 0x02020202, 0x02020202 }, - { 0x03030303, 0x03030303, 0x03030303, 0x03030303 }, - }; - aes_set_key(&ctxm->ctx_k1, key, keylen, 0); - aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[0], (u_int8_t *) kn[0]); - aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[1], (u_int8_t *) ctxm->k2); - aes_encrypt(&ctxm->ctx_k1, (u_int8_t *) kn[2], (u_int8_t *) ctxm->k3); - aes_set_key(&ctxm->ctx_k1, (u_int8_t *) kn[0], 16, 0); - return ret; -} -static void do_pad_xor(u_int8_t *out, const u_int8_t *in, int len) { - int pos=0; - for (pos=1; pos <= 16; pos++, in++, out++) { - if (pos <= len) - *out ^= *in; - if (pos > len) { - DEBUG(printf("put 0x80 at pos=%d\n", pos)); - *out ^= 0x80; - break; - } - } -} -static void xor_block(aes_block res, const aes_block op) { - res[0] ^= op[0]; - res[1] ^= op[1]; - res[2] ^= op[2]; - res[3] ^= op[3]; -} -int AES_xcbc_mac_hash(const aes_context_mac *ctxm, const u_int8_t * in, int ilen, u_int8_t hash[16]) { - int ret=ilen; - u_int32_t out[4] = { 0, 0, 0, 0 }; - for (; ilen > 16 ; ilen-=16) { - xor_block(out, (const u_int32_t*) &in[0]); - aes_encrypt(&ctxm->ctx_k1, in, (u_int8_t *)&out[0]); - in+=16; - } - do_pad_xor((u_int8_t *)&out, in, ilen); - if (ilen==16) { - DEBUG(printf("using k3\n")); - xor_block(out, ctxm->k3); - } - else - { - DEBUG(printf("using k2\n")); - xor_block(out, ctxm->k2); - } - aes_encrypt(&ctxm->ctx_k1, (u_int8_t *)out, hash); - return ret; -} diff --git a/lib/libcrypto/libaes/aes_xcbc_mac.h b/lib/libcrypto/libaes/aes_xcbc_mac.h deleted file mode 100644 index baf438cd4..000000000 --- a/lib/libcrypto/libaes/aes_xcbc_mac.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef _AES_XCBC_MAC_H -#define _AES_XCBC_MAC_H - -typedef u_int32_t aes_block[4]; -typedef struct { - aes_context ctx_k1; - aes_block k2; - aes_block k3; -} aes_context_mac; -int AES_xcbc_mac_set_key(aes_context_mac *ctxm, const u_int8_t *key, int keylen); -int AES_xcbc_mac_hash(const aes_context_mac *ctxm, const u_int8_t * in, int ilen, u_int8_t hash[16]); -#endif /* _AES_XCBC_MAC_H */ diff --git a/lib/libcrypto/libaes/asm/aes-i586.S b/lib/libcrypto/libaes/asm/aes-i586.S deleted file mode 100644 index df19d0d62..000000000 --- a/lib/libcrypto/libaes/asm/aes-i586.S +++ /dev/null @@ -1,892 +0,0 @@ -// -// Copyright (c) 2001, Dr Brian Gladman , Worcester, UK. -// All rights reserved. -// -// TERMS -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted subject to the following conditions: -// -// 1. Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the distribution. -// -// 3. The copyright holder's name must not be used to endorse or promote -// any products derived from this software without his specific prior -// written permission. -// -// This software is provided 'as is' with no express or implied warranties -// of correctness or fitness for purpose. - -// Modified by Jari Ruusu, December 24 2001 -// - Converted syntax to GNU CPP/assembler syntax -// - C programming interface converted back to "old" API -// - Minor portability cleanups and speed optimizations - -// An AES (Rijndael) implementation for the Pentium. This version only -// implements the standard AES block length (128 bits, 16 bytes). This code -// does not preserve the eax, ecx or edx registers or the artihmetic status -// flags. However, the ebx, esi, edi, and ebp registers are preserved across -// calls. - -// void aes_set_key(aes_context *cx, const unsigned char key[], const int key_len, const int f) -// void aes_encrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[]) -// void aes_decrypt(const aes_context *cx, const unsigned char in_blk[], unsigned char out_blk[]) - -#if defined(USE_UNDERLINE) -# define aes_set_key _aes_set_key -# define aes_encrypt _aes_encrypt -# define aes_decrypt _aes_decrypt -#endif -#if !defined(ALIGN32BYTES) -# define ALIGN32BYTES 32 -#endif - - .file "aes-i586.S" - .globl aes_set_key - .globl aes_encrypt - .globl aes_decrypt - -#define tlen 1024 // length of each of 4 'xor' arrays (256 32-bit words) - -// offsets to parameters with one register pushed onto stack - -#define ctx 8 // AES context structure -#define in_blk 12 // input byte array address parameter -#define out_blk 16 // output byte array address parameter - -// offsets in context structure - -#define nkey 0 // key length, size 4 -#define nrnd 4 // number of rounds, size 4 -#define ekey 8 // encryption key schedule base address, size 256 -#define dkey 264 // decryption key schedule base address, size 256 - -// This macro performs a forward encryption cycle. It is entered with -// the first previous round column values in %eax, %ebx, %esi and %edi and -// exits with the final values in the same registers. - -#define fwd_rnd(p1,p2) \ - mov %ebx,(%esp) ;\ - movzbl %al,%edx ;\ - mov %eax,%ecx ;\ - mov p2(%ebp),%eax ;\ - mov %edi,4(%esp) ;\ - mov p2+12(%ebp),%edi ;\ - xor p1(,%edx,4),%eax ;\ - movzbl %ch,%edx ;\ - shr $16,%ecx ;\ - mov p2+4(%ebp),%ebx ;\ - xor p1+tlen(,%edx,4),%edi ;\ - movzbl %cl,%edx ;\ - movzbl %ch,%ecx ;\ - xor p1+3*tlen(,%ecx,4),%ebx ;\ - mov %esi,%ecx ;\ - mov p1+2*tlen(,%edx,4),%esi ;\ - movzbl %cl,%edx ;\ - xor p1(,%edx,4),%esi ;\ - movzbl %ch,%edx ;\ - shr $16,%ecx ;\ - xor p1+tlen(,%edx,4),%ebx ;\ - movzbl %cl,%edx ;\ - movzbl %ch,%ecx ;\ - xor p1+2*tlen(,%edx,4),%eax ;\ - mov (%esp),%edx ;\ - xor p1+3*tlen(,%ecx,4),%edi ;\ - movzbl %dl,%ecx ;\ - xor p2+8(%ebp),%esi ;\ - xor p1(,%ecx,4),%ebx ;\ - movzbl %dh,%ecx ;\ - shr $16,%edx ;\ - xor p1+tlen(,%ecx,4),%eax ;\ - movzbl %dl,%ecx ;\ - movzbl %dh,%edx ;\ - xor p1+2*tlen(,%ecx,4),%edi ;\ - mov 4(%esp),%ecx ;\ - xor p1+3*tlen(,%edx,4),%esi ;\ - movzbl %cl,%edx ;\ - xor p1(,%edx,4),%edi ;\ - movzbl %ch,%edx ;\ - shr $16,%ecx ;\ - xor p1+tlen(,%edx,4),%esi ;\ - movzbl %cl,%edx ;\ - movzbl %ch,%ecx ;\ - xor p1+2*tlen(,%edx,4),%ebx ;\ - xor p1+3*tlen(,%ecx,4),%eax - -// This macro performs an inverse encryption cycle. It is entered with -// the first previous round column values in %eax, %ebx, %esi and %edi and -// exits with the final values in the same registers. - -#define inv_rnd(p1,p2) \ - movzbl %al,%edx ;\ - mov %ebx,(%esp) ;\ - mov %eax,%ecx ;\ - mov p2(%ebp),%eax ;\ - mov %edi,4(%esp) ;\ - mov p2+4(%ebp),%ebx ;\ - xor p1(,%edx,4),%eax ;\ - movzbl %ch,%edx ;\ - shr $16,%ecx ;\ - mov p2+12(%ebp),%edi ;\ - xor p1+tlen(,%edx,4),%ebx ;\ - movzbl %cl,%edx ;\ - movzbl %ch,%ecx ;\ - xor p1+3*tlen(,%ecx,4),%edi ;\ - mov %esi,%ecx ;\ - mov p1+2*tlen(,%edx,4),%esi ;\ - movzbl %cl,%edx ;\ - xor p1(,%edx,4),%esi ;\ - movzbl %ch,%edx ;\ - shr $16,%ecx ;\ - xor p1+tlen(,%edx,4),%edi ;\ - movzbl %cl,%edx ;\ - movzbl %ch,%ecx ;\ - xor p1+2*tlen(,%edx,4),%eax ;\ - mov (%esp),%edx ;\ - xor p1+3*tlen(,%ecx,4),%ebx ;\ - movzbl %dl,%ecx ;\ - xor p2+8(%ebp),%esi ;\ - xor p1(,%ecx,4),%ebx ;\ - movzbl %dh,%ecx ;\ - shr $16,%edx ;\ - xor p1+tlen(,%ecx,4),%esi ;\ - movzbl %dl,%ecx ;\ - movzbl %dh,%edx ;\ - xor p1+2*tlen(,%ecx,4),%edi ;\ - mov 4(%esp),%ecx ;\ - xor p1+3*tlen(,%edx,4),%eax ;\ - movzbl %cl,%edx ;\ - xor p1(,%edx,4),%edi ;\ - movzbl %ch,%edx ;\ - shr $16,%ecx ;\ - xor p1+tlen(,%edx,4),%eax ;\ - movzbl %cl,%edx ;\ - movzbl %ch,%ecx ;\ - xor p1+2*tlen(,%edx,4),%ebx ;\ - xor p1+3*tlen(,%ecx,4),%esi - -// AES (Rijndael) Encryption Subroutine - - .text - .align ALIGN32BYTES -aes_encrypt: - push %ebp - mov ctx(%esp),%ebp // pointer to context - mov in_blk(%esp),%ecx - push %ebx - push %esi - push %edi - mov nrnd(%ebp),%edx // number of rounds - lea ekey+16(%ebp),%ebp // key pointer - -// input four columns and xor in first round key - - mov (%ecx),%eax - mov 4(%ecx),%ebx - mov 8(%ecx),%esi - mov 12(%ecx),%edi - xor -16(%ebp),%eax - xor -12(%ebp),%ebx - xor -8(%ebp),%esi - xor -4(%ebp),%edi - - sub $8,%esp // space for register saves on stack - - sub $10,%edx - je aes_15 - add $32,%ebp - sub $2,%edx - je aes_13 - add $32,%ebp - - fwd_rnd(aes_ft_tab,-64) // 14 rounds for 256-bit key - fwd_rnd(aes_ft_tab,-48) -aes_13: fwd_rnd(aes_ft_tab,-32) // 12 rounds for 192-bit key - fwd_rnd(aes_ft_tab,-16) -aes_15: fwd_rnd(aes_ft_tab,0) // 10 rounds for 128-bit key - fwd_rnd(aes_ft_tab,16) - fwd_rnd(aes_ft_tab,32) - fwd_rnd(aes_ft_tab,48) - fwd_rnd(aes_ft_tab,64) - fwd_rnd(aes_ft_tab,80) - fwd_rnd(aes_ft_tab,96) - fwd_rnd(aes_ft_tab,112) - fwd_rnd(aes_ft_tab,128) - fwd_rnd(aes_fl_tab,144) // last round uses a different table - -// move final values to the output array. - - mov out_blk+20(%esp),%ebp - add $8,%esp - mov %eax,(%ebp) - mov %ebx,4(%ebp) - mov %esi,8(%ebp) - mov %edi,12(%ebp) - pop %edi - pop %esi - pop %ebx - pop %ebp - ret - - -// AES (Rijndael) Decryption Subroutine - - .align ALIGN32BYTES -aes_decrypt: - push %ebp - mov ctx(%esp),%ebp // pointer to context - mov in_blk(%esp),%ecx - push %ebx - push %esi - push %edi - mov nrnd(%ebp),%edx // number of rounds - lea dkey+16(%ebp),%ebp // key pointer - -// input four columns and xor in first round key - - mov (%ecx),%eax - mov 4(%ecx),%ebx - mov 8(%ecx),%esi - mov 12(%ecx),%edi - xor -16(%ebp),%eax - xor -12(%ebp),%ebx - xor -8(%ebp),%esi - xor -4(%ebp),%edi - - sub $8,%esp // space for register saves on stack - - sub $10,%edx - je aes_25 - add $32,%ebp - sub $2,%edx - je aes_23 - add $32,%ebp - - inv_rnd(aes_it_tab,-64) // 14 rounds for 256-bit key - inv_rnd(aes_it_tab,-48) -aes_23: inv_rnd(aes_it_tab,-32) // 12 rounds for 192-bit key - inv_rnd(aes_it_tab,-16) -aes_25: inv_rnd(aes_it_tab,0) // 10 rounds for 128-bit key - inv_rnd(aes_it_tab,16) - inv_rnd(aes_it_tab,32) - inv_rnd(aes_it_tab,48) - inv_rnd(aes_it_tab,64) - inv_rnd(aes_it_tab,80) - inv_rnd(aes_it_tab,96) - inv_rnd(aes_it_tab,112) - inv_rnd(aes_it_tab,128) - inv_rnd(aes_il_tab,144) // last round uses a different table - -// move final values to the output array. - - mov out_blk+20(%esp),%ebp - add $8,%esp - mov %eax,(%ebp) - mov %ebx,4(%ebp) - mov %esi,8(%ebp) - mov %edi,12(%ebp) - pop %edi - pop %esi - pop %ebx - pop %ebp - ret - -// AES (Rijndael) Key Schedule Subroutine - -// input/output parameters - -#define aes_cx 12 // AES context -#define in_key 16 // key input array address -#define key_ln 20 // key length, bytes (16,24,32) or bits (128,192,256) -#define ed_flg 24 // 0=create both encr/decr keys, 1=create encr key only - -// offsets for locals - -#define cnt -4 -#define kpf -8 -#define slen 8 - -// This macro performs a column mixing operation on an input 32-bit -// word to give a 32-bit result. It uses each of the 4 bytes in the -// the input column to index 4 different tables of 256 32-bit words -// that are xored together to form the output value. - -#define mix_col(p1) \ - movzbl %bl,%ecx ;\ - mov p1(,%ecx,4),%eax ;\ - movzbl %bh,%ecx ;\ - ror $16,%ebx ;\ - xor p1+tlen(,%ecx,4),%eax ;\ - movzbl %bl,%ecx ;\ - xor p1+2*tlen(,%ecx,4),%eax ;\ - movzbl %bh,%ecx ;\ - xor p1+3*tlen(,%ecx,4),%eax - -// Key Schedule Macros - -#define ksc4(p1) \ - rol $24,%ebx ;\ - mix_col(aes_fl_tab) ;\ - ror $8,%ebx ;\ - xor 4*p1+aes_rcon_tab,%eax ;\ - xor %eax,%esi ;\ - xor %esi,%ebp ;\ - mov %esi,16*p1(%edi) ;\ - mov %ebp,16*p1+4(%edi) ;\ - xor %ebp,%edx ;\ - xor %edx,%ebx ;\ - mov %edx,16*p1+8(%edi) ;\ - mov %ebx,16*p1+12(%edi) - -#define ksc6(p1) \ - rol $24,%ebx ;\ - mix_col(aes_fl_tab) ;\ - ror $8,%ebx ;\ - xor 4*p1+aes_rcon_tab,%eax ;\ - xor 24*p1-24(%edi),%eax ;\ - mov %eax,24*p1(%edi) ;\ - xor 24*p1-20(%edi),%eax ;\ - mov %eax,24*p1+4(%edi) ;\ - xor %eax,%esi ;\ - xor %esi,%ebp ;\ - mov %esi,24*p1+8(%edi) ;\ - mov %ebp,24*p1+12(%edi) ;\ - xor %ebp,%edx ;\ - xor %edx,%ebx ;\ - mov %edx,24*p1+16(%edi) ;\ - mov %ebx,24*p1+20(%edi) - -#define ksc8(p1) \ - rol $24,%ebx ;\ - mix_col(aes_fl_tab) ;\ - ror $8,%ebx ;\ - xor 4*p1+aes_rcon_tab,%eax ;\ - xor 32*p1-32(%edi),%eax ;\ - mov %eax,32*p1(%edi) ;\ - xor 32*p1-28(%edi),%eax ;\ - mov %eax,32*p1+4(%edi) ;\ - xor 32*p1-24(%edi),%eax ;\ - mov %eax,32*p1+8(%edi) ;\ - xor 32*p1-20(%edi),%eax ;\ - mov %eax,32*p1+12(%edi) ;\ - push %ebx ;\ - mov %eax,%ebx ;\ - mix_col(aes_fl_tab) ;\ - pop %ebx ;\ - xor %eax,%esi ;\ - xor %esi,%ebp ;\ - mov %esi,32*p1+16(%edi) ;\ - mov %ebp,32*p1+20(%edi) ;\ - xor %ebp,%edx ;\ - xor %edx,%ebx ;\ - mov %edx,32*p1+24(%edi) ;\ - mov %ebx,32*p1+28(%edi) - - .align ALIGN32BYTES -aes_set_key: - pushfl - push %ebp - mov %esp,%ebp - sub $slen,%esp - push %ebx - push %esi - push %edi - - mov aes_cx(%ebp),%edx // edx -> AES context - - mov key_ln(%ebp),%ecx // key length - cmpl $128,%ecx - jb aes_30 - shr $3,%ecx -aes_30: cmpl $32,%ecx - je aes_32 - cmpl $24,%ecx - je aes_32 - mov $16,%ecx -aes_32: shr $2,%ecx - mov %ecx,nkey(%edx) - - lea 6(%ecx),%eax // 10/12/14 for 4/6/8 32-bit key length - mov %eax,nrnd(%edx) - - mov in_key(%ebp),%esi // key input array - lea ekey(%edx),%edi // key position in AES context - cld - push %ebp - mov %ecx,%eax // save key length in eax - rep ; movsl // words in the key schedule - mov -4(%esi),%ebx // put some values in registers - mov -8(%esi),%edx // to allow faster code - mov -12(%esi),%ebp - mov -16(%esi),%esi - - cmpl $4,%eax // jump on key size - je aes_36 - cmpl $6,%eax - je aes_35 - - ksc8(0) - ksc8(1) - ksc8(2) - ksc8(3) - ksc8(4) - ksc8(5) - ksc8(6) - jmp aes_37 -aes_35: ksc6(0) - ksc6(1) - ksc6(2) - ksc6(3) - ksc6(4) - ksc6(5) - ksc6(6) - ksc6(7) - jmp aes_37 -aes_36: ksc4(0) - ksc4(1) - ksc4(2) - ksc4(3) - ksc4(4) - ksc4(5) - ksc4(6) - ksc4(7) - ksc4(8) - ksc4(9) -aes_37: pop %ebp - mov aes_cx(%ebp),%edx // edx -> AES context - cmpl $0,ed_flg(%ebp) - jne aes_39 - -// compile decryption key schedule from encryption schedule - reverse -// order and do mix_column operation on round keys except first and last - - mov nrnd(%edx),%eax // kt = cx->d_key + nc * cx->Nrnd - shl $2,%eax - lea dkey(%edx,%eax,4),%edi - lea ekey(%edx),%esi // kf = cx->e_key - - movsl // copy first round key (unmodified) - movsl - movsl - movsl - sub $32,%edi - movl $1,cnt(%ebp) -aes_38: // do mix column on each column of - lodsl // each round key - mov %eax,%ebx - mix_col(aes_im_tab) - stosl - lodsl - mov %eax,%ebx - mix_col(aes_im_tab) - stosl - lodsl - mov %eax,%ebx - mix_col(aes_im_tab) - stosl - lodsl - mov %eax,%ebx - mix_col(aes_im_tab) - stosl - sub $32,%edi - - incl cnt(%ebp) - mov cnt(%ebp),%eax - cmp nrnd(%edx),%eax - jb aes_38 - - movsl // copy last round key (unmodified) - movsl - movsl - movsl -aes_39: pop %edi - pop %esi - pop %ebx - mov %ebp,%esp - pop %ebp - popfl - ret - - -// finite field multiplies by {02}, {04} and {08} - -#define f2(x) ((x<<1)^(((x>>7)&1)*0x11b)) -#define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b)) -#define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b)) - -// finite field multiplies required in table generation - -#define f3(x) (f2(x) ^ x) -#define f9(x) (f8(x) ^ x) -#define fb(x) (f8(x) ^ f2(x) ^ x) -#define fd(x) (f8(x) ^ f4(x) ^ x) -#define fe(x) (f8(x) ^ f4(x) ^ f2(x)) - -// These defines generate the forward table entries - -#define u0(x) ((f3(x) << 24) | (x << 16) | (x << 8) | f2(x)) -#define u1(x) ((x << 24) | (x << 16) | (f2(x) << 8) | f3(x)) -#define u2(x) ((x << 24) | (f2(x) << 16) | (f3(x) << 8) | x) -#define u3(x) ((f2(x) << 24) | (f3(x) << 16) | (x << 8) | x) - -// These defines generate the inverse table entries - -#define v0(x) ((fb(x) << 24) | (fd(x) << 16) | (f9(x) << 8) | fe(x)) -#define v1(x) ((fd(x) << 24) | (f9(x) << 16) | (fe(x) << 8) | fb(x)) -#define v2(x) ((f9(x) << 24) | (fe(x) << 16) | (fb(x) << 8) | fd(x)) -#define v3(x) ((fe(x) << 24) | (fb(x) << 16) | (fd(x) << 8) | f9(x)) - -// These defines generate entries for the last round tables - -#define w0(x) (x) -#define w1(x) (x << 8) -#define w2(x) (x << 16) -#define w3(x) (x << 24) - -// macro to generate inverse mix column tables (needed for the key schedule) - -#define im_data0(p1) \ - .long p1(0x00),p1(0x01),p1(0x02),p1(0x03),p1(0x04),p1(0x05),p1(0x06),p1(0x07) ;\ - .long p1(0x08),p1(0x09),p1(0x0a),p1(0x0b),p1(0x0c),p1(0x0d),p1(0x0e),p1(0x0f) ;\ - .long p1(0x10),p1(0x11),p1(0x12),p1(0x13),p1(0x14),p1(0x15),p1(0x16),p1(0x17) ;\ - .long p1(0x18),p1(0x19),p1(0x1a),p1(0x1b),p1(0x1c),p1(0x1d),p1(0x1e),p1(0x1f) -#define im_data1(p1) \ - .long p1(0x20),p1(0x21),p1(0x22),p1(0x23),p1(0x24),p1(0x25),p1(0x26),p1(0x27) ;\ - .long p1(0x28),p1(0x29),p1(0x2a),p1(0x2b),p1(0x2c),p1(0x2d),p1(0x2e),p1(0x2f) ;\ - .long p1(0x30),p1(0x31),p1(0x32),p1(0x33),p1(0x34),p1(0x35),p1(0x36),p1(0x37) ;\ - .long p1(0x38),p1(0x39),p1(0x3a),p1(0x3b),p1(0x3c),p1(0x3d),p1(0x3e),p1(0x3f) -#define im_data2(p1) \ - .long p1(0x40),p1(0x41),p1(0x42),p1(0x43),p1(0x44),p1(0x45),p1(0x46),p1(0x47) ;\ - .long p1(0x48),p1(0x49),p1(0x4a),p1(0x4b),p1(0x4c),p1(0x4d),p1(0x4e),p1(0x4f) ;\ - .long p1(0x50),p1(0x51),p1(0x52),p1(0x53),p1(0x54),p1(0x55),p1(0x56),p1(0x57) ;\ - .long p1(0x58),p1(0x59),p1(0x5a),p1(0x5b),p1(0x5c),p1(0x5d),p1(0x5e),p1(0x5f) -#define im_data3(p1) \ - .long p1(0x60),p1(0x61),p1(0x62),p1(0x63),p1(0x64),p1(0x65),p1(0x66),p1(0x67) ;\ - .long p1(0x68),p1(0x69),p1(0x6a),p1(0x6b),p1(0x6c),p1(0x6d),p1(0x6e),p1(0x6f) ;\ - .long p1(0x70),p1(0x71),p1(0x72),p1(0x73),p1(0x74),p1(0x75),p1(0x76),p1(0x77) ;\ - .long p1(0x78),p1(0x79),p1(0x7a),p1(0x7b),p1(0x7c),p1(0x7d),p1(0x7e),p1(0x7f) -#define im_data4(p1) \ - .long p1(0x80),p1(0x81),p1(0x82),p1(0x83),p1(0x84),p1(0x85),p1(0x86),p1(0x87) ;\ - .long p1(0x88),p1(0x89),p1(0x8a),p1(0x8b),p1(0x8c),p1(0x8d),p1(0x8e),p1(0x8f) ;\ - .long p1(0x90),p1(0x91),p1(0x92),p1(0x93),p1(0x94),p1(0x95),p1(0x96),p1(0x97) ;\ - .long p1(0x98),p1(0x99),p1(0x9a),p1(0x9b),p1(0x9c),p1(0x9d),p1(0x9e),p1(0x9f) -#define im_data5(p1) \ - .long p1(0xa0),p1(0xa1),p1(0xa2),p1(0xa3),p1(0xa4),p1(0xa5),p1(0xa6),p1(0xa7) ;\ - .long p1(0xa8),p1(0xa9),p1(0xaa),p1(0xab),p1(0xac),p1(0xad),p1(0xae),p1(0xaf) ;\ - .long p1(0xb0),p1(0xb1),p1(0xb2),p1(0xb3),p1(0xb4),p1(0xb5),p1(0xb6),p1(0xb7) ;\ - .long p1(0xb8),p1(0xb9),p1(0xba),p1(0xbb),p1(0xbc),p1(0xbd),p1(0xbe),p1(0xbf) -#define im_data6(p1) \ - .long p1(0xc0),p1(0xc1),p1(0xc2),p1(0xc3),p1(0xc4),p1(0xc5),p1(0xc6),p1(0xc7) ;\ - .long p1(0xc8),p1(0xc9),p1(0xca),p1(0xcb),p1(0xcc),p1(0xcd),p1(0xce),p1(0xcf) ;\ - .long p1(0xd0),p1(0xd1),p1(0xd2),p1(0xd3),p1(0xd4),p1(0xd5),p1(0xd6),p1(0xd7) ;\ - .long p1(0xd8),p1(0xd9),p1(0xda),p1(0xdb),p1(0xdc),p1(0xdd),p1(0xde),p1(0xdf) -#define im_data7(p1) \ - .long p1(0xe0),p1(0xe1),p1(0xe2),p1(0xe3),p1(0xe4),p1(0xe5),p1(0xe6),p1(0xe7) ;\ - .long p1(0xe8),p1(0xe9),p1(0xea),p1(0xeb),p1(0xec),p1(0xed),p1(0xee),p1(0xef) ;\ - .long p1(0xf0),p1(0xf1),p1(0xf2),p1(0xf3),p1(0xf4),p1(0xf5),p1(0xf6),p1(0xf7) ;\ - .long p1(0xf8),p1(0xf9),p1(0xfa),p1(0xfb),p1(0xfc),p1(0xfd),p1(0xfe),p1(0xff) - -// S-box data - 256 entries - -#define sb_data0(p1) \ - .long p1(0x63),p1(0x7c),p1(0x77),p1(0x7b),p1(0xf2),p1(0x6b),p1(0x6f),p1(0xc5) ;\ - .long p1(0x30),p1(0x01),p1(0x67),p1(0x2b),p1(0xfe),p1(0xd7),p1(0xab),p1(0x76) ;\ - .long p1(0xca),p1(0x82),p1(0xc9),p1(0x7d),p1(0xfa),p1(0x59),p1(0x47),p1(0xf0) ;\ - .long p1(0xad),p1(0xd4),p1(0xa2),p1(0xaf),p1(0x9c),p1(0xa4),p1(0x72),p1(0xc0) -#define sb_data1(p1) \ - .long p1(0xb7),p1(0xfd),p1(0x93),p1(0x26),p1(0x36),p1(0x3f),p1(0xf7),p1(0xcc) ;\ - .long p1(0x34),p1(0xa5),p1(0xe5),p1(0xf1),p1(0x71),p1(0xd8),p1(0x31),p1(0x15) ;\ - .long p1(0x04),p1(0xc7),p1(0x23),p1(0xc3),p1(0x18),p1(0x96),p1(0x05),p1(0x9a) ;\ - .long p1(0x07),p1(0x12),p1(0x80),p1(0xe2),p1(0xeb),p1(0x27),p1(0xb2),p1(0x75) -#define sb_data2(p1) \ - .long p1(0x09),p1(0x83),p1(0x2c),p1(0x1a),p1(0x1b),p1(0x6e),p1(0x5a),p1(0xa0) ;\ - .long p1(0x52),p1(0x3b),p1(0xd6),p1(0xb3),p1(0x29),p1(0xe3),p1(0x2f),p1(0x84) ;\ - .long p1(0x53),p1(0xd1),p1(0x00),p1(0xed),p1(0x20),p1(0xfc),p1(0xb1),p1(0x5b) ;\ - .long p1(0x6a),p1(0xcb),p1(0xbe),p1(0x39),p1(0x4a),p1(0x4c),p1(0x58),p1(0xcf) -#define sb_data3(p1) \ - .long p1(0xd0),p1(0xef),p1(0xaa),p1(0xfb),p1(0x43),p1(0x4d),p1(0x33),p1(0x85) ;\ - .long p1(0x45),p1(0xf9),p1(0x02),p1(0x7f),p1(0x50),p1(0x3c),p1(0x9f),p1(0xa8) ;\ - .long p1(0x51),p1(0xa3),p1(0x40),p1(0x8f),p1(0x92),p1(0x9d),p1(0x38),p1(0xf5) ;\ - .long p1(0xbc),p1(0xb6),p1(0xda),p1(0x21),p1(0x10),p1(0xff),p1(0xf3),p1(0xd2) -#define sb_data4(p1) \ - .long p1(0xcd),p1(0x0c),p1(0x13),p1(0xec),p1(0x5f),p1(0x97),p1(0x44),p1(0x17) ;\ - .long p1(0xc4),p1(0xa7),p1(0x7e),p1(0x3d),p1(0x64),p1(0x5d),p1(0x19),p1(0x73) ;\ - .long p1(0x60),p1(0x81),p1(0x4f),p1(0xdc),p1(0x22),p1(0x2a),p1(0x90),p1(0x88) ;\ - .long p1(0x46),p1(0xee),p1(0xb8),p1(0x14),p1(0xde),p1(0x5e),p1(0x0b),p1(0xdb) -#define sb_data5(p1) \ - .long p1(0xe0),p1(0x32),p1(0x3a),p1(0x0a),p1(0x49),p1(0x06),p1(0x24),p1(0x5c) ;\ - .long p1(0xc2),p1(0xd3),p1(0xac),p1(0x62),p1(0x91),p1(0x95),p1(0xe4),p1(0x79) ;\ - .long p1(0xe7),p1(0xc8),p1(0x37),p1(0x6d),p1(0x8d),p1(0xd5),p1(0x4e),p1(0xa9) ;\ - .long p1(0x6c),p1(0x56),p1(0xf4),p1(0xea),p1(0x65),p1(0x7a),p1(0xae),p1(0x08) -#define sb_data6(p1) \ - .long p1(0xba),p1(0x78),p1(0x25),p1(0x2e),p1(0x1c),p1(0xa6),p1(0xb4),p1(0xc6) ;\ - .long p1(0xe8),p1(0xdd),p1(0x74),p1(0x1f),p1(0x4b),p1(0xbd),p1(0x8b),p1(0x8a) ;\ - .long p1(0x70),p1(0x3e),p1(0xb5),p1(0x66),p1(0x48),p1(0x03),p1(0xf6),p1(0x0e) ;\ - .long p1(0x61),p1(0x35),p1(0x57),p1(0xb9),p1(0x86),p1(0xc1),p1(0x1d),p1(0x9e) -#define sb_data7(p1) \ - .long p1(0xe1),p1(0xf8),p1(0x98),p1(0x11),p1(0x69),p1(0xd9),p1(0x8e),p1(0x94) ;\ - .long p1(0x9b),p1(0x1e),p1(0x87),p1(0xe9),p1(0xce),p1(0x55),p1(0x28),p1(0xdf) ;\ - .long p1(0x8c),p1(0xa1),p1(0x89),p1(0x0d),p1(0xbf),p1(0xe6),p1(0x42),p1(0x68) ;\ - .long p1(0x41),p1(0x99),p1(0x2d),p1(0x0f),p1(0xb0),p1(0x54),p1(0xbb),p1(0x16) - -// Inverse S-box data - 256 entries - -#define ib_data0(p1) \ - .long p1(0x52),p1(0x09),p1(0x6a),p1(0xd5),p1(0x30),p1(0x36),p1(0xa5),p1(0x38) ;\ - .long p1(0xbf),p1(0x40),p1(0xa3),p1(0x9e),p1(0x81),p1(0xf3),p1(0xd7),p1(0xfb) ;\ - .long p1(0x7c),p1(0xe3),p1(0x39),p1(0x82),p1(0x9b),p1(0x2f),p1(0xff),p1(0x87) ;\ - .long p1(0x34),p1(0x8e),p1(0x43),p1(0x44),p1(0xc4),p1(0xde),p1(0xe9),p1(0xcb) -#define ib_data1(p1) \ - .long p1(0x54),p1(0x7b),p1(0x94),p1(0x32),p1(0xa6),p1(0xc2),p1(0x23),p1(0x3d) ;\ - .long p1(0xee),p1(0x4c),p1(0x95),p1(0x0b),p1(0x42),p1(0xfa),p1(0xc3),p1(0x4e) ;\ - .long p1(0x08),p1(0x2e),p1(0xa1),p1(0x66),p1(0x28),p1(0xd9),p1(0x24),p1(0xb2) ;\ - .long p1(0x76),p1(0x5b),p1(0xa2),p1(0x49),p1(0x6d),p1(0x8b),p1(0xd1),p1(0x25) -#define ib_data2(p1) \ - .long p1(0x72),p1(0xf8),p1(0xf6),p1(0x64),p1(0x86),p1(0x68),p1(0x98),p1(0x16) ;\ - .long p1(0xd4),p1(0xa4),p1(0x5c),p1(0xcc),p1(0x5d),p1(0x65),p1(0xb6),p1(0x92) ;\ - .long p1(0x6c),p1(0x70),p1(0x48),p1(0x50),p1(0xfd),p1(0xed),p1(0xb9),p1(0xda) ;\ - .long p1(0x5e),p1(0x15),p1(0x46),p1(0x57),p1(0xa7),p1(0x8d),p1(0x9d),p1(0x84) -#define ib_data3(p1) \ - .long p1(0x90),p1(0xd8),p1(0xab),p1(0x00),p1(0x8c),p1(0xbc),p1(0xd3),p1(0x0a) ;\ - .long p1(0xf7),p1(0xe4),p1(0x58),p1(0x05),p1(0xb8),p1(0xb3),p1(0x45),p1(0x06) ;\ - .long p1(0xd0),p1(0x2c),p1(0x1e),p1(0x8f),p1(0xca),p1(0x3f),p1(0x0f),p1(0x02) ;\ - .long p1(0xc1),p1(0xaf),p1(0xbd),p1(0x03),p1(0x01),p1(0x13),p1(0x8a),p1(0x6b) -#define ib_data4(p1) \ - .long p1(0x3a),p1(0x91),p1(0x11),p1(0x41),p1(0x4f),p1(0x67),p1(0xdc),p1(0xea) ;\ - .long p1(0x97),p1(0xf2),p1(0xcf),p1(0xce),p1(0xf0),p1(0xb4),p1(0xe6),p1(0x73) ;\ - .long p1(0x96),p1(0xac),p1(0x74),p1(0x22),p1(0xe7),p1(0xad),p1(0x35),p1(0x85) ;\ - .long p1(0xe2),p1(0xf9),p1(0x37),p1(0xe8),p1(0x1c),p1(0x75),p1(0xdf),p1(0x6e) -#define ib_data5(p1) \ - .long p1(0x47),p1(0xf1),p1(0x1a),p1(0x71),p1(0x1d),p1(0x29),p1(0xc5),p1(0x89) ;\ - .long p1(0x6f),p1(0xb7),p1(0x62),p1(0x0e),p1(0xaa),p1(0x18),p1(0xbe),p1(0x1b) ;\ - .long p1(0xfc),p1(0x56),p1(0x3e),p1(0x4b),p1(0xc6),p1(0xd2),p1(0x79),p1(0x20) ;\ - .long p1(0x9a),p1(0xdb),p1(0xc0),p1(0xfe),p1(0x78),p1(0xcd),p1(0x5a),p1(0xf4) -#define ib_data6(p1) \ - .long p1(0x1f),p1(0xdd),p1(0xa8),p1(0x33),p1(0x88),p1(0x07),p1(0xc7),p1(0x31) ;\ - .long p1(0xb1),p1(0x12),p1(0x10),p1(0x59),p1(0x27),p1(0x80),p1(0xec),p1(0x5f) ;\ - .long p1(0x60),p1(0x51),p1(0x7f),p1(0xa9),p1(0x19),p1(0xb5),p1(0x4a),p1(0x0d) ;\ - .long p1(0x2d),p1(0xe5),p1(0x7a),p1(0x9f),p1(0x93),p1(0xc9),p1(0x9c),p1(0xef) -#define ib_data7(p1) \ - .long p1(0xa0),p1(0xe0),p1(0x3b),p1(0x4d),p1(0xae),p1(0x2a),p1(0xf5),p1(0xb0) ;\ - .long p1(0xc8),p1(0xeb),p1(0xbb),p1(0x3c),p1(0x83),p1(0x53),p1(0x99),p1(0x61) ;\ - .long p1(0x17),p1(0x2b),p1(0x04),p1(0x7e),p1(0xba),p1(0x77),p1(0xd6),p1(0x26) ;\ - .long p1(0xe1),p1(0x69),p1(0x14),p1(0x63),p1(0x55),p1(0x21),p1(0x0c),p1(0x7d) - -// The rcon_table (needed for the key schedule) -// -// Here is original Dr Brian Gladman's source code: -// _rcon_tab: -// %assign x 1 -// %rep 29 -// dd x -// %assign x f2(x) -// %endrep -// -// Here is precomputed output (it's more portable this way): - - .align ALIGN32BYTES -aes_rcon_tab: - .long 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80 - .long 0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a,0x2f - .long 0x5e,0xbc,0x63,0xc6,0x97,0x35,0x6a,0xd4 - .long 0xb3,0x7d,0xfa,0xef,0xc5 - -// The forward xor tables - - .align ALIGN32BYTES -aes_ft_tab: - sb_data0(u0) - sb_data1(u0) - sb_data2(u0) - sb_data3(u0) - sb_data4(u0) - sb_data5(u0) - sb_data6(u0) - sb_data7(u0) - - sb_data0(u1) - sb_data1(u1) - sb_data2(u1) - sb_data3(u1) - sb_data4(u1) - sb_data5(u1) - sb_data6(u1) - sb_data7(u1) - - sb_data0(u2) - sb_data1(u2) - sb_data2(u2) - sb_data3(u2) - sb_data4(u2) - sb_data5(u2) - sb_data6(u2) - sb_data7(u2) - - sb_data0(u3) - sb_data1(u3) - sb_data2(u3) - sb_data3(u3) - sb_data4(u3) - sb_data5(u3) - sb_data6(u3) - sb_data7(u3) - - .align ALIGN32BYTES -aes_fl_tab: - sb_data0(w0) - sb_data1(w0) - sb_data2(w0) - sb_data3(w0) - sb_data4(w0) - sb_data5(w0) - sb_data6(w0) - sb_data7(w0) - - sb_data0(w1) - sb_data1(w1) - sb_data2(w1) - sb_data3(w1) - sb_data4(w1) - sb_data5(w1) - sb_data6(w1) - sb_data7(w1) - - sb_data0(w2) - sb_data1(w2) - sb_data2(w2) - sb_data3(w2) - sb_data4(w2) - sb_data5(w2) - sb_data6(w2) - sb_data7(w2) - - sb_data0(w3) - sb_data1(w3) - sb_data2(w3) - sb_data3(w3) - sb_data4(w3) - sb_data5(w3) - sb_data6(w3) - sb_data7(w3) - -// The inverse xor tables - - .align ALIGN32BYTES -aes_it_tab: - ib_data0(v0) - ib_data1(v0) - ib_data2(v0) - ib_data3(v0) - ib_data4(v0) - ib_data5(v0) - ib_data6(v0) - ib_data7(v0) - - ib_data0(v1) - ib_data1(v1) - ib_data2(v1) - ib_data3(v1) - ib_data4(v1) - ib_data5(v1) - ib_data6(v1) - ib_data7(v1) - - ib_data0(v2) - ib_data1(v2) - ib_data2(v2) - ib_data3(v2) - ib_data4(v2) - ib_data5(v2) - ib_data6(v2) - ib_data7(v2) - - ib_data0(v3) - ib_data1(v3) - ib_data2(v3) - ib_data3(v3) - ib_data4(v3) - ib_data5(v3) - ib_data6(v3) - ib_data7(v3) - - .align ALIGN32BYTES -aes_il_tab: - ib_data0(w0) - ib_data1(w0) - ib_data2(w0) - ib_data3(w0) - ib_data4(w0) - ib_data5(w0) - ib_data6(w0) - ib_data7(w0) - - ib_data0(w1) - ib_data1(w1) - ib_data2(w1) - ib_data3(w1) - ib_data4(w1) - ib_data5(w1) - ib_data6(w1) - ib_data7(w1) - - ib_data0(w2) - ib_data1(w2) - ib_data2(w2) - ib_data3(w2) - ib_data4(w2) - ib_data5(w2) - ib_data6(w2) - ib_data7(w2) - - ib_data0(w3) - ib_data1(w3) - ib_data2(w3) - ib_data3(w3) - ib_data4(w3) - ib_data5(w3) - ib_data6(w3) - ib_data7(w3) - -// The inverse mix column tables - - .align ALIGN32BYTES -aes_im_tab: - im_data0(v0) - im_data1(v0) - im_data2(v0) - im_data3(v0) - im_data4(v0) - im_data5(v0) - im_data6(v0) - im_data7(v0) - - im_data0(v1) - im_data1(v1) - im_data2(v1) - im_data3(v1) - im_data4(v1) - im_data5(v1) - im_data6(v1) - im_data7(v1) - - im_data0(v2) - im_data1(v2) - im_data2(v2) - im_data3(v2) - im_data4(v2) - im_data5(v2) - im_data6(v2) - im_data7(v2) - - im_data0(v3) - im_data1(v3) - im_data2(v3) - im_data3(v3) - im_data4(v3) - im_data5(v3) - im_data6(v3) - im_data7(v3) diff --git a/lib/libcrypto/libaes/test_main.c b/lib/libcrypto/libaes/test_main.c deleted file mode 100644 index 5fd4599be..000000000 --- a/lib/libcrypto/libaes/test_main.c +++ /dev/null @@ -1,41 +0,0 @@ -#include -#include -#include -#include "aes_cbc.h" -#define AES_BLOCK_SIZE 16 -#define KEY_SIZE 128 /* bits */ -#define KEY "1234567890123456" -#define STR "hola guaso como estaisss ... 012" -#define STRSZ (sizeof(STR)-1) - -#define EMT_AESCBC_BLKLEN AES_BLOCK_SIZE -#define AES_CONTEXT_T aes_context -#define EMT_ESPAES_KEY_SZ 16 -int pretty_print(const unsigned char *buf, int count) { - int i=0; - for (;i -#include -#include -#include "aes.h" -#include "aes_xcbc_mac.h" -#define STR "Hola guasssso c|mo estais ...012" -void print_hash(const __u8 *hash) { - printf("%08x %08x %08x %08x\n", - *(__u32*)(&hash[0]), - *(__u32*)(&hash[4]), - *(__u32*)(&hash[8]), - *(__u32*)(&hash[12])); -} -int main(int argc, char *argv[]) { - aes_block key= { 0xdeadbeef, 0xceedcaca, 0xcafebabe, 0xff010204 }; - __u8 hash[16]; - char *str = argv[1]; - aes_context_mac ctx; - if (str==NULL) { - fprintf(stderr, "pasame el str\n"); - return 255; - } - AES_xcbc_mac_set_key(&ctx, (__u8 *)&key, sizeof(key)); - AES_xcbc_mac_hash(&ctx, str, strlen(str), hash); - print_hash(hash); - str[2]='x'; - AES_xcbc_mac_hash(&ctx, str, strlen(str), hash); - print_hash(hash); - return 0; -} diff --git a/lib/libcrypto/libblowfish/COPYRIGHT b/lib/libcrypto/libblowfish/COPYRIGHT deleted file mode 100644 index 685722350..000000000 --- a/lib/libcrypto/libblowfish/COPYRIGHT +++ /dev/null @@ -1,46 +0,0 @@ -Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -All rights reserved. - -This package is an Blowfish implementation written -by Eric Young (eay@cryptsoft.com). - -This library is free for commercial and non-commercial use as long as -the following conditions are aheared to. The following conditions -apply to all code found in this distribution. - -Copyright remains Eric Young's, and as such any Copyright notices in -the code are not to be removed. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by Eric Young (eay@cryptsoft.com) - -THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The license and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied and put under another distrubution license -[including the GNU Public License.] - -The reason behind this being stated in this direct manner is past -experience in code simply being copied and the attribution removed -from it and then being distributed as part of other packages. This -implementation was a non-trivial and unpaid effort. diff --git a/lib/libcrypto/libblowfish/INSTALL b/lib/libcrypto/libblowfish/INSTALL deleted file mode 100644 index 3b2592353..000000000 --- a/lib/libcrypto/libblowfish/INSTALL +++ /dev/null @@ -1,14 +0,0 @@ -This Eric Young's blowfish implementation, taken from his SSLeay library -and made available as a separate library. - -The version number (0.7.2m) is the SSLeay version that this library was -taken from. - -To build, just unpack and type make. -If you are not using gcc, edit the Makefile. -If you are compiling for an x86 box, try the assembler (it needs improving). -There are also some compile time options that can improve performance, -these are documented in the Makefile. - -eric 15-Apr-1997 - diff --git a/lib/libcrypto/libblowfish/Makefile b/lib/libcrypto/libblowfish/Makefile deleted file mode 100644 index 62724042b..000000000 --- a/lib/libcrypto/libblowfish/Makefile +++ /dev/null @@ -1,121 +0,0 @@ -# -# SSLeay/crypto/blowfish/Makefile -# - -DIR= bf -TOP= ../.. -CC= cc -CPP= $(CC) -E -INC=-I ../include -CFLAG=-g -D__KERNEL__ -I/usr/src/linux/include -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MAKEFILE= Makefile.ssl -AR= ar r -RANLIB= ranlib -PERL= perl - -CFLAGS= $(INC) $(CFLAG) - -.c.o: - $(CC) $(CPPFLAGS) $(CFLAGS) $(INC) -c $< -o $@ - -BF_ASM-i586 := bf-586.pl -BF_ASM-i686 := bf-686.pl -BF_ENC := bf_enc.o - -ASM-$(ARCH_ASM):=1 -ASM_X86:=$(ASM-i586)$(ASM-i686) -ifneq ($(strip $(ASM_X86)),) - BF_ENC= asm/bx86-elf.o - BF_ASM= $(BF_ASM-$(ARCH_ASM)) -endif - - -GENERAL=Makefile -TEST=bftest.c -APPS= - -LIB=libblowfish.a -LIBSRC=bf_skey.c bf_enc.c -LIBOBJ=bf_skey.o $(BF_ENC) - -SRC= $(LIBSRC) - -EXHEADER= blowfish.h -HEADER= bf_pi.h bf_locl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -#top: -# (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIB) - -$(LIB): $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) - -# elf -asm/bx86-elf.o: asm/bx86unix.cpp - $(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o - -# solaris -asm/bx86-sol.o: asm/bx86unix.cpp - $(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s - as -o asm/bx86-sol.o asm/bx86-sol.s - rm -f asm/bx86-sol.s - -# a.out -asm/bx86-out.o: asm/bx86unix.cpp - $(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o - -# bsdi -asm/bx86bsdi.o: asm/bx86unix.cpp - $(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o - -asm/bx86unix.cpp: asm/$(BF_ASM) ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) $(BF_ASM) cpp $(PROCESSOR) >bx86unix.cpp) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @$(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: installs - -installs: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/bx86unix.cpp *.o asm/*.o *.obj $(LIB) tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/lib/libcrypto/libblowfish/Makefile.ssl b/lib/libcrypto/libblowfish/Makefile.ssl deleted file mode 100644 index adc9eec3c..000000000 --- a/lib/libcrypto/libblowfish/Makefile.ssl +++ /dev/null @@ -1,118 +0,0 @@ -# -# SSLeay/crypto/blowfish/Makefile -# - -DIR= bf -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MAKEFILE= Makefile.ssl -AR= ar r - -BF_ENC= bf_enc.o -# or use -#DES_ENC= bx86-elf.o - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=bftest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c -LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o - -SRC= $(LIBSRC) - -EXHEADER= blowfish.h -HEADER= bf_pi.h bf_locl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) - @touch lib - -# elf -asm/bx86-elf.o: asm/bx86unix.cpp - $(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o - -# solaris -asm/bx86-sol.o: asm/bx86unix.cpp - $(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s - as -o asm/bx86-sol.o asm/bx86-sol.s - rm -f asm/bx86-sol.s - -# a.out -asm/bx86-out.o: asm/bx86unix.cpp - $(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o - -# bsdi -asm/bx86bsdi.o: asm/bx86unix.cpp - $(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o - -asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @$(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: installs - -installs: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -bf_cfb64.o: ../../include/openssl/blowfish.h -bf_cfb64.o: ../../include/openssl/opensslconf.h bf_locl.h -bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h -bf_ecb.o: ../../include/openssl/opensslv.h bf_locl.h -bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h -bf_enc.o: bf_locl.h -bf_ofb64.o: ../../include/openssl/blowfish.h -bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h -bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h -bf_skey.o: bf_locl.h bf_pi.h diff --git a/lib/libcrypto/libblowfish/README b/lib/libcrypto/libblowfish/README deleted file mode 100644 index f2712fd0e..000000000 --- a/lib/libcrypto/libblowfish/README +++ /dev/null @@ -1,8 +0,0 @@ -This is a quick packaging up of my blowfish code into a library. -It has been lifted from SSLeay. -The copyright notices seem a little harsh because I have not spent the -time to rewrite the conditions from the normal SSLeay ones. - -Basically if you just want to play with the library, not a problem. - -eric 15-Apr-1997 diff --git a/lib/libcrypto/libblowfish/VERSION b/lib/libcrypto/libblowfish/VERSION deleted file mode 100644 index be995855e..000000000 --- a/lib/libcrypto/libblowfish/VERSION +++ /dev/null @@ -1,6 +0,0 @@ -The version numbers will follow my SSL implementation - -0.7.2r - Some reasonable default compiler options from - Peter Gutman - -0.7.2m - the first release diff --git a/lib/libcrypto/libblowfish/asm/bf-586.pl b/lib/libcrypto/libblowfish/asm/bf-586.pl deleted file mode 100644 index f00f3f4bf..000000000 --- a/lib/libcrypto/libblowfish/asm/bf-586.pl +++ /dev/null @@ -1,136 +0,0 @@ -#!/usr/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386"); - -$BF_ROUNDS=16; -$BF_OFF=($BF_ROUNDS+2)*4; -$L="edi"; -$R="esi"; -$P="ebp"; -$tmp1="eax"; -$tmp2="ebx"; -$tmp3="ecx"; -$tmp4="edx"; - -&BF_encrypt("BF_encrypt",1); -&BF_encrypt("BF_decrypt",0); -&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); -&asm_finish(); - -sub BF_encrypt - { - local($name,$enc)=@_; - - &function_begin_B($name,""); - - &comment(""); - - &push("ebp"); - &push("ebx"); - &mov($tmp2,&wparam(0)); - &mov($P,&wparam(1)); - &push("esi"); - &push("edi"); - - &comment("Load the 2 words"); - &mov($L,&DWP(0,$tmp2,"",0)); - &mov($R,&DWP(4,$tmp2,"",0)); - - &xor( $tmp1, $tmp1); - - # encrypting part - - if ($enc) - { - &mov($tmp2,&DWP(0,$P,"",0)); - &xor( $tmp3, $tmp3); - - &xor($L,$tmp2); - for ($i=0; $i<$BF_ROUNDS; $i+=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1); - } - # &mov($tmp1,&wparam(0)); In last loop - &mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - } - else - { - &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - &xor( $tmp3, $tmp3); - - &xor($L,$tmp2); - for ($i=$BF_ROUNDS; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0); - } - # &mov($tmp1,&wparam(0)); In last loop - &mov($tmp4,&DWP(0,$P,"",0)); - } - - &xor($R,$tmp4); - &mov(&DWP(4,$tmp1,"",0),$L); - - &mov(&DWP(0,$tmp1,"",0),$R); - &function_end($name); - } - -sub BF_ENCRYPT - { - local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_; - - &mov( $tmp4, &DWP(&n2a($i*4),$P,"",0)); # for next round - - &mov( $tmp2, $R); - &xor( $L, $tmp4); - - &shr( $tmp2, 16); - &mov( $tmp4, $R); - - &movb( &LB($tmp1), &HB($tmp2)); # A - &and( $tmp2, 0xff); # B - - &movb( &LB($tmp3), &HB($tmp4)); # C - &and( $tmp4, 0xff); # D - - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4)); - &mov( $tmp2, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4)); - - &add( $tmp2, $tmp1); - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4)); - - &xor( $tmp2, $tmp1); - &mov( $tmp4, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4)); - - &add( $tmp2, $tmp4); - if (($enc && ($i != 16)) || ((!$enc) && ($i != 1))) - { &xor( $tmp1, $tmp1); } - else - { - &comment("Load parameter 0 ($i) enc=$enc"); - &mov($tmp1,&wparam(0)); - } # In last loop - - &xor( $L, $tmp2); - # delay - } - -sub n2a - { - sprintf("%d",$_[0]); - } - diff --git a/lib/libcrypto/libblowfish/asm/bf-686.pl b/lib/libcrypto/libblowfish/asm/bf-686.pl deleted file mode 100644 index 9222f5e7a..000000000 --- a/lib/libcrypto/libblowfish/asm/bf-686.pl +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -&asm_init($ARGV[0],"bf-686.pl"); - -$BF_ROUNDS=16; -$BF_OFF=($BF_ROUNDS+2)*4; -$L="ecx"; -$R="edx"; -$P="edi"; -$tot="esi"; -$tmp1="eax"; -$tmp2="ebx"; -$tmp3="ebp"; - -&des_encrypt("BF_encrypt",1); -&des_encrypt("BF_decrypt",0); -&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); - -&asm_finish(); - -&file_end(); - -sub des_encrypt - { - local($name,$enc)=@_; - - &function_begin($name,""); - - &comment(""); - &comment("Load the 2 words"); - &mov("eax",&wparam(0)); - &mov($L,&DWP(0,"eax","",0)); - &mov($R,&DWP(4,"eax","",0)); - - &comment(""); - &comment("P pointer, s and enc flag"); - &mov($P,&wparam(1)); - - &xor( $tmp1, $tmp1); - &xor( $tmp2, $tmp2); - - # encrypting part - - if ($enc) - { - &xor($L,&DWP(0,$P,"",0)); - for ($i=0; $i<$BF_ROUNDS; $i+=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3); - } - &xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - - &mov("eax",&wparam(0)); - &mov(&DWP(0,"eax","",0),$R); - &mov(&DWP(4,"eax","",0),$L); - &function_end_A($name); - } - else - { - &xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - for ($i=$BF_ROUNDS; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3); - } - &xor($R,&DWP(0,$P,"",0)); - - &mov("eax",&wparam(0)); - &mov(&DWP(0,"eax","",0),$R); - &mov(&DWP(4,"eax","",0),$L); - &function_end_A($name); - } - - &function_end_B($name); - } - -sub BF_ENCRYPT - { - local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_; - - &rotr( $R, 16); - &mov( $tot, &DWP(&n2a($i*4),$P,"",0)); - - &movb( &LB($tmp1), &HB($R)); - &movb( &LB($tmp2), &LB($R)); - - &rotr( $R, 16); - &xor( $L, $tot); - - &mov( $tot, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4)); - &mov( $tmp3, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4)); - - &movb( &LB($tmp1), &HB($R)); - &movb( &LB($tmp2), &LB($R)); - - &add( $tot, $tmp3); - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay - - &xor( $tot, $tmp1); - &mov( $tmp3, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4)); - - &add( $tot, $tmp3); - &xor( $tmp1, $tmp1); - - &xor( $L, $tot); - # delay - } - -sub n2a - { - sprintf("%d",$_[0]); - } - diff --git a/lib/libcrypto/libblowfish/asm/readme b/lib/libcrypto/libblowfish/asm/readme deleted file mode 100644 index 2385fa381..000000000 --- a/lib/libcrypto/libblowfish/asm/readme +++ /dev/null @@ -1,10 +0,0 @@ -There are blowfish assembler generation scripts. -bf-586.pl version is for the pentium and -bf-686.pl is my original version, which is faster on the pentium pro. - -When using a bf-586.pl, the pentium pro/II is %8 slower than using -bf-686.pl. When using a bf-686.pl, the pentium is %16 slower -than bf-586.pl - -So the default is bf-586.pl - diff --git a/lib/libcrypto/libblowfish/bf_enc.c b/lib/libcrypto/libblowfish/bf_enc.c deleted file mode 100644 index aa6c79812..000000000 --- a/lib/libcrypto/libblowfish/bf_enc.c +++ /dev/null @@ -1,306 +0,0 @@ -/* crypto/bf/bf_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "blowfish.h" -#include "bf_locl.h" - -/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' - * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, - * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - -#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) -#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ -to modify the code. -#endif - -void BF_encrypt(BF_LONG *data, const BF_KEY *key) - { -#ifndef BF_PTR2 - const BF_LONG *p,*s; - BF_LONG l,r; - - p=key->P; - s= &(key->S[0]); - l=data[0]; - r=data[1]; - - l^=p[0]; - BF_ENC(r,l,s,p[ 1]); - BF_ENC(l,r,s,p[ 2]); - BF_ENC(r,l,s,p[ 3]); - BF_ENC(l,r,s,p[ 4]); - BF_ENC(r,l,s,p[ 5]); - BF_ENC(l,r,s,p[ 6]); - BF_ENC(r,l,s,p[ 7]); - BF_ENC(l,r,s,p[ 8]); - BF_ENC(r,l,s,p[ 9]); - BF_ENC(l,r,s,p[10]); - BF_ENC(r,l,s,p[11]); - BF_ENC(l,r,s,p[12]); - BF_ENC(r,l,s,p[13]); - BF_ENC(l,r,s,p[14]); - BF_ENC(r,l,s,p[15]); - BF_ENC(l,r,s,p[16]); -#if BF_ROUNDS == 20 - BF_ENC(r,l,s,p[17]); - BF_ENC(l,r,s,p[18]); - BF_ENC(r,l,s,p[19]); - BF_ENC(l,r,s,p[20]); -#endif - r^=p[BF_ROUNDS+1]; - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; -#else - BF_LONG l,r,t,*k; - - l=data[0]; - r=data[1]; - k=(BF_LONG*)key; - - l^=k[0]; - BF_ENC(r,l,k, 1); - BF_ENC(l,r,k, 2); - BF_ENC(r,l,k, 3); - BF_ENC(l,r,k, 4); - BF_ENC(r,l,k, 5); - BF_ENC(l,r,k, 6); - BF_ENC(r,l,k, 7); - BF_ENC(l,r,k, 8); - BF_ENC(r,l,k, 9); - BF_ENC(l,r,k,10); - BF_ENC(r,l,k,11); - BF_ENC(l,r,k,12); - BF_ENC(r,l,k,13); - BF_ENC(l,r,k,14); - BF_ENC(r,l,k,15); - BF_ENC(l,r,k,16); -#if BF_ROUNDS == 20 - BF_ENC(r,l,k,17); - BF_ENC(l,r,k,18); - BF_ENC(r,l,k,19); - BF_ENC(l,r,k,20); -#endif - r^=k[BF_ROUNDS+1]; - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; -#endif - } - -#ifndef BF_DEFAULT_OPTIONS - -void BF_decrypt(BF_LONG *data, const BF_KEY *key) - { -#ifndef BF_PTR2 - const BF_LONG *p,*s; - BF_LONG l,r; - - p=key->P; - s= &(key->S[0]); - l=data[0]; - r=data[1]; - - l^=p[BF_ROUNDS+1]; -#if BF_ROUNDS == 20 - BF_ENC(r,l,s,p[20]); - BF_ENC(l,r,s,p[19]); - BF_ENC(r,l,s,p[18]); - BF_ENC(l,r,s,p[17]); -#endif - BF_ENC(r,l,s,p[16]); - BF_ENC(l,r,s,p[15]); - BF_ENC(r,l,s,p[14]); - BF_ENC(l,r,s,p[13]); - BF_ENC(r,l,s,p[12]); - BF_ENC(l,r,s,p[11]); - BF_ENC(r,l,s,p[10]); - BF_ENC(l,r,s,p[ 9]); - BF_ENC(r,l,s,p[ 8]); - BF_ENC(l,r,s,p[ 7]); - BF_ENC(r,l,s,p[ 6]); - BF_ENC(l,r,s,p[ 5]); - BF_ENC(r,l,s,p[ 4]); - BF_ENC(l,r,s,p[ 3]); - BF_ENC(r,l,s,p[ 2]); - BF_ENC(l,r,s,p[ 1]); - r^=p[0]; - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; -#else - BF_LONG l,r,t,*k; - - l=data[0]; - r=data[1]; - k=(BF_LONG *)key; - - l^=k[BF_ROUNDS+1]; -#if BF_ROUNDS == 20 - BF_ENC(r,l,k,20); - BF_ENC(l,r,k,19); - BF_ENC(r,l,k,18); - BF_ENC(l,r,k,17); -#endif - BF_ENC(r,l,k,16); - BF_ENC(l,r,k,15); - BF_ENC(r,l,k,14); - BF_ENC(l,r,k,13); - BF_ENC(r,l,k,12); - BF_ENC(l,r,k,11); - BF_ENC(r,l,k,10); - BF_ENC(l,r,k, 9); - BF_ENC(r,l,k, 8); - BF_ENC(l,r,k, 7); - BF_ENC(r,l,k, 6); - BF_ENC(l,r,k, 5); - BF_ENC(r,l,k, 4); - BF_ENC(l,r,k, 3); - BF_ENC(r,l,k, 2); - BF_ENC(l,r,k, 1); - r^=k[0]; - - data[1]=l&0xffffffffL; - data[0]=r&0xffffffffL; -#endif - } - -void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int encrypt) - { - BF_LONG tin0,tin1; - BF_LONG tout0,tout1,xor0,xor1; - long l=length; - BF_LONG tin[2]; - - if (encrypt) - { - n2l(ivec,tout0); - n2l(ivec,tout1); - ivec-=8; - for (l-=8; l>=0; l-=8) - { - n2l(in,tin0); - n2l(in,tin1); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - BF_encrypt(tin,schedule); - tout0=tin[0]; - tout1=tin[1]; - l2n(tout0,out); - l2n(tout1,out); - } - if (l != -8) - { - n2ln(in,tin0,tin1,l+8); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - BF_encrypt(tin,schedule); - tout0=tin[0]; - tout1=tin[1]; - l2n(tout0,out); - l2n(tout1,out); - } - l2n(tout0,ivec); - l2n(tout1,ivec); - } - else - { - n2l(ivec,xor0); - n2l(ivec,xor1); - ivec-=8; - for (l-=8; l>=0; l-=8) - { - n2l(in,tin0); - n2l(in,tin1); - tin[0]=tin0; - tin[1]=tin1; - BF_decrypt(tin,schedule); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2n(tout0,out); - l2n(tout1,out); - xor0=tin0; - xor1=tin1; - } - if (l != -8) - { - n2l(in,tin0); - n2l(in,tin1); - tin[0]=tin0; - tin[1]=tin1; - BF_decrypt(tin,schedule); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2nn(tout0,tout1,out,l+8); - xor0=tin0; - xor1=tin1; - } - l2n(xor0,ivec); - l2n(xor1,ivec); - } - tin0=tin1=tout0=tout1=xor0=xor1=0; - tin[0]=tin[1]=0; - } - -#endif diff --git a/lib/libcrypto/libblowfish/bf_locl.h b/lib/libcrypto/libblowfish/bf_locl.h deleted file mode 100644 index 283bf4c43..000000000 --- a/lib/libcrypto/libblowfish/bf_locl.h +++ /dev/null @@ -1,218 +0,0 @@ -/* crypto/bf/bf_locl.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_BF_LOCL_H -#define HEADER_BF_LOCL_H - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* This is actually a big endian algorithm, the most significant byte - * is used to lookup array 0 */ - -#if defined(BF_PTR2) - -/* - * This is basically a special Intel version. Point is that Intel - * doesn't have many registers, but offers a reach choice of addressing - * modes. So we spare some registers by directly traversing BF_KEY - * structure and hiring the most decorated addressing mode. The code - * generated by EGCS is *perfectly* competitive with assembler - * implementation! - */ -#define BF_ENC(LL,R,KEY,Pi) (\ - LL^=KEY[Pi], \ - t= KEY[BF_ROUNDS+2 + 0 + ((R>>24)&0xFF)], \ - t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \ - t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \ - t+= KEY[BF_ROUNDS+2 + 768 + ((R )&0xFF)], \ - LL^=t \ - ) - -#elif defined(BF_PTR) - -#ifndef BF_LONG_LOG2 -#define BF_LONG_LOG2 2 /* default to BF_LONG being 32 bits */ -#endif -#define BF_M (0xFF<>BF_i)&BF_M gets folded into a single instruction, namely - * rlwinm. So let'em double-check if their compiler does it. - */ - -#define BF_ENC(LL,R,S,P) ( \ - LL^=P, \ - LL^= (((*(BF_LONG *)((unsigned char *)&(S[ 0])+((R>>BF_0)&BF_M))+ \ - *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \ - *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \ - *(BF_LONG *)((unsigned char *)&(S[768])+((R<>24)&0xff)] + \ - S[0x0100+((int)(R>>16)&0xff)])^ \ - S[0x0200+((int)(R>> 8)&0xff)])+ \ - S[0x0300+((int)(R )&0xff)])&0xffffffffL \ - ) -#endif - -#endif diff --git a/lib/libcrypto/libblowfish/bf_pi.h b/lib/libcrypto/libblowfish/bf_pi.h deleted file mode 100644 index 9949513c6..000000000 --- a/lib/libcrypto/libblowfish/bf_pi.h +++ /dev/null @@ -1,325 +0,0 @@ -/* crypto/bf/bf_pi.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -static const BF_KEY bf_init= { - { - 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, - 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, - 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL, - 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L, - 0x9216d5d9L, 0x8979fb1b - },{ - 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, - 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, - 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, - 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, - 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, - 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, - 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, - 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, - 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, - 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, - 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, - 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, - 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, - 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, - 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, - 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, - 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, - 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, - 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, - 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, - 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, - 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, - 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, - 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, - 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, - 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, - 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, - 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, - 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, - 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, - 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, - 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, - 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, - 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, - 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, - 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, - 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, - 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, - 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, - 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, - 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, - 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, - 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, - 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, - 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, - 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, - 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, - 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, - 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, - 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, - 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, - 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, - 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, - 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, - 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, - 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, - 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, - 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, - 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, - 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, - 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, - 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, - 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, - 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, - 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, - 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, - 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, - 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, - 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, - 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, - 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, - 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, - 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, - 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, - 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, - 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, - 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, - 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, - 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, - 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, - 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, - 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, - 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, - 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, - 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, - 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, - 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, - 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, - 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, - 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, - 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, - 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, - 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, - 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, - 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, - 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, - 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, - 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, - 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, - 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, - 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, - 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, - 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, - 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, - 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, - 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, - 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, - 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, - 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, - 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, - 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, - 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, - 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, - 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, - 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, - 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, - 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, - 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, - 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, - 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, - 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, - 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, - 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, - 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, - 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, - 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, - 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, - 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, - 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, - 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, - 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, - 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, - 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, - 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, - 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, - 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, - 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, - 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, - 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, - 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, - 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, - 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, - 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, - 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, - 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, - 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, - 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, - 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, - 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, - 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, - 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, - 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, - 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, - 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, - 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, - 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, - 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, - 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, - 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, - 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, - 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, - 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, - 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, - 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, - 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, - 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, - 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, - 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, - 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, - 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, - 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, - 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, - 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, - 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, - 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, - 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, - 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, - 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, - 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, - 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, - 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, - 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, - 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, - 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, - 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, - 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, - 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, - 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, - 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, - 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, - 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, - 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, - 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, - 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, - 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, - 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, - 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, - 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, - 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, - 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, - 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, - 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, - 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, - 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, - 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, - 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, - 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, - 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, - 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, - 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, - 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, - 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, - 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, - 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, - 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, - 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, - 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, - 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, - 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, - 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, - 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, - 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, - 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, - 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, - 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, - 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, - 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, - 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, - 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, - 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, - 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, - 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, - 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, - 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, - 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, - 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, - 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, - 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, - 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, - 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, - 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, - 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, - 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, - 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, - 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, - 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, - 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, - 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, - 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, - 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, - 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, - 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, - 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, - 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, - 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, - 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, - } - }; - diff --git a/lib/libcrypto/libblowfish/bf_skey.c b/lib/libcrypto/libblowfish/bf_skey.c deleted file mode 100644 index 8cdbbd283..000000000 --- a/lib/libcrypto/libblowfish/bf_skey.c +++ /dev/null @@ -1,122 +0,0 @@ -/* crypto/bf/bf_skey.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifdef __KERNEL__ -#include -#include -#else -#include -#include -#endif - -#include "blowfish.h" -#include "bf_locl.h" -#include "bf_pi.h" - -void BF_set_key(BF_KEY *key, int len, const unsigned char *data) - { - int i; - BF_LONG *p,ri,in[2]; - const unsigned char *d,*end; - - - memcpy((char *)key,(const char *)&bf_init,sizeof(BF_KEY)); - p=key->P; - - if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4; - - d=data; - end= &(data[len]); - for (i=0; i<(BF_ROUNDS+2); i++) - { - ri= *(d++); - if (d >= end) d=data; - - ri<<=8; - ri|= *(d++); - if (d >= end) d=data; - - ri<<=8; - ri|= *(d++); - if (d >= end) d=data; - - ri<<=8; - ri|= *(d++); - if (d >= end) d=data; - - p[i]^=ri; - } - - in[0]=0L; - in[1]=0L; - for (i=0; i<(BF_ROUNDS+2); i+=2) - { - BF_encrypt(in,key); - p[i ]=in[0]; - p[i+1]=in[1]; - } - - p=key->S; - for (i=0; i<4*256; i+=2) - { - BF_encrypt(in,key); - p[i ]=in[0]; - p[i+1]=in[1]; - } - } - diff --git a/lib/libcrypto/libblowfish/blowfish.h b/lib/libcrypto/libblowfish/blowfish.h deleted file mode 100644 index ccb97e272..000000000 --- a/lib/libcrypto/libblowfish/blowfish.h +++ /dev/null @@ -1,133 +0,0 @@ -/* crypto/bf/blowfish.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_BLOWFISH_H -#define HEADER_BLOWFISH_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef NO_BF -#error BF is disabled. -#endif - -#define BF_ENCRYPT 1 -#define BF_DECRYPT 0 - -/* - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! BF_LONG_LOG2 has to be defined along. ! - * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - */ - -#if defined(WIN16) || defined(__LP32__) -#define BF_LONG unsigned long -#elif defined(_CRAY) || defined(__ILP64__) -#define BF_LONG unsigned long -#define BF_LONG_LOG2 3 -#endif -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * - */ - -/* des.h-like hack */ -#ifndef BF_LONG -#ifdef __KERNEL__ -#include -#else -#include -#endif -#define BF_LONG u_int32_t -#endif - -#define BF_ROUNDS 16 -#define BF_BLOCK 8 - -typedef struct bf_key_st - { - BF_LONG P[BF_ROUNDS+2]; - BF_LONG S[4*256]; - } BF_KEY; - - -void BF_set_key(BF_KEY *key, int len, const unsigned char *data); - -void BF_encrypt(BF_LONG *data,const BF_KEY *key); -void BF_decrypt(BF_LONG *data,const BF_KEY *key); - -void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, - const BF_KEY *key, int enc); -void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int enc); -void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int *num, int enc); -void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int *num); -const char *BF_options(void); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/libcrypto/libserpent/Makefile b/lib/libcrypto/libserpent/Makefile deleted file mode 100644 index 51a1e0582..000000000 --- a/lib/libcrypto/libserpent/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -CFLAGS=-O3 -fomit-frame-pointer -D__KERNEL__ -Wall $(EXTRA_CFLAGS) -INC=-I../include -LIBOBJ=serpent.o serpent_cbc.o -BLIB=libserpent.a - -.c.o: - $(CC) $(CPPFLAGS) $(CFLAGS) $(INC) -c $< -o $@ - -$(BLIB): $(LIBOBJ) - /bin/rm -f $(BLIB) - ar cr $(BLIB) $(LIBOBJ) - -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ - else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ - else exit 0; fi; fi - -test: test_main.o $(BLIB) - $(CC) -o $@ $^ - -clean: - rm -f *.[oa] core $(TARGET) test diff --git a/lib/libcrypto/libserpent/serpent.c b/lib/libcrypto/libserpent/serpent.c deleted file mode 100644 index f2cea250e..000000000 --- a/lib/libcrypto/libserpent/serpent.c +++ /dev/null @@ -1,995 +0,0 @@ - -/* Optimized implementation of the Serpent AES candidate algorithm - * Designed by Anderson, Biham and Knudsen and Implemented by - * Gisle Sælensminde 2000. - * - * The implementation is based on the pentium optimised sboxes of - * Dag Arne Osvik. Even these sboxes are designed to be optimal for x86 - * processors they are efficient on other processors as well, but the speedup - * isn't so impressive compared to other implementations. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Library General Public License - * as published by the Free Software Foundation; either version 2 of - * the License, or (at your option) any later version. - */ - -#ifdef __KERNEL__ -#include -#include - -#include -#else -#include -#include -#endif - -#include "serpent.h" - -#define rotl(reg, val) ((reg << val) | (reg >> (32 - val))) -#define rotr(reg, val) ((reg >> val) | (reg << (32 - val))) - -#ifdef __cpu_to_be32 -#define BLOCK_SWAP -#define io_swap(x) __cpu_to_be32(x) -#else -#undef BLOCK_SWAP -#endif - -/* The sbox functions. The first four parameters is the input bits, and - * the last is a tempoary. These parameters are also used for output, but - * the bit order is permuted. The output bit order from S0 is - * (1 4 2 0 3), where 3 is the (now useless) tempoary. - */ - -#define S0(r0,r1,r2,r3,r4) \ - r3 = r3 ^ r0; \ - r4 = r1; \ - r1 = r1 & r3; \ - r4 = r4 ^ r2; \ - r1 = r1 ^ r0; \ - r0 = r0 | r3; \ - r0 = r0 ^ r4; \ - r4 = r4 ^ r3; \ - r3 = r3 ^ r2; \ - r2 = r2 | r1; \ - r2 = r2 ^ r4; \ - r4 = -1 ^ r4; \ - r4 = r4 | r1; \ - r1 = r1 ^ r3; \ - r1 = r1 ^ r4; \ - r3 = r3 | r0; \ - r1 = r1 ^ r3; \ - r4 = r4 ^ r3; - -#define S1(r0,r1,r2,r3,r4) \ - r1 = -1 ^ r1; \ - r4 = r0; \ - r0 = r0 ^ r1; \ - r4 = r4 | r1; \ - r4 = r4 ^ r3; \ - r3 = r3 & r0; \ - r2 = r2 ^ r4; \ - r3 = r3 ^ r1; \ - r3 = r3 | r2; \ - r0 = r0 ^ r4; \ - r3 = r3 ^ r0; \ - r1 = r1 & r2; \ - r0 = r0 | r1; \ - r1 = r1 ^ r4; \ - r0 = r0 ^ r2; \ - r4 = r4 | r3; \ - r0 = r0 ^ r4; \ - r4 = -1 ^ r4; \ - r1 = r1 ^ r3; \ - r4 = r4 & r2; \ - r1 = -1 ^ r1; \ - r4 = r4 ^ r0; \ - r1 = r1 ^ r4; - -#define S2(r0,r1,r2,r3,r4) \ - r4 = r0; \ - r0 = r0 & r2; \ - r0 = r0 ^ r3; \ - r2 = r2 ^ r1; \ - r2 = r2 ^ r0; \ - r3 = r3 | r4; \ - r3 = r3 ^ r1; \ - r4 = r4 ^ r2; \ - r1 = r3; \ - r3 = r3 | r4; \ - r3 = r3 ^ r0; \ - r0 = r0 & r1; \ - r4 = r4 ^ r0; \ - r1 = r1 ^ r3; \ - r1 = r1 ^ r4; \ - r4 = -1 ^ r4; - -#define S3(r0,r1,r2,r3,r4) \ - r4 = r0 ; \ - r0 = r0 | r3; \ - r3 = r3 ^ r1; \ - r1 = r1 & r4; \ - r4 = r4 ^ r2; \ - r2 = r2 ^ r3; \ - r3 = r3 & r0; \ - r4 = r4 | r1; \ - r3 = r3 ^ r4; \ - r0 = r0 ^ r1; \ - r4 = r4 & r0; \ - r1 = r1 ^ r3; \ - r4 = r4 ^ r2; \ - r1 = r1 | r0; \ - r1 = r1 ^ r2; \ - r0 = r0 ^ r3; \ - r2 = r1; \ - r1 = r1 | r3; \ - r1 = r1 ^ r0; - -#define S4(r0,r1,r2,r3,r4) \ - r1 = r1 ^ r3; \ - r3 = -1 ^ r3; \ - r2 = r2 ^ r3; \ - r3 = r3 ^ r0; \ - r4 = r1; \ - r1 = r1 & r3; \ - r1 = r1 ^ r2; \ - r4 = r4 ^ r3; \ - r0 = r0 ^ r4; \ - r2 = r2 & r4; \ - r2 = r2 ^ r0; \ - r0 = r0 & r1; \ - r3 = r3 ^ r0; \ - r4 = r4 | r1; \ - r4 = r4 ^ r0; \ - r0 = r0 | r3; \ - r0 = r0 ^ r2; \ - r2 = r2 & r3; \ - r0 = -1 ^ r0; \ - r4 = r4 ^ r2; - -#define S5(r0,r1,r2,r3,r4) \ - r0 = r0 ^ r1; \ - r1 = r1 ^ r3; \ - r3 = -1 ^ r3; \ - r4 = r1; \ - r1 = r1 & r0; \ - r2 = r2 ^ r3; \ - r1 = r1 ^ r2; \ - r2 = r2 | r4; \ - r4 = r4 ^ r3; \ - r3 = r3 & r1; \ - r3 = r3 ^ r0; \ - r4 = r4 ^ r1; \ - r4 = r4 ^ r2; \ - r2 = r2 ^ r0; \ - r0 = r0 & r3; \ - r2 = -1 ^ r2; \ - r0 = r0 ^ r4; \ - r4 = r4 | r3; \ - r2 = r2 ^ r4; - -#define S6(r0,r1,r2,r3,r4) \ - r2 = -1 ^ r2; \ - r4 = r3; \ - r3 = r3 & r0; \ - r0 = r0 ^ r4; \ - r3 = r3 ^ r2; \ - r2 = r2 | r4; \ - r1 = r1 ^ r3; \ - r2 = r2 ^ r0; \ - r0 = r0 | r1; \ - r2 = r2 ^ r1; \ - r4 = r4 ^ r0; \ - r0 = r0 | r3; \ - r0 = r0 ^ r2; \ - r4 = r4 ^ r3; \ - r4 = r4 ^ r0; \ - r3 = -1 ^ r3; \ - r2 = r2 & r4; \ - r2 = r2 ^ r3; - -#define S7(r0,r1,r2,r3,r4) \ - r4 = r2; \ - r2 = r2 & r1; \ - r2 = r2 ^ r3; \ - r3 = r3 & r1; \ - r4 = r4 ^ r2; \ - r2 = r2 ^ r1; \ - r1 = r1 ^ r0; \ - r0 = r0 | r4; \ - r0 = r0 ^ r2; \ - r3 = r3 ^ r1; \ - r2 = r2 ^ r3; \ - r3 = r3 & r0; \ - r3 = r3 ^ r4; \ - r4 = r4 ^ r2; \ - r2 = r2 & r0; \ - r4 = -1 ^ r4; \ - r2 = r2 ^ r4; \ - r4 = r4 & r0; \ - r1 = r1 ^ r3; \ - r4 = r4 ^ r1; - -/* The inverse sboxes */ - -#define I0(r0,r1,r2,r3,r4) \ - r2 = r2 ^ -1; \ - r4 = r1; \ - r1 = r1 | r0; \ - r4 = r4 ^ -1; \ - r1 = r1 ^ r2; \ - r2 = r2 | r4; \ - r1 = r1 ^ r3; \ - r0 = r0 ^ r4; \ - r2 = r2 ^ r0; \ - r0 = r0 & r3; \ - r4 = r4 ^ r0; \ - r0 = r0 | r1; \ - r0 = r0 ^ r2; \ - r3 = r3 ^ r4; \ - r2 = r2 ^ r1; \ - r3 = r3 ^ r0; \ - r3 = r3 ^ r1; \ - r2 = r2 & r3; \ - r4 = r4 ^ r2; - -#define I1(r0,r1,r2,r3,r4) \ - r4 = r1; \ - r1 = r1 ^ r3; \ - r3 = r3 & r1; \ - r4 = r4 ^ r2; \ - r3 = r3 ^ r0; \ - r0 = r0 | r1; \ - r2 = r2 ^ r3; \ - r0 = r0 ^ r4; \ - r0 = r0 | r2; \ - r1 = r1 ^ r3; \ - r0 = r0 ^ r1; \ - r1 = r1 | r3; \ - r1 = r1 ^ r0; \ - r4 = r4 ^ -1; \ - r4 = r4 ^ r1; \ - r1 = r1 | r0; \ - r1 = r1 ^ r0; \ - r1 = r1 | r4; \ - r3 = r3 ^ r1; - -#define I2(r0,r1,r2,r3,r4) \ - r2 = r2 ^ r3; \ - r3 = r3 ^ r0; \ - r4 = r3; \ - r3 = r3 & r2; \ - r3 = r3 ^ r1; \ - r1 = r1 | r2; \ - r1 = r1 ^ r4; \ - r4 = r4 & r3; \ - r2 = r2 ^ r3; \ - r4 = r4 & r0; \ - r4 = r4 ^ r2; \ - r2 = r2 & r1; \ - r2 = r2 | r0; \ - r3 = r3 ^ -1; \ - r2 = r2 ^ r3; \ - r0 = r0 ^ r3; \ - r0 = r0 & r1; \ - r3 = r3 ^ r4; \ - r3 = r3 ^ r0; - -#define I3(r0,r1,r2,r3,r4) \ - r4 = r2; \ - r2 = r2 ^ r1; \ - r0 = r0 ^ r2; \ - r4 = r4 & r2; \ - r4 = r4 ^ r0; \ - r0 = r0 & r1; \ - r1 = r1 ^ r3; \ - r3 = r3 | r4; \ - r2 = r2 ^ r3; \ - r0 = r0 ^ r3; \ - r1 = r1 ^ r4; \ - r3 = r3 & r2; \ - r3 = r3 ^ r1; \ - r1 = r1 ^ r0; \ - r1 = r1 | r2; \ - r0 = r0 ^ r3; \ - r1 = r1 ^ r4; \ - r0 = r0 ^ r1; - -#define I4(r0,r1,r2,r3,r4) \ - r4 = r2; \ - r2 = r2 & r3; \ - r2 = r2 ^ r1; \ - r1 = r1 | r3; \ - r1 = r1 & r0; \ - r4 = r4 ^ r2; \ - r4 = r4 ^ r1; \ - r1 = r1 & r2; \ - r0 = r0 ^ -1; \ - r3 = r3 ^ r4; \ - r1 = r1 ^ r3; \ - r3 = r3 & r0; \ - r3 = r3 ^ r2; \ - r0 = r0 ^ r1; \ - r2 = r2 & r0; \ - r3 = r3 ^ r0; \ - r2 = r2 ^ r4; \ - r2 = r2 | r3; \ - r3 = r3 ^ r0; \ - r2 = r2 ^ r1; - -#define I5(r0,r1,r2,r3,r4) \ - r1 = r1 ^ -1; \ - r4 = r3; \ - r2 = r2 ^ r1; \ - r3 = r3 | r0; \ - r3 = r3 ^ r2; \ - r2 = r2 | r1; \ - r2 = r2 & r0; \ - r4 = r4 ^ r3; \ - r2 = r2 ^ r4; \ - r4 = r4 | r0; \ - r4 = r4 ^ r1; \ - r1 = r1 & r2; \ - r1 = r1 ^ r3; \ - r4 = r4 ^ r2; \ - r3 = r3 & r4; \ - r4 = r4 ^ r1; \ - r3 = r3 ^ r0; \ - r3 = r3 ^ r4; \ - r4 = r4 ^ -1; - - -#define I6(r0,r1,r2,r3,r4) \ - r0 = r0 ^ r2; \ - r4 = r2; \ - r2 = r2 & r0; \ - r4 = r4 ^ r3; \ - r2 = r2 ^ -1; \ - r3 = r3 ^ r1; \ - r2 = r2 ^ r3; \ - r4 = r4 | r0; \ - r0 = r0 ^ r2; \ - r3 = r3 ^ r4; \ - r4 = r4 ^ r1; \ - r1 = r1 & r3; \ - r1 = r1 ^ r0; \ - r0 = r0 ^ r3; \ - r0 = r0 | r2; \ - r3 = r3 ^ r1; \ - r4 = r4 ^ r0; - -#define I7(r0,r1,r2,r3,r4) \ - r4 = r2; \ - r2 = r2 ^ r0; \ - r0 = r0 & r3; \ - r4 = r4 | r3; \ - r2 = r2 ^ -1; \ - r3 = r3 ^ r1; \ - r1 = r1 | r0; \ - r0 = r0 ^ r2; \ - r2 = r2 & r4; \ - r3 = r3 & r4; \ - r1 = r1 ^ r2; \ - r2 = r2 ^ r0; \ - r0 = r0 | r2; \ - r4 = r4 ^ r1; \ - r0 = r0 ^ r3; \ - r3 = r3 ^ r4; \ - r4 = r4 | r0; \ - r3 = r3 ^ r2; \ - r4 = r4 ^ r2; - -/* forward and inverse linear transformations */ - -#define LINTRANS(r0,r1,r2,r3,r4) \ - r0 = rotl(r0, 13); \ - r2 = rotl(r2, 3); \ - r3 = r3 ^ r2; \ - r4 = r0 << 3; \ - r1 = r1 ^ r0; \ - r3 = r3 ^ r4; \ - r1 = r1 ^ r2; \ - r3 = rotl(r3, 7); \ - r1 = rotl(r1, 1); \ - r2 = r2 ^ r3; \ - r4 = r1 << 7; \ - r0 = r0 ^ r1; \ - r2 = r2 ^ r4; \ - r0 = r0 ^ r3; \ - r2 = rotl(r2, 22); \ - r0 = rotl(r0, 5); - -#define ILINTRANS(r0,r1,r2,r3,r4) \ - r2 = rotr(r2, 22); \ - r0 = rotr(r0, 5); \ - r2 = r2 ^ r3; \ - r4 = r1 << 7; \ - r0 = r0 ^ r1; \ - r2 = r2 ^ r4; \ - r0 = r0 ^ r3; \ - r3 = rotr(r3, 7); \ - r1 = rotr(r1, 1); \ - r3 = r3 ^ r2; \ - r4 = r0 << 3; \ - r1 = r1 ^ r0; \ - r3 = r3 ^ r4; \ - r1 = r1 ^ r2; \ - r2 = rotr(r2, 3); \ - r0 = rotr(r0, 13); - - -#define KEYMIX(r0,r1,r2,r3,r4,IN) \ - r0 = r0 ^ l_key[IN+8]; \ - r1 = r1 ^ l_key[IN+9]; \ - r2 = r2 ^ l_key[IN+10]; \ - r3 = r3 ^ l_key[IN+11]; - -#define GETKEY(r0, r1, r2, r3, IN) \ - r0 = l_key[IN+8]; \ - r1 = l_key[IN+9]; \ - r2 = l_key[IN+10]; \ - r3 = l_key[IN+11]; - -#define SETKEY(r0, r1, r2, r3, IN) \ - l_key[IN+8] = r0; \ - l_key[IN+9] = r1; \ - l_key[IN+10] = r2; \ - l_key[IN+11] = r3; - -/* initialise the key schedule from the user supplied key */ - -int serpent_set_key(serpent_context *cx, const unsigned char *key, int key_len) -{ const u32 *in_key = (const u32 *)key; - /* l_key - storage for the key schedule */ - u32 *l_key = cx->keyinfo; - u32 i,lk,r0,r1,r2,r3,r4; - - if (key_len != 16 && key_len != 24 && key_len != 32) - return -1; /* unsupported key length */ - - key_len *= 8; - - i = 0; lk = (key_len + 31) / 32; - - while(i < lk) - { -#ifdef BLOCK_SWAP - l_key[i] = io_swap(in_key[lk - i - 1]); -#else - l_key[i] = in_key[i]; -#endif - i++; - } - - if (key_len < 256) - { - while(i < 8) - - l_key[i++] = 0; - - i = key_len / 32; lk = 1 << key_len % 32; - - l_key[i] &= lk - 1; - l_key[i] |= lk; - } - - for(i = 0; i < 132; ++i) - { - lk = l_key[i] ^ l_key[i + 3] ^ l_key[i + 5] - ^ l_key[i + 7] ^ 0x9e3779b9 ^ i; - - l_key[i + 8] = (lk << 11) | (lk >> 21); - } - - GETKEY(r0, r1, r2, r3, 0); - S3(r0,r1,r2,r3,r4); - SETKEY(r1, r2, r3, r4, 0) - - GETKEY(r0, r1, r2, r3, 4); - S2(r0,r1,r2,r3,r4); - SETKEY(r2, r3, r1, r4, 4) - - GETKEY(r0, r1, r2, r3, 8); - S1(r0,r1,r2,r3,r4); - SETKEY(r3, r1, r2, r0, 8) - - GETKEY(r0, r1, r2, r3, 12); - S0(r0,r1,r2,r3,r4); - SETKEY(r1, r4, r2, r0, 12) - - GETKEY(r0, r1, r2, r3, 16); - S7(r0,r1,r2,r3,r4); - SETKEY(r2, r4, r3, r0, 16) - - GETKEY(r0, r1, r2, r3, 20); - S6(r0,r1,r2,r3,r4) - SETKEY(r0, r1, r4, r2, 20) - - GETKEY(r0, r1, r2, r3, 24); - S5(r0,r1,r2,r3,r4); - SETKEY(r1, r3, r0, r2, 24) - - GETKEY(r0, r1, r2, r3, 28); - S4(r0,r1,r2,r3,r4) - SETKEY(r1, r4, r0, r3, 28) - - GETKEY(r0, r1, r2, r3, 32); - S3(r0,r1,r2,r3,r4); - SETKEY(r1, r2, r3, r4, 32) - - GETKEY(r0, r1, r2, r3, 36); - S2(r0,r1,r2,r3,r4); - SETKEY(r2, r3, r1, r4, 36) - - GETKEY(r0, r1, r2, r3, 40); - S1(r0,r1,r2,r3,r4); - SETKEY(r3, r1, r2, r0, 40) - - GETKEY(r0, r1, r2, r3, 44); - S0(r0,r1,r2,r3,r4); - SETKEY(r1, r4, r2, r0, 44) - - GETKEY(r0, r1, r2, r3, 48); - S7(r0,r1,r2,r3,r4); - SETKEY(r2, r4, r3, r0, 48) - - GETKEY(r0, r1, r2, r3, 52); - S6(r0,r1,r2,r3,r4) - SETKEY(r0, r1, r4, r2, 52) - - GETKEY(r0, r1, r2, r3, 56); - S5(r0,r1,r2,r3,r4); - SETKEY(r1, r3, r0, r2, 56) - - GETKEY(r0, r1, r2, r3, 60); - S4(r0,r1,r2,r3,r4) - SETKEY(r1, r4, r0, r3, 60) - - GETKEY(r0, r1, r2, r3, 64); - S3(r0,r1,r2,r3,r4); - SETKEY(r1, r2, r3, r4, 64) - - GETKEY(r0, r1, r2, r3, 68); - S2(r0,r1,r2,r3,r4); - SETKEY(r2, r3, r1, r4, 68) - - GETKEY(r0, r1, r2, r3, 72); - S1(r0,r1,r2,r3,r4); - SETKEY(r3, r1, r2, r0, 72) - - GETKEY(r0, r1, r2, r3, 76); - S0(r0,r1,r2,r3,r4); - SETKEY(r1, r4, r2, r0, 76) - - GETKEY(r0, r1, r2, r3, 80); - S7(r0,r1,r2,r3,r4); - SETKEY(r2, r4, r3, r0, 80) - - GETKEY(r0, r1, r2, r3, 84); - S6(r0,r1,r2,r3,r4) - SETKEY(r0, r1, r4, r2, 84) - - GETKEY(r0, r1, r2, r3, 88); - S5(r0,r1,r2,r3,r4); - SETKEY(r1, r3, r0, r2, 88) - - GETKEY(r0, r1, r2, r3, 92); - S4(r0,r1,r2,r3,r4) - SETKEY(r1, r4, r0, r3, 92) - - GETKEY(r0, r1, r2, r3, 96); - S3(r0,r1,r2,r3,r4); - SETKEY(r1, r2, r3, r4, 96) - - GETKEY(r0, r1, r2, r3, 100); - S2(r0,r1,r2,r3,r4); - SETKEY(r2, r3, r1, r4, 100) - - GETKEY(r0, r1, r2, r3, 104); - S1(r0,r1,r2,r3,r4); - SETKEY(r3, r1, r2, r0, 104) - - GETKEY(r0, r1, r2, r3, 108); - S0(r0,r1,r2,r3,r4); - SETKEY(r1, r4, r2, r0, 108) - - GETKEY(r0, r1, r2, r3, 112); - S7(r0,r1,r2,r3,r4); - SETKEY(r2, r4, r3, r0, 112) - - GETKEY(r0, r1, r2, r3, 116); - S6(r0,r1,r2,r3,r4) - SETKEY(r0, r1, r4, r2, 116) - - GETKEY(r0, r1, r2, r3, 120); - S5(r0,r1,r2,r3,r4); - SETKEY(r1, r3, r0, r2, 120) - - GETKEY(r0, r1, r2, r3, 124); - S4(r0,r1,r2,r3,r4) - SETKEY(r1, r4, r0, r3, 124) - - GETKEY(r0, r1, r2, r3, 128); - S3(r0,r1,r2,r3,r4); - SETKEY(r1, r2, r3, r4, 128) - - return 0; -}; - -/* Encryption and decryption functions. The rounds are fully inlined. - * The sboxes alters the bit order of the output, and the altered - * bit ordrer is used progressivly. */ - -/* encrypt a block of text */ - -int serpent_encrypt(serpent_context *cx, const u8 *in, - u8 *out) -{ u32 *l_key = cx->keyinfo; - const u32 *in_blk = (const u32 *) in; - u32 *out_blk = (u32 *) out; - u32 r0,r1,r2,r3,r4; - -#ifdef BLOCK_SWAP - r0 = io_swap(in_blk[3]); r1 = io_swap(in_blk[2]); - r2 = io_swap(in_blk[1]); r3 = io_swap(in_blk[0]); -#else - r0 = in_blk[0]; r1 = in_blk[1]; r2 = in_blk[2]; r3 = in_blk[3]; -#endif - - /* round 1 */ - KEYMIX(r0,r1,r2,r3,r4,0); - S0(r0,r1,r2,r3,r4); - LINTRANS(r1,r4,r2,r0,r3); - - /* round 2 */ - KEYMIX(r1,r4,r2,r0,r3,4); - S1(r1,r4,r2,r0,r3); - LINTRANS(r0,r4,r2,r1,r3); - - /* round 3 */ - KEYMIX(r0,r4,r2,r1,r3,8); - S2(r0,r4,r2,r1,r3); - LINTRANS(r2,r1,r4,r3,r0); - - /* round 4 */ - KEYMIX(r2,r1,r4,r3,r0,12); - S3(r2,r1,r4,r3,r0); - LINTRANS(r1,r4,r3,r0,r2); - - /* round 5 */ - KEYMIX(r1,r4,r3,r0,r2,16); - S4(r1,r4,r3,r0,r2) - LINTRANS(r4,r2,r1,r0,r3); - - /* round 6 */ - KEYMIX(r4,r2,r1,r0,r3,20); - S5(r4,r2,r1,r0,r3); - LINTRANS(r2,r0,r4,r1,r3); - - /* round 7 */ - KEYMIX(r2,r0,r4,r1,r3,24); - S6(r2,r0,r4,r1,r3) - LINTRANS(r2,r0,r3,r4,r1); - - /* round 8 */ - KEYMIX(r2,r0,r3,r4,r1,28); - S7(r2,r0,r3,r4,r1); - LINTRANS(r3,r1,r4,r2,r0); - - /* round 9 */ - KEYMIX(r3,r1,r4,r2,r0,32); - S0(r3,r1,r4,r2,r0); - LINTRANS(r1,r0,r4,r3,r2); - - /* round 10 */ - KEYMIX(r1,r0,r4,r3,r2,36); - S1(r1,r0,r4,r3,r2); - LINTRANS(r3,r0,r4,r1,r2); - - /* round 11 */ - KEYMIX(r3,r0,r4,r1,r2,40); - S2(r3,r0,r4,r1,r2); - LINTRANS(r4,r1,r0,r2,r3); - - /* round 12 */ - KEYMIX(r4,r1,r0,r2,r3,44); - S3(r4,r1,r0,r2,r3); - LINTRANS(r1,r0,r2,r3,r4); - - /* round 13 */ - KEYMIX(r1,r0,r2,r3,r4,48); - S4(r1,r0,r2,r3,r4) - LINTRANS(r0,r4,r1,r3,r2); - - /* round 14 */ - KEYMIX(r0,r4,r1,r3,r2,52); - S5(r0,r4,r1,r3,r2); - LINTRANS(r4,r3,r0,r1,r2); - - /* round 15 */ - KEYMIX(r4,r3,r0,r1,r2,56); - S6(r4,r3,r0,r1,r2) - LINTRANS(r4,r3,r2,r0,r1); - - /* round 16 */ - KEYMIX(r4,r3,r2,r0,r1,60); - S7(r4,r3,r2,r0,r1); - LINTRANS(r2,r1,r0,r4,r3); - - /* round 17 */ - KEYMIX(r2,r1,r0,r4,r3,64); - S0(r2,r1,r0,r4,r3); - LINTRANS(r1,r3,r0,r2,r4); - - /* round 18 */ - KEYMIX(r1,r3,r0,r2,r4,68); - S1(r1,r3,r0,r2,r4); - LINTRANS(r2,r3,r0,r1,r4); - - /* round 19 */ - KEYMIX(r2,r3,r0,r1,r4,72); - S2(r2,r3,r0,r1,r4); - LINTRANS(r0,r1,r3,r4,r2); - - /* round 20 */ - KEYMIX(r0,r1,r3,r4,r2,76); - S3(r0,r1,r3,r4,r2); - LINTRANS(r1,r3,r4,r2,r0); - - /* round 21 */ - KEYMIX(r1,r3,r4,r2,r0,80); - S4(r1,r3,r4,r2,r0) - LINTRANS(r3,r0,r1,r2,r4); - - /* round 22 */ - KEYMIX(r3,r0,r1,r2,r4,84); - S5(r3,r0,r1,r2,r4); - LINTRANS(r0,r2,r3,r1,r4); - - /* round 23 */ - KEYMIX(r0,r2,r3,r1,r4,88); - S6(r0,r2,r3,r1,r4) - LINTRANS(r0,r2,r4,r3,r1); - - /* round 24 */ - KEYMIX(r0,r2,r4,r3,r1,92); - S7(r0,r2,r4,r3,r1); - LINTRANS(r4,r1,r3,r0,r2); - - /* round 25 */ - KEYMIX(r4,r1,r3,r0,r2,96); - S0(r4,r1,r3,r0,r2); - LINTRANS(r1,r2,r3,r4,r0); - - /* round 26 */ - KEYMIX(r1,r2,r3,r4,r0,100); - S1(r1,r2,r3,r4,r0); - LINTRANS(r4,r2,r3,r1,r0); - - /* round 27 */ - KEYMIX(r4,r2,r3,r1,r0,104); - S2(r4,r2,r3,r1,r0); - LINTRANS(r3,r1,r2,r0,r4); - - /* round 28 */ - KEYMIX(r3,r1,r2,r0,r4,108); - S3(r3,r1,r2,r0,r4); - LINTRANS(r1,r2,r0,r4,r3); - - /* round 29 */ - KEYMIX(r1,r2,r0,r4,r3,112); - S4(r1,r2,r0,r4,r3) - LINTRANS(r2,r3,r1,r4,r0); - - /* round 30 */ - KEYMIX(r2,r3,r1,r4,r0,116); - S5(r2,r3,r1,r4,r0); - LINTRANS(r3,r4,r2,r1,r0); - - /* round 31 */ - KEYMIX(r3,r4,r2,r1,r0,120); - S6(r3,r4,r2,r1,r0) - LINTRANS(r3,r4,r0,r2,r1); - - /* round 32 */ - KEYMIX(r3,r4,r0,r2,r1,124); - S7(r3,r4,r0,r2,r1); - KEYMIX(r0,r1,r2,r3,r4,128); - - -#ifdef BLOCK_SWAP - out_blk[3] = io_swap(r0); out_blk[2] = io_swap(r1); - out_blk[1] = io_swap(r2); out_blk[0] = io_swap(r3); -#else - out_blk[0] = r0; out_blk[1] = r1; out_blk[2] = r2; out_blk[3] = r3; -#endif - return 0; -}; - -/* decrypt a block of text */ - -int serpent_decrypt(serpent_context *cx, const u8 *in, - u8 *out) -{ u32 *l_key = cx->keyinfo; - const u32 *in_blk = (const u32 *)in; - u32 *out_blk = (u32 *)out; - u32 r0,r1,r2,r3,r4; - -#ifdef BLOCK_SWAP - r0 = io_swap(in_blk[3]); r1 = io_swap(in_blk[2]); - r2 = io_swap(in_blk[1]); r3 = io_swap(in_blk[0]); -#else - r0 = in_blk[0]; r1 = in_blk[1]; r2 = in_blk[2]; r3 = in_blk[3]; -#endif - - /* round 1 */ - KEYMIX(r0,r1,r2,r3,r4,128); - I7(r0,r1,r2,r3,r4); - KEYMIX(r3,r0,r1,r4,r2,124); - - /* round 2 */ - ILINTRANS(r3,r0,r1,r4,r2); - I6(r3,r0,r1,r4,r2); - KEYMIX(r0,r1,r2,r4,r3,120); - - /* round 3 */ - ILINTRANS(r0,r1,r2,r4,r3); - I5(r0,r1,r2,r4,r3); - KEYMIX(r1,r3,r4,r2,r0,116); - - /* round 4 */ - ILINTRANS(r1,r3,r4,r2,r0); - I4(r1,r3,r4,r2,r0); - KEYMIX(r1,r2,r4,r0,r3,112); - - /* round 5 */ - ILINTRANS(r1,r2,r4,r0,r3); - I3(r1,r2,r4,r0,r3); - KEYMIX(r4,r2,r0,r1,r3,108); - - /* round 6 */ - ILINTRANS(r4,r2,r0,r1,r3); - I2(r4,r2,r0,r1,r3); - KEYMIX(r2,r3,r0,r1,r4,104); - - /* round 7 */ - ILINTRANS(r2,r3,r0,r1,r4); - I1(r2,r3,r0,r1,r4); - KEYMIX(r4,r2,r1,r0,r3,100); - - /* round 8 */ - ILINTRANS(r4,r2,r1,r0,r3); - I0(r4,r2,r1,r0,r3); - KEYMIX(r4,r3,r2,r0,r1,96); - - /* round 9 */ - ILINTRANS(r4,r3,r2,r0,r1); - I7(r4,r3,r2,r0,r1); - KEYMIX(r0,r4,r3,r1,r2,92); - - /* round 10 */ - ILINTRANS(r0,r4,r3,r1,r2); - I6(r0,r4,r3,r1,r2); - KEYMIX(r4,r3,r2,r1,r0,88); - - /* round 11 */ - ILINTRANS(r4,r3,r2,r1,r0); - I5(r4,r3,r2,r1,r0); - KEYMIX(r3,r0,r1,r2,r4,84); - - /* round 12 */ - ILINTRANS(r3,r0,r1,r2,r4); - I4(r3,r0,r1,r2,r4); - KEYMIX(r3,r2,r1,r4,r0,80); - - /* round 13 */ - ILINTRANS(r3,r2,r1,r4,r0); - I3(r3,r2,r1,r4,r0); - KEYMIX(r1,r2,r4,r3,r0,76); - - /* round 14 */ - ILINTRANS(r1,r2,r4,r3,r0); - I2(r1,r2,r4,r3,r0); - KEYMIX(r2,r0,r4,r3,r1,72); - - /* round 15 */ - ILINTRANS(r2,r0,r4,r3,r1); - I1(r2,r0,r4,r3,r1); - KEYMIX(r1,r2,r3,r4,r0,68); - - /* round 16 */ - ILINTRANS(r1,r2,r3,r4,r0); - I0(r1,r2,r3,r4,r0); - KEYMIX(r1,r0,r2,r4,r3,64); - - /* round 17 */ - ILINTRANS(r1,r0,r2,r4,r3); - I7(r1,r0,r2,r4,r3); - KEYMIX(r4,r1,r0,r3,r2,60); - - /* round 18 */ - ILINTRANS(r4,r1,r0,r3,r2); - I6(r4,r1,r0,r3,r2); - KEYMIX(r1,r0,r2,r3,r4,56); - - /* round 19 */ - ILINTRANS(r1,r0,r2,r3,r4); - I5(r1,r0,r2,r3,r4); - KEYMIX(r0,r4,r3,r2,r1,52); - - /* round 20 */ - ILINTRANS(r0,r4,r3,r2,r1); - I4(r0,r4,r3,r2,r1); - KEYMIX(r0,r2,r3,r1,r4,48); - - /* round 21 */ - ILINTRANS(r0,r2,r3,r1,r4); - I3(r0,r2,r3,r1,r4); - KEYMIX(r3,r2,r1,r0,r4,44); - - /* round 22 */ - ILINTRANS(r3,r2,r1,r0,r4); - I2(r3,r2,r1,r0,r4); - KEYMIX(r2,r4,r1,r0,r3,40); - - /* round 23 */ - ILINTRANS(r2,r4,r1,r0,r3); - I1(r2,r4,r1,r0,r3); - KEYMIX(r3,r2,r0,r1,r4,36); - - /* round 24 */ - ILINTRANS(r3,r2,r0,r1,r4); - I0(r3,r2,r0,r1,r4); - KEYMIX(r3,r4,r2,r1,r0,32); - - /* round 25 */ - ILINTRANS(r3,r4,r2,r1,r0); - I7(r3,r4,r2,r1,r0); - KEYMIX(r1,r3,r4,r0,r2,28); - - /* round 26 */ - ILINTRANS(r1,r3,r4,r0,r2); - I6(r1,r3,r4,r0,r2); - KEYMIX(r3,r4,r2,r0,r1,24); - - /* round 27 */ - ILINTRANS(r3,r4,r2,r0,r1); - I5(r3,r4,r2,r0,r1); - KEYMIX(r4,r1,r0,r2,r3,20); - - /* round 28 */ - ILINTRANS(r4,r1,r0,r2,r3); - I4(r4,r1,r0,r2,r3); - KEYMIX(r4,r2,r0,r3,r1,16); - - /* round 29 */ - ILINTRANS(r4,r2,r0,r3,r1); - I3(r4,r2,r0,r3,r1); - KEYMIX(r0,r2,r3,r4,r1,12); - - /* round 30 */ - ILINTRANS(r0,r2,r3,r4,r1); - I2(r0,r2,r3,r4,r1); - KEYMIX(r2,r1,r3,r4,r0,8); - - /* round 31 */ - ILINTRANS(r2,r1,r3,r4,r0); - I1(r2,r1,r3,r4,r0); - KEYMIX(r0,r2,r4,r3,r1,4); - - /* round 32 */ - ILINTRANS(r0,r2,r4,r3,r1); - I0(r0,r2,r4,r3,r1); - KEYMIX(r0,r1,r2,r3,r4,0); - -#ifdef BLOCK_SWAP - out_blk[3] = io_swap(r0); out_blk[2] = io_swap(r1); - out_blk[1] = io_swap(r2); out_blk[0] = io_swap(r3); -#else - out_blk[0] = r0; out_blk[1] = r1; out_blk[2] = r2; out_blk[3] = r3; -#endif - return 0; -}; - - diff --git a/lib/libcrypto/libserpent/serpent.h b/lib/libcrypto/libserpent/serpent.h deleted file mode 100644 index 6357f5bfa..000000000 --- a/lib/libcrypto/libserpent/serpent.h +++ /dev/null @@ -1,17 +0,0 @@ -#ifndef SERPENT_H -#define SERPENT_H -#ifdef __KERNEL__ -#include -#else -#include -#define u32 u_int32_t -#define u8 u_int8_t -#endif -struct serpent_context { - u32 keyinfo[140]; /* storage for the key schedule */ -}; -typedef struct serpent_context serpent_context; -int serpent_set_key(serpent_context *ctx, const u8 * in_key, int key_len); -int serpent_decrypt(serpent_context *ctx, const u8 * in_blk, u8 * out_blk); -int serpent_encrypt(serpent_context *ctx, const u8 * in_blk, u8 * out_blk); -#endif /* SERPENT_H */ diff --git a/lib/libcrypto/libserpent/serpent_cbc.c b/lib/libcrypto/libserpent/serpent_cbc.c deleted file mode 100644 index 3b546278a..000000000 --- a/lib/libcrypto/libserpent/serpent_cbc.c +++ /dev/null @@ -1,8 +0,0 @@ -#ifdef __KERNEL__ -#include -#else -#include -#endif -#include "serpent_cbc.h" -#include "cbc_generic.h" -CBC_IMPL_BLK16(serpent_cbc_encrypt, serpent_context, u_int8_t *, serpent_encrypt, serpent_decrypt); diff --git a/lib/libcrypto/libserpent/serpent_cbc.h b/lib/libcrypto/libserpent/serpent_cbc.h deleted file mode 100644 index 3064fa3bc..000000000 --- a/lib/libcrypto/libserpent/serpent_cbc.h +++ /dev/null @@ -1,3 +0,0 @@ -/* Glue header */ -#include "serpent.h" -int serpent_cbc_encrypt(serpent_context *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t * iv, int encrypt); diff --git a/lib/libcrypto/libserpent/test_main.c b/lib/libcrypto/libserpent/test_main.c deleted file mode 100644 index 350068e60..000000000 --- a/lib/libcrypto/libserpent/test_main.c +++ /dev/null @@ -1,34 +0,0 @@ -#include -#include -#include "serpent_cbc.h" -#define BLOCK_SIZE 16 -#define KEY_SIZE 128 /* bits */ -#define KEY "1234567890123456" -#define STR "hola guaso como estaisss ... 012" -#define STRSZ (sizeof(STR)-1) - -#define BLKLEN BLOCK_SIZE -#define CONTEXT_T serpent_context -static int pretty_print(const unsigned char *buf, int count) { - int i=0; - for (;i -#include -#else -#include -#include -#endif -#include "hmac_generic.h" -#include "sha2.h" -#include "hmac_sha2.h" - -void inline sha256_result(sha256_context *ctx, u_int8_t * hash, int hashlen) { - sha256_final(ctx); - memcpy(hash, &ctx->sha_out[0], hashlen); -} -void inline sha512_result(sha512_context *ctx, u_int8_t * hash, int hashlen) { - sha512_final(ctx); - memcpy(hash, &ctx->sha_out[0], hashlen); -} -HMAC_SET_KEY_IMPL (sha256_hmac_set_key, - sha256_hmac_context, SHA256_BLOCKSIZE, - sha256_init, sha256_write) -HMAC_HASH_IMPL (sha256_hmac_hash, - sha256_hmac_context, sha256_context, SHA256_HASHLEN, - sha256_write, sha256_result) - -HMAC_SET_KEY_IMPL (sha512_hmac_set_key, - sha512_hmac_context, SHA512_BLOCKSIZE, - sha512_init, sha512_write) -HMAC_HASH_IMPL (sha512_hmac_hash, - sha512_hmac_context, sha512_context, SHA512_HASHLEN, - sha512_write, sha512_result) diff --git a/lib/libcrypto/libsha2/hmac_sha2.h b/lib/libcrypto/libsha2/hmac_sha2.h deleted file mode 100644 index b7f8c747c..000000000 --- a/lib/libcrypto/libsha2/hmac_sha2.h +++ /dev/null @@ -1,17 +0,0 @@ -typedef struct { - sha256_context ictx,octx; -} sha256_hmac_context; -typedef struct { - sha512_context ictx,octx; -} sha512_hmac_context; -#define SHA256_BLOCKSIZE 64 -#define SHA256_HASHLEN 32 -#define SHA384_BLOCKSIZE 128 /* XXX ok? */ -#define SHA384_HASHLEN 48 -#define SHA512_BLOCKSIZE 128 -#define SHA512_HASHLEN 64 - -void sha256_hmac_hash(sha256_hmac_context *hctx, const u_int8_t * dat, int len, u_int8_t * hash, int hashlen); -void sha256_hmac_set_key(sha256_hmac_context *hctx, const u_int8_t * key, int keylen); -void sha512_hmac_hash(sha512_hmac_context *hctx, const u_int8_t * dat, int len, u_int8_t * hash, int hashlen); -void sha512_hmac_set_key(sha512_hmac_context *hctx, const u_int8_t * key, int keylen); diff --git a/lib/libcrypto/libsha2/sha2.c b/lib/libcrypto/libsha2/sha2.c deleted file mode 100644 index 4debdad67..000000000 --- a/lib/libcrypto/libsha2/sha2.c +++ /dev/null @@ -1,437 +0,0 @@ -/* - * sha512.c - * - * Written by Jari Ruusu, April 16 2001 - * - * Copyright 2001 by Jari Ruusu. - * Redistribution of this file is permitted under the GNU Public License. - */ - -#ifdef __KERNEL__ -#include -#include -#else -#include -#include -#endif -#include "sha2.h" - -/* Define one or more of these. If none is defined, you get all of them */ -#if !defined(SHA256_NEEDED)&&!defined(SHA512_NEEDED)&&!defined(SHA384_NEEDED) -# define SHA256_NEEDED 1 -# define SHA512_NEEDED 1 -# define SHA384_NEEDED 1 -#endif - -#if defined(SHA256_NEEDED) -static const u_int32_t sha256_hashInit[8] = { - 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, - 0x1f83d9ab, 0x5be0cd19 -}; -static const u_int32_t sha256_K[64] = { - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, - 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, - 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, - 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, - 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, - 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -}; -#endif - -#if defined(SHA512_NEEDED) -static const u_int64_t sha512_hashInit[8] = { - 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, - 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL -}; -#endif - -#if defined(SHA384_NEEDED) -static const u_int64_t sha384_hashInit[8] = { - 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, - 0x152fecd8f70e5939ULL, 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, - 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL -}; -#endif - -#if defined(SHA512_NEEDED) || defined(SHA384_NEEDED) -static const u_int64_t sha512_K[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, - 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, - 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, - 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, - 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, - 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, - 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, - 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, - 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, - 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, - 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, - 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, - 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, - 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; -#endif - -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -#define R(x,y) ((y) >> (x)) - -#if defined(SHA256_NEEDED) -void sha256_init(sha256_context *ctx) -{ - memcpy(&ctx->sha_H[0], &sha256_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_bufCnt = 0; -} - -#define S(x,y) (((y) >> (x)) | ((y) << (32 - (x)))) -#define uSig0(x) ((S(2,(x))) ^ (S(13,(x))) ^ (S(22,(x)))) -#define uSig1(x) ((S(6,(x))) ^ (S(11,(x))) ^ (S(25,(x)))) -#define lSig0(x) ((S(7,(x))) ^ (S(18,(x))) ^ (R(3,(x)))) -#define lSig1(x) ((S(17,(x))) ^ (S(19,(x))) ^ (R(10,(x)))) - -static void sha256_transform(sha256_context *ctx, const unsigned char *datap) -{ - register int j; - u_int32_t a, b, c, d, e, f, g, h; - u_int32_t T1, T2, W[64], Wm2, Wm15; - - /* read the data, big endian byte order */ - j = 0; - do { - W[j] = (((u_int32_t)(datap[0]))<<24) | (((u_int32_t)(datap[1]))<<16) | - (((u_int32_t)(datap[2]))<<8 ) | ((u_int32_t)(datap[3])); - datap += 4; - } while(++j < 16); - - /* initialize variables a...h */ - a = ctx->sha_H[0]; - b = ctx->sha_H[1]; - c = ctx->sha_H[2]; - d = ctx->sha_H[3]; - e = ctx->sha_H[4]; - f = ctx->sha_H[5]; - g = ctx->sha_H[6]; - h = ctx->sha_H[7]; - - /* apply compression function */ - j = 0; - do { - if(j >= 16) { - Wm2 = W[j - 2]; - Wm15 = W[j - 15]; - W[j] = lSig1(Wm2) + W[j - 7] + lSig0(Wm15) + W[j - 16]; - } - T1 = h + uSig1(e) + Ch(e,f,g) + sha256_K[j] + W[j]; - T2 = uSig0(a) + Maj(a,b,c); - h = g; g = f; f = e; - e = d + T1; - d = c; c = b; b = a; - a = T1 + T2; - } while(++j < 64); - - /* compute intermediate hash value */ - ctx->sha_H[0] += a; - ctx->sha_H[1] += b; - ctx->sha_H[2] += c; - ctx->sha_H[3] += d; - ctx->sha_H[4] += e; - ctx->sha_H[5] += f; - ctx->sha_H[6] += g; - ctx->sha_H[7] += h; - - ctx->sha_blocks++; -} - -void sha256_write(sha256_context *ctx, const unsigned char *datap, int length) -{ - while(length > 0) { - if(!ctx->sha_bufCnt) { - while(length >= sizeof(ctx->sha_out)) { - sha256_transform(ctx, datap); - datap += sizeof(ctx->sha_out); - length -= sizeof(ctx->sha_out); - } - if(!length) return; - } - ctx->sha_out[ctx->sha_bufCnt] = *datap++; - length--; - if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) { - sha256_transform(ctx, &ctx->sha_out[0]); - ctx->sha_bufCnt = 0; - } - } -} - -void sha256_final(sha256_context *ctx) -{ - register int j; - u_int64_t bitLength; - u_int32_t i; - unsigned char padByte, *datap; - - bitLength = (ctx->sha_blocks << 9) | (ctx->sha_bufCnt << 3); - padByte = 0x80; - sha256_write(ctx, &padByte, 1); - - /* pad extra space with zeroes */ - padByte = 0; - while(ctx->sha_bufCnt != 56) { - sha256_write(ctx, &padByte, 1); - } - - /* write bit length, big endian byte order */ - ctx->sha_out[56] = bitLength >> 56; - ctx->sha_out[57] = bitLength >> 48; - ctx->sha_out[58] = bitLength >> 40; - ctx->sha_out[59] = bitLength >> 32; - ctx->sha_out[60] = bitLength >> 24; - ctx->sha_out[61] = bitLength >> 16; - ctx->sha_out[62] = bitLength >> 8; - ctx->sha_out[63] = bitLength; - sha256_transform(ctx, &ctx->sha_out[0]); - - /* return results in ctx->sha_out[0...31] */ - datap = &ctx->sha_out[0]; - j = 0; - do { - i = ctx->sha_H[j]; - datap[0] = i >> 24; - datap[1] = i >> 16; - datap[2] = i >> 8; - datap[3] = i; - datap += 4; - } while(++j < 8); - - /* clear sensitive information */ - memset(&ctx->sha_out[32], 0, sizeof(sha256_context) - 32); -} - -void sha256_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole) -{ - sha256_context ctx; - - if(ole < 1) return; - memset(ob, 0, ole); - if(ole > 32) ole = 32; - sha256_init(&ctx); - sha256_write(&ctx, ib, ile); - sha256_final(&ctx); - memcpy(ob, &ctx.sha_out[0], ole); - memset(&ctx, 0, sizeof(ctx)); -} - -#endif - -#if defined(SHA512_NEEDED) -void sha512_init(sha512_context *ctx) -{ - memcpy(&ctx->sha_H[0], &sha512_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_blocksMSB = 0; - ctx->sha_bufCnt = 0; -} -#endif - -#if defined(SHA512_NEEDED) || defined(SHA384_NEEDED) -#undef S -#undef uSig0 -#undef uSig1 -#undef lSig0 -#undef lSig1 -#define S(x,y) (((y) >> (x)) | ((y) << (64 - (x)))) -#define uSig0(x) ((S(28,(x))) ^ (S(34,(x))) ^ (S(39,(x)))) -#define uSig1(x) ((S(14,(x))) ^ (S(18,(x))) ^ (S(41,(x)))) -#define lSig0(x) ((S(1,(x))) ^ (S(8,(x))) ^ (R(7,(x)))) -#define lSig1(x) ((S(19,(x))) ^ (S(61,(x))) ^ (R(6,(x)))) - -static void sha512_transform(sha512_context *ctx, const unsigned char *datap) -{ - register int j; - u_int64_t a, b, c, d, e, f, g, h; - u_int64_t T1, T2, W[80], Wm2, Wm15; - - /* read the data, big endian byte order */ - j = 0; - do { - W[j] = (((u_int64_t)(datap[0]))<<56) | (((u_int64_t)(datap[1]))<<48) | - (((u_int64_t)(datap[2]))<<40) | (((u_int64_t)(datap[3]))<<32) | - (((u_int64_t)(datap[4]))<<24) | (((u_int64_t)(datap[5]))<<16) | - (((u_int64_t)(datap[6]))<<8 ) | ((u_int64_t)(datap[7])); - datap += 8; - } while(++j < 16); - - /* initialize variables a...h */ - a = ctx->sha_H[0]; - b = ctx->sha_H[1]; - c = ctx->sha_H[2]; - d = ctx->sha_H[3]; - e = ctx->sha_H[4]; - f = ctx->sha_H[5]; - g = ctx->sha_H[6]; - h = ctx->sha_H[7]; - - /* apply compression function */ - j = 0; - do { - if(j >= 16) { - Wm2 = W[j - 2]; - Wm15 = W[j - 15]; - W[j] = lSig1(Wm2) + W[j - 7] + lSig0(Wm15) + W[j - 16]; - } - T1 = h + uSig1(e) + Ch(e,f,g) + sha512_K[j] + W[j]; - T2 = uSig0(a) + Maj(a,b,c); - h = g; g = f; f = e; - e = d + T1; - d = c; c = b; b = a; - a = T1 + T2; - } while(++j < 80); - - /* compute intermediate hash value */ - ctx->sha_H[0] += a; - ctx->sha_H[1] += b; - ctx->sha_H[2] += c; - ctx->sha_H[3] += d; - ctx->sha_H[4] += e; - ctx->sha_H[5] += f; - ctx->sha_H[6] += g; - ctx->sha_H[7] += h; - - ctx->sha_blocks++; - if(!ctx->sha_blocks) ctx->sha_blocksMSB++; -} - -void sha512_write(sha512_context *ctx, const unsigned char *datap, int length) -{ - while(length > 0) { - if(!ctx->sha_bufCnt) { - while(length >= sizeof(ctx->sha_out)) { - sha512_transform(ctx, datap); - datap += sizeof(ctx->sha_out); - length -= sizeof(ctx->sha_out); - } - if(!length) return; - } - ctx->sha_out[ctx->sha_bufCnt] = *datap++; - length--; - if(++ctx->sha_bufCnt == sizeof(ctx->sha_out)) { - sha512_transform(ctx, &ctx->sha_out[0]); - ctx->sha_bufCnt = 0; - } - } -} - -void sha512_final(sha512_context *ctx) -{ - register int j; - u_int64_t bitLength, bitLengthMSB; - u_int64_t i; - unsigned char padByte, *datap; - - bitLength = (ctx->sha_blocks << 10) | (ctx->sha_bufCnt << 3); - bitLengthMSB = (ctx->sha_blocksMSB << 10) | (ctx->sha_blocks >> 54); - padByte = 0x80; - sha512_write(ctx, &padByte, 1); - - /* pad extra space with zeroes */ - padByte = 0; - while(ctx->sha_bufCnt != 112) { - sha512_write(ctx, &padByte, 1); - } - - /* write bit length, big endian byte order */ - ctx->sha_out[112] = bitLengthMSB >> 56; - ctx->sha_out[113] = bitLengthMSB >> 48; - ctx->sha_out[114] = bitLengthMSB >> 40; - ctx->sha_out[115] = bitLengthMSB >> 32; - ctx->sha_out[116] = bitLengthMSB >> 24; - ctx->sha_out[117] = bitLengthMSB >> 16; - ctx->sha_out[118] = bitLengthMSB >> 8; - ctx->sha_out[119] = bitLengthMSB; - ctx->sha_out[120] = bitLength >> 56; - ctx->sha_out[121] = bitLength >> 48; - ctx->sha_out[122] = bitLength >> 40; - ctx->sha_out[123] = bitLength >> 32; - ctx->sha_out[124] = bitLength >> 24; - ctx->sha_out[125] = bitLength >> 16; - ctx->sha_out[126] = bitLength >> 8; - ctx->sha_out[127] = bitLength; - sha512_transform(ctx, &ctx->sha_out[0]); - - /* return results in ctx->sha_out[0...63] */ - datap = &ctx->sha_out[0]; - j = 0; - do { - i = ctx->sha_H[j]; - datap[0] = i >> 56; - datap[1] = i >> 48; - datap[2] = i >> 40; - datap[3] = i >> 32; - datap[4] = i >> 24; - datap[5] = i >> 16; - datap[6] = i >> 8; - datap[7] = i; - datap += 8; - } while(++j < 8); - - /* clear sensitive information */ - memset(&ctx->sha_out[64], 0, sizeof(sha512_context) - 64); -} - -void sha512_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole) -{ - sha512_context ctx; - - if(ole < 1) return; - memset(ob, 0, ole); - if(ole > 64) ole = 64; - sha512_init(&ctx); - sha512_write(&ctx, ib, ile); - sha512_final(&ctx); - memcpy(ob, &ctx.sha_out[0], ole); - memset(&ctx, 0, sizeof(ctx)); -} -#endif - -#if defined(SHA384_NEEDED) -void sha384_init(sha512_context *ctx) -{ - memcpy(&ctx->sha_H[0], &sha384_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_blocksMSB = 0; - ctx->sha_bufCnt = 0; -} - -void sha384_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, int ole) -{ - sha512_context ctx; - - if(ole < 1) return; - memset(ob, 0, ole); - if(ole > 48) ole = 48; - sha384_init(&ctx); - sha512_write(&ctx, ib, ile); - sha512_final(&ctx); - memcpy(ob, &ctx.sha_out[0], ole); - memset(&ctx, 0, sizeof(ctx)); -} -#endif diff --git a/lib/libcrypto/libsha2/sha2.h b/lib/libcrypto/libsha2/sha2.h deleted file mode 100644 index 2dc03cfa8..000000000 --- a/lib/libcrypto/libsha2/sha2.h +++ /dev/null @@ -1,52 +0,0 @@ -#ifndef _SHA2_H -#define _SHA2_H -/* - * sha512.h - * - * Written by Jari Ruusu, April 16 2001 - * - * Copyright 2001 by Jari Ruusu. - * Redistribution of this file is permitted under the GNU Public License. - */ - -#ifdef __KERNEL__ -#include -#else -#include -#endif - -typedef struct { - unsigned char sha_out[64]; /* results are here, bytes 0...31 */ - u_int32_t sha_H[8]; - u_int64_t sha_blocks; - int sha_bufCnt; -} sha256_context; - -typedef struct { - unsigned char sha_out[128]; /* results are here, bytes 0...63 */ - u_int64_t sha_H[8]; - u_int64_t sha_blocks; - u_int64_t sha_blocksMSB; - int sha_bufCnt; -} sha512_context; - -/* no sha384_context, use sha512_context */ - -/* 256 bit hash, provides 128 bits of security against collision attacks */ -extern void sha256_init(sha256_context *); -extern void sha256_write(sha256_context *, const unsigned char *, int); -extern void sha256_final(sha256_context *); -extern void sha256_hash_buffer(unsigned char *, int, unsigned char *, int); - -/* 512 bit hash, provides 256 bits of security against collision attacks */ -extern void sha512_init(sha512_context *); -extern void sha512_write(sha512_context *, const unsigned char *, int); -extern void sha512_final(sha512_context *); -extern void sha512_hash_buffer(unsigned char *, int, unsigned char *, int); - -/* 384 bit hash, provides 192 bits of security against collision attacks */ -extern void sha384_init(sha512_context *); -/* no sha384_write(), use sha512_write() */ -/* no sha384_final(), use sha512_final(), result in ctx->sha_out[0...47] */ -extern void sha384_hash_buffer(unsigned char *, int, unsigned char *, int); -#endif /* _SHA2_H */ diff --git a/lib/libcrypto/libtwofish/Makefile b/lib/libcrypto/libtwofish/Makefile deleted file mode 100644 index 714fd6115..000000000 --- a/lib/libcrypto/libtwofish/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -CFLAGS=-O3 -fomit-frame-pointer -D__KERNEL__ -Wall $(EXTRA_CFLAGS) -INC=-I../include - -LIBOBJ=twofish.o twofish_cbc.o -BLIB=libtwofish.a - -.c.o: - $(CC) $(CPPFLAGS) $(CFLAGS) $(INC) -c $< -o $@ - -$(BLIB): $(LIBOBJ) - /bin/rm -f $(BLIB) - ar cr $(BLIB) $(LIBOBJ) - -if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \ - else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \ - else exit 0; fi; fi - -test: test_main.o $(BLIB) - $(CC) -o $@ $^ - -clean: - rm -f *.[oa] core $(TARGET) test diff --git a/lib/libcrypto/libtwofish/test_main.c b/lib/libcrypto/libtwofish/test_main.c deleted file mode 100644 index 1e8b0db56..000000000 --- a/lib/libcrypto/libtwofish/test_main.c +++ /dev/null @@ -1,34 +0,0 @@ -#include -#include -#include "twofish_cbc.h" -#define BLOCK_SIZE 16 -#define KEY_SIZE 128 /* bits */ -#define KEY "1234567890123456" -#define STR "hola guaso como estaisss ... 012" -#define STRSZ (sizeof(STR)-1) - -#define BLKLEN BLOCK_SIZE -#define CONTEXT_T twofish_context -static int pretty_print(const unsigned char *buf, int count) { - int i=0; - for (;i - */ - -/* Twofish for GPG - * By Matthew Skala , July 26, 1998 - * 256-bit key length added March 20, 1999 - * Some modifications to reduce the text size by Werner Koch, April, 1998 - * - * The original author has disclaimed all copyright interest in this - * code and thus putting it in the public domain. - * - * This code is a "clean room" implementation, written from the paper - * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey, - * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available - * through http://www.counterpane.com/twofish.html - * - * For background information on multiplication in finite fields, used for - * the matrix operations in the key schedule, see the book _Contemporary - * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the - * Third Edition. - * - * Only the 128- and 256-bit key sizes are supported. This code is intended - * for GNU C on a 32-bit system, but it should work almost anywhere. Loops - * are unrolled, precomputation tables are used, etc., for maximum speed at - * some cost in memory consumption. */ - -#ifdef __KERNEL__ -#include -#include -#else -#include -#define u8 u_int8_t -#define u32 u_int32_t -#endif - -#if 0 /* shouldn't this be #ifdef rotl32 ? - * Look at wordops.h: It includes asm/wordops.h. - * Anyway, we have to search in the macros for rot's, - * since they seem to be defined in a generic way. */ -#define rotl rotl32 -#define rotr rotr32 -#else -#define rotl generic_rotl32 -#define rotr generic_rotr32 -#endif - -#include "twofish.h" -/* The large precomputed tables for the Twofish cipher (twofish.c) - * Taken from the same source as twofish.c - * Marc Mutz - */ - -/* These two tables are the q0 and q1 permutations, exactly as described in - * the Twofish paper. */ - -static const u8 q0[256] = { - 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, - 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, - 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, - 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, - 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, - 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, - 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, - 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, - 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, - 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, - 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, - 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, - 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, - 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, - 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, - 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, - 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, - 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, - 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, - 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, - 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, - 0x4A, 0x5E, 0xC1, 0xE0 -}; - -static const u8 q1[256] = { - 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, - 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, - 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, - 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, - 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, - 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, - 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, - 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, - 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, - 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, - 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, - 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, - 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, - 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, - 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, - 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, - 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, - 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, - 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, - 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, - 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, - 0x55, 0x09, 0xBE, 0x91 -}; - -/* These MDS tables are actually tables of MDS composed with q0 and q1, - * because it is only ever used that way and we can save some time by - * precomputing. Of course the main saving comes from precomputing the - * GF(2^8) multiplication involved in the MDS matrix multiply; by looking - * things up in these tables we reduce the matrix multiply to four lookups - * and three XORs. Semi-formally, the definition of these tables is: - * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T - * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T - * where ^T means "transpose", the matrix multiply is performed in GF(2^8) - * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described - * by Schneier et al, and I'm casually glossing over the byte/word - * conversion issues. */ - -static const u32 mds[4][256] = { - {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B, - 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B, - 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32, - 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1, - 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA, - 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B, - 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1, - 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5, - 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490, - 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154, - 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0, - 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796, - 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228, - 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7, - 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3, - 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8, - 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477, - 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF, - 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C, - 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9, - 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA, - 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D, - 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72, - 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E, - 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76, - 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321, - 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39, - 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01, - 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D, - 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E, - 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5, - 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64, - 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7, - 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544, - 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E, - 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E, - 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A, - 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B, - 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2, - 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9, - 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504, - 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756, - 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91}, - - {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252, - 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A, - 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020, - 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141, - 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444, - 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424, - 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A, - 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757, - 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383, - 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A, - 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9, - 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656, - 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1, - 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898, - 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414, - 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3, - 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1, - 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989, - 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5, - 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282, - 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E, - 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E, - 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202, - 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC, - 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565, - 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A, - 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808, - 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272, - 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A, - 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969, - 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505, - 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5, - 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D, - 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343, - 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF, - 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3, - 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F, - 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646, - 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6, - 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF, - 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A, - 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7, - 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8}, - - {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B, - 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F, - 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A, - 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783, - 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70, - 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3, - 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB, - 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA, - 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4, - 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41, - 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C, - 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07, - 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622, - 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18, - 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035, - 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96, - 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84, - 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E, - 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F, - 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD, - 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558, - 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40, - 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA, - 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85, - 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF, - 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773, - 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D, - 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B, - 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C, - 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19, - 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086, - 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D, - 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74, - 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755, - 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691, - 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D, - 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4, - 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53, - 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E, - 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9, - 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705, - 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7, - 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF}, - - {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98, - 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866, - 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643, - 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77, - 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9, - 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C, - 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3, - 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216, - 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F, - 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25, - 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF, - 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7, - 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4, - 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E, - 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA, - 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C, - 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12, - 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A, - 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D, - 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE, - 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A, - 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C, - 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B, - 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4, - 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B, - 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3, - 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE, - 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB, - 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85, - 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA, - 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E, - 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8, - 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33, - 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC, - 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718, - 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA, - 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8, - 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872, - 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882, - 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D, - 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10, - 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6, - 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8} -}; - -/* The exp_to_poly and poly_to_exp tables are used to perform efficient - * operations in GF(2^8) represented as GF(2)[x]/w(x) where - * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the - * definition of the RS matrix in the key schedule. Elements of that field - * are polynomials of degree not greater than 7 and all coefficients 0 or 1, - * which can be represented naturally by bytes (just substitute x=2). In that - * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8) - * multiplication is inefficient without hardware support. To multiply - * faster, I make use of the fact x is a generator for the nonzero elements, - * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for - * some n in 0..254. Note that that caret is exponentiation in GF(2^8), - * *not* polynomial notation. So if I want to compute pq where p and q are - * in GF(2^8), I can just say: - * 1. if p=0 or q=0 then pq=0 - * 2. otherwise, find m and n such that p=x^m and q=x^n - * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq - * The translations in steps 2 and 3 are looked up in the tables - * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this - * in action, look at the CALC_S macro. As additional wrinkles, note that - * one of my operands is always a constant, so the poly_to_exp lookup on it - * is done in advance; I included the original values in the comments so - * readers can have some chance of recognizing that this *is* the RS matrix - * from the Twofish paper. I've only included the table entries I actually - * need; I never do a lookup on a variable input of zero and the biggest - * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll - * never sum to more than 491. I'm repeating part of the exp_to_poly table - * so that I don't have to do mod-255 reduction in the exponent arithmetic. - * Since I know my constant operands are never zero, I only have to worry - * about zero values in the variable operand, and I do it with a simple - * conditional branch. I know conditionals are expensive, but I couldn't - * see a non-horrible way of avoiding them, and I did manage to group the - * statements so that each if covers four group multiplications. */ - -static const u8 poly_to_exp[255] = { - 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19, - 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A, - 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C, - 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B, - 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47, - 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D, - 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8, - 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C, - 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83, - 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48, - 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26, - 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E, - 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3, - 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9, - 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A, - 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D, - 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75, - 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84, - 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64, - 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49, - 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF, - 0x85, 0xC8, 0xA1 -}; - -static const u8 exp_to_poly[492] = { - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2, - 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03, - 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6, - 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A, - 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63, - 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C, - 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07, - 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88, - 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12, - 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7, - 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C, - 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8, - 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25, - 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A, - 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE, - 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC, - 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E, - 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92, - 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89, - 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB, - 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1, - 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, - 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, - 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, - 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, - 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, - 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, - 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, - 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, - 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, - 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, - 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, - 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, - 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, - 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, - 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, - 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, - 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, - 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, - 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, - 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB -}; - - -/* The table constants are indices of - * S-box entries, preprocessed through q0 and q1. */ -static const u8 calc_sb_tbl[512] = { - 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4, - 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8, - 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B, - 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B, - 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD, - 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1, - 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B, - 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F, - 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B, - 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D, - 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E, - 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5, - 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14, - 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3, - 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54, - 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51, - 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A, - 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96, - 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10, - 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C, - 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7, - 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70, - 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB, - 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8, - 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF, - 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC, - 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF, - 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2, - 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82, - 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9, - 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97, - 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17, - 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D, - 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3, - 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C, - 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E, - 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F, - 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49, - 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21, - 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9, - 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD, - 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01, - 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F, - 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48, - 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E, - 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19, - 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57, - 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64, - 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE, - 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5, - 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44, - 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69, - 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15, - 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E, - 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34, - 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC, - 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B, - 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB, - 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52, - 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9, - 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4, - 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2, - 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56, - 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91 -}; - -/* Macro to perform one column of the RS matrix multiplication. The - * parameters a, b, c, and d are the four bytes of output; i is the index - * of the key bytes, and w, x, y, and z, are the column of constants from - * the RS matrix, preprocessed through the poly_to_exp table. */ - -#define CALC_S(a, b, c, d, i, w, x, y, z) \ - if (key[i]) { \ - tmp = poly_to_exp[key[i] - 1]; \ - (a) ^= exp_to_poly[tmp + (w)]; \ - (b) ^= exp_to_poly[tmp + (x)]; \ - (c) ^= exp_to_poly[tmp + (y)]; \ - (d) ^= exp_to_poly[tmp + (z)]; \ - } - -/* Macros to calculate the key-dependent S-boxes for a 128-bit key using - * the S vector from CALC_S. CALC_SB_2 computes a single entry in all - * four S-boxes, where i is the index of the entry to compute, and a and b - * are the index numbers preprocessed through the q0 and q1 tables - * respectively. */ - -#define CALC_SB_2(i, a, b) \ - ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \ - ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \ - ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \ - ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh] - -/* Macro exactly like CALC_SB_2, but for 192-bit keys. */ - -#define CALC_SB192_2(i, a, b) \ - ctx->s[0][i] = mds[0][q0[q0[(b) ^ sa] ^ se] ^ si]; \ - ctx->s[1][i] = mds[1][q0[q1[(b) ^ sb] ^ sf] ^ sj]; \ - ctx->s[2][i] = mds[2][q1[q0[(a) ^ sc] ^ sg] ^ sk]; \ - ctx->s[3][i] = mds[3][q1[q1[(a) ^ sd] ^ sh] ^ sl]; - -/* Macro exactly like CALC_SB_2, but for 256-bit keys. */ - -#define CALC_SB256_2(i, a, b) \ - ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \ - ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \ - ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \ - ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp]; - -/* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the - * last two stages of the h() function for a given index (either 2i or 2i+1). - * a, b, c, and d are the four bytes going into the last two stages. For - * 128-bit keys, this is the entire h() function and a and c are the index - * preprocessed through q0 and q1 respectively; for longer keys they are the - * output of previous stages. j is the index of the first key byte to use. - * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2 - * twice, doing the Psuedo-Hadamard Transform, and doing the necessary - * rotations. Its parameters are: a, the array to write the results into, - * j, the index of the first output entry, k and l, the preprocessed indices - * for index 2i, and m and n, the preprocessed indices for index 2i+1. - * CALC_K192_2 expands CALC_K_2 to handle 192-bit keys, by doing an - * additional lookup-and-XOR stage. The parameters a, b, c and d are the - * four bytes going into the last three stages. For 192-bit keys, c = d - * are the index preprocessed through q0, and a = b are the index - * preprocessed through q1; j is the index of the first key byte to use. - * CALC_K192 is identical to CALC_K but for using the CALC_K192_2 macro - * instead of CALC_K_2. - * CALC_K256_2 expands CALC_K192_2 to handle 256-bit keys, by doing an - * additional lookup-and-XOR stage. The parameters a and b are the index - * preprocessed through q0 and q1 respectively; j is the index of the first - * key byte to use. CALC_K256 is identical to CALC_K but for using the - * CALC_K256_2 macro instead of CALC_K_2. */ - -#define CALC_K_2(a, b, c, d, j) \ - mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \ - ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \ - ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \ - ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]] - -#define CALC_K(a, j, k, l, m, n) \ - x = CALC_K_2 (k, l, k, l, 0); \ - y = CALC_K_2 (m, n, m, n, 4); \ - y = (y << 8) + (y >> 24); \ - x += y; y += x; ctx->a[j] = x; \ - ctx->a[(j) + 1] = (y << 9) + (y >> 23) - -#define CALC_K192_2(a, b, c, d, j) \ - CALC_K_2 (q0[a ^ key[(j) + 16]], \ - q1[b ^ key[(j) + 17]], \ - q0[c ^ key[(j) + 18]], \ - q1[d ^ key[(j) + 19]], j) - -#define CALC_K192(a, j, k, l, m, n) \ - x = CALC_K192_2 (l, l, k, k, 0); \ - y = CALC_K192_2 (n, n, m, m, 4); \ - y = (y << 8) + (y >> 24); \ - x += y; y += x; ctx->a[j] = x; \ - ctx->a[(j) + 1] = (y << 9) + (y >> 23) - -#define CALC_K256_2(a, b, j) \ - CALC_K192_2 (q1[b ^ key[(j) + 24]], \ - q1[a ^ key[(j) + 25]], \ - q0[a ^ key[(j) + 26]], \ - q0[b ^ key[(j) + 27]], j) - -#define CALC_K256(a, j, k, l, m, n) \ - x = CALC_K256_2 (k, l, 0); \ - y = CALC_K256_2 (m, n, 4); \ - y = (y << 8) + (y >> 24); \ - x += y; y += x; ctx->a[j] = x; \ - ctx->a[(j) + 1] = (y << 9) + (y >> 23) - -/* Perform the key setup. */ - -int twofish_set_key (TWOFISH_context *ctx, - const unsigned char *key, int key_len) -{ - - int i, j, k; - - /* Temporaries for CALC_K. */ - u32 x, y; - - /* The S vector used to key the S-boxes, split up into individual bytes. - * 128-bit keys use only sa through sh; 256-bit use all of them. */ - u8 sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0; - u8 si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0; - - /* Temporary for CALC_S. */ - u8 tmp; - - /* Check key length. */ - if (key_len != 16 && key_len != 24 && key_len != 32) - return -1; /* unsupported key length */ - - /* Compute the first two words of the S vector. The magic numbers are - * the entries of the RS matrix, preprocessed through poly_to_exp. The - * numbers in the comments are the original (polynomial form) matrix - * entries. */ - CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ - CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ - CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ - CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ - CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ - CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ - CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ - CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ - CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ - CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ - CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ - CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ - CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ - CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ - CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ - CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ - - if (key_len == 24 || key_len == 32) { /* 192- or 256-bit key */ - /* Calculate the third word of the S vector */ - CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ - CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ - CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ - CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ - CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ - CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ - CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ - CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ - } - - if (key_len == 32) { /* 256-bit key */ - /* Calculate the fourth word of the S vector */ - CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */ - CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */ - CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */ - CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */ - CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */ - CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */ - CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */ - CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */ - - /* Compute the S-boxes. */ - for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { - CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); - } - - /* Calculate whitening and round subkeys. The constants are - * indices of subkeys, preprocessed through q0 and q1. */ - CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3); - CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); - CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); - CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); - CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); - CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B); - CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); - CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); - CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); - CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD); - CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71); - CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); - CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F); - CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B); - CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA); - CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F); - CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); - CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); - CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00); - CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); - } else if (key_len == 24) { /* 192-bit key */ - /* Compute the S-boxes. */ - for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { - CALC_SB192_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); - } - - /* Calculate whitening and round subkeys. The constants are - * indices of subkeys, preprocessed through q0 and q1. */ - CALC_K192 (w, 0, 0xA9, 0x75, 0x67, 0xF3); - CALC_K192 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); - CALC_K192 (w, 4, 0x04, 0xDB, 0xFD, 0x7B); - CALC_K192 (w, 6, 0xA3, 0xFB, 0x76, 0xC8); - CALC_K192 (k, 0, 0x9A, 0x4A, 0x92, 0xD3); - CALC_K192 (k, 2, 0x80, 0xE6, 0x78, 0x6B); - CALC_K192 (k, 4, 0xE4, 0x45, 0xDD, 0x7D); - CALC_K192 (k, 6, 0xD1, 0xE8, 0x38, 0x4B); - CALC_K192 (k, 8, 0x0D, 0xD6, 0xC6, 0x32); - CALC_K192 (k, 10, 0x35, 0xD8, 0x98, 0xFD); - CALC_K192 (k, 12, 0x18, 0x37, 0xF7, 0x71); - CALC_K192 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); - CALC_K192 (k, 16, 0x43, 0x30, 0x75, 0x0F); - CALC_K192 (k, 18, 0x37, 0xF8, 0x26, 0x1B); - CALC_K192 (k, 20, 0xFA, 0x87, 0x13, 0xFA); - CALC_K192 (k, 22, 0x94, 0x06, 0x48, 0x3F); - CALC_K192 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); - CALC_K192 (k, 26, 0x8B, 0xAE, 0x30, 0x5B); - CALC_K192 (k, 28, 0x84, 0x8A, 0x54, 0x00); - CALC_K192 (k, 30, 0xDF, 0xBC, 0x23, 0x9D); - } else { /* 128-bit key */ - /* Compute the S-boxes. */ - for ( i = j = 0, k = 1; i < 256; i++, j += 2, k += 2 ) { - CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] ); - } - - /* Calculate whitening and round subkeys. The constants are - * indices of subkeys, preprocessed through q0 and q1. */ - CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3); - CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4); - CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B); - CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8); - CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3); - CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B); - CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D); - CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B); - CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32); - CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD); - CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71); - CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1); - CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F); - CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B); - CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA); - CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F); - CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA); - CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B); - CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00); - CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D); - } - - return 0; -} - -/* Macros to compute the g() function in the encryption and decryption - * rounds. G1 is the straight g() function; G2 includes the 8-bit - * rotation for the high 32-bit word. */ - -#define G1(a) \ - (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \ - ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24]) - -#define G2(b) \ - (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \ - ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24]) - -/* Encryption and decryption Feistel rounds. Each one calls the two g() - * macros, does the PHT, and performs the XOR and the appropriate bit - * rotations. The parameters are the round number (used to select subkeys), - * and the four 32-bit chunks of the text. */ - -#define ENCROUND(n, a, b, c, d) \ - x = G1 (a); y = G2 (b); \ - x += y; y += x + ctx->k[2 * (n) + 1]; \ - (c) ^= x + ctx->k[2 * (n)]; \ - (c) = ((c) >> 1) + ((c) << 31); \ - (d) = (((d) << 1)+((d) >> 31)) ^ y - -#define DECROUND(n, a, b, c, d) \ - x = G1 (a); y = G2 (b); \ - x += y; y += x; \ - (d) ^= y + ctx->k[2 * (n) + 1]; \ - (d) = ((d) >> 1) + ((d) << 31); \ - (c) = (((c) << 1)+((c) >> 31)); \ - (c) ^= (x + ctx->k[2 * (n)]) - -/* Encryption and decryption cycles; each one is simply two Feistel rounds - * with the 32-bit chunks re-ordered to simulate the "swap" */ - -#define ENCCYCLE(n) \ - ENCROUND (2 * (n), a, b, c, d); \ - ENCROUND (2 * (n) + 1, c, d, a, b) - -#define DECCYCLE(n) \ - DECROUND (2 * (n) + 1, c, d, a, b); \ - DECROUND (2 * (n), a, b, c, d) - -/* Macros to convert the input and output bytes into 32-bit words, - * and simultaneously perform the whitening step. INPACK packs word - * number n into the variable named by x, using whitening subkey number m. - * OUTUNPACK unpacks word number n from the variable named by x, using - * whitening subkey number m. */ - -#define INPACK(n, x, m) \ - x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \ - ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m] - -#define OUTUNPACK(n, x, m) \ - x ^= ctx->w[m]; \ - out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \ - out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24 - -/* Encrypt one block. in and out may be the same. */ - -int twofish_encrypt (TWOFISH_context *ctx, - const u8 *in, u8 *out) -{ - /* The four 32-bit chunks of the text. */ - u32 a, b, c, d; - - /* Temporaries used by the round function. */ - u32 x, y; - - /* Input whitening and packing. */ - INPACK (0, a, 0); - INPACK (1, b, 1); - INPACK (2, c, 2); - INPACK (3, d, 3); - - /* Encryption Feistel cycles. */ - ENCCYCLE (0); - ENCCYCLE (1); - ENCCYCLE (2); - ENCCYCLE (3); - ENCCYCLE (4); - ENCCYCLE (5); - ENCCYCLE (6); - ENCCYCLE (7); - - /* Output whitening and unpacking. */ - OUTUNPACK (0, c, 4); - OUTUNPACK (1, d, 5); - OUTUNPACK (2, a, 6); - OUTUNPACK (3, b, 7); - - return 0; -} - -/* Decrypt one block. in and out may be the same. */ - -int twofish_decrypt (TWOFISH_context *ctx, - const u8 *in, u8 *out) -{ - /* The four 32-bit chunks of the text. */ - u32 a, b, c, d; - - /* Temporaries used by the round function. */ - u32 x, y; - - /* Input whitening and packing. */ - INPACK (0, c, 4); - INPACK (1, d, 5); - INPACK (2, a, 6); - INPACK (3, b, 7); - - /* Encryption Feistel cycles. */ - DECCYCLE (7); - DECCYCLE (6); - DECCYCLE (5); - DECCYCLE (4); - DECCYCLE (3); - DECCYCLE (2); - DECCYCLE (1); - DECCYCLE (0); - - /* Output whitening and unpacking. */ - OUTUNPACK (0, a, 0); - OUTUNPACK (1, b, 1); - OUTUNPACK (2, c, 2); - OUTUNPACK (3, d, 3); - - return 0; -} - -/* eof */ diff --git a/lib/libcrypto/libtwofish/twofish.h b/lib/libcrypto/libtwofish/twofish.h deleted file mode 100644 index 9b289f265..000000000 --- a/lib/libcrypto/libtwofish/twofish.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef TWOFISH_H -#define TWOFISH_H -#ifdef __KERNEL__ -#include -#else -#include -#endif -/* Structure for an expanded Twofish key. s contains the key-dependent - * S-boxes composed with the MDS matrix; w contains the eight "whitening" - * subkeys, K[0] through K[7]. k holds the remaining, "round" subkeys. Note - * that k[i] corresponds to what the Twofish paper calls K[i+8]. */ -typedef struct { - u_int32_t s[4][256], w[8], k[32]; -} TWOFISH_context; - -typedef TWOFISH_context twofish_context; -int twofish_set_key(twofish_context *tf_ctx, const u_int8_t * in_key, int key_len); -int twofish_encrypt(twofish_context *tf_ctx, const u_int8_t * in, u_int8_t * out); -int twofish_decrypt(twofish_context * tf_ctx, const u_int8_t * in, u_int8_t * out); -#endif /* TWOFISH_H */ diff --git a/lib/libcrypto/libtwofish/twofish_cbc.c b/lib/libcrypto/libtwofish/twofish_cbc.c deleted file mode 100644 index 6e5cf9025..000000000 --- a/lib/libcrypto/libtwofish/twofish_cbc.c +++ /dev/null @@ -1,8 +0,0 @@ -#ifdef __KERNEL__ -#include -#else -#include -#endif -#include "twofish_cbc.h" -#include "cbc_generic.h" -CBC_IMPL_BLK16(twofish_cbc_encrypt, twofish_context, u_int8_t *, twofish_encrypt, twofish_decrypt); diff --git a/lib/libcrypto/libtwofish/twofish_cbc.h b/lib/libcrypto/libtwofish/twofish_cbc.h deleted file mode 100644 index 9fdea3526..000000000 --- a/lib/libcrypto/libtwofish/twofish_cbc.h +++ /dev/null @@ -1,3 +0,0 @@ -/* Glue header */ -#include "twofish.h" -int twofish_cbc_encrypt(twofish_context *ctx, const u_int8_t * in, u_int8_t * out, int ilen, const u_int8_t* iv, int encrypt); diff --git a/lib/libcrypto/perlasm/LICENSE b/lib/libcrypto/perlasm/LICENSE deleted file mode 100644 index 3fd259ac3..000000000 --- a/lib/libcrypto/perlasm/LICENSE +++ /dev/null @@ -1,127 +0,0 @@ - - LICENSE ISSUES - ============== - - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of - the OpenSSL License and the original SSLeay license apply to the toolkit. - See below for the actual license texts. Actually both licenses are BSD-style - Open Source licenses. In case of any license issues related to OpenSSL - please contact openssl-core@openssl.org. - - OpenSSL License - --------------- - -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - Original SSLeay License - ----------------------- - -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - diff --git a/lib/libcrypto/perlasm/alpha.pl b/lib/libcrypto/perlasm/alpha.pl deleted file mode 100644 index fe69ca5a3..000000000 --- a/lib/libcrypto/perlasm/alpha.pl +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/bin/perl - -package alpha; -use Carp qw(croak cluck); - -$label="100"; - -$n_debug=0; -$smear_regs=1; -$reg_alloc=1; - -$align="3"; -$com_start="#"; - -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } -sub main'external_label { push(@labels,@_); } - -# General registers - -%regs=( 'r0', '$0', - 'r1', '$1', - 'r2', '$2', - 'r3', '$3', - 'r4', '$4', - 'r5', '$5', - 'r6', '$6', - 'r7', '$7', - 'r8', '$8', - 'r9', '$22', - 'r10', '$23', - 'r11', '$24', - 'r12', '$25', - 'r13', '$27', - 'r14', '$28', - 'r15', '$21', # argc == 5 - 'r16', '$20', # argc == 4 - 'r17', '$19', # argc == 3 - 'r18', '$18', # argc == 2 - 'r19', '$17', # argc == 1 - 'r20', '$16', # argc == 0 - 'r21', '$9', # save 0 - 'r22', '$10', # save 1 - 'r23', '$11', # save 2 - 'r24', '$12', # save 3 - 'r25', '$13', # save 4 - 'r26', '$14', # save 5 - - 'a0', '$16', - 'a1', '$17', - 'a2', '$18', - 'a3', '$19', - 'a4', '$20', - 'a5', '$21', - - 's0', '$9', - 's1', '$10', - 's2', '$11', - 's3', '$12', - 's4', '$13', - 's5', '$14', - 'zero', '$31', - 'sp', '$30', - ); - -$main'reg_s0="r21"; -$main'reg_s1="r22"; -$main'reg_s2="r23"; -$main'reg_s3="r24"; -$main'reg_s4="r25"; -$main'reg_s5="r26"; - -@reg=( '$0', '$1' ,'$2' ,'$3' ,'$4' ,'$5' ,'$6' ,'$7' ,'$8', - '$22','$23','$24','$25','$20','$21','$27','$28'); - - -sub main'sub { &out3("subq",@_); } -sub main'add { &out3("addq",@_); } -sub main'mov { &out3("bis",$_[0],$_[0],$_[1]); } -sub main'or { &out3("bis",@_); } -sub main'bis { &out3("bis",@_); } -sub main'br { &out1("br",@_); } -sub main'ld { &out2("ldq",@_); } -sub main'st { &out2("stq",@_); } -sub main'cmpult { &out3("cmpult",@_); } -sub main'cmplt { &out3("cmplt",@_); } -sub main'bgt { &out2("bgt",@_); } -sub main'ble { &out2("ble",@_); } -sub main'blt { &out2("blt",@_); } -sub main'mul { &out3("mulq",@_); } -sub main'muh { &out3("umulh",@_); } - -$main'QWS=8; - -sub main'asm_add - { - push(@out,@_); - } - -sub main'asm_finish - { - &main'file_end(); - print &main'asm_get_output(); - } - -sub main'asm_init - { - ($type,$fn)=@_; - $filename=$fn; - - &main'asm_init_output(); - &main'comment("Don't even think of reading this code"); - &main'comment("It was automatically generated by $filename"); - &main'comment("Which is a perl program used to generate the alpha assember."); - &main'comment("eric "); - &main'comment(""); - - $filename =~ s/\.pl$//; - &main'file($filename); - } - -sub conv - { - local($r)=@_; - local($v); - - return($regs{$r}) if defined($regs{$r}); - return($r); - } - -sub main'QWPw - { - local($off,$reg)=@_; - - return(&main'QWP($off*8,$reg)); - } - -sub main'QWP - { - local($off,$reg)=@_; - - $ret="$off(".&conv($reg).")"; - return($ret); - } - -sub out3 - { - local($name,$p1,$p2,$p3)=@_; - - $p1=&conv($p1); - $p2=&conv($p2); - $p3=&conv($p3); - push(@out,"\t$name\t"); - $l=length($p1)+1; - push(@out,$p1.","); - $ll=3-($l+9)/8; - $tmp1=sprintf("\t" x $ll); - push(@out,$tmp1); - - $l=length($p2)+1; - push(@out,$p2.","); - $ll=3-($l+9)/8; - $tmp1=sprintf("\t" x $ll); - push(@out,$tmp1); - - push(@out,&conv($p3)."\n"); - } - -sub out2 - { - local($name,$p1,$p2,$p3)=@_; - - $p1=&conv($p1); - $p2=&conv($p2); - push(@out,"\t$name\t"); - $l=length($p1)+1; - push(@out,$p1.","); - $ll=3-($l+9)/8; - $tmp1=sprintf("\t" x $ll); - push(@out,$tmp1); - - push(@out,&conv($p2)."\n"); - } - -sub out1 - { - local($name,$p1)=@_; - - $p1=&conv($p1); - push(@out,"\t$name\t".$p1."\n"); - } - -sub out0 - { - push(@out,"\t$_[0]\n"); - } - -sub main'file - { - local($file)=@_; - - local($tmp)=<<"EOF"; - # DEC Alpha assember - # Generated from perl scripts contains in SSLeay - .file 1 "$file.s" - .set noat -EOF - push(@out,$tmp); - } - -sub main'function_begin - { - local($func)=@_; - -print STDERR "$func\n"; - local($tmp)=<<"EOF"; - .text - .align $align - .globl $func - .ent $func -${func}: -${func}..ng: - .frame \$30,0,\$26,0 - .prologue 0 -EOF - push(@out,$tmp); - $stack=0; - } - -sub main'function_end - { - local($func)=@_; - - local($tmp)=<<"EOF"; - ret \$31,(\$26),1 - .end $func -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_A - { - local($func)=@_; - - local($tmp)=<<"EOF"; - ret \$31,(\$26),1 -EOF - push(@out,$tmp); - } - -sub main'function_end_B - { - local($func)=@_; - - $func=$under.$func; - - push(@out,"\t.end $func\n"); - $stack=0; - %label=(); - } - -sub main'wparam - { - local($num)=@_; - - if ($num < 6) - { - $num=20-$num; - return("r$num"); - } - else - { return(&main'QWP($stack+$num*8,"sp")); } - } - -sub main'stack_push - { - local($num)=@_; - $stack+=$num*8; - &main'sub("sp",$num*8,"sp"); - } - -sub main'stack_pop - { - local($num)=@_; - $stack-=$num*8; - &main'add("sp",$num*8,"sp"); - } - -sub main'swtmp - { - return(&main'QWP(($_[0])*8,"sp")); - } - -# Should use swtmp, which is above sp. Linix can trash the stack above esp -#sub main'wtmp -# { -# local($num)=@_; -# -# return(&main'QWP(-($num+1)*4,"esp","",0)); -# } - -sub main'comment - { - foreach (@_) - { - if (/^\s*$/) - { push(@out,"\n"); } - else - { push(@out,"\t$com_start $_ $com_end\n"); } - } - } - -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=$label; - $label++; - } - return('$'.$label{$_[0]}); - } - -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=$label; - $label++; - } -# push(@out,".align $align\n") if ($_[1] != 0); - push(@out,'$'."$label{$_[0]}:\n"); - } - -sub main'file_end - { - } - -sub main'data_word - { - push(@out,"\t.long $_[0]\n"); - } - -@pool_free=(); -@pool_taken=(); -$curr_num=0; -$max=0; - -sub main'init_pool - { - local($args)=@_; - local($i); - - @pool_free=(); - for ($i=(14+(6-$args)); $i >= 0; $i--) - { - push(@pool_free,"r$i"); - } - print STDERR "START :register pool:@pool_free\n"; - $curr_num=$max=0; - } - -sub main'fin_pool - { - printf STDERR "END %2d:register pool:@pool_free\n",$max; - } - -sub main'GR - { - local($r)=@_; - local($i,@n,$_); - - foreach (@pool_free) - { - if ($r ne $_) - { push(@n,$_); } - else - { - $curr_num++; - $max=$curr_num if ($curr_num > $max); - } - } - @pool_free=@n; -print STDERR "GR:@pool_free\n" if $reg_alloc; - return(@_); - } - -sub main'NR - { - local($num)=@_; - local(@ret); - - $num=1 if $num == 0; - ($#pool_free >= ($num-1)) || croak "out of registers: want $num, have @pool_free"; - while ($num > 0) - { - push(@ret,pop @pool_free); - $curr_num++; - $max=$curr_num if ($curr_num > $max); - $num-- - } - print STDERR "nr @ret\n" if $n_debug; -print STDERR "NR:@pool_free\n" if $reg_alloc; - return(@ret); - - } - -sub main'FR - { - local(@r)=@_; - local(@a,$v,$w); - - print STDERR "fr @r\n" if $n_debug; -# cluck "fr @r"; - for $w (@pool_free) - { - foreach $v (@r) - { - croak "double register free of $v (@pool_free)" if $w eq $v; - } - } - foreach $v (@r) - { - croak "bad argument to FR" if ($v !~ /^r\d+$/); - if ($smear_regs) - { unshift(@pool_free,$v); } - else { push(@pool_free,$v); } - $curr_num--; - } -print STDERR "FR:@pool_free\n" if $reg_alloc; - } -1; diff --git a/lib/libcrypto/perlasm/cbc.pl b/lib/libcrypto/perlasm/cbc.pl deleted file mode 100644 index 278930579..000000000 --- a/lib/libcrypto/perlasm/cbc.pl +++ /dev/null @@ -1,342 +0,0 @@ -#!/usr/bin/perl - -# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) -# des_cblock (*input); -# des_cblock (*output); -# long length; -# des_key_schedule schedule; -# des_cblock (*ivec); -# int enc; -# -# calls -# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); -# - -#&cbc("des_ncbc_encrypt","des_encrypt",0); -#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt", -# 1,4,5,3,5,-1); -#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt", -# 0,4,5,3,5,-1); -#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3", -# 0,6,7,3,4,5); -# -# When doing a cipher that needs bigendian order, -# for encrypt, the iv is kept in bigendian form, -# while for decrypt, it is kept in little endian. -sub cbc - { - local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_; - # name is the function name - # enc_func and dec_func and the functions to call for encrypt/decrypt - # swap is true if byte order needs to be reversed - # iv_off is parameter number for the iv - # enc_off is parameter number for the encrypt/decrypt flag - # p1,p2,p3 are the offsets for parameters to be passed to the - # underlying calls. - - &function_begin_B($name,""); - &comment(""); - - $in="esi"; - $out="edi"; - $count="ebp"; - - &push("ebp"); - &push("ebx"); - &push("esi"); - &push("edi"); - - $data_off=4; - $data_off+=4 if ($p1 > 0); - $data_off+=4 if ($p2 > 0); - $data_off+=4 if ($p3 > 0); - - &mov($count, &wparam(2)); # length - - &comment("getting iv ptr from parameter $iv_off"); - &mov("ebx", &wparam($iv_off)); # Get iv ptr - - &mov($in, &DWP(0,"ebx","",0));# iv[0] - &mov($out, &DWP(4,"ebx","",0));# iv[1] - - &push($out); - &push($in); - &push($out); # used in decrypt for iv[1] - &push($in); # used in decrypt for iv[0] - - &mov("ebx", "esp"); # This is the address of tin[2] - - &mov($in, &wparam(0)); # in - &mov($out, &wparam(1)); # out - - # We have loaded them all, how lets push things - &comment("getting encrypt flag from parameter $enc_off"); - &mov("ecx", &wparam($enc_off)); # Get enc flag - if ($p3 > 0) - { - &comment("get and push parameter $p3"); - if ($enc_off != $p3) - { &mov("eax", &wparam($p3)); &push("eax"); } - else { &push("ecx"); } - } - if ($p2 > 0) - { - &comment("get and push parameter $p2"); - if ($enc_off != $p2) - { &mov("eax", &wparam($p2)); &push("eax"); } - else { &push("ecx"); } - } - if ($p1 > 0) - { - &comment("get and push parameter $p1"); - if ($enc_off != $p1) - { &mov("eax", &wparam($p1)); &push("eax"); } - else { &push("ecx"); } - } - &push("ebx"); # push data/iv - - &cmp("ecx",0); - &jz(&label("decrypt")); - - &and($count,0xfffffff8); - &mov("eax", &DWP($data_off,"esp","",0)); # load iv[0] - &mov("ebx", &DWP($data_off+4,"esp","",0)); # load iv[1] - - &jz(&label("encrypt_finish")); - - ############################################################# - - &set_label("encrypt_loop"); - # encrypt start - # "eax" and "ebx" hold iv (or the last cipher text) - - &mov("ecx", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("edx", &DWP(4,$in,"",0)); # second 4 bytes - - &xor("eax", "ecx"); - &xor("ebx", "edx"); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($enc_func); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP(0,$out,"",0),"eax"); - &mov(&DWP(4,$out,"",0),"ebx"); - - # eax and ebx are the next iv. - - &add($in, 8); - &add($out, 8); - - &sub($count, 8); - &jnz(&label("encrypt_loop")); - -###################################################################3 - &set_label("encrypt_finish"); - &mov($count, &wparam(2)); # length - &and($count, 7); - &jz(&label("finish")); - &xor("ecx","ecx"); - &xor("edx","edx"); - &mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4)); - &jmp_ptr($count); - -&set_label("ej7"); - &xor("edx", "edx") if $ppro; # ppro friendly - &movb(&HB("edx"), &BP(6,$in,"",0)); - &shl("edx",8); -&set_label("ej6"); - &movb(&HB("edx"), &BP(5,$in,"",0)); -&set_label("ej5"); - &movb(&LB("edx"), &BP(4,$in,"",0)); -&set_label("ej4"); - &mov("ecx", &DWP(0,$in,"",0)); - &jmp(&label("ejend")); -&set_label("ej3"); - &movb(&HB("ecx"), &BP(2,$in,"",0)); - &xor("ecx", "ecx") if $ppro; # ppro friendly - &shl("ecx",8); -&set_label("ej2"); - &movb(&HB("ecx"), &BP(1,$in,"",0)); -&set_label("ej1"); - &movb(&LB("ecx"), &BP(0,$in,"",0)); -&set_label("ejend"); - - &xor("eax", "ecx"); - &xor("ebx", "edx"); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($enc_func); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP(0,$out,"",0),"eax"); - &mov(&DWP(4,$out,"",0),"ebx"); - - &jmp(&label("finish")); - - ############################################################# - ############################################################# - &set_label("decrypt",1); - # decrypt start - &and($count,0xfffffff8); - # The next 2 instructions are only for if the jz is taken - &mov("eax", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("ebx", &DWP($data_off+12,"esp","",0)); # get iv[1] - &jz(&label("decrypt_finish")); - - &set_label("decrypt_loop"); - &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($dec_func); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] - - &xor("ecx", "eax"); - &xor("edx", "ebx"); - - &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, - &mov("ebx", &DWP(4,$in,"",0)); # next iv actually - - &mov(&DWP(0,$out,"",0),"ecx"); - &mov(&DWP(4,$out,"",0),"edx"); - - &mov(&DWP($data_off+8,"esp","",0), "eax"); # save iv - &mov(&DWP($data_off+12,"esp","",0), "ebx"); # - - &add($in, 8); - &add($out, 8); - - &sub($count, 8); - &jnz(&label("decrypt_loop")); -############################ ENDIT #######################3 - &set_label("decrypt_finish"); - &mov($count, &wparam(2)); # length - &and($count, 7); - &jz(&label("finish")); - - &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($dec_func); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] - - &xor("ecx", "eax"); - &xor("edx", "ebx"); - - # this is for when we exit - &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, - &mov("ebx", &DWP(4,$in,"",0)); # next iv actually - -&set_label("dj7"); - &rotr("edx", 16); - &movb(&BP(6,$out,"",0), &LB("edx")); - &shr("edx",16); -&set_label("dj6"); - &movb(&BP(5,$out,"",0), &HB("edx")); -&set_label("dj5"); - &movb(&BP(4,$out,"",0), &LB("edx")); -&set_label("dj4"); - &mov(&DWP(0,$out,"",0), "ecx"); - &jmp(&label("djend")); -&set_label("dj3"); - &rotr("ecx", 16); - &movb(&BP(2,$out,"",0), &LB("ecx")); - &shl("ecx",16); -&set_label("dj2"); - &movb(&BP(1,$in,"",0), &HB("ecx")); -&set_label("dj1"); - &movb(&BP(0,$in,"",0), &LB("ecx")); -&set_label("djend"); - - # final iv is still in eax:ebx - &jmp(&label("finish")); - - -############################ FINISH #######################3 - &set_label("finish",1); - &mov("ecx", &wparam($iv_off)); # Get iv ptr - - ################################################# - $total=16+4; - $total+=4 if ($p1 > 0); - $total+=4 if ($p2 > 0); - $total+=4 if ($p3 > 0); - &add("esp",$total); - - &mov(&DWP(0,"ecx","",0), "eax"); # save iv - &mov(&DWP(4,"ecx","",0), "ebx"); # save iv - - &function_end_A($name); - - &set_label("cbc_enc_jmp_table",1); - &data_word("0"); - &data_word(&label("ej1")); - &data_word(&label("ej2")); - &data_word(&label("ej3")); - &data_word(&label("ej4")); - &data_word(&label("ej5")); - &data_word(&label("ej6")); - &data_word(&label("ej7")); - &set_label("cbc_dec_jmp_table",1); - &data_word("0"); - &data_word(&label("dj1")); - &data_word(&label("dj2")); - &data_word(&label("dj3")); - &data_word(&label("dj4")); - &data_word(&label("dj5")); - &data_word(&label("dj6")); - &data_word(&label("dj7")); - - &function_end_B($name); - - } - -1; diff --git a/lib/libcrypto/perlasm/readme b/lib/libcrypto/perlasm/readme deleted file mode 100644 index f02bbee75..000000000 --- a/lib/libcrypto/perlasm/readme +++ /dev/null @@ -1,124 +0,0 @@ -The perl scripts in this directory are my 'hack' to generate -multiple different assembler formats via the one origional script. - -The way to use this library is to start with adding the path to this directory -and then include it. - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -The first thing we do is setup the file and type of assember - -&asm_init($ARGV[0],$0); - -The first argument is the 'type'. Currently -'cpp', 'sol', 'a.out', 'elf' or 'win32'. -Argument 2 is the file name. - -The reciprocal function is -&asm_finish() which should be called at the end. - -There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler, -and x86unix.pl which is the unix (gas) version. - -Functions of interest are: -&external_label("des_SPtrans"); declare and external variable -&LB(reg); Low byte for a register -&HB(reg); High byte for a register -&BP(off,base,index,scale) Byte pointer addressing -&DWP(off,base,index,scale) Word pointer addressing -&stack_push(num) Basically a 'sub esp, num*4' with extra -&stack_pop(num) inverse of stack_push -&function_begin(name,extra) Start a function with pushing of - edi, esi, ebx and ebp. extra is extra win32 - external info that may be required. -&function_begin_B(name,extra) Same as norma function_begin but no pushing. -&function_end(name) Call at end of function. -&function_end_A(name) Standard pop and ret, for use inside functions -&function_end_B(name) Call at end but with poping or 'ret'. -&swtmp(num) Address on stack temp word. -&wparam(num) Parameter number num, that was push - in C convention. This all works over pushes - and pops. -&comment("hello there") Put in a comment. -&label("loop") Refer to a label, normally a jmp target. -&set_label("loop") Set a label at this point. -&data_word(word) Put in a word of data. - -So how does this all hold together? Given - -int calc(int len, int *data) - { - int i,j=0; - - for (i=0; i"); -&comment(""); - - $filename =~ s/\.pl$//; - &file($filename); - } - -sub asm_finish_cpp - { - return unless $cpp; - - local($tmp,$i); - foreach $i (&get_labels()) - { - $tmp.="#define $i _$i\n"; - } - print <<"EOF"; -/* Run the C pre-processor over this file with one of the following defined - * ELF - elf object files, - * OUT - a.out object files, - * BSDI - BSDI style a.out object files - * SOL - Solaris style elf - */ - -#define TYPE(a,b) .type a,b -#define SIZE(a,b) .size a,b - -#if defined(OUT) || (defined(BSDI) && !defined(ELF)) -$tmp -#endif - -#ifdef OUT -#define OK 1 -#define ALIGN 4 -#endif - -#if defined(BSDI) && !defined(ELF) -#define OK 1 -#define ALIGN 4 -#undef SIZE -#undef TYPE -#define SIZE(a,b) -#define TYPE(a,b) -#endif - -#if defined(ELF) || defined(SOL) -#define OK 1 -#define ALIGN 16 -#endif - -#ifndef OK -You need to define one of -ELF - elf systems - linux-elf, NetBSD and DG-UX -OUT - a.out systems - linux-a.out and FreeBSD -SOL - solaris systems, which are elf with strange comment lines -BSDI - a.out with a very primative version of as. -#endif - -/* Let the Assembler begin :-) */ -EOF - } - -1; diff --git a/lib/libcrypto/perlasm/x86ms.pl b/lib/libcrypto/perlasm/x86ms.pl deleted file mode 100644 index c6212f434..000000000 --- a/lib/libcrypto/perlasm/x86ms.pl +++ /dev/null @@ -1,365 +0,0 @@ -#!/usr/bin/perl - -package x86ms; - -$label="L000"; - -%lb=( 'eax', 'al', - 'ebx', 'bl', - 'ecx', 'cl', - 'edx', 'dl', - 'ax', 'al', - 'bx', 'bl', - 'cx', 'cl', - 'dx', 'dl', - ); - -%hb=( 'eax', 'ah', - 'ebx', 'bh', - 'ecx', 'ch', - 'edx', 'dh', - 'ax', 'ah', - 'bx', 'bh', - 'cx', 'ch', - 'dx', 'dh', - ); - -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } -sub main'external_label { push(@labels,@_); } - -sub main'LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main'HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main'BP - { - &get_mem("BYTE",@_); - } - -sub main'DWP - { - &get_mem("DWORD",@_); - } - -sub main'BC - { - return @_; - } - -sub main'DWC - { - return @_; - } - -sub main'stack_push - { - local($num)=@_; - $stack+=$num*4; - &main'sub("esp",$num*4); - } - -sub main'stack_pop - { - local($num)=@_; - $stack-=$num*4; - &main'add("esp",$num*4); - } - -sub get_mem - { - local($size,$addr,$reg1,$reg2,$idx)=@_; - local($t,$post); - local($ret)="$size PTR "; - - $addr =~ s/^\s+//; - if ($addr =~ /^(.+)\+(.+)$/) - { - $reg2=&conv($1); - $addr="_$2"; - } - elsif ($addr =~ /^[_a-zA-Z]/) - { - $addr="_$addr"; - } - - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - if (($addr ne "") && ($addr ne 0)) - { - if ($addr !~ /^-/) - { $ret.=$addr; } - else { $post=$addr; } - } - if ($reg2 ne "") - { - $t=""; - $t="*$idx" if ($idx != 0); - $reg1="+".$reg1 if ("$reg1$post" ne ""); - $ret.="[$reg2$t$reg1$post]"; - } - else - { - $ret.="[$reg1$post]" - } - return($ret); - } - -sub main'mov { &out2("mov",@_); } -sub main'movb { &out2("mov",@_); } -sub main'and { &out2("and",@_); } -sub main'or { &out2("or",@_); } -sub main'shl { &out2("shl",@_); } -sub main'shr { &out2("shr",@_); } -sub main'xor { &out2("xor",@_); } -sub main'xorb { &out2("xor",@_); } -sub main'add { &out2("add",@_); } -sub main'adc { &out2("adc",@_); } -sub main'sub { &out2("sub",@_); } -sub main'rotl { &out2("rol",@_); } -sub main'rotr { &out2("ror",@_); } -sub main'exch { &out2("xchg",@_); } -sub main'cmp { &out2("cmp",@_); } -sub main'lea { &out2("lea",@_); } -sub main'mul { &out1("mul",@_); } -sub main'div { &out1("div",@_); } -sub main'dec { &out1("dec",@_); } -sub main'inc { &out1("inc",@_); } -sub main'jmp { &out1("jmp",@_); } -sub main'jmp_ptr { &out1p("jmp",@_); } -sub main'je { &out1("je",@_); } -sub main'jle { &out1("jle",@_); } -sub main'jz { &out1("jz",@_); } -sub main'jge { &out1("jge",@_); } -sub main'jl { &out1("jl",@_); } -sub main'jb { &out1("jb",@_); } -sub main'jc { &out1("jc",@_); } -sub main'jnc { &out1("jnc",@_); } -sub main'jnz { &out1("jnz",@_); } -sub main'jne { &out1("jne",@_); } -sub main'jno { &out1("jno",@_); } -sub main'push { &out1("push",@_); $stack+=4; } -sub main'pop { &out1("pop",@_); $stack-=4; } -sub main'bswap { &out1("bswap",@_); &using486(); } -sub main'not { &out1("not",@_); } -sub main'call { &out1("call",'_'.$_[0]); } -sub main'ret { &out0("ret"); } -sub main'nop { &out0("nop"); } - -sub out2 - { - local($name,$p1,$p2)=@_; - local($l,$t); - - push(@out,"\t$name\t"); - $t=&conv($p1).","; - $l=length($t); - push(@out,$t); - $l=4-($l+9)/8; - push(@out,"\t" x $l); - push(@out,&conv($p2)); - push(@out,"\n"); - } - -sub out0 - { - local($name)=@_; - - push(@out,"\t$name\n"); - } - -sub out1 - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub conv - { - local($p)=@_; - - $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - return $p; - } - -sub using486 - { - return if $using486; - $using486++; - grep(s/\.386/\.486/,@out); - } - -sub main'file - { - local($file)=@_; - - local($tmp)=<<"EOF"; - TITLE $file.asm - .386 -.model FLAT -EOF - push(@out,$tmp); - } - -sub main'function_begin - { - local($func,$extra)=@_; - - push(@labels,$func); - - local($tmp)=<<"EOF"; -_TEXT SEGMENT -PUBLIC _$func -$extra -_$func PROC NEAR - push ebp - push ebx - push esi - push edi -EOF - push(@out,$tmp); - $stack=20; - } - -sub main'function_begin_B - { - local($func,$extra)=@_; - - local($tmp)=<<"EOF"; -_TEXT SEGMENT -PUBLIC _$func -$extra -_$func PROC NEAR -EOF - push(@out,$tmp); - $stack=4; - } - -sub main'function_end - { - local($func)=@_; - - local($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -_$func ENDP -_TEXT ENDS -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_B - { - local($func)=@_; - - local($tmp)=<<"EOF"; -_$func ENDP -_TEXT ENDS -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_A - { - local($func)=@_; - - local($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF - push(@out,$tmp); - } - -sub main'file_end - { - push(@out,"END\n"); - } - -sub main'wparam - { - local($num)=@_; - - return(&main'DWP($stack+$num*4,"esp","",0)); - } - -sub main'swtmp - { - return(&main'DWP($_[0]*4,"esp","",0)); - } - -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main'wtmp -# { -# local($num)=@_; -# -# return(&main'DWP(-(($num+1)*4),"esp","",0)); -# } - -sub main'comment - { - foreach (@_) - { - push(@out,"\t; $_\n"); - } - } - -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="\$${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } - -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="${label}${_[0]}"; - $label++; - } - if((defined $_[2]) && ($_[2] == 1)) - { - push(@out,"$label{$_[0]}::\n"); - } - else - { - push(@out,"$label{$_[0]}:\n"); - } - } - -sub main'data_word - { - push(@out,"\tDD\t$_[0]\n"); - } - -sub out1p - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t ".&conv($p1)."\n"); - } diff --git a/lib/libcrypto/perlasm/x86nasm.pl b/lib/libcrypto/perlasm/x86nasm.pl deleted file mode 100644 index 90d27fca9..000000000 --- a/lib/libcrypto/perlasm/x86nasm.pl +++ /dev/null @@ -1,366 +0,0 @@ -#!/usr/bin/perl - -package x86nasm; - -$label="L000"; - -%lb=( 'eax', 'al', - 'ebx', 'bl', - 'ecx', 'cl', - 'edx', 'dl', - 'ax', 'al', - 'bx', 'bl', - 'cx', 'cl', - 'dx', 'dl', - ); - -%hb=( 'eax', 'ah', - 'ebx', 'bh', - 'ecx', 'ch', - 'edx', 'dh', - 'ax', 'ah', - 'bx', 'bh', - 'cx', 'ch', - 'dx', 'dh', - ); - -%regs=( 'eax', 'eax', - 'ebx', 'ebx', - 'ecx', 'ecx', - 'edx', 'edx', - 'esi', 'esi', - 'edi', 'edi', - 'ebp', 'ebp', - 'esp', 'esp', - 'mm0', 'mm0', - 'mm1', 'mm1', - ); - -sub main::asm_init_output { @out=(); } -sub main::asm_get_output { return(@out); } -sub main::get_labels { return(@labels); } - -sub main::external_label -{ - push(@labels,@_); - foreach (@_) { - push(@out, "extern\t_$_\n"); - } -} - -sub main::LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main::HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main::BP - { - &get_mem("BYTE",@_); - } - -sub main::DWP - { - &get_mem("DWORD",@_); - } - -sub main::BC - { - return "BYTE @_"; - } - -sub main::DWC - { - return "DWORD @_"; - } - -sub main::stack_push - { - my($num)=@_; - $stack+=$num*4; - &main::sub("esp",$num*4); - } - -sub main::stack_pop - { - my($num)=@_; - $stack-=$num*4; - &main::add("esp",$num*4); - } - -sub get_mem - { - my($size,$addr,$reg1,$reg2,$idx)=@_; - my($t,$post); - my($ret)="["; - $addr =~ s/^\s+//; - if ($addr =~ /^(.+)\+(.+)$/) - { - if (defined($regs{$reg2})) { - $addr=join('+', &conv($1), "_$2"); - } else { - $reg2=&conv($1); - $addr="_$2"; - } - } - elsif ($addr =~ /^[_a-zA-Z]/) - { - $addr="_$addr"; - } - - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - if (($addr ne "") && ($addr ne 0)) - { - if ($addr !~ /^-/) - { $ret.="${addr}+"; } - else { $post=$addr; } - } - if ($reg2 ne "") - { - $t=""; - $t="*$idx" if ($idx != 0); - $reg1="+".$reg1 if ("$reg1$post" ne ""); - $ret.="$reg2$t$reg1$post]"; - } - else - { - $ret.="$reg1$post]" - } - return($ret); - } - -sub main::mov { &out2("mov",@_); } -sub main::movb { &out2("mov",@_); } -sub main::and { &out2("and",@_); } -sub main::or { &out2("or",@_); } -sub main::shl { &out2("shl",@_); } -sub main::shr { &out2("shr",@_); } -sub main::xor { &out2("xor",@_); } -sub main::xorb { &out2("xor",@_); } -sub main::add { &out2("add",@_); } -sub main::adc { &out2("adc",@_); } -sub main::sub { &out2("sub",@_); } -sub main::rotl { &out2("rol",@_); } -sub main::rotr { &out2("ror",@_); } -sub main::exch { &out2("xchg",@_); } -sub main::cmp { &out2("cmp",@_); } -sub main::lea { &out2("lea",@_); } -sub main::mul { &out1("mul",@_); } -sub main::div { &out1("div",@_); } -sub main::dec { &out1("dec",@_); } -sub main::inc { &out1("inc",@_); } -sub main::jmp { &out1("jmp",@_); } -sub main::jmp_ptr { &out1p("jmp",@_); } - -# This is a bit of a kludge: declare all branches as NEAR. -sub main::je { &out1("je NEAR",@_); } -sub main::jle { &out1("jle NEAR",@_); } -sub main::jz { &out1("jz NEAR",@_); } -sub main::jge { &out1("jge NEAR",@_); } -sub main::jl { &out1("jl NEAR",@_); } -sub main::jb { &out1("jb NEAR",@_); } -sub main::jc { &out1("jc NEAR",@_); } -sub main::jnc { &out1("jnc NEAR",@_); } -sub main::jnz { &out1("jnz NEAR",@_); } -sub main::jne { &out1("jne NEAR",@_); } -sub main::jno { &out1("jno NEAR",@_); } - -sub main::push { &out1("push",@_); $stack+=4; } -sub main::pop { &out1("pop",@_); $stack-=4; } -sub main::bswap { &out1("bswap",@_); &using486(); } -sub main::not { &out1("not",@_); } -sub main::call { &out1("call",'_'.$_[0]); } -sub main::ret { &out0("ret"); } -sub main::nop { &out0("nop"); } - -sub out2 - { - my($name,$p1,$p2)=@_; - my($l,$t); - - push(@out,"\t$name\t"); - $t=&conv($p1).","; - $l=length($t); - push(@out,$t); - $l=4-($l+9)/8; - push(@out,"\t" x $l); - push(@out,&conv($p2)); - push(@out,"\n"); - } - -sub out0 - { - my($name)=@_; - - push(@out,"\t$name\n"); - } - -sub out1 - { - my($name,$p1)=@_; - my($l,$t); - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub conv - { - my($p)=@_; - $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - return $p; - } - -sub using486 - { - return if $using486; - $using486++; - grep(s/\.386/\.486/,@out); - } - -sub main::file - { - push(@out, "segment .text\n"); - } - -sub main::function_begin - { - my($func,$extra)=@_; - - push(@labels,$func); - my($tmp)=<<"EOF"; -global _$func -_$func: - push ebp - push ebx - push esi - push edi -EOF - push(@out,$tmp); - $stack=20; - } - -sub main::function_begin_B - { - my($func,$extra)=@_; - my($tmp)=<<"EOF"; -global _$func -_$func: -EOF - push(@out,$tmp); - $stack=4; - } - -sub main::function_end - { - my($func)=@_; - - my($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main::function_end_B - { - $stack=0; - %label=(); - } - -sub main::function_end_A - { - my($func)=@_; - - my($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF - push(@out,$tmp); - } - -sub main::file_end - { - } - -sub main::wparam - { - my($num)=@_; - - return(&main::DWP($stack+$num*4,"esp","",0)); - } - -sub main::swtmp - { - return(&main::DWP($_[0]*4,"esp","",0)); - } - -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main::wtmp -# { -# my($num)=@_; -# -# return(&main::DWP(-(($num+1)*4),"esp","",0)); -# } - -sub main::comment - { - foreach (@_) - { - push(@out,"\t; $_\n"); - } - } - -sub main::label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="\$${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } - -sub main::set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="${label}${_[0]}"; - $label++; - } - push(@out,"$label{$_[0]}:\n"); - } - -sub main::data_word - { - push(@out,"\tDD\t$_[0]\n"); - } - -sub out1p - { - my($name,$p1)=@_; - my($l,$t); - - push(@out,"\t$name\t ".&conv($p1)."\n"); - } - -## -## Additional functions required for MMX and other ops -## -sub main::testb { &out2('test', @_) } -sub main::movzx { &out2('movzx', @_) } -sub main::movd { &out2('movd', @_) } -sub main::emms { &out0('emms', @_) } diff --git a/lib/libcrypto/perlasm/x86unix.pl b/lib/libcrypto/perlasm/x86unix.pl deleted file mode 100644 index f804b91c9..000000000 --- a/lib/libcrypto/perlasm/x86unix.pl +++ /dev/null @@ -1,472 +0,0 @@ -#!/usr/bin/perl - -package x86unix; - -$label="L000"; - -$align=($main::aout)?"4":"16"; -$under=($main::aout)?"_":""; -$com_start=($main::sol)?"/":"#"; - -sub main::asm_init_output { @out=(); } -sub main::asm_get_output { return(@out); } -sub main::get_labels { return(@labels); } -sub main::external_label { push(@labels,@_); } - -if ($main::cpp) - { - $align="ALIGN"; - $under=""; - $com_start='/*'; - $com_end='*/'; - } - -%lb=( 'eax', '%al', - 'ebx', '%bl', - 'ecx', '%cl', - 'edx', '%dl', - 'ax', '%al', - 'bx', '%bl', - 'cx', '%cl', - 'dx', '%dl', - ); - -%hb=( 'eax', '%ah', - 'ebx', '%bh', - 'ecx', '%ch', - 'edx', '%dh', - 'ax', '%ah', - 'bx', '%bh', - 'cx', '%ch', - 'dx', '%dh', - ); - -%regs=( 'eax', '%eax', - 'ebx', '%ebx', - 'ecx', '%ecx', - 'edx', '%edx', - 'esi', '%esi', - 'edi', '%edi', - 'ebp', '%ebp', - 'esp', '%esp', - 'mm0', '%mm0', - 'mm1', '%mm1', - ); - -%reg_val=( - 'eax', 0x00, - 'ebx', 0x03, - 'ecx', 0x01, - 'edx', 0x02, - 'esi', 0x06, - 'edi', 0x07, - 'ebp', 0x05, - 'esp', 0x04, - ); - -sub main::LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main::HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main::DWP - { - local($addr,$reg1,$reg2,$idx)=@_; - - $ret=""; - $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/; - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - $ret.=$addr if ($addr ne "") && ($addr ne 0); - if ($reg2 ne "") - { - if($idx ne "") - { $ret.="($reg1,$reg2,$idx)"; } - else - { $ret.="($reg1,$reg2)"; } - } - else - { $ret.="($reg1)" } - return($ret); - } - -sub main::BP - { - return(&main::DWP(@_)); - } - -sub main::BC - { - return @_; - } - -sub main::DWC - { - return @_; - } - -#sub main::BP -# { -# local($addr,$reg1,$reg2,$idx)=@_; -# -# $ret=""; -# -# $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; -# $reg1="$regs{$reg1}" if defined($regs{$reg1}); -# $reg2="$regs{$reg2}" if defined($regs{$reg2}); -# $ret.=$addr if ($addr ne "") && ($addr ne 0); -# if ($reg2 ne "") -# { $ret.="($reg1,$reg2,$idx)"; } -# else -# { $ret.="($reg1)" } -# return($ret); -# } - -sub main::mov { &out2("movl",@_); } -sub main::movb { &out2("movb",@_); } -sub main::and { &out2("andl",@_); } -sub main::or { &out2("orl",@_); } -sub main::shl { &out2("sall",@_); } -sub main::shr { &out2("shrl",@_); } -sub main::xor { &out2("xorl",@_); } -sub main::xorb { &out2("xorb",@_); } -sub main::add { &out2("addl",@_); } -sub main::adc { &out2("adcl",@_); } -sub main::sub { &out2("subl",@_); } -sub main::rotl { &out2("roll",@_); } -sub main::rotr { &out2("rorl",@_); } -sub main::exch { &out2("xchg",@_); } -sub main::cmp { &out2("cmpl",@_); } -sub main::lea { &out2("leal",@_); } -sub main::mul { &out1("mull",@_); } -sub main::div { &out1("divl",@_); } -sub main::jmp { &out1("jmp",@_); } -sub main::jmp_ptr { &out1p("jmp",@_); } -sub main::je { &out1("je",@_); } -sub main::jle { &out1("jle",@_); } -sub main::jne { &out1("jne",@_); } -sub main::jnz { &out1("jnz",@_); } -sub main::jz { &out1("jz",@_); } -sub main::jge { &out1("jge",@_); } -sub main::jl { &out1("jl",@_); } -sub main::jb { &out1("jb",@_); } -sub main::jc { &out1("jc",@_); } -sub main::jnc { &out1("jnc",@_); } -sub main::jno { &out1("jno",@_); } -sub main::dec { &out1("decl",@_); } -sub main::inc { &out1("incl",@_); } -sub main::push { &out1("pushl",@_); $stack+=4; } -sub main::pop { &out1("popl",@_); $stack-=4; } -sub main::not { &out1("notl",@_); } -sub main::call { &out1("call",$under.$_[0]); } -sub main::ret { &out0("ret"); } -sub main::nop { &out0("nop"); } - -# The bswapl instruction is new for the 486. Emulate if i386. -sub main::bswap - { - if ($main::i386) - { - &main::comment("bswapl @_"); - &main::exch(main::HB(@_),main::LB(@_)); - &main::rotr(@_,16); - &main::exch(main::HB(@_),main::LB(@_)); - } - else - { - &out1("bswapl",@_); - } - } - -sub out2 - { - local($name,$p1,$p2)=@_; - local($l,$ll,$t); - local(%special)=( "roll",0xD1C0,"rorl",0xD1C8, - "rcll",0xD1D0,"rcrl",0xD1D8, - "shll",0xD1E0,"shrl",0xD1E8, - "sarl",0xD1F8); - - if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1)) - { - $op=$special{$name}|$reg_val{$p1}; - $tmp1=sprintf(".byte %d\n",($op>>8)&0xff); - $tmp2=sprintf(".byte %d\t",$op &0xff); - push(@out,$tmp1); - push(@out,$tmp2); - - $p2=&conv($p2); - $p1=&conv($p1); - &main::comment("$name $p2 $p1"); - return; - } - - push(@out,"\t$name\t"); - $t=&conv($p2).","; - $l=length($t); - push(@out,$t); - $ll=4-($l+9)/8; - $tmp1=sprintf("\t" x $ll); - push(@out,$tmp1); - push(@out,&conv($p1)."\n"); - } - -sub out1 - { - local($name,$p1)=@_; - local($l,$t); - local(%special)=("bswapl",0x0FC8); - - if ((defined($special{$name})) && defined($regs{$p1})) - { - $op=$special{$name}|$reg_val{$p1}; - $tmp1=sprintf(".byte %d\n",($op>>8)&0xff); - $tmp2=sprintf(".byte %d\t",$op &0xff); - push(@out,$tmp1); - push(@out,$tmp2); - - $p2=&conv($p2); - $p1=&conv($p1); - &main::comment("$name $p2 $p1"); - return; - } - - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub out1p - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t*".&conv($p1)."\n"); - } - -sub out0 - { - push(@out,"\t$_[0]\n"); - } - -sub conv - { - local($p)=@_; - -# $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - - $p=$regs{$p} if (defined($regs{$p})); - - $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/; - $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/; - return $p; - } - -sub main::file - { - local($file)=@_; - - local($tmp)=<<"EOF"; - .file "$file.s" - .version "01.01" -EOF -# Removed the next line from previous infile -#gcc2_compiled.: - push(@out,$tmp); - } - -sub main::function_begin - { - local($func)=@_; - - &main::external_label($func); - $func=$under.$func; - - local($tmp)=<<"EOF"; -.text - .align $align -.globl $func -EOF - push(@out,$tmp); - if ($main::cpp) - { $tmp=push(@out,"\tTYPE($func,\@function)\n"); } - elsif ($main::gaswin) - { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } - else { $tmp=push(@out,"\t.type\t$func,\@function\n"); } - push(@out,"$func:\n"); - $tmp=<<"EOF"; - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - -EOF - push(@out,$tmp); - $stack=20; - } - -sub main::function_begin_B - { - local($func,$extra)=@_; - - &main::external_label($func); - $func=$under.$func; - - local($tmp)=<<"EOF"; -.text - .align $align -.globl $func -EOF - push(@out,$tmp); - if ($main::cpp) - { push(@out,"\tTYPE($func,\@function)\n"); } - elsif ($main::gaswin) - { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } - else { push(@out,"\t.type $func,\@function\n"); } - push(@out,"$func:\n"); - $stack=4; - } - -sub main::function_end - { - local($func)=@_; - - $func=$under.$func; - - local($tmp)=<<"EOF"; - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.${func}_end: -EOF - push(@out,$tmp); - if ($main::cpp) - { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } - elsif ($main::gaswin) - { $tmp=push(@out,"\t.align 4\n"); } - else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); } - push(@out,".ident \"$func\"\n"); - $stack=0; - %label=(); - } - -sub main::function_end_A - { - local($func)=@_; - - local($tmp)=<<"EOF"; - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -EOF - push(@out,$tmp); - } - -sub main::function_end_B - { - local($func)=@_; - - $func=$under.$func; - - push(@out,".L_${func}_end:\n"); - if ($main::cpp) - { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); } - elsif ($main::gaswin) - { push(@out,"\t.align 4\n"); } - else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); } - push(@out,".ident \"desasm.pl\"\n"); - $stack=0; - %label=(); - } - -sub main::wparam - { - local($num)=@_; - - return(&main::DWP($stack+$num*4,"esp","",0)); - } - -sub main::stack_push - { - local($num)=@_; - $stack+=$num*4; - &main::sub("esp",$num*4); - } - -sub main::stack_pop - { - local($num)=@_; - $stack-=$num*4; - &main::add("esp",$num*4); - } - -sub main::swtmp - { - return(&main::DWP($_[0]*4,"esp","",0)); - } - -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main::wtmp -# { -# local($num)=@_; -# -# return(&main::DWP(-($num+1)*4,"esp","",0)); -# } - -sub main::comment - { - foreach (@_) - { - if (/^\s*$/) - { push(@out,"\n"); } - else - { push(@out,"\t$com_start $_ $com_end\n"); } - } - } - -sub main::label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=".${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } - -sub main::set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=".${label}${_[0]}"; - $label++; - } - push(@out,".align $align\n") if ($_[1] != 0); - push(@out,"$label{$_[0]}:\n"); - } - -sub main::file_end - { - } - -sub main::data_word - { - push(@out,"\t.long $_[0]\n"); - } - -## -## Additional functions required for MMX and other ops -## -sub main::testb { &out2('testb', @_) } -sub main::movzx { &out2('movzx', @_) } -sub main::movd { &out2('movd', @_) } -sub main::emms { &out0('emms', @_) } diff --git a/lib/libdes/.cvsignore b/lib/libdes/.cvsignore deleted file mode 100644 index e06b80457..000000000 --- a/lib/libdes/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -des_opts -destest -speed diff --git a/lib/libdes/Makefile b/lib/libdes/Makefile deleted file mode 100644 index e00bb0073..000000000 --- a/lib/libdes/Makefile +++ /dev/null @@ -1,245 +0,0 @@ -ifndef FREESWANSRCDIR -FREESWANSRCDIR=../.. -endif - -include ${FREESWANSRCDIR}/Makefile.inc - -KLIPSD=${FREESWANSRCDIR}/linux -SRCDIR=${KLIPSD}/crypto/ciphers/des - -VPATH =${SRCDIR} - -# You must select the correct terminal control system to be used to -# turn character echo off when reading passwords. There a 5 systems -# SGTTY - the old BSD system -# TERMIO - most system V boxes -# TERMIOS - SGI (ala IRIX). -# VMS - the DEC operating system -# MSDOS - we all know what it is :-) -# read_pwd.c makes a reasonable guess at what is correct. - -# Targets -# make - twidle the options yourself :-) -# make cc - standard cc options -# make gcc - standard gcc options -# make x86-elf - linux-elf etc -# make x86-out - linux-a.out, FreeBSD etc -# make x86-solaris -# make x86-bdsi - -# If you are on a DEC Alpha, edit des.h and change the DES_LONG -# define to 'unsigned int'. I have seen this give a %20 speedup. - -OPTS0= -DLIBDES_LIT -DRAND -DTERMIO #-DNOCONST - -# Version 1.94 has changed the strings_to_key function so that it is -# now compatible with MITs when the string is longer than 8 characters. -# If you wish to keep the old version, uncomment the following line. -# This will affect the -E/-D options on des(1). -#OPTS1= -DOLD_STR_TO_KEY - -# There are 4 possible performance options -# -DDES_PTR -# -DDES_RISC1 -# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2) -# -DDES_UNROLL -# after the initial build, run 'des_opts' to see which options are best -# for your platform. There are some listed in options.txt -#OPTS2= -DDES_PTR -#OPTS3= -DDES_RISC1 # or DES_RISC2 -#OPTS4= -DDES_UNROLL - -OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4) - -MAKE=make -f Makefile -#CC=cc -#CFLAG= -O - -#CC=gcc -#CFLAG= -O4 -funroll-loops -fomit-frame-pointer -# normally overridden by FreeS/WAN Makefiles anyway -CFLAG= -O3 -fomit-frame-pointer -I${KLIPSD}/include -I${SRCDIR} - -CFLAGS=$(OPTS) $(CFLAG) $(USERCOMPILE) -CPP=$(CC) -E - -# Assember version of des_encrypt*(). -DES_ENC=des_enc.o fcrypt_b.o # normal C version -#DES_ENC=asm/dx86-elf.o asm/yx86-elf.o # elf format x86 -#DES_ENC=asm/dx86-out.o asm/yx86-out.o # a.out format x86 -#DES_ENC=asm/dx86-sol.o asm/yx86-sol.o # solaris format x86 -#DES_ENC=asm/dx86bsdi.o asm/yx86basi.o # bsdi format x86 - -LIBDIR=$(DESTDIR)$(INC_USRLOCAL)/lib -INCDIR=$(DESTDIR)$(INC_USRLOCAL)/include -MANDIR=$(MANTREE) -MAN1=1 -MAN3=3 -SHELL=/bin/sh -MAN1=1 -MAN3=3 -SHELL=/bin/sh -OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o -OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \ - xcbc_enc.o qud_cksm.o \ - cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \ - enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o \ - rand_key.o read_pwd.o read2pwd.o rpc_enc.o str2key.o supp.o - -GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \ - des.doc options.txt asm - -GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \ - des.man DES.pm DES.pod DES.xs Makefile.PL dess.S des3s.S \ - Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \ - des.org des_locl.org - -TESTING_LIT= destest speed des_opts -TESTING_FULL= rpw $(TESTING_LIT) -TESTING_SRC_LIT=destest.c speed.c des_opts.c -TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT) -HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h -HEADERS_FULL= $(HEADERS_LIT) rpc_des.h -LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c - -LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \ - cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \ - enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c \ - rand_key.c rpc_enc.c str2key.c supp.c \ - xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c - -PERL= des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl - -OBJ= $(OBJ_LIT) -GENERAL=$(GENERAL_LIT) -TESTING=$(TESTING_LIT) -TESTING_SRC=$(TESTING_SRC_LIT) -HEADERS=$(HEADERS_LIT) -LIBDES= $(LIBDES_LIT) - -ALL= $(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS) - -DLIB= libdes.a - -.PHONY: all cc gcc x86-elf x86-out x86-solaris x86-bsdi test tar_lit \ - tar shar depend clean dclean install check checkprograms - -all: $(DLIB) $(TESTING) -programs: $(DLIB) - -cc: - $(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all - -gcc: - $(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all - -x86-elf: - $(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC='$(CC)' CFLAGS="-DELF $(OPTS) $(CFLAG)" all - -x86-out: - $(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC='$(CC)' CFLAGS="-DOUT $(OPTS) $(CFLAG)" all - -x86-solaris: - $(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC='$(CC)' CFLAGS="-DSOL $(OPTS) $(CFLAG)" all - -x86-bsdi: - $(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC='$(CC)' CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all - -# elf -asm/dx86-elf.o: asm/dx86unix.S - $(CPP) -DELF asm/dx86unix.S | $(AS) -o asm/dx86-elf.o - -asm/yx86-elf.o: asm/yx86unix.S - $(CPP) -DELF asm/yx86unix.S | $(AS) -o asm/yx86-elf.o - -# solaris -asm/dx86-sol.o: asm/dx86unix.S - $(CC) -E -DSOL asm/dx86unix.S | sed 's/^#.*//' > asm/dx86-sol.s - as -o asm/dx86-sol.o asm/dx86-sol.s - rm -f asm/dx86-sol.s - -asm/yx86-sol.o: asm/yx86unix.S - $(CC) -E -DSOL asm/yx86unix.S | sed 's/^#.*//' > asm/yx86-sol.s - as -o asm/yx86-sol.o asm/yx86-sol.s - rm -f asm/yx86-sol.s - -# a.out -asm/dx86-out.o: asm/dx86unix.S - $(CPP) -DOUT asm/dx86unix.S | $(AS) -o asm/dx86-out.o - -asm/yx86-out.o: asm/yx86unix.S - $(CPP) -DOUT asm/yx86unix.S | $(AS) -o asm/yx86-out.o - -# bsdi -asm/dx86bsdi.o: asm/dx86unix.S - $(CPP) -DBSDI asm/dx86unix.S | $(AS) -o asm/dx86bsdi.o - -asm/yx86bsdi.o: asm/yx86unix.S - $(CPP) -DBSDI asm/yx86unix.S | $(AS) -o asm/yx86bsdi.o - -asm/dx86unix.S: - (cd asm; perl des-586.pl cpp >dx86unix.S) - -asm/yx86unix.S: - (cd asm; perl crypt586.pl cpp >yx86unix.S) - -test: all - ./destest - -$(DLIB): $(OBJ) - rm -f $(DLIB) - $(AR) crs $(DLIB) $(OBJ) - -des_opts: des_opts.o $(DLIB) - $(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB) - -destest: destest.o $(DLIB) - $(CC) $(CFLAGS) -o destest destest.o $(DLIB) - -rpw: rpw.o $(DLIB) - $(CC) $(CFLAGS) -o rpw rpw.o $(DLIB) - -speed: speed.o $(DLIB) - $(CC) $(CFLAGS) -o speed speed.o $(DLIB) - -des: des.o $(DLIB) - $(CC) $(CFLAGS) -o des des.o $(DLIB) - -tags: - ctags $(TESTING_SRC) $(LIBDES) - -tar_lit: - /bin/mv Makefile Makefile.tmp - /bin/cp Makefile.lit Makefile - tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \ - $(GENERAL_LIT) $(TESTING_SRC_LIT) - /bin/rm -f Makefile - /bin/mv Makefile.tmp Makefile - -tar: - tar chf libdes.tar $(ALL) - -shar: - shar $(ALL) >libdes.shar - -depend: - makedepend $(LIBDES) $(TESTING_SRC) - -clean: - /bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o \ - asm/*.S - -dclean: - sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new - mv -f Makefile.new Makefile - -install install_file_list: - @true - -check: - echo no checks in lib right now. - -checkprograms: - -# DO NOT DELETE THIS LINE -- make depend depends on it. - diff --git a/lib/libfreeswan/.cvsignore b/lib/libfreeswan/.cvsignore deleted file mode 100644 index 49cc19caa..000000000 --- a/lib/libfreeswan/.cvsignore +++ /dev/null @@ -1,9 +0,0 @@ -try -try1a -try2 -try3 -try4 -try4a -try6 -try7 -version.c diff --git a/lib/libfreeswan/Makefile b/lib/libfreeswan/Makefile deleted file mode 100644 index aa05927e3..000000000 --- a/lib/libfreeswan/Makefile +++ /dev/null @@ -1,176 +0,0 @@ -# FreeS/WAN library -# Copyright (C) 1998-2001 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.3 2006/07/06 12:35:32 as Exp $ - - -FREESWANSRCDIR=../.. - -include ${FREESWANSRCDIR}/Makefile.inc -include ${FREESWANSRCDIR}/Makefile.ver - - -MANDIR=$(MANTREE)/man3 - -SRCS=addrtoa.c addrtot.c addrtypeof.c anyaddr.c atoaddr.c \ - atoasr.c atosa.c atosubnet.c atoul.c copyright.c datatot.c \ - goodmask.c initaddr.c initsaid.c initsubnet.c keyblobtoid.c \ - optionsfrom.c pfkey_v2_build.c pfkey_v2_ext_bits.c pfkey_v2_parse.c \ - pfkey_v2_debug.c prng.c \ - portof.c rangetoa.c rangetosubnet.c sameaddr.c \ - satoa.c satot.c subnetof.c subnettoa.c subnettot.c \ - subnettypeof.c ttoaddr.c ttodata.c ttoprotoport.c \ - ttosa.c ttosubnet.c ttoul.c ultoa.c ultot.c - -OBJS=${SRCS:.c=.o} version.o - -KLIPSD=${FREESWANSRCDIR}/linux/include -SRCDIR=${FREESWANSRCDIR}/linux/lib/libfreeswan - -VPATH = ${SRCDIR} - -HDRS=${KLIPSD}/freeswan.h ${SRCDIR}/internal.h - -LIB=libfreeswan.a -# Original flags -CFLAGS=-I. -I${SRCDIR} -I${KLIPSD} -I${FREESWANSRCDIR} $(USERCOMPILE) -CFLAGS+= -Wall -#CFLAGS+= -Wconversion -#CFLAGS+= -Wmissing-prototypes -CFLAGS+= -Wpointer-arith -CFLAGS+= -Wcast-qual -#CFLAGS+= -Wmissing-declarations -CFLAGS+= -Wstrict-prototypes -#CFLAGS+= -pedantic -#CFLAGS+= -W -#CFLAGS+= -Wwrite-strings -CFLAGS+= -Wbad-function-cast - -ifeq ($(USE_NAT_TRAVERSAL),true) - CFLAGS+= -DNAT_TRAVERSAL -endif - -ARFLAGS=crvs -EXTHDRS=des.h -EXTLIBS=libdes.a -MANS=anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 \ - initaddr.3 initsubnet.3 optionsfrom.3 portof.3 rangetosubnet.3 \ - sameaddr.3 subnetof.3 ttoaddr.3 ttodata.3 ttosa.3 ttoul.3 version.3 - -.PHONY: all install clean l t lt tar check depend checkprograms - -all: $(LIB) -programs: $(LIB) - -install: - @mkdir -p $(MANDIR) - @for f in $(MANS) ; \ - do \ - $(INSTALL) $(INSTMANFLAGS) $(SRCDIR)/$$f $(MANDIR)/ipsec_$$f || exit 1 ; \ - done - @$(FREESWANSRCDIR)/packaging/utils/manlink $(foreach man, $(MANS), ${SRCDIR}/$(man)) | \ - while read from to; \ - do \ - ln -s -f ipsec_$$from $(MANDIR)/$$to; \ - done - - -install_file_list: - @for f in $(MANS) ; \ - do \ - echo $(MANDIR)/ipsec_$$f;\ - done; - @$(FREESWANSRCDIR)/packaging/utils/manlink $(foreach man, $(MANS), ${SRCDIR}/$(man)) | \ - while read from to; \ - do \ - echo $(MANDIR)/$$to; \ - done - -$(LIB): $(OBJS) - $(AR) $(ARFLAGS) $(LIB) $(OBJS) - -$(OBJS): $(HDRS) - -# build version.c using version number from Makefile.ver -version.c: ${SRCDIR}/version.in.c ${FREESWANSRCDIR}/Makefile.ver - sed '/"/s/xxx/$(IPSECVERSION)/' ${SRCDIR}/version.in.c >$@ - -#libdes.a: ../libdes/libdes.a -# ln -f -s ../libdes/libdes.a -# -# yes, that's CFLAG=, not CFLAGS= -#../libdes/libdes.a: -# cd ../libdes ; \ -# if test " `arch | sed 's/^i[3456]/x/'`" = " x86" ; \ -# then $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' TESTING='' x86-elf ; \ -# else $(MAKE) CC='$(CC)' CFLAG='$(CFLAGS)' libdes.a ; \ -# fi - -clean: - rm -f $(LIB) *.o try* core *.core $(EXTHDRS) $(EXTLIBS) version.c - - -# developer-only stuff -l: - $(MAKE) $(LIB) ARFLAGS=crv CFLAGS=-O - $(RANLIB) $(LIB) - -t: $(LIB) - ln -f -s ${SRCDIR}/atosubnet.c try.c - ${CC} ${CFLAGS} -DATOSUBNET_MAIN try.c $(LIB) -o try - ./try -r - ln -f -s ${SRCDIR}/ttosubnet.c try1a.c - ${CC} ${CFLAGS} -DTTOSUBNET_MAIN try1a.c $(LIB) -o try1a - ./try1a -r - ln -f -s ${SRCDIR}/ttodata.c try2.c - ${CC} ${CFLAGS} -DTTODATA_MAIN try2.c $(LIB) -o try2 - ./try2 -r - ln -f -s ${SRCDIR}/atoasr.c try3.c - ${CC} ${CFLAGS} -DATOASR_MAIN try3.c $(LIB) -o try3 - ./try3 -r - ln -f -s ${SRCDIR}/atosa.c try4.c - ${CC} ${CFLAGS} -DATOSA_MAIN try4.c $(LIB) -o try4 - ./try4 -r - ln -f -s ${SRCDIR}/ttosa.c try4a.c - ${CC} ${CFLAGS} -DTTOSA_MAIN try4a.c $(LIB) -o try4a - ./try4a -r - ln -f -s ${SRCDIR}/rangetosubnet.c try6.c - ${CC} ${CFLAGS} -DRANGETOSUBNET_MAIN try6.c $(LIB) -o try6 - ./try6 -r - ln -f -s ${SRCDIR}/addrtot.c try7.c - ${CC} ${CFLAGS} -DADDRTOT_MAIN try7.c $(LIB) -o try7 - ./try7 -r - -lt: $(LIB) - $(MAKE) t - cp optionsfrom.c try5.c - cc -DTEST try5.c $(LIB) -o try5 - echo --foo --bar >try5in1 - echo --optionsfrom >>try5in1 - echo try5in2 >>try5in1 - echo --foo >try5in2 - ./try5 --foo --bar --optionsfrom try5in1 --bar something - -tar: clean - tar -cvf /tmp/lib.tar Makefile [a-z]* - -check: - echo no checks in lib right now. - -depend: - makedepend -Y -- $(CFLAGS) -- $(SRCS) - -checkprograms: - -# DO NOT DELETE - diff --git a/lib/libipsecpolicy/.cvsignore b/lib/libipsecpolicy/.cvsignore deleted file mode 100644 index 17435c875..000000000 --- a/lib/libipsecpolicy/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -version.c diff --git a/lib/libipsecpolicy/Makefile b/lib/libipsecpolicy/Makefile deleted file mode 100644 index a23fa5d04..000000000 --- a/lib/libipsecpolicy/Makefile +++ /dev/null @@ -1,96 +0,0 @@ -# FreeS/WAN library -# Copyright (C) 2003 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:24 as Exp $ - - -FREESWANSRCDIR=../.. - -include ${FREESWANSRCDIR}/Makefile.inc -include ${FREESWANSRCDIR}/Makefile.ver - - -MANDIR=$(MANTREE)/man3 - -SRCS=policyquery.c cgipolicy.c - -OBJS=${SRCS:.c=.o} version.o - -KLIPSD=${FREESWANSRCDIR}/linux/include - -LIB=libipsecpolicy.a -# Original flags -CFLAGS=-I. -I${KLIPSD} -I${FREESWANSRCDIR} $(USERCOMPILE) -CFLAGS+= -Wall -CFLAGS+= -Wpointer-arith -CFLAGS+= -Wcast-qual -CFLAGS+= -Wstrict-prototypes -CFLAGS+= -Wbad-function-cast - -MANS= - -.PHONY: all install clean l t lt tar check depend checkprograms - -all: $(LIB) -programs: $(LIB) - -install: - @mkdir -p $(MANDIR) - @for f in $(MANS) ; \ - do \ - $(INSTALL) $(INSTMANFLAGS) $(SRCDIR)/$$f $(MANDIR)/ipsec_$$f || exit 1 ; \ - done - @$(FREESWANSRCDIR)/packaging/utils/manlink $(foreach man, $(MANS), ${SRCDIR}/$(man)) | \ - while read from to; \ - do \ - ln -s -f ipsec_$$from $(MANDIR)/$$to; \ - done - - -install_file_list: - @for f in $(MANS) ; \ - do \ - echo $(MANDIR)/ipsec_$$f;\ - done; - @$(FREESWANSRCDIR)/packaging/utils/manlink $(foreach man, $(MANS), ${SRCDIR}/$(man)) | \ - while read from to; \ - do \ - echo $(MANDIR)/$$to; \ - done - -$(LIB): $(OBJS) - $(AR) $(ARFLAGS) $(LIB) $(OBJS) - -$(OBJS): $(HDRS) - -# build version.c using version number from Makefile.ver -version.c: version.in.c ${FREESWANSRCDIR}/Makefile.ver - sed '/"/s/xxx/$(IPSECVERSION)/' version.in.c >$@ - -clean: - rm -f $(LIB) *.o try* core *.core $(EXTHDRS) $(EXTLIBS) version.c - - -tar: clean - tar -cvf /tmp/lib.tar Makefile [a-z]* - -check: - echo no checks in lib right now. - -depend: - makedepend -Y -- $(CFLAGS) -- $(SRCS) - -checkprograms: - -# DO NOT DELETE - diff --git a/lib/libipsecpolicy/cgipolicy.c b/lib/libipsecpolicy/cgipolicy.c deleted file mode 100644 index d28243e85..000000000 --- a/lib/libipsecpolicy/cgipolicy.c +++ /dev/null @@ -1,77 +0,0 @@ -/* routines that interface with pluto to get policy information - * Copyright (C) 2003 Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: cgipolicy.c,v 1.1 2004/03/15 20:35:24 as Exp $ - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include -#include - -#include "libipsecpolicy.h" - -/* - * this version is appropriate for when one is called from a perl CGI, - * running under Apache. It extracts the appropriate things out of standard - * CGI environment variables, namely: - * $SERVER_ADDR us - * $REMOTE_ADDR them - */ - -err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result) -{ - err_t ret; - char *us, *them; - - /* clear it all out */ - memset(result, 0, sizeof(*result)); - - /* setup it up */ - result->head.ipm_version = IPSEC_POLICY_MSG_REVISION; - result->head.ipm_msg_len = sizeof(*result); - result->head.ipm_msg_type = IPSEC_CMD_QUERY_HOSTPAIR; - result->head.ipm_msg_seq = ipsec_policy_seq(); - - - us = getenv("SERVER_ADDR"); - them = getenv("REMOTE_ADDR"); - if(!us || !them) { - return "$SERVER_ADDR and $REMOTE_ADDR must be set"; - } - - ret = ttoaddr(us, 0, AF_INET, &result->query_local); - if(ret != NULL) { - return ret; - } - - ret = ttoaddr(them, 0, AF_INET, &result->query_remote); - if(ret != NULL) { - return ret; - } - - return ipsec_policy_sendrecv((unsigned char *)result, sizeof(*result)); -} - diff --git a/lib/libipsecpolicy/libipsecpolicy.h b/lib/libipsecpolicy/libipsecpolicy.h deleted file mode 100644 index 2c4ebdc0c..000000000 --- a/lib/libipsecpolicy/libipsecpolicy.h +++ /dev/null @@ -1,4 +0,0 @@ - -extern u_int32_t ipsec_policy_seq(void); - - diff --git a/lib/libipsecpolicy/policyquery.c b/lib/libipsecpolicy/policyquery.c deleted file mode 100644 index 6555bdc08..000000000 --- a/lib/libipsecpolicy/policyquery.c +++ /dev/null @@ -1,167 +0,0 @@ -/* routines that interface with pluto to get policy information - * Copyright (C) 2003 Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: policyquery.c,v 1.1 2004/03/15 20:35:25 as Exp $ - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include -#include - -#include "libipsecpolicy.h" - -static int policy_query_socket = -1; -static u_int32_t policy_seq = 1; - -u_int32_t ipsec_policy_seq(void) -{ - return ++policy_seq; -} - -err_t ipsec_policy_init(void) -{ - struct sockaddr_un sn; - - if(policy_query_socket != -1) { - return NULL; - } - - policy_query_socket = socket(PF_UNIX, SOCK_STREAM, 0); - if(policy_query_socket == -1) { - return "failed to open policy socket"; - } - - /* now connect it */ - sn.sun_family = AF_UNIX; - strcpy(sn.sun_path, IPSEC_POLICY_SOCKET); - - if(connect(policy_query_socket, (struct sockaddr *)&sn, sizeof(sn)) != 0) { - int saveerrno = errno; - close(policy_query_socket); - policy_query_socket=-1; - errno = saveerrno; - return "failed to connect policy socket"; - } - - /* okay, I think we are done */ - return NULL; -} - -err_t ipsec_policy_final(void) -{ - if(policy_query_socket != -1) { - close(policy_query_socket); - policy_query_socket = -1; - } - - return NULL; -} - -err_t ipsec_policy_readmsg(int policysock, - unsigned char *buf, - size_t buflen) -{ - struct ipsec_policy_msg_head ipmh; - - if(read(policysock, &ipmh, sizeof(ipmh)) - != sizeof(ipmh)) { - return "read failed"; - } - - /* got the header, sanitize it, and find out how much more to read */ - switch(ipmh.ipm_version) { - case IPSEC_POLICY_MSG_REVISION: - break; - - default: - /* XXX go deal with older versions, error for now */ - fprintf(stderr, "Bad magic header: %u\n", ipmh.ipm_version); - return "bad policy msg version magic"; - } - - if(ipmh.ipm_msg_len > buflen) { - return "buffer too small for this message"; - } - - buflen = ipmh.ipm_msg_len; - memcpy(buf, &ipmh, sizeof(ipmh)); - buf += sizeof(ipmh); - buflen -= sizeof(ipmh); - - if(read(policysock, buf, buflen) != buflen) { - return "short read from socket"; - } - - return NULL; -} - -err_t ipsec_policy_sendrecv(unsigned char *buf, - size_t buflen) -{ - err_t ret; - ipsec_policy_init(); - - if(write(policy_query_socket, buf, buflen) - != buflen) { - return "write failed"; - } - - ret = ipsec_policy_readmsg(policy_query_socket, - buf, buflen); - - ipsec_policy_final(); - - return ret; -} - - -err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result) -{ - int len; - - /* clear it out */ - memset(result, 0, sizeof(*result)); - - /* setup it up */ - result->head.ipm_version = IPSEC_POLICY_MSG_REVISION; - result->head.ipm_msg_len = sizeof(*result); - result->head.ipm_msg_type = IPSEC_CMD_QUERY_HOSTPAIR; - result->head.ipm_msg_seq = ipsec_policy_seq(); - - /* suck out the data on the sockets */ - len = sizeof(result->query_local); - if(getsockname(fd, (struct sockaddr *)&result->query_local, &len) != 0) { - return "getsockname failed"; - } - - len = sizeof(result->query_remote); - if(getpeername(fd, (struct sockaddr *)&result->query_remote, &len) != 0) { - return "getpeername failed"; - } - - return ipsec_policy_sendrecv((unsigned char *)result, sizeof(*result)); -} - diff --git a/lib/libipsecpolicy/version.in.c b/lib/libipsecpolicy/version.in.c deleted file mode 100644 index 304c58c0c..000000000 --- a/lib/libipsecpolicy/version.in.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * libipsecpolicy version information - * Copyright (C) 2003 Michael Richardson - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: version.in.c,v 1.1 2004/03/15 20:35:25 as Exp $ - */ - -#define V "xxx" /* substituted in by Makefile */ -static const char ipsecpolicy_number[] = V; -static const char ipsecpolicy_string[] = "Linux FreeS/WAN policylib " V; - -/* - - ipsec_version_code - return IPsec version number/code, as string - */ -const char * -ipsec_version_code(void) -{ - return ipsecpolicy_number; -} - -/* - - ipsec_version_string - return full version string - */ -const char * -ipsec_version_string(void) -{ - return ipsecpolicy_string; -} diff --git a/lib/liblwres/Makefile b/lib/liblwres/Makefile deleted file mode 100644 index 84a7713ab..000000000 --- a/lib/liblwres/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright (C) 2000, 2001 Internet Software Consortium. -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -# DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -# INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -# $Id: Makefile,v 1.1 2004/03/15 20:35:25 as Exp $ - -srcdir = . -VPATH = . -top_srcdir = . - -CINCLUDES = -I${srcdir}/unix/include \ - -I. -I./include -I${srcdir}/include -CDEFINES = -g -CWARNINGS = -Werror - -CFLAGS=${CINCLUDES} ${CDEFINES} ${CWARNINGS} - -VERSION="@(\#) freeswan-hacking-9.2.1-for-fs2" -LIBINTERFACE=2 -LIBREVISION=0 -LIBAGE=1 -RANLIB=ranlib - -# Alphabetically -OBJS = async.o context.o gai_strerror.o getaddrinfo.o gethost.o \ - getipnode.o getnameinfo.o getrrset.o getrrset2.o herror.o \ - lwbuffer.o lwconfig.o lwpacket.o lwresutil.o \ - lwres_gabn.o lwres_gnba.o lwres_grbn.o lwres_noop.o \ - lwinetaton.o lwinetpton.o lwinetntop.o - -# Alphabetically -SRCS = async.c context.c gai_strerror.c getaddrinfo.c gethost.c \ - getipnode.c getnameinfo.c getrrset.c getrrset2.c herror.c \ - lwbuffer.c lwconfig.c lwpacket.c lwresutil.c \ - lwres_gabn.c lwres_gnba.c lwres_grbn.c lwres_noop.c \ - lwinetaton.c lwinetpton.c lwinetntop.c - -programs all: liblwres.a - -version.o: version.c - ${LIBTOOL} ${CC} ${ALL_CFLAGS} \ - -DVERSION=\"${VERSION}\" \ - -DLIBINTERFACE=${LIBINTERFACE} \ - -DLIBREVISION=${LIBREVISION} \ - -DLIBAGE=${LIBAGE} \ - -c ${srcdir}/version.c - -liblwres.a: ${OBJS} version.o - ${AR} ${ARFLAGS} $@ ${OBJS} version.o - ${RANLIB} $@ - -timestamp: liblwres.a - touch timestamp - -clean distclean mostlyclean realclean cleanall spotless:: - rm -f liblwres.a liblwres.la timestamp $(OBJS) - -install checkprograms check install_file_list: - @true - -TAGS: ${SRCS} - etags ${SRCS} diff --git a/lib/liblwres/api b/lib/liblwres/api deleted file mode 100644 index f86947031..000000000 --- a/lib/liblwres/api +++ /dev/null @@ -1,3 +0,0 @@ -LIBINTERFACE = 2 -LIBREVISION = 0 -LIBAGE = 1 diff --git a/lib/liblwres/assert_p.h b/lib/liblwres/assert_p.h deleted file mode 100644 index 0c5718290..000000000 --- a/lib/liblwres/assert_p.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: assert_p.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_ASSERT_P_H -#define LWRES_ASSERT_P_H 1 - -#include /* Required for assert() prototype. */ - -#define REQUIRE(x) assert(x) -#define INSIST(x) assert(x) - -#define UNUSED(x) ((void)(x)) - -#define SPACE_OK(b, s) (LWRES_BUFFER_AVAILABLECOUNT(b) >= (s)) -#define SPACE_REMAINING(b, s) (LWRES_BUFFER_REMAINING(b) >= (s)) - -#endif /* LWRES_ASSERT_P_H */ diff --git a/lib/liblwres/async.c b/lib/liblwres/async.c deleted file mode 100644 index b23596a70..000000000 --- a/lib/liblwres/async.c +++ /dev/null @@ -1,361 +0,0 @@ -/* - * Copyright (C) 2003, Michael Richardson - * Derived from code: Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: async.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include /* XXX #include */ -#include - -#include "assert_p.h" -#include "context_p.h" - -/* - * malloc / calloc functions that guarantee to only - * return NULL if there is an error, like they used - * to before the ANSI C committee broke them. - */ - -static void * -sane_malloc(size_t size) { - if (size == 0) - size = 1; - return (malloc(size)); -} - -static void * -sane_calloc(size_t number, size_t size) { - size_t len = number * size; - void *mem = sane_malloc(len); - if (mem != NULL) - memset(mem, 0, len); - return (mem); -} - -int -lwres_async_init(lwres_context_t **pctx) -{ - lwres_result_t lwresult; - lwres_context_t *ctx = NULL; - int result; - - lwresult = lwres_context_create(&ctx, NULL, NULL, NULL, 0); - if (lwresult != LWRES_R_SUCCESS) { - result = lwresult_to_result(lwresult); - return(result); - } - (void) lwres_conf_parse(ctx, lwres_resolv_conf); - - *pctx = ctx; - return (ERRSET_SUCCESS); -} - -int -lwres_getrrsetbyname_init(const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, - lwres_context_t *ctx, - struct lwres_async_state *las) -{ - lwres_result_t lwresult; - unsigned int i; - unsigned int lwflags; - unsigned int result; - - int ret; - lwres_lwpacket_t pkt; - lwres_grbnrequest_t request; - char target_name[1024]; - unsigned int target_length; - - int ret2; - - if (rdclass > 0xffff || rdtype > 0xffff) { - result = ERRSET_INVAL; - return result; - } - - /* - * Don't allow queries of class or type ANY - */ - if (rdclass == 0xff || rdtype == 0xff) { - result = ERRSET_INVAL; - return result; - } - - /* - * If any input flags were defined, lwflags would be set here - * based on them - */ - UNUSED(flags); - lwflags = 0; - - las->b_in.base = NULL; - las->b_out.base = NULL; - las->serial = lwres_context_nextserial(ctx); - las->opcode = LWRES_OPCODE_GETRDATABYNAME; - - target_length = strlen(hostname); - if (target_length >= sizeof(target_name)) - return (LWRES_R_FAILURE); - strcpy(target_name, hostname); /* strcpy is safe */ - - /* - * Set up our request and render it to a buffer. - */ - request.rdclass = rdclass; - request.rdtype = rdtype; - request.flags = lwflags; - request.name = target_name; - request.namelen = target_length; - pkt.pktflags = 0; - pkt.serial = las->serial; - pkt.result = 0; - pkt.recvlength = LWRES_RECVLENGTH; - - /* set up async system */ - las->next = ctx->pending; - ctx->pending = las; - - ret = lwres_grbnrequest_render(ctx, &request, &pkt, &las->b_out); - - return ret; -} - -int -lwres_getrrsetbyname_xmit(lwres_context_t *ctx, - struct lwres_async_state *las) -{ - lwres_result_t lwresult; - int ret; - - lwresult = lwres_context_send(ctx, las->b_out.base, las->b_out.length); - - return(lwresult_to_result(lwresult)); -} - - - -unsigned long -lwres_async_timeout(lwres_context_t *ctx) -{ - unsigned long tv_sec; - - /* - * Type of tv_sec is long, so make sure the unsigned long timeout - * does not overflow it. - */ - if (ctx->timeout <= LONG_MAX) - tv_sec = (long)ctx->timeout; - else - tv_sec = LONG_MAX; - - return tv_sec; -} - -int -lwres_async_fd(lwres_context_t *ctx) -{ - return (ctx->sock); -} - - -/* -const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, -*/ - -int -lwres_getrrsetbyname_read(struct lwres_async_state **plas, - lwres_context_t *ctx, - struct rrsetinfo **res) -{ - lwres_result_t lwresult; - lwres_grbnresponse_t *response = NULL; - char *buffer; - struct rrsetinfo *rrset = NULL; - int recvlen; - int ret, result, i; - lwres_buffer_t b_in; - struct lwres_async_state *las; - struct lwres_async_state **las_prev; - lwres_lwpacket_t pkt; - - buffer = NULL; - buffer = CTXMALLOC(LWRES_RECVLENGTH); - if (buffer == NULL) { - return ERRSET_NOMEMORY; - } - - ret = LWRES_R_SUCCESS; - lwresult = lwres_context_recv(ctx, buffer, LWRES_RECVLENGTH, &recvlen); - if (lwresult == LWRES_R_RETRY) { - ret = LWRES_R_RETRY; - goto out; - } - - if (ret != LWRES_R_SUCCESS) - goto out; - - lwres_buffer_init(&b_in, buffer, recvlen); - b_in.used = recvlen; - - /* - * Parse the packet header. - */ - ret = lwres_lwpacket_parseheader(&b_in, &pkt); - if (ret != LWRES_R_SUCCESS) - goto out; - - /* - * find an appropriate waiting las entry. This is a linear search. - * we can do MUCH better, since we control the serial number! - * do that later. - */ - las_prev = &ctx->pending; - las = ctx->pending; - while(las && las->serial != pkt.serial) { - las_prev=&las->next; - las=las->next; - } - - if(las == NULL) { - /* no matching serial number! */ - return(LWRES_R_RETRY); - } - - /* okay, remove it from the receive queue */ - *las_prev = las->next; - las->next = NULL; - - *plas = las; - - /* - * Free what we've transmitted, long ago. - */ - CTXFREE(las->b_out.base, las->b_out.length); - las->b_out.base = NULL; - las->b_out.length = 0; - - if (pkt.result != LWRES_R_SUCCESS) { - ret = pkt.result; - goto out; - } - - /* - * Parse the response. - */ - ret = lwres_grbnresponse_parse(ctx, &b_in, &pkt, &response); - if (ret != LWRES_R_SUCCESS) { - out: - if (buffer != NULL) - CTXFREE(buffer, LWRES_RECVLENGTH); - if (response != NULL) - lwres_grbnresponse_free(ctx, &response); - result = lwresult_to_result(ret); - goto fail; - } - - response->base = buffer; - response->baselen = LWRES_RECVLENGTH; - buffer = NULL; /* don't free this below */ - - lwresult = LWRES_R_SUCCESS; - - rrset = sane_malloc(sizeof(struct rrsetinfo)); - if (rrset == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - rrset->rri_name = NULL; - rrset->rri_rdclass = response->rdclass; - rrset->rri_rdtype = response->rdtype; - rrset->rri_ttl = response->ttl; - rrset->rri_flags = 0; - rrset->rri_nrdatas = 0; - rrset->rri_rdatas = NULL; - rrset->rri_nsigs = 0; - rrset->rri_sigs = NULL; - - rrset->rri_name = sane_malloc(response->realnamelen + 1); - if (rrset->rri_name == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - strncpy(rrset->rri_name, response->realname, response->realnamelen); - rrset->rri_name[response->realnamelen] = 0; - - if ((response->flags & LWRDATA_VALIDATED) != 0) - rrset->rri_flags |= RRSET_VALIDATED; - - rrset->rri_nrdatas = response->nrdatas; - rrset->rri_rdatas = sane_calloc(rrset->rri_nrdatas, - sizeof(struct rdatainfo)); - if (rrset->rri_rdatas == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - for (i = 0; i < rrset->rri_nrdatas; i++) { - rrset->rri_rdatas[i].rdi_length = response->rdatalen[i]; - rrset->rri_rdatas[i].rdi_data = - sane_malloc(rrset->rri_rdatas[i].rdi_length); - if (rrset->rri_rdatas[i].rdi_data == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - memcpy(rrset->rri_rdatas[i].rdi_data, response->rdatas[i], - rrset->rri_rdatas[i].rdi_length); - } - rrset->rri_nsigs = response->nsigs; - rrset->rri_sigs = sane_calloc(rrset->rri_nsigs, - sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - for (i = 0; i < rrset->rri_nsigs; i++) { - rrset->rri_sigs[i].rdi_length = response->siglen[i]; - rrset->rri_sigs[i].rdi_data = - sane_malloc(rrset->rri_sigs[i].rdi_length); - if (rrset->rri_sigs[i].rdi_data == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - memcpy(rrset->rri_sigs[i].rdi_data, response->sigs[i], - rrset->rri_sigs[i].rdi_length); - } - - lwres_grbnresponse_free(ctx, &response); - - *res = rrset; - return (ERRSET_SUCCESS); - fail: - if (rrset != NULL) - lwres_freerrset(rrset); - if (response != NULL) - lwres_grbnresponse_free(ctx, &response); - return (result); - -} - diff --git a/lib/liblwres/config.h b/lib/liblwres/config.h deleted file mode 100644 index e69de29bb..000000000 diff --git a/lib/liblwres/context.c b/lib/liblwres/context.c deleted file mode 100644 index 40f8f3e3d..000000000 --- a/lib/liblwres/context.c +++ /dev/null @@ -1,380 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: context.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#ifdef LWRES_PLATFORM_NEEDSYSSELECTH -#include -#endif - -#include "context_p.h" -#include "assert_p.h" - -/* - * Some systems define the socket length argument as an int, some as size_t, - * some as socklen_t. The last is what the current POSIX standard mandates. - * This definition is here so it can be portable but easily changed if needed. - */ -#ifndef LWRES_SOCKADDR_LEN_T -#define LWRES_SOCKADDR_LEN_T unsigned int -#endif - -/* - * Make a socket nonblocking. - */ -#ifndef MAKE_NONBLOCKING -#define MAKE_NONBLOCKING(sd, retval) \ -do { \ - retval = fcntl(sd, F_GETFL, 0); \ - if (retval != -1) { \ - retval |= O_NONBLOCK; \ - retval = fcntl(sd, F_SETFL, retval); \ - } \ -} while (0) -#endif - -lwres_uint16_t lwres_udp_port = LWRES_UDP_PORT; -const char *lwres_resolv_conf = LWRES_RESOLV_CONF; - -static void * -lwres_malloc(void *, size_t); - -static void -lwres_free(void *, void *, size_t); - -static lwres_result_t -context_connect(lwres_context_t *); - -lwres_result_t -lwres_context_create(lwres_context_t **contextp, void *arg, - lwres_malloc_t malloc_function, - lwres_free_t free_function, - unsigned int flags) -{ - lwres_context_t *ctx; - - REQUIRE(contextp != NULL && *contextp == NULL); - UNUSED(flags); - - /* - * If we were not given anything special to use, use our own - * functions. These are just wrappers around malloc() and free(). - */ - if (malloc_function == NULL || free_function == NULL) { - REQUIRE(malloc_function == NULL); - REQUIRE(free_function == NULL); - malloc_function = lwres_malloc; - free_function = lwres_free; - } - - ctx = malloc_function(arg, sizeof(lwres_context_t)); - if (ctx == NULL) - return (LWRES_R_NOMEMORY); - - /* - * Set up the context. - */ - ctx->malloc = malloc_function; - ctx->free = free_function; - ctx->arg = arg; - ctx->sock = -1; - - ctx->timeout = LWRES_DEFAULT_TIMEOUT; - ctx->serial = time(NULL); /* XXXMLG or BEW */ - - /* - * Init resolv.conf bits. - */ - lwres_conf_init(ctx); - - *contextp = ctx; - return (LWRES_R_SUCCESS); -} - -void -lwres_context_destroy(lwres_context_t **contextp) { - lwres_context_t *ctx; - - REQUIRE(contextp != NULL && *contextp != NULL); - - ctx = *contextp; - *contextp = NULL; - - if (ctx->sock != -1) { - close(ctx->sock); - ctx->sock = -1; - } - - CTXFREE(ctx, sizeof(lwres_context_t)); -} - -lwres_uint32_t -lwres_context_nextserial(lwres_context_t *ctx) { - REQUIRE(ctx != NULL); - - return (ctx->serial++); -} - -void -lwres_context_initserial(lwres_context_t *ctx, lwres_uint32_t serial) { - REQUIRE(ctx != NULL); - - ctx->serial = serial; -} - -void -lwres_context_freemem(lwres_context_t *ctx, void *mem, size_t len) { - REQUIRE(mem != NULL); - REQUIRE(len != 0); - - CTXFREE(mem, len); -} - -void * -lwres_context_allocmem(lwres_context_t *ctx, size_t len) { - REQUIRE(len != 0); - - return (CTXMALLOC(len)); -} - -static void * -lwres_malloc(void *arg, size_t len) { - void *mem; - - UNUSED(arg); - - mem = malloc(len); - if (mem == NULL) - return (NULL); - - memset(mem, 0xe5, len); - - return (mem); -} - -static void -lwres_free(void *arg, void *mem, size_t len) { - UNUSED(arg); - - memset(mem, 0xa9, len); - free(mem); -} - -static lwres_result_t -context_connect(lwres_context_t *ctx) { - int s; - int ret; - struct sockaddr_in sin; - struct sockaddr_in6 sin6; - struct sockaddr *sa; - LWRES_SOCKADDR_LEN_T salen; - int domain; - - if (ctx->confdata.lwnext != 0) { - memcpy(&ctx->address, &ctx->confdata.lwservers[0], - sizeof(lwres_addr_t)); - LWRES_LINK_INIT(&ctx->address, link); - } else { - /* The default is the IPv4 loopback address 127.0.0.1. */ - memset(&ctx->address, 0, sizeof(ctx->address)); - ctx->address.family = LWRES_ADDRTYPE_V4; - ctx->address.length = 4; - ctx->address.address[0] = 127; - ctx->address.address[1] = 0; - ctx->address.address[2] = 0; - ctx->address.address[3] = 1; - } - - if (ctx->address.family == LWRES_ADDRTYPE_V4) { - memcpy(&sin.sin_addr, ctx->address.address, - sizeof(sin.sin_addr)); - sin.sin_port = htons(lwres_udp_port); - sin.sin_family = AF_INET; - sa = (struct sockaddr *)&sin; - salen = sizeof(sin); - domain = PF_INET; - } else if (ctx->address.family == LWRES_ADDRTYPE_V6) { - memcpy(&sin6.sin6_addr, ctx->address.address, - sizeof(sin6.sin6_addr)); - sin6.sin6_port = htons(lwres_udp_port); - sin6.sin6_family = AF_INET6; - sa = (struct sockaddr *)&sin6; - salen = sizeof(sin6); - domain = PF_INET6; - } else - return (LWRES_R_IOERROR); - - s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); - if (s < 0) - return (LWRES_R_IOERROR); - - ret = connect(s, sa, salen); - if (ret != 0) { - close(s); - return (LWRES_R_IOERROR); - } - - MAKE_NONBLOCKING(s, ret); - if (ret < 0) - return (LWRES_R_IOERROR); - - ctx->sock = s; - - return (LWRES_R_SUCCESS); -} - -int -lwres_context_getsocket(lwres_context_t *ctx) { - return (ctx->sock); -} - -lwres_result_t -lwres_context_send(lwres_context_t *ctx, - void *sendbase, int sendlen) { - int ret; - lwres_result_t lwresult; - - if (ctx->sock == -1) { - lwresult = context_connect(ctx); - if (lwresult != LWRES_R_SUCCESS) - return (lwresult); - } - - ret = sendto(ctx->sock, sendbase, sendlen, 0, NULL, 0); - if (ret < 0) - return (LWRES_R_IOERROR); - if (ret != sendlen) - return (LWRES_R_IOERROR); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_context_recv(lwres_context_t *ctx, - void *recvbase, int recvlen, - int *recvd_len) -{ - LWRES_SOCKADDR_LEN_T fromlen; - struct sockaddr_in sin; - struct sockaddr_in6 sin6; - struct sockaddr *sa; - int ret; - - if (ctx->address.family == LWRES_ADDRTYPE_V4) { - sa = (struct sockaddr *)&sin; - fromlen = sizeof(sin); - } else { - sa = (struct sockaddr *)&sin6; - fromlen = sizeof(sin6); - } - - /* - * The address of fromlen is cast to void * to shut up compiler - * warnings, namely on systems that have the sixth parameter - * prototyped as a signed int when LWRES_SOCKADDR_LEN_T is - * defined as unsigned. - */ - ret = recvfrom(ctx->sock, recvbase, recvlen, 0, sa, (void *)&fromlen); - - if (ret < 0) - return (LWRES_R_IOERROR); - - if (ret == recvlen) - return (LWRES_R_TOOLARGE); - - /* - * If we got something other than what we expect, have the caller - * wait for another packet. This can happen if an old result - * comes in, or if someone is sending us random stuff. - */ - if (ctx->address.family == LWRES_ADDRTYPE_V4) { - if (fromlen != sizeof(sin) - || memcmp(&sin.sin_addr, ctx->address.address, - sizeof(sin.sin_addr)) != 0 - || sin.sin_port != htons(lwres_udp_port)) - return (LWRES_R_RETRY); - } else { - if (fromlen != sizeof(sin6) - || memcmp(&sin6.sin6_addr, ctx->address.address, - sizeof(sin6.sin6_addr)) != 0 - || sin6.sin6_port != htons(lwres_udp_port)) - return (LWRES_R_RETRY); - } - - if (recvd_len != NULL) - *recvd_len = ret; - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_context_sendrecv(lwres_context_t *ctx, - void *sendbase, int sendlen, - void *recvbase, int recvlen, - int *recvd_len) -{ - lwres_result_t result; - int ret2; - fd_set readfds; - struct timeval timeout; - - /* - * Type of tv_sec is long, so make sure the unsigned long timeout - * does not overflow it. - */ - if (ctx->timeout <= LONG_MAX) - timeout.tv_sec = (long)ctx->timeout; - else - timeout.tv_sec = LONG_MAX; - - timeout.tv_usec = 0; - - result = lwres_context_send(ctx, sendbase, sendlen); - if (result != LWRES_R_SUCCESS) - return (result); - again: - FD_ZERO(&readfds); - FD_SET(ctx->sock, &readfds); - ret2 = select(ctx->sock + 1, &readfds, NULL, NULL, &timeout); - - /* - * What happened with select? - */ - if (ret2 < 0) - return (LWRES_R_IOERROR); - if (ret2 == 0) - return (LWRES_R_TIMEOUT); - - result = lwres_context_recv(ctx, recvbase, recvlen, recvd_len); - if (result == LWRES_R_RETRY) - goto again; - - return (result); -} diff --git a/lib/liblwres/context_p.h b/lib/liblwres/context_p.h deleted file mode 100644 index 52dd870e1..000000000 --- a/lib/liblwres/context_p.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: context_p.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_CONTEXT_P_H -#define LWRES_CONTEXT_P_H 1 - -/* - * Helper functions, assuming the context is always called "ctx" in - * the scope these functions are called from. - */ -#define CTXMALLOC(len) ctx->malloc(ctx->arg, (len)) -#define CTXFREE(addr, len) ctx->free(ctx->arg, (addr), (len)) - -#define LWRES_DEFAULT_TIMEOUT 120 /* 120 seconds for a reply */ - -/* - * Not all the attributes here are actually settable by the application at - * this time. - */ -struct lwres_context { - unsigned int timeout; /* time to wait for reply */ - lwres_uint32_t serial; /* serial number state */ - - /* - * For network I/O. - */ - int sock; /* socket to send on */ - lwres_addr_t address; /* address to send to */ - - /* - * Function pointers for allocating memory. - */ - lwres_malloc_t malloc; - lwres_free_t free; - void *arg; - - /* - * resolv.conf-like data - */ - lwres_conf_t confdata; - - /* linked list of outstanding DNS requests */ - struct lwres_async_state *pending; -}; - -#endif /* LWRES_CONTEXT_P_H */ - -/* - * Local Variables: - * c-basic-offset: 8 - * End Variables: - */ diff --git a/lib/liblwres/gai_strerror.c b/lib/liblwres/gai_strerror.c deleted file mode 100644 index 913b5139f..000000000 --- a/lib/liblwres/gai_strerror.c +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: gai_strerror.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -static const char *gai_messages[] = { - "no error", - "address family for hostname not supported", - "temporary failure in name resolution", - "invalid value for ai_flags", - "non-recoverable failure in name resolution", - "ai_family not supported", - "memory allocation failure", - "no address associated with hostname", - "hostname nor servname provided, or not known", - "servname not supported for ai_socktype", - "ai_socktype not supported", - "system error returned in errno", - "bad hints", - "bad protocol" -}; - -char * -lwres_gai_strerror(int ecode) { - union { - const char *const_ptr; - char *deconst_ptr; - } ptr; - - if ((ecode < 0) || - (ecode >= (int)(sizeof(gai_messages)/sizeof(*gai_messages)))) - ptr.const_ptr = "invalid error code"; - else - ptr.const_ptr = gai_messages[ecode]; - return (ptr.deconst_ptr); -} diff --git a/lib/liblwres/getaddrinfo.c b/lib/liblwres/getaddrinfo.c deleted file mode 100644 index 06cb39ffc..000000000 --- a/lib/liblwres/getaddrinfo.c +++ /dev/null @@ -1,692 +0,0 @@ -/* - * Copyright (C) 1999-2001 Internet Software Consortium. - * - * This code is derived from software contributed to Internet Software - * Consortium by Berkeley Software Design, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND - * BERKELEY SOFTWARE DESIGN, INC DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND - * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR BERKELEY - * SOFTWARE DESIGN, INC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: getaddrinfo.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include - -#define SA(addr) ((struct sockaddr *)(addr)) -#define SIN(addr) ((struct sockaddr_in *)(addr)) -#define SIN6(addr) ((struct sockaddr_in6 *)(addr)) -#define SUN(addr) ((struct sockaddr_un *)(addr)) - -static struct addrinfo - *ai_reverse(struct addrinfo *oai), - *ai_clone(struct addrinfo *oai, int family), - *ai_alloc(int family, int addrlen); -#ifdef AF_LOCAL -static int get_local(const char *name, int socktype, struct addrinfo **res); -#endif - -static int add_ipv4(const char *hostname, int flags, struct addrinfo **aip, - int socktype, int port); -static int add_ipv6(const char *hostname, int flags, struct addrinfo **aip, - int socktype, int port); -static void set_order(int, int (**)(const char *, int, struct addrinfo **, - int, int)); - -#define FOUND_IPV4 0x1 -#define FOUND_IPV6 0x2 -#define FOUND_MAX 2 - -#define ISC_AI_MASK (AI_PASSIVE|AI_CANONNAME|AI_NUMERICHOST) - -int -lwres_getaddrinfo(const char *hostname, const char *servname, - const struct addrinfo *hints, struct addrinfo **res) -{ - struct servent *sp; - const char *proto; - int family, socktype, flags, protocol; - struct addrinfo *ai, *ai_list; - int port, err, i; - int (*net_order[FOUND_MAX+1])(const char *, int, struct addrinfo **, - int, int); - - if (hostname == NULL && servname == NULL) - return (EAI_NONAME); - - proto = NULL; - if (hints != NULL) { - if ((hints->ai_flags & ~(ISC_AI_MASK)) != 0) - return (EAI_BADFLAGS); - if (hints->ai_addrlen || hints->ai_canonname || - hints->ai_addr || hints->ai_next) { - errno = EINVAL; - return (EAI_SYSTEM); - } - family = hints->ai_family; - socktype = hints->ai_socktype; - protocol = hints->ai_protocol; - flags = hints->ai_flags; - switch (family) { - case AF_UNSPEC: - switch (hints->ai_socktype) { - case SOCK_STREAM: - proto = "tcp"; - break; - case SOCK_DGRAM: - proto = "udp"; - break; - } - break; - case AF_INET: - case AF_INET6: - switch (hints->ai_socktype) { - case 0: - break; - case SOCK_STREAM: - proto = "tcp"; - break; - case SOCK_DGRAM: - proto = "udp"; - break; - case SOCK_RAW: - break; - default: - return (EAI_SOCKTYPE); - } - break; -#ifdef AF_LOCAL - case AF_LOCAL: - switch (hints->ai_socktype) { - case 0: - break; - case SOCK_STREAM: - break; - case SOCK_DGRAM: - break; - default: - return (EAI_SOCKTYPE); - } - break; -#endif - default: - return (EAI_FAMILY); - } - } else { - protocol = 0; - family = 0; - socktype = 0; - flags = 0; - } - -#ifdef AF_LOCAL - /* - * First, deal with AF_LOCAL. If the family was not set, - * then assume AF_LOCAL if the first character of the - * hostname/servname is '/'. - */ - - if (hostname != NULL && - (family == AF_LOCAL || (family == 0 && *hostname == '/'))) - return (get_local(hostname, socktype, res)); - - if (servname != NULL && - (family == AF_LOCAL || (family == 0 && *servname == '/'))) - return (get_local(servname, socktype, res)); -#endif - - /* - * Ok, only AF_INET and AF_INET6 left. - */ - ai_list = NULL; - - /* - * First, look up the service name (port) if it was - * requested. If the socket type wasn't specified, then - * try and figure it out. - */ - if (servname != NULL) { - char *e; - - port = strtol(servname, &e, 10); - if (*e == '\0') { - if (socktype == 0) - return (EAI_SOCKTYPE); - if (port < 0 || port > 65535) - return (EAI_SERVICE); - port = htons((unsigned short) port); - } else { - sp = getservbyname(servname, proto); - if (sp == NULL) - return (EAI_SERVICE); - port = sp->s_port; - if (socktype == 0) { - if (strcmp(sp->s_proto, "tcp") == 0) - socktype = SOCK_STREAM; - else if (strcmp(sp->s_proto, "udp") == 0) - socktype = SOCK_DGRAM; - } - } - } else - port = 0; - - /* - * Next, deal with just a service name, and no hostname. - * (we verified that one of them was non-null up above). - */ - if (hostname == NULL && (flags & AI_PASSIVE) != 0) { - if (family == AF_INET || family == 0) { - ai = ai_alloc(AF_INET, sizeof(struct sockaddr_in)); - if (ai == NULL) - return (EAI_MEMORY); - ai->ai_socktype = socktype; - ai->ai_protocol = protocol; - SIN(ai->ai_addr)->sin_port = port; - ai->ai_next = ai_list; - ai_list = ai; - } - - if (family == AF_INET6 || family == 0) { - ai = ai_alloc(AF_INET6, sizeof(struct sockaddr_in6)); - if (ai == NULL) { - lwres_freeaddrinfo(ai_list); - return (EAI_MEMORY); - } - ai->ai_socktype = socktype; - ai->ai_protocol = protocol; - SIN6(ai->ai_addr)->sin6_port = port; - ai->ai_next = ai_list; - ai_list = ai; - } - - *res = ai_list; - return (0); - } - - /* - * If the family isn't specified or AI_NUMERICHOST specified, - * check first to see if it is a numeric address. - * Though the gethostbyname2() routine - * will recognize numeric addresses, it will only recognize - * the format that it is being called for. Thus, a numeric - * AF_INET address will be treated by the AF_INET6 call as - * a domain name, and vice versa. Checking for both numerics - * here avoids that. - */ - if (hostname != NULL && - (family == 0 || (flags & AI_NUMERICHOST) != 0)) { - char abuf[sizeof(struct in6_addr)]; - char nbuf[NI_MAXHOST]; - int addrsize, addroff; -#ifdef LWRES_HAVE_SIN6_SCOPE_ID - char *p, *ep; - char ntmp[NI_MAXHOST]; - lwres_uint32_t scopeid; -#endif - -#ifdef LWRES_HAVE_SIN6_SCOPE_ID - /* - * Scope identifier portion. - */ - ntmp[0] = '\0'; - if (strchr(hostname, '%') != NULL) { - strncpy(ntmp, hostname, sizeof(ntmp) - 1); - ntmp[sizeof(ntmp) - 1] = '\0'; - p = strchr(ntmp, '%'); - ep = NULL; - - /* - * Vendors may want to support non-numeric - * scopeid around here. - */ - - if (p != NULL) - scopeid = (lwres_uint32_t)strtoul(p + 1, - &ep, 10); - if (p != NULL && ep != NULL && ep[0] == '\0') - *p = '\0'; - else { - ntmp[0] = '\0'; - scopeid = 0; - } - } else - scopeid = 0; -#endif - - if (lwres_net_pton(AF_INET, hostname, (struct in_addr *)abuf) - == 1) - { - if (family == AF_INET6) { - /* - * Convert to a V4 mapped address. - */ - struct in6_addr *a6 = (struct in6_addr *)abuf; - memcpy(&a6->s6_addr[12], &a6->s6_addr[0], 4); - memset(&a6->s6_addr[10], 0xff, 2); - memset(&a6->s6_addr[0], 0, 10); - goto inet6_addr; - } - addrsize = sizeof(struct in_addr); - addroff = (char *)(&SIN(0)->sin_addr) - (char *)0; - family = AF_INET; - goto common; -#ifdef LWRES_HAVE_SIN6_SCOPE_ID - } else if (ntmp[0] != '\0' && - lwres_net_pton(AF_INET6, ntmp, abuf) == 1) - { - if (family && family != AF_INET6) - return (EAI_NONAME); - addrsize = sizeof(struct in6_addr); - addroff = (char *)(&SIN6(0)->sin6_addr) - (char *)0; - family = AF_INET6; - goto common; -#endif - } else if (lwres_net_pton(AF_INET6, hostname, abuf) == 1) { - if (family != 0 && family != AF_INET6) - return (EAI_NONAME); - inet6_addr: - addrsize = sizeof(struct in6_addr); - addroff = (char *)(&SIN6(0)->sin6_addr) - (char *)0; - family = AF_INET6; - - common: - ai = ai_clone(ai_list, family); - if (ai == NULL) - return (EAI_MEMORY); - ai_list = ai; - ai->ai_socktype = socktype; - SIN(ai->ai_addr)->sin_port = port; - memcpy((char *)ai->ai_addr + addroff, abuf, addrsize); - if (flags & AI_CANONNAME) { -#if defined(LWRES_HAVE_SIN6_SCOPE_ID) - if (ai->ai_family == AF_INET6) - SIN6(ai->ai_addr)->sin6_scope_id = - scopeid; -#endif - if (lwres_getnameinfo(ai->ai_addr, - ai->ai_addrlen, nbuf, sizeof(nbuf), - NULL, 0, - NI_NUMERICHOST) == 0) { - ai->ai_canonname = strdup(nbuf); - if (ai->ai_canonname == NULL) - return (EAI_MEMORY); - } else { - /* XXX raise error? */ - ai->ai_canonname = NULL; - } - } - goto done; - } else if ((flags & AI_NUMERICHOST) != 0) { - return (EAI_NONAME); - } - } - - set_order(family, net_order); - for (i = 0; i < FOUND_MAX; i++) { - if (net_order[i] == NULL) - break; - err = (net_order[i])(hostname, flags, &ai_list, - socktype, port); - if (err != 0) - return (err); - } - - if (ai_list == NULL) - return (EAI_NODATA); - -done: - ai_list = ai_reverse(ai_list); - - *res = ai_list; - return (0); -} - -static char * -lwres_strsep(char **stringp, const char *delim) { - char *string = *stringp; - char *s; - const char *d; - char sc, dc; - - if (string == NULL) - return (NULL); - - for (s = string; *s != '\0'; s++) { - sc = *s; - for (d = delim; (dc = *d) != '\0'; d++) - if (sc == dc) { - *s++ = '\0'; - *stringp = s; - return (string); - } - } - *stringp = NULL; - return (string); -} - -static void -set_order(int family, int (**net_order)(const char *, int, struct addrinfo **, - int, int)) -{ - char *order, *tok; - int found; - - if (family) { - switch (family) { - case AF_INET: - *net_order++ = add_ipv4; - break; - case AF_INET6: - *net_order++ = add_ipv6; - break; - } - } else { - order = getenv("NET_ORDER"); - found = 0; - while (order != NULL) { - /* - * We ignore any unknown names. - */ - tok = lwres_strsep(&order, ":"); - if (strcasecmp(tok, "inet6") == 0) { - if ((found & FOUND_IPV6) == 0) - *net_order++ = add_ipv6; - found |= FOUND_IPV6; - } else if (strcasecmp(tok, "inet") == 0 || - strcasecmp(tok, "inet4") == 0) { - if ((found & FOUND_IPV4) == 0) - *net_order++ = add_ipv4; - found |= FOUND_IPV4; - } - } - - /* - * Add in anything that we didn't find. - */ - if ((found & FOUND_IPV4) == 0) - *net_order++ = add_ipv4; - if ((found & FOUND_IPV6) == 0) - *net_order++ = add_ipv6; - } - *net_order = NULL; - return; -} - -static char v4_loop[4] = { 127, 0, 0, 1 }; - -/* - * The test against 0 is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ -#define ERR(code) \ - do { result = (code); \ - if (result != 0) goto cleanup; \ - } while (0) - -static int -add_ipv4(const char *hostname, int flags, struct addrinfo **aip, - int socktype, int port) -{ - struct addrinfo *ai; - lwres_context_t *lwrctx = NULL; - lwres_gabnresponse_t *by = NULL; - lwres_addr_t *addr; - lwres_result_t lwres; - int result = 0; - - lwres = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); - if (lwres != LWRES_R_SUCCESS) - ERR(EAI_FAIL); - (void) lwres_conf_parse(lwrctx, lwres_resolv_conf); - if (hostname == NULL && (flags & AI_PASSIVE) == 0) { - ai = ai_clone(*aip, AF_INET); - if (ai == NULL) { - lwres_freeaddrinfo(*aip); - ERR(EAI_MEMORY); - } - - *aip = ai; - ai->ai_socktype = socktype; - SIN(ai->ai_addr)->sin_port = port; - memcpy(&SIN(ai->ai_addr)->sin_addr, v4_loop, 4); - } else { - lwres = lwres_getaddrsbyname(lwrctx, hostname, - LWRES_ADDRTYPE_V4, &by); - if (lwres != LWRES_R_SUCCESS) { - if (lwres == LWRES_R_NOTFOUND) - goto cleanup; - else - ERR(EAI_FAIL); - } - addr = LWRES_LIST_HEAD(by->addrs); - while (addr != NULL) { - ai = ai_clone(*aip, AF_INET); - if (ai == NULL) { - lwres_freeaddrinfo(*aip); - ERR(EAI_MEMORY); - } - *aip = ai; - ai->ai_socktype = socktype; - SIN(ai->ai_addr)->sin_port = port; - memcpy(&SIN(ai->ai_addr)->sin_addr, - addr->address, 4); - if (flags & AI_CANONNAME) { - ai->ai_canonname = strdup(by->realname); - if (ai->ai_canonname == NULL) - ERR(EAI_MEMORY); - } - addr = LWRES_LIST_NEXT(addr, link); - } - } - cleanup: - if (by != NULL) - lwres_gabnresponse_free(lwrctx, &by); - if (lwrctx != NULL) { - lwres_conf_clear(lwrctx); - lwres_context_destroy(&lwrctx); - } - return (result); -} - -static char v6_loop[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }; - -static int -add_ipv6(const char *hostname, int flags, struct addrinfo **aip, - int socktype, int port) -{ - struct addrinfo *ai; - lwres_context_t *lwrctx = NULL; - lwres_gabnresponse_t *by = NULL; - lwres_addr_t *addr; - lwres_result_t lwres; - int result = 0; - - lwres = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); - if (lwres != LWRES_R_SUCCESS) - ERR(EAI_FAIL); - (void) lwres_conf_parse(lwrctx, lwres_resolv_conf); - - if (hostname == NULL && (flags & AI_PASSIVE) == 0) { - ai = ai_clone(*aip, AF_INET6); - if (ai == NULL) { - lwres_freeaddrinfo(*aip); - ERR(EAI_MEMORY); - } - - *aip = ai; - ai->ai_socktype = socktype; - SIN6(ai->ai_addr)->sin6_port = port; - memcpy(&SIN6(ai->ai_addr)->sin6_addr, v6_loop, 16); - } else { - lwres = lwres_getaddrsbyname(lwrctx, hostname, - LWRES_ADDRTYPE_V6, &by); - if (lwres != LWRES_R_SUCCESS) { - if (lwres == LWRES_R_NOTFOUND) - goto cleanup; - else - ERR(EAI_FAIL); - } - addr = LWRES_LIST_HEAD(by->addrs); - while (addr != NULL) { - ai = ai_clone(*aip, AF_INET6); - if (ai == NULL) { - lwres_freeaddrinfo(*aip); - ERR(EAI_MEMORY); - } - *aip = ai; - ai->ai_socktype = socktype; - SIN6(ai->ai_addr)->sin6_port = port; - memcpy(&SIN6(ai->ai_addr)->sin6_addr, - addr->address, 16); - if (flags & AI_CANONNAME) { - ai->ai_canonname = strdup(by->realname); - if (ai->ai_canonname == NULL) - ERR(EAI_MEMORY); - } - addr = LWRES_LIST_NEXT(addr, link); - } - } - cleanup: - if (by != NULL) - lwres_gabnresponse_free(lwrctx, &by); - if (lwrctx != NULL) { - lwres_conf_clear(lwrctx); - lwres_context_destroy(&lwrctx); - } - return (result); -} - -void -lwres_freeaddrinfo(struct addrinfo *ai) { - struct addrinfo *ai_next; - - while (ai != NULL) { - ai_next = ai->ai_next; - if (ai->ai_addr != NULL) - free(ai->ai_addr); - if (ai->ai_canonname) - free(ai->ai_canonname); - free(ai); - ai = ai_next; - } -} - -#ifdef AF_LOCAL -static int -get_local(const char *name, int socktype, struct addrinfo **res) { - struct addrinfo *ai; - struct sockaddr_un *sun; - - if (socktype == 0) - return (EAI_SOCKTYPE); - - ai = ai_alloc(AF_LOCAL, sizeof(*sun)); - if (ai == NULL) - return (EAI_MEMORY); - - sun = SUN(ai->ai_addr); - strncpy(sun->sun_path, name, sizeof(sun->sun_path)); - - ai->ai_socktype = socktype; - /* - * ai->ai_flags, ai->ai_protocol, ai->ai_canonname, - * and ai->ai_next were initialized to zero. - */ - - *res = ai; - return (0); -} -#endif - -/* - * Allocate an addrinfo structure, and a sockaddr structure - * of the specificed length. We initialize: - * ai_addrlen - * ai_family - * ai_addr - * ai_addr->sa_family - * ai_addr->sa_len (LWRES_PLATFORM_HAVESALEN) - * and everything else is initialized to zero. - */ -static struct addrinfo * -ai_alloc(int family, int addrlen) { - struct addrinfo *ai; - - ai = (struct addrinfo *)calloc(1, sizeof(*ai)); - if (ai == NULL) - return (NULL); - - ai->ai_addr = SA(calloc(1, addrlen)); - if (ai->ai_addr == NULL) { - free(ai); - return (NULL); - } - ai->ai_addrlen = addrlen; - ai->ai_family = family; - ai->ai_addr->sa_family = family; -#ifdef LWRES_PLATFORM_HAVESALEN - ai->ai_addr->sa_len = addrlen; -#endif - return (ai); -} - -static struct addrinfo * -ai_clone(struct addrinfo *oai, int family) { - struct addrinfo *ai; - - ai = ai_alloc(family, ((family == AF_INET6) ? - sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in))); - - if (ai == NULL) { - lwres_freeaddrinfo(oai); - return (NULL); - } - if (oai == NULL) - return (ai); - - ai->ai_flags = oai->ai_flags; - ai->ai_socktype = oai->ai_socktype; - ai->ai_protocol = oai->ai_protocol; - ai->ai_canonname = NULL; - ai->ai_next = oai; - return (ai); -} - -static struct addrinfo * -ai_reverse(struct addrinfo *oai) { - struct addrinfo *nai, *tai; - - nai = NULL; - - while (oai != NULL) { - /* - * Grab one off the old list. - */ - tai = oai; - oai = oai->ai_next; - /* - * Put it on the front of the new list. - */ - tai->ai_next = nai; - nai = tai; - } - return (nai); -} diff --git a/lib/liblwres/gethost.c b/lib/liblwres/gethost.c deleted file mode 100644 index 32c8359b4..000000000 --- a/lib/liblwres/gethost.c +++ /dev/null @@ -1,219 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: gethost.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include - -#include -#include - -#include "assert_p.h" - -#define LWRES_ALIGNBYTES (sizeof(char *) - 1) -#define LWRES_ALIGN(p) \ - (((unsigned long)(p) + LWRES_ALIGNBYTES) &~ LWRES_ALIGNBYTES) - -static struct hostent *he = NULL; -static int copytobuf(struct hostent *, struct hostent *, char *, int); - -struct hostent * -lwres_gethostbyname(const char *name) { - - if (he != NULL) - lwres_freehostent(he); - - he = lwres_getipnodebyname(name, AF_INET, 0, &lwres_h_errno); - return (he); -} - -struct hostent * -lwres_gethostbyname2(const char *name, int af) { - if (he != NULL) - lwres_freehostent(he); - - he = lwres_getipnodebyname(name, af, 0, &lwres_h_errno); - return (he); -} - -struct hostent * -lwres_gethostbyaddr(const char *addr, int len, int type) { - - if (he != NULL) - lwres_freehostent(he); - - he = lwres_getipnodebyaddr(addr, len, type, &lwres_h_errno); - return (he); -} - -struct hostent * -lwres_gethostent(void) { - if (he != NULL) - lwres_freehostent(he); - - return (NULL); -} - -void -lwres_sethostent(int stayopen) { - /* - * Empty. - */ - UNUSED(stayopen); -} - -void -lwres_endhostent(void) { - /* - * Empty. - */ -} - -struct hostent * -lwres_gethostbyname_r(const char *name, struct hostent *resbuf, - char *buf, int buflen, int *error) -{ - struct hostent *he; - int res; - - he = lwres_getipnodebyname(name, AF_INET, 0, error); - if (he == NULL) - return (NULL); - res = copytobuf(he, resbuf, buf, buflen); - lwres_freehostent(he); - if (res != 0) { - errno = ERANGE; - return (NULL); - } - return (resbuf); -} - -struct hostent * -lwres_gethostbyaddr_r(const char *addr, int len, int type, - struct hostent *resbuf, char *buf, int buflen, - int *error) -{ - struct hostent *he; - int res; - - he = lwres_getipnodebyaddr(addr, len, type, error); - if (he == NULL) - return (NULL); - res = copytobuf(he, resbuf, buf, buflen); - lwres_freehostent(he); - if (res != 0) { - errno = ERANGE; - return (NULL); - } - return (resbuf); -} - -struct hostent * -lwres_gethostent_r(struct hostent *resbuf, char *buf, int buflen, int *error) { - UNUSED(resbuf); - UNUSED(buf); - UNUSED(buflen); - *error = 0; - return (NULL); -} - -void -lwres_sethostent_r(int stayopen) { - /* - * Empty. - */ - UNUSED(stayopen); -} - -void -lwres_endhostent_r(void) { - /* - * Empty. - */ -} - -static int -copytobuf(struct hostent *he, struct hostent *hptr, char *buf, int buflen) { - char *cp; - char **ptr; - int i, n; - int nptr, len; - - /* - * Find out the amount of space required to store the answer. - */ - nptr = 2; /* NULL ptrs */ - len = (char *)LWRES_ALIGN(buf) - buf; - for (i = 0; he->h_addr_list[i]; i++, nptr++) { - len += he->h_length; - } - for (i = 0; he->h_aliases[i]; i++, nptr++) { - len += strlen(he->h_aliases[i]) + 1; - } - len += strlen(he->h_name) + 1; - len += nptr * sizeof(char*); - - if (len > buflen) { - return (-1); - } - - /* - * Copy address size and type. - */ - hptr->h_addrtype = he->h_addrtype; - n = hptr->h_length = he->h_length; - - ptr = (char **)LWRES_ALIGN(buf); - cp = (char *)LWRES_ALIGN(buf) + nptr * sizeof(char *); - - /* - * Copy address list. - */ - hptr->h_addr_list = ptr; - for (i = 0; he->h_addr_list[i]; i++, ptr++) { - memcpy(cp, he->h_addr_list[i], n); - hptr->h_addr_list[i] = cp; - cp += n; - } - hptr->h_addr_list[i] = NULL; - ptr++; - - /* - * Copy official name. - */ - n = strlen(he->h_name) + 1; - strcpy(cp, he->h_name); - hptr->h_name = cp; - cp += n; - - /* - * Copy aliases. - */ - hptr->h_aliases = ptr; - for (i = 0; he->h_aliases[i]; i++) { - n = strlen(he->h_aliases[i]) + 1; - strcpy(cp, he->h_aliases[i]); - hptr->h_aliases[i] = cp; - cp += n; - } - hptr->h_aliases[i] = NULL; - - return (0); -} diff --git a/lib/liblwres/getipnode.c b/lib/liblwres/getipnode.c deleted file mode 100644 index 94882cbe4..000000000 --- a/lib/liblwres/getipnode.c +++ /dev/null @@ -1,839 +0,0 @@ -/* - * Copyright (C) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: getipnode.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include /* XXX #include */ - -#include "assert_p.h" - -#ifndef INADDRSZ -#define INADDRSZ 4 -#endif -#ifndef IN6ADDRSZ -#define IN6ADDRSZ 16 -#endif - -#ifdef LWRES_PLATFORM_NEEDIN6ADDRANY -LIBLWRES_EXTERNAL_DATA const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; -#endif - -#ifndef IN6_IS_ADDR_V4COMPAT -static const unsigned char in6addr_compat[12] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; -#define IN6_IS_ADDR_V4COMPAT(x) (!memcmp((x)->s6_addr, in6addr_compat, 12) && \ - ((x)->s6_addr[12] != 0 || \ - (x)->s6_addr[13] != 0 || \ - (x)->s6_addr[14] != 0 || \ - ((x)->s6_addr[15] != 0 && \ - (x)->s6_addr[15] != 1))) -#endif -#ifndef IN6_IS_ADDR_V4MAPPED -#define IN6_IS_ADDR_V4MAPPED(x) (!memcmp((x)->s6_addr, in6addr_mapped, 12)) -#endif - -static const unsigned char in6addr_mapped[12] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff -}; - -/*** - *** Forward declarations. - ***/ - -static int -scan_interfaces(int *, int *); - -static struct hostent * -copyandmerge(struct hostent *, struct hostent *, int, int *); - -static struct hostent * -hostfromaddr(lwres_gnbaresponse_t *addr, int af, const void *src); - -static struct hostent * -hostfromname(lwres_gabnresponse_t *name, int af); - -/*** - *** Public functions. - ***/ - -/* - * AI_V4MAPPED + AF_INET6 - * If no IPv6 address then a query for IPv4 and map returned values. - * - * AI_ALL + AI_V4MAPPED + AF_INET6 - * Return IPv6 and IPv4 mapped. - * - * AI_ADDRCONFIG - * Only return IPv6 / IPv4 address if there is an interface of that - * type active. - */ - -struct hostent * -lwres_getipnodebyname(const char *name, int af, int flags, int *error_num) { - int have_v4 = 1, have_v6 = 1; - struct in_addr in4; - struct in6_addr in6; - struct hostent he, *he1 = NULL, *he2 = NULL, *he3 = NULL; - int v4 = 0, v6 = 0; - int tmp_err; - lwres_context_t *lwrctx = NULL; - lwres_gabnresponse_t *by = NULL; - int n; - - /* - * If we care about active interfaces then check. - */ - if ((flags & AI_ADDRCONFIG) != 0) - if (scan_interfaces(&have_v4, &have_v6) == -1) { - *error_num = NO_RECOVERY; - return (NULL); - } - - /* Check for literal address. */ - if ((v4 = lwres_net_pton(AF_INET, name, &in4)) != 1) - v6 = lwres_net_pton(AF_INET6, name, &in6); - - /* - * Impossible combination? - */ - if ((af == AF_INET6 && (flags & AI_V4MAPPED) == 0 && v4 == 1) || - (af == AF_INET && v6 == 1) || - (have_v4 == 0 && v4 == 1) || - (have_v6 == 0 && v6 == 1) || - (have_v4 == 0 && af == AF_INET) || - (have_v6 == 0 && af == AF_INET6 && - (((flags & AI_V4MAPPED) != 0 && have_v4) || - (flags & AI_V4MAPPED) == 0))) { - *error_num = HOST_NOT_FOUND; - return (NULL); - } - - /* - * Literal address? - */ - if (v4 == 1 || v6 == 1) { - char *addr_list[2]; - char *aliases[1]; - union { - const char *const_name; - char *deconst_name; - } u; - - u.const_name = name; - he.h_name = u.deconst_name; - he.h_addr_list = addr_list; - he.h_addr_list[0] = (v4 == 1) ? (char *)&in4 : (char *)&in6; - he.h_addr_list[1] = NULL; - he.h_aliases = aliases; - he.h_aliases[0] = NULL; - he.h_length = (v4 == 1) ? INADDRSZ : IN6ADDRSZ; - he.h_addrtype = (v4 == 1) ? AF_INET : AF_INET6; - return (copyandmerge(&he, NULL, af, error_num)); - } - - n = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); - if (n != 0) { - *error_num = NO_RECOVERY; - goto cleanup; - } - (void) lwres_conf_parse(lwrctx, lwres_resolv_conf); - tmp_err = NO_RECOVERY; - if (have_v6 && af == AF_INET6) { - - n = lwres_getaddrsbyname(lwrctx, name, LWRES_ADDRTYPE_V6, &by); - if (n == 0) { - he1 = hostfromname(by, AF_INET6); - lwres_gabnresponse_free(lwrctx, &by); - if (he1 == NULL) { - *error_num = NO_RECOVERY; - goto cleanup; - } - } else { - tmp_err = HOST_NOT_FOUND; - } - } - - if (have_v4 && - ((af == AF_INET) || - (af == AF_INET6 && (flags & AI_V4MAPPED) != 0 && - (he1 == NULL || (flags & AI_ALL) != 0)))) { - n = lwres_getaddrsbyname(lwrctx, name, LWRES_ADDRTYPE_V4, &by); - if (n == 0) { - he2 = hostfromname(by, AF_INET); - lwres_gabnresponse_free(lwrctx, &by); - if (he2 == NULL) { - *error_num = NO_RECOVERY; - goto cleanup; - } - } else if (he1 == NULL) { - if (n == LWRES_R_NOTFOUND) - *error_num = HOST_NOT_FOUND; - else - *error_num = NO_RECOVERY; - goto cleanup; - } - } else - *error_num = tmp_err; - - he3 = copyandmerge(he1, he2, af, error_num); - - cleanup: - if (he1 != NULL) - lwres_freehostent(he1); - if (he2 != NULL) - lwres_freehostent(he2); - if (lwrctx != NULL) { - lwres_conf_clear(lwrctx); - lwres_context_destroy(&lwrctx); - } - return (he3); -} - -struct hostent * -lwres_getipnodebyaddr(const void *src, size_t len, int af, int *error_num) { - struct hostent *he1, *he2; - lwres_context_t *lwrctx = NULL; - lwres_gnbaresponse_t *by = NULL; - lwres_result_t n; - union { - const void *konst; - struct in6_addr *in6; - } u; - - /* - * Sanity checks. - */ - if (src == NULL) { - *error_num = NO_RECOVERY; - return (NULL); - } - - switch (af) { - case AF_INET: - if (len != INADDRSZ) { - *error_num = NO_RECOVERY; - return (NULL); - } - break; - case AF_INET6: - if (len != IN6ADDRSZ) { - *error_num = NO_RECOVERY; - return (NULL); - } - break; - default: - *error_num = NO_RECOVERY; - return (NULL); - } - - /* - * The de-"const"-ing game is done because at least one - * vendor's system (RedHat 6.0) defines the IN6_IS_ADDR_* - * macros in such a way that they discard the const with - * internal casting, and gcc ends up complaining. Rather - * than replacing their own (possibly optimized) definitions - * with our own, cleanly discarding the const is the easiest - * thing to do. - */ - u.konst = src; - - /* - * Look up IPv4 and IPv4 mapped/compatible addresses. - */ - if ((af == AF_INET6 && IN6_IS_ADDR_V4COMPAT(u.in6)) || - (af == AF_INET6 && IN6_IS_ADDR_V4MAPPED(u.in6)) || - (af == AF_INET)) { - const unsigned char *cp = src; - - if (af == AF_INET6) - cp += 12; - n = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); - if (n == LWRES_R_SUCCESS) - (void) lwres_conf_parse(lwrctx, lwres_resolv_conf); - if (n == LWRES_R_SUCCESS) - n = lwres_getnamebyaddr(lwrctx, LWRES_ADDRTYPE_V4, - INADDRSZ, cp, &by); - if (n != LWRES_R_SUCCESS) { - lwres_conf_clear(lwrctx); - lwres_context_destroy(&lwrctx); - if (n == LWRES_R_NOTFOUND) - *error_num = HOST_NOT_FOUND; - else - *error_num = NO_RECOVERY; - return (NULL); - } - he1 = hostfromaddr(by, AF_INET, cp); - lwres_gnbaresponse_free(lwrctx, &by); - lwres_conf_clear(lwrctx); - lwres_context_destroy(&lwrctx); - if (af != AF_INET6) - return (he1); - - /* - * Convert from AF_INET to AF_INET6. - */ - he2 = copyandmerge(he1, NULL, af, error_num); - lwres_freehostent(he1); - if (he2 == NULL) - return (NULL); - /* - * Restore original address. - */ - memcpy(he2->h_addr, src, len); - return (he2); - } - - /* - * Lookup IPv6 address. - */ - if (memcmp(src, &in6addr_any, IN6ADDRSZ) == 0) { - *error_num = HOST_NOT_FOUND; - return (NULL); - } - - n = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); - if (n == LWRES_R_SUCCESS) - (void) lwres_conf_parse(lwrctx, lwres_resolv_conf); - if (n == LWRES_R_SUCCESS) - n = lwres_getnamebyaddr(lwrctx, LWRES_ADDRTYPE_V6, IN6ADDRSZ, - src, &by); - if (n != 0) { - *error_num = HOST_NOT_FOUND; - return (NULL); - } - he1 = hostfromaddr(by, AF_INET6, src); - lwres_gnbaresponse_free(lwrctx, &by); - if (he1 == NULL) - *error_num = NO_RECOVERY; - lwres_context_destroy(&lwrctx); - return (he1); -} - -void -lwres_freehostent(struct hostent *he) { - char **cpp; - int names = 1; - int addresses = 1; - - free(he->h_name); - - cpp = he->h_addr_list; - while (*cpp != NULL) { - free(*cpp); - *cpp = NULL; - cpp++; - addresses++; - } - - cpp = he->h_aliases; - while (*cpp != NULL) { - free(*cpp); - cpp++; - names++; - } - - free(he->h_aliases); - free(he->h_addr_list); - free(he); -} - -/* - * Private - */ - -/* - * Scan the interface table and set have_v4 and have_v6 depending - * upon whether there are IPv4 and IPv6 interface addresses. - * - * Returns: - * 0 on success - * -1 on failure. - */ - -static int -scan_interfaces(int *have_v4, int *have_v6) { -#if 1 - *have_v4 = *have_v6 = 1; - return (0); -#else - struct ifconf ifc; - struct ifreq ifreq; - struct in_addr in4; - struct in6_addr in6; - char *buf = NULL, *cp, *cplim; - static int bufsiz = 4095; - int s, cpsize, n; - - /* - * Set to zero. Used as loop terminators below. - */ - *have_v4 = *have_v6 = 0; - - /* - * Get interface list from system. - */ - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1) - goto err_ret; - - /* - * Grow buffer until large enough to contain all interface - * descriptions. - */ - for (;;) { - buf = malloc(bufsiz); - if (buf == NULL) - goto err_ret; - ifc.ifc_len = bufsiz; - ifc.ifc_buf = buf; -#ifdef IRIX_EMUL_IOCTL_SIOCGIFCONF - /* - * This is a fix for IRIX OS in which the call to ioctl with - * the flag SIOCGIFCONF may not return an entry for all the - * interfaces like most flavors of Unix. - */ - if (emul_ioctl(&ifc) >= 0) - break; -#else - if ((n = ioctl(s, SIOCGIFCONF, (char *)&ifc)) != -1) { - /* - * Some OS's just return what will fit rather - * than set EINVAL if the buffer is too small - * to fit all the interfaces in. If - * ifc.ifc_len is too near to the end of the - * buffer we will grow it just in case and - * retry. - */ - if (ifc.ifc_len + 2 * sizeof(ifreq) < bufsiz) - break; - } -#endif - if ((n == -1) && errno != EINVAL) - goto err_ret; - - if (bufsiz > 1000000) - goto err_ret; - - free(buf); - bufsiz += 4096; - } - - /* - * Parse system's interface list. - */ - cplim = buf + ifc.ifc_len; /* skip over if's with big ifr_addr's */ - for (cp = buf; - (*have_v4 == 0 || *have_v6 == 0) && cp < cplim; - cp += cpsize) { - memcpy(&ifreq, cp, sizeof ifreq); -#ifdef LWRES_PLATFORM_HAVESALEN -#ifdef FIX_ZERO_SA_LEN - if (ifreq.ifr_addr.sa_len == 0) - ifreq.ifr_addr.sa_len = IN6ADDRSZ; -#endif -#ifdef HAVE_MINIMUM_IFREQ - cpsize = sizeof ifreq; - if (ifreq.ifr_addr.sa_len > sizeof (struct sockaddr)) - cpsize += (int)ifreq.ifr_addr.sa_len - - (int)(sizeof(struct sockaddr)); -#else - cpsize = sizeof ifreq.ifr_name + ifreq.ifr_addr.sa_len; -#endif /* HAVE_MINIMUM_IFREQ */ -#elif defined SIOCGIFCONF_ADDR - cpsize = sizeof ifreq; -#else - cpsize = sizeof ifreq.ifr_name; - /* XXX maybe this should be a hard error? */ - if (ioctl(s, SIOCGIFADDR, (char *)&ifreq) < 0) - continue; -#endif /* LWRES_PLATFORM_HAVESALEN */ - switch (ifreq.ifr_addr.sa_family) { - case AF_INET: - if (*have_v4 == 0) { - memcpy(&in4, - &((struct sockaddr_in *) - &ifreq.ifr_addr)->sin_addr, - sizeof(in4)); - if (in4.s_addr == INADDR_ANY) - break; - n = ioctl(s, SIOCGIFFLAGS, (char *)&ifreq); - if (n < 0) - break; - if ((ifreq.ifr_flags & IFF_UP) == 0) - break; - *have_v4 = 1; - } - break; - case AF_INET6: - if (*have_v6 == 0) { - memcpy(&in6, - &((struct sockaddr_in6 *) - &ifreq.ifr_addr)->sin6_addr, - sizeof(in6)); - if (memcmp(&in6, &in6addr_any, - sizeof(in6)) == 0) - break; - n = ioctl(s, SIOCGIFFLAGS, (char *)&ifreq); - if (n < 0) - break; - if ((ifreq.ifr_flags & IFF_UP) == 0) - break; - *have_v6 = 1; - } - break; - } - } - if (buf != NULL) - free(buf); - close(s); - return (0); - err_ret: - if (buf != NULL) - free(buf); - if (s != -1) - close(s); - return (-1); -#endif -} - -static struct hostent * -copyandmerge(struct hostent *he1, struct hostent *he2, int af, int *error_num) -{ - struct hostent *he = NULL; - int addresses = 1; /* NULL terminator */ - int names = 1; /* NULL terminator */ - int len = 0; - char **cpp, **npp; - - /* - * Work out array sizes. - */ - if (he1 != NULL) { - cpp = he1->h_addr_list; - while (*cpp != NULL) { - addresses++; - cpp++; - } - cpp = he1->h_aliases; - while (*cpp != NULL) { - names++; - cpp++; - } - } - - if (he2 != NULL) { - cpp = he2->h_addr_list; - while (*cpp != NULL) { - addresses++; - cpp++; - } - if (he1 == NULL) { - cpp = he2->h_aliases; - while (*cpp != NULL) { - names++; - cpp++; - } - } - } - - if (addresses == 1) { - *error_num = NO_ADDRESS; - return (NULL); - } - - he = malloc(sizeof *he); - if (he == NULL) - goto no_recovery; - - he->h_addr_list = malloc(sizeof(char *) * (addresses)); - if (he->h_addr_list == NULL) - goto cleanup0; - memset(he->h_addr_list, 0, sizeof(char *) * (addresses)); - - /* - * Copy addresses. - */ - npp = he->h_addr_list; - if (he1 != NULL) { - cpp = he1->h_addr_list; - while (*cpp != NULL) { - *npp = malloc((af == AF_INET) ? INADDRSZ : IN6ADDRSZ); - if (*npp == NULL) - goto cleanup1; - /* - * Convert to mapped if required. - */ - if (af == AF_INET6 && he1->h_addrtype == AF_INET) { - memcpy(*npp, in6addr_mapped, - sizeof in6addr_mapped); - memcpy(*npp + sizeof in6addr_mapped, *cpp, - INADDRSZ); - } else { - memcpy(*npp, *cpp, - (af == AF_INET) ? INADDRSZ : IN6ADDRSZ); - } - cpp++; - npp++; - } - } - - if (he2 != NULL) { - cpp = he2->h_addr_list; - while (*cpp != NULL) { - *npp = malloc((af == AF_INET) ? INADDRSZ : IN6ADDRSZ); - if (*npp == NULL) - goto cleanup1; - /* - * Convert to mapped if required. - */ - if (af == AF_INET6 && he2->h_addrtype == AF_INET) { - memcpy(*npp, in6addr_mapped, - sizeof in6addr_mapped); - memcpy(*npp + sizeof in6addr_mapped, *cpp, - INADDRSZ); - } else { - memcpy(*npp, *cpp, - (af == AF_INET) ? INADDRSZ : IN6ADDRSZ); - } - cpp++; - npp++; - } - } - - he->h_aliases = malloc(sizeof(char *) * (names)); - if (he->h_aliases == NULL) - goto cleanup1; - memset(he->h_aliases, 0, sizeof(char *) * (names)); - - /* - * Copy aliases. - */ - npp = he->h_aliases; - cpp = (he1 != NULL) ? he1->h_aliases : he2->h_aliases; - while (*cpp != NULL) { - len = strlen (*cpp) + 1; - *npp = malloc(len); - if (*npp == NULL) - goto cleanup2; - strcpy(*npp, *cpp); - npp++; - cpp++; - } - - /* - * Copy hostname. - */ - he->h_name = malloc(strlen((he1 != NULL) ? - he1->h_name : he2->h_name) + 1); - if (he->h_name == NULL) - goto cleanup2; - strcpy(he->h_name, (he1 != NULL) ? he1->h_name : he2->h_name); - - /* - * Set address type and length. - */ - he->h_addrtype = af; - he->h_length = (af == AF_INET) ? INADDRSZ : IN6ADDRSZ; - return (he); - - cleanup2: - cpp = he->h_aliases; - while (*cpp != NULL) { - free(*cpp); - cpp++; - } - free(he->h_aliases); - - cleanup1: - cpp = he->h_addr_list; - while (*cpp != NULL) { - free(*cpp); - *cpp = NULL; - cpp++; - } - free(he->h_addr_list); - - cleanup0: - free(he); - - no_recovery: - *error_num = NO_RECOVERY; - return (NULL); -} - -static struct hostent * -hostfromaddr(lwres_gnbaresponse_t *addr, int af, const void *src) { - struct hostent *he; - int i; - - he = malloc(sizeof *he); - if (he == NULL) - goto cleanup; - memset(he, 0, sizeof(*he)); - - /* - * Set family and length. - */ - he->h_addrtype = af; - switch (af) { - case AF_INET: - he->h_length = INADDRSZ; - break; - case AF_INET6: - he->h_length = IN6ADDRSZ; - break; - default: - INSIST(0); - } - - /* - * Copy name. - */ - he->h_name = strdup(addr->realname); - if (he->h_name == NULL) - goto cleanup; - - /* - * Copy aliases. - */ - he->h_aliases = malloc(sizeof(char *) * (addr->naliases + 1)); - if (he->h_aliases == NULL) - goto cleanup; - for (i = 0 ; i < addr->naliases; i++) { - he->h_aliases[i] = strdup(addr->aliases[i]); - if (he->h_aliases[i] == NULL) - goto cleanup; - } - he->h_aliases[i] = NULL; - - /* - * Copy address. - */ - he->h_addr_list = malloc(sizeof(char *) * 2); - if (he->h_addr_list == NULL) - goto cleanup; - he->h_addr_list[0] = malloc(he->h_length); - if (he->h_addr_list[0] == NULL) - goto cleanup; - memcpy(he->h_addr_list[0], src, he->h_length); - he->h_addr_list[1] = NULL; - return (he); - - cleanup: - if (he != NULL && he->h_addr_list != NULL) { - for (i = 0; he->h_addr_list[i] != NULL; i++) - free(he->h_addr_list[i]); - free(he->h_addr_list); - } - if (he != NULL && he->h_aliases != NULL) { - for (i = 0; he->h_aliases[i] != NULL; i++) - free(he->h_aliases[i]); - free(he->h_aliases); - } - if (he != NULL && he->h_name != NULL) - free(he->h_name); - if (he != NULL) - free(he); - return (NULL); -} - -static struct hostent * -hostfromname(lwres_gabnresponse_t *name, int af) { - struct hostent *he; - int i; - lwres_addr_t *addr; - - he = malloc(sizeof *he); - if (he == NULL) - goto cleanup; - memset(he, 0, sizeof(*he)); - - /* - * Set family and length. - */ - he->h_addrtype = af; - switch (af) { - case AF_INET: - he->h_length = INADDRSZ; - break; - case AF_INET6: - he->h_length = IN6ADDRSZ; - break; - default: - INSIST(0); - } - - /* - * Copy name. - */ - he->h_name = strdup(name->realname); - if (he->h_name == NULL) - goto cleanup; - - /* - * Copy aliases. - */ - he->h_aliases = malloc(sizeof(char *) * (name->naliases + 1)); - for (i = 0 ; i < name->naliases; i++) { - he->h_aliases[i] = strdup(name->aliases[i]); - if (he->h_aliases[i] == NULL) - goto cleanup; - } - he->h_aliases[i] = NULL; - - /* - * Copy addresses. - */ - he->h_addr_list = malloc(sizeof(char *) * (name->naddrs + 1)); - addr = LWRES_LIST_HEAD(name->addrs); - i = 0; - while (addr != NULL) { - he->h_addr_list[i] = malloc(he->h_length); - if (he->h_addr_list[i] == NULL) - goto cleanup; - memcpy(he->h_addr_list[i], addr->address, he->h_length); - addr = LWRES_LIST_NEXT(addr, link); - i++; - } - he->h_addr_list[i] = NULL; - return (he); - - cleanup: - if (he != NULL && he->h_addr_list != NULL) { - for (i = 0; he->h_addr_list[i] != NULL; i++) - free(he->h_addr_list[i]); - free(he->h_addr_list); - } - if (he != NULL && he->h_aliases != NULL) { - for (i = 0; he->h_aliases[i] != NULL; i++) - free(he->h_aliases[i]); - free(he->h_aliases); - } - if (he != NULL && he->h_name != NULL) - free(he->h_name); - if (he != NULL) - free(he); - return (NULL); -} diff --git a/lib/liblwres/getnameinfo.c b/lib/liblwres/getnameinfo.c deleted file mode 100644 index 36eea3180..000000000 --- a/lib/liblwres/getnameinfo.c +++ /dev/null @@ -1,289 +0,0 @@ -/* - * Portions Copyright (C) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: getnameinfo.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by WIDE Project and - * its contributors. - * 4. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * XXX - * Issues to be discussed: - * - Return values. There seems to be no standard for return value (RFC2553) - * but INRIA implementation returns EAI_xxx defined for getaddrinfo(). - */ - -#include - -#include -#include - -#include -#include -#include - -#include "assert_p.h" - -#define SUCCESS 0 - -static struct afd { - int a_af; - size_t a_addrlen; - size_t a_socklen; -} afdl [] = { - /* - * First entry is linked last... - */ - { AF_INET, sizeof(struct in_addr), sizeof(struct sockaddr_in) }, - { AF_INET6, sizeof(struct in6_addr), sizeof(struct sockaddr_in6) }, - {0, 0, 0}, -}; - -#define ENI_NOSERVNAME 1 -#define ENI_NOHOSTNAME 2 -#define ENI_MEMORY 3 -#define ENI_SYSTEM 4 -#define ENI_FAMILY 5 -#define ENI_SALEN 6 -#define ENI_NOSOCKET 7 - -/* - * The test against 0 is there to keep the Solaris compiler - * from complaining about "end-of-loop code not reached". - */ -#define ERR(code) \ - do { result = (code); \ - if (result != 0) goto cleanup; \ - } while (0) - -int -lwres_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, - size_t hostlen, char *serv, size_t servlen, int flags) -{ - struct afd *afd; - struct servent *sp; - unsigned short port; -#ifdef LWRES_PLATFORM_HAVESALEN - size_t len; -#endif - int family, i; - const void *addr; - char *p; -#if 0 - unsigned long v4a; - unsigned char pfx; -#endif - char numserv[sizeof("65000")]; - char numaddr[sizeof("abcd:abcd:abcd:abcd:abcd:abcd:255.255.255.255") - + 1 + sizeof("4294967295")]; - const char *proto; - lwres_uint32_t lwf = 0; - lwres_context_t *lwrctx = NULL; - lwres_gnbaresponse_t *by = NULL; - int result = SUCCESS; - int n; - - if (sa == NULL) - ERR(ENI_NOSOCKET); - -#ifdef LWRES_PLATFORM_HAVESALEN - len = sa->sa_len; - if (len != salen) - ERR(ENI_SALEN); -#endif - - family = sa->sa_family; - for (i = 0; afdl[i].a_af; i++) - if (afdl[i].a_af == family) { - afd = &afdl[i]; - goto found; - } - ERR(ENI_FAMILY); - - found: - if (salen != afd->a_socklen) - ERR(ENI_SALEN); - - switch (family) { - case AF_INET: - port = ((const struct sockaddr_in *)sa)->sin_port; - addr = &((const struct sockaddr_in *)sa)->sin_addr.s_addr; - break; - - case AF_INET6: - port = ((const struct sockaddr_in6 *)sa)->sin6_port; - addr = ((const struct sockaddr_in6 *)sa)->sin6_addr.s6_addr; - break; - - default: - port = 0; - addr = NULL; - INSIST(0); - } - proto = (flags & NI_DGRAM) ? "udp" : "tcp"; - - if (serv == NULL || servlen == 0) { - /* - * Caller does not want service. - */ - } else if ((flags & NI_NUMERICSERV) != 0 || - (sp = getservbyport(port, proto)) == NULL) { - sprintf(numserv, "%d", ntohs(port)); - if ((strlen(numserv) + 1) > servlen) - ERR(ENI_MEMORY); - strcpy(serv, numserv); - } else { - if ((strlen(sp->s_name) + 1) > servlen) - ERR(ENI_MEMORY); - strcpy(serv, sp->s_name); - } - -#if 0 - switch (sa->sa_family) { - case AF_INET: - v4a = ((struct sockaddr_in *)sa)->sin_addr.s_addr; - if (IN_MULTICAST(v4a) || IN_EXPERIMENTAL(v4a)) - flags |= NI_NUMERICHOST; - v4a >>= IN_CLASSA_NSHIFT; - if (v4a == 0 || v4a == IN_LOOPBACKNET) - flags |= NI_NUMERICHOST; - break; - - case AF_INET6: - pfx = ((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[0]; - if (pfx == 0 || pfx == 0xfe || pfx == 0xff) - flags |= NI_NUMERICHOST; - break; - } -#endif - - if (host == NULL || hostlen == 0) { - /* - * What should we do? - */ - } else if (flags & NI_NUMERICHOST) { - if (lwres_net_ntop(afd->a_af, addr, numaddr, sizeof(numaddr)) - == NULL) - ERR(ENI_SYSTEM); -#if defined(LWRES_HAVE_SIN6_SCOPE_ID) - if (afd->a_af == AF_INET6 && - ((const struct sockaddr_in6 *)sa)->sin6_scope_id) { - char *p = numaddr + strlen(numaddr); - const char *stringscope = NULL; -#if 0 - if ((flags & NI_NUMERICSCOPE) == 0) { - /* - * Vendors may want to add support for - * non-numeric scope identifier. - */ - stringscope = foo; - } -#endif - if (stringscope == NULL) { - snprintf(p, sizeof(numaddr) - (p - numaddr), - "%%%u", - ((const struct sockaddr_in6 *)sa)->sin6_scope_id); - } else { - snprintf(p, sizeof(numaddr) - (p - numaddr), - "%%%s", stringscope); - } - } -#endif - if (strlen(numaddr) + 1 > hostlen) - ERR(ENI_MEMORY); - strcpy(host, numaddr); - } else { - switch (family) { - case AF_INET: - lwf = LWRES_ADDRTYPE_V4; - break; - case AF_INET6: - lwf = LWRES_ADDRTYPE_V6; - break; - default: - INSIST(0); - } - - n = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); - if (n == 0) - (void) lwres_conf_parse(lwrctx, lwres_resolv_conf); - - if (n == 0) - n = lwres_getnamebyaddr(lwrctx, lwf, - (lwres_uint16_t)afd->a_addrlen, - addr, &by); - if (n == 0) { - if (flags & NI_NOFQDN) { - p = strchr(by->realname, '.'); - if (p) - *p = '\0'; - } - if ((strlen(by->realname) + 1) > hostlen) - ERR(ENI_MEMORY); - strcpy(host, by->realname); - } else { - if (flags & NI_NAMEREQD) - ERR(ENI_NOHOSTNAME); - if (lwres_net_ntop(afd->a_af, addr, numaddr, - sizeof(numaddr)) - == NULL) - ERR(ENI_NOHOSTNAME); - if ((strlen(numaddr) + 1) > hostlen) - ERR(ENI_MEMORY); - strcpy(host, numaddr); - } - } - result = SUCCESS; - cleanup: - if (by != NULL) - lwres_gnbaresponse_free(lwrctx, &by); - if (lwrctx != NULL) { - lwres_conf_clear(lwrctx); - lwres_context_destroy(&lwrctx); - } - return (result); -} diff --git a/lib/liblwres/getrrset.c b/lib/liblwres/getrrset.c deleted file mode 100644 index cf8359268..000000000 --- a/lib/liblwres/getrrset.c +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: getrrset.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include /* XXX #include */ - -#include "assert_p.h" - -unsigned int -lwresult_to_result(lwres_result_t lwresult) { - switch (lwresult) { - case LWRES_R_SUCCESS: return (ERRSET_SUCCESS); - case LWRES_R_NOMEMORY: return (ERRSET_NOMEMORY); - case LWRES_R_NOTFOUND: return (ERRSET_NONAME); - case LWRES_R_TYPENOTFOUND: return (ERRSET_NODATA); - case LWRES_R_RETRY: return (ERRSET_RETRY); - default: return (ERRSET_FAIL); - } -} - -/* - * malloc / calloc functions that guarantee to only - * return NULL if there is an error, like they used - * to before the ANSI C committee broke them. - */ - -static void * -sane_malloc(size_t size) { - if (size == 0) - size = 1; - return (malloc(size)); -} - -static void * -sane_calloc(size_t number, size_t size) { - size_t len = number * size; - void *mem = sane_malloc(len); - if (mem != NULL) - memset(mem, 0, len); - return (mem); -} - -int -lwres_getrrsetbyname(const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, - struct rrsetinfo **res) -{ - lwres_context_t *lwrctx = NULL; - lwres_result_t lwresult; - lwres_grbnresponse_t *response = NULL; - struct rrsetinfo *rrset = NULL; - unsigned int i; - unsigned int lwflags; - unsigned int result; - - if (rdclass > 0xffff || rdtype > 0xffff) { - result = ERRSET_INVAL; - goto fail; - } - - /* - * Don't allow queries of class or type ANY - */ - if (rdclass == 0xff || rdtype == 0xff) { - result = ERRSET_INVAL; - goto fail; - } - - lwresult = lwres_context_create(&lwrctx, NULL, NULL, NULL, 0); - if (lwresult != LWRES_R_SUCCESS) { - result = lwresult_to_result(lwresult); - goto fail; - } - (void) lwres_conf_parse(lwrctx, lwres_resolv_conf); - - /* - * If any input flags were defined, lwflags would be set here - * based on them - */ - UNUSED(flags); - lwflags = 0; - - lwresult = lwres_getrdatabyname(lwrctx, hostname, - (lwres_uint16_t)rdclass, - (lwres_uint16_t)rdtype, - lwflags, &response); - if (lwresult != LWRES_R_SUCCESS) { - result = lwresult_to_result(lwresult); - goto fail; - } - - rrset = sane_malloc(sizeof(struct rrsetinfo)); - if (rrset == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - rrset->rri_name = NULL; - rrset->rri_rdclass = response->rdclass; - rrset->rri_rdtype = response->rdtype; - rrset->rri_ttl = response->ttl; - rrset->rri_flags = 0; - rrset->rri_nrdatas = 0; - rrset->rri_rdatas = NULL; - rrset->rri_nsigs = 0; - rrset->rri_sigs = NULL; - - rrset->rri_name = sane_malloc(response->realnamelen + 1); - if (rrset->rri_name == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - strncpy(rrset->rri_name, response->realname, response->realnamelen); - rrset->rri_name[response->realnamelen] = 0; - - if ((response->flags & LWRDATA_VALIDATED) != 0) - rrset->rri_flags |= RRSET_VALIDATED; - - rrset->rri_nrdatas = response->nrdatas; - rrset->rri_rdatas = sane_calloc(rrset->rri_nrdatas, - sizeof(struct rdatainfo)); - if (rrset->rri_rdatas == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - for (i = 0; i < rrset->rri_nrdatas; i++) { - rrset->rri_rdatas[i].rdi_length = response->rdatalen[i]; - rrset->rri_rdatas[i].rdi_data = - sane_malloc(rrset->rri_rdatas[i].rdi_length); - if (rrset->rri_rdatas[i].rdi_data == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - memcpy(rrset->rri_rdatas[i].rdi_data, response->rdatas[i], - rrset->rri_rdatas[i].rdi_length); - } - rrset->rri_nsigs = response->nsigs; - rrset->rri_sigs = sane_calloc(rrset->rri_nsigs, - sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - for (i = 0; i < rrset->rri_nsigs; i++) { - rrset->rri_sigs[i].rdi_length = response->siglen[i]; - rrset->rri_sigs[i].rdi_data = - sane_malloc(rrset->rri_sigs[i].rdi_length); - if (rrset->rri_sigs[i].rdi_data == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - memcpy(rrset->rri_sigs[i].rdi_data, response->sigs[i], - rrset->rri_sigs[i].rdi_length); - } - - lwres_grbnresponse_free(lwrctx, &response); - lwres_context_destroy(&lwrctx); - *res = rrset; - return (ERRSET_SUCCESS); - fail: - if (rrset != NULL) - lwres_freerrset(rrset); - if (response != NULL) - lwres_grbnresponse_free(lwrctx, &response); - if (lwrctx != NULL) - lwres_context_destroy(&lwrctx); - return (result); - -} - -void -lwres_freerrset(struct rrsetinfo *rrset) { - unsigned int i; - for (i = 0; i < rrset->rri_nrdatas; i++) { - if (rrset->rri_rdatas[i].rdi_data == NULL) - break; - free(rrset->rri_rdatas[i].rdi_data); - } - free(rrset->rri_rdatas); - for (i = 0; i < rrset->rri_nsigs; i++) { - if (rrset->rri_sigs[i].rdi_data == NULL) - break; - free(rrset->rri_sigs[i].rdi_data); - } - free(rrset->rri_sigs); - free(rrset->rri_name); - free(rrset); -} - diff --git a/lib/liblwres/getrrset2.c b/lib/liblwres/getrrset2.c deleted file mode 100644 index 031021e06..000000000 --- a/lib/liblwres/getrrset2.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: getrrset2.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include /* XXX #include */ - -#include - -#include "assert_p.h" - -int -lwres_getrrsetbyname_async(const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, - struct rrsetinfo **res) -{ - int ret, ret2; - lwres_context_t *ctx = NULL; - struct lwres_async_state las; - struct lwres_async_state *plas; - struct timeval timeout; - fd_set readfds; - int sock; - - ret = lwres_async_init(&ctx); - if(ret != ERRSET_SUCCESS) { - return(ret); - } - - ret = lwres_getrrsetbyname_init(hostname, rdclass, - rdtype, flags, - ctx, &las); - - if(ret != ERRSET_SUCCESS) { - return ret; - } - - again: - - lwres_getrrsetbyname_xmit(ctx, &las); - timeout.tv_sec = lwres_async_timeout(ctx); - sock = lwres_async_fd(ctx); - - FD_ZERO(&readfds); - FD_SET(sock, &readfds); - ret2 = select(sock + 1, &readfds, NULL, NULL, &timeout); - - /* - * What happened with select? - */ - if (ret2 < 0) { - ret = LWRES_R_IOERROR; - goto out3; - } - if (ret2 == 0) { - ret = LWRES_R_TIMEOUT; - goto out3; - } - - ret = lwres_getrrsetbyname_read(&plas, ctx, res); - if(ret == LWRES_R_RETRY) { - /* XXX retransmit */ - goto again; - } - - out3: - /* clean stuff up */ - - out: - if (ctx != NULL) - lwres_context_destroy(&ctx); - - return ret; -} - diff --git a/lib/liblwres/herror.c b/lib/liblwres/herror.c deleted file mode 100644 index 7a8bcb2bd..000000000 --- a/lib/liblwres/herror.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Portions Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Copyright (c) 1987, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static const char sccsid[] = "@(#)herror.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = - "$Id: herror.c,v 1.1 2004/03/15 20:35:25 as Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -#include - -#include -#include - -LIBLWRES_EXTERNAL_DATA int lwres_h_errno; - -/* - * these have never been declared in any header file so make them static - */ - -static const char *h_errlist[] = { - "Resolver Error 0 (no error)", - "Unknown host", /* 1 HOST_NOT_FOUND */ - "Host name lookup failure", /* 2 TRY_AGAIN */ - "Unknown server error", /* 3 NO_RECOVERY */ - "No address associated with name", /* 4 NO_ADDRESS */ -}; - -static int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] }; - - -/* - * herror -- - * print the error indicated by the h_errno value. - */ -void -lwres_herror(const char *s) { - fprintf(stderr, "%s: %s\n", s, lwres_hstrerror(lwres_h_errno)); -} - -/* - * hstrerror -- - * return the string associated with a given "host" errno value. - */ -const char * -lwres_hstrerror(int err) { - if (err < 0) - return ("Resolver internal error"); - else if (err < h_nerr) - return (h_errlist[err]); - return ("Unknown resolver error"); -} diff --git a/lib/liblwres/include/lwres/async.h b/lib/liblwres/include/lwres/async.h deleted file mode 100644 index 6715afaed..000000000 --- a/lib/liblwres/include/lwres/async.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (C) 2003 Michael Richardson - * Contributed by Michael Richardson while working - * on the Linux FreeS/WAN project in 2003. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: async.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_ASYNC_H -#define LWRES_ASYNC_H 1 - -#include - -/* - * support for asynchronous requests to lwres port - */ -struct lwres_async_state { - struct lwres_async_state *next; - - lwres_buffer_t b_in, b_out; - lwres_uint32_t serial; - int opcode; - - int (*callback)(void *uctx, struct rrsetinfo *res); - void *uctx; -}; - - - -/* - * The calls for asynchronous requests. - */ - -int lwres_async_init(lwres_context_t **pctx); - -int lwres_getrrsetbyname_init(const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, - lwres_context_t *ctx, - struct lwres_async_state *las); - -int lwres_getrrsetbyname_xmit(lwres_context_t *ctx, - struct lwres_async_state *las); - -unsigned long lwres_async_timeout(lwres_context_t *ctx); - -int lwres_async_fd(lwres_context_t *ctx); - -int lwres_getrrsetbyname_read(struct lwres_async_state **plas, - lwres_context_t *ctx, - struct rrsetinfo **res); - -int lwres_getrrsetbyname_async(const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, - struct rrsetinfo **res); - -#endif /* LWRES_ASYNC_H */ - - - - - - - - - diff --git a/lib/liblwres/include/lwres/context.h b/lib/liblwres/include/lwres/context.h deleted file mode 100644 index 55ca3c7fb..000000000 --- a/lib/liblwres/include/lwres/context.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: context.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_CONTEXT_H -#define LWRES_CONTEXT_H 1 - -#include - -#include -#include -#include - -/* - * Used to set various options such as timeout, authentication, etc - */ -typedef struct lwres_context lwres_context_t; - -LWRES_LANG_BEGINDECLS - -typedef void *(*lwres_malloc_t)(void *arg, size_t length); -typedef void (*lwres_free_t)(void *arg, void *mem, size_t length); - -/* - * XXXMLG - * - * Make the server reload /etc/resolv.conf periodically. - * - * Make the server do sortlist/searchlist. - * - * Client side can disable the search/sortlist processing. - * - * Use an array of addresses/masks and searchlist for client-side, and - * if added to the client disable the processing on the server. - * - * Share /etc/resolv.conf data between contexts. - */ - -/* - * _SERVERMODE - * Don't allocate and connect a socket to the server, since the - * caller _is_ a server. - */ -#define LWRES_CONTEXT_SERVERMODE 0x00000001U - -lwres_result_t -lwres_context_create(lwres_context_t **contextp, void *arg, - lwres_malloc_t malloc_function, - lwres_free_t free_function, - unsigned int flags); -/* - * Allocate a lwres context. This is used in all lwres calls. - * - * Memory management can be replaced here by passing in two functions. - * If one is non-NULL, they must both be non-NULL. "arg" is passed to - * these functions. - * - * Contexts are not thread safe. Document at the top of the file. - * XXXMLG - * - * If they are NULL, the standard malloc() and free() will be used. - * - * Requires: - * - * contextp != NULL && contextp == NULL. - * - * Returns: - * - * Returns 0 on success, non-zero on failure. - */ - -void -lwres_context_destroy(lwres_context_t **contextp); -/* - * Frees all memory associated with a lwres context. - * - * Requires: - * - * contextp != NULL && contextp == NULL. - */ - -lwres_uint32_t -lwres_context_nextserial(lwres_context_t *ctx); -/* - * XXXMLG Document - */ - -void -lwres_context_initserial(lwres_context_t *ctx, lwres_uint32_t serial); - -void -lwres_context_freemem(lwres_context_t *ctx, void *mem, size_t len); - -void * -lwres_context_allocmem(lwres_context_t *ctx, size_t len); - -int -lwres_context_getsocket(lwres_context_t *ctx); - -lwres_result_t -lwres_context_send(lwres_context_t *ctx, - void *sendbase, int sendlen); - -lwres_result_t -lwres_context_recv(lwres_context_t *ctx, - void *recvbase, int recvlen, - int *recvd_len); - -lwres_result_t -lwres_context_sendrecv(lwres_context_t *ctx, - void *sendbase, int sendlen, - void *recvbase, int recvlen, - int *recvd_len); - -LWRES_LANG_ENDDECLS - -#endif /* LWRES_CONTEXT_H */ - diff --git a/lib/liblwres/include/lwres/int.h b/lib/liblwres/include/lwres/int.h deleted file mode 100644 index 470372e77..000000000 --- a/lib/liblwres/include/lwres/int.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: int.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_INT_H -#define LWRES_INT_H 1 - -typedef char lwres_int8_t; -typedef unsigned char lwres_uint8_t; -typedef short lwres_int16_t; -typedef unsigned short lwres_uint16_t; -typedef int lwres_int32_t; -typedef unsigned int lwres_uint32_t; -typedef long long lwres_int64_t; -typedef unsigned long long lwres_uint64_t; - -#endif /* LWRES_INT_H */ diff --git a/lib/liblwres/include/lwres/ipv6.h b/lib/liblwres/include/lwres/ipv6.h deleted file mode 100644 index ee7bc0743..000000000 --- a/lib/liblwres/include/lwres/ipv6.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: ipv6.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_IPV6_H -#define LWRES_IPV6_H 1 - -/***** - ***** Module Info - *****/ - -/* - * IPv6 definitions for systems which do not support IPv6. - */ - -/*** - *** Imports. - ***/ - -#include -#include - -/*** - *** Types. - ***/ - -struct in6_addr { - union { - lwres_uint8_t _S6_u8[16]; - lwres_uint16_t _S6_u16[8]; - lwres_uint32_t _S6_u32[4]; - } _S6_un; -}; -#define s6_addr _S6_un._S6_u8 -#define s6_addr8 _S6_un._S6_u8 -#define s6_addr16 _S6_un._S6_u16 -#define s6_addr32 _S6_un._S6_u32 - -#define IN6ADDR_ANY_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }}} -#define IN6ADDR_LOOPBACK_INIT {{{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }}} - -LIBLWRES_EXTERNAL_DATA extern const struct in6_addr in6addr_any; -LIBLWRES_EXTERNAL_DATA extern const struct in6_addr in6addr_loopback; - -struct sockaddr_in6 { -#ifdef LWRES_PLATFORM_HAVESALEN - lwres_uint8_t sin6_len; - lwres_uint8_t sin6_family; -#else - lwres_uint16_t sin6_family; -#endif - lwres_uint16_t sin6_port; - lwres_uint32_t sin6_flowinfo; - struct in6_addr sin6_addr; - lwres_uint32_t sin6_scope_id; -}; - -#ifdef LWRES_PLATFORM_HAVESALEN -#define SIN6_LEN 1 -#endif - -struct in6_pktinfo { - struct in6_addr ipi6_addr; /* src/dst IPv6 address */ - unsigned int ipi6_ifindex; /* send/recv interface index */ -}; - -/* - * Unspecified - */ -#define IN6_IS_ADDR_UNSPECIFIED(a) \ - (((a)->s6_addr32[0] == 0) && \ - ((a)->s6_addr32[1] == 0) && \ - ((a)->s6_addr32[2] == 0) && \ - ((a)->s6_addr32[3] == 0)) - -/* - * Loopback - */ -#define IN6_IS_ADDR_LOOPBACK(a) \ - (((a)->s6_addr32[0] == 0) && \ - ((a)->s6_addr32[1] == 0) && \ - ((a)->s6_addr32[2] == 0) && \ - ((a)->s6_addr32[3] == htonl(1))) - -/* - * IPv4 compatible - */ -#define IN6_IS_ADDR_V4COMPAT(a) \ - (((a)->s6_addr32[0] == 0) && \ - ((a)->s6_addr32[1] == 0) && \ - ((a)->s6_addr32[2] == 0) && \ - ((a)->s6_addr32[3] != 0) && \ - ((a)->s6_addr32[3] != htonl(1))) - -/* - * Mapped - */ -#define IN6_IS_ADDR_V4MAPPED(a) \ - (((a)->s6_addr32[0] == 0) && \ - ((a)->s6_addr32[1] == 0) && \ - ((a)->s6_addr32[2] == htonl(0x0000ffff))) - -#endif /* LWRES_IPV6_H */ diff --git a/lib/liblwres/include/lwres/lang.h b/lib/liblwres/include/lwres/lang.h deleted file mode 100644 index 1de35fd91..000000000 --- a/lib/liblwres/include/lwres/lang.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lang.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_LANG_H -#define LWRES_LANG_H 1 - -#ifdef __cplusplus -#define LWRES_LANG_BEGINDECLS extern "C" { -#define LWRES_LANG_ENDDECLS } -#else -#define LWRES_LANG_BEGINDECLS -#define LWRES_LANG_ENDDECLS -#endif - -#endif /* LWRES_LANG_H */ diff --git a/lib/liblwres/include/lwres/list.h b/lib/liblwres/include/lwres/list.h deleted file mode 100644 index e90a1b55a..000000000 --- a/lib/liblwres/include/lwres/list.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (C) 1997-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: list.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_LIST_H -#define LWRES_LIST_H 1 - -#define LWRES_LIST(type) struct { type *head, *tail; } -#define LWRES_LIST_INIT(list) \ - do { (list).head = NULL; (list).tail = NULL; } while (0) - -#define LWRES_LINK(type) struct { type *prev, *next; } -#define LWRES_LINK_INIT(elt, link) \ - do { \ - (elt)->link.prev = (void *)(-1); \ - (elt)->link.next = (void *)(-1); \ - } while (0) -#define LWRES_LINK_LINKED(elt, link) \ - ((void *)((elt)->link.prev) != (void *)(-1)) - -#define LWRES_LIST_HEAD(list) ((list).head) -#define LWRES_LIST_TAIL(list) ((list).tail) -#define LWRES_LIST_EMPTY(list) LWRES_TF((list).head == NULL) - -#define LWRES_LIST_PREPEND(list, elt, link) \ - do { \ - if ((list).head != NULL) \ - (list).head->link.prev = (elt); \ - else \ - (list).tail = (elt); \ - (elt)->link.prev = NULL; \ - (elt)->link.next = (list).head; \ - (list).head = (elt); \ - } while (0) - -#define LWRES_LIST_APPEND(list, elt, link) \ - do { \ - if ((list).tail != NULL) \ - (list).tail->link.next = (elt); \ - else \ - (list).head = (elt); \ - (elt)->link.prev = (list).tail; \ - (elt)->link.next = NULL; \ - (list).tail = (elt); \ - } while (0) - -#define LWRES_LIST_UNLINK(list, elt, link) \ - do { \ - if ((elt)->link.next != NULL) \ - (elt)->link.next->link.prev = (elt)->link.prev; \ - else \ - (list).tail = (elt)->link.prev; \ - if ((elt)->link.prev != NULL) \ - (elt)->link.prev->link.next = (elt)->link.next; \ - else \ - (list).head = (elt)->link.next; \ - (elt)->link.prev = (void *)(-1); \ - (elt)->link.next = (void *)(-1); \ - } while (0) - -#define LWRES_LIST_PREV(elt, link) ((elt)->link.prev) -#define LWRES_LIST_NEXT(elt, link) ((elt)->link.next) - -#define LWRES_LIST_INSERTBEFORE(list, before, elt, link) \ - do { \ - if ((before)->link.prev == NULL) \ - LWRES_LIST_PREPEND(list, elt, link); \ - else { \ - (elt)->link.prev = (before)->link.prev; \ - (before)->link.prev = (elt); \ - (elt)->link.prev->link.next = (elt); \ - (elt)->link.next = (before); \ - } \ - } while (0) - -#define LWRES_LIST_INSERTAFTER(list, after, elt, link) \ - do { \ - if ((after)->link.next == NULL) \ - LWRES_LIST_APPEND(list, elt, link); \ - else { \ - (elt)->link.next = (after)->link.next; \ - (after)->link.next = (elt); \ - (elt)->link.next->link.prev = (elt); \ - (elt)->link.prev = (after); \ - } \ - } while (0) - -#define LWRES_LIST_APPENDLIST(list1, list2, link) \ - do { \ - if (LWRES_LIST_EMPTY(list1)) \ - (list1) = (list2); \ - else if (!LWRES_LIST_EMPTY(list2)) { \ - (list1).tail->link.next = (list2).head; \ - (list2).head->link.prev = (list1).tail; \ - (list1).tail = (list2).tail; \ - } \ - (list2).head = NULL; \ - (list2).tail = NULL; \ - } while (0) - -#define LWRES_LIST_ENQUEUE(list, elt, link) LWRES_LIST_APPEND(list, elt, link) -#define LWRES_LIST_DEQUEUE(list, elt, link) LWRES_LIST_UNLINK(list, elt, link) - -#endif /* LWRES_LIST_H */ diff --git a/lib/liblwres/include/lwres/lwbuffer.h b/lib/liblwres/include/lwres/lwbuffer.h deleted file mode 100644 index 7486e8bc3..000000000 --- a/lib/liblwres/include/lwres/lwbuffer.h +++ /dev/null @@ -1,402 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwbuffer.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_LWBUFFER_H -#define LWRES_LWBUFFER_H 1 - -/***** - ***** Module Info - *****/ - -/* - * Buffers - * - * A buffer is a region of memory, together with a set of related subregions. - * Buffers are used for parsing and I/O operations. - * - * The 'used region' and the 'available' region are disjoint, and their - * union is the buffer's region. The used region extends from the beginning - * of the buffer region to the last used byte. The available region - * extends from one byte greater than the last used byte to the end of the - * buffer's region. The size of the used region can be changed using various - * buffer commands. Initially, the used region is empty. - * - * The used region is further subdivided into two disjoint regions: the - * 'consumed region' and the 'remaining region'. The union of these two - * regions is the used region. The consumed region extends from the beginning - * of the used region to the byte before the 'current' offset (if any). The - * 'remaining' region the current pointer to the end of the used - * region. The size of the consumed region can be changed using various - * buffer commands. Initially, the consumed region is empty. - * - * The 'active region' is an (optional) subregion of the remaining region. - * It extends from the current offset to an offset in the remaining region - * that is selected with lwres_buffer_setactive(). Initially, the active - * region is empty. If the current offset advances beyond the chosen offset, - * the active region will also be empty. - * - * /----- used region -----\/-- available --\ - * +----------------------------------------+ - * | consumed | remaining | | - * +----------------------------------------+ - * a b c d e - * - * a == base of buffer. - * b == current pointer. Can be anywhere between a and d. - * c == active pointer. Meaningful between b and d. - * d == used pointer. - * e == length of buffer. - * - * a-e == entire (length) of buffer. - * a-d == used region. - * a-b == consumed region. - * b-d == remaining region. - * b-c == optional active region. - * - * The following invariants are maintained by all routines: - * - * length > 0 - * - * base is a valid pointer to length bytes of memory - * - * 0 <= used <= length - * - * 0 <= current <= used - * - * 0 <= active <= used - * (although active < current implies empty active region) - * - * MP: - * Buffers have no synchronization. Clients must ensure exclusive - * access. - * - * Reliability: - * No anticipated impact. - * - * Resources: - * Memory: 1 pointer + 6 unsigned integers per buffer. - * - * Security: - * No anticipated impact. - * - * Standards: - * None. - */ - -/*** - *** Imports - ***/ - -#include -#include - -LWRES_LANG_BEGINDECLS - -/*** - *** Magic numbers - ***/ -#define LWRES_BUFFER_MAGIC 0x4275663fU /* Buf?. */ - -#define LWRES_BUFFER_VALID(b) ((b) != NULL && \ - (b)->magic == LWRES_BUFFER_MAGIC) - -/* - * The following macros MUST be used only on valid buffers. It is the - * caller's responsibility to ensure this by using the LWRES_BUFFER_VALID - * check above, or by calling another lwres_buffer_*() function (rather than - * another macro.) - */ - -/* - * Get the length of the used region of buffer "b" - */ -#define LWRES_BUFFER_USEDCOUNT(b) ((b)->used) - -/* - * Get the length of the available region of buffer "b" - */ -#define LWRES_BUFFER_AVAILABLECOUNT(b) ((b)->length - (b)->used) - -#define LWRES_BUFFER_REMAINING(b) ((b)->used - (b)->current) - -/* - * Note that the buffer structure is public. This is principally so buffer - * operations can be implemented using macros. Applications are strongly - * discouraged from directly manipulating the structure. - */ - -typedef struct lwres_buffer lwres_buffer_t; -struct lwres_buffer { - unsigned int magic; - unsigned char *base; - /* The following integers are byte offsets from 'base'. */ - unsigned int length; - unsigned int used; - unsigned int current; - unsigned int active; -}; - -/*** - *** Functions - ***/ - -void -lwres_buffer_init(lwres_buffer_t *b, void *base, unsigned int length); -/* - * Make 'b' refer to the 'length'-byte region starting at base. - * - * Requires: - * - * 'length' > 0 - * - * 'base' is a pointer to a sequence of 'length' bytes. - * - */ - -void -lwres_buffer_invalidate(lwres_buffer_t *b); -/* - * Make 'b' an invalid buffer. - * - * Requires: - * 'b' is a valid buffer. - * - * Ensures: - * If assertion checking is enabled, future attempts to use 'b' without - * calling lwres_buffer_init() on it will cause an assertion failure. - */ - -void -lwres_buffer_add(lwres_buffer_t *b, unsigned int n); -/* - * Increase the 'used' region of 'b' by 'n' bytes. - * - * Requires: - * - * 'b' is a valid buffer - * - * used + n <= length - * - */ - -void -lwres_buffer_subtract(lwres_buffer_t *b, unsigned int n); -/* - * Decrease the 'used' region of 'b' by 'n' bytes. - * - * Requires: - * - * 'b' is a valid buffer - * - * used >= n - * - */ - -void -lwres_buffer_clear(lwres_buffer_t *b); -/* - * Make the used region empty. - * - * Requires: - * - * 'b' is a valid buffer - * - * Ensures: - * - * used = 0 - * - */ - -void -lwres_buffer_first(lwres_buffer_t *b); -/* - * Make the consumed region empty. - * - * Requires: - * - * 'b' is a valid buffer - * - * Ensures: - * - * current == 0 - * - */ - -void -lwres_buffer_forward(lwres_buffer_t *b, unsigned int n); -/* - * Increase the 'consumed' region of 'b' by 'n' bytes. - * - * Requires: - * - * 'b' is a valid buffer - * - * current + n <= used - * - */ - -void -lwres_buffer_back(lwres_buffer_t *b, unsigned int n); -/* - * Decrease the 'consumed' region of 'b' by 'n' bytes. - * - * Requires: - * - * 'b' is a valid buffer - * - * n <= current - * - */ - -lwres_uint8_t -lwres_buffer_getuint8(lwres_buffer_t *b); -/* - * Read an unsigned 8-bit integer from 'b' and return it. - * - * Requires: - * - * 'b' is a valid buffer. - * - * The length of the available region of 'b' is at least 1. - * - * Ensures: - * - * The current pointer in 'b' is advanced by 1. - * - * Returns: - * - * A 8-bit unsigned integer. - */ - -void -lwres_buffer_putuint8(lwres_buffer_t *b, lwres_uint8_t val); -/* - * Store an unsigned 8-bit integer from 'val' into 'b'. - * - * Requires: - * 'b' is a valid buffer. - * - * The length of the unused region of 'b' is at least 1. - * - * Ensures: - * The used pointer in 'b' is advanced by 1. - */ - -lwres_uint16_t -lwres_buffer_getuint16(lwres_buffer_t *b); -/* - * Read an unsigned 16-bit integer in network byte order from 'b', convert - * it to host byte order, and return it. - * - * Requires: - * - * 'b' is a valid buffer. - * - * The length of the available region of 'b' is at least 2. - * - * Ensures: - * - * The current pointer in 'b' is advanced by 2. - * - * Returns: - * - * A 16-bit unsigned integer. - */ - -void -lwres_buffer_putuint16(lwres_buffer_t *b, lwres_uint16_t val); -/* - * Store an unsigned 16-bit integer in host byte order from 'val' - * into 'b' in network byte order. - * - * Requires: - * 'b' is a valid buffer. - * - * The length of the unused region of 'b' is at least 2. - * - * Ensures: - * The used pointer in 'b' is advanced by 2. - */ - -lwres_uint32_t -lwres_buffer_getuint32(lwres_buffer_t *b); -/* - * Read an unsigned 32-bit integer in network byte order from 'b', convert - * it to host byte order, and return it. - * - * Requires: - * - * 'b' is a valid buffer. - * - * The length of the available region of 'b' is at least 2. - * - * Ensures: - * - * The current pointer in 'b' is advanced by 2. - * - * Returns: - * - * A 32-bit unsigned integer. - */ - -void -lwres_buffer_putuint32(lwres_buffer_t *b, lwres_uint32_t val); -/* - * Store an unsigned 32-bit integer in host byte order from 'val' - * into 'b' in network byte order. - * - * Requires: - * 'b' is a valid buffer. - * - * The length of the unused region of 'b' is at least 4. - * - * Ensures: - * The used pointer in 'b' is advanced by 4. - */ - -void -lwres_buffer_putmem(lwres_buffer_t *b, const unsigned char *base, - unsigned int length); -/* - * Copy 'length' bytes of memory at 'base' into 'b'. - * - * Requires: - * 'b' is a valid buffer. - * - * 'base' points to 'length' bytes of valid memory. - * - */ - -void -lwres_buffer_getmem(lwres_buffer_t *b, unsigned char *base, - unsigned int length); -/* - * Copy 'length' bytes of memory from 'b' into 'base'. - * - * Requires: - * 'b' is a valid buffer. - * - * 'base' points to at least 'length' bytes of valid memory. - * - * 'b' have at least 'length' bytes remaining. - */ - -LWRES_LANG_ENDDECLS - -#endif /* LWRES_LWBUFFER_H */ diff --git a/lib/liblwres/include/lwres/lwpacket.h b/lib/liblwres/include/lwres/lwpacket.h deleted file mode 100644 index a0d216e57..000000000 --- a/lib/liblwres/include/lwres/lwpacket.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (C) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwpacket.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_LWPACKET_H -#define LWRES_LWPACKET_H 1 - -#include -#include -#include - -typedef struct lwres_lwpacket lwres_lwpacket_t; - -struct lwres_lwpacket { - lwres_uint32_t length; - lwres_uint16_t version; - lwres_uint16_t pktflags; - lwres_uint32_t serial; - lwres_uint32_t opcode; - lwres_uint32_t result; - lwres_uint32_t recvlength; - lwres_uint16_t authtype; - lwres_uint16_t authlength; -}; - -#define LWRES_LWPACKET_LENGTH (4 * 5 + 2 * 4) - -#define LWRES_LWPACKETFLAG_RESPONSE 0x0001U /* if set, pkt is a response */ - - -#define LWRES_LWPACKETVERSION_0 0 - -/* - * "length" is the overall packet length, including the entire packet header. - * - * "version" specifies the header format. Currently, there is only one - * format, LWRES_LWPACKETVERSION_0. - * - * "flags" specifies library-defined flags for this packet. None of these - * are definable by the caller, but library-defined values can be set by - * the caller. For example, one bit in this field indicates if the packet - * is a request or a response. - * - * "serial" is set by the requestor and is returned in all replies. If two - * packets from the same source have the same serial number and are from - * the same source, they are assumed to be duplicates and the latter ones - * may be dropped. (The library does not do this by default on replies, but - * does so on requests.) - * - * "opcode" is application defined. Opcodes between 0x04000000 and 0xffffffff - * are application defined. Opcodes between 0x00000000 and 0x03ffffff are - * reserved for library use. - * - * "result" is application defined, and valid only on replies. - * Results between 0x04000000 and 0xffffffff are application defined. - * Results between 0x00000000 and 0x03ffffff are reserved for library use. - * (This is the same reserved range defined in , so it - * would be trivial to map ISC_R_* result codes into packet result codes - * when appropriate.) - * - * "recvlength" is set to the maximum buffer size that the receiver can - * handle on requests, and the size of the buffer needed to satisfy a request - * when the buffer is too large for replies. - * - * "authtype" is the packet level auth type used. - * Authtypes between 0x1000 and 0xffff are application defined. Authtypes - * between 0x0000 and 0x0fff are reserved for library use. This is currently - * unused and MUST be set to zero. - * - * "authlen" is the length of the authentication data. See the specific - * authtypes for more information on what is contained in this field. This - * is currently unused, and MUST be set to zero. - * - * The remainder of the packet consists of two regions, one described by - * "authlen" and one of "length - authlen - sizeof(lwres_lwpacket_t)". - * - * That is: - * - * pkt header - * authlen bytes of auth information - * data bytes - */ - -/* - * Currently defined opcodes: - * - * NOOP. Success is always returned, with the packet contents echoed. - * - * GETADDRSBYNAME. Return all known addresses for a given name. - * This may return NIS or /etc/hosts info as well as DNS - * information. Flags will be provided to indicate ip4/ip6 - * addresses are desired. - * - * GETNAMEBYADDR. Return the hostname for the given address. Once - * again, it will return data from multiple sources. - */ - -LWRES_LANG_BEGINDECLS - -/* XXXMLG document */ -lwres_result_t -lwres_lwpacket_renderheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt); - -lwres_result_t -lwres_lwpacket_parseheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt); - -LWRES_LANG_ENDDECLS - -#endif /* LWRES_LWPACKET_H */ diff --git a/lib/liblwres/include/lwres/lwres.h b/lib/liblwres/include/lwres/lwres.h deleted file mode 100644 index e819c8b68..000000000 --- a/lib/liblwres/include/lwres/lwres.h +++ /dev/null @@ -1,584 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwres.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_LWRES_H -#define LWRES_LWRES_H 1 - -#include - -#include -#include -#include -#include - -/* - * Design notes: - * - * Each opcode has two structures and three functions which operate on each - * structure. For example, using the "no operation/ping" opcode as an - * example: - * - * lwres_nooprequest_t: - * - * lwres_nooprequest_render() takes a lwres_nooprequest_t and - * and renders it into wire format, storing the allocated - * buffer information in a passed-in buffer. When this buffer - * is no longer needed, it must be freed by - * lwres_context_freemem(). All other memory used by the - * caller must be freed manually, including the - * lwres_nooprequest_t passed in. - * - * lwres_nooprequest_parse() takes a wire format message and - * breaks it out into a lwres_nooprequest_t. The structure - * must be freed via lwres_nooprequest_free() when it is no longer - * needed. - * - * lwres_nooprequest_free() releases into the lwres_context_t - * any space allocated during parsing. - * - * lwres_noopresponse_t: - * - * The functions used are similar to the three used for - * requests, just with different names. - * - * Typically, the client will use request_render, response_parse, and - * response_free, while the daemon will use request_parse, response_render, - * and request_free. - * - * The basic flow of a typical client is: - * - * fill in a request_t, and call the render function. - * - * Transmit the buffer returned to the daemon. - * - * Wait for a response. - * - * When a response is received, parse it into a response_t. - * - * free the request buffer using lwres_context_freemem(). - * - * free the response structure and its associated buffer using - * response_free(). - */ - -#define LWRES_UDP_PORT 921 -#define LWRES_RECVLENGTH 16384 -#define LWRES_ADDR_MAXLEN 16 /* changing this breaks ABI */ -#define LWRES_RESOLV_CONF "/etc/resolv.conf" - -/* - * Flags. - * - * These flags are only relevant to rrset queries. - * - * TRUSTNOTREQUIRED: DNSSEC is not required (input) - * SECUREDATA: The data was crypto-verified with DNSSEC (output) - * - */ -#define LWRES_FLAG_TRUSTNOTREQUIRED 0x00000001U -#define LWRES_FLAG_SECUREDATA 0x00000002U - -/* - * no-op - */ -#define LWRES_OPCODE_NOOP 0x00000000U - -typedef struct { - /* public */ - lwres_uint16_t datalength; - unsigned char *data; -} lwres_nooprequest_t; - -typedef struct { - /* public */ - lwres_uint16_t datalength; - unsigned char *data; -} lwres_noopresponse_t; - -/* - * get addresses by name - */ -#define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U - -typedef struct lwres_addr lwres_addr_t; -typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t; - -struct lwres_addr { - lwres_uint32_t family; - lwres_uint16_t length; - unsigned char address[LWRES_ADDR_MAXLEN]; - LWRES_LINK(lwres_addr_t) link; -}; - -typedef struct { - /* public */ - lwres_uint32_t flags; - lwres_uint32_t addrtypes; - lwres_uint16_t namelen; - char *name; -} lwres_gabnrequest_t; - -typedef struct { - /* public */ - lwres_uint32_t flags; - lwres_uint16_t naliases; - lwres_uint16_t naddrs; - char *realname; - char **aliases; - lwres_uint16_t realnamelen; - lwres_uint16_t *aliaslen; - lwres_addrlist_t addrs; - /* if base != NULL, it will be freed when this structure is freed. */ - void *base; - size_t baselen; -} lwres_gabnresponse_t; - -/* - * get name by address - */ -#define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U -typedef struct { - /* public */ - lwres_uint32_t flags; - lwres_addr_t addr; -} lwres_gnbarequest_t; - -typedef struct { - /* public */ - lwres_uint32_t flags; - lwres_uint16_t naliases; - char *realname; - char **aliases; - lwres_uint16_t realnamelen; - lwres_uint16_t *aliaslen; - /* if base != NULL, it will be freed when this structure is freed. */ - void *base; - size_t baselen; -} lwres_gnbaresponse_t; - -/* - * get rdata by name - */ -#define LWRES_OPCODE_GETRDATABYNAME 0x00010003U - -typedef struct { - /* public */ - lwres_uint32_t flags; - lwres_uint16_t rdclass; - lwres_uint16_t rdtype; - lwres_uint16_t namelen; - char *name; -} lwres_grbnrequest_t; - -typedef struct { - /* public */ - lwres_uint32_t flags; - lwres_uint16_t rdclass; - lwres_uint16_t rdtype; - lwres_uint32_t ttl; - lwres_uint16_t nrdatas; - lwres_uint16_t nsigs; - char *realname; - lwres_uint16_t realnamelen; - unsigned char **rdatas; - lwres_uint16_t *rdatalen; - unsigned char **sigs; - lwres_uint16_t *siglen; - /* if base != NULL, it will be freed when this structure is freed. */ - void *base; - size_t baselen; -} lwres_grbnresponse_t; - -#define LWRDATA_VALIDATED 0x00000001 - -/* - * resolv.conf data - */ - -#define LWRES_CONFMAXNAMESERVERS 3 /* max 3 "nameserver" entries */ -#define LWRES_CONFMAXLWSERVERS 1 /* max 1 "lwserver" entry */ -#define LWRES_CONFMAXSEARCH 8 /* max 8 domains in "search" entry */ -#define LWRES_CONFMAXLINELEN 256 /* max size of a line */ -#define LWRES_CONFMAXSORTLIST 10 -typedef struct { - lwres_context_t *lwctx; - lwres_addr_t nameservers[LWRES_CONFMAXNAMESERVERS]; - lwres_uint8_t nsnext; /* index for next free slot */ - - lwres_addr_t lwservers[LWRES_CONFMAXLWSERVERS]; - lwres_uint8_t lwnext; /* index for next free slot */ - - char *domainname; - - char *search[LWRES_CONFMAXSEARCH]; - lwres_uint8_t searchnxt; /* index for next free slot */ - - struct { - lwres_addr_t addr; - /* mask has a non-zero 'family' and 'length' if set */ - lwres_addr_t mask; - } sortlist[LWRES_CONFMAXSORTLIST]; - lwres_uint8_t sortlistnxt; - - lwres_uint8_t resdebug; /* non-zero if 'options debug' set */ - lwres_uint8_t ndots; /* set to n in 'options ndots:n' */ - lwres_uint8_t no_tld_query; /* non-zero if 'options no_tld_query' */ -} lwres_conf_t; - -#define LWRES_ADDRTYPE_V4 0x00000001U /* ipv4 */ -#define LWRES_ADDRTYPE_V6 0x00000002U /* ipv6 */ - -#define LWRES_MAX_ALIASES 16 /* max # of aliases */ -#define LWRES_MAX_ADDRS 64 /* max # of addrs */ - -LWRES_LANG_BEGINDECLS - -/* - * This is in host byte order. - */ -extern lwres_uint16_t lwres_udp_port; - -extern const char *lwres_resolv_conf; - -lwres_result_t -lwres_gabnrequest_render(lwres_context_t *ctx, lwres_gabnrequest_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b); - -lwres_result_t -lwres_gabnresponse_render(lwres_context_t *ctx, lwres_gabnresponse_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b); - -lwres_result_t -lwres_gabnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_gabnrequest_t **structp); - -lwres_result_t -lwres_gabnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, - lwres_gabnresponse_t **structp); - -void -lwres_gabnrequest_free(lwres_context_t *ctx, lwres_gabnrequest_t **structp); -/* - * Frees any dynamically allocated memory for this structure. - * - * Requires: - * - * ctx != NULL, and be a context returned via lwres_contextcreate(). - * - * structp != NULL && *structp != NULL. - * - * Ensures: - * - * *structp == NULL. - * - * All memory allocated by this structure will be returned to the - * system via the context's free function. - */ - -void -lwres_gabnresponse_free(lwres_context_t *ctx, lwres_gabnresponse_t **structp); -/* - * Frees any dynamically allocated memory for this structure. - * - * Requires: - * - * ctx != NULL, and be a context returned via lwres_contextcreate(). - * - * structp != NULL && *structp != NULL. - * - * Ensures: - * - * *structp == NULL. - * - * All memory allocated by this structure will be returned to the - * system via the context's free function. - */ - - -lwres_result_t -lwres_gnbarequest_render(lwres_context_t *ctx, lwres_gnbarequest_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b); - -lwres_result_t -lwres_gnbaresponse_render(lwres_context_t *ctx, lwres_gnbaresponse_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b); - -lwres_result_t -lwres_gnbarequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_gnbarequest_t **structp); - -lwres_result_t -lwres_gnbaresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, - lwres_gnbaresponse_t **structp); - -void -lwres_gnbarequest_free(lwres_context_t *ctx, lwres_gnbarequest_t **structp); -/* - * Frees any dynamically allocated memory for this structure. - * - * Requires: - * - * ctx != NULL, and be a context returned via lwres_contextcreate(). - * - * structp != NULL && *structp != NULL. - * - * Ensures: - * - * *structp == NULL. - * - * All memory allocated by this structure will be returned to the - * system via the context's free function. - */ - -void -lwres_gnbaresponse_free(lwres_context_t *ctx, lwres_gnbaresponse_t **structp); -/* - * Frees any dynamically allocated memory for this structure. - * - * Requires: - * - * ctx != NULL, and be a context returned via lwres_contextcreate(). - * - * structp != NULL && *structp != NULL. - * - * Ensures: - * - * *structp == NULL. - * - * All memory allocated by this structure will be returned to the - * system via the context's free function. - */ - -lwres_result_t -lwres_grbnrequest_render(lwres_context_t *ctx, lwres_grbnrequest_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b); - -lwres_result_t -lwres_grbnresponse_render(lwres_context_t *ctx, lwres_grbnresponse_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b); - -lwres_result_t -lwres_grbnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_grbnrequest_t **structp); - -lwres_result_t -lwres_grbnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, - lwres_grbnresponse_t **structp); - -void -lwres_grbnrequest_free(lwres_context_t *ctx, lwres_grbnrequest_t **structp); -/* - * Frees any dynamically allocated memory for this structure. - * - * Requires: - * - * ctx != NULL, and be a context returned via lwres_contextcreate(). - * - * structp != NULL && *structp != NULL. - * - * Ensures: - * - * *structp == NULL. - * - * All memory allocated by this structure will be returned to the - * system via the context's free function. - */ - -void -lwres_grbnresponse_free(lwres_context_t *ctx, lwres_grbnresponse_t **structp); -/* - * Frees any dynamically allocated memory for this structure. - * - * Requires: - * - * ctx != NULL, and be a context returned via lwres_contextcreate(). - * - * structp != NULL && *structp != NULL. - * - * Ensures: - * - * *structp == NULL. - * - * All memory allocated by this structure will be returned to the - * system via the context's free function. - */ - -lwres_result_t -lwres_nooprequest_render(lwres_context_t *ctx, lwres_nooprequest_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b); -/* - * Allocate space and render into wire format a noop request packet. - * - * Requires: - * - * ctx != NULL, and be a context returned via lwres_contextcreate(). - * - * b != NULL, and points to a lwres_buffer_t. The contents of the - * buffer structure will be initialized to contain the wire-format - * noop request packet. - * - * Caller needs to fill in parts of "pkt" before calling: - * serial, maxrecv, result. - * - * Returns: - * - * Returns 0 on success, non-zero on failure. - * - * On successful return, *b will contain data about the wire-format - * packet. It can be transmitted in any way, including lwres_sendblock(). - */ - -lwres_result_t -lwres_noopresponse_render(lwres_context_t *ctx, lwres_noopresponse_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b); - -lwres_result_t -lwres_nooprequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_nooprequest_t **structp); -/* - * Parse a noop request. Note that to get here, the lwpacket must have - * already been parsed and removed by the caller, otherwise it would be - * pretty hard for it to know this is the right function to call. - * - * The function verifies bits of the header, but does not modify it. - */ - -lwres_result_t -lwres_noopresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, - lwres_noopresponse_t **structp); - -void -lwres_nooprequest_free(lwres_context_t *ctx, lwres_nooprequest_t **structp); - -void -lwres_noopresponse_free(lwres_context_t *ctx, lwres_noopresponse_t **structp); - -/* - * Frees any dynamically allocated memory for this structure. - * - * Requires: - * - * ctx != NULL, and be a context returned via lwres_contextcreate(). - * - * structp != NULL && *structp != NULL. - * - * Ensures: - * - * *structp == NULL. - * - * All memory allocated by this structure will be returned to the - * system via the context's free function. - */ - -lwres_result_t -lwres_conf_parse(lwres_context_t *ctx, const char *filename); -/* - * parses a resolv.conf-format file and stores the results in the structure - * pointed to by *ctx. - * - * Requires: - * ctx != NULL - * filename != NULL && strlen(filename) > 0 - * - * Returns: - * LWRES_R_SUCCESS on a successful parse. - * Anything else on error, although the structure may be partially filled - * in. - */ - -lwres_result_t -lwres_conf_print(lwres_context_t *ctx, FILE *fp); -/* - * Prints a resolv.conf-format of confdata output to fp. - * - * Requires: - * ctx != NULL - */ - -void -lwres_conf_init(lwres_context_t *ctx); -/* - * sets all internal fields to a default state. Used to initialize a new - * lwres_conf_t structure (not reset a used on). - * - * Requires: - * ctx != NULL - */ - -void -lwres_conf_clear(lwres_context_t *ctx); -/* - * frees all internally allocated memory in confdata. Uses the memory - * routines supplied by ctx. - * - * Requires: - * ctx != NULL - */ - -lwres_conf_t * -lwres_conf_get(lwres_context_t *ctx); -/* - * returns a pointer to the current config structure. - * Be extremely cautions in modifying the contents of this structure; it - * needs an API to return the various bits of data, walk lists, etc. - * - * Requires: - * ctx != NULL - */ - -/* - * Helper functions - */ - -lwres_result_t -lwres_data_parse(lwres_buffer_t *b, unsigned char **p, lwres_uint16_t *len); - -lwres_result_t -lwres_string_parse(lwres_buffer_t *b, char **c, lwres_uint16_t *len); - -lwres_result_t -lwres_addr_parse(lwres_buffer_t *b, lwres_addr_t *addr); - -lwres_result_t -lwres_getaddrsbyname(lwres_context_t *ctx, const char *name, - lwres_uint32_t addrtypes, lwres_gabnresponse_t **structp); - -lwres_result_t -lwres_getnamebyaddr(lwres_context_t *ctx, lwres_uint32_t addrtype, - lwres_uint16_t addrlen, const unsigned char *addr, - lwres_gnbaresponse_t **structp); - -lwres_result_t -lwres_getrdatabyname(lwres_context_t *ctx, const char *name, - lwres_uint16_t rdclass, lwres_uint16_t rdtype, - lwres_uint32_t flags, lwres_grbnresponse_t **structp); - -lwres_result_t -lwres_getaddrsbyname_setup(lwres_context_t *ctx, const char *name, - lwres_uint32_t addrtypes, lwres_gabnresponse_t **structp); - - - -LWRES_LANG_ENDDECLS - -#endif /* LWRES_LWRES_H */ diff --git a/lib/liblwres/include/lwres/netdb.h b/lib/liblwres/include/lwres/netdb.h deleted file mode 100644 index 2391d31fb..000000000 --- a/lib/liblwres/include/lwres/netdb.h +++ /dev/null @@ -1,522 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: netdb.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_NETDB_H -#define LWRES_NETDB_H 1 - -#include /* Required on FreeBSD (and others?) for size_t. */ -#include /* Contractual provision. */ - -#include - -/* - * Define if does not declare struct addrinfo. - */ -#undef ISC_LWRES_NEEDADDRINFO - -#ifdef ISC_LWRES_NEEDADDRINFO -struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* Length of ai_addr */ - char *ai_canonname; /* Canonical name for hostname */ - struct sockaddr *ai_addr; /* Binary address */ - struct addrinfo *ai_next; /* Next structure in linked list */ -}; -#endif - -/* - * Undefine all #defines we are interested in as may or may not have - * defined them. - */ - -/* - * Error return codes from gethostbyname() and gethostbyaddr() - * (left in extern int h_errno). - */ - -#undef NETDB_INTERNAL -#undef NETDB_SUCCESS -#undef HOST_NOT_FOUND -#undef TRY_AGAIN -#undef NO_RECOVERY -#undef NO_DATA -#undef NO_ADDRESS - -#define NETDB_INTERNAL -1 /* see errno */ -#define NETDB_SUCCESS 0 /* no problem */ -#define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ -#define TRY_AGAIN 2 /* Non-Authoritive Host not found, or SERVERFAIL */ -#define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED, NOTIMP */ -#define NO_DATA 4 /* Valid name, no data record of requested type */ -#define NO_ADDRESS NO_DATA /* no address, look for MX record */ - -/* - * Error return codes from getaddrinfo() - */ - -#undef EAI_ADDRFAMILY -#undef EAI_AGAIN -#undef EAI_BADFLAGS -#undef EAI_FAIL -#undef EAI_FAMILY -#undef EAI_MEMORY -#undef EAI_NODATA -#undef EAI_NONAME -#undef EAI_SERVICE -#undef EAI_SOCKTYPE -#undef EAI_SYSTEM -#undef EAI_BADHINTS -#undef EAI_PROTOCOL -#undef EAI_MAX - -#define EAI_ADDRFAMILY 1 /* address family for hostname not supported */ -#define EAI_AGAIN 2 /* temporary failure in name resolution */ -#define EAI_BADFLAGS 3 /* invalid value for ai_flags */ -#define EAI_FAIL 4 /* non-recoverable failure in name resolution */ -#define EAI_FAMILY 5 /* ai_family not supported */ -#define EAI_MEMORY 6 /* memory allocation failure */ -#define EAI_NODATA 7 /* no address associated with hostname */ -#define EAI_NONAME 8 /* hostname nor servname provided, or not known */ -#define EAI_SERVICE 9 /* servname not supported for ai_socktype */ -#define EAI_SOCKTYPE 10 /* ai_socktype not supported */ -#define EAI_SYSTEM 11 /* system error returned in errno */ -#define EAI_BADHINTS 12 -#define EAI_PROTOCOL 13 -#define EAI_MAX 14 - -/* - * Flag values for getaddrinfo() - */ -#undef AI_PASSIVE -#undef AI_CANONNAME -#undef AI_NUMERICHOST - -#define AI_PASSIVE 0x00000001 -#define AI_CANONNAME 0x00000002 -#define AI_NUMERICHOST 0x00000004 - -/* - * Flag values for getipnodebyname() - */ -#undef AI_V4MAPPED -#undef AI_ALL -#undef AI_ADDRCONFIG -#undef AI_DEFAULT - -#define AI_V4MAPPED 0x00000008 -#define AI_ALL 0x00000010 -#define AI_ADDRCONFIG 0x00000020 -#define AI_DEFAULT (AI_V4MAPPED|AI_ADDRCONFIG) - -/* - * Constants for lwres_getnameinfo() - */ -#undef NI_MAXHOST -#undef NI_MAXSERV - -#define NI_MAXHOST 1025 -#define NI_MAXSERV 32 - -/* - * Flag values for lwres_getnameinfo() - */ -#undef NI_NOFQDN -#undef NI_NUMERICHOST -#undef NI_NAMEREQD -#undef NI_NUMERICSERV -#undef NI_DGRAM -#undef NI_NUMERICSCOPE - -#define NI_NOFQDN 0x00000001 -#define NI_NUMERICHOST 0x00000002 -#define NI_NAMEREQD 0x00000004 -#define NI_NUMERICSERV 0x00000008 -#define NI_DGRAM 0x00000010 -#define NI_NUMERICSCOPE 0x00000020 /*2553bis-00*/ - -/* - * Define if does not declare struct rrsetinfo. - */ -#define ISC_LWRES_NEEDRRSETINFO 1 - -#ifdef ISC_LWRES_NEEDRRSETINFO -/* - * Structures for getrrsetbyname() - */ -struct rdatainfo { - unsigned int rdi_length; - unsigned char *rdi_data; -}; - -struct rrsetinfo { - unsigned int rri_flags; - int rri_rdclass; - int rri_rdtype; - unsigned int rri_ttl; - unsigned int rri_nrdatas; - unsigned int rri_nsigs; - char *rri_name; - struct rdatainfo *rri_rdatas; - struct rdatainfo *rri_sigs; -}; - -/* - * Flags for getrrsetbyname() - */ -#define RRSET_VALIDATED 0x00000001 - /* Set was dnssec validated */ - -/* - * Return codes for getrrsetbyname() - */ -#define ERRSET_SUCCESS 0 -#define ERRSET_NOMEMORY 1 -#define ERRSET_FAIL 2 -#define ERRSET_INVAL 3 -#define ERRSET_NONAME 4 -#define ERRSET_NODATA 5 -#define ERRSET_RETRY 6 -#endif - -/* - * Define to map into lwres_ namespace. - */ - -#define LWRES_NAMESPACE - -#ifdef LWRES_NAMESPACE - -/* - * Use our versions not the ones from the C library. - */ - -#ifdef getnameinfo -#undef getnameinfo -#endif -#define getnameinfo lwres_getnameinfo - -#ifdef getaddrinfo -#undef getaddrinfo -#endif -#define getaddrinfo lwres_getaddrinfo - -#ifdef freeaddrinfo -#undef freeaddrinfo -#endif -#define freeaddrinfo lwres_freeaddrinfo - -#ifdef gai_strerror -#undef gai_strerror -#endif -#define gai_strerror lwres_gai_strerror - -#ifdef herror -#undef herror -#endif -#define herror lwres_herror - -#ifdef hstrerror -#undef hstrerror -#endif -#define hstrerror lwres_hstrerror - -#ifdef getipnodebyname -#undef getipnodebyname -#endif -#define getipnodebyname lwres_getipnodebyname - -#ifdef getipnodebyaddr -#undef getipnodebyaddr -#endif -#define getipnodebyaddr lwres_getipnodebyaddr - -#ifdef freehostent -#undef freehostent -#endif -#define freehostent lwres_freehostent - -#ifdef gethostbyname -#undef gethostbyname -#endif -#define gethostbyname lwres_gethostbyname - -#ifdef gethostbyname2 -#undef gethostbyname2 -#endif -#define gethostbyname2 lwres_gethostbyname2 - -#ifdef gethostbyaddr -#undef gethostbyaddr -#endif -#define gethostbyaddr lwres_gethostbyaddr - -#ifdef gethostent -#undef gethostent -#endif -#define gethostent lwres_gethostent - -#ifdef sethostent -#undef sethostent -#endif -#define sethostent lwres_sethostent - -#ifdef endhostent -#undef endhostent -#endif -#define endhostent lwres_endhostent - -/* #define sethostfile lwres_sethostfile */ - -#ifdef gethostbyname_r -#undef gethostbyname_r -#endif -#define gethostbyname_r lwres_gethostbyname_r - -#ifdef gethostbyaddr_r -#undef gethostbyaddr_r -#endif -#define gethostbyaddr_r lwres_gethostbyaddr_r - -#ifdef gethostent_r -#undef gethostent_r -#endif -#define gethostent_r lwres_gethostent_r - -#ifdef sethostent_r -#undef sethostent_r -#endif -#define sethostent_r lwres_sethostent_r - -#ifdef endhostent_r -#undef endhostent_r -#endif -#define endhostent_r lwres_endhostent_r - -#ifdef getrrsetbyname -#undef getrrsetbyname -#endif -#define getrrsetbyname lwres_getrrsetbyname - -#ifdef freerrset -#undef freerrset -#endif -#define freerrset lwres_freerrset - -#ifdef notyet -#define getservbyname lwres_getservbyname -#define getservbyport lwres_getservbyport -#define getservent lwres_getservent -#define setservent lwres_setservent -#define endservent lwres_endservent - -#define getservbyname_r lwres_getservbyname_r -#define getservbyport_r lwres_getservbyport_r -#define getservent_r lwres_getservent_r -#define setservent_r lwres_setservent_r -#define endservent_r lwres_endservent_r - -#define getprotobyname lwres_getprotobyname -#define getprotobynumber lwres_getprotobynumber -#define getprotoent lwres_getprotoent -#define setprotoent lwres_setprotoent -#define endprotoent lwres_endprotoent - -#define getprotobyname_r lwres_getprotobyname_r -#define getprotobynumber_r lwres_getprotobynumber_r -#define getprotoent_r lwres_getprotoent_r -#define setprotoent_r lwres_setprotoent_r -#define endprotoent_r lwres_endprotoent_r - -#ifdef getnetbyname -#undef getnetbyname -#endif -#define getnetbyname lwres_getnetbyname - -#ifdef getnetbyaddr -#undef getnetbyaddr -#endif -#define getnetbyaddr lwres_getnetbyaddr - -#ifdef getnetent -#undef getnetent -#endif -#define getnetent lwres_getnetent - -#ifdef setnetent -#undef setnetent -#endif -#define setnetent lwres_setnetent - -#ifdef endnetent -#undef endnetent -#endif -#define endnetent lwres_endnetent - - -#ifdef getnetbyname_r -#undef getnetbyname_r -#endif -#define getnetbyname_r lwres_getnetbyname_r - -#ifdef getnetbyaddr_r -#undef getnetbyaddr_r -#endif -#define getnetbyaddr_r lwres_getnetbyaddr_r - -#ifdef getnetent_r -#undef getnetent_r -#endif -#define getnetent_r lwres_getnetent_r - -#ifdef setnetent_r -#undef setnetent_r -#endif -#define setnetent_r lwres_setnetent_r - -#ifdef endnetent_r -#undef endnetent_r -#endif -#define endnetent_r lwres_endnetent_r -#endif /* notyet */ - -#ifdef h_errno -#undef h_errno -#endif -#define h_errno lwres_h_errno - -#endif /* LWRES_NAMESPACE */ - -LWRES_LANG_BEGINDECLS - -extern int lwres_h_errno; - -int lwres_getaddrinfo(const char *, const char *, - const struct addrinfo *, struct addrinfo **); -int lwres_getnameinfo(const struct sockaddr *, size_t, char *, - size_t, char *, size_t, int); -void lwres_freeaddrinfo(struct addrinfo *); -char *lwres_gai_strerror(int); - -struct hostent *lwres_gethostbyaddr(const char *, int, int); -struct hostent *lwres_gethostbyname(const char *); -struct hostent *lwres_gethostbyname2(const char *, int); -struct hostent *lwres_gethostent(void); -struct hostent *lwres_getipnodebyname(const char *, int, int, int *); -struct hostent *lwres_getipnodebyaddr(const void *, size_t, int, int *); -void lwres_endhostent(void); -void lwres_sethostent(int); -/* void lwres_sethostfile(const char *); */ -void lwres_freehostent(struct hostent *); - -int lwres_getrrsetbyname(const char *, unsigned int, unsigned int, - unsigned int, struct rrsetinfo **); -int lwres_getrrsetbyname_all(const char *, unsigned int, - unsigned int, - unsigned int, struct rrsetinfo **); -void lwres_freerrset(struct rrsetinfo *); - -#ifdef notyet -struct netent *lwres_getnetbyaddr(unsigned long, int); -struct netent *lwres_getnetbyname(const char *); -struct netent *lwres_getnetent(void); -void lwres_endnetent(void); -void lwres_setnetent(int); - -struct protoent *lwres_getprotobyname(const char *); -struct protoent *lwres_getprotobynumber(int); -struct protoent *lwres_getprotoent(void); -void lwres_endprotoent(void); -void lwres_setprotoent(int); - -struct servent *lwres_getservbyname(const char *, const char *); -struct servent *lwres_getservbyport(int, const char *); -struct servent *lwres_getservent(void); -void lwres_endservent(void); -void lwres_setservent(int); -#endif /* notyet */ - -void lwres_herror(const char *); -const char *lwres_hstrerror(int); - - -struct hostent *lwres_gethostbyaddr_r(const char *, int, int, struct hostent *, - char *, int, int *); -struct hostent *lwres_gethostbyname_r(const char *, struct hostent *, - char *, int, int *); -struct hostent *lwres_gethostent_r(struct hostent *, char *, int, int *); -void lwres_sethostent_r(int); -void lwres_endhostent_r(void); - -#ifdef notyet -struct netent *lwres_getnetbyname_r(const char *, struct netent *, - char *, int); -struct netent *lwres_getnetbyaddr_r(long, int, struct netent *, - char *, int); -struct netent *lwres_getnetent_r(struct netent *, char *, int); -void lwres_setnetent_r(int); -void lwres_endnetent_r(void); - -struct protoent *lwres_getprotobyname_r(const char *, - struct protoent *, char *, int); -struct protoent *lwres_getprotobynumber_r(int, - struct protoent *, char *, int); -struct protoent *lwres_getprotoent_r(struct protoent *, char *, int); -void lwres_setprotoent_r(int); -void lwres_endprotoent_r(void); - -struct servent *lwres_getservbyname_r(const char *name, const char *, - struct servent *, char *, int); -struct servent *lwres_getservbyport_r(int port, const char *, - struct servent *, char *, int); -struct servent *lwres_getservent_r(struct servent *, char *, int); -void lwres_setservent_r(int); -void lwres_endservent_r(void); -#endif /* notyet */ - -LWRES_LANG_ENDDECLS - -#ifdef notyet -/* This is nec'y to make this include file properly replace the sun version. */ -#ifdef sun -#ifdef __GNU_LIBRARY__ -#include /* Required. */ -#else /* !__GNU_LIBRARY__ */ -struct rpcent { - char *r_name; /* name of server for this rpc program */ - char **r_aliases; /* alias list */ - int r_number; /* rpc program number */ -}; -struct rpcent *lwres_getrpcbyname(); -struct rpcent *lwres_getrpcbynumber(), -struct rpcent *lwres_getrpcent(); -#endif /* __GNU_LIBRARY__ */ -#endif /* sun */ -#endif /* notyet */ - -/* - * Tell Emacs to use C mode on this file. - * Local variables: - * mode: c - * End: - */ - -#endif /* LWRES_NETDB_H */ diff --git a/lib/liblwres/include/lwres/netdb.h.in b/lib/liblwres/include/lwres/netdb.h.in deleted file mode 100644 index 75446e8f8..000000000 --- a/lib/liblwres/include/lwres/netdb.h.in +++ /dev/null @@ -1,518 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: netdb.h.in,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_NETDB_H -#define LWRES_NETDB_H 1 - -#include /* Required on FreeBSD (and others?) for size_t. */ -#include /* Contractual provision. */ - -#include - -/* - * Define if does not declare struct addrinfo. - */ -@ISC_LWRES_NEEDADDRINFO@ - -#ifdef ISC_LWRES_NEEDADDRINFO -struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* Length of ai_addr */ - char *ai_canonname; /* Canonical name for hostname */ - struct sockaddr *ai_addr; /* Binary address */ - struct addrinfo *ai_next; /* Next structure in linked list */ -}; -#endif - -/* - * Undefine all #defines we are interested in as may or may not have - * defined them. - */ - -/* - * Error return codes from gethostbyname() and gethostbyaddr() - * (left in extern int h_errno). - */ - -#undef NETDB_INTERNAL -#undef NETDB_SUCCESS -#undef HOST_NOT_FOUND -#undef TRY_AGAIN -#undef NO_RECOVERY -#undef NO_DATA -#undef NO_ADDRESS - -#define NETDB_INTERNAL -1 /* see errno */ -#define NETDB_SUCCESS 0 /* no problem */ -#define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ -#define TRY_AGAIN 2 /* Non-Authoritive Host not found, or SERVERFAIL */ -#define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED, NOTIMP */ -#define NO_DATA 4 /* Valid name, no data record of requested type */ -#define NO_ADDRESS NO_DATA /* no address, look for MX record */ - -/* - * Error return codes from getaddrinfo() - */ - -#undef EAI_ADDRFAMILY -#undef EAI_AGAIN -#undef EAI_BADFLAGS -#undef EAI_FAIL -#undef EAI_FAMILY -#undef EAI_MEMORY -#undef EAI_NODATA -#undef EAI_NONAME -#undef EAI_SERVICE -#undef EAI_SOCKTYPE -#undef EAI_SYSTEM -#undef EAI_BADHINTS -#undef EAI_PROTOCOL -#undef EAI_MAX - -#define EAI_ADDRFAMILY 1 /* address family for hostname not supported */ -#define EAI_AGAIN 2 /* temporary failure in name resolution */ -#define EAI_BADFLAGS 3 /* invalid value for ai_flags */ -#define EAI_FAIL 4 /* non-recoverable failure in name resolution */ -#define EAI_FAMILY 5 /* ai_family not supported */ -#define EAI_MEMORY 6 /* memory allocation failure */ -#define EAI_NODATA 7 /* no address associated with hostname */ -#define EAI_NONAME 8 /* hostname nor servname provided, or not known */ -#define EAI_SERVICE 9 /* servname not supported for ai_socktype */ -#define EAI_SOCKTYPE 10 /* ai_socktype not supported */ -#define EAI_SYSTEM 11 /* system error returned in errno */ -#define EAI_BADHINTS 12 -#define EAI_PROTOCOL 13 -#define EAI_MAX 14 - -/* - * Flag values for getaddrinfo() - */ -#undef AI_PASSIVE -#undef AI_CANONNAME -#undef AI_NUMERICHOST - -#define AI_PASSIVE 0x00000001 -#define AI_CANONNAME 0x00000002 -#define AI_NUMERICHOST 0x00000004 - -/* - * Flag values for getipnodebyname() - */ -#undef AI_V4MAPPED -#undef AI_ALL -#undef AI_ADDRCONFIG -#undef AI_DEFAULT - -#define AI_V4MAPPED 0x00000008 -#define AI_ALL 0x00000010 -#define AI_ADDRCONFIG 0x00000020 -#define AI_DEFAULT (AI_V4MAPPED|AI_ADDRCONFIG) - -/* - * Constants for lwres_getnameinfo() - */ -#undef NI_MAXHOST -#undef NI_MAXSERV - -#define NI_MAXHOST 1025 -#define NI_MAXSERV 32 - -/* - * Flag values for lwres_getnameinfo() - */ -#undef NI_NOFQDN -#undef NI_NUMERICHOST -#undef NI_NAMEREQD -#undef NI_NUMERICSERV -#undef NI_DGRAM -#undef NI_NUMERICSCOPE - -#define NI_NOFQDN 0x00000001 -#define NI_NUMERICHOST 0x00000002 -#define NI_NAMEREQD 0x00000004 -#define NI_NUMERICSERV 0x00000008 -#define NI_DGRAM 0x00000010 -#define NI_NUMERICSCOPE 0x00000020 /*2553bis-00*/ - -/* - * Define if does not declare struct rrsetinfo. - */ -@ISC_LWRES_NEEDRRSETINFO@ - -#ifdef ISC_LWRES_NEEDRRSETINFO -/* - * Structures for getrrsetbyname() - */ -struct rdatainfo { - unsigned int rdi_length; - unsigned char *rdi_data; -}; - -struct rrsetinfo { - unsigned int rri_flags; - int rri_rdclass; - int rri_rdtype; - unsigned int rri_ttl; - unsigned int rri_nrdatas; - unsigned int rri_nsigs; - char *rri_name; - struct rdatainfo *rri_rdatas; - struct rdatainfo *rri_sigs; -}; - -/* - * Flags for getrrsetbyname() - */ -#define RRSET_VALIDATED 0x00000001 - /* Set was dnssec validated */ - -/* - * Return codes for getrrsetbyname() - */ -#define ERRSET_SUCCESS 0 -#define ERRSET_NOMEMORY 1 -#define ERRSET_FAIL 2 -#define ERRSET_INVAL 3 -#define ERRSET_NONAME 4 -#define ERRSET_NODATA 5 -#endif - -/* - * Define to map into lwres_ namespace. - */ - -#define LWRES_NAMESPACE - -#ifdef LWRES_NAMESPACE - -/* - * Use our versions not the ones from the C library. - */ - -#ifdef getnameinfo -#undef getnameinfo -#endif -#define getnameinfo lwres_getnameinfo - -#ifdef getaddrinfo -#undef getaddrinfo -#endif -#define getaddrinfo lwres_getaddrinfo - -#ifdef freeaddrinfo -#undef freeaddrinfo -#endif -#define freeaddrinfo lwres_freeaddrinfo - -#ifdef gai_strerror -#undef gai_strerror -#endif -#define gai_strerror lwres_gai_strerror - -#ifdef herror -#undef herror -#endif -#define herror lwres_herror - -#ifdef hstrerror -#undef hstrerror -#endif -#define hstrerror lwres_hstrerror - -#ifdef getipnodebyname -#undef getipnodebyname -#endif -#define getipnodebyname lwres_getipnodebyname - -#ifdef getipnodebyaddr -#undef getipnodebyaddr -#endif -#define getipnodebyaddr lwres_getipnodebyaddr - -#ifdef freehostent -#undef freehostent -#endif -#define freehostent lwres_freehostent - -#ifdef gethostbyname -#undef gethostbyname -#endif -#define gethostbyname lwres_gethostbyname - -#ifdef gethostbyname2 -#undef gethostbyname2 -#endif -#define gethostbyname2 lwres_gethostbyname2 - -#ifdef gethostbyaddr -#undef gethostbyaddr -#endif -#define gethostbyaddr lwres_gethostbyaddr - -#ifdef gethostent -#undef gethostent -#endif -#define gethostent lwres_gethostent - -#ifdef sethostent -#undef sethostent -#endif -#define sethostent lwres_sethostent - -#ifdef endhostent -#undef endhostent -#endif -#define endhostent lwres_endhostent - -/* #define sethostfile lwres_sethostfile */ - -#ifdef gethostbyname_r -#undef gethostbyname_r -#endif -#define gethostbyname_r lwres_gethostbyname_r - -#ifdef gethostbyaddr_r -#undef gethostbyaddr_r -#endif -#define gethostbyaddr_r lwres_gethostbyaddr_r - -#ifdef gethostent_r -#undef gethostent_r -#endif -#define gethostent_r lwres_gethostent_r - -#ifdef sethostent_r -#undef sethostent_r -#endif -#define sethostent_r lwres_sethostent_r - -#ifdef endhostent_r -#undef endhostent_r -#endif -#define endhostent_r lwres_endhostent_r - -#ifdef getrrsetbyname -#undef getrrsetbyname -#endif -#define getrrsetbyname lwres_getrrsetbyname - -#ifdef freerrset -#undef freerrset -#endif -#define freerrset lwres_freerrset - -#ifdef notyet -#define getservbyname lwres_getservbyname -#define getservbyport lwres_getservbyport -#define getservent lwres_getservent -#define setservent lwres_setservent -#define endservent lwres_endservent - -#define getservbyname_r lwres_getservbyname_r -#define getservbyport_r lwres_getservbyport_r -#define getservent_r lwres_getservent_r -#define setservent_r lwres_setservent_r -#define endservent_r lwres_endservent_r - -#define getprotobyname lwres_getprotobyname -#define getprotobynumber lwres_getprotobynumber -#define getprotoent lwres_getprotoent -#define setprotoent lwres_setprotoent -#define endprotoent lwres_endprotoent - -#define getprotobyname_r lwres_getprotobyname_r -#define getprotobynumber_r lwres_getprotobynumber_r -#define getprotoent_r lwres_getprotoent_r -#define setprotoent_r lwres_setprotoent_r -#define endprotoent_r lwres_endprotoent_r - -#ifdef getnetbyname -#undef getnetbyname -#endif -#define getnetbyname lwres_getnetbyname - -#ifdef getnetbyaddr -#undef getnetbyaddr -#endif -#define getnetbyaddr lwres_getnetbyaddr - -#ifdef getnetent -#undef getnetent -#endif -#define getnetent lwres_getnetent - -#ifdef setnetent -#undef setnetent -#endif -#define setnetent lwres_setnetent - -#ifdef endnetent -#undef endnetent -#endif -#define endnetent lwres_endnetent - - -#ifdef getnetbyname_r -#undef getnetbyname_r -#endif -#define getnetbyname_r lwres_getnetbyname_r - -#ifdef getnetbyaddr_r -#undef getnetbyaddr_r -#endif -#define getnetbyaddr_r lwres_getnetbyaddr_r - -#ifdef getnetent_r -#undef getnetent_r -#endif -#define getnetent_r lwres_getnetent_r - -#ifdef setnetent_r -#undef setnetent_r -#endif -#define setnetent_r lwres_setnetent_r - -#ifdef endnetent_r -#undef endnetent_r -#endif -#define endnetent_r lwres_endnetent_r -#endif /* notyet */ - -#ifdef h_errno -#undef h_errno -#endif -#define h_errno lwres_h_errno - -#endif /* LWRES_NAMESPACE */ - -LWRES_LANG_BEGINDECLS - -extern int lwres_h_errno; - -int lwres_getaddrinfo(const char *, const char *, - const struct addrinfo *, struct addrinfo **); -int lwres_getnameinfo(const struct sockaddr *, size_t, char *, - size_t, char *, size_t, int); -void lwres_freeaddrinfo(struct addrinfo *); -char *lwres_gai_strerror(int); - -struct hostent *lwres_gethostbyaddr(const char *, int, int); -struct hostent *lwres_gethostbyname(const char *); -struct hostent *lwres_gethostbyname2(const char *, int); -struct hostent *lwres_gethostent(void); -struct hostent *lwres_getipnodebyname(const char *, int, int, int *); -struct hostent *lwres_getipnodebyaddr(const void *, size_t, int, int *); -void lwres_endhostent(void); -void lwres_sethostent(int); -/* void lwres_sethostfile(const char *); */ -void lwres_freehostent(struct hostent *); - -int lwres_getrrsetbyname(const char *, unsigned int, unsigned int, - unsigned int, struct rrsetinfo **); -void lwres_freerrset(struct rrsetinfo *); - -#ifdef notyet -struct netent *lwres_getnetbyaddr(unsigned long, int); -struct netent *lwres_getnetbyname(const char *); -struct netent *lwres_getnetent(void); -void lwres_endnetent(void); -void lwres_setnetent(int); - -struct protoent *lwres_getprotobyname(const char *); -struct protoent *lwres_getprotobynumber(int); -struct protoent *lwres_getprotoent(void); -void lwres_endprotoent(void); -void lwres_setprotoent(int); - -struct servent *lwres_getservbyname(const char *, const char *); -struct servent *lwres_getservbyport(int, const char *); -struct servent *lwres_getservent(void); -void lwres_endservent(void); -void lwres_setservent(int); -#endif /* notyet */ - -void lwres_herror(const char *); -const char *lwres_hstrerror(int); - - -struct hostent *lwres_gethostbyaddr_r(const char *, int, int, struct hostent *, - char *, int, int *); -struct hostent *lwres_gethostbyname_r(const char *, struct hostent *, - char *, int, int *); -struct hostent *lwres_gethostent_r(struct hostent *, char *, int, int *); -void lwres_sethostent_r(int); -void lwres_endhostent_r(void); - -#ifdef notyet -struct netent *lwres_getnetbyname_r(const char *, struct netent *, - char *, int); -struct netent *lwres_getnetbyaddr_r(long, int, struct netent *, - char *, int); -struct netent *lwres_getnetent_r(struct netent *, char *, int); -void lwres_setnetent_r(int); -void lwres_endnetent_r(void); - -struct protoent *lwres_getprotobyname_r(const char *, - struct protoent *, char *, int); -struct protoent *lwres_getprotobynumber_r(int, - struct protoent *, char *, int); -struct protoent *lwres_getprotoent_r(struct protoent *, char *, int); -void lwres_setprotoent_r(int); -void lwres_endprotoent_r(void); - -struct servent *lwres_getservbyname_r(const char *name, const char *, - struct servent *, char *, int); -struct servent *lwres_getservbyport_r(int port, const char *, - struct servent *, char *, int); -struct servent *lwres_getservent_r(struct servent *, char *, int); -void lwres_setservent_r(int); -void lwres_endservent_r(void); -#endif /* notyet */ - -LWRES_LANG_ENDDECLS - -#ifdef notyet -/* This is nec'y to make this include file properly replace the sun version. */ -#ifdef sun -#ifdef __GNU_LIBRARY__ -#include /* Required. */ -#else /* !__GNU_LIBRARY__ */ -struct rpcent { - char *r_name; /* name of server for this rpc program */ - char **r_aliases; /* alias list */ - int r_number; /* rpc program number */ -}; -struct rpcent *lwres_getrpcbyname(); -struct rpcent *lwres_getrpcbynumber(), -struct rpcent *lwres_getrpcent(); -#endif /* __GNU_LIBRARY__ */ -#endif /* sun */ -#endif /* notyet */ - -/* - * Tell Emacs to use C mode on this file. - * Local variables: - * mode: c - * End: - */ - -#endif /* LWRES_NETDB_H */ diff --git a/lib/liblwres/include/lwres/platform.h b/lib/liblwres/include/lwres/platform.h deleted file mode 100644 index af4c615d9..000000000 --- a/lib/liblwres/include/lwres/platform.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: platform.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_PLATFORM_H -#define LWRES_PLATFORM_H 1 - -/***** - ***** Platform-dependent defines. - *****/ - -/*** - *** Network. - ***/ - -/* - * Define if this system needs the header file for IPv6. - */ -#undef LWRES_PLATFORM_NEEDNETINETIN6H - -/* - * Define if this system needs the header file for IPv6. - */ -#undef LWRES_PLATFORM_NEEDNETINET6IN6H - -/* - * If sockaddrs on this system have an sa_len field, LWRES_PLATFORM_HAVESALEN - * will be defined. - */ -#undef LWRES_PLATFORM_HAVESALEN - -/* - * If this system has the IPv6 structure definitions, LWRES_PLATFORM_HAVEIPV6 - * will be defined. - */ -#define LWRES_PLATFORM_HAVEIPV6 1 - -/* - * If this system is missing in6addr_any, LWRES_PLATFORM_NEEDIN6ADDRANY will - * be defined. - */ -#undef LWRES_PLATFORM_NEEDIN6ADDRANY - -/* - * If this system is missing in6addr_loopback, - * LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK will be defined. - */ -#undef LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK - -/* - * If this system has in_addr6, rather than in6_addr, - * LWRES_PLATFORM_HAVEINADDR6 will be defined. - */ -#undef LWRES_PLATFORM_HAVEINADDR6 - -/* - * Defined if unistd.h does not cause fd_set to be delared. - */ -#define LWRES_PLATFORM_NEEDSYSSELECTH 1 - -/* - * Used to control how extern data is linked; needed for Win32 platforms. - */ -#undef LWRES_PLATFORM_USEDECLSPEC - -#ifndef LWRES_PLATFORM_USEDECLSPEC -#define LIBLWRES_EXTERNAL_DATA -#else -#ifdef LIBLWRES_EXPORTS -#define LIBLWRES_EXTERNAL_DATA __declspec(dllexport) -#else -#define LIBLWRES_EXTERNAL_DATA __declspec(dllimport) -#endif -#endif - -#endif /* LWRES_PLATFORM_H */ diff --git a/lib/liblwres/include/lwres/platform.h.in b/lib/liblwres/include/lwres/platform.h.in deleted file mode 100644 index c679d8fae..000000000 --- a/lib/liblwres/include/lwres/platform.h.in +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: platform.h.in,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_PLATFORM_H -#define LWRES_PLATFORM_H 1 - -/***** - ***** Platform-dependent defines. - *****/ - -/*** - *** Network. - ***/ - -/* - * Define if this system needs the header file for IPv6. - */ -@LWRES_PLATFORM_NEEDNETINETIN6H@ - -/* - * Define if this system needs the header file for IPv6. - */ -@LWRES_PLATFORM_NEEDNETINET6IN6H@ - -/* - * If sockaddrs on this system have an sa_len field, LWRES_PLATFORM_HAVESALEN - * will be defined. - */ -@LWRES_PLATFORM_HAVESALEN@ - -/* - * If this system has the IPv6 structure definitions, LWRES_PLATFORM_HAVEIPV6 - * will be defined. - */ -@LWRES_PLATFORM_HAVEIPV6@ - -/* - * If this system is missing in6addr_any, LWRES_PLATFORM_NEEDIN6ADDRANY will - * be defined. - */ -@LWRES_PLATFORM_NEEDIN6ADDRANY@ - -/* - * If this system is missing in6addr_loopback, - * LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK will be defined. - */ -@LWRES_PLATFORM_NEEDIN6ADDRLOOPBACK@ - -/* - * If this system has in_addr6, rather than in6_addr, - * LWRES_PLATFORM_HAVEINADDR6 will be defined. - */ -@LWRES_PLATFORM_HAVEINADDR6@ - -/* - * Defined if unistd.h does not cause fd_set to be delared. - */ -@LWRES_PLATFORM_NEEDSYSSELECTH@ - -/* - * Used to control how extern data is linked; needed for Win32 platforms. - */ -@LWRES_PLATFORM_USEDECLSPEC@ - -#ifndef LWRES_PLATFORM_USEDECLSPEC -#define LIBLWRES_EXTERNAL_DATA -#else -#ifdef LIBLWRES_EXPORTS -#define LIBLWRES_EXTERNAL_DATA __declspec(dllexport) -#else -#define LIBLWRES_EXTERNAL_DATA __declspec(dllimport) -#endif -#endif - -#endif /* LWRES_PLATFORM_H */ diff --git a/lib/liblwres/include/lwres/result.h b/lib/liblwres/include/lwres/result.h deleted file mode 100644 index 42e1bccea..000000000 --- a/lib/liblwres/include/lwres/result.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: result.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_RESULT_H -#define LWRES_RESULT_H 1 - -typedef unsigned int lwres_result_t; - -#define LWRES_R_SUCCESS 0 -#define LWRES_R_NOMEMORY 1 -#define LWRES_R_TIMEOUT 2 -#define LWRES_R_NOTFOUND 3 -#define LWRES_R_UNEXPECTEDEND 4 /* unexpected end of input */ -#define LWRES_R_FAILURE 5 /* generic failure */ -#define LWRES_R_IOERROR 6 -#define LWRES_R_NOTIMPLEMENTED 7 -#define LWRES_R_UNEXPECTED 8 -#define LWRES_R_TRAILINGDATA 9 -#define LWRES_R_INCOMPLETE 10 -#define LWRES_R_RETRY 11 -#define LWRES_R_TYPENOTFOUND 12 -#define LWRES_R_TOOLARGE 13 - -#endif /* LWRES_RESULT_H */ diff --git a/lib/liblwres/lwbuffer.c b/lib/liblwres/lwbuffer.c deleted file mode 100644 index 465ad2569..000000000 --- a/lib/liblwres/lwbuffer.c +++ /dev/null @@ -1,287 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwbuffer.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include - -#include - -#include "assert_p.h" - -void -lwres_buffer_init(lwres_buffer_t *b, void *base, unsigned int length) -{ - /* - * Make 'b' refer to the 'length'-byte region starting at base. - */ - - REQUIRE(b != NULL); - - b->magic = LWRES_BUFFER_MAGIC; - b->base = base; - b->length = length; - b->used = 0; - b->current = 0; - b->active = 0; -} - -void -lwres_buffer_invalidate(lwres_buffer_t *b) -{ - /* - * Make 'b' an invalid buffer. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - - b->magic = 0; - b->base = NULL; - b->length = 0; - b->used = 0; - b->current = 0; - b->active = 0; -} - -void -lwres_buffer_add(lwres_buffer_t *b, unsigned int n) -{ - /* - * Increase the 'used' region of 'b' by 'n' bytes. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + n <= b->length); - - b->used += n; -} - -void -lwres_buffer_subtract(lwres_buffer_t *b, unsigned int n) -{ - /* - * Decrease the 'used' region of 'b' by 'n' bytes. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used >= n); - - b->used -= n; - if (b->current > b->used) - b->current = b->used; - if (b->active > b->used) - b->active = b->used; -} - -void -lwres_buffer_clear(lwres_buffer_t *b) -{ - /* - * Make the used region empty. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - - b->used = 0; - b->current = 0; - b->active = 0; -} - -void -lwres_buffer_first(lwres_buffer_t *b) -{ - /* - * Make the consumed region empty. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - - b->current = 0; -} - -void -lwres_buffer_forward(lwres_buffer_t *b, unsigned int n) -{ - /* - * Increase the 'consumed' region of 'b' by 'n' bytes. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->current + n <= b->used); - - b->current += n; -} - -void -lwres_buffer_back(lwres_buffer_t *b, unsigned int n) -{ - /* - * Decrease the 'consumed' region of 'b' by 'n' bytes. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(n <= b->current); - - b->current -= n; -} - -lwres_uint8_t -lwres_buffer_getuint8(lwres_buffer_t *b) -{ - unsigned char *cp; - lwres_uint8_t result; - - /* - * Read an unsigned 8-bit integer from 'b' and return it. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used - b->current >= 1); - - cp = b->base; - cp += b->current; - b->current += 1; - result = ((unsigned int)(cp[0])); - - return (result); -} - -void -lwres_buffer_putuint8(lwres_buffer_t *b, lwres_uint8_t val) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + 1 <= b->length); - - cp = b->base; - cp += b->used; - b->used += 1; - cp[0] = (val & 0x00ff); -} - -lwres_uint16_t -lwres_buffer_getuint16(lwres_buffer_t *b) -{ - unsigned char *cp; - lwres_uint16_t result; - - /* - * Read an unsigned 16-bit integer in network byte order from 'b', - * convert it to host byte order, and return it. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used - b->current >= 2); - - cp = b->base; - cp += b->current; - b->current += 2; - result = ((unsigned int)(cp[0])) << 8; - result |= ((unsigned int)(cp[1])); - - return (result); -} - -void -lwres_buffer_putuint16(lwres_buffer_t *b, lwres_uint16_t val) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + 2 <= b->length); - - cp = b->base; - cp += b->used; - b->used += 2; - cp[0] = (val & 0xff00) >> 8; - cp[1] = (val & 0x00ff); -} - -lwres_uint32_t -lwres_buffer_getuint32(lwres_buffer_t *b) -{ - unsigned char *cp; - lwres_uint32_t result; - - /* - * Read an unsigned 32-bit integer in network byte order from 'b', - * convert it to host byte order, and return it. - */ - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used - b->current >= 4); - - cp = b->base; - cp += b->current; - b->current += 4; - result = ((unsigned int)(cp[0])) << 24; - result |= ((unsigned int)(cp[1])) << 16; - result |= ((unsigned int)(cp[2])) << 8; - result |= ((unsigned int)(cp[3])); - - return (result); -} - -void -lwres_buffer_putuint32(lwres_buffer_t *b, lwres_uint32_t val) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + 4 <= b->length); - - cp = b->base; - cp += b->used; - b->used += 4; - cp[0] = (unsigned char)((val & 0xff000000) >> 24); - cp[1] = (unsigned char)((val & 0x00ff0000) >> 16); - cp[2] = (unsigned char)((val & 0x0000ff00) >> 8); - cp[3] = (unsigned char)(val & 0x000000ff); -} - -void -lwres_buffer_putmem(lwres_buffer_t *b, const unsigned char *base, - unsigned int length) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used + length <= b->length); - - cp = (unsigned char *)b->base + b->used; - memcpy(cp, base, length); - b->used += length; -} - -void -lwres_buffer_getmem(lwres_buffer_t *b, unsigned char *base, - unsigned int length) -{ - unsigned char *cp; - - REQUIRE(LWRES_BUFFER_VALID(b)); - REQUIRE(b->used - b->current >= length); - - cp = b->base; - cp += b->current; - b->current += length; - - memcpy(base, cp, length); -} diff --git a/lib/liblwres/lwconfig.c b/lib/liblwres/lwconfig.c deleted file mode 100644 index f1c19b697..000000000 --- a/lib/liblwres/lwconfig.c +++ /dev/null @@ -1,703 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwconfig.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -/*** - *** Module for parsing resolv.conf files. - *** - *** entry points are: - *** lwres_conf_init(lwres_context_t *ctx) - *** intializes data structure for subsequent config parsing. - *** - *** lwres_conf_parse(lwres_context_t *ctx, const char *filename) - *** parses a file and fills in the data structure. - *** - *** lwres_conf_print(lwres_context_t *ctx, FILE *fp) - *** prints the config data structure to the FILE. - *** - *** lwres_conf_clear(lwres_context_t *ctx) - *** frees up all the internal memory used by the config data - *** structure, returning it to the lwres_context_t. - *** - ***/ - -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include "assert_p.h" -#include "context_p.h" - - -#if ! defined(NS_INADDRSZ) -#define NS_INADDRSZ 4 -#endif - -#if ! defined(NS_IN6ADDRSZ) -#define NS_IN6ADDRSZ 16 -#endif - -static lwres_result_t -lwres_conf_parsenameserver(lwres_context_t *ctx, FILE *fp); - -static lwres_result_t -lwres_conf_parselwserver(lwres_context_t *ctx, FILE *fp); - -static lwres_result_t -lwres_conf_parsedomain(lwres_context_t *ctx, FILE *fp); - -static lwres_result_t -lwres_conf_parsesearch(lwres_context_t *ctx, FILE *fp); - -static lwres_result_t -lwres_conf_parsesortlist(lwres_context_t *ctx, FILE *fp); - -static lwres_result_t -lwres_conf_parseoption(lwres_context_t *ctx, FILE *fp); - -static void -lwres_resetaddr(lwres_addr_t *addr); - -static lwres_result_t -lwres_create_addr(const char *buff, lwres_addr_t *addr, int convert_zero); - -static int lwresaddr2af(int lwresaddrtype); - - -static int -lwresaddr2af(int lwresaddrtype) -{ - int af = 0; - - switch (lwresaddrtype) { - case LWRES_ADDRTYPE_V4: - af = AF_INET; - break; - - case LWRES_ADDRTYPE_V6: - af = AF_INET6; - break; - } - - return (af); -} - - -/* - * Eat characters from FP until EOL or EOF. Returns EOF or '\n' - */ -static int -eatline(FILE *fp) { - int ch; - - ch = fgetc(fp); - while (ch != '\n' && ch != EOF) - ch = fgetc(fp); - - return (ch); -} - - -/* - * Eats white space up to next newline or non-whitespace character (of - * EOF). Returns the last character read. Comments are considered white - * space. - */ -static int -eatwhite(FILE *fp) { - int ch; - - ch = fgetc(fp); - while (ch != '\n' && ch != EOF && isspace((unsigned char)ch)) - ch = fgetc(fp); - - if (ch == ';' || ch == '#') - ch = eatline(fp); - - return (ch); -} - - -/* - * Skip over any leading whitespace and then read in the next sequence of - * non-whitespace characters. In this context newline is not considered - * whitespace. Returns EOF on end-of-file, or the character - * that caused the reading to stop. - */ -static int -getword(FILE *fp, char *buffer, size_t size) { - int ch; - char *p = buffer; - - REQUIRE(buffer != NULL); - REQUIRE(size > 0); - - *p = '\0'; - - ch = eatwhite(fp); - - if (ch == EOF) - return (EOF); - - do { - *p = '\0'; - - if (ch == EOF || isspace((unsigned char)ch)) - break; - else if ((size_t) (p - buffer) == size - 1) - return (EOF); /* Not enough space. */ - - *p++ = (char)ch; - ch = fgetc(fp); - } while (1); - - return (ch); -} - -static void -lwres_resetaddr(lwres_addr_t *addr) { - REQUIRE(addr != NULL); - - memset(addr->address, 0, LWRES_ADDR_MAXLEN); - addr->family = 0; - addr->length = 0; -} - -static char * -lwres_strdup(lwres_context_t *ctx, const char *str) { - char *p; - - REQUIRE(str != NULL); - REQUIRE(strlen(str) > 0); - - p = CTXMALLOC(strlen(str) + 1); - if (p != NULL) - strcpy(p, str); - - return (p); -} - -void -lwres_conf_init(lwres_context_t *ctx) { - int i; - lwres_conf_t *confdata; - - REQUIRE(ctx != NULL); - confdata = &ctx->confdata; - - confdata->nsnext = 0; - confdata->lwnext = 0; - confdata->domainname = NULL; - confdata->searchnxt = 0; - confdata->sortlistnxt = 0; - confdata->resdebug = 0; - confdata->ndots = 1; - confdata->no_tld_query = 0; - - for (i = 0 ; i < LWRES_CONFMAXNAMESERVERS ; i++) - lwres_resetaddr(&confdata->nameservers[i]); - - for (i = 0 ; i < LWRES_CONFMAXSEARCH ; i++) - confdata->search[i] = NULL; - - for (i = 0 ; i < LWRES_CONFMAXSORTLIST ; i++) { - lwres_resetaddr(&confdata->sortlist[i].addr); - lwres_resetaddr(&confdata->sortlist[i].mask); - } -} - -void -lwres_conf_clear(lwres_context_t *ctx) { - int i; - lwres_conf_t *confdata; - - REQUIRE(ctx != NULL); - confdata = &ctx->confdata; - - for (i = 0 ; i < confdata->nsnext ; i++) - lwres_resetaddr(&confdata->nameservers[i]); - - if (confdata->domainname != NULL) { - CTXFREE(confdata->domainname, - strlen(confdata->domainname) + 1); - confdata->domainname = NULL; - } - - for (i = 0 ; i < confdata->searchnxt ; i++) { - if (confdata->search[i] != NULL) { - CTXFREE(confdata->search[i], - strlen(confdata->search[i]) + 1); - confdata->search[i] = NULL; - } - } - - for (i = 0 ; i < LWRES_CONFMAXSORTLIST ; i++) { - lwres_resetaddr(&confdata->sortlist[i].addr); - lwres_resetaddr(&confdata->sortlist[i].mask); - } - - confdata->nsnext = 0; - confdata->lwnext = 0; - confdata->domainname = NULL; - confdata->searchnxt = 0; - confdata->sortlistnxt = 0; - confdata->resdebug = 0; - confdata->ndots = 1; - confdata->no_tld_query = 0; -} - -static lwres_result_t -lwres_conf_parsenameserver(lwres_context_t *ctx, FILE *fp) { - char word[LWRES_CONFMAXLINELEN]; - int res; - lwres_conf_t *confdata; - - confdata = &ctx->confdata; - - if (confdata->nsnext == LWRES_CONFMAXNAMESERVERS) - return (LWRES_R_SUCCESS); - - res = getword(fp, word, sizeof(word)); - if (strlen(word) == 0) - return (LWRES_R_FAILURE); /* Nothing on line. */ - else if (res == ' ' || res == '\t') - res = eatwhite(fp); - - if (res != EOF && res != '\n') - return (LWRES_R_FAILURE); /* Extra junk on line. */ - - res = lwres_create_addr(word, - &confdata->nameservers[confdata->nsnext++], 1); - if (res != LWRES_R_SUCCESS) - return (res); - - return (LWRES_R_SUCCESS); -} - -static lwres_result_t -lwres_conf_parselwserver(lwres_context_t *ctx, FILE *fp) { - char word[LWRES_CONFMAXLINELEN]; - int res; - lwres_conf_t *confdata; - - confdata = &ctx->confdata; - - if (confdata->lwnext == LWRES_CONFMAXLWSERVERS) - return (LWRES_R_SUCCESS); - - res = getword(fp, word, sizeof(word)); - if (strlen(word) == 0) - return (LWRES_R_FAILURE); /* Nothing on line. */ - else if (res == ' ' || res == '\t') - res = eatwhite(fp); - - if (res != EOF && res != '\n') - return (LWRES_R_FAILURE); /* Extra junk on line. */ - - res = lwres_create_addr(word, - &confdata->lwservers[confdata->lwnext++], 1); - if (res != LWRES_R_SUCCESS) - return (res); - - return (LWRES_R_SUCCESS); -} - -static lwres_result_t -lwres_conf_parsedomain(lwres_context_t *ctx, FILE *fp) { - char word[LWRES_CONFMAXLINELEN]; - int res, i; - lwres_conf_t *confdata; - - confdata = &ctx->confdata; - - res = getword(fp, word, sizeof(word)); - if (strlen(word) == 0) - return (LWRES_R_FAILURE); /* Nothing else on line. */ - else if (res == ' ' || res == '\t') - res = eatwhite(fp); - - if (res != EOF && res != '\n') - return (LWRES_R_FAILURE); /* Extra junk on line. */ - - if (confdata->domainname != NULL) - CTXFREE(confdata->domainname, - strlen(confdata->domainname) + 1); /* */ - - /* - * Search and domain are mutually exclusive. - */ - for (i = 0 ; i < LWRES_CONFMAXSEARCH ; i++) { - if (confdata->search[i] != NULL) { - CTXFREE(confdata->search[i], - strlen(confdata->search[i])+1); - confdata->search[i] = NULL; - } - } - confdata->searchnxt = 0; - - confdata->domainname = lwres_strdup(ctx, word); - - if (confdata->domainname == NULL) - return (LWRES_R_FAILURE); - - return (LWRES_R_SUCCESS); -} - -static lwres_result_t -lwres_conf_parsesearch(lwres_context_t *ctx, FILE *fp) { - int idx, delim; - char word[LWRES_CONFMAXLINELEN]; - lwres_conf_t *confdata; - - confdata = &ctx->confdata; - - if (confdata->domainname != NULL) { - /* - * Search and domain are mutually exclusive. - */ - CTXFREE(confdata->domainname, - strlen(confdata->domainname) + 1); - confdata->domainname = NULL; - } - - /* - * Remove any previous search definitions. - */ - for (idx = 0 ; idx < LWRES_CONFMAXSEARCH ; idx++) { - if (confdata->search[idx] != NULL) { - CTXFREE(confdata->search[idx], - strlen(confdata->search[idx])+1); - confdata->search[idx] = NULL; - } - } - confdata->searchnxt = 0; - - delim = getword(fp, word, sizeof(word)); - if (strlen(word) == 0) - return (LWRES_R_FAILURE); /* Nothing else on line. */ - - idx = 0; - while (strlen(word) > 0) { - if (confdata->searchnxt == LWRES_CONFMAXSEARCH) - goto ignore; /* Too many domains. */ - - confdata->search[idx] = lwres_strdup(ctx, word); - if (confdata->search[idx] == NULL) - return (LWRES_R_FAILURE); - idx++; - confdata->searchnxt++; - - ignore: - if (delim == EOF || delim == '\n') - break; - else - delim = getword(fp, word, sizeof(word)); - } - - return (LWRES_R_SUCCESS); -} - -static lwres_result_t -lwres_create_addr(const char *buffer, lwres_addr_t *addr, int convert_zero) { - struct in_addr v4; - struct in6_addr v6; - - if (lwres_net_aton(buffer, &v4) == 1) { - if (convert_zero) { - unsigned char zeroaddress[] = {0, 0, 0, 0}; - unsigned char loopaddress[] = {127, 0, 0, 1}; - if (memcmp(&v4, zeroaddress, 4) == 0) - memcpy(&v4, loopaddress, 4); - } - addr->family = LWRES_ADDRTYPE_V4; - addr->length = NS_INADDRSZ; - memcpy((void *)addr->address, &v4, NS_INADDRSZ); - - } else if (lwres_net_pton(AF_INET6, buffer, &v6) == 1) { - addr->family = LWRES_ADDRTYPE_V6; - addr->length = NS_IN6ADDRSZ; - memcpy((void *)addr->address, &v6, NS_IN6ADDRSZ); - } else { - return (LWRES_R_FAILURE); /* Unrecognised format. */ - } - - return (LWRES_R_SUCCESS); -} - -static lwres_result_t -lwres_conf_parsesortlist(lwres_context_t *ctx, FILE *fp) { - int delim, res, idx; - char word[LWRES_CONFMAXLINELEN]; - char *p; - lwres_conf_t *confdata; - - confdata = &ctx->confdata; - - delim = getword(fp, word, sizeof(word)); - if (strlen(word) == 0) - return (LWRES_R_FAILURE); /* Empty line after keyword. */ - - while (strlen(word) > 0) { - if (confdata->sortlistnxt == LWRES_CONFMAXSORTLIST) - return (LWRES_R_FAILURE); /* Too many values. */ - - p = strchr(word, '/'); - if (p != NULL) - *p++ = '\0'; - - idx = confdata->sortlistnxt; - res = lwres_create_addr(word, &confdata->sortlist[idx].addr, 1); - if (res != LWRES_R_SUCCESS) - return (res); - - if (p != NULL) { - res = lwres_create_addr(p, - &confdata->sortlist[idx].mask, - 0); - if (res != LWRES_R_SUCCESS) - return (res); - } else { - /* - * Make up a mask. - */ - confdata->sortlist[idx].mask = - confdata->sortlist[idx].addr; - - memset(&confdata->sortlist[idx].mask.address, 0xff, - confdata->sortlist[idx].addr.length); - } - - confdata->sortlistnxt++; - - if (delim == EOF || delim == '\n') - break; - else - delim = getword(fp, word, sizeof(word)); - } - - return (LWRES_R_SUCCESS); -} - -static lwres_result_t -lwres_conf_parseoption(lwres_context_t *ctx, FILE *fp) { - int delim; - long ndots; - char *p; - char word[LWRES_CONFMAXLINELEN]; - lwres_conf_t *confdata; - - REQUIRE(ctx != NULL); - confdata = &ctx->confdata; - - delim = getword(fp, word, sizeof(word)); - if (strlen(word) == 0) - return (LWRES_R_FAILURE); /* Empty line after keyword. */ - - while (strlen(word) > 0) { - if (strcmp("debug", word) == 0) { - confdata->resdebug = 1; - } else if (strcmp("no_tld_query", word) == 0) { - confdata->no_tld_query = 1; - } else if (strncmp("ndots:", word, 6) == 0) { - ndots = strtol(word + 6, &p, 10); - if (*p != '\0') /* Bad string. */ - return (LWRES_R_FAILURE); - if (ndots < 0 || ndots > 0xff) /* Out of range. */ - return (LWRES_R_FAILURE); - confdata->ndots = (lwres_uint8_t)ndots; - } - - if (delim == EOF || delim == '\n') - break; - else - delim = getword(fp, word, sizeof(word)); - } - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_conf_parse(lwres_context_t *ctx, const char *filename) { - FILE *fp = NULL; - char word[256]; - lwres_result_t rval, ret; - lwres_conf_t *confdata; - int stopchar; - - REQUIRE(ctx != NULL); - confdata = &ctx->confdata; - - REQUIRE(filename != NULL); - REQUIRE(strlen(filename) > 0); - REQUIRE(confdata != NULL); - - errno = 0; - if ((fp = fopen(filename, "r")) == NULL) - return (LWRES_R_FAILURE); - - ret = LWRES_R_SUCCESS; - do { - stopchar = getword(fp, word, sizeof(word)); - if (stopchar == EOF) { - rval = LWRES_R_SUCCESS; - break; - } - - if (strlen(word) == 0) - rval = LWRES_R_SUCCESS; - else if (strcmp(word, "nameserver") == 0) - rval = lwres_conf_parsenameserver(ctx, fp); - else if (strcmp(word, "lwserver") == 0) - rval = lwres_conf_parselwserver(ctx, fp); - else if (strcmp(word, "domain") == 0) - rval = lwres_conf_parsedomain(ctx, fp); - else if (strcmp(word, "search") == 0) - rval = lwres_conf_parsesearch(ctx, fp); - else if (strcmp(word, "sortlist") == 0) - rval = lwres_conf_parsesortlist(ctx, fp); - else if (strcmp(word, "option") == 0) - rval = lwres_conf_parseoption(ctx, fp); - else { - /* unrecognised word. Ignore entire line */ - rval = LWRES_R_SUCCESS; - stopchar = eatline(fp); - if (stopchar == EOF) { - break; - } - } - if (ret == LWRES_R_SUCCESS && rval != LWRES_R_SUCCESS) - ret = rval; - } while (1); - - fclose(fp); - - return (ret); -} - -lwres_result_t -lwres_conf_print(lwres_context_t *ctx, FILE *fp) { - int i; - int af; - char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"]; - const char *p; - lwres_conf_t *confdata; - lwres_addr_t tmpaddr; - - REQUIRE(ctx != NULL); - confdata = &ctx->confdata; - - REQUIRE(confdata->nsnext <= LWRES_CONFMAXNAMESERVERS); - - for (i = 0 ; i < confdata->nsnext ; i++) { - af = lwresaddr2af(confdata->nameservers[i].family); - - p = lwres_net_ntop(af, confdata->nameservers[i].address, - tmp, sizeof(tmp)); - if (p != tmp) - return (LWRES_R_FAILURE); - - fprintf(fp, "nameserver %s\n", tmp); - } - - for (i = 0 ; i < confdata->lwnext ; i++) { - af = lwresaddr2af(confdata->lwservers[i].family); - - p = lwres_net_ntop(af, confdata->lwservers[i].address, - tmp, sizeof(tmp)); - if (p != tmp) - return (LWRES_R_FAILURE); - - fprintf(fp, "lwserver %s\n", tmp); - } - - if (confdata->domainname != NULL) { - fprintf(fp, "domain %s\n", confdata->domainname); - } else if (confdata->searchnxt > 0) { - REQUIRE(confdata->searchnxt <= LWRES_CONFMAXSEARCH); - - fprintf(fp, "search"); - for (i = 0 ; i < confdata->searchnxt ; i++) - fprintf(fp, " %s", confdata->search[i]); - fputc('\n', fp); - } - - REQUIRE(confdata->sortlistnxt <= LWRES_CONFMAXSORTLIST); - - if (confdata->sortlistnxt > 0) { - fputs("sortlist", fp); - for (i = 0 ; i < confdata->sortlistnxt ; i++) { - af = lwresaddr2af(confdata->sortlist[i].addr.family); - - p = lwres_net_ntop(af, - confdata->sortlist[i].addr.address, - tmp, sizeof(tmp)); - if (p != tmp) - return (LWRES_R_FAILURE); - - fprintf(fp, " %s", tmp); - - tmpaddr = confdata->sortlist[i].mask; - memset(&tmpaddr.address, 0xff, tmpaddr.length); - - if (memcmp(&tmpaddr.address, - confdata->sortlist[i].mask.address, - confdata->sortlist[i].mask.length) != 0) { - af = lwresaddr2af( - confdata->sortlist[i].mask.family); - p = lwres_net_ntop - (af, - confdata->sortlist[i].mask.address, - tmp, sizeof(tmp)); - if (p != tmp) - return (LWRES_R_FAILURE); - - fprintf(fp, "/%s", tmp); - } - } - fputc('\n', fp); - } - - if (confdata->resdebug) - fprintf(fp, "options debug\n"); - - if (confdata->ndots > 0) - fprintf(fp, "options ndots:%d\n", confdata->ndots); - - if (confdata->no_tld_query) - fprintf(fp, "options no_tld_query\n"); - - return (LWRES_R_SUCCESS); -} - -lwres_conf_t * -lwres_conf_get(lwres_context_t *ctx) { - REQUIRE(ctx != NULL); - - return (&ctx->confdata); -} diff --git a/lib/liblwres/lwinetaton.c b/lib/liblwres/lwinetaton.c deleted file mode 100644 index 42a2cfa69..000000000 --- a/lib/liblwres/lwinetaton.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Portions Copyright (C) 1996-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Copyright (c) 1983, 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static char rcsid[] = "$Id: lwinetaton.c,v 1.1 2004/03/15 20:35:25 as Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -#include - -#include - -#include -#include - -#include "assert_p.h" - -/* - * Check whether "cp" is a valid ascii representation - * of an Internet address and convert to a binary address. - * Returns 1 if the address is valid, 0 if not. - * This replaces inet_addr, the return value from which - * cannot distinguish between failure and a local broadcast address. - */ -int -lwres_net_aton(const char *cp, struct in_addr *addr) { - unsigned long val; - int base, n; - unsigned char c; - lwres_uint8_t parts[4]; - lwres_uint8_t *pp = parts; - int digit; - - REQUIRE(cp != NULL); - - c = *cp; - for (;;) { - /* - * Collect number up to ``.''. - * Values are specified as for C: - * 0x=hex, 0=octal, isdigit=decimal. - */ - if (!isdigit(c & 0xff)) - return (0); - val = 0; - base = 10; - digit = 0; - if (c == '0') { - c = *++cp; - if (c == 'x' || c == 'X') { - base = 16; - c = *++cp; - } else { - base = 8; - digit = 1; - } - } - for (;;) { - /* - * isascii() is valid for all integer values, and - * when it is true, c is known to be in scope - * for isdigit(). No cast necessary. Similar - * comment applies for later ctype uses. - */ - if (isascii(c) && isdigit(c)) { - if (base == 8 && (c == '8' || c == '9')) - return (0); - val = (val * base) + (c - '0'); - c = *++cp; - digit = 1; - } else if (base == 16 && isascii(c) && isxdigit(c)) { - val = (val << 4) | - (c + 10 - (islower(c) ? 'a' : 'A')); - c = *++cp; - digit = 1; - } else - break; - } - if (c == '.') { - /* - * Internet format: - * a.b.c.d - * a.b.c (with c treated as 16 bits) - * a.b (with b treated as 24 bits) - */ - if (pp >= parts + 3 || val > 0xff) - return (0); - *pp++ = (lwres_uint8_t)val; - c = *++cp; - } else - break; - } - /* - * Check for trailing characters. - */ - if (c != '\0' && (!isascii(c) || !isspace(c))) - return (0); - /* - * Did we get a valid digit? - */ - if (!digit) - return (0); - /* - * Concoct the address according to - * the number of parts specified. - */ - n = pp - parts + 1; - switch (n) { - case 1: /* a -- 32 bits */ - break; - - case 2: /* a.b -- 8.24 bits */ - if (val > 0xffffff) - return (0); - val |= parts[0] << 24; - break; - - case 3: /* a.b.c -- 8.8.16 bits */ - if (val > 0xffff) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16); - break; - - case 4: /* a.b.c.d -- 8.8.8.8 bits */ - if (val > 0xff) - return (0); - val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); - break; - } - if (addr != NULL) - addr->s_addr = htonl(val); - - return (1); -} diff --git a/lib/liblwres/lwinetntop.c b/lib/liblwres/lwinetntop.c deleted file mode 100644 index dfc55a97c..000000000 --- a/lib/liblwres/lwinetntop.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Copyright (C) 1996-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = - "$Id: lwinetntop.c,v 1.1 2004/03/15 20:35:25 as Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -#include -#include -#include - -#include - -#define NS_INT16SZ 2 -#define NS_IN6ADDRSZ 16 - -/* - * WARNING: Don't even consider trying to compile this on a system where - * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. - */ - -static const char *inet_ntop4(const unsigned char *src, char *dst, - size_t size); - -#ifdef AF_INET6 -static const char *inet_ntop6(const unsigned char *src, char *dst, - size_t size); -#endif - -/* char * - * lwres_net_ntop(af, src, dst, size) - * convert a network format address to presentation format. - * return: - * pointer to presentation format address (`dst'), or NULL (see errno). - * author: - * Paul Vixie, 1996. - */ -const char * -lwres_net_ntop(int af, const void *src, char *dst, size_t size) { - switch (af) { - case AF_INET: - return (inet_ntop4(src, dst, size)); -#ifdef AF_INET6 - case AF_INET6: - return (inet_ntop6(src, dst, size)); -#endif - default: - errno = EAFNOSUPPORT; - return (NULL); - } - /* NOTREACHED */ -} - -/* const char * - * inet_ntop4(src, dst, size) - * format an IPv4 address - * return: - * `dst' (as a const) - * notes: - * (1) uses no statics - * (2) takes a unsigned char* not an in_addr as input - * author: - * Paul Vixie, 1996. - */ -static const char * -inet_ntop4(const unsigned char *src, char *dst, size_t size) { - static const char fmt[] = "%u.%u.%u.%u"; - char tmp[sizeof "255.255.255.255"]; - - if ((size_t)sprintf(tmp, fmt, src[0], src[1], src[2], src[3]) >= size) - { - errno = ENOSPC; - return (NULL); - } - strcpy(dst, tmp); - - return (dst); -} - -/* const char * - * inet_ntop6(src, dst, size) - * convert IPv6 binary address into presentation (printable) format - * author: - * Paul Vixie, 1996. - */ -#ifdef AF_INET6 -static const char * -inet_ntop6(const unsigned char *src, char *dst, size_t size) { - /* - * Note that int32_t and int16_t need only be "at least" large enough - * to contain a value of the specified size. On some systems, like - * Crays, there is no such thing as an integer variable with 16 bits. - * Keep this in mind if you think this function should have been coded - * to use pointer overlays. All the world's not a VAX. - */ - char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp; - struct { int base, len; } best, cur; - unsigned int words[NS_IN6ADDRSZ / NS_INT16SZ]; - int i; - - /* - * Preprocess: - * Copy the input (bytewise) array into a wordwise array. - * Find the longest run of 0x00's in src[] for :: shorthanding. - */ - memset(words, '\0', sizeof words); - for (i = 0; i < NS_IN6ADDRSZ; i++) - words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3)); - best.base = -1; - cur.base = -1; - for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) { - if (words[i] == 0) { - if (cur.base == -1) - cur.base = i, cur.len = 1; - else - cur.len++; - } else { - if (cur.base != -1) { - if (best.base == -1 || cur.len > best.len) - best = cur; - cur.base = -1; - } - } - } - if (cur.base != -1) { - if (best.base == -1 || cur.len > best.len) - best = cur; - } - if (best.base != -1 && best.len < 2) - best.base = -1; - - /* - * Format the result. - */ - tp = tmp; - for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) { - /* Are we inside the best run of 0x00's? */ - if (best.base != -1 && i >= best.base && - i < (best.base + best.len)) { - if (i == best.base) - *tp++ = ':'; - continue; - } - /* Are we following an initial run of 0x00s or any real hex? */ - if (i != 0) - *tp++ = ':'; - /* Is this address an encapsulated IPv4? */ - if (i == 6 && best.base == 0 && - (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { - if (!inet_ntop4(src+12, tp, - sizeof tmp - (tp - tmp))) - return (NULL); - tp += strlen(tp); - break; - } - tp += sprintf(tp, "%x", words[i]); - } - /* Was it a trailing run of 0x00's? */ - if (best.base != -1 && (best.base + best.len) == - (NS_IN6ADDRSZ / NS_INT16SZ)) - *tp++ = ':'; - *tp++ = '\0'; - - /* - * Check for overflow, copy, and we're done. - */ - if ((size_t)(tp - tmp) > size) { - errno = ENOSPC; - return (NULL); - } - strcpy(dst, tmp); - return (dst); -} -#endif /* AF_INET6 */ diff --git a/lib/liblwres/lwinetpton.c b/lib/liblwres/lwinetpton.c deleted file mode 100644 index 792a74775..000000000 --- a/lib/liblwres/lwinetpton.c +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Copyright (C) 1996-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$Id: lwinetpton.c,v 1.1 2004/03/15 20:35:25 as Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -#include -#include - -#include - -#define NS_INT16SZ 2 -#define NS_INADDRSZ 4 -#define NS_IN6ADDRSZ 16 - -/* - * WARNING: Don't even consider trying to compile this on a system where - * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. - */ - -static int inet_pton4(const char *src, unsigned char *dst); -static int inet_pton6(const char *src, unsigned char *dst); - -/* int - * lwres_net_pton(af, src, dst) - * convert from presentation format (which usually means ASCII printable) - * to network format (which is usually some kind of binary format). - * return: - * 1 if the address was valid for the specified address family - * 0 if the address wasn't valid (`dst' is untouched in this case) - * -1 if some other error occurred (`dst' is untouched in this case, too) - * author: - * Paul Vixie, 1996. - */ -int -lwres_net_pton(int af, const char *src, void *dst) { - switch (af) { - case AF_INET: - return (inet_pton4(src, dst)); - case AF_INET6: - return (inet_pton6(src, dst)); - default: - errno = EAFNOSUPPORT; - return (-1); - } - /* NOTREACHED */ -} - -/* int - * inet_pton4(src, dst) - * like inet_aton() but without all the hexadecimal and shorthand. - * return: - * 1 if `src' is a valid dotted quad, else 0. - * notice: - * does not touch `dst' unless it's returning 1. - * author: - * Paul Vixie, 1996. - */ -static int -inet_pton4(const char *src, unsigned char *dst) { - static const char digits[] = "0123456789"; - int saw_digit, octets, ch; - unsigned char tmp[NS_INADDRSZ], *tp; - - saw_digit = 0; - octets = 0; - *(tp = tmp) = 0; - while ((ch = *src++) != '\0') { - const char *pch; - - if ((pch = strchr(digits, ch)) != NULL) { - unsigned int new = *tp * 10 + (pch - digits); - - if (new > 255) - return (0); - *tp = new; - if (! saw_digit) { - if (++octets > 4) - return (0); - saw_digit = 1; - } - } else if (ch == '.' && saw_digit) { - if (octets == 4) - return (0); - *++tp = 0; - saw_digit = 0; - } else - return (0); - } - if (octets < 4) - return (0); - memcpy(dst, tmp, NS_INADDRSZ); - return (1); -} - -/* int - * inet_pton6(src, dst) - * convert presentation level address to network order binary form. - * return: - * 1 if `src' is a valid [RFC1884 2.2] address, else 0. - * notice: - * (1) does not touch `dst' unless it's returning 1. - * (2) :: in a full address is silently ignored. - * credit: - * inspired by Mark Andrews. - * author: - * Paul Vixie, 1996. - */ -static int -inet_pton6(const char *src, unsigned char *dst) { - static const char xdigits_l[] = "0123456789abcdef", - xdigits_u[] = "0123456789ABCDEF"; - unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; - const char *xdigits, *curtok; - int ch, saw_xdigit; - unsigned int val; - - memset((tp = tmp), '\0', NS_IN6ADDRSZ); - endp = tp + NS_IN6ADDRSZ; - colonp = NULL; - /* Leading :: requires some special handling. */ - if (*src == ':') - if (*++src != ':') - return (0); - curtok = src; - saw_xdigit = 0; - val = 0; - while ((ch = *src++) != '\0') { - const char *pch; - - if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) - pch = strchr((xdigits = xdigits_u), ch); - if (pch != NULL) { - val <<= 4; - val |= (pch - xdigits); - if (val > 0xffff) - return (0); - saw_xdigit = 1; - continue; - } - if (ch == ':') { - curtok = src; - if (!saw_xdigit) { - if (colonp) - return (0); - colonp = tp; - continue; - } - if (tp + NS_INT16SZ > endp) - return (0); - *tp++ = (unsigned char) (val >> 8) & 0xff; - *tp++ = (unsigned char) val & 0xff; - saw_xdigit = 0; - val = 0; - continue; - } - if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && - inet_pton4(curtok, tp) > 0) { - tp += NS_INADDRSZ; - saw_xdigit = 0; - break; /* '\0' was seen by inet_pton4(). */ - } - return (0); - } - if (saw_xdigit) { - if (tp + NS_INT16SZ > endp) - return (0); - *tp++ = (unsigned char) (val >> 8) & 0xff; - *tp++ = (unsigned char) val & 0xff; - } - if (colonp != NULL) { - /* - * Since some memmove()'s erroneously fail to handle - * overlapping regions, we'll do the shift by hand. - */ - const int n = tp - colonp; - int i; - - for (i = 1; i <= n; i++) { - endp[- i] = colonp[n - i]; - colonp[n - i] = 0; - } - tp = endp; - } - if (tp != endp) - return (0); - memcpy(dst, tmp, NS_IN6ADDRSZ); - return (1); -} diff --git a/lib/liblwres/lwpacket.c b/lib/liblwres/lwpacket.c deleted file mode 100644 index 7bcdbbd4a..000000000 --- a/lib/liblwres/lwpacket.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwpacket.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include - -#include "assert_p.h" - -#define LWPACKET_LENGTH \ - (sizeof(lwres_uint16_t) * 4 + sizeof(lwres_uint32_t) * 5) - -lwres_result_t -lwres_lwpacket_renderheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt) { - REQUIRE(b != NULL); - REQUIRE(pkt != NULL); - - if (!SPACE_OK(b, LWPACKET_LENGTH)) - return (LWRES_R_UNEXPECTEDEND); - - lwres_buffer_putuint32(b, pkt->length); - lwres_buffer_putuint16(b, pkt->version); - lwres_buffer_putuint16(b, pkt->pktflags); - lwres_buffer_putuint32(b, pkt->serial); - lwres_buffer_putuint32(b, pkt->opcode); - lwres_buffer_putuint32(b, pkt->result); - lwres_buffer_putuint32(b, pkt->recvlength); - lwres_buffer_putuint16(b, pkt->authtype); - lwres_buffer_putuint16(b, pkt->authlength); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_lwpacket_parseheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt) { - lwres_uint32_t space; - - REQUIRE(b != NULL); - REQUIRE(pkt != NULL); - - space = LWRES_BUFFER_REMAINING(b); - if (space < LWPACKET_LENGTH) - return (LWRES_R_UNEXPECTEDEND); - - pkt->length = lwres_buffer_getuint32(b); - /* - * XXXBEW/MLG Checking that the buffer is long enough probably - * shouldn't be done here, since this function is supposed to just - * parse the header. - */ - if (pkt->length > space) - return (LWRES_R_UNEXPECTEDEND); - pkt->version = lwres_buffer_getuint16(b); - pkt->pktflags = lwres_buffer_getuint16(b); - pkt->serial = lwres_buffer_getuint32(b); - pkt->opcode = lwres_buffer_getuint32(b); - pkt->result = lwres_buffer_getuint32(b); - pkt->recvlength = lwres_buffer_getuint32(b); - pkt->authtype = lwres_buffer_getuint16(b); - pkt->authlength = lwres_buffer_getuint16(b); - - return (LWRES_R_SUCCESS); -} diff --git a/lib/liblwres/lwres_gabn.c b/lib/liblwres/lwres_gabn.c deleted file mode 100644 index 5e809ba8e..000000000 --- a/lib/liblwres/lwres_gabn.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwres_gabn.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include "context_p.h" -#include "assert_p.h" - -lwres_result_t -lwres_gabnrequest_render(lwres_context_t *ctx, lwres_gabnrequest_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b) -{ - unsigned char *buf; - size_t buflen; - int ret; - size_t payload_length; - lwres_uint16_t datalen; - - REQUIRE(ctx != NULL); - REQUIRE(req != NULL); - REQUIRE(req->name != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - - datalen = strlen(req->name); - - payload_length = 4 + 4 + 2 + req->namelen + 1; - - buflen = LWRES_LWPACKET_LENGTH + payload_length; - buf = CTXMALLOC(buflen); - if (buf == NULL) - return (LWRES_R_NOMEMORY); - - lwres_buffer_init(b, buf, buflen); - - pkt->length = buflen; - pkt->version = LWRES_LWPACKETVERSION_0; - pkt->pktflags &= ~LWRES_LWPACKETFLAG_RESPONSE; - pkt->opcode = LWRES_OPCODE_GETADDRSBYNAME; - pkt->result = 0; - pkt->authtype = 0; - pkt->authlength = 0; - - ret = lwres_lwpacket_renderheader(b, pkt); - if (ret != LWRES_R_SUCCESS) { - lwres_buffer_invalidate(b); - CTXFREE(buf, buflen); - return (ret); - } - - INSIST(SPACE_OK(b, payload_length)); - - /* - * Flags. - */ - lwres_buffer_putuint32(b, req->flags); - - /* - * Address types we'll accept. - */ - lwres_buffer_putuint32(b, req->addrtypes); - - /* - * Put the length and the data. We know this will fit because we - * just checked for it. - */ - lwres_buffer_putuint16(b, datalen); - lwres_buffer_putmem(b, (unsigned char *)req->name, datalen); - lwres_buffer_putuint8(b, 0); /* trailing NUL */ - - INSIST(LWRES_BUFFER_AVAILABLECOUNT(b) == 0); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_gabnresponse_render(lwres_context_t *ctx, lwres_gabnresponse_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b) -{ - unsigned char *buf; - size_t buflen; - int ret; - size_t payload_length; - lwres_uint16_t datalen; - lwres_addr_t *addr; - int x; - - REQUIRE(ctx != NULL); - REQUIRE(req != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - - /* naliases, naddrs */ - payload_length = 4 + 2 + 2; - /* real name encoding */ - payload_length += 2 + req->realnamelen + 1; - /* each alias */ - for (x = 0 ; x < req->naliases ; x++) - payload_length += 2 + req->aliaslen[x] + 1; - /* each address */ - x = 0; - addr = LWRES_LIST_HEAD(req->addrs); - while (addr != NULL) { - payload_length += 4 + 2; - payload_length += addr->length; - addr = LWRES_LIST_NEXT(addr, link); - x++; - } - INSIST(x == req->naddrs); - - buflen = LWRES_LWPACKET_LENGTH + payload_length; - buf = CTXMALLOC(buflen); - if (buf == NULL) - return (LWRES_R_NOMEMORY); - lwres_buffer_init(b, buf, buflen); - - pkt->length = buflen; - pkt->version = LWRES_LWPACKETVERSION_0; - pkt->pktflags |= LWRES_LWPACKETFLAG_RESPONSE; - pkt->opcode = LWRES_OPCODE_GETADDRSBYNAME; - pkt->authtype = 0; - pkt->authlength = 0; - - ret = lwres_lwpacket_renderheader(b, pkt); - if (ret != LWRES_R_SUCCESS) { - lwres_buffer_invalidate(b); - CTXFREE(buf, buflen); - return (ret); - } - - /* - * Check space needed here. - */ - INSIST(SPACE_OK(b, payload_length)); - - /* Flags. */ - lwres_buffer_putuint32(b, req->flags); - - /* encode naliases and naddrs */ - lwres_buffer_putuint16(b, req->naliases); - lwres_buffer_putuint16(b, req->naddrs); - - /* encode the real name */ - datalen = req->realnamelen; - lwres_buffer_putuint16(b, datalen); - lwres_buffer_putmem(b, (unsigned char *)req->realname, datalen); - lwres_buffer_putuint8(b, 0); - - /* encode the aliases */ - for (x = 0 ; x < req->naliases ; x++) { - datalen = req->aliaslen[x]; - lwres_buffer_putuint16(b, datalen); - lwres_buffer_putmem(b, (unsigned char *)req->aliases[x], - datalen); - lwres_buffer_putuint8(b, 0); - } - - /* encode the addresses */ - addr = LWRES_LIST_HEAD(req->addrs); - while (addr != NULL) { - lwres_buffer_putuint32(b, addr->family); - lwres_buffer_putuint16(b, addr->length); - lwres_buffer_putmem(b, addr->address, addr->length); - addr = LWRES_LIST_NEXT(addr, link); - } - - INSIST(LWRES_BUFFER_AVAILABLECOUNT(b) == 0); - INSIST(LWRES_BUFFER_USEDCOUNT(b) == pkt->length); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_gabnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_gabnrequest_t **structp) -{ - int ret; - char *name; - lwres_gabnrequest_t *gabn; - lwres_uint32_t addrtypes; - lwres_uint32_t flags; - lwres_uint16_t namelen; - - REQUIRE(ctx != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - if ((pkt->pktflags & LWRES_LWPACKETFLAG_RESPONSE) != 0) - return (LWRES_R_FAILURE); - - if (!SPACE_REMAINING(b, 4 + 4)) - return (LWRES_R_UNEXPECTEDEND); - - flags = lwres_buffer_getuint32(b); - addrtypes = lwres_buffer_getuint32(b); - - /* - * Pull off the name itself - */ - ret = lwres_string_parse(b, &name, &namelen); - if (ret != LWRES_R_SUCCESS) - return (ret); - - if (LWRES_BUFFER_REMAINING(b) != 0) - return (LWRES_R_TRAILINGDATA); - - gabn = CTXMALLOC(sizeof(lwres_gabnrequest_t)); - if (gabn == NULL) - return (LWRES_R_NOMEMORY); - - gabn->flags = flags; - gabn->addrtypes = addrtypes; - gabn->name = name; - gabn->namelen = namelen; - - *structp = gabn; - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_gabnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_gabnresponse_t **structp) -{ - lwres_result_t ret; - unsigned int x; - lwres_uint32_t flags; - lwres_uint16_t naliases; - lwres_uint16_t naddrs; - lwres_gabnresponse_t *gabn; - lwres_addrlist_t addrlist; - lwres_addr_t *addr; - - REQUIRE(ctx != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - gabn = NULL; - - if ((pkt->pktflags & LWRES_LWPACKETFLAG_RESPONSE) == 0) - return (LWRES_R_FAILURE); - - /* - * Pull off the name itself - */ - if (!SPACE_REMAINING(b, 4 + 2 + 2)) - return (LWRES_R_UNEXPECTEDEND); - flags = lwres_buffer_getuint32(b); - naliases = lwres_buffer_getuint16(b); - naddrs = lwres_buffer_getuint16(b); - - gabn = CTXMALLOC(sizeof(lwres_gabnresponse_t)); - if (gabn == NULL) - return (LWRES_R_NOMEMORY); - gabn->aliases = NULL; - gabn->aliaslen = NULL; - LWRES_LIST_INIT(gabn->addrs); - gabn->base = NULL; - - gabn->flags = flags; - gabn->naliases = naliases; - gabn->naddrs = naddrs; - - LWRES_LIST_INIT(addrlist); - - if (naliases > 0) { - gabn->aliases = CTXMALLOC(sizeof(char *) * naliases); - if (gabn->aliases == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - - gabn->aliaslen = CTXMALLOC(sizeof(lwres_uint16_t) * naliases); - if (gabn->aliaslen == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - } - - for (x = 0 ; x < naddrs ; x++) { - addr = CTXMALLOC(sizeof(lwres_addr_t)); - if (addr == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - LWRES_LINK_INIT(addr, link); - LWRES_LIST_APPEND(addrlist, addr, link); - } - - /* - * Now, pull off the real name. - */ - ret = lwres_string_parse(b, &gabn->realname, &gabn->realnamelen); - if (ret != LWRES_R_SUCCESS) - goto out; - - /* - * Parse off the aliases. - */ - for (x = 0 ; x < gabn->naliases ; x++) { - ret = lwres_string_parse(b, &gabn->aliases[x], - &gabn->aliaslen[x]); - if (ret != LWRES_R_SUCCESS) - goto out; - } - - /* - * Pull off the addresses. We already strung the linked list - * up above. - */ - addr = LWRES_LIST_HEAD(addrlist); - for (x = 0 ; x < gabn->naddrs ; x++) { - INSIST(addr != NULL); - ret = lwres_addr_parse(b, addr); - if (ret != LWRES_R_SUCCESS) - goto out; - addr = LWRES_LIST_NEXT(addr, link); - } - - if (LWRES_BUFFER_REMAINING(b) != 0) { - ret = LWRES_R_TRAILINGDATA; - goto out; - } - - gabn->addrs = addrlist; - - *structp = gabn; - return (LWRES_R_SUCCESS); - - out: - if (gabn != NULL) { - if (gabn->aliases != NULL) - CTXFREE(gabn->aliases, sizeof(char *) * naliases); - if (gabn->aliaslen != NULL) - CTXFREE(gabn->aliaslen, - sizeof(lwres_uint16_t) * naliases); - addr = LWRES_LIST_HEAD(addrlist); - while (addr != NULL) { - LWRES_LIST_UNLINK(addrlist, addr, link); - CTXFREE(addr, sizeof(lwres_addr_t)); - addr = LWRES_LIST_HEAD(addrlist); - } - CTXFREE(gabn, sizeof(lwres_gabnresponse_t)); - } - - return (ret); -} - -void -lwres_gabnrequest_free(lwres_context_t *ctx, lwres_gabnrequest_t **structp) -{ - lwres_gabnrequest_t *gabn; - - REQUIRE(ctx != NULL); - REQUIRE(structp != NULL && *structp != NULL); - - gabn = *structp; - *structp = NULL; - - CTXFREE(gabn, sizeof(lwres_gabnrequest_t)); -} - -void -lwres_gabnresponse_free(lwres_context_t *ctx, lwres_gabnresponse_t **structp) -{ - lwres_gabnresponse_t *gabn; - lwres_addr_t *addr; - - REQUIRE(ctx != NULL); - REQUIRE(structp != NULL && *structp != NULL); - - gabn = *structp; - *structp = NULL; - - if (gabn->naliases > 0) { - CTXFREE(gabn->aliases, sizeof(char *) * gabn->naliases); - CTXFREE(gabn->aliaslen, - sizeof(lwres_uint16_t) * gabn->naliases); - } - addr = LWRES_LIST_HEAD(gabn->addrs); - while (addr != NULL) { - LWRES_LIST_UNLINK(gabn->addrs, addr, link); - CTXFREE(addr, sizeof(lwres_addr_t)); - addr = LWRES_LIST_HEAD(gabn->addrs); - } - if (gabn->base != NULL) - CTXFREE(gabn->base, gabn->baselen); - CTXFREE(gabn, sizeof(lwres_gabnresponse_t)); -} diff --git a/lib/liblwres/lwres_gnba.c b/lib/liblwres/lwres_gnba.c deleted file mode 100644 index 293eb05ac..000000000 --- a/lib/liblwres/lwres_gnba.c +++ /dev/null @@ -1,328 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwres_gnba.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include "context_p.h" -#include "assert_p.h" - -lwres_result_t -lwres_gnbarequest_render(lwres_context_t *ctx, lwres_gnbarequest_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b) -{ - unsigned char *buf; - size_t buflen; - int ret; - size_t payload_length; - - REQUIRE(ctx != NULL); - REQUIRE(req != NULL); - REQUIRE(req->addr.family != 0); - REQUIRE(req->addr.length != 0); - REQUIRE(req->addr.address != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - - payload_length = 4 + 4 + 2 + + req->addr.length; - - buflen = LWRES_LWPACKET_LENGTH + payload_length; - buf = CTXMALLOC(buflen); - if (buf == NULL) - return (LWRES_R_NOMEMORY); - lwres_buffer_init(b, buf, buflen); - - pkt->length = buflen; - pkt->version = LWRES_LWPACKETVERSION_0; - pkt->pktflags &= ~LWRES_LWPACKETFLAG_RESPONSE; - pkt->opcode = LWRES_OPCODE_GETNAMEBYADDR; - pkt->result = 0; - pkt->authtype = 0; - pkt->authlength = 0; - - ret = lwres_lwpacket_renderheader(b, pkt); - if (ret != LWRES_R_SUCCESS) { - lwres_buffer_invalidate(b); - CTXFREE(buf, buflen); - return (ret); - } - - INSIST(SPACE_OK(b, payload_length)); - - /* - * Put the length and the data. We know this will fit because we - * just checked for it. - */ - lwres_buffer_putuint32(b, req->flags); - lwres_buffer_putuint32(b, req->addr.family); - lwres_buffer_putuint16(b, req->addr.length); - lwres_buffer_putmem(b, (unsigned char *)req->addr.address, - req->addr.length); - - INSIST(LWRES_BUFFER_AVAILABLECOUNT(b) == 0); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_gnbaresponse_render(lwres_context_t *ctx, lwres_gnbaresponse_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b) -{ - unsigned char *buf; - size_t buflen; - int ret; - size_t payload_length; - lwres_uint16_t datalen; - int x; - - REQUIRE(ctx != NULL); - REQUIRE(req != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - - /* - * Calculate packet size. - */ - payload_length = 4; /* flags */ - payload_length += 2; /* naliases */ - payload_length += 2 + req->realnamelen + 1; /* real name encoding */ - for (x = 0 ; x < req->naliases ; x++) /* each alias */ - payload_length += 2 + req->aliaslen[x] + 1; - - buflen = LWRES_LWPACKET_LENGTH + payload_length; - buf = CTXMALLOC(buflen); - if (buf == NULL) - return (LWRES_R_NOMEMORY); - lwres_buffer_init(b, buf, buflen); - - pkt->length = buflen; - pkt->version = LWRES_LWPACKETVERSION_0; - pkt->pktflags |= LWRES_LWPACKETFLAG_RESPONSE; - pkt->opcode = LWRES_OPCODE_GETNAMEBYADDR; - pkt->authtype = 0; - pkt->authlength = 0; - - ret = lwres_lwpacket_renderheader(b, pkt); - if (ret != LWRES_R_SUCCESS) { - lwres_buffer_invalidate(b); - CTXFREE(buf, buflen); - return (ret); - } - - INSIST(SPACE_OK(b, payload_length)); - lwres_buffer_putuint32(b, req->flags); - - /* encode naliases */ - lwres_buffer_putuint16(b, req->naliases); - - /* encode the real name */ - datalen = req->realnamelen; - lwres_buffer_putuint16(b, datalen); - lwres_buffer_putmem(b, (unsigned char *)req->realname, datalen); - lwres_buffer_putuint8(b, 0); - - /* encode the aliases */ - for (x = 0 ; x < req->naliases ; x++) { - datalen = req->aliaslen[x]; - lwres_buffer_putuint16(b, datalen); - lwres_buffer_putmem(b, (unsigned char *)req->aliases[x], - datalen); - lwres_buffer_putuint8(b, 0); - } - - INSIST(LWRES_BUFFER_AVAILABLECOUNT(b) == 0); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_gnbarequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_gnbarequest_t **structp) -{ - int ret; - lwres_gnbarequest_t *gnba; - - REQUIRE(ctx != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - if ((pkt->pktflags & LWRES_LWPACKETFLAG_RESPONSE) != 0) - return (LWRES_R_FAILURE); - - gnba = CTXMALLOC(sizeof(lwres_gnbarequest_t)); - if (gnba == NULL) - return (LWRES_R_NOMEMORY); - - if (!SPACE_REMAINING(b, 4)) - return (LWRES_R_UNEXPECTEDEND); - - gnba->flags = lwres_buffer_getuint32(b); - - ret = lwres_addr_parse(b, &gnba->addr); - if (ret != LWRES_R_SUCCESS) - goto out; - - if (LWRES_BUFFER_REMAINING(b) != 0) { - ret = LWRES_R_TRAILINGDATA; - goto out; - } - - *structp = gnba; - return (LWRES_R_SUCCESS); - - out: - if (gnba != NULL) - lwres_gnbarequest_free(ctx, &gnba); - - return (ret); -} - -lwres_result_t -lwres_gnbaresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_gnbaresponse_t **structp) -{ - int ret; - unsigned int x; - lwres_uint32_t flags; - lwres_uint16_t naliases; - lwres_gnbaresponse_t *gnba; - - REQUIRE(ctx != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - gnba = NULL; - - if ((pkt->pktflags & LWRES_LWPACKETFLAG_RESPONSE) == 0) - return (LWRES_R_FAILURE); - - /* - * Pull off flags & naliases - */ - if (!SPACE_REMAINING(b, 4 + 2)) - return (LWRES_R_UNEXPECTEDEND); - flags = lwres_buffer_getuint32(b); - naliases = lwres_buffer_getuint16(b); - - gnba = CTXMALLOC(sizeof(lwres_gnbaresponse_t)); - if (gnba == NULL) - return (LWRES_R_NOMEMORY); - gnba->base = NULL; - gnba->aliases = NULL; - gnba->aliaslen = NULL; - - gnba->flags = flags; - gnba->naliases = naliases; - - if (naliases > 0) { - gnba->aliases = CTXMALLOC(sizeof(char *) * naliases); - if (gnba->aliases == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - - gnba->aliaslen = CTXMALLOC(sizeof(lwres_uint16_t) * naliases); - if (gnba->aliaslen == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - } - - /* - * Now, pull off the real name. - */ - ret = lwres_string_parse(b, &gnba->realname, &gnba->realnamelen); - if (ret != LWRES_R_SUCCESS) - goto out; - - /* - * Parse off the aliases. - */ - for (x = 0 ; x < gnba->naliases ; x++) { - ret = lwres_string_parse(b, &gnba->aliases[x], - &gnba->aliaslen[x]); - if (ret != LWRES_R_SUCCESS) - goto out; - } - - if (LWRES_BUFFER_REMAINING(b) != 0) { - ret = LWRES_R_TRAILINGDATA; - goto out; - } - - *structp = gnba; - return (LWRES_R_SUCCESS); - - out: - if (gnba != NULL) { - if (gnba->aliases != NULL) - CTXFREE(gnba->aliases, sizeof(char *) * naliases); - if (gnba->aliaslen != NULL) - CTXFREE(gnba->aliaslen, - sizeof(lwres_uint16_t) * naliases); - CTXFREE(gnba, sizeof(lwres_gnbaresponse_t)); - } - - return (ret); -} - -void -lwres_gnbarequest_free(lwres_context_t *ctx, lwres_gnbarequest_t **structp) -{ - lwres_gnbarequest_t *gnba; - - REQUIRE(ctx != NULL); - REQUIRE(structp != NULL && *structp != NULL); - - gnba = *structp; - *structp = NULL; - - CTXFREE(gnba, sizeof(lwres_gnbarequest_t)); -} - -void -lwres_gnbaresponse_free(lwres_context_t *ctx, lwres_gnbaresponse_t **structp) -{ - lwres_gnbaresponse_t *gnba; - - REQUIRE(ctx != NULL); - REQUIRE(structp != NULL && *structp != NULL); - - gnba = *structp; - *structp = NULL; - - if (gnba->naliases > 0) { - CTXFREE(gnba->aliases, sizeof(char *) * gnba->naliases); - CTXFREE(gnba->aliaslen, - sizeof(lwres_uint16_t) * gnba->naliases); - } - if (gnba->base != NULL) - CTXFREE(gnba->base, gnba->baselen); - CTXFREE(gnba, sizeof(lwres_gnbaresponse_t)); -} diff --git a/lib/liblwres/lwres_grbn.c b/lib/liblwres/lwres_grbn.c deleted file mode 100644 index fd8de50a2..000000000 --- a/lib/liblwres/lwres_grbn.c +++ /dev/null @@ -1,416 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwres_grbn.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include "context_p.h" -#include "assert_p.h" - -lwres_result_t -lwres_grbnrequest_render(lwres_context_t *ctx, lwres_grbnrequest_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b) -{ - unsigned char *buf; - size_t buflen; - int ret; - size_t payload_length; - lwres_uint16_t datalen; - - REQUIRE(ctx != NULL); - REQUIRE(req != NULL); - REQUIRE(req->name != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - - datalen = strlen(req->name); - - payload_length = 4 + 2 + 2 + 2 + req->namelen + 1; - - buflen = LWRES_LWPACKET_LENGTH + payload_length; - buf = CTXMALLOC(buflen); - if (buf == NULL) - return (LWRES_R_NOMEMORY); - - lwres_buffer_init(b, buf, buflen); - - pkt->length = buflen; - pkt->version = LWRES_LWPACKETVERSION_0; - pkt->pktflags &= ~LWRES_LWPACKETFLAG_RESPONSE; - pkt->opcode = LWRES_OPCODE_GETRDATABYNAME; - pkt->result = 0; - pkt->authtype = 0; - pkt->authlength = 0; - - ret = lwres_lwpacket_renderheader(b, pkt); - if (ret != LWRES_R_SUCCESS) { - lwres_buffer_invalidate(b); - CTXFREE(buf, buflen); - return (ret); - } - - INSIST(SPACE_OK(b, payload_length)); - - /* - * Flags. - */ - lwres_buffer_putuint32(b, req->flags); - - /* - * Class. - */ - lwres_buffer_putuint16(b, req->rdclass); - - /* - * Type. - */ - lwres_buffer_putuint16(b, req->rdtype); - - /* - * Put the length and the data. We know this will fit because we - * just checked for it. - */ - lwres_buffer_putuint16(b, datalen); - lwres_buffer_putmem(b, (unsigned char *)req->name, datalen); - lwres_buffer_putuint8(b, 0); /* trailing NUL */ - - INSIST(LWRES_BUFFER_AVAILABLECOUNT(b) == 0); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_grbnresponse_render(lwres_context_t *ctx, lwres_grbnresponse_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b) -{ - unsigned char *buf; - size_t buflen; - int ret; - size_t payload_length; - lwres_uint16_t datalen; - int x; - - REQUIRE(ctx != NULL); - REQUIRE(req != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - - /* flags, class, type, ttl, nrdatas, nsigs */ - payload_length = 4 + 2 + 2 + 4 + 2 + 2; - /* real name encoding */ - payload_length += 2 + req->realnamelen + 1; - /* each rr */ - for (x = 0 ; x < req->nrdatas ; x++) - payload_length += 2 + req->rdatalen[x]; - for (x = 0 ; x < req->nsigs ; x++) - payload_length += 2 + req->siglen[x]; - - buflen = LWRES_LWPACKET_LENGTH + payload_length; - buf = CTXMALLOC(buflen); - if (buf == NULL) - return (LWRES_R_NOMEMORY); - lwres_buffer_init(b, buf, buflen); - - pkt->length = buflen; - pkt->version = LWRES_LWPACKETVERSION_0; - pkt->pktflags |= LWRES_LWPACKETFLAG_RESPONSE; - pkt->opcode = LWRES_OPCODE_GETRDATABYNAME; - pkt->authtype = 0; - pkt->authlength = 0; - - ret = lwres_lwpacket_renderheader(b, pkt); - if (ret != LWRES_R_SUCCESS) { - lwres_buffer_invalidate(b); - CTXFREE(buf, buflen); - return (ret); - } - - /* - * Check space needed here. - */ - INSIST(SPACE_OK(b, payload_length)); - - /* Flags. */ - lwres_buffer_putuint32(b, req->flags); - - /* encode class, type, ttl, and nrdatas */ - lwres_buffer_putuint16(b, req->rdclass); - lwres_buffer_putuint16(b, req->rdtype); - lwres_buffer_putuint32(b, req->ttl); - lwres_buffer_putuint16(b, req->nrdatas); - lwres_buffer_putuint16(b, req->nsigs); - - /* encode the real name */ - datalen = req->realnamelen; - lwres_buffer_putuint16(b, datalen); - lwres_buffer_putmem(b, (unsigned char *)req->realname, datalen); - lwres_buffer_putuint8(b, 0); - - /* encode the rdatas */ - for (x = 0 ; x < req->nrdatas ; x++) { - datalen = req->rdatalen[x]; - lwres_buffer_putuint16(b, datalen); - lwres_buffer_putmem(b, req->rdatas[x], datalen); - } - - /* encode the signatures */ - for (x = 0 ; x < req->nsigs ; x++) { - datalen = req->siglen[x]; - lwres_buffer_putuint16(b, datalen); - lwres_buffer_putmem(b, req->sigs[x], datalen); - } - - INSIST(LWRES_BUFFER_AVAILABLECOUNT(b) == 0); - INSIST(LWRES_BUFFER_USEDCOUNT(b) == pkt->length); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_grbnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_grbnrequest_t **structp) -{ - int ret; - char *name; - lwres_grbnrequest_t *grbn; - lwres_uint32_t flags; - lwres_uint16_t rdclass, rdtype; - lwres_uint16_t namelen; - - REQUIRE(ctx != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - if ((pkt->pktflags & LWRES_LWPACKETFLAG_RESPONSE) != 0) - return (LWRES_R_FAILURE); - - if (!SPACE_REMAINING(b, 4 + 2 + 2)) - return (LWRES_R_UNEXPECTEDEND); - - /* - * Pull off the flags, class, and type. - */ - flags = lwres_buffer_getuint32(b); - rdclass = lwres_buffer_getuint16(b); - rdtype = lwres_buffer_getuint16(b); - - /* - * Pull off the name itself - */ - ret = lwres_string_parse(b, &name, &namelen); - if (ret != LWRES_R_SUCCESS) - return (ret); - - if (LWRES_BUFFER_REMAINING(b) != 0) - return (LWRES_R_TRAILINGDATA); - - grbn = CTXMALLOC(sizeof(lwres_grbnrequest_t)); - if (grbn == NULL) - return (LWRES_R_NOMEMORY); - - grbn->flags = flags; - grbn->rdclass = rdclass; - grbn->rdtype = rdtype; - grbn->name = name; - grbn->namelen = namelen; - - *structp = grbn; - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_grbnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_grbnresponse_t **structp) -{ - lwres_result_t ret; - unsigned int x; - lwres_uint32_t flags; - lwres_uint16_t rdclass, rdtype; - lwres_uint32_t ttl; - lwres_uint16_t nrdatas, nsigs; - lwres_grbnresponse_t *grbn; - - REQUIRE(ctx != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - grbn = NULL; - - if ((pkt->pktflags & LWRES_LWPACKETFLAG_RESPONSE) == 0) - return (LWRES_R_FAILURE); - - /* - * Pull off the flags, class, type, ttl, nrdatas, and nsigs - */ - if (!SPACE_REMAINING(b, 4 + 2 + 2 + 4 + 2 + 2)) - return (LWRES_R_UNEXPECTEDEND); - flags = lwres_buffer_getuint32(b); - rdclass = lwres_buffer_getuint16(b); - rdtype = lwres_buffer_getuint16(b); - ttl = lwres_buffer_getuint32(b); - nrdatas = lwres_buffer_getuint16(b); - nsigs = lwres_buffer_getuint16(b); - - /* - * Pull off the name itself - */ - - grbn = CTXMALLOC(sizeof(lwres_grbnresponse_t)); - if (grbn == NULL) - return (LWRES_R_NOMEMORY); - grbn->rdatas = NULL; - grbn->rdatalen = NULL; - grbn->sigs = NULL; - grbn->siglen = NULL; - grbn->base = NULL; - - grbn->flags = flags; - grbn->rdclass = rdclass; - grbn->rdtype = rdtype; - grbn->ttl = ttl; - grbn->nrdatas = nrdatas; - grbn->nsigs = nsigs; - - if (nrdatas > 0) { - grbn->rdatas = CTXMALLOC(sizeof(char *) * nrdatas); - if (grbn->rdatas == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - - grbn->rdatalen = CTXMALLOC(sizeof(lwres_uint16_t) * nrdatas); - if (grbn->rdatalen == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - } - - if (nsigs > 0) { - grbn->sigs = CTXMALLOC(sizeof(char *) * nsigs); - if (grbn->sigs == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - - grbn->siglen = CTXMALLOC(sizeof(lwres_uint16_t) * nsigs); - if (grbn->siglen == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - } - - /* - * Now, pull off the real name. - */ - ret = lwres_string_parse(b, &grbn->realname, &grbn->realnamelen); - if (ret != LWRES_R_SUCCESS) - goto out; - - /* - * Parse off the rdatas. - */ - for (x = 0 ; x < grbn->nrdatas ; x++) { - ret = lwres_data_parse(b, &grbn->rdatas[x], - &grbn->rdatalen[x]); - if (ret != LWRES_R_SUCCESS) - goto out; - } - - /* - * Parse off the signatures. - */ - for (x = 0 ; x < grbn->nsigs ; x++) { - ret = lwres_data_parse(b, &grbn->sigs[x], &grbn->siglen[x]); - if (ret != LWRES_R_SUCCESS) - goto out; - } - - if (LWRES_BUFFER_REMAINING(b) != 0) { - ret = LWRES_R_TRAILINGDATA; - goto out; - } - - *structp = grbn; - return (LWRES_R_SUCCESS); - - out: - if (grbn != NULL) { - if (grbn->rdatas != NULL) - CTXFREE(grbn->rdatas, sizeof(char *) * nrdatas); - if (grbn->rdatalen != NULL) - CTXFREE(grbn->rdatalen, - sizeof(lwres_uint16_t) * nrdatas); - if (grbn->sigs != NULL) - CTXFREE(grbn->sigs, sizeof(char *) * nsigs); - if (grbn->siglen != NULL) - CTXFREE(grbn->siglen, sizeof(lwres_uint16_t) * nsigs); - CTXFREE(grbn, sizeof(lwres_grbnresponse_t)); - } - - return (ret); -} - -void -lwres_grbnrequest_free(lwres_context_t *ctx, lwres_grbnrequest_t **structp) -{ - lwres_grbnrequest_t *grbn; - - REQUIRE(ctx != NULL); - REQUIRE(structp != NULL && *structp != NULL); - - grbn = *structp; - *structp = NULL; - - CTXFREE(grbn, sizeof(lwres_grbnrequest_t)); -} - -void -lwres_grbnresponse_free(lwres_context_t *ctx, lwres_grbnresponse_t **structp) -{ - lwres_grbnresponse_t *grbn; - - REQUIRE(ctx != NULL); - REQUIRE(structp != NULL && *structp != NULL); - - grbn = *structp; - *structp = NULL; - - if (grbn->nrdatas > 0) { - CTXFREE(grbn->rdatas, sizeof(char *) * grbn->nrdatas); - CTXFREE(grbn->rdatalen, - sizeof(lwres_uint16_t) * grbn->nrdatas); - } - if (grbn->nsigs > 0) { - CTXFREE(grbn->sigs, sizeof(char *) * grbn->nsigs); - CTXFREE(grbn->siglen, sizeof(lwres_uint16_t) * grbn->nsigs); - } - if (grbn->base != NULL) - CTXFREE(grbn->base, grbn->baselen); - CTXFREE(grbn, sizeof(lwres_grbnresponse_t)); -} diff --git a/lib/liblwres/lwres_noop.c b/lib/liblwres/lwres_noop.c deleted file mode 100644 index a75fba351..000000000 --- a/lib/liblwres/lwres_noop.c +++ /dev/null @@ -1,255 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwres_noop.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include "context_p.h" -#include "assert_p.h" - -lwres_result_t -lwres_nooprequest_render(lwres_context_t *ctx, lwres_nooprequest_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b) -{ - unsigned char *buf; - size_t buflen; - int ret; - size_t payload_length; - - REQUIRE(ctx != NULL); - REQUIRE(req != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - - payload_length = sizeof(lwres_uint16_t) + req->datalength; - - buflen = LWRES_LWPACKET_LENGTH + payload_length; - buf = CTXMALLOC(buflen); - if (buf == NULL) - return (LWRES_R_NOMEMORY); - lwres_buffer_init(b, buf, buflen); - - pkt->length = buflen; - pkt->version = LWRES_LWPACKETVERSION_0; - pkt->pktflags &= ~LWRES_LWPACKETFLAG_RESPONSE; - pkt->opcode = LWRES_OPCODE_NOOP; - pkt->result = 0; - pkt->authtype = 0; - pkt->authlength = 0; - - ret = lwres_lwpacket_renderheader(b, pkt); - if (ret != LWRES_R_SUCCESS) { - lwres_buffer_invalidate(b); - CTXFREE(buf, buflen); - return (ret); - } - - INSIST(SPACE_OK(b, payload_length)); - - /* - * Put the length and the data. We know this will fit because we - * just checked for it. - */ - lwres_buffer_putuint16(b, req->datalength); - lwres_buffer_putmem(b, req->data, req->datalength); - - INSIST(LWRES_BUFFER_AVAILABLECOUNT(b) == 0); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_noopresponse_render(lwres_context_t *ctx, lwres_noopresponse_t *req, - lwres_lwpacket_t *pkt, lwres_buffer_t *b) -{ - unsigned char *buf; - size_t buflen; - int ret; - size_t payload_length; - - REQUIRE(ctx != NULL); - REQUIRE(req != NULL); - REQUIRE(pkt != NULL); - REQUIRE(b != NULL); - - payload_length = sizeof(lwres_uint16_t) + req->datalength; - - buflen = LWRES_LWPACKET_LENGTH + payload_length; - buf = CTXMALLOC(buflen); - if (buf == NULL) - return (LWRES_R_NOMEMORY); - lwres_buffer_init(b, buf, buflen); - - pkt->length = buflen; - pkt->version = LWRES_LWPACKETVERSION_0; - pkt->pktflags |= LWRES_LWPACKETFLAG_RESPONSE; - pkt->opcode = LWRES_OPCODE_NOOP; - pkt->authtype = 0; - pkt->authlength = 0; - - ret = lwres_lwpacket_renderheader(b, pkt); - if (ret != LWRES_R_SUCCESS) { - lwres_buffer_invalidate(b); - CTXFREE(buf, buflen); - return (ret); - } - - INSIST(SPACE_OK(b, payload_length)); - - /* - * Put the length and the data. We know this will fit because we - * just checked for it. - */ - lwres_buffer_putuint16(b, req->datalength); - lwres_buffer_putmem(b, req->data, req->datalength); - - INSIST(LWRES_BUFFER_AVAILABLECOUNT(b) == 0); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_nooprequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_nooprequest_t **structp) -{ - int ret; - lwres_nooprequest_t *req; - - REQUIRE(ctx != NULL); - REQUIRE(b != NULL); - REQUIRE(pkt != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - if ((pkt->pktflags & LWRES_LWPACKETFLAG_RESPONSE) != 0) - return (LWRES_R_FAILURE); - - req = CTXMALLOC(sizeof(lwres_nooprequest_t)); - if (req == NULL) - return (LWRES_R_NOMEMORY); - - if (!SPACE_REMAINING(b, sizeof(lwres_uint16_t))) { - ret = LWRES_R_UNEXPECTEDEND; - goto out; - } - req->datalength = lwres_buffer_getuint16(b); - - if (!SPACE_REMAINING(b, req->datalength)) { - ret = LWRES_R_UNEXPECTEDEND; - goto out; - } - req->data = b->base + b->current; - lwres_buffer_forward(b, req->datalength); - - if (LWRES_BUFFER_REMAINING(b) != 0) { - ret = LWRES_R_TRAILINGDATA; - goto out; - } - - /* success! */ - *structp = req; - return (LWRES_R_SUCCESS); - - /* Error return */ - out: - CTXFREE(req, sizeof(lwres_nooprequest_t)); - return (ret); -} - -lwres_result_t -lwres_noopresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, - lwres_lwpacket_t *pkt, lwres_noopresponse_t **structp) -{ - int ret; - lwres_noopresponse_t *req; - - REQUIRE(ctx != NULL); - REQUIRE(b != NULL); - REQUIRE(pkt != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - if ((pkt->pktflags & LWRES_LWPACKETFLAG_RESPONSE) == 0) - return (LWRES_R_FAILURE); - - req = CTXMALLOC(sizeof(lwres_noopresponse_t)); - if (req == NULL) - return (LWRES_R_NOMEMORY); - - if (!SPACE_REMAINING(b, sizeof(lwres_uint16_t))) { - ret = LWRES_R_UNEXPECTEDEND; - goto out; - } - req->datalength = lwres_buffer_getuint16(b); - - if (!SPACE_REMAINING(b, req->datalength)) { - ret = LWRES_R_UNEXPECTEDEND; - goto out; - } - req->data = b->base + b->current; - - lwres_buffer_forward(b, req->datalength); - if (LWRES_BUFFER_REMAINING(b) != 0) { - ret = LWRES_R_TRAILINGDATA; - goto out; - } - - /* success! */ - *structp = req; - return (LWRES_R_SUCCESS); - - /* Error return */ - out: - CTXFREE(req, sizeof(lwres_noopresponse_t)); - return (ret); -} - -void -lwres_noopresponse_free(lwres_context_t *ctx, lwres_noopresponse_t **structp) -{ - lwres_noopresponse_t *noop; - - REQUIRE(ctx != NULL); - REQUIRE(structp != NULL && *structp != NULL); - - noop = *structp; - *structp = NULL; - - CTXFREE(noop, sizeof(lwres_noopresponse_t)); -} - -void -lwres_nooprequest_free(lwres_context_t *ctx, lwres_nooprequest_t **structp) -{ - lwres_nooprequest_t *noop; - - REQUIRE(ctx != NULL); - REQUIRE(structp != NULL && *structp != NULL); - - noop = *structp; - *structp = NULL; - - CTXFREE(noop, sizeof(lwres_nooprequest_t)); -} diff --git a/lib/liblwres/lwresutil.c b/lib/liblwres/lwresutil.c deleted file mode 100644 index 60f330e76..000000000 --- a/lib/liblwres/lwresutil.c +++ /dev/null @@ -1,491 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: lwresutil.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#include - -#include -#include -#include -#include - -#include -#include -#include - -#include "assert_p.h" -#include "context_p.h" - -/* - * Requires: - * - * The "current" pointer in "b" points to encoded raw data. - * - * Ensures: - * - * The address of the first byte of the data is returned via "p", - * and the length is returned via "len". If NULL, they are not - * set. - * - * On return, the current pointer of "b" will point to the character - * following the data length and the data. - * - */ -lwres_result_t -lwres_data_parse(lwres_buffer_t *b, unsigned char **p, lwres_uint16_t *len) -{ - lwres_uint16_t datalen; - unsigned char *data; - - REQUIRE(b != NULL); - - /* - * Pull off the length (2 bytes) - */ - if (!SPACE_REMAINING(b, 2)) - return (LWRES_R_UNEXPECTEDEND); - datalen = lwres_buffer_getuint16(b); - - /* - * Set the pointer to this string to the right place, then - * advance the buffer pointer. - */ - if (!SPACE_REMAINING(b, datalen)) - return (LWRES_R_UNEXPECTEDEND); - data = b->base + b->current; - lwres_buffer_forward(b, datalen); - - if (len != NULL) - *len = datalen; - if (p != NULL) - *p = data; - - return (LWRES_R_SUCCESS); -} - -/* - * Requires: - * - * The "current" pointer in "b" point to an encoded string. - * - * Ensures: - * - * The address of the first byte of the string is returned via "c", - * and the length is returned via "len". If NULL, they are not - * set. - * - * On return, the current pointer of "b" will point to the character - * following the string length, the string, and the trailing NULL. - * - */ -lwres_result_t -lwres_string_parse(lwres_buffer_t *b, char **c, lwres_uint16_t *len) -{ - lwres_uint16_t datalen; - char *string; - - REQUIRE(b != NULL); - - /* - * Pull off the length (2 bytes) - */ - if (!SPACE_REMAINING(b, 2)) - return (LWRES_R_UNEXPECTEDEND); - datalen = lwres_buffer_getuint16(b); - - /* - * Set the pointer to this string to the right place, then - * advance the buffer pointer. - */ - if (!SPACE_REMAINING(b, datalen)) - return (LWRES_R_UNEXPECTEDEND); - string = (char *)b->base + b->current; - lwres_buffer_forward(b, datalen); - - /* - * Skip the "must be zero" byte. - */ - if (!SPACE_REMAINING(b, 1)) - return (LWRES_R_UNEXPECTEDEND); - if (0 != lwres_buffer_getuint8(b)) - return (LWRES_R_FAILURE); - - if (len != NULL) - *len = datalen; - if (c != NULL) - *c = string; - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_addr_parse(lwres_buffer_t *b, lwres_addr_t *addr) -{ - REQUIRE(addr != NULL); - - if (!SPACE_REMAINING(b, 6)) - return (LWRES_R_UNEXPECTEDEND); - - addr->family = lwres_buffer_getuint32(b); - addr->length = lwres_buffer_getuint16(b); - - if (!SPACE_REMAINING(b, addr->length)) - return (LWRES_R_UNEXPECTEDEND); - if (addr->length > LWRES_ADDR_MAXLEN) - return (LWRES_R_FAILURE); - - lwres_buffer_getmem(b, addr->address, addr->length); - - return (LWRES_R_SUCCESS); -} - -lwres_result_t -lwres_getaddrsbyname(lwres_context_t *ctx, const char *name, - lwres_uint32_t addrtypes, lwres_gabnresponse_t **structp) -{ - lwres_gabnrequest_t request; - lwres_gabnresponse_t *response; - int ret; - int recvlen; - lwres_buffer_t b_in, b_out; - lwres_lwpacket_t pkt; - lwres_uint32_t serial; - char *buffer; - char target_name[1024]; - unsigned int target_length; - - REQUIRE(ctx != NULL); - REQUIRE(name != NULL); - REQUIRE(addrtypes != 0); - REQUIRE(structp != NULL && *structp == NULL); - - b_in.base = NULL; - b_out.base = NULL; - response = NULL; - buffer = NULL; - serial = lwres_context_nextserial(ctx); - - buffer = CTXMALLOC(LWRES_RECVLENGTH); - if (buffer == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - - target_length = strlen(name); - if (target_length >= sizeof(target_name)) - return (LWRES_R_FAILURE); - strcpy(target_name, name); /* strcpy is safe */ - - /* - * Set up our request and render it to a buffer. - */ - request.flags = 0; - request.addrtypes = addrtypes; - request.name = target_name; - request.namelen = target_length; - pkt.pktflags = 0; - pkt.serial = serial; - pkt.result = 0; - pkt.recvlength = LWRES_RECVLENGTH; - - again: - ret = lwres_gabnrequest_render(ctx, &request, &pkt, &b_out); - if (ret != LWRES_R_SUCCESS) - goto out; - - ret = lwres_context_sendrecv(ctx, b_out.base, b_out.length, buffer, - LWRES_RECVLENGTH, &recvlen); - if (ret != LWRES_R_SUCCESS) - goto out; - - lwres_buffer_init(&b_in, buffer, recvlen); - b_in.used = recvlen; - - /* - * Parse the packet header. - */ - ret = lwres_lwpacket_parseheader(&b_in, &pkt); - if (ret != LWRES_R_SUCCESS) - goto out; - - /* - * Sanity check. - */ - if (pkt.serial != serial) - goto again; - if (pkt.opcode != LWRES_OPCODE_GETADDRSBYNAME) - goto again; - - /* - * Free what we've transmitted - */ - CTXFREE(b_out.base, b_out.length); - b_out.base = NULL; - b_out.length = 0; - - if (pkt.result != LWRES_R_SUCCESS) { - ret = pkt.result; - goto out; - } - - /* - * Parse the response. - */ - ret = lwres_gabnresponse_parse(ctx, &b_in, &pkt, &response); - if (ret != LWRES_R_SUCCESS) - goto out; - response->base = buffer; - response->baselen = LWRES_RECVLENGTH; - buffer = NULL; /* don't free this below */ - - *structp = response; - return (LWRES_R_SUCCESS); - - out: - if (b_out.base != NULL) - CTXFREE(b_out.base, b_out.length); - if (buffer != NULL) - CTXFREE(buffer, LWRES_RECVLENGTH); - if (response != NULL) - lwres_gabnresponse_free(ctx, &response); - - return (ret); -} - - -lwres_result_t -lwres_getnamebyaddr(lwres_context_t *ctx, lwres_uint32_t addrtype, - lwres_uint16_t addrlen, const unsigned char *addr, - lwres_gnbaresponse_t **structp) -{ - lwres_gnbarequest_t request; - lwres_gnbaresponse_t *response; - int ret; - int recvlen; - lwres_buffer_t b_in, b_out; - lwres_lwpacket_t pkt; - lwres_uint32_t serial; - char *buffer; - - REQUIRE(ctx != NULL); - REQUIRE(addrtype != 0); - REQUIRE(addrlen != 0); - REQUIRE(addr != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - b_in.base = NULL; - b_out.base = NULL; - response = NULL; - buffer = NULL; - serial = lwres_context_nextserial(ctx); - - buffer = CTXMALLOC(LWRES_RECVLENGTH); - if (buffer == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - - /* - * Set up our request and render it to a buffer. - */ - request.flags = 0; - request.addr.family = addrtype; - request.addr.length = addrlen; - memcpy(request.addr.address, addr, addrlen); - pkt.pktflags = 0; - pkt.serial = serial; - pkt.result = 0; - pkt.recvlength = LWRES_RECVLENGTH; - - again: - ret = lwres_gnbarequest_render(ctx, &request, &pkt, &b_out); - if (ret != LWRES_R_SUCCESS) - goto out; - - ret = lwres_context_sendrecv(ctx, b_out.base, b_out.length, buffer, - LWRES_RECVLENGTH, &recvlen); - if (ret != LWRES_R_SUCCESS) - goto out; - - lwres_buffer_init(&b_in, buffer, recvlen); - b_in.used = recvlen; - - /* - * Parse the packet header. - */ - ret = lwres_lwpacket_parseheader(&b_in, &pkt); - if (ret != LWRES_R_SUCCESS) - goto out; - - /* - * Sanity check. - */ - if (pkt.serial != serial) - goto again; - if (pkt.opcode != LWRES_OPCODE_GETNAMEBYADDR) - goto again; - - /* - * Free what we've transmitted - */ - CTXFREE(b_out.base, b_out.length); - b_out.base = NULL; - b_out.length = 0; - - if (pkt.result != LWRES_R_SUCCESS) { - ret = pkt.result; - goto out; - } - - /* - * Parse the response. - */ - ret = lwres_gnbaresponse_parse(ctx, &b_in, &pkt, &response); - if (ret != LWRES_R_SUCCESS) - goto out; - response->base = buffer; - response->baselen = LWRES_RECVLENGTH; - buffer = NULL; /* don't free this below */ - - *structp = response; - return (LWRES_R_SUCCESS); - - out: - if (b_out.base != NULL) - CTXFREE(b_out.base, b_out.length); - if (buffer != NULL) - CTXFREE(buffer, LWRES_RECVLENGTH); - if (response != NULL) - lwres_gnbaresponse_free(ctx, &response); - - return (ret); -} - -lwres_result_t -lwres_getrdatabyname(lwres_context_t *ctx, const char *name, - lwres_uint16_t rdclass, lwres_uint16_t rdtype, - lwres_uint32_t flags, lwres_grbnresponse_t **structp) -{ - int ret; - int recvlen; - lwres_buffer_t b_in, b_out; - lwres_lwpacket_t pkt; - lwres_uint32_t serial; - char *buffer; - lwres_grbnrequest_t request; - lwres_grbnresponse_t *response; - char target_name[1024]; - unsigned int target_length; - - REQUIRE(ctx != NULL); - REQUIRE(name != NULL); - REQUIRE(structp != NULL && *structp == NULL); - - b_in.base = NULL; - b_out.base = NULL; - response = NULL; - buffer = NULL; - serial = lwres_context_nextserial(ctx); - - buffer = CTXMALLOC(LWRES_RECVLENGTH); - if (buffer == NULL) { - ret = LWRES_R_NOMEMORY; - goto out; - } - - target_length = strlen(name); - if (target_length >= sizeof(target_name)) - return (LWRES_R_FAILURE); - strcpy(target_name, name); /* strcpy is safe */ - - /* - * Set up our request and render it to a buffer. - */ - request.rdclass = rdclass; - request.rdtype = rdtype; - request.flags = flags; - request.name = target_name; - request.namelen = target_length; - pkt.pktflags = 0; - pkt.serial = serial; - pkt.result = 0; - pkt.recvlength = LWRES_RECVLENGTH; - - again: - ret = lwres_grbnrequest_render(ctx, &request, &pkt, &b_out); - if (ret != LWRES_R_SUCCESS) - goto out; - - ret = lwres_context_sendrecv(ctx, b_out.base, b_out.length, buffer, - LWRES_RECVLENGTH, &recvlen); - if (ret != LWRES_R_SUCCESS) - goto out; - - lwres_buffer_init(&b_in, buffer, recvlen); - b_in.used = recvlen; - - /* - * Parse the packet header. - */ - ret = lwres_lwpacket_parseheader(&b_in, &pkt); - if (ret != LWRES_R_SUCCESS) - goto out; - - /* - * Sanity check. - */ - if (pkt.serial != serial) - goto again; - if (pkt.opcode != LWRES_OPCODE_GETRDATABYNAME) - goto again; - - /* - * Free what we've transmitted - */ - CTXFREE(b_out.base, b_out.length); - b_out.base = NULL; - b_out.length = 0; - - if (pkt.result != LWRES_R_SUCCESS) { - ret = pkt.result; - goto out; - } - - /* - * Parse the response. - */ - ret = lwres_grbnresponse_parse(ctx, &b_in, &pkt, &response); - if (ret != LWRES_R_SUCCESS) - goto out; - response->base = buffer; - response->baselen = LWRES_RECVLENGTH; - buffer = NULL; /* don't free this below */ - - *structp = response; - return (LWRES_R_SUCCESS); - - out: - if (b_out.base != NULL) - CTXFREE(b_out.base, b_out.length); - if (buffer != NULL) - CTXFREE(buffer, LWRES_RECVLENGTH); - if (response != NULL) - lwres_grbnresponse_free(ctx, &response); - - return (ret); -} diff --git a/lib/liblwres/man/Makefile.in b/lib/liblwres/man/Makefile.in deleted file mode 100644 index d06f370ad..000000000 --- a/lib/liblwres/man/Makefile.in +++ /dev/null @@ -1,232 +0,0 @@ -# Copyright (C) 2001 Internet Software Consortium. -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -# DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -# INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -# $Id: Makefile.in,v 1.1 2004/03/15 20:35:25 as Exp $ - -srcdir = @srcdir@ -VPATH = @srcdir@ -top_srcdir = @top_srcdir@ - -@BIND9_VERSION@ - -@BIND9_MAKE_RULES@ - -# Alphabetically -#MANPAGES = lwres.3 lwres_addr_parse.3 lwres_buffer.3 \ -# lwres_buffer_add.3 lwres_buffer_back.3 lwres_buffer_clear.3 \ -# lwres_buffer_first.3 lwres_buffer_forward.3 \ -# lwres_buffer_getmem.3 lwres_buffer_getuint16.3 \ -# lwres_buffer_getuint32.3 lwres_buffer_getuint8.3 \ -# lwres_buffer_init.3 lwres_buffer_invalidate.3 \ -# lwres_buffer_putmem.3 lwres_buffer_putuint16.3 \ -# lwres_buffer_putuint32.3 lwres_buffer_putuint8.3 \ -# lwres_buffer_subtract.3 lwres_conf_clear.3 \ -# lwres_conf_get.3 lwres_conf_init.3 \ -# lwres_conf_parse.3 lwres_conf_print.3 \ -# lwres_config.3 lwres_context.3 \ -# lwres_context_allocmem.3 lwres_context_create.3 \ -# lwres_context_destroy.3 lwres_context_freemem.3 \ -# lwres_context_initserial.3 lwres_context_nextserial.3 \ -# lwres_context_sendrecv.3 lwres_endhostent.3 \ -# lwres_endhostent_r.3 lwres_freeaddrinfo.3 \ -# lwres_freehostent.3 lwres_gabn.3 \ -# lwres_gabnrequest_free.3 lwres_gabnrequest_parse.3 \ -# lwres_gabnrequest_render.3 lwres_gabnresponse_free.3 \ -# lwres_gabnresponse_parse.3 lwres_gabnresponse_render.3 \ -# lwres_gai_strerror.3 lwres_getaddrinfo.3 \ -# lwres_getaddrsbyname.3 lwres_gethostbyaddr.3 \ -# lwres_gethostbyaddr_r.3 lwres_gethostbyname.3 \ -# lwres_gethostbyname2.3 lwres_gethostbyname_r.3 \ -# lwres_gethostent.3 lwres_gethostent_r.3 \ -# lwres_getipnode.3 lwres_getipnodebyaddr.3 \ -# lwres_getipnodebyname.3 lwres_getnamebyaddr.3 \ -# lwres_getnameinfo.3 lwres_getrrsetbyname.3 \ -# lwres_gnba.3 lwres_gnbarequest_free.3 \ -# lwres_gnbarequest_parse.3 lwres_gnbarequest_render.3 \ -# lwres_gnbaresponse_free.3 lwres_gnbaresponse_parse.3 \ -# lwres_gnbaresponse_render.3 lwres_herror.3 \ -# lwres_hstrerror.3 lwres_inetntop.3 \ -# lwres_lwpacket_parseheader.3 lwres_lwpacket_renderheader.3 \ -# lwres_net_ntop.3 lwres_noop.3 \ -# lwres_nooprequest_free.3 lwres_nooprequest_parse.3 \ -# lwres_nooprequest_render.3 lwres_noopresponse_free.3 \ -# lwres_noopresponse_parse.3 lwres_noopresponse_render.3 \ -# lwres_packet.3 lwres_resutil.3 \ -# lwres_sethostent.3 lwres_sethostent_r.3 \ -# lwres_string_parse.3 - - -MANPAGES = lwres.3 lwres_buffer.3 lwres_config.3 lwres_context.3 \ - lwres_gabn.3 lwres_gai_strerror.3 lwres_getaddrinfo.3 \ - lwres_gethostent.3 lwres_getipnode.3 lwres_getnameinfo.3 \ - lwres_getrrsetbyname.3 lwres_gnba.3 lwres_hstrerror.3 lwres_inetntop.3 \ - lwres_noop.3 lwres_packet.3 lwres_resutil.3 - -HTMLPAGES = lwres.html lwres_buffer.html lwres_config.html lwres_context.html \ - lwres_gabn.html lwres_gai_strerror.html lwres_getaddrinfo.html \ - lwres_gethostent.html lwres_getipnode.html lwres_getnameinfo.html \ - lwres_getrrsetbyname.html lwres_gnba.html lwres_hstrerror.html lwres_inetntop.html \ - lwres_noop.html lwres_packet.html lwres_resutil.html - -MANOBJS = ${MANPAGES} ${HTMLPAGES} - -doc man:: ${MANOBJS} - -docclean manclean maintainer-clean:: - rm -f ${MANOBJS} - -installdirs: - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man3 - -man3 = ${DESTDIR}${mandir}/man3 - -install:: installdirs - for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man3; done - rm -f ${man3}/lwres_addr_parse.3 - @LN@ ${man3}/lwres_resutil.3 ${man3}/lwres_addr_parse.3 - rm -f ${man3}/lwres_buffer_add.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_add.3 - rm -f ${man3}/lwres_buffer_back.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_back.3 - rm -f ${man3}/lwres_buffer_clear.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_clear.3 - rm -f ${man3}/lwres_buffer_first.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_first.3 - rm -f ${man3}/lwres_buffer_forward.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_forward.3 - rm -f ${man3}/lwres_buffer_getmem.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_getmem.3 - rm -f ${man3}/lwres_buffer_getuint16.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_getuint16.3 - rm -f ${man3}/lwres_buffer_getuint32.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_getuint32.3 - rm -f ${man3}/lwres_buffer_getuint8.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_getuint8.3 - rm -f ${man3}/lwres_buffer_init.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_init.3 - rm -f ${man3}/lwres_buffer_invalidate.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_invalidate.3 - rm -f ${man3}/lwres_buffer_putmem.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_putmem.3 - rm -f ${man3}/lwres_buffer_putuint16.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_putuint16.3 - rm -f ${man3}/lwres_buffer_putuint32.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_putuint32.3 - rm -f ${man3}/lwres_buffer_putuint8.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_putuint8.3 - rm -f ${man3}/lwres_buffer_subtract.3 - @LN@ ${man3}/lwres_buffer.3 ${man3}/lwres_buffer_subtract.3 - rm -f ${man3}/lwres_conf_clear.3 - @LN@ ${man3}/lwres_config.3 ${man3}/lwres_conf_clear.3 - rm -f ${man3}/lwres_conf_get.3 - @LN@ ${man3}/lwres_config.3 ${man3}/lwres_conf_get.3 - rm -f ${man3}/lwres_conf_init.3 - @LN@ ${man3}/lwres_config.3 ${man3}/lwres_conf_init.3 - rm -f ${man3}/lwres_conf_parse.3 - @LN@ ${man3}/lwres_config.3 ${man3}/lwres_conf_parse.3 - rm -f ${man3}/lwres_conf_print.3 - @LN@ ${man3}/lwres_config.3 ${man3}/lwres_conf_print.3 - rm -f ${man3}/lwres_context_allocmem.3 - @LN@ ${man3}/lwres_context.3 ${man3}/lwres_context_allocmem.3 - rm -f ${man3}/lwres_context_create.3 - @LN@ ${man3}/lwres_context.3 ${man3}/lwres_context_create.3 - rm -f ${man3}/lwres_context_destroy.3 - @LN@ ${man3}/lwres_context.3 ${man3}/lwres_context_destroy.3 - rm -f ${man3}/lwres_context_freemem.3 - @LN@ ${man3}/lwres_context.3 ${man3}/lwres_context_freemem.3 - rm -f ${man3}/lwres_context_initserial.3 - @LN@ ${man3}/lwres_context.3 ${man3}/lwres_context_initserial.3 - rm -f ${man3}/lwres_context_nextserial.3 - @LN@ ${man3}/lwres_context.3 ${man3}/lwres_context_nextserial.3 - rm -f ${man3}/lwres_context_sendrecv.3 - @LN@ ${man3}/lwres_context.3 ${man3}/lwres_context_sendrecv.3 - rm -f ${man3}/lwres_endhostent.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_endhostent.3 - rm -f ${man3}/lwres_endhostent_r.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_endhostent_r.3 - rm -f ${man3}/lwres_freeaddrinfo.3 - @LN@ ${man3}/lwres_getaddrinfo.3 ${man3}/lwres_freeaddrinfo.3 - rm -f ${man3}/lwres_freehostent.3 - @LN@ ${man3}/lwres_getipnode.3 ${man3}/lwres_freehostent.3 - rm -f ${man3}/lwres_gabnrequest_free.3 - @LN@ ${man3}/lwres_gabn.3 ${man3}/lwres_gabnrequest_free.3 - rm -f ${man3}/lwres_gabnrequest_parse.3 - @LN@ ${man3}/lwres_gabn.3 ${man3}/lwres_gabnrequest_parse.3 - rm -f ${man3}/lwres_gabnrequest_render.3 - @LN@ ${man3}/lwres_gabn.3 ${man3}/lwres_gabnrequest_render.3 - rm -f ${man3}/lwres_gabnresponse_free.3 - @LN@ ${man3}/lwres_gabn.3 ${man3}/lwres_gabnresponse_free.3 - rm -f ${man3}/lwres_gabnresponse_parse.3 - @LN@ ${man3}/lwres_gabn.3 ${man3}/lwres_gabnresponse_parse.3 - rm -f ${man3}/lwres_gabnresponse_render.3 - @LN@ ${man3}/lwres_gabn.3 ${man3}/lwres_gabnresponse_render.3 - rm -f ${man3}/lwres_getaddrsbyname.3 - @LN@ ${man3}/lwres_resutil.3 ${man3}/lwres_getaddrsbyname.3 - rm -f ${man3}/lwres_gethostbyaddr.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_gethostbyaddr.3 - rm -f ${man3}/lwres_gethostbyaddr_r.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_gethostbyaddr_r.3 - rm -f ${man3}/lwres_gethostbyname.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_gethostbyname.3 - rm -f ${man3}/lwres_gethostbyname2.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_gethostbyname2.3 - rm -f ${man3}/lwres_gethostbyname_r.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_gethostbyname_r.3 - rm -f ${man3}/lwres_gethostent_r.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_gethostent_r.3 - rm -f ${man3}/lwres_getipnodebyaddr.3 - @LN@ ${man3}/lwres_getipnode.3 ${man3}/lwres_getipnodebyaddr.3 - rm -f ${man3}/lwres_getipnodebyname.3 - @LN@ ${man3}/lwres_getipnode.3 ${man3}/lwres_getipnodebyname.3 - rm -f ${man3}/lwres_getnamebyaddr.3 - @LN@ ${man3}/lwres_resutil.3 ${man3}/lwres_getnamebyaddr.3 - rm -f ${man3}/lwres_gnbarequest_free.3 - @LN@ ${man3}/lwres_gnba.3 ${man3}/lwres_gnbarequest_free.3 - rm -f ${man3}/lwres_gnbarequest_parse.3 - @LN@ ${man3}/lwres_gnba.3 ${man3}/lwres_gnbarequest_parse.3 - rm -f ${man3}/lwres_gnbarequest_render.3 - @LN@ ${man3}/lwres_gnba.3 ${man3}/lwres_gnbarequest_render.3 - rm -f ${man3}/lwres_gnbaresponse_free.3 - @LN@ ${man3}/lwres_gnba.3 ${man3}/lwres_gnbaresponse_free.3 - rm -f ${man3}/lwres_gnbaresponse_parse.3 - @LN@ ${man3}/lwres_gnba.3 ${man3}/lwres_gnbaresponse_parse.3 - rm -f ${man3}/lwres_gnbaresponse_render.3 - @LN@ ${man3}/lwres_gnba.3 ${man3}/lwres_gnbaresponse_render.3 - rm -f ${man3}/lwres_herror.3 - @LN@ ${man3}/lwres_hstrerror.3 ${man3}/lwres_herror.3 - rm -f ${man3}/lwres_lwpacket_parseheader.3 - @LN@ ${man3}/lwres_packet.3 ${man3}/lwres_lwpacket_parseheader.3 - rm -f ${man3}/lwres_lwpacket_renderheader.3 - @LN@ ${man3}/lwres_packet.3 ${man3}/lwres_lwpacket_renderheader.3 - rm -f ${man3}/lwres_net_ntop.3 - @LN@ ${man3}/lwres_inetntop.3 ${man3}/lwres_net_ntop.3 - rm -f ${man3}/lwres_nooprequest_free.3 - @LN@ ${man3}/lwres_noop.3 ${man3}/lwres_nooprequest_free.3 - rm -f ${man3}/lwres_nooprequest_parse.3 - @LN@ ${man3}/lwres_noop.3 ${man3}/lwres_nooprequest_parse.3 - rm -f ${man3}/lwres_nooprequest_render.3 - @LN@ ${man3}/lwres_noop.3 ${man3}/lwres_nooprequest_render.3 - rm -f ${man3}/lwres_noopresponse_free.3 - @LN@ ${man3}/lwres_noop.3 ${man3}/lwres_noopresponse_free.3 - rm -f ${man3}/lwres_noopresponse_parse.3 - @LN@ ${man3}/lwres_noop.3 ${man3}/lwres_noopresponse_parse.3 - rm -f ${man3}/lwres_noopresponse_render.3 - @LN@ ${man3}/lwres_noop.3 ${man3}/lwres_noopresponse_render.3 - rm -f ${man3}/lwres_sethostent.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_sethostent.3 - rm -f ${man3}/lwres_sethostent_r.3 - @LN@ ${man3}/lwres_gethostent.3 ${man3}/lwres_sethostent_r.3 - rm -f ${man3}/lwres_string_parse.3 - @LN@ ${man3}/lwres_resutil.3 ${man3}/lwres_string_parse.3 diff --git a/lib/liblwres/man/lwres.3 b/lib/liblwres/man/lwres.3 deleted file mode 100644 index f2393912d..000000000 --- a/lib/liblwres/man/lwres.3 +++ /dev/null @@ -1,158 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres \- introduction to the lightweight resolver library -.SH SYNOPSIS -\fB#include \fR -.SH "DESCRIPTION" -.PP -The BIND 9 lightweight resolver library is a simple, name service -independent stub resolver library. It provides hostname-to-address -and address-to-hostname lookup services to applications by -transmitting lookup requests to a resolver daemon -\fBlwresd\fR -running on the local host. The resover daemon performs the -lookup using the DNS or possibly other name service protocols, -and returns the results to the application through the library. -The library and resolver daemon communicate using a simple -UDP-based protocol. -.SH "OVERVIEW" -.PP -The lwresd library implements multiple name service APIs. -The standard -\fBgethostbyname()\fR, -\fBgethostbyaddr()\fR, -\fBgethostbyname_r()\fR, -\fBgethostbyaddr_r()\fR, -\fBgetaddrinfo()\fR, -\fBgetipnodebyname()\fR, -and -\fBgetipnodebyaddr()\fR -functions are all supported. To allow the lwres library to coexist -with system libraries that define functions of the same name, -the library defines these functions with names prefixed by -lwres_. -To define the standard names, applications must include the -header file -\fI\fR -which contains macro definitions mapping the standard function names -into -lwres_ -prefixed ones. Operating system vendors who integrate the lwres -library into their base distributions should rename the functions -in the library proper so that the renaming macros are not needed. -.PP -The library also provides a native API consisting of the functions -\fBlwres_getaddrsbyname()\fR -and -\fBlwres_getnamebyaddr()\fR. -These may be called by applications that require more detailed -control over the lookup process than the standard functions -provide. -.PP -In addition to these name service independent address lookup -functions, the library implements a new, experimental API -for looking up arbitrary DNS resource records, using the -\fBlwres_getaddrsbyname()\fR -function. -.PP -Finally, there is a low-level API for converting lookup -requests and responses to and from raw lwres protocol packets. -This API can be used by clients requiring nonblocking operation, -and is also used when implementing the server side of the lwres -protocol, for example in the -\fBlwresd\fR -resolver daemon. The use of this low-level API in clients -and servers is outlined in the following sections. -.SH "CLIENT-SIDE LOW-LEVEL API CALL FLOW" -.PP -When a client program wishes to make an lwres request using the -native low-level API, it typically performs the following -sequence of actions. -.PP -(1) Allocate or use an existing \fBlwres_packet_t\fR, -called pkt below. -.PP -(2) Set \fBpkt.recvlength\fR to the maximum length we will accept. -This is done so the receiver of our packets knows how large our receive -buffer is. The "default" is a constant in -\fIlwres.h\fR: LWRES_RECVLENGTH = 4096. -.PP -(3) Set \fBpkt.serial\fR -to a unique serial number. This value is echoed -back to the application by the remote server. -.PP -(4) Set \fBpkt.pktflags\fR. Usually this is set to 0. -.PP -(5) Set \fBpkt.result\fR to 0. -.PP -(6) Call \fBlwres_*request_render()\fR, -or marshall in the data using the primitives -such as \fBlwres_packet_render()\fR -and storing the packet data. -.PP -(7) Transmit the resulting buffer. -.PP -(8) Call \fBlwres_*response_parse()\fR -to parse any packets received. -.PP -(9) Verify that the opcode and serial match a request, and process the -packet specific information contained in the body. -.SH "SERVER-SIDE LOW-LEVEL API CALL FLOW" -.PP -When implementing the server side of the lightweight resolver -protocol using the lwres library, a sequence of actions like the -following is typically involved in processing each request packet. -.PP -Note that the same \fBlwres_packet_t\fR is used -in both the \fB_parse()\fR and \fB_render()\fR calls, -with only a few modifications made -to the packet header's contents between uses. This method is recommended -as it keeps the serial, opcode, and other fields correct. -.PP -(1) When a packet is received, call \fBlwres_*request_parse()\fR to -unmarshall it. This returns a \fBlwres_packet_t\fR (also called pkt, below) -as well as a data specific type, such as \fBlwres_gabnrequest_t\fR. -.PP -(2) Process the request in the data specific type. -.PP -(3) Set the \fBpkt.result\fR, -\fBpkt.recvlength\fR as above. All other fields can -be left untouched since they were filled in by the \fB*_parse()\fR call -above. If using \fBlwres_*response_render()\fR, -\fBpkt.pktflags\fR will be set up -properly. Otherwise, the LWRES_LWPACKETFLAG_RESPONSE bit should be -set. -.PP -(4) Call the data specific rendering function, such as -\fBlwres_gabnresponse_render()\fR. -.PP -(5) Send the resulting packet to the client. -.PP -.SH "SEE ALSO" -.PP -\fBlwres_gethostent\fR(3), -\fBlwres_getipnode\fR(3), -\fBlwres_getnameinfo\fR(3), -\fBlwres_noop\fR(3), -\fBlwres_gabn\fR(3), -\fBlwres_gnba\fR(3), -\fBlwres_context\fR(3), -\fBlwres_config\fR(3), -\fBresolver\fR(5), -\fBlwresd\fR(8). diff --git a/lib/liblwres/man/lwres.docbook b/lib/liblwres/man/lwres.docbook deleted file mode 100644 index 15378e908..000000000 --- a/lib/liblwres/man/lwres.docbook +++ /dev/null @@ -1,244 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - -lwres -3 -BIND9 - - -lwres -introduction to the lightweight resolver library - - - - -#include <lwres/lwres.h> - - - - -DESCRIPTION - -The BIND 9 lightweight resolver library is a simple, name service -independent stub resolver library. It provides hostname-to-address -and address-to-hostname lookup services to applications by -transmitting lookup requests to a resolver daemon -lwresd -running on the local host. The resover daemon performs the -lookup using the DNS or possibly other name service protocols, -and returns the results to the application through the library. -The library and resolver daemon communicate using a simple -UDP-based protocol. - - - - -OVERVIEW - -The lwresd library implements multiple name service APIs. -The standard -gethostbyname(), -gethostbyaddr(), -gethostbyname_r(), -gethostbyaddr_r(), -getaddrinfo(), -getipnodebyname(), -and -getipnodebyaddr() -functions are all supported. To allow the lwres library to coexist -with system libraries that define functions of the same name, -the library defines these functions with names prefixed by -lwres_. -To define the standard names, applications must include the -header file -<lwres/netdb.h> -which contains macro definitions mapping the standard function names -into -lwres_ -prefixed ones. Operating system vendors who integrate the lwres -library into their base distributions should rename the functions -in the library proper so that the renaming macros are not needed. - - -The library also provides a native API consisting of the functions -lwres_getaddrsbyname() -and -lwres_getnamebyaddr(). -These may be called by applications that require more detailed -control over the lookup process than the standard functions -provide. - - -In addition to these name service independent address lookup -functions, the library implements a new, experimental API -for looking up arbitrary DNS resource records, using the -lwres_getaddrsbyname() -function. - - -Finally, there is a low-level API for converting lookup -requests and responses to and from raw lwres protocol packets. -This API can be used by clients requiring nonblocking operation, -and is also used when implementing the server side of the lwres -protocol, for example in the -lwresd -resolver daemon. The use of this low-level API in clients -and servers is outlined in the following sections. - - - -CLIENT-SIDE LOW-LEVEL API CALL FLOW - -When a client program wishes to make an lwres request using the -native low-level API, it typically performs the following -sequence of actions. - - -(1) Allocate or use an existing lwres_packet_t, -called pkt below. - - -(2) Set pkt.recvlength to the maximum length we will accept. -This is done so the receiver of our packets knows how large our receive -buffer is. The "default" is a constant in -lwres.h: LWRES_RECVLENGTH = 4096. - - -(3) Set pkt.serial -to a unique serial number. This value is echoed -back to the application by the remote server. - - -(4) Set pkt.pktflags. Usually this is set to 0. - - -(5) Set pkt.result to 0. - - -(6) Call lwres_*request_render(), -or marshall in the data using the primitives -such as lwres_packet_render() -and storing the packet data. - - -(7) Transmit the resulting buffer. - - -(8) Call lwres_*response_parse() -to parse any packets received. - - -(9) Verify that the opcode and serial match a request, and process the -packet specific information contained in the body. - - - -SERVER-SIDE LOW-LEVEL API CALL FLOW - -When implementing the server side of the lightweight resolver -protocol using the lwres library, a sequence of actions like the -following is typically involved in processing each request packet. - - -Note that the same lwres_packet_t is used -in both the _parse() and _render() calls, -with only a few modifications made -to the packet header's contents between uses. This method is recommended -as it keeps the serial, opcode, and other fields correct. - - -(1) When a packet is received, call lwres_*request_parse() to -unmarshall it. This returns a lwres_packet_t (also called pkt, below) -as well as a data specific type, such as lwres_gabnrequest_t. - - -(2) Process the request in the data specific type. - - -(3) Set the pkt.result, -pkt.recvlength as above. All other fields can -be left untouched since they were filled in by the *_parse() call -above. If using lwres_*response_render(), -pkt.pktflags will be set up -properly. Otherwise, the LWRES_LWPACKETFLAG_RESPONSE bit should be -set. - - -(4) Call the data specific rendering function, such as -lwres_gabnresponse_render(). - - -(5) Send the resulting packet to the client. - - - - - -SEE ALSO - - -lwres_gethostent3 -, - - -lwres_getipnode3 -, - - -lwres_getnameinfo3 -, - - -lwres_noop3 -, - - -lwres_gabn3 -, - - -lwres_gnba3 -, - - -lwres_context3 -, - - -lwres_config3 -, - - -resolver5 -, - - -lwresd8 -. - - - - diff --git a/lib/liblwres/man/lwres.html b/lib/liblwres/man/lwres.html deleted file mode 100644 index 7b9f88dcb..000000000 --- a/lib/liblwres/man/lwres.html +++ /dev/null @@ -1,444 +0,0 @@ - -lwres

lwres

Name

lwres -- introduction to the lightweight resolver library

Synopsis

#include <lwres/lwres.h>

DESCRIPTION

The BIND 9 lightweight resolver library is a simple, name service -independent stub resolver library. It provides hostname-to-address -and address-to-hostname lookup services to applications by -transmitting lookup requests to a resolver daemon -lwresd -running on the local host. The resover daemon performs the -lookup using the DNS or possibly other name service protocols, -and returns the results to the application through the library. -The library and resolver daemon communicate using a simple -UDP-based protocol.

OVERVIEW

The lwresd library implements multiple name service APIs. -The standard -gethostbyname(), -gethostbyaddr(), -gethostbyname_r(), -gethostbyaddr_r(), -getaddrinfo(), -getipnodebyname(), -and -getipnodebyaddr() -functions are all supported. To allow the lwres library to coexist -with system libraries that define functions of the same name, -the library defines these functions with names prefixed by -lwres_. -To define the standard names, applications must include the -header file -<lwres/netdb.h> -which contains macro definitions mapping the standard function names -into -lwres_ -prefixed ones. Operating system vendors who integrate the lwres -library into their base distributions should rename the functions -in the library proper so that the renaming macros are not needed.

The library also provides a native API consisting of the functions -lwres_getaddrsbyname() -and -lwres_getnamebyaddr(). -These may be called by applications that require more detailed -control over the lookup process than the standard functions -provide.

In addition to these name service independent address lookup -functions, the library implements a new, experimental API -for looking up arbitrary DNS resource records, using the -lwres_getaddrsbyname() -function.

Finally, there is a low-level API for converting lookup -requests and responses to and from raw lwres protocol packets. -This API can be used by clients requiring nonblocking operation, -and is also used when implementing the server side of the lwres -protocol, for example in the -lwresd -resolver daemon. The use of this low-level API in clients -and servers is outlined in the following sections.

CLIENT-SIDE LOW-LEVEL API CALL FLOW

When a client program wishes to make an lwres request using the -native low-level API, it typically performs the following -sequence of actions.

(1) Allocate or use an existing lwres_packet_t, -called pkt below.

(2) Set pkt.recvlength to the maximum length we will accept. -This is done so the receiver of our packets knows how large our receive -buffer is. The "default" is a constant in -lwres.h: LWRES_RECVLENGTH = 4096.

(3) Set pkt.serial -to a unique serial number. This value is echoed -back to the application by the remote server.

(4) Set pkt.pktflags. Usually this is set to 0.

(5) Set pkt.result to 0.

(6) Call lwres_*request_render(), -or marshall in the data using the primitives -such as lwres_packet_render() -and storing the packet data.

(7) Transmit the resulting buffer.

(8) Call lwres_*response_parse() -to parse any packets received.

(9) Verify that the opcode and serial match a request, and process the -packet specific information contained in the body.

SERVER-SIDE LOW-LEVEL API CALL FLOW

When implementing the server side of the lightweight resolver -protocol using the lwres library, a sequence of actions like the -following is typically involved in processing each request packet.

Note that the same lwres_packet_t is used -in both the _parse() and _render() calls, -with only a few modifications made -to the packet header's contents between uses. This method is recommended -as it keeps the serial, opcode, and other fields correct.

(1) When a packet is received, call lwres_*request_parse() to -unmarshall it. This returns a lwres_packet_t (also called pkt, below) -as well as a data specific type, such as lwres_gabnrequest_t.

(2) Process the request in the data specific type.

(3) Set the pkt.result, -pkt.recvlength as above. All other fields can -be left untouched since they were filled in by the *_parse() call -above. If using lwres_*response_render(), -pkt.pktflags will be set up -properly. Otherwise, the LWRES_LWPACKETFLAG_RESPONSE bit should be -set.

(4) Call the data specific rendering function, such as -lwres_gabnresponse_render().

(5) Send the resulting packet to the client.

SEE ALSO

lwres_gethostent(3), - -lwres_getipnode(3), - -lwres_getnameinfo(3), - -lwres_noop(3), - -lwres_gabn(3), - -lwres_gnba(3), - -lwres_context(3), - -lwres_config(3), - -resolver(5), - -lwresd(8).

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_buffer.3 b/lib/liblwres/man/lwres_buffer.3 deleted file mode 100644 index 8077fc2ef..000000000 --- a/lib/liblwres/man/lwres_buffer.3 +++ /dev/null @@ -1,277 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_BUFFER" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem \- lightweight resolver buffer management -.SH SYNOPSIS -\fB#include -.sp -.na -void -lwres_buffer_init(lwres_buffer_t *b, void *base, unsigned int length); -.ad -.sp -.na -void -lwres_buffer_invalidate(lwres_buffer_t *b); -.ad -.sp -.na -void -lwres_buffer_add(lwres_buffer_t *b, unsigned int n); -.ad -.sp -.na -void -lwres_buffer_subtract(lwres_buffer_t *b, unsigned int n); -.ad -.sp -.na -void -lwres_buffer_clear(lwres_buffer_t *b); -.ad -.sp -.na -void -lwres_buffer_first(lwres_buffer_t *b); -.ad -.sp -.na -void -lwres_buffer_forward(lwres_buffer_t *b, unsigned int n); -.ad -.sp -.na -void -lwres_buffer_back(lwres_buffer_t *b, unsigned int n); -.ad -.sp -.na -lwres_uint8_t -lwres_buffer_getuint8(lwres_buffer_t *b); -.ad -.sp -.na -void -lwres_buffer_putuint8(lwres_buffer_t *b, lwres_uint8_t val); -.ad -.sp -.na -lwres_uint16_t -lwres_buffer_getuint16(lwres_buffer_t *b); -.ad -.sp -.na -void -lwres_buffer_putuint16(lwres_buffer_t *b, lwres_uint16_t val); -.ad -.sp -.na -lwres_uint32_t -lwres_buffer_getuint32(lwres_buffer_t *b); -.ad -.sp -.na -void -lwres_buffer_putuint32(lwres_buffer_t *b, lwres_uint32_t val); -.ad -.sp -.na -void -lwres_buffer_putmem(lwres_buffer_t *b, const unsigned char *base, unsigned int length); -.ad -.sp -.na -void -lwres_buffer_getmem(lwres_buffer_t *b, unsigned char *base, unsigned int length); -.ad -\fR.SH "DESCRIPTION" -.PP -These functions provide bounds checked access to a region of memory -where data is being read or written. -They are based on, and similar to, the -isc_buffer_ -functions in the ISC library. -.PP -A buffer is a region of memory, together with a set of related -subregions. -The \fBused region\fR and the -\fBavailable\fR region are disjoint, and -their union is the buffer's region. -The used region extends from the beginning of the buffer region to the -last used byte. -The available region extends from one byte greater than the last used -byte to the end of the buffer's region. -The size of the used region can be changed using various -buffer commands. -Initially, the used region is empty. -.PP -The used region is further subdivided into two disjoint regions: the -\fBconsumed region\fR and the \fBremaining region\fR. -The union of these two regions is the used region. -The consumed region extends from the beginning of the used region to -the byte before the \fBcurrent\fR offset (if any). -The \fBremaining\fR region the current pointer to the end of the used -region. -The size of the consumed region can be changed using various -buffer commands. -Initially, the consumed region is empty. -.PP -The \fBactive region\fR is an (optional) subregion of the remaining -region. -It extends from the current offset to an offset in the -remaining region. -Initially, the active region is empty. -If the current offset advances beyond the chosen offset, -the active region will also be empty. -.PP -.sp -.nf - - /------------entire length---------------\\\\ - /----- used region -----\\\\/-- available --\\\\ - +----------------------------------------+ - | consumed | remaining | | - +----------------------------------------+ - a b c d e - - a == base of buffer. - b == current pointer. Can be anywhere between a and d. - c == active pointer. Meaningful between b and d. - d == used pointer. - e == length of buffer. - - a-e == entire length of buffer. - a-d == used region. - a-b == consumed region. - b-d == remaining region. - b-c == optional active region. -.sp -.fi -.PP -\fBlwres_buffer_init()\fR -initializes the -\fBlwres_buffer_t\fR -\fI*b\fR -and assocates it with the memory region of size -\fIlength\fR -bytes starting at location -\fIbase.\fR -.PP -\fBlwres_buffer_invalidate()\fR -marks the buffer -\fI*b\fR -as invalid. Invalidating a buffer after use is not required, -but makes it possible to catch its possible accidental use. -.PP -The functions -\fBlwres_buffer_add()\fR -and -\fBlwres_buffer_subtract()\fR -respectively increase and decrease the used space in -buffer -\fI*b\fR -by -\fIn\fR -bytes. -\fBlwres_buffer_add()\fR -checks for buffer overflow and -\fBlwres_buffer_subtract()\fR -checks for underflow. -These functions do not allocate or deallocate memory. -They just change the value of -\fBused\fR. -.PP -A buffer is re-initialised by -\fBlwres_buffer_clear()\fR. -The function sets -\fBused\fR , -\fBcurrent\fR -and -\fBactive\fR -to zero. -.PP -\fBlwres_buffer_first\fR -makes the consumed region of buffer -\fI*p\fR -empty by setting -\fBcurrent\fR -to zero (the start of the buffer). -.PP -\fBlwres_buffer_forward()\fR -increases the consumed region of buffer -\fI*b\fR -by -\fIn\fR -bytes, checking for overflow. -Similarly, -\fBlwres_buffer_back()\fR -decreases buffer -\fIb\fR's -consumed region by -\fIn\fR -bytes and checks for underflow. -.PP -\fBlwres_buffer_getuint8()\fR -reads an unsigned 8-bit integer from -\fI*b\fR -and returns it. -\fBlwres_buffer_putuint8()\fR -writes the unsigned 8-bit integer -\fIval\fR -to buffer -\fI*b\fR. -.PP -\fBlwres_buffer_getuint16()\fR -and -\fBlwres_buffer_getuint32()\fR -are identical to -\fBlwres_buffer_putuint8()\fR -except that they respectively read an unsigned 16-bit or 32-bit integer -in network byte order from -\fIb\fR. -Similarly, -\fBlwres_buffer_putuint16()\fR -and -\fBlwres_buffer_putuint32()\fR -writes the unsigned 16-bit or 32-bit integer -\fIval\fR -to buffer -\fIb\fR, -in network byte order. -.PP -Arbitrary amounts of data are read or written from a lightweight -resolver buffer with -\fBlwres_buffer_getmem()\fR -and -\fBlwres_buffer_putmem()\fR -respectively. -\fBlwres_buffer_putmem()\fR -copies -\fIlength\fR -bytes of memory at -\fIbase\fR -to -\fIb\fR. -Conversely, -\fBlwres_buffer_getmem()\fR -copies -\fIlength\fR -bytes of memory from -\fIb\fR -to -\fIbase\fR. diff --git a/lib/liblwres/man/lwres_buffer.docbook b/lib/liblwres/man/lwres_buffer.docbook deleted file mode 100644 index 8f9d55889..000000000 --- a/lib/liblwres/man/lwres_buffer.docbook +++ /dev/null @@ -1,378 +0,0 @@ - - - - - - - -Jun 30, 2000 - - - -lwres_buffer -3 -BIND9 - - - -lwres_buffer_init -lwres_buffer_invalidate -lwres_buffer_add -lwres_buffer_subtract -lwres_buffer_clear -lwres_buffer_first -lwres_buffer_forward -lwres_buffer_back -lwres_buffer_getuint8 -lwres_buffer_putuint8 -lwres_buffer_getuint16 -lwres_buffer_putuint16 -lwres_buffer_getuint32 -lwres_buffer_putuint32 -lwres_buffer_putmem -lwres_buffer_getmem -lightweight resolver buffer management - - - - - - -#include <lwres/lwbuffer.h> - - - - - -void -lwres_buffer_init -lwres_buffer_t *b -void *base -unsigned int length - - - - -void -lwres_buffer_invalidate -lwres_buffer_t *b - - - -void -lwres_buffer_add -lwres_buffer_t *b -unsigned int n - - - - -void -lwres_buffer_subtract -lwres_buffer_t *b -unsigned int n - - - - -void -lwres_buffer_clear -lwres_buffer_t *b - - - - -void -lwres_buffer_first -lwres_buffer_t *b - - - - -void -lwres_buffer_forward -lwres_buffer_t *b -unsigned int n - - - - -void -lwres_buffer_back -lwres_buffer_t *b -unsigned int n - - - - -lwres_uint8_t -lwres_buffer_getuint8 -lwres_buffer_t *b - - - - -void -lwres_buffer_putuint8 -lwres_buffer_t *b -lwres_uint8_t val - - - - -lwres_uint16_t -lwres_buffer_getuint16 -lwres_buffer_t *b - - - - -void -lwres_buffer_putuint16 -lwres_buffer_t *b -lwres_uint16_t val - - - - -lwres_uint32_t -lwres_buffer_getuint32 -lwres_buffer_t *b - - - - -void -lwres_buffer_putuint32 -lwres_buffer_t *b -lwres_uint32_t val - - - - -void -lwres_buffer_putmem -lwres_buffer_t *b -const unsigned char *base -unsigned int length - - - - -void -lwres_buffer_getmem -lwres_buffer_t *b -unsigned char *base -unsigned int length - - - - - - - -DESCRIPTION - -These functions provide bounds checked access to a region of memory -where data is being read or written. -They are based on, and similar to, the -isc_buffer_ -functions in the ISC library. - - -A buffer is a region of memory, together with a set of related -subregions. -The used region and the -available region are disjoint, and -their union is the buffer's region. -The used region extends from the beginning of the buffer region to the -last used byte. -The available region extends from one byte greater than the last used -byte to the end of the buffer's region. -The size of the used region can be changed using various -buffer commands. -Initially, the used region is empty. - - -The used region is further subdivided into two disjoint regions: the -consumed region and the remaining region. -The union of these two regions is the used region. -The consumed region extends from the beginning of the used region to -the byte before the current offset (if any). -The remaining region the current pointer to the end of the used -region. -The size of the consumed region can be changed using various -buffer commands. -Initially, the consumed region is empty. - - -The active region is an (optional) subregion of the remaining -region. -It extends from the current offset to an offset in the -remaining region. -Initially, the active region is empty. -If the current offset advances beyond the chosen offset, -the active region will also be empty. - - - - - /------------entire length---------------\\ - /----- used region -----\\/-- available --\\ - +----------------------------------------+ - | consumed | remaining | | - +----------------------------------------+ - a b c d e - - a == base of buffer. - b == current pointer. Can be anywhere between a and d. - c == active pointer. Meaningful between b and d. - d == used pointer. - e == length of buffer. - - a-e == entire length of buffer. - a-d == used region. - a-b == consumed region. - b-d == remaining region. - b-c == optional active region. - - - -lwres_buffer_init() -initializes the -lwres_buffer_t -*b -and assocates it with the memory region of size -length -bytes starting at location -base. - - -lwres_buffer_invalidate() -marks the buffer -*b -as invalid. Invalidating a buffer after use is not required, -but makes it possible to catch its possible accidental use. - - -The functions -lwres_buffer_add() -and -lwres_buffer_subtract() -respectively increase and decrease the used space in -buffer -*b -by -n -bytes. -lwres_buffer_add() -checks for buffer overflow and -lwres_buffer_subtract() -checks for underflow. -These functions do not allocate or deallocate memory. -They just change the value of -used. - - -A buffer is re-initialised by -lwres_buffer_clear(). -The function sets -used , -current -and -active -to zero. - - -lwres_buffer_first -makes the consumed region of buffer -*p -empty by setting -current -to zero (the start of the buffer). - - -lwres_buffer_forward() -increases the consumed region of buffer -*b -by -n -bytes, checking for overflow. -Similarly, -lwres_buffer_back() -decreases buffer -b's -consumed region by -n -bytes and checks for underflow. - - -lwres_buffer_getuint8() -reads an unsigned 8-bit integer from -*b -and returns it. -lwres_buffer_putuint8() -writes the unsigned 8-bit integer -val -to buffer -*b. - - -lwres_buffer_getuint16() -and -lwres_buffer_getuint32() -are identical to -lwres_buffer_putuint8() -except that they respectively read an unsigned 16-bit or 32-bit integer -in network byte order from -b. -Similarly, -lwres_buffer_putuint16() -and -lwres_buffer_putuint32() -writes the unsigned 16-bit or 32-bit integer -val -to buffer -b, -in network byte order. - - -Arbitrary amounts of data are read or written from a lightweight -resolver buffer with -lwres_buffer_getmem() -and -lwres_buffer_putmem() -respectively. -lwres_buffer_putmem() -copies -length -bytes of memory at -base -to -b. -Conversely, -lwres_buffer_getmem() -copies -length -bytes of memory from -b -to -base. - - - diff --git a/lib/liblwres/man/lwres_buffer.html b/lib/liblwres/man/lwres_buffer.html deleted file mode 100644 index ae2ffd50c..000000000 --- a/lib/liblwres/man/lwres_buffer.html +++ /dev/null @@ -1,608 +0,0 @@ - -lwres_buffer

lwres_buffer

Name

lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem -- lightweight resolver buffer management

Synopsis

#include <lwres/lwbuffer.h>

void -lwres_buffer_init(lwres_buffer_t *b, void *base, unsigned int length);

void -lwres_buffer_invalidate(lwres_buffer_t *b);

void -lwres_buffer_add(lwres_buffer_t *b, unsigned int n);

void -lwres_buffer_subtract(lwres_buffer_t *b, unsigned int n);

void -lwres_buffer_clear(lwres_buffer_t *b);

void -lwres_buffer_first(lwres_buffer_t *b);

void -lwres_buffer_forward(lwres_buffer_t *b, unsigned int n);

void -lwres_buffer_back(lwres_buffer_t *b, unsigned int n);

lwres_uint8_t -lwres_buffer_getuint8(lwres_buffer_t *b);

void -lwres_buffer_putuint8(lwres_buffer_t *b, lwres_uint8_t val);

lwres_uint16_t -lwres_buffer_getuint16(lwres_buffer_t *b);

void -lwres_buffer_putuint16(lwres_buffer_t *b, lwres_uint16_t val);

lwres_uint32_t -lwres_buffer_getuint32(lwres_buffer_t *b);

void -lwres_buffer_putuint32(lwres_buffer_t *b, lwres_uint32_t val);

void -lwres_buffer_putmem(lwres_buffer_t *b, const unsigned char *base, unsigned int length);

void -lwres_buffer_getmem(lwres_buffer_t *b, unsigned char *base, unsigned int length);

DESCRIPTION

These functions provide bounds checked access to a region of memory -where data is being read or written. -They are based on, and similar to, the -isc_buffer_ -functions in the ISC library.

A buffer is a region of memory, together with a set of related -subregions. -The used region and the -available region are disjoint, and -their union is the buffer's region. -The used region extends from the beginning of the buffer region to the -last used byte. -The available region extends from one byte greater than the last used -byte to the end of the buffer's region. -The size of the used region can be changed using various -buffer commands. -Initially, the used region is empty.

The used region is further subdivided into two disjoint regions: the -consumed region and the remaining region. -The union of these two regions is the used region. -The consumed region extends from the beginning of the used region to -the byte before the current offset (if any). -The remaining region the current pointer to the end of the used -region. -The size of the consumed region can be changed using various -buffer commands. -Initially, the consumed region is empty.

The active region is an (optional) subregion of the remaining -region. -It extends from the current offset to an offset in the -remaining region. -Initially, the active region is empty. -If the current offset advances beyond the chosen offset, -the active region will also be empty.

 
-   /------------entire length---------------\\
-   /----- used region -----\\/-- available --\\
-   +----------------------------------------+
-   | consumed  | remaining |                |
-   +----------------------------------------+
-   a           b     c     d                e
- 
-  a == base of buffer.
-  b == current pointer.  Can be anywhere between a and d.
-  c == active pointer.  Meaningful between b and d.
-  d == used pointer.
-  e == length of buffer.
- 
-  a-e == entire length of buffer.
-  a-d == used region.
-  a-b == consumed region.
-  b-d == remaining region.
-  b-c == optional active region.

lwres_buffer_init() -initializes the -lwres_buffer_t -*b -and assocates it with the memory region of size -length -bytes starting at location -base.

lwres_buffer_invalidate() -marks the buffer -*b -as invalid. Invalidating a buffer after use is not required, -but makes it possible to catch its possible accidental use.

The functions -lwres_buffer_add() -and -lwres_buffer_subtract() -respectively increase and decrease the used space in -buffer -*b -by -n -bytes. -lwres_buffer_add() -checks for buffer overflow and -lwres_buffer_subtract() -checks for underflow. -These functions do not allocate or deallocate memory. -They just change the value of -used.

A buffer is re-initialised by -lwres_buffer_clear(). -The function sets -used , -current -and -active -to zero.

lwres_buffer_first -makes the consumed region of buffer -*p -empty by setting -current -to zero (the start of the buffer).

lwres_buffer_forward() -increases the consumed region of buffer -*b -by -n -bytes, checking for overflow. -Similarly, -lwres_buffer_back() -decreases buffer -b's -consumed region by -n -bytes and checks for underflow.

lwres_buffer_getuint8() -reads an unsigned 8-bit integer from -*b -and returns it. -lwres_buffer_putuint8() -writes the unsigned 8-bit integer -val -to buffer -*b.

lwres_buffer_getuint16() -and -lwres_buffer_getuint32() -are identical to -lwres_buffer_putuint8() -except that they respectively read an unsigned 16-bit or 32-bit integer -in network byte order from -b. -Similarly, -lwres_buffer_putuint16() -and -lwres_buffer_putuint32() -writes the unsigned 16-bit or 32-bit integer -val -to buffer -b, -in network byte order.

Arbitrary amounts of data are read or written from a lightweight -resolver buffer with -lwres_buffer_getmem() -and -lwres_buffer_putmem() -respectively. -lwres_buffer_putmem() -copies -length -bytes of memory at -base -to -b. -Conversely, -lwres_buffer_getmem() -copies -length -bytes of memory from -b -to -base.

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_config.3 b/lib/liblwres/man/lwres_config.3 deleted file mode 100644 index 9a93cc0e7..000000000 --- a/lib/liblwres/man/lwres_config.3 +++ /dev/null @@ -1,105 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_CONFIG" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get \- lightweight resolver configuration -.SH SYNOPSIS -\fB#include -.sp -.na -void -lwres_conf_init(lwres_context_t *ctx); -.ad -.sp -.na -void -lwres_conf_clear(lwres_context_t *ctx); -.ad -.sp -.na -lwres_result_t -lwres_conf_parse(lwres_context_t *ctx, const char *filename); -.ad -.sp -.na -lwres_result_t -lwres_conf_print(lwres_context_t *ctx, FILE *fp); -.ad -.sp -.na -lwres_conf_t * -lwres_conf_get(lwres_context_t *ctx); -.ad -\fR.SH "DESCRIPTION" -.PP -\fBlwres_conf_init()\fR -creates an empty -\fBlwres_conf_t\fR -structure for lightweight resolver context -\fIctx\fR. -.PP -\fBlwres_conf_clear()\fR -frees up all the internal memory used by -that -\fBlwres_conf_t\fR -structure in resolver context -\fIctx\fR. -.PP -\fBlwres_conf_parse()\fR -opens the file -\fIfilename\fR -and parses it to initialise the resolver context -\fIctx\fR's -\fBlwres_conf_t\fR -structure. -.PP -\fBlwres_conf_print()\fR -prints the -\fBlwres_conf_t\fR -structure for resolver context -\fIctx\fR -to the -\fBFILE\fR -\fIfp\fR. -.SH "RETURN VALUES" -.PP -\fBlwres_conf_parse()\fR -returns -LWRES_R_SUCCESS -if it successfully read and parsed -\fIfilename\fR. -It returns -LWRES_R_FAILURE -if -\fIfilename\fR -could not be opened or contained incorrect -resolver statements. -.PP -\fBlwres_conf_print()\fR -returns -LWRES_R_SUCCESS -unless an error occurred when converting the network addresses to a -numeric host address string. -If this happens, the function returns -LWRES_R_FAILURE. -.SH "SEE ALSO" -.PP -\fBstdio\fR(3), -\fBresolver\fR(5). -.SH "FILES" -.PP -\fI/etc/resolv.conf\fR diff --git a/lib/liblwres/man/lwres_config.docbook b/lib/liblwres/man/lwres_config.docbook deleted file mode 100644 index 03ec6c211..000000000 --- a/lib/liblwres/man/lwres_config.docbook +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_config -3 -BIND9 - - - -lwres_conf_init -lwres_conf_clear -lwres_conf_parse -lwres_conf_print -lwres_conf_get -lightweight resolver configuration - - - - -#include <lwres/lwres.h> - - -void -lwres_conf_init -lwres_context_t *ctx - - - -void -lwres_conf_clear -lwres_context_t *ctx - - - -lwres_result_t -lwres_conf_parse -lwres_context_t *ctx -const char *filename - - - -lwres_result_t -lwres_conf_print -lwres_context_t *ctx -FILE *fp - - - -lwres_conf_t * -lwres_conf_get -lwres_context_t *ctx - - - - - -DESCRIPTION - -lwres_conf_init() -creates an empty -lwres_conf_t -structure for lightweight resolver context -ctx. - - -lwres_conf_clear() -frees up all the internal memory used by -that -lwres_conf_t -structure in resolver context -ctx. - - -lwres_conf_parse() -opens the file -filename -and parses it to initialise the resolver context -ctx's -lwres_conf_t -structure. - - -lwres_conf_print() -prints the -lwres_conf_t -structure for resolver context -ctx -to the -FILE -fp. - - - - -RETURN VALUES - -lwres_conf_parse() -returns -LWRES_R_SUCCESS -if it successfully read and parsed -filename. -It returns -LWRES_R_FAILURE -if -filename -could not be opened or contained incorrect -resolver statements. - - -lwres_conf_print() -returns -LWRES_R_SUCCESS -unless an error occurred when converting the network addresses to a -numeric host address string. -If this happens, the function returns -LWRES_R_FAILURE. - - - -SEE ALSO - - -stdio3 -, - -resolver5 -. - - -FILES - -/etc/resolv.conf - - - diff --git a/lib/liblwres/man/lwres_config.html b/lib/liblwres/man/lwres_config.html deleted file mode 100644 index 67fbcdd88..000000000 --- a/lib/liblwres/man/lwres_config.html +++ /dev/null @@ -1,295 +0,0 @@ - -lwres_config

lwres_config

Name

lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get -- lightweight resolver configuration

Synopsis

#include <lwres/lwres.h>

void -lwres_conf_init(lwres_context_t *ctx);

void -lwres_conf_clear(lwres_context_t *ctx);

lwres_result_t -lwres_conf_parse(lwres_context_t *ctx, const char *filename);

lwres_result_t -lwres_conf_print(lwres_context_t *ctx, FILE *fp);

lwres_conf_t * -lwres_conf_get(lwres_context_t *ctx);

DESCRIPTION

lwres_conf_init() -creates an empty -lwres_conf_t -structure for lightweight resolver context -ctx.

lwres_conf_clear() -frees up all the internal memory used by -that -lwres_conf_t -structure in resolver context -ctx.

lwres_conf_parse() -opens the file -filename -and parses it to initialise the resolver context -ctx's -lwres_conf_t -structure.

lwres_conf_print() -prints the -lwres_conf_t -structure for resolver context -ctx -to the -FILE -fp.

RETURN VALUES

lwres_conf_parse() -returns -LWRES_R_SUCCESS -if it successfully read and parsed -filename. -It returns -LWRES_R_FAILURE -if -filename -could not be opened or contained incorrect -resolver statements.

lwres_conf_print() -returns -LWRES_R_SUCCESS -unless an error occurred when converting the network addresses to a -numeric host address string. -If this happens, the function returns -LWRES_R_FAILURE.

SEE ALSO

stdio(3), -resolver(5).

FILES

/etc/resolv.conf

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_context.3 b/lib/liblwres/man/lwres_context.3 deleted file mode 100644 index d55c14fef..000000000 --- a/lib/liblwres/man/lwres_context.3 +++ /dev/null @@ -1,194 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_CONTEXT" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv \- lightweight resolver context management -.SH SYNOPSIS -\fB#include -.sp -.na -lwres_result_t -lwres_context_create(lwres_context_t **contextp, void *arg, lwres_malloc_t malloc_function, lwres_free_t free_function); -.ad -.sp -.na -lwres_result_t -lwres_context_destroy(lwres_context_t **contextp); -.ad -.sp -.na -void -lwres_context_initserial(lwres_context_t *ctx, lwres_uint32_t serial); -.ad -.sp -.na -lwres_uint32_t -lwres_context_nextserial(lwres_context_t *ctx); -.ad -.sp -.na -void -lwres_context_freemem(lwres_context_t *ctx, void *mem, size_t len); -.ad -.sp -.na -void -lwres_context_allocmem(lwres_context_t *ctx, size_t len); -.ad -.sp -.na -void * -lwres_context_sendrecv(lwres_context_t *ctx, void *sendbase, int sendlen, void *recvbase, int recvlen, int *recvd_len); -.ad -\fR.SH "DESCRIPTION" -.PP -\fBlwres_context_create()\fR -creates a -\fBlwres_context_t\fR -structure for use in lightweight resolver operations. -It holds a socket and other data needed for communicating -with a resolver daemon. -The new -\fBlwres_context_t\fR -is returned throught -\fIcontextp\fR, -a pointer to a -\fBlwres_context_t\fR -pointer. This -\fBlwres_context_t\fR -pointer must initially be NULL, and is modified -to point to the newly created -\fBlwres_context_t\fR. -.PP -When the lightweight resolver needs to perform dynamic memory -allocation, it will call -\fImalloc_function\fR -to allocate memory and -\fIfree_function\fR -to free it. If -\fImalloc_function\fR -and -\fIfree_function\fR -are NULL, memory is allocated using -\&.Xr malloc 3 -and -\fBfree\fR(3). -It is not permitted to have a NULL -\fImalloc_function\fR -and a non-NULL -\fIfree_function\fR -or vice versa. -\fIarg\fR -is passed as the first parameter to the memory -allocation functions. -If -\fImalloc_function\fR -and -\fIfree_function\fR -are NULL, -\fIarg\fR -is unused and should be passed as NULL. -.PP -Once memory for the structure has been allocated, -it is initialized using -\fBlwres_conf_init\fR(3) -and returned via -\fI*contextp\fR. -.PP -\fBlwres_context_destroy()\fR -destroys a -\fBlwres_context_t\fR, -closing its socket. -\fIcontextp\fR -is a pointer to a pointer to the context that is to be destroyed. -The pointer will be set to NULL when the context has been destroyed. -.PP -The context holds a serial number that is used to identify resolver -request packets and associate responses with the corresponding requests. -This serial number is controlled using -\fBlwres_context_initserial()\fR -and -\fBlwres_context_nextserial()\fR. -\fBlwres_context_initserial()\fR -sets the serial number for context -\fI*ctx\fR -to -\fIserial\fR. -\fBlwres_context_nextserial()\fR -increments the serial number and returns the previous value. -.PP -Memory for a lightweight resolver context is allocated and freed using -\fBlwres_context_allocmem()\fR -and -\fBlwres_context_freemem()\fR. -These use whatever allocations were defined when the context was -created with -\fBlwres_context_create()\fR. -\fBlwres_context_allocmem()\fR -allocates -\fIlen\fR -bytes of memory and if successful returns a pointer to the allocated -storage. -\fBlwres_context_freemem()\fR -frees -\fIlen\fR -bytes of space starting at location -\fImem\fR. -.PP -\fBlwres_context_sendrecv()\fR -performs I/O for the context -\fIctx\fR. -Data are read and written from the context's socket. -It writes data from -\fIsendbase\fR -\(em typically a lightweight resolver query packet \(em -and waits for a reply which is copied to the receive buffer at -\fIrecvbase\fR. -The number of bytes that were written to this receive buffer is -returned in -\fI*recvd_len\fR. -.SH "RETURN VALUES" -.PP -\fBlwres_context_create()\fR -returns -LWRES_R_NOMEMORY -if memory for the -\fBstruct lwres_context\fR -could not be allocated, -LWRES_R_SUCCESS -otherwise. -.PP -Successful calls to the memory allocator -\fBlwres_context_allocmem()\fR -return a pointer to the start of the allocated space. -It returns NULL if memory could not be allocated. -.PP -LWRES_R_SUCCESS -is returned when -\fBlwres_context_sendrecv()\fR -completes successfully. -LWRES_R_IOERROR -is returned if an I/O error occurs and -LWRES_R_TIMEOUT -is returned if -\fBlwres_context_sendrecv()\fR -times out waiting for a response. -.SH "SEE ALSO" -.PP -\fBlwres_conf_init\fR(3), -\fBmalloc\fR(3), -\fBfree\fR(3). diff --git a/lib/liblwres/man/lwres_context.docbook b/lib/liblwres/man/lwres_context.docbook deleted file mode 100644 index 9cdfa7525..000000000 --- a/lib/liblwres/man/lwres_context.docbook +++ /dev/null @@ -1,283 +0,0 @@ - - - - - - - - - -Jun 30, 2000 - - -lwres_context -3 -BIND9 - - -lwres_context_create -lwres_context_destroy -lwres_context_nextserial -lwres_context_initserial -lwres_context_freemem -lwres_context_allocmem -lwres_context_sendrecv -lightweight resolver context management - - - -#include <lwres/lwres.h> - - -lwres_result_t -lwres_context_create -lwres_context_t **contextp -void *arg -lwres_malloc_t malloc_function -lwres_free_t free_function - - - -lwres_result_t -lwres_context_destroy -lwres_context_t **contextp - - - -void -lwres_context_initserial -lwres_context_t *ctx -lwres_uint32_t serial - - - -lwres_uint32_t -lwres_context_nextserial -lwres_context_t *ctx - - - -void -lwres_context_freemem -lwres_context_t *ctx -void *mem -size_t len - - - -void -lwres_context_allocmem -lwres_context_t *ctx -size_t len - - - -void * -lwres_context_sendrecv -lwres_context_t *ctx -void *sendbase -int sendlen -void *recvbase -int recvlen -int *recvd_len - - - - -DESCRIPTION - -lwres_context_create() -creates a -lwres_context_t -structure for use in lightweight resolver operations. -It holds a socket and other data needed for communicating -with a resolver daemon. -The new -lwres_context_t -is returned throught -contextp, - -a pointer to a -lwres_context_t -pointer. This -lwres_context_t -pointer must initially be NULL, and is modified -to point to the newly created -lwres_context_t. - - - -When the lightweight resolver needs to perform dynamic memory -allocation, it will call -malloc_function -to allocate memory and -free_function - -to free it. If -malloc_function -and -free_function - -are NULL, memory is allocated using -.Xr malloc 3 -and - -free3 -. - -It is not permitted to have a NULL -malloc_function -and a non-NULL -free_function -or vice versa. -arg -is passed as the first parameter to the memory -allocation functions. -If -malloc_function -and -free_function -are NULL, -arg - -is unused and should be passed as NULL. - - -Once memory for the structure has been allocated, -it is initialized using - -lwres_conf_init3 - - -and returned via -*contextp. - - - -lwres_context_destroy() -destroys a -lwres_context_t, - -closing its socket. -contextp -is a pointer to a pointer to the context that is to be destroyed. -The pointer will be set to NULL when the context has been destroyed. - - -The context holds a serial number that is used to identify resolver -request packets and associate responses with the corresponding requests. -This serial number is controlled using -lwres_context_initserial() -and -lwres_context_nextserial(). -lwres_context_initserial() -sets the serial number for context -*ctx -to -serial. - -lwres_context_nextserial() -increments the serial number and returns the previous value. - - -Memory for a lightweight resolver context is allocated and freed using -lwres_context_allocmem() -and -lwres_context_freemem(). -These use whatever allocations were defined when the context was -created with -lwres_context_create(). -lwres_context_allocmem() -allocates -len -bytes of memory and if successful returns a pointer to the allocated -storage. -lwres_context_freemem() -frees -len -bytes of space starting at location -mem. - - - -lwres_context_sendrecv() -performs I/O for the context -ctx. - -Data are read and written from the context's socket. -It writes data from -sendbase -— typically a lightweight resolver query packet — -and waits for a reply which is copied to the receive buffer at -recvbase. - -The number of bytes that were written to this receive buffer is -returned in -*recvd_len. - - - - -RETURN VALUES - -lwres_context_create() -returns -LWRES_R_NOMEMORY -if memory for the -struct lwres_context -could not be allocated, -LWRES_R_SUCCESS -otherwise. - - -Successful calls to the memory allocator -lwres_context_allocmem() -return a pointer to the start of the allocated space. -It returns NULL if memory could not be allocated. - - -LWRES_R_SUCCESS -is returned when -lwres_context_sendrecv() -completes successfully. -LWRES_R_IOERROR -is returned if an I/O error occurs and -LWRES_R_TIMEOUT -is returned if -lwres_context_sendrecv() -times out waiting for a response. - - - -SEE ALSO - - -lwres_conf_init3 -, - - -malloc3 -, - - -free3 - -. - - - diff --git a/lib/liblwres/man/lwres_context.html b/lib/liblwres/man/lwres_context.html deleted file mode 100644 index 377125c43..000000000 --- a/lib/liblwres/man/lwres_context.html +++ /dev/null @@ -1,519 +0,0 @@ - -lwres_context

lwres_context

Name

lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv -- lightweight resolver context management

Synopsis

#include <lwres/lwres.h>

lwres_result_t -lwres_context_create(lwres_context_t **contextp, void *arg, lwres_malloc_t malloc_function, lwres_free_t free_function);

lwres_result_t -lwres_context_destroy(lwres_context_t **contextp);

void -lwres_context_initserial(lwres_context_t *ctx, lwres_uint32_t serial);

lwres_uint32_t -lwres_context_nextserial(lwres_context_t *ctx);

void -lwres_context_freemem(lwres_context_t *ctx, void *mem, size_t len);

void -lwres_context_allocmem(lwres_context_t *ctx, size_t len);

void * -lwres_context_sendrecv(lwres_context_t *ctx, void *sendbase, int sendlen, void *recvbase, int recvlen, int *recvd_len);

DESCRIPTION

lwres_context_create() -creates a -lwres_context_t -structure for use in lightweight resolver operations. -It holds a socket and other data needed for communicating -with a resolver daemon. -The new -lwres_context_t -is returned throught -contextp, - -a pointer to a -lwres_context_t -pointer. This -lwres_context_t -pointer must initially be NULL, and is modified -to point to the newly created -lwres_context_t.

When the lightweight resolver needs to perform dynamic memory -allocation, it will call -malloc_function -to allocate memory and -free_function - -to free it. If -malloc_function -and -free_function - -are NULL, memory is allocated using -.Xr malloc 3 -and -free(3). - -It is not permitted to have a NULL -malloc_function -and a non-NULL -free_function -or vice versa. -arg -is passed as the first parameter to the memory -allocation functions. -If -malloc_function -and -free_function -are NULL, -arg - -is unused and should be passed as NULL.

Once memory for the structure has been allocated, -it is initialized using -lwres_conf_init(3) - -and returned via -*contextp.

lwres_context_destroy() -destroys a -lwres_context_t, - -closing its socket. -contextp -is a pointer to a pointer to the context that is to be destroyed. -The pointer will be set to NULL when the context has been destroyed.

The context holds a serial number that is used to identify resolver -request packets and associate responses with the corresponding requests. -This serial number is controlled using -lwres_context_initserial() -and -lwres_context_nextserial(). -lwres_context_initserial() -sets the serial number for context -*ctx -to -serial. - -lwres_context_nextserial() -increments the serial number and returns the previous value.

Memory for a lightweight resolver context is allocated and freed using -lwres_context_allocmem() -and -lwres_context_freemem(). -These use whatever allocations were defined when the context was -created with -lwres_context_create(). -lwres_context_allocmem() -allocates -len -bytes of memory and if successful returns a pointer to the allocated -storage. -lwres_context_freemem() -frees -len -bytes of space starting at location -mem.

lwres_context_sendrecv() -performs I/O for the context -ctx. - -Data are read and written from the context's socket. -It writes data from -sendbase -— typically a lightweight resolver query packet — -and waits for a reply which is copied to the receive buffer at -recvbase. - -The number of bytes that were written to this receive buffer is -returned in -*recvd_len.

RETURN VALUES

lwres_context_create() -returns -LWRES_R_NOMEMORY -if memory for the -struct lwres_context -could not be allocated, -LWRES_R_SUCCESS -otherwise.

Successful calls to the memory allocator -lwres_context_allocmem() -return a pointer to the start of the allocated space. -It returns NULL if memory could not be allocated.

LWRES_R_SUCCESS -is returned when -lwres_context_sendrecv() -completes successfully. -LWRES_R_IOERROR -is returned if an I/O error occurs and -LWRES_R_TIMEOUT -is returned if -lwres_context_sendrecv() -times out waiting for a response.

SEE ALSO

lwres_conf_init(3), - -malloc(3), - -free(3).

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_gabn.3 b/lib/liblwres/man/lwres_gabn.3 deleted file mode 100644 index 79a22c14f..000000000 --- a/lib/liblwres/man/lwres_gabn.3 +++ /dev/null @@ -1,193 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_GABN" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free \- lightweight resolver getaddrbyname message handling -.SH SYNOPSIS -\fB#include -.sp -.na -lwres_result_t -lwres_gabnrequest_render(lwres_context_t *ctx, lwres_gabnrequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b); -.ad -.sp -.na -lwres_result_t -lwres_gabnresponse_render(lwres_context_t *ctx, lwres_gabnresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b); -.ad -.sp -.na -lwres_result_t -lwres_gabnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gabnrequest_t **structp); -.ad -.sp -.na -lwres_result_t -lwres_gabnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gabnresponse_t **structp); -.ad -.sp -.na -void -lwres_gabnresponse_free(lwres_context_t *ctx, lwres_gabnresponse_t **structp); -.ad -.sp -.na -void -lwres_gabnrequest_free(lwres_context_t *ctx, lwres_gabnrequest_t **structp); -.ad -\fR.SH "DESCRIPTION" -.PP -These are low-level routines for creating and parsing -lightweight resolver name-to-address lookup request and -response messages. -.PP -There are four main functions for the getaddrbyname opcode. -One render function converts a getaddrbyname request structure \(em -\fBlwres_gabnrequest_t\fR \(em -to the lighweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a getaddrbyname request structure. -Another render function converts the getaddrbyname response structure \(em -\fBlwres_gabnresponse_t\fR \(em -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a getaddrbyname response structure. -.PP -These structures are defined in -\fI\fR. -They are shown below. -.sp -.nf -#define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U - -typedef struct lwres_addr lwres_addr_t; -typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t; - -typedef struct { - lwres_uint32_t flags; - lwres_uint32_t addrtypes; - lwres_uint16_t namelen; - char *name; -} lwres_gabnrequest_t; - -typedef struct { - lwres_uint32_t flags; - lwres_uint16_t naliases; - lwres_uint16_t naddrs; - char *realname; - char **aliases; - lwres_uint16_t realnamelen; - lwres_uint16_t *aliaslen; - lwres_addrlist_t addrs; - void *base; - size_t baselen; -} lwres_gabnresponse_t; -.sp -.fi -.PP -\fBlwres_gabnrequest_render()\fR -uses resolver context -\fIctx\fR -to convert getaddrbyname request structure -\fIreq\fR -to canonical format. -The packet header structure -\fIpkt\fR -is initialised and transferred to -buffer -\fIb\fR. -The contents of -\fI*req\fR -are then appended to the buffer in canonical format. -\fBlwres_gabnresponse_render()\fR -performs the same task, except it converts a getaddrbyname response structure -\fBlwres_gabnresponse_t\fR -to the lightweight resolver's canonical format. -.PP -\fBlwres_gabnrequest_parse()\fR -uses context -\fIctx\fR -to convert the contents of packet -\fIpkt\fR -to a -\fBlwres_gabnrequest_t\fR -structure. -Buffer -\fIb\fR -provides space to be used for storing this structure. -When the function succeeds, the resulting -\fBlwres_gabnrequest_t\fR -is made available through -\fI*structp\fR. -\fBlwres_gabnresponse_parse()\fR -offers the same semantics as -\fBlwres_gabnrequest_parse()\fR -except it yields a -\fBlwres_gabnresponse_t\fR -structure. -.PP -\fBlwres_gabnresponse_free()\fR -and -\fBlwres_gabnrequest_free()\fR -release the memory in resolver context -\fIctx\fR -that was allocated to the -\fBlwres_gabnresponse_t\fR -or -\fBlwres_gabnrequest_t\fR -structures referenced via -\fIstructp\fR. -Any memory associated with ancillary buffers and strings for those -structures is also discarded. -.SH "RETURN VALUES" -.PP -The getaddrbyname opcode functions -\fBlwres_gabnrequest_render()\fR, -\fBlwres_gabnresponse_render()\fR -\fBlwres_gabnrequest_parse()\fR -and -\fBlwres_gabnresponse_parse()\fR -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -\fIb\fR -is too small to accommodate the packet header or the -\fBlwres_gabnrequest_t\fR -and -\fBlwres_gabnresponse_t\fR -structures. -\fBlwres_gabnrequest_parse()\fR -and -\fBlwres_gabnresponse_parse()\fR -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -\fBpktflags\fR -in the packet header structure -\fBlwres_lwpacket_t\fR -indicate that the packet is not a response to an earlier query. -.SH "SEE ALSO" -.PP -\fBlwres_packet\fR(3) diff --git a/lib/liblwres/man/lwres_gabn.docbook b/lib/liblwres/man/lwres_gabn.docbook deleted file mode 100644 index 91f549564..000000000 --- a/lib/liblwres/man/lwres_gabn.docbook +++ /dev/null @@ -1,255 +0,0 @@ - - - - - - - - - -Jun 30, 2000 - - -lwres_gabn -3 -BIND9 - - -lwres_gabnrequest_render -lwres_gabnresponse_render -lwres_gabnrequest_parse -lwres_gabnresponse_parse -lwres_gabnresponse_free -lwres_gabnrequest_free -lightweight resolver getaddrbyname message handling - - - -#include <lwres/lwres.h> - - -lwres_result_t -lwres_gabnrequest_render -lwres_context_t *ctx -lwres_gabnrequest_t *req -lwres_lwpacket_t *pkt -lwres_buffer_t *b - - - -lwres_result_t -lwres_gabnresponse_render -lwres_context_t *ctx -lwres_gabnresponse_t *req -lwres_lwpacket_t *pkt -lwres_buffer_t *b - - - -lwres_result_t -lwres_gabnrequest_parse -lwres_context_t *ctx -lwres_buffer_t *b -lwres_lwpacket_t *pkt -lwres_gabnrequest_t **structp - - - -lwres_result_t -lwres_gabnresponse_parse -lwres_context_t *ctx -lwres_buffer_t *b -lwres_lwpacket_t *pkt -lwres_gabnresponse_t **structp - - - -void -lwres_gabnresponse_free -lwres_context_t *ctx -lwres_gabnresponse_t **structp - - - -void -lwres_gabnrequest_free -lwres_context_t *ctx -lwres_gabnrequest_t **structp - - - - -DESCRIPTION - -These are low-level routines for creating and parsing -lightweight resolver name-to-address lookup request and -response messages. - -There are four main functions for the getaddrbyname opcode. -One render function converts a getaddrbyname request structure — -lwres_gabnrequest_t — -to the lighweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a getaddrbyname request structure. -Another render function converts the getaddrbyname response structure — -lwres_gabnresponse_t — -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a getaddrbyname response structure. - - -These structures are defined in -<lwres/lwres.h>. -They are shown below. - -#define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U - -typedef struct lwres_addr lwres_addr_t; -typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t; - -typedef struct { - lwres_uint32_t flags; - lwres_uint32_t addrtypes; - lwres_uint16_t namelen; - char *name; -} lwres_gabnrequest_t; - -typedef struct { - lwres_uint32_t flags; - lwres_uint16_t naliases; - lwres_uint16_t naddrs; - char *realname; - char **aliases; - lwres_uint16_t realnamelen; - lwres_uint16_t *aliaslen; - lwres_addrlist_t addrs; - void *base; - size_t baselen; -} lwres_gabnresponse_t; - - - -lwres_gabnrequest_render() -uses resolver context -ctx -to convert getaddrbyname request structure -req -to canonical format. -The packet header structure -pkt -is initialised and transferred to -buffer -b. - -The contents of -*req -are then appended to the buffer in canonical format. -lwres_gabnresponse_render() -performs the same task, except it converts a getaddrbyname response structure -lwres_gabnresponse_t -to the lightweight resolver's canonical format. - - -lwres_gabnrequest_parse() -uses context -ctx -to convert the contents of packet -pkt -to a -lwres_gabnrequest_t -structure. -Buffer -b -provides space to be used for storing this structure. -When the function succeeds, the resulting -lwres_gabnrequest_t -is made available through -*structp. - -lwres_gabnresponse_parse() -offers the same semantics as -lwres_gabnrequest_parse() -except it yields a -lwres_gabnresponse_t -structure. - - -lwres_gabnresponse_free() -and -lwres_gabnrequest_free() -release the memory in resolver context -ctx -that was allocated to the -lwres_gabnresponse_t -or -lwres_gabnrequest_t -structures referenced via -structp. - -Any memory associated with ancillary buffers and strings for those -structures is also discarded. - - - -RETURN VALUES - -The getaddrbyname opcode functions -lwres_gabnrequest_render(), -lwres_gabnresponse_render() -lwres_gabnrequest_parse() -and -lwres_gabnresponse_parse() -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -lwres_gabnrequest_t -and -lwres_gabnresponse_t -structures. -lwres_gabnrequest_parse() -and -lwres_gabnresponse_parse() -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -lwres_lwpacket_t -indicate that the packet is not a response to an earlier query. - - - -SEE ALSO - - -lwres_packet3 - - - - - diff --git a/lib/liblwres/man/lwres_gabn.html b/lib/liblwres/man/lwres_gabn.html deleted file mode 100644 index 5611cac6c..000000000 --- a/lib/liblwres/man/lwres_gabn.html +++ /dev/null @@ -1,442 +0,0 @@ - -lwres_gabn

lwres_gabn

Name

lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free -- lightweight resolver getaddrbyname message handling

Synopsis

#include <lwres/lwres.h>

lwres_result_t -lwres_gabnrequest_render(lwres_context_t *ctx, lwres_gabnrequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b);

lwres_result_t -lwres_gabnresponse_render(lwres_context_t *ctx, lwres_gabnresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b);

lwres_result_t -lwres_gabnrequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gabnrequest_t **structp);

lwres_result_t -lwres_gabnresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gabnresponse_t **structp);

void -lwres_gabnresponse_free(lwres_context_t *ctx, lwres_gabnresponse_t **structp);

void -lwres_gabnrequest_free(lwres_context_t *ctx, lwres_gabnrequest_t **structp);

DESCRIPTION

These are low-level routines for creating and parsing -lightweight resolver name-to-address lookup request and -response messages.

There are four main functions for the getaddrbyname opcode. -One render function converts a getaddrbyname request structure — -lwres_gabnrequest_t — -to the lighweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a getaddrbyname request structure. -Another render function converts the getaddrbyname response structure — -lwres_gabnresponse_t — -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a getaddrbyname response structure.

These structures are defined in -<lwres/lwres.h>. -They are shown below. -

#define LWRES_OPCODE_GETADDRSBYNAME     0x00010001U
-
-typedef struct lwres_addr lwres_addr_t;
-typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t;
-
-typedef struct {
-        lwres_uint32_t  flags;
-        lwres_uint32_t  addrtypes;
-        lwres_uint16_t  namelen;
-        char           *name;
-} lwres_gabnrequest_t;
-
-typedef struct {
-        lwres_uint32_t          flags;
-        lwres_uint16_t          naliases;
-        lwres_uint16_t          naddrs;
-        char                   *realname;
-        char                  **aliases;
-        lwres_uint16_t          realnamelen;
-        lwres_uint16_t         *aliaslen;
-        lwres_addrlist_t        addrs;
-        void                   *base;
-        size_t                  baselen;
-} lwres_gabnresponse_t;

lwres_gabnrequest_render() -uses resolver context -ctx -to convert getaddrbyname request structure -req -to canonical format. -The packet header structure -pkt -is initialised and transferred to -buffer -b. - -The contents of -*req -are then appended to the buffer in canonical format. -lwres_gabnresponse_render() -performs the same task, except it converts a getaddrbyname response structure -lwres_gabnresponse_t -to the lightweight resolver's canonical format.

lwres_gabnrequest_parse() -uses context -ctx -to convert the contents of packet -pkt -to a -lwres_gabnrequest_t -structure. -Buffer -b -provides space to be used for storing this structure. -When the function succeeds, the resulting -lwres_gabnrequest_t -is made available through -*structp. - -lwres_gabnresponse_parse() -offers the same semantics as -lwres_gabnrequest_parse() -except it yields a -lwres_gabnresponse_t -structure.

lwres_gabnresponse_free() -and -lwres_gabnrequest_free() -release the memory in resolver context -ctx -that was allocated to the -lwres_gabnresponse_t -or -lwres_gabnrequest_t -structures referenced via -structp. - -Any memory associated with ancillary buffers and strings for those -structures is also discarded.

RETURN VALUES

The getaddrbyname opcode functions -lwres_gabnrequest_render(), -lwres_gabnresponse_render() -lwres_gabnrequest_parse() -and -lwres_gabnresponse_parse() -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -lwres_gabnrequest_t -and -lwres_gabnresponse_t -structures. -lwres_gabnrequest_parse() -and -lwres_gabnresponse_parse() -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -lwres_lwpacket_t -indicate that the packet is not a response to an earlier query.

SEE ALSO

lwres_packet(3)

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_gai_strerror.3 b/lib/liblwres/man/lwres_gai_strerror.3 deleted file mode 100644 index a8287e924..000000000 --- a/lib/liblwres/man/lwres_gai_strerror.3 +++ /dev/null @@ -1,86 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_GAI_STRERROR" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -gai_strerror \- print suitable error string -.SH SYNOPSIS -\fB#include -.sp -.na -char * -gai_strerror(int ecode); -.ad -\fR.SH "DESCRIPTION" -.PP -\fBlwres_gai_strerror()\fR -returns an error message corresponding to an error code returned by -\fBgetaddrinfo()\fR. -The following error codes and their meaning are defined in -\fIinclude/lwres/netdb.h\fR. -.TP -\fBEAI_ADDRFAMILY\fR -address family for hostname not supported -.TP -\fBEAI_AGAIN\fR -temporary failure in name resolution -.TP -\fBEAI_BADFLAGS\fR -invalid value for -ai_flags -.TP -\fBEAI_FAIL\fR -non-recoverable failure in name resolution -.TP -\fBEAI_FAMILY\fR -ai_family not supported -.TP -\fBEAI_MEMORY\fR -memory allocation failure -.TP -\fBEAI_NODATA\fR -no address associated with hostname -.TP -\fBEAI_NONAME\fR -hostname or servname not provided, or not known -.TP -\fBEAI_SERVICE\fR -servname not supported for ai_socktype -.TP -\fBEAI_SOCKTYPE\fR -ai_socktype not supported -.TP -\fBEAI_SYSTEM\fR -system error returned in errno -.PP -The message \fBinvalid error code\fR is returned if -\fIecode\fR -is out of range. -.PP -ai_flags, -ai_family -and -ai_socktype -are elements of the -\fBstruct addrinfo\fR -used by -\fBlwres_getaddrinfo()\fR. -.SH "SEE ALSO" -.PP -\fBstrerror\fR(3), -\fBlwres_getaddrinfo\fR(3), -\fBgetaddrinfo\fR(3), -\fBRFC2133\fR. diff --git a/lib/liblwres/man/lwres_gai_strerror.docbook b/lib/liblwres/man/lwres_gai_strerror.docbook deleted file mode 100644 index 6ffe8fc47..000000000 --- a/lib/liblwres/man/lwres_gai_strerror.docbook +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - -Jun 30, 2000 - - -lwres_gai_strerror -3 -BIND9 - - -gai_strerror -print suitable error string - - - -#include <lwres/netdb.h> - - -char * -gai_strerror -int ecode - - - - - -DESCRIPTION - -lwres_gai_strerror() -returns an error message corresponding to an error code returned by -getaddrinfo(). -The following error codes and their meaning are defined in -include/lwres/netdb.h. - -EAI_ADDRFAMILY - - -address family for hostname not supported - - -EAI_AGAIN - - -temporary failure in name resolution - - -EAI_BADFLAGS - - -invalid value for -ai_flags - - -EAI_FAIL - - -non-recoverable failure in name resolution - - -EAI_FAMILY - - -ai_family not supported - - -EAI_MEMORY - - -memory allocation failure - - -EAI_NODATA - - -no address associated with hostname - - -EAI_NONAME - - -hostname or servname not provided, or not known - - -EAI_SERVICE - - -servname not supported for ai_socktype - - -EAI_SOCKTYPE - - -ai_socktype not supported - - -EAI_SYSTEM - - -system error returned in errno - - - -The message invalid error code is returned if -ecode -is out of range. - - -ai_flags, -ai_family -and -ai_socktype -are elements of the -struct addrinfo -used by -lwres_getaddrinfo(). - - - - -SEE ALSO - - -strerror3 -, - - -lwres_getaddrinfo3 -, - - -getaddrinfo3 -, - - -RFC2133 -. - - - diff --git a/lib/liblwres/man/lwres_gai_strerror.html b/lib/liblwres/man/lwres_gai_strerror.html deleted file mode 100644 index 7f245ba4e..000000000 --- a/lib/liblwres/man/lwres_gai_strerror.html +++ /dev/null @@ -1,294 +0,0 @@ - -lwres_gai_strerror

lwres_gai_strerror

Name

gai_strerror -- print suitable error string

Synopsis

#include <lwres/netdb.h>

char * -gai_strerror(int ecode);

DESCRIPTION

lwres_gai_strerror() -returns an error message corresponding to an error code returned by -getaddrinfo(). -The following error codes and their meaning are defined in -include/lwres/netdb.h. -

EAI_ADDRFAMILY

address family for hostname not supported

EAI_AGAIN

temporary failure in name resolution

EAI_BADFLAGS

invalid value for -ai_flags

EAI_FAIL

non-recoverable failure in name resolution

EAI_FAMILY

ai_family not supported

EAI_MEMORY

memory allocation failure

EAI_NODATA

no address associated with hostname

EAI_NONAME

hostname or servname not provided, or not known

EAI_SERVICE

servname not supported for ai_socktype

EAI_SOCKTYPE

ai_socktype not supported

EAI_SYSTEM

system error returned in errno

-The message invalid error code is returned if -ecode -is out of range.

ai_flags, -ai_family -and -ai_socktype -are elements of the -struct addrinfo -used by -lwres_getaddrinfo().

SEE ALSO

strerror(3), - -lwres_getaddrinfo(3), - -getaddrinfo(3), - -RFC2133.

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_getaddrinfo.3 b/lib/liblwres/man/lwres_getaddrinfo.3 deleted file mode 100644 index b7ea46128..000000000 --- a/lib/liblwres/man/lwres_getaddrinfo.3 +++ /dev/null @@ -1,247 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_GETADDRINFO" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_getaddrinfo, lwres_freeaddrinfo \- socket address structure to host and service name -.SH SYNOPSIS -\fB#include -.sp -.na -int -lwres_getaddrinfo(const char *hostname, const char *servname, const struct addrinfo *hints, struct addrinfo **res); -.ad -.sp -.na -void -lwres_freeaddrinfo(struct addrinfo *ai); -.ad -\fR.PP -If the operating system does not provide a -\fBstruct addrinfo\fR, -the following structure is used: -.sp -.nf -struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* length of ai_addr */ - char *ai_canonname; /* canonical name for hostname */ - struct sockaddr *ai_addr; /* binary address */ - struct addrinfo *ai_next; /* next structure in linked list */ -}; -.sp -.fi -.SH "DESCRIPTION" -.PP -\fBlwres_getaddrinfo()\fR -is used to get a list of IP addresses and port numbers for host -\fIhostname\fR -and service -\fIservname\fR. -The function is the lightweight resolver's implementation of -\fBgetaddrinfo()\fR -as defined in RFC2133. -\fIhostname\fR -and -\fIservname\fR -are pointers to null-terminated -strings or -\fBNULL\fR. -\fIhostname\fR -is either a host name or a numeric host address string: a dotted decimal -IPv4 address or an IPv6 address. -\fIservname\fR -is either a decimal port number or a service name as listed in -\fI/etc/services\fR. -.PP -\fIhints\fR -is an optional pointer to a -\fBstruct addrinfo\fR. -This structure can be used to provide hints concerning the type of socket -that the caller supports or wishes to use. -The caller can supply the following structure elements in -\fI*hints\fR: -.TP -\fBai_family\fR -The protocol family that should be used. -When -ai_family -is set to -\fBPF_UNSPEC\fR, -it means the caller will accept any protocol family supported by the -operating system. -.TP -\fBai_socktype\fR -denotes the type of socket \(em -\fBSOCK_STREAM\fR, -\fBSOCK_DGRAM\fR -or -\fBSOCK_RAW\fR -\(em that is wanted. -When -ai_socktype -is zero the caller will accept any socket type. -.TP -\fBai_protocol\fR -indicates which transport protocol is wanted: IPPROTO_UDP or -IPPROTO_TCP. -If -ai_protocol -is zero the caller will accept any protocol. -.TP -\fBai_flags\fR -Flag bits. -If the -\fBAI_CANONNAME\fR -bit is set, a successful call to -\fBlwres_getaddrinfo()\fR -will return a a null-terminated string containing the canonical name -of the specified hostname in -ai_canonname -of the first -\fBaddrinfo\fR -structure returned. -Setting the -\fBAI_PASSIVE\fR -bit indicates that the returned socket address structure is intended -for used in a call to -\fBbind\fR(2). -In this case, if the hostname argument is a -\fBNULL\fR -pointer, then the IP address portion of the socket -address structure will be set to -\fBINADDR_ANY\fR -for an IPv4 address or -\fBIN6ADDR_ANY_INIT\fR -for an IPv6 address. - -When -ai_flags -does not set the -\fBAI_PASSIVE\fR -bit, the returned socket address structure will be ready -for use in a call to -\fBconnect\fR(2) -for a connection-oriented protocol or -\fBconnect\fR(2), -\fBsendto\fR(2), -or -\fBsendmsg\fR(2) -if a connectionless protocol was chosen. -The IP address portion of the socket address structure will be -set to the loopback address if -\fIhostname\fR -is a -\fBNULL\fR -pointer and -\fBAI_PASSIVE\fR -is not set in -ai_flags. - -If -ai_flags -is set to -\fBAI_NUMERICHOST\fR -it indicates that -\fIhostname\fR -should be treated as a numeric string defining an IPv4 or IPv6 address -and no name resolution should be attempted. -.PP -All other elements of the \fBstruct addrinfo\fR passed -via \fIhints\fR must be zero. -.PP -A \fIhints\fR of \fBNULL\fR is treated as if -the caller provided a \fBstruct addrinfo\fR initialized to zero -with ai_familyset to -PF_UNSPEC. -.PP -After a successful call to -\fBlwres_getaddrinfo()\fR, -\fI*res\fR -is a pointer to a linked list of one or more -\fBaddrinfo\fR -structures. -Each -\fBstruct addrinfo\fR -in this list cn be processed by following -the -ai_next -pointer, until a -\fBNULL\fR -pointer is encountered. -The three members -ai_family, -ai_socktype, -and -ai_protocol -in each -returned -\fBaddrinfo\fR -structure contain the corresponding arguments for a call to -\fBsocket\fR(2). -For each -\fBaddrinfo\fR -structure in the list, the -ai_addr -member points to a filled-in socket address structure of length -ai_addrlen. -.PP -All of the information returned by -\fBlwres_getaddrinfo()\fR -is dynamically allocated: the addrinfo structures, and the socket -address structures and canonical host name strings pointed to by the -addrinfostructures. -Memory allocated for the dynamically allocated structures created by -a successful call to -\fBlwres_getaddrinfo()\fR -is released by -\fBlwres_freeaddrinfo()\fR. -\fIai\fR -is a pointer to a -\fBstruct addrinfo\fR -created by a call to -\fBlwres_getaddrinfo()\fR. -.SH "RETURN VALUES" -.PP -\fBlwres_getaddrinfo()\fR -returns zero on success or one of the error codes listed in -\fBgai_strerror\fR(3) -if an error occurs. -If both -\fIhostname\fR -and -\fIservname\fR -are -\fBNULL\fR -\fBlwres_getaddrinfo()\fR -returns -EAI_NONAME. -.SH "SEE ALSO" -.PP -\fBlwres\fR(3), -\fBlwres_getaddrinfo\fR(3), -\fBlwres_freeaddrinfo\fR(3), -\fBlwres_gai_strerror\fR(3), -\fBRFC2133\fR, -\fBgetservbyname\fR(3), -\fBbind\fR(2), -\fBconnect\fR(2), -\fBsendto\fR(2), -\fBsendmsg\fR(2), -\fBsocket\fR(2). diff --git a/lib/liblwres/man/lwres_getaddrinfo.docbook b/lib/liblwres/man/lwres_getaddrinfo.docbook deleted file mode 100644 index f89107304..000000000 --- a/lib/liblwres/man/lwres_getaddrinfo.docbook +++ /dev/null @@ -1,372 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_getaddrinfo -3 -BIND9 - - - -lwres_getaddrinfo -lwres_freeaddrinfo -socket address structure to host and service name - - - -#include <lwres/netdb.h> - - -int -lwres_getaddrinfo -const char *hostname -const char *servname -const struct addrinfo *hints -struct addrinfo **res - - - -void -lwres_freeaddrinfo -struct addrinfo *ai - - - - -If the operating system does not provide a -struct addrinfo, -the following structure is used: - - -struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* length of ai_addr */ - char *ai_canonname; /* canonical name for hostname */ - struct sockaddr *ai_addr; /* binary address */ - struct addrinfo *ai_next; /* next structure in linked list */ -}; - - - - - - -DESCRIPTION - -lwres_getaddrinfo() -is used to get a list of IP addresses and port numbers for host -hostname -and service -servname. - -The function is the lightweight resolver's implementation of -getaddrinfo() -as defined in RFC2133. -hostname -and -servname -are pointers to null-terminated -strings or -NULL. - -hostname -is either a host name or a numeric host address string: a dotted decimal -IPv4 address or an IPv6 address. -servname -is either a decimal port number or a service name as listed in -/etc/services. - - - -hints -is an optional pointer to a -struct addrinfo. -This structure can be used to provide hints concerning the type of socket -that the caller supports or wishes to use. -The caller can supply the following structure elements in -*hints: - - -ai_family - -The protocol family that should be used. -When -ai_family -is set to -PF_UNSPEC, -it means the caller will accept any protocol family supported by the -operating system. - -ai_socktype - - -denotes the type of socket — -SOCK_STREAM, -SOCK_DGRAM -or -SOCK_RAW -— that is wanted. -When -ai_socktype -is zero the caller will accept any socket type. - - - -ai_protocol - - -indicates which transport protocol is wanted: IPPROTO_UDP or -IPPROTO_TCP. -If -ai_protocol -is zero the caller will accept any protocol. - - - -ai_flags - - -Flag bits. -If the -AI_CANONNAME -bit is set, a successful call to -lwres_getaddrinfo() -will return a a null-terminated string containing the canonical name -of the specified hostname in -ai_canonname -of the first -addrinfo -structure returned. -Setting the -AI_PASSIVE -bit indicates that the returned socket address structure is intended -for used in a call to - -bind2 -. - -In this case, if the hostname argument is a -NULL -pointer, then the IP address portion of the socket -address structure will be set to -INADDR_ANY -for an IPv4 address or -IN6ADDR_ANY_INIT -for an IPv6 address. - - -When -ai_flags -does not set the -AI_PASSIVE -bit, the returned socket address structure will be ready -for use in a call to - -connect2 - - -for a connection-oriented protocol or - -connect2 -, - - -sendto2 -, - -or - -sendmsg2 - - -if a connectionless protocol was chosen. -The IP address portion of the socket address structure will be -set to the loopback address if -hostname -is a -NULL -pointer and -AI_PASSIVE -is not set in -ai_flags. - - -If -ai_flags -is set to -AI_NUMERICHOST -it indicates that -hostname -should be treated as a numeric string defining an IPv4 or IPv6 address -and no name resolution should be attempted. - - - - - - - -All other elements of the struct addrinfo passed -via hints must be zero. - - - -A hints of NULL is treated as if -the caller provided a struct addrinfo initialized to zero -with ai_familyset to -PF_UNSPEC. - - - -After a successful call to -lwres_getaddrinfo(), -*res -is a pointer to a linked list of one or more -addrinfo -structures. -Each -struct addrinfo -in this list cn be processed by following -the -ai_next -pointer, until a -NULL -pointer is encountered. -The three members -ai_family, -ai_socktype, -and -ai_protocol -in each -returned -addrinfo -structure contain the corresponding arguments for a call to - -socket2 -. -For each -addrinfo -structure in the list, the -ai_addr -member points to a filled-in socket address structure of length -ai_addrlen. - - - -All of the information returned by -lwres_getaddrinfo() -is dynamically allocated: the addrinfo structures, and the socket -address structures and canonical host name strings pointed to by the -addrinfostructures. -Memory allocated for the dynamically allocated structures created by -a successful call to -lwres_getaddrinfo() -is released by -lwres_freeaddrinfo(). -ai -is a pointer to a -struct addrinfo -created by a call to -lwres_getaddrinfo(). - - - - - -RETURN VALUES - -lwres_getaddrinfo() -returns zero on success or one of the error codes listed in - -gai_strerror3 - - -if an error occurs. -If both -hostname -and -servname -are -NULL -lwres_getaddrinfo() -returns -EAI_NONAME. - - - - -SEE ALSO - - -lwres3 -, - - -lwres_getaddrinfo3 -, - - -lwres_freeaddrinfo3 -, - - -lwres_gai_strerror3 -, - - -RFC2133 -, - - -getservbyname3 -, - - -bind2 -, - - -connect2 -, - - -sendto2 -, - - -sendmsg2 -, - - -socket2 -. - - - - diff --git a/lib/liblwres/man/lwres_getaddrinfo.html b/lib/liblwres/man/lwres_getaddrinfo.html deleted file mode 100644 index d04ecc1a2..000000000 --- a/lib/liblwres/man/lwres_getaddrinfo.html +++ /dev/null @@ -1,722 +0,0 @@ - -lwres_getaddrinfo

lwres_getaddrinfo

Name

lwres_getaddrinfo, lwres_freeaddrinfo -- socket address structure to host and service name

Synopsis

#include <lwres/netdb.h>

int -lwres_getaddrinfo(const char *hostname, const char *servname, const struct addrinfo *hints, struct addrinfo **res);

void -lwres_freeaddrinfo(struct addrinfo *ai);

If the operating system does not provide a -struct addrinfo, -the following structure is used: - -

struct  addrinfo {
-        int             ai_flags;       /* AI_PASSIVE, AI_CANONNAME */
-        int             ai_family;      /* PF_xxx */
-        int             ai_socktype;    /* SOCK_xxx */
-        int             ai_protocol;    /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
-        size_t          ai_addrlen;     /* length of ai_addr */
-        char            *ai_canonname;  /* canonical name for hostname */
-        struct sockaddr *ai_addr;       /* binary address */
-        struct addrinfo *ai_next;       /* next structure in linked list */
-};

DESCRIPTION

lwres_getaddrinfo() -is used to get a list of IP addresses and port numbers for host -hostname -and service -servname. - -The function is the lightweight resolver's implementation of -getaddrinfo() -as defined in RFC2133. -hostname -and -servname -are pointers to null-terminated -strings or -NULL. - -hostname -is either a host name or a numeric host address string: a dotted decimal -IPv4 address or an IPv6 address. -servname -is either a decimal port number or a service name as listed in -/etc/services.

hints -is an optional pointer to a -struct addrinfo. -This structure can be used to provide hints concerning the type of socket -that the caller supports or wishes to use. -The caller can supply the following structure elements in -*hints: - -

ai_family

The protocol family that should be used. -When -ai_family -is set to -PF_UNSPEC, -it means the caller will accept any protocol family supported by the -operating system.

ai_socktype

denotes the type of socket — -SOCK_STREAM, -SOCK_DGRAM -or -SOCK_RAW -— that is wanted. -When -ai_socktype -is zero the caller will accept any socket type.

ai_protocol

indicates which transport protocol is wanted: IPPROTO_UDP or -IPPROTO_TCP. -If -ai_protocol -is zero the caller will accept any protocol.

ai_flags

Flag bits. -If the -AI_CANONNAME -bit is set, a successful call to -lwres_getaddrinfo() -will return a a null-terminated string containing the canonical name -of the specified hostname in -ai_canonname -of the first -addrinfo -structure returned. -Setting the -AI_PASSIVE -bit indicates that the returned socket address structure is intended -for used in a call to -bind(2). - -In this case, if the hostname argument is a -NULL -pointer, then the IP address portion of the socket -address structure will be set to -INADDR_ANY -for an IPv4 address or -IN6ADDR_ANY_INIT -for an IPv6 address.

When -ai_flags -does not set the -AI_PASSIVE -bit, the returned socket address structure will be ready -for use in a call to -connect(2) -for a connection-oriented protocol or -connect(2), - -sendto(2), - -or -sendmsg(2) -if a connectionless protocol was chosen. -The IP address portion of the socket address structure will be -set to the loopback address if -hostname -is a -NULL -pointer and -AI_PASSIVE -is not set in -ai_flags.

If -ai_flags -is set to -AI_NUMERICHOST -it indicates that -hostname -should be treated as a numeric string defining an IPv4 or IPv6 address -and no name resolution should be attempted.

All other elements of the struct addrinfo passed -via hints must be zero.

A hints of NULL is treated as if -the caller provided a struct addrinfo initialized to zero -with ai_familyset to -PF_UNSPEC.

After a successful call to -lwres_getaddrinfo(), -*res -is a pointer to a linked list of one or more -addrinfo -structures. -Each -struct addrinfo -in this list cn be processed by following -the -ai_next -pointer, until a -NULL -pointer is encountered. -The three members -ai_family, -ai_socktype, -and -ai_protocol -in each -returned -addrinfo -structure contain the corresponding arguments for a call to -socket(2). -For each -addrinfo -structure in the list, the -ai_addr -member points to a filled-in socket address structure of length -ai_addrlen.

All of the information returned by -lwres_getaddrinfo() -is dynamically allocated: the addrinfo structures, and the socket -address structures and canonical host name strings pointed to by the -addrinfostructures. -Memory allocated for the dynamically allocated structures created by -a successful call to -lwres_getaddrinfo() -is released by -lwres_freeaddrinfo(). -ai -is a pointer to a -struct addrinfo -created by a call to -lwres_getaddrinfo().

RETURN VALUES

lwres_getaddrinfo() -returns zero on success or one of the error codes listed in -gai_strerror(3) -if an error occurs. -If both -hostname -and -servname -are -NULL -lwres_getaddrinfo() -returns -EAI_NONAME.

SEE ALSO

lwres(3), - -lwres_getaddrinfo(3), - -lwres_freeaddrinfo(3), - -lwres_gai_strerror(3), - -RFC2133, - -getservbyname(3), - -bind(2), - -connect(2), - -sendto(2), - -sendmsg(2), - -socket(2).

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_gethostent.3 b/lib/liblwres/man/lwres_gethostent.3 deleted file mode 100644 index 44811ef4d..000000000 --- a/lib/liblwres/man/lwres_gethostent.3 +++ /dev/null @@ -1,270 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_GETHOSTENT" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r \- lightweight resolver get network host entry -.SH SYNOPSIS -\fB#include -.sp -.na -struct hostent * -lwres_gethostbyname(const char *name); -.ad -.sp -.na -struct hostent * -lwres_gethostbyname2(const char *name, int af); -.ad -.sp -.na -struct hostent * -lwres_gethostbyaddr(const char *addr, int len, int type); -.ad -.sp -.na -struct hostent * -lwres_gethostent(void); -.ad -.sp -.na -void -lwres_sethostent(int stayopen); -.ad -.sp -.na -void -lwres_endhostent(void); -.ad -.sp -.na -struct hostent * -lwres_gethostbyname_r(const char *name, struct hostent *resbuf, char *buf, int buflen, int *error); -.ad -.sp -.na -struct hostent * -lwres_gethostbyaddr_r(const char *addr, int len, int type, struct hostent *resbuf, char *buf, int buflen, int *error); -.ad -.sp -.na -struct hostent * -lwres_gethostent_r(struct hostent *resbuf, char *buf, int buflen, int *error); -.ad -.sp -.na -void -lwres_sethostent_r(int stayopen); -.ad -.sp -.na -void -lwres_endhostent_r(void); -.ad -\fR.SH "DESCRIPTION" -.PP -These functions provide hostname-to-address and -address-to-hostname lookups by means of the lightweight resolver. -They are similar to the standard -\fBgethostent\fR(3) -functions provided by most operating systems. -They use a -\fBstruct hostent\fR -which is usually defined in -\fI\fR. -.sp -.nf -struct hostent { - char *h_name; /* official name of host */ - char **h_aliases; /* alias list */ - int h_addrtype; /* host address type */ - int h_length; /* length of address */ - char **h_addr_list; /* list of addresses from name server */ -}; -#define h_addr h_addr_list[0] /* address, for backward compatibility */ -.sp -.fi -.PP -The members of this structure are: -.TP -\fBh_name\fR -The official (canonical) name of the host. -.TP -\fBh_aliases\fR -A NULL-terminated array of alternate names (nicknames) for the host. -.TP -\fBh_addrtype\fR -The type of address being returned \(em -\fBPF_INET\fR -or -\fBPF_INET6\fR. -.TP -\fBh_length\fR -The length of the address in bytes. -.TP -\fBh_addr_list\fR -A \fBNULL\fR -terminated array of network addresses for the host. -Host addresses are returned in network byte order. -.PP -For backward compatibility with very old software, -h_addr -is the first address in -h_addr_list. -.PP -\fBlwres_gethostent()\fR, -\fBlwres_sethostent()\fR, -\fBlwres_endhostent()\fR, -\fBlwres_gethostent_r()\fR, -\fBlwres_sethostent_r()\fR -and -\fBlwres_endhostent_r()\fR -provide iteration over the known host entries on systems that -provide such functionality through facilities like -\fI/etc/hosts\fR -or NIS. The lightweight resolver does not currently implement -these functions; it only provides them as stub functions that always -return failure. -.PP -\fBlwres_gethostbyname()\fR and -\fBlwres_gethostbyname2()\fR look up the hostname -\fIname\fR. -\fBlwres_gethostbyname()\fR always looks for an IPv4 -address while \fBlwres_gethostbyname2()\fR looks for an -address of protocol family \fIaf\fR: either -\fBPF_INET\fR or \fBPF_INET6\fR \(em IPv4 or IPV6 -addresses respectively. Successful calls of the functions return a -\fBstruct hostent\fRfor the name that was looked up. -\fBNULL\fR is returned if the lookups by -\fBlwres_gethostbyname()\fR or -\fBlwres_gethostbyname2()\fR fail. -.PP -Reverse lookups of addresses are performed by -\fBlwres_gethostbyaddr()\fR. -\fIaddr\fR is an address of length -\fIlen\fR bytes and protocol family -\fItype\fR \(em \fBPF_INET\fR or -\fBPF_INET6\fR. -\fBlwres_gethostbyname_r()\fR is a thread-safe function -for forward lookups. If an error occurs, an error code is returned in -\fI*error\fR. -\fIresbuf\fR is a pointer to a \fBstruct -hostent\fR which is initialised by a successful call to -\fBlwres_gethostbyname_r()\fR . -\fIbuf\fR is a buffer of length -\fIlen\fR bytes which is used to store the -h_name, h_aliases, and -h_addr_list elements of the \fBstruct -hostent\fR returned in \fIresbuf\fR. -Successful calls to \fBlwres_gethostbyname_r()\fR -return \fIresbuf\fR, -which is a pointer to the \fBstruct hostent\fR it created. -.PP -\fBlwres_gethostbyaddr_r()\fR is a thread-safe function -that performs a reverse lookup of address \fIaddr\fR -which is \fIlen\fR bytes long and is of protocol -family \fItype\fR \(em \fBPF_INET\fR or -\fBPF_INET6\fR. If an error occurs, the error code is returned -in \fI*error\fR. The other function parameters are -identical to those in \fBlwres_gethostbyname_r()\fR. -\fIresbuf\fR is a pointer to a \fBstruct -hostent\fR which is initialised by a successful call to -\fBlwres_gethostbyaddr_r()\fR. -\fIbuf\fR is a buffer of length -\fIlen\fR bytes which is used to store the -h_name, h_aliases, and -h_addr_list elements of the \fBstruct -hostent\fR returned in \fIresbuf\fR. Successful -calls to \fBlwres_gethostbyaddr_r()\fR return -\fIresbuf\fR, which is a pointer to the -\fBstruct hostent()\fR it created. -.SH "RETURN VALUES" -.PP -The functions -\fBlwres_gethostbyname()\fR, -\fBlwres_gethostbyname2()\fR, -\fBlwres_gethostbyaddr()\fR, -and -\fBlwres_gethostent()\fR -return NULL to indicate an error. In this case the global variable -\fBlwres_h_errno\fR -will contain one of the following error codes defined in -\fI\fR: -.TP -\fBHOST_NOT_FOUND\fR -The host or address was not found. -.TP -\fBTRY_AGAIN\fR -A recoverable error occurred, e.g., a timeout. -Retrying the lookup may succeed. -.TP -\fBNO_RECOVERY\fR -A non-recoverable error occurred. -.TP -\fBNO_DATA\fR -The name exists, but has no address information -associated with it (or vice versa in the case -of a reverse lookup). The code NO_ADDRESS -is accepted as a synonym for NO_DATA for backwards -compatibility. -.PP -\fBlwres_hstrerror\fR(3) -translates these error codes to suitable error messages. -.PP -\fBlwres_gethostent()\fR -and -\fBlwres_gethostent_r()\fR -always return -\fBNULL\fR. -.PP -Successful calls to \fBlwres_gethostbyname_r()\fR and -\fBlwres_gethostbyaddr_r()\fR return -\fIresbuf\fR, a pointer to the \fBstruct -hostent\fR that was initialised by these functions. They return -\fBNULL\fR if the lookups fail or if \fIbuf\fR -was too small to hold the list of addresses and names referenced by -the h_name, h_aliases, and -h_addr_list elements of the \fBstruct -hostent\fR. If \fIbuf\fR was too small, both -\fBlwres_gethostbyname_r()\fR and -\fBlwres_gethostbyaddr_r()\fR set the global variable -\fBerrno\fR to ERANGE. -.SH "SEE ALSO" -.PP -\fBgethostent\fR(3), -\fBlwres_getipnode\fR(3), -\fBlwres_hstrerror\fR(3) -.SH "BUGS" -.PP -\fBlwres_gethostbyname()\fR, -\fBlwres_gethostbyname2()\fR, -\fBlwres_gethostbyaddr()\fR -and -\fBlwres_endhostent()\fR -are not thread safe; they return pointers to static data and -provide error codes through a global variable. -Thread-safe versions for name and address lookup are provided by -\fBlwres_gethostbyname_r()\fR, -and -\fBlwres_gethostbyaddr_r()\fR -respectively. -.PP -The resolver daemon does not currently support any non-DNS -name services such as -\fI/etc/hosts\fR -or -\fBNIS\fR, -consequently the above functions don't, either. diff --git a/lib/liblwres/man/lwres_gethostent.docbook b/lib/liblwres/man/lwres_gethostent.docbook deleted file mode 100644 index 22717821c..000000000 --- a/lib/liblwres/man/lwres_gethostent.docbook +++ /dev/null @@ -1,407 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_gethostent -3 -BIND9 - - - -lwres_gethostbyname -lwres_gethostbyname2 -lwres_gethostbyaddr -lwres_gethostent -lwres_sethostent -lwres_endhostent -lwres_gethostbyname_r -lwres_gethostbyaddr_r -lwres_gethostent_r -lwres_sethostent_r -lwres_endhostent_r -lightweight resolver get network host entry - - - -#include <lwres/netdb.h> - - -struct hostent * -lwres_gethostbyname -const char *name - - - -struct hostent * -lwres_gethostbyname2 -const char *name -int af - - - -struct hostent * -lwres_gethostbyaddr -const char *addr -int len -int type - - - -struct hostent * -lwres_gethostent -void - - - -void -lwres_sethostent -int stayopen - - - -void -lwres_endhostent -void - - - -struct hostent * -lwres_gethostbyname_r -const char *name -struct hostent *resbuf -char *buf -int buflen -int *error - - - -struct hostent * -lwres_gethostbyaddr_r -const char *addr -int len -int type -struct hostent *resbuf -char *buf -int buflen -int *error - - - -struct hostent * -lwres_gethostent_r -struct hostent *resbuf -char *buf -int buflen -int *error - - - -void -lwres_sethostent_r -int stayopen - - - -void -lwres_endhostent_r -void - - - - - -DESCRIPTION - -These functions provide hostname-to-address and -address-to-hostname lookups by means of the lightweight resolver. -They are similar to the standard - -gethostent3 - - -functions provided by most operating systems. -They use a -struct hostent -which is usually defined in -<namedb.h>. - - -struct hostent { - char *h_name; /* official name of host */ - char **h_aliases; /* alias list */ - int h_addrtype; /* host address type */ - int h_length; /* length of address */ - char **h_addr_list; /* list of addresses from name server */ -}; -#define h_addr h_addr_list[0] /* address, for backward compatibility */ - - - -The members of this structure are: - -h_name - - -The official (canonical) name of the host. - - -h_aliases - - -A NULL-terminated array of alternate names (nicknames) for the host. - - -h_addrtype - - -The type of address being returned — -PF_INET -or -PF_INET6. - - -h_length - - -The length of the address in bytes. - - -h_addr_list - - -A NULL -terminated array of network addresses for the host. -Host addresses are returned in network byte order. - - - - - -For backward compatibility with very old software, -h_addr -is the first address in -h_addr_list. - - -lwres_gethostent(), -lwres_sethostent(), -lwres_endhostent(), -lwres_gethostent_r(), -lwres_sethostent_r() -and -lwres_endhostent_r() -provide iteration over the known host entries on systems that -provide such functionality through facilities like -/etc/hosts -or NIS. The lightweight resolver does not currently implement -these functions; it only provides them as stub functions that always -return failure. - - - -lwres_gethostbyname() and -lwres_gethostbyname2() look up the hostname -name. -lwres_gethostbyname() always looks for an IPv4 -address while lwres_gethostbyname2() looks for an -address of protocol family af: either -PF_INET or PF_INET6 — IPv4 or IPV6 -addresses respectively. Successful calls of the functions return a -struct hostentfor the name that was looked up. -NULL is returned if the lookups by -lwres_gethostbyname() or -lwres_gethostbyname2() fail. - - - -Reverse lookups of addresses are performed by -lwres_gethostbyaddr(). -addr is an address of length -len bytes and protocol family -typePF_INET or -PF_INET6. -lwres_gethostbyname_r() is a thread-safe function -for forward lookups. If an error occurs, an error code is returned in -*error. -resbuf is a pointer to a struct -hostent which is initialised by a successful call to -lwres_gethostbyname_r() . -buf is a buffer of length -len bytes which is used to store the -h_name, h_aliases, and -h_addr_list elements of the struct -hostent returned in resbuf. -Successful calls to lwres_gethostbyname_r() -return resbuf, -which is a pointer to the struct hostent it created. - - - -lwres_gethostbyaddr_r() is a thread-safe function -that performs a reverse lookup of address addr -which is len bytes long and is of protocol -family typePF_INET or -PF_INET6. If an error occurs, the error code is returned -in *error. The other function parameters are -identical to those in lwres_gethostbyname_r(). -resbuf is a pointer to a struct -hostent which is initialised by a successful call to -lwres_gethostbyaddr_r(). -buf is a buffer of length -len bytes which is used to store the -h_name, h_aliases, and -h_addr_list elements of the struct -hostent returned in resbuf. Successful -calls to lwres_gethostbyaddr_r() return -resbuf, which is a pointer to the -struct hostent() it created. - - - - - -RETURN VALUES - -The functions -lwres_gethostbyname(), -lwres_gethostbyname2(), -lwres_gethostbyaddr(), -and -lwres_gethostent() -return NULL to indicate an error. In this case the global variable -lwres_h_errno -will contain one of the following error codes defined in -<lwres/netdb.h>: - - -HOST_NOT_FOUND - - -The host or address was not found. - - -TRY_AGAIN - - -A recoverable error occurred, e.g., a timeout. -Retrying the lookup may succeed. - - -NO_RECOVERY - - -A non-recoverable error occurred. - - -NO_DATA - - -The name exists, but has no address information -associated with it (or vice versa in the case -of a reverse lookup). The code NO_ADDRESS -is accepted as a synonym for NO_DATA for backwards -compatibility. - - - - - - - -lwres_hstrerror3 - - -translates these error codes to suitable error messages. - - - -lwres_gethostent() -and -lwres_gethostent_r() -always return -NULL. - - - -Successful calls to lwres_gethostbyname_r() and -lwres_gethostbyaddr_r() return -resbuf, a pointer to the struct -hostent that was initialised by these functions. They return -NULL if the lookups fail or if buf -was too small to hold the list of addresses and names referenced by -the h_name, h_aliases, and -h_addr_list elements of the struct -hostent. If buf was too small, both -lwres_gethostbyname_r() and -lwres_gethostbyaddr_r() set the global variable -errno to ERANGE. - - - - -SEE ALSO - - -gethostent3 -, - - -lwres_getipnode3 -, - - -lwres_hstrerror3 - - - - - - -BUGS - -lwres_gethostbyname(), -lwres_gethostbyname2(), -lwres_gethostbyaddr() -and -lwres_endhostent() -are not thread safe; they return pointers to static data and -provide error codes through a global variable. -Thread-safe versions for name and address lookup are provided by -lwres_gethostbyname_r(), -and -lwres_gethostbyaddr_r() -respectively. - - -The resolver daemon does not currently support any non-DNS -name services such as -/etc/hosts -or -NIS, -consequently the above functions don't, either. - - - diff --git a/lib/liblwres/man/lwres_gethostent.html b/lib/liblwres/man/lwres_gethostent.html deleted file mode 100644 index 28671b86b..000000000 --- a/lib/liblwres/man/lwres_gethostent.html +++ /dev/null @@ -1,827 +0,0 @@ - -lwres_gethostent

lwres_gethostent

Name

lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r -- lightweight resolver get network host entry

Synopsis

#include <lwres/netdb.h>

struct hostent * -lwres_gethostbyname(const char *name);

struct hostent * -lwres_gethostbyname2(const char *name, int af);

struct hostent * -lwres_gethostbyaddr(const char *addr, int len, int type);

struct hostent * -lwres_gethostent(void);

void -lwres_sethostent(int stayopen);

void -lwres_endhostent(void);

struct hostent * -lwres_gethostbyname_r(const char *name, struct hostent *resbuf, char *buf, int buflen, int *error);

struct hostent * -lwres_gethostbyaddr_r(const char *addr, int len, int type, struct hostent *resbuf, char *buf, int buflen, int *error);

struct hostent * -lwres_gethostent_r(struct hostent *resbuf, char *buf, int buflen, int *error);

void -lwres_sethostent_r(int stayopen);

void -lwres_endhostent_r(void);

DESCRIPTION

These functions provide hostname-to-address and -address-to-hostname lookups by means of the lightweight resolver. -They are similar to the standard -gethostent(3) -functions provided by most operating systems. -They use a -struct hostent -which is usually defined in -<namedb.h>. - -

struct  hostent {
-        char    *h_name;        /* official name of host */
-        char    **h_aliases;    /* alias list */
-        int     h_addrtype;     /* host address type */
-        int     h_length;       /* length of address */
-        char    **h_addr_list;  /* list of addresses from name server */
-};
-#define h_addr  h_addr_list[0]  /* address, for backward compatibility */

The members of this structure are: -

h_name

The official (canonical) name of the host.

h_aliases

A NULL-terminated array of alternate names (nicknames) for the host.

h_addrtype

The type of address being returned — -PF_INET -or -PF_INET6.

h_length

The length of the address in bytes.

h_addr_list

A NULL -terminated array of network addresses for the host. -Host addresses are returned in network byte order.

For backward compatibility with very old software, -h_addr -is the first address in -h_addr_list.

lwres_gethostent(), -lwres_sethostent(), -lwres_endhostent(), -lwres_gethostent_r(), -lwres_sethostent_r() -and -lwres_endhostent_r() -provide iteration over the known host entries on systems that -provide such functionality through facilities like -/etc/hosts -or NIS. The lightweight resolver does not currently implement -these functions; it only provides them as stub functions that always -return failure.

lwres_gethostbyname() and -lwres_gethostbyname2() look up the hostname -name. -lwres_gethostbyname() always looks for an IPv4 -address while lwres_gethostbyname2() looks for an -address of protocol family af: either -PF_INET or PF_INET6 — IPv4 or IPV6 -addresses respectively. Successful calls of the functions return a -struct hostentfor the name that was looked up. -NULL is returned if the lookups by -lwres_gethostbyname() or -lwres_gethostbyname2() fail.

Reverse lookups of addresses are performed by -lwres_gethostbyaddr(). -addr is an address of length -len bytes and protocol family -typePF_INET or -PF_INET6. -lwres_gethostbyname_r() is a thread-safe function -for forward lookups. If an error occurs, an error code is returned in -*error. -resbuf is a pointer to a struct -hostent which is initialised by a successful call to -lwres_gethostbyname_r() . -buf is a buffer of length -len bytes which is used to store the -h_name, h_aliases, and -h_addr_list elements of the struct -hostent returned in resbuf. -Successful calls to lwres_gethostbyname_r() -return resbuf, -which is a pointer to the struct hostent it created.

lwres_gethostbyaddr_r() is a thread-safe function -that performs a reverse lookup of address addr -which is len bytes long and is of protocol -family typePF_INET or -PF_INET6. If an error occurs, the error code is returned -in *error. The other function parameters are -identical to those in lwres_gethostbyname_r(). -resbuf is a pointer to a struct -hostent which is initialised by a successful call to -lwres_gethostbyaddr_r(). -buf is a buffer of length -len bytes which is used to store the -h_name, h_aliases, and -h_addr_list elements of the struct -hostent returned in resbuf. Successful -calls to lwres_gethostbyaddr_r() return -resbuf, which is a pointer to the -struct hostent() it created.

RETURN VALUES

The functions -lwres_gethostbyname(), -lwres_gethostbyname2(), -lwres_gethostbyaddr(), -and -lwres_gethostent() -return NULL to indicate an error. In this case the global variable -lwres_h_errno -will contain one of the following error codes defined in -<lwres/netdb.h>: - -

HOST_NOT_FOUND

The host or address was not found.

TRY_AGAIN

A recoverable error occurred, e.g., a timeout. -Retrying the lookup may succeed.

NO_RECOVERY

A non-recoverable error occurred.

NO_DATA

The name exists, but has no address information -associated with it (or vice versa in the case -of a reverse lookup). The code NO_ADDRESS -is accepted as a synonym for NO_DATA for backwards -compatibility.

lwres_hstrerror(3) -translates these error codes to suitable error messages.

lwres_gethostent() -and -lwres_gethostent_r() -always return -NULL.

Successful calls to lwres_gethostbyname_r() and -lwres_gethostbyaddr_r() return -resbuf, a pointer to the struct -hostent that was initialised by these functions. They return -NULL if the lookups fail or if buf -was too small to hold the list of addresses and names referenced by -the h_name, h_aliases, and -h_addr_list elements of the struct -hostent. If buf was too small, both -lwres_gethostbyname_r() and -lwres_gethostbyaddr_r() set the global variable -errno to ERANGE.

SEE ALSO

gethostent(3), - -lwres_getipnode(3), - -lwres_hstrerror(3)

BUGS

lwres_gethostbyname(), -lwres_gethostbyname2(), -lwres_gethostbyaddr() -and -lwres_endhostent() -are not thread safe; they return pointers to static data and -provide error codes through a global variable. -Thread-safe versions for name and address lookup are provided by -lwres_gethostbyname_r(), -and -lwres_gethostbyaddr_r() -respectively.

The resolver daemon does not currently support any non-DNS -name services such as -/etc/hosts -or -NIS, -consequently the above functions don't, either.

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_getipnode.3 b/lib/liblwres/man/lwres_getipnode.3 deleted file mode 100644 index 39dfc984a..000000000 --- a/lib/liblwres/man/lwres_getipnode.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_GETIPNODE" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent \- lightweight resolver nodename / address translation API -.SH SYNOPSIS -\fB#include -.sp -.na -struct hostent * -lwres_getipnodebyname(const char *name, int af, int flags, int *error_num); -.ad -.sp -.na -struct hostent * -lwres_getipnodebyaddr(const void *src, size_t len, int af, int *error_num); -.ad -.sp -.na -void -lwres_freehostent(struct hostent *he); -.ad -\fR.SH "DESCRIPTION" -.PP -These functions perform thread safe, protocol independent -nodename-to-address and address-to-nodename -translation as defined in RFC2553. -.PP -They use a -\fBstruct hostent\fR -which is defined in -\fInamedb.h\fR: -.sp -.nf -struct hostent { - char *h_name; /* official name of host */ - char **h_aliases; /* alias list */ - int h_addrtype; /* host address type */ - int h_length; /* length of address */ - char **h_addr_list; /* list of addresses from name server */ -}; -#define h_addr h_addr_list[0] /* address, for backward compatibility */ -.sp -.fi -.PP -The members of this structure are: -.TP -\fBh_name\fR -The official (canonical) name of the host. -.TP -\fBh_aliases\fR -A NULL-terminated array of alternate names (nicknames) for the host. -.TP -\fBh_addrtype\fR -The type of address being returned - usually -\fBPF_INET\fR -or -\fBPF_INET6\fR. -.TP -\fBh_length\fR -The length of the address in bytes. -.TP -\fBh_addr_list\fR -A -\fBNULL\fR -terminated array of network addresses for the host. -Host addresses are returned in network byte order. -.PP -\fBlwres_getipnodebyname()\fR -looks up addresses of protocol family -\fIaf\fR -for the hostname -\fIname\fR. -The -\fIflags\fR -parameter contains ORed flag bits to -specify the types of addresses that are searched -for, and the types of addresses that are returned. -The flag bits are: -.TP -\fBAI_V4MAPPED\fR -This is used with an -\fIaf\fR -of AF_INET6, and causes IPv4 addresses to be returned as IPv4-mapped -IPv6 addresses. -.TP -\fBAI_ALL\fR -This is used with an -\fIaf\fR -of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned. -If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped -IPv6 addresses. -.TP -\fBAI_ADDRCONFIG\fR -Only return an IPv6 or IPv4 address if here is an active network -interface of that type. This is not currently implemented -in the BIND 9 lightweight resolver, and the flag is ignored. -.TP -\fBAI_DEFAULT\fR -This default sets the -AI_V4MAPPED -and -AI_ADDRCONFIG -flag bits. -.PP -\fBlwres_getipnodebyaddr()\fR -performs a reverse lookup -of address -\fIsrc\fR -which is -\fIlen\fR -bytes long. -\fIaf\fR -denotes the protocol family, typically -\fBPF_INET\fR -or -\fBPF_INET6\fR. -.PP -\fBlwres_freehostent()\fR -releases all the memory associated with -the -\fBstruct hostent\fR -pointer -\fIhe\fR. -Any memory allocated for the -h_name, -h_addr_list -and -h_aliases -is freed, as is the memory for the -\fBhostent\fR -structure itself. -.SH "RETURN VALUES" -.PP -If an error occurs, -\fBlwres_getipnodebyname()\fR -and -\fBlwres_getipnodebyaddr()\fR -set -\fI*error_num\fR -to an approriate error code and the function returns a -\fBNULL\fR -pointer. -The error codes and their meanings are defined in -\fI\fR: -.TP -\fBHOST_NOT_FOUND\fR -No such host is known. -.TP -\fBNO_ADDRESS\fR -The server recognised the request and the name but no address is -available. Another type of request to the name server for the -domain might return an answer. -.TP -\fBTRY_AGAIN\fR -A temporary and possibly transient error occurred, such as a -failure of a server to respond. The request may succeed if -retried. -.TP -\fBNO_RECOVERY\fR -An unexpected failure occurred, and retrying the request -is pointless. -.PP -\fBlwres_hstrerror\fR(3) -translates these error codes to suitable error messages. -.SH "SEE ALSO" -.PP -\fBRFC2553\fR, -\fBlwres\fR(3), -\fBlwres_gethostent\fR(3), -\fBlwres_getaddrinfo\fR(3), -\fBlwres_getnameinfo\fR(3), -\fBlwres_hstrerror\fR(3). diff --git a/lib/liblwres/man/lwres_getipnode.docbook b/lib/liblwres/man/lwres_getipnode.docbook deleted file mode 100644 index 3d4fa7f15..000000000 --- a/lib/liblwres/man/lwres_getipnode.docbook +++ /dev/null @@ -1,307 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_getipnode -3 -BIND9 - - - -lwres_getipnodebyname -lwres_getipnodebyaddr -lwres_freehostent -lightweight resolver nodename / address translation API - - - -#include <lwres/netdb.h> - - -struct hostent * -lwres_getipnodebyname -const char *name -int af -int flags -int *error_num - - - -struct hostent * -lwres_getipnodebyaddr -const void *src -size_t len -int af -int *error_num - - - -void -lwres_freehostent -struct hostent *he - - - - - -DESCRIPTION - - -These functions perform thread safe, protocol independent -nodename-to-address and address-to-nodename -translation as defined in RFC2553. - - - -They use a -struct hostent -which is defined in -namedb.h: - -struct hostent { - char *h_name; /* official name of host */ - char **h_aliases; /* alias list */ - int h_addrtype; /* host address type */ - int h_length; /* length of address */ - char **h_addr_list; /* list of addresses from name server */ -}; -#define h_addr h_addr_list[0] /* address, for backward compatibility */ - - - - -The members of this structure are: - -h_name - - -The official (canonical) name of the host. - - -h_aliases - - -A NULL-terminated array of alternate names (nicknames) for the host. - - -h_addrtype - - -The type of address being returned - usually -PF_INET -or -PF_INET6. - - - -h_length - - -The length of the address in bytes. - - -h_addr_list - - -A -NULL -terminated array of network addresses for the host. -Host addresses are returned in network byte order. - - - - - -lwres_getipnodebyname() -looks up addresses of protocol family -af - -for the hostname -name. - -The -flags -parameter contains ORed flag bits to -specify the types of addresses that are searched -for, and the types of addresses that are returned. -The flag bits are: - -AI_V4MAPPED - - -This is used with an -af -of AF_INET6, and causes IPv4 addresses to be returned as IPv4-mapped -IPv6 addresses. - - -AI_ALL - - -This is used with an -af -of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned. -If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped -IPv6 addresses. - - -AI_ADDRCONFIG - - -Only return an IPv6 or IPv4 address if here is an active network -interface of that type. This is not currently implemented -in the BIND 9 lightweight resolver, and the flag is ignored. - - -AI_DEFAULT - - -This default sets the -AI_V4MAPPED -and -AI_ADDRCONFIG -flag bits. - - - - - -lwres_getipnodebyaddr() -performs a reverse lookup -of address -src -which is -len -bytes long. -af -denotes the protocol family, typically -PF_INET -or -PF_INET6. - - - -lwres_freehostent() -releases all the memory associated with -the -struct hostent -pointer -he. - -Any memory allocated for the -h_name, - -h_addr_list -and -h_aliases -is freed, as is the memory for the -hostent -structure itself. - - - -RETURN VALUES - -If an error occurs, -lwres_getipnodebyname() -and -lwres_getipnodebyaddr() -set -*error_num -to an approriate error code and the function returns a -NULL -pointer. -The error codes and their meanings are defined in -<lwres/netdb.h>: - -HOST_NOT_FOUND - - -No such host is known. - - -NO_ADDRESS - - -The server recognised the request and the name but no address is -available. Another type of request to the name server for the -domain might return an answer. - - -TRY_AGAIN - - -A temporary and possibly transient error occurred, such as a -failure of a server to respond. The request may succeed if -retried. - - -NO_RECOVERY - - -An unexpected failure occurred, and retrying the request -is pointless. - - - - - - -lwres_hstrerror3 - - -translates these error codes to suitable error messages. - - - -SEE ALSO - - -RFC2553 -, - - -lwres3 -, - - -lwres_gethostent3 -, - - -lwres_getaddrinfo3 -, - - -lwres_getnameinfo3 -, - - -lwres_hstrerror3 -. - - - diff --git a/lib/liblwres/man/lwres_getipnode.html b/lib/liblwres/man/lwres_getipnode.html deleted file mode 100644 index d0a71e69d..000000000 --- a/lib/liblwres/man/lwres_getipnode.html +++ /dev/null @@ -1,529 +0,0 @@ - -lwres_getipnode

lwres_getipnode

Name

lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent -- lightweight resolver nodename / address translation API

Synopsis

#include <lwres/netdb.h>

struct hostent * -lwres_getipnodebyname(const char *name, int af, int flags, int *error_num);

struct hostent * -lwres_getipnodebyaddr(const void *src, size_t len, int af, int *error_num);

void -lwres_freehostent(struct hostent *he);

DESCRIPTION

These functions perform thread safe, protocol independent -nodename-to-address and address-to-nodename -translation as defined in RFC2553.

They use a -struct hostent -which is defined in -namedb.h: -

struct  hostent {
-        char    *h_name;        /* official name of host */
-        char    **h_aliases;    /* alias list */
-        int     h_addrtype;     /* host address type */
-        int     h_length;       /* length of address */
-        char    **h_addr_list;  /* list of addresses from name server */
-};
-#define h_addr  h_addr_list[0]  /* address, for backward compatibility */

The members of this structure are: -

h_name

The official (canonical) name of the host.

h_aliases

A NULL-terminated array of alternate names (nicknames) for the host.

h_addrtype

The type of address being returned - usually -PF_INET -or -PF_INET6.

h_length

The length of the address in bytes.

h_addr_list

A -NULL -terminated array of network addresses for the host. -Host addresses are returned in network byte order.

lwres_getipnodebyname() -looks up addresses of protocol family -af - -for the hostname -name. - -The -flags -parameter contains ORed flag bits to -specify the types of addresses that are searched -for, and the types of addresses that are returned. -The flag bits are: -

AI_V4MAPPED

This is used with an -af -of AF_INET6, and causes IPv4 addresses to be returned as IPv4-mapped -IPv6 addresses.

AI_ALL

This is used with an -af -of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned. -If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped -IPv6 addresses.

AI_ADDRCONFIG

Only return an IPv6 or IPv4 address if here is an active network -interface of that type. This is not currently implemented -in the BIND 9 lightweight resolver, and the flag is ignored.

AI_DEFAULT

This default sets the -AI_V4MAPPED -and -AI_ADDRCONFIG -flag bits.

lwres_getipnodebyaddr() -performs a reverse lookup -of address -src -which is -len -bytes long. -af -denotes the protocol family, typically -PF_INET -or -PF_INET6.

lwres_freehostent() -releases all the memory associated with -the -struct hostent -pointer -he. - -Any memory allocated for the -h_name, - -h_addr_list -and -h_aliases -is freed, as is the memory for the -hostent -structure itself.

RETURN VALUES

If an error occurs, -lwres_getipnodebyname() -and -lwres_getipnodebyaddr() -set -*error_num -to an approriate error code and the function returns a -NULL -pointer. -The error codes and their meanings are defined in -<lwres/netdb.h>: -

HOST_NOT_FOUND

No such host is known.

NO_ADDRESS

The server recognised the request and the name but no address is -available. Another type of request to the name server for the -domain might return an answer.

TRY_AGAIN

A temporary and possibly transient error occurred, such as a -failure of a server to respond. The request may succeed if -retried.

NO_RECOVERY

An unexpected failure occurred, and retrying the request -is pointless.

lwres_hstrerror(3) -translates these error codes to suitable error messages.

SEE ALSO

RFC2553, - -lwres(3), - -lwres_gethostent(3), - -lwres_getaddrinfo(3), - -lwres_getnameinfo(3), - -lwres_hstrerror(3).

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_getnameinfo.3 b/lib/liblwres/man/lwres_getnameinfo.3 deleted file mode 100644 index 61f3ba426..000000000 --- a/lib/liblwres/man/lwres_getnameinfo.3 +++ /dev/null @@ -1,84 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_GETNAMEINFO" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_getnameinfo \- lightweight resolver socket address structure to hostname and service name -.SH SYNOPSIS -\fB#include -.sp -.na -int -lwres_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags); -.ad -\fR.SH "DESCRIPTION" -.PP -This function is equivalent to the \fBgetnameinfo\fR(3) function defined in RFC2133. -\fBlwres_getnameinfo()\fR returns the hostname for the -\fBstruct sockaddr\fR \fIsa\fR which is -\fIsalen\fR bytes long. The hostname is of length -\fIhostlen\fR and is returned via -\fI*host.\fR The maximum length of the hostname is -1025 bytes: NI_MAXHOST. -.PP -The name of the service associated with the port number in -\fIsa\fR is returned in \fI*serv.\fR -It is \fIservlen\fR bytes long. The maximum length -of the service name is NI_MAXSERV - 32 bytes. -.PP -The \fIflags\fR argument sets the following -bits: -.TP -\fBNI_NOFQDN\fR -A fully qualified domain name is not required for local hosts. -The local part of the fully qualified domain name is returned instead. -.TP -\fBNI_NUMERICHOST\fR -Return the address in numeric form, as if calling inet_ntop(), -instead of a host name. -.TP -\fBNI_NAMEREQD\fR -A name is required. If the hostname cannot be found in the DNS and -this flag is set, a non-zero error code is returned. -If the hostname is not found and the flag is not set, the -address is returned in numeric form. -.TP -\fBNI_NUMERICSERV\fR -The service name is returned as a digit string representing the port number. -.TP -\fBNI_DGRAM\fR -Specifies that the service being looked up is a datagram -service, and causes getservbyport() to be called with a second -argument of "udp" instead of its default of "tcp". This is required -for the few ports (512-514) that have different services for UDP and -TCP. -.SH "RETURN VALUES" -.PP -\fBlwres_getnameinfo()\fR -returns 0 on success or a non-zero error code if an error occurs. -.SH "SEE ALSO" -.PP -\fBRFC2133\fR, -\fBgetservbyport\fR(3), -\fBlwres\fR(3), -\fBlwres_getnameinfo\fR(3), -\fBlwres_getnamebyaddr\fR(3). -\fBlwres_net_ntop\fR(3). -.SH "BUGS" -.PP -RFC2133 fails to define what the nonzero return values of -\fBgetnameinfo\fR(3) -are. diff --git a/lib/liblwres/man/lwres_getnameinfo.docbook b/lib/liblwres/man/lwres_getnameinfo.docbook deleted file mode 100644 index 56bcd8b9f..000000000 --- a/lib/liblwres/man/lwres_getnameinfo.docbook +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_getnameinfo -3 -BIND9 - - - -lwres_getnameinfo -lightweight resolver socket address structure to hostname and service name - - - -#include <lwres/netdb.h> - - -int -lwres_getnameinfo -const struct sockaddr *sa -size_t salen -char *host -size_t hostlen -char *serv -size_t servlen -int flags - - - - - -DESCRIPTION - - This function is equivalent to the -getnameinfo3 - function defined in RFC2133. -lwres_getnameinfo() returns the hostname for the -struct sockaddr sa which is -salen bytes long. The hostname is of length -hostlen and is returned via -*host. The maximum length of the hostname is -1025 bytes: NI_MAXHOST. - - The name of the service associated with the port number in -sa is returned in *serv. -It is servlen bytes long. The maximum length -of the service name is NI_MAXSERV - 32 bytes. - - - The flags argument sets the following -bits: - -NI_NOFQDN - - -A fully qualified domain name is not required for local hosts. -The local part of the fully qualified domain name is returned instead. - -NI_NUMERICHOST - - -Return the address in numeric form, as if calling inet_ntop(), -instead of a host name. - -NI_NAMEREQD - - -A name is required. If the hostname cannot be found in the DNS and -this flag is set, a non-zero error code is returned. -If the hostname is not found and the flag is not set, the -address is returned in numeric form. - -NI_NUMERICSERV - - -The service name is returned as a digit string representing the port number. - -NI_DGRAM - - -Specifies that the service being looked up is a datagram -service, and causes getservbyport() to be called with a second -argument of "udp" instead of its default of "tcp". This is required -for the few ports (512-514) that have different services for UDP and -TCP. - - - - - - -RETURN VALUES - -lwres_getnameinfo() -returns 0 on success or a non-zero error code if an error occurs. - - - -SEE ALSO - - -RFC2133 -, - -getservbyport3 -, - -lwres3 -, - -lwres_getnameinfo3 -, - -lwres_getnamebyaddr3 -. - -lwres_net_ntop3 -. - - -BUGS - -RFC2133 fails to define what the nonzero return values of - -getnameinfo3 - -are. - - - diff --git a/lib/liblwres/man/lwres_getnameinfo.html b/lib/liblwres/man/lwres_getnameinfo.html deleted file mode 100644 index b98a92848..000000000 --- a/lib/liblwres/man/lwres_getnameinfo.html +++ /dev/null @@ -1,303 +0,0 @@ - -lwres_getnameinfo

lwres_getnameinfo

Name

lwres_getnameinfo -- lightweight resolver socket address structure to hostname and service name

Synopsis

#include <lwres/netdb.h>

int -lwres_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags);

DESCRIPTION

This function is equivalent to the getnameinfo(3) function defined in RFC2133. -lwres_getnameinfo() returns the hostname for the -struct sockaddr sa which is -salen bytes long. The hostname is of length -hostlen and is returned via -*host. The maximum length of the hostname is -1025 bytes: NI_MAXHOST.

The name of the service associated with the port number in -sa is returned in *serv. -It is servlen bytes long. The maximum length -of the service name is NI_MAXSERV - 32 bytes.

The flags argument sets the following -bits: -

NI_NOFQDN

A fully qualified domain name is not required for local hosts. -The local part of the fully qualified domain name is returned instead.

NI_NUMERICHOST

Return the address in numeric form, as if calling inet_ntop(), -instead of a host name.

NI_NAMEREQD

A name is required. If the hostname cannot be found in the DNS and -this flag is set, a non-zero error code is returned. -If the hostname is not found and the flag is not set, the -address is returned in numeric form.

NI_NUMERICSERV

The service name is returned as a digit string representing the port number.

NI_DGRAM

Specifies that the service being looked up is a datagram -service, and causes getservbyport() to be called with a second -argument of "udp" instead of its default of "tcp". This is required -for the few ports (512-514) that have different services for UDP and -TCP.

RETURN VALUES

lwres_getnameinfo() -returns 0 on success or a non-zero error code if an error occurs.

SEE ALSO

RFC2133, -getservbyport(3), -lwres(3), -lwres_getnameinfo(3), -lwres_getnamebyaddr(3). -lwres_net_ntop(3).

BUGS

RFC2133 fails to define what the nonzero return values of -getnameinfo(3) -are.

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_getrrsetbyname.3 b/lib/liblwres/man/lwres_getrrsetbyname.3 deleted file mode 100644 index 301630e23..000000000 --- a/lib/liblwres/man/lwres_getrrsetbyname.3 +++ /dev/null @@ -1,142 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_GETRRSETBYNAME" "3" "Oct 18, 2000" "BIND9" "" -.SH NAME -lwres_getrrsetbyname, lwres_freerrset \- retrieve DNS records -.SH SYNOPSIS -\fB#include -.sp -.na -int -lwres_getrrsetbyname(const char *hostname, unsigned int rdclass, unsigned int rdtype, unsigned int flags, struct rrsetinfo **res); -.ad -.sp -.na -void -lwres_freerrset(struct rrsetinfo *rrset); -.ad -\fR.PP -The following structures are used: -.sp -.nf -struct rdatainfo { - unsigned int rdi_length; /* length of data */ - unsigned char *rdi_data; /* record data */ -}; - -struct rrsetinfo { - unsigned int rri_flags; /* RRSET_VALIDATED... */ - unsigned int rri_rdclass; /* class number */ - unsigned int rri_rdtype; /* RR type number */ - unsigned int rri_ttl; /* time to live */ - unsigned int rri_nrdatas; /* size of rdatas array */ - unsigned int rri_nsigs; /* size of sigs array */ - char *rri_name; /* canonical name */ - struct rdatainfo *rri_rdatas; /* individual records */ - struct rdatainfo *rri_sigs; /* individual signatures */ -}; -.sp -.fi -.SH "DESCRIPTION" -.PP -\fBlwres_getrrsetbyname()\fR -gets a set of resource records associated with a -\fIhostname\fR, -\fIclass\fR, -and -\fItype\fR. -\fIhostname\fR -is -a pointer a to null-terminated string. The -\fIflags\fR -field is currently unused and must be zero. -.PP -After a successful call to -\fBlwres_getrrsetbyname()\fR, -\fI*res\fR -is a pointer to an -\fBrrsetinfo\fR -structure, containing a list of one or more -\fBrdatainfo\fR -structures containing resource records and potentially another list of -\fBrdatainfo\fR -structures containing SIG resource records -associated with those records. -The members -rri_rdclass -and -rri_rdtype -are copied from the parameters. -rri_ttl -and -rri_name -are properties of the obtained rrset. -The resource records contained in -rri_rdatas -and -rri_sigs -are in uncompressed DNS wire format. -Properties of the rdataset are represented in the -rri_flags -bitfield. If the RRSET_VALIDATED bit is set, the data has been DNSSEC -validated and the signatures verified. -.PP -All of the information returned by -\fBlwres_getrrsetbyname()\fR -is dynamically allocated: the -rrsetinfo -and -rdatainfo -structures, -and the canonical host name strings pointed to by the -rrsetinfostructure. -Memory allocated for the dynamically allocated structures created by -a successful call to -\fBlwres_getrrsetbyname()\fR -is released by -\fBlwres_freerrset()\fR. -\fIrrset\fR -is a pointer to a -\fBstruct rrset\fR -created by a call to -\fBlwres_getrrsetbyname()\fR. -.PP -.SH "RETURN VALUES" -.PP -\fBlwres_getrrsetbyname()\fR -returns zero on success, and one of the following error -codes if an error occurred: -.TP -\fBERRSET_NONAME\fR -the name does not exist -.TP -\fBERRSET_NODATA\fR -the name exists, but does not have data of the desired type -.TP -\fBERRSET_NOMEMORY\fR -memory could not be allocated -.TP -\fBERRSET_INVAL\fR -a parameter is invalid -.TP -\fBERRSET_FAIL\fR -other failure -.TP -\fB\fR -.SH "SEE ALSO" -.PP -\fBlwres\fR(3). diff --git a/lib/liblwres/man/lwres_getrrsetbyname.docbook b/lib/liblwres/man/lwres_getrrsetbyname.docbook deleted file mode 100644 index 9151c9c57..000000000 --- a/lib/liblwres/man/lwres_getrrsetbyname.docbook +++ /dev/null @@ -1,208 +0,0 @@ - - - - - - - - - -Oct 18, 2000 - - -lwres_getrrsetbyname -3 -BIND9 - - -lwres_getrrsetbyname -lwres_freerrset -retrieve DNS records - - - -#include <lwres/netdb.h> - - -int -lwres_getrrsetbyname -const char *hostname -unsigned int rdclass -unsigned int rdtype -unsigned int flags -struct rrsetinfo **res - - - -void -lwres_freerrset -struct rrsetinfo *rrset - - - - -The following structures are used: - -struct rdatainfo { - unsigned int rdi_length; /* length of data */ - unsigned char *rdi_data; /* record data */ -}; - -struct rrsetinfo { - unsigned int rri_flags; /* RRSET_VALIDATED... */ - unsigned int rri_rdclass; /* class number */ - unsigned int rri_rdtype; /* RR type number */ - unsigned int rri_ttl; /* time to live */ - unsigned int rri_nrdatas; /* size of rdatas array */ - unsigned int rri_nsigs; /* size of sigs array */ - char *rri_name; /* canonical name */ - struct rdatainfo *rri_rdatas; /* individual records */ - struct rdatainfo *rri_sigs; /* individual signatures */ -}; - - - - - -DESCRIPTION - -lwres_getrrsetbyname() -gets a set of resource records associated with a -hostname, - -class, - -and -type. - -hostname -is -a pointer a to null-terminated string. The -flags -field is currently unused and must be zero. - - -After a successful call to -lwres_getrrsetbyname(), - -*res -is a pointer to an -rrsetinfo -structure, containing a list of one or more -rdatainfo -structures containing resource records and potentially another list of -rdatainfo -structures containing SIG resource records -associated with those records. -The members -rri_rdclass -and -rri_rdtype -are copied from the parameters. -rri_ttl -and -rri_name -are properties of the obtained rrset. -The resource records contained in -rri_rdatas -and -rri_sigs -are in uncompressed DNS wire format. -Properties of the rdataset are represented in the -rri_flags -bitfield. If the RRSET_VALIDATED bit is set, the data has been DNSSEC -validated and the signatures verified. - - -All of the information returned by -lwres_getrrsetbyname() -is dynamically allocated: the -rrsetinfo -and -rdatainfo -structures, -and the canonical host name strings pointed to by the -rrsetinfostructure. - -Memory allocated for the dynamically allocated structures created by -a successful call to -lwres_getrrsetbyname() -is released by -lwres_freerrset(). - -rrset -is a pointer to a -struct rrset -created by a call to -lwres_getrrsetbyname(). - - - - - - -RETURN VALUES - -lwres_getrrsetbyname() -returns zero on success, and one of the following error -codes if an error occurred: - - -ERRSET_NONAME - -the name does not exist - - -ERRSET_NODATA - -the name exists, but does not have data of the desired type - - -ERRSET_NOMEMORY - -memory could not be allocated - - -ERRSET_INVAL - -a parameter is invalid - - -ERRSET_FAIL - -other failure - - - - - - - - - - - -SEE ALSO - - -lwres3 -. - - - - diff --git a/lib/liblwres/man/lwres_getrrsetbyname.html b/lib/liblwres/man/lwres_getrrsetbyname.html deleted file mode 100644 index 3e5ab615c..000000000 --- a/lib/liblwres/man/lwres_getrrsetbyname.html +++ /dev/null @@ -1,371 +0,0 @@ - -lwres_getrrsetbyname

lwres_getrrsetbyname

Name

lwres_getrrsetbyname, lwres_freerrset -- retrieve DNS records

Synopsis

#include <lwres/netdb.h>

int -lwres_getrrsetbyname(const char *hostname, unsigned int rdclass, unsigned int rdtype, unsigned int flags, struct rrsetinfo **res);

void -lwres_freerrset(struct rrsetinfo *rrset);

The following structures are used: -

struct  rdatainfo {
-        unsigned int            rdi_length;     /* length of data */
-        unsigned char           *rdi_data;      /* record data */
-};
-
-struct  rrsetinfo {
-        unsigned int            rri_flags;      /* RRSET_VALIDATED... */
-        unsigned int            rri_rdclass;    /* class number */
-        unsigned int            rri_rdtype;     /* RR type number */
-        unsigned int            rri_ttl;        /* time to live */
-        unsigned int            rri_nrdatas;    /* size of rdatas array */
-        unsigned int            rri_nsigs;      /* size of sigs array */
-        char                    *rri_name;      /* canonical name */
-        struct rdatainfo        *rri_rdatas;    /* individual records */
-        struct rdatainfo        *rri_sigs;      /* individual signatures */
-};

DESCRIPTION

lwres_getrrsetbyname() -gets a set of resource records associated with a -hostname, - -class, - -and -type. - -hostname -is -a pointer a to null-terminated string. The -flags -field is currently unused and must be zero.

After a successful call to -lwres_getrrsetbyname(), - -*res -is a pointer to an -rrsetinfo -structure, containing a list of one or more -rdatainfo -structures containing resource records and potentially another list of -rdatainfo -structures containing SIG resource records -associated with those records. -The members -rri_rdclass -and -rri_rdtype -are copied from the parameters. -rri_ttl -and -rri_name -are properties of the obtained rrset. -The resource records contained in -rri_rdatas -and -rri_sigs -are in uncompressed DNS wire format. -Properties of the rdataset are represented in the -rri_flags -bitfield. If the RRSET_VALIDATED bit is set, the data has been DNSSEC -validated and the signatures verified.

All of the information returned by -lwres_getrrsetbyname() -is dynamically allocated: the -rrsetinfo -and -rdatainfo -structures, -and the canonical host name strings pointed to by the -rrsetinfostructure. - -Memory allocated for the dynamically allocated structures created by -a successful call to -lwres_getrrsetbyname() -is released by -lwres_freerrset(). - -rrset -is a pointer to a -struct rrset -created by a call to -lwres_getrrsetbyname().

RETURN VALUES

lwres_getrrsetbyname() -returns zero on success, and one of the following error -codes if an error occurred: -

ERRSET_NONAME

the name does not exist

ERRSET_NODATA

the name exists, but does not have data of the desired type

ERRSET_NOMEMORY

memory could not be allocated

ERRSET_INVAL

a parameter is invalid

ERRSET_FAIL

other failure

SEE ALSO

lwres(3).

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_gnba.3 b/lib/liblwres/man/lwres_gnba.3 deleted file mode 100644 index 515224f77..000000000 --- a/lib/liblwres/man/lwres_gnba.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_GNBA" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free \- lightweight resolver getnamebyaddress message handling -.SH SYNOPSIS -\fB#include -.sp -.na -lwres_result_t -lwres_gnbarequest_render(lwres_context_t *\fIctx\fB, lwres_gnbarequest_t *\fIreq\fB, lwres_lwpacket_t *\fIpkt\fB, lwres_buffer_t *\fIb\fB); -.ad -.sp -.na -lwres_result_t -lwres_gnbaresponse_render(lwres_context_t *ctx, lwres_gnbaresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b); -.ad -.sp -.na -lwres_result_t -lwres_gnbarequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gnbarequest_t **structp); -.ad -.sp -.na -lwres_result_t -lwres_gnbaresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gnbaresponse_t **structp); -.ad -.sp -.na -void -lwres_gnbaresponse_free(lwres_context_t *ctx, lwres_gnbaresponse_t **structp); -.ad -.sp -.na -void -lwres_gnbarequest_free(lwres_context_t *ctx, lwres_gnbarequest_t **structp); -.ad -\fR.SH "DESCRIPTION" -.PP -These are low-level routines for creating and parsing -lightweight resolver address-to-name lookup request and -response messages. -.PP -There are four main functions for the getnamebyaddr opcode. -One render function converts a getnamebyaddr request structure \(em -\fBlwres_gnbarequest_t\fR \(em -to the lightweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a getnamebyaddr request structure. -Another render function converts the getnamebyaddr response structure \(em -\fBlwres_gnbaresponse_t\fR -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a getnamebyaddr response structure. -.PP -These structures are defined in -\fIlwres/lwres.h\fR. -They are shown below. -.sp -.nf -#define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U - -typedef struct { - lwres_uint32_t flags; - lwres_addr_t addr; -} lwres_gnbarequest_t; - -typedef struct { - lwres_uint32_t flags; - lwres_uint16_t naliases; - char *realname; - char **aliases; - lwres_uint16_t realnamelen; - lwres_uint16_t *aliaslen; - void *base; - size_t baselen; -} lwres_gnbaresponse_t; -.sp -.fi -.PP -\fBlwres_gnbarequest_render()\fR -uses resolver context -ctx -to convert getnamebyaddr request structure -req -to canonical format. -The packet header structure -pkt -is initialised and transferred to -buffer -b. -The contents of -*req -are then appended to the buffer in canonical format. -\fBlwres_gnbaresponse_render()\fR -performs the same task, except it converts a getnamebyaddr response structure -\fBlwres_gnbaresponse_t\fR -to the lightweight resolver's canonical format. -.PP -\fBlwres_gnbarequest_parse()\fR -uses context -ctx -to convert the contents of packet -pkt -to a -\fBlwres_gnbarequest_t\fR -structure. -Buffer -b -provides space to be used for storing this structure. -When the function succeeds, the resulting -\fBlwres_gnbarequest_t\fR -is made available through -*structp. -\fBlwres_gnbaresponse_parse()\fR -offers the same semantics as -\fBlwres_gnbarequest_parse()\fR -except it yields a -\fBlwres_gnbaresponse_t\fR -structure. -.PP -\fBlwres_gnbaresponse_free()\fR -and -\fBlwres_gnbarequest_free()\fR -release the memory in resolver context -ctx -that was allocated to the -\fBlwres_gnbaresponse_t\fR -or -\fBlwres_gnbarequest_t\fR -structures referenced via -structp. -Any memory associated with ancillary buffers and strings for those -structures is also discarded. -.SH "RETURN VALUES" -.PP -The getnamebyaddr opcode functions -\fBlwres_gnbarequest_render()\fR, -\fBlwres_gnbaresponse_render()\fR -\fBlwres_gnbarequest_parse()\fR -and -\fBlwres_gnbaresponse_parse()\fR -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -\fBlwres_gnbarequest_t\fR -and -\fBlwres_gnbaresponse_t\fR -structures. -\fBlwres_gnbarequest_parse()\fR -and -\fBlwres_gnbaresponse_parse()\fR -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -\fBpktflags\fR -in the packet header structure -\fBlwres_lwpacket_t\fR -indicate that the packet is not a response to an earlier query. -.SH "SEE ALSO" -.PP -\fBlwres_packet\fR(3). diff --git a/lib/liblwres/man/lwres_gnba.docbook b/lib/liblwres/man/lwres_gnba.docbook deleted file mode 100644 index 525452085..000000000 --- a/lib/liblwres/man/lwres_gnba.docbook +++ /dev/null @@ -1,259 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_gnba -3 -BIND9 - - - -lwres_gnbarequest_render -lwres_gnbaresponse_render -lwres_gnbarequest_parse -lwres_gnbaresponse_parse -lwres_gnbaresponse_free -lwres_gnbarequest_free -lightweight resolver getnamebyaddress message handling - - - - - - -#include <lwres/lwres.h> - - - - -lwres_result_t -lwres_gnbarequest_render - -lwres_context_t *ctx -lwres_gnbarequest_t *req -lwres_lwpacket_t *pkt -lwres_buffer_t *b - - - - -lwres_result_t -lwres_gnbaresponse_render - -lwres_context_t *ctx -lwres_gnbaresponse_t *req -lwres_lwpacket_t *pkt -lwres_buffer_t *b - - - -lwres_result_t -lwres_gnbarequest_parse -lwres_context_t *ctx -lwres_buffer_t *b -lwres_lwpacket_t *pkt -lwres_gnbarequest_t **structp - - - -lwres_result_t -lwres_gnbaresponse_parse -lwres_context_t *ctx -lwres_buffer_t *b -lwres_lwpacket_t *pkt -lwres_gnbaresponse_t **structp - - - - -void -lwres_gnbaresponse_free - -lwres_context_t *ctx -lwres_gnbaresponse_t **structp - - - -void -lwres_gnbarequest_free -lwres_context_t *ctx -lwres_gnbarequest_t **structp - - - - - - -DESCRIPTION - -These are low-level routines for creating and parsing -lightweight resolver address-to-name lookup request and -response messages. - - -There are four main functions for the getnamebyaddr opcode. -One render function converts a getnamebyaddr request structure — -lwres_gnbarequest_t — -to the lightweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a getnamebyaddr request structure. -Another render function converts the getnamebyaddr response structure — -lwres_gnbaresponse_t -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a getnamebyaddr response structure. - - -These structures are defined in -lwres/lwres.h. -They are shown below. - -#define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U - -typedef struct { - lwres_uint32_t flags; - lwres_addr_t addr; -} lwres_gnbarequest_t; - -typedef struct { - lwres_uint32_t flags; - lwres_uint16_t naliases; - char *realname; - char **aliases; - lwres_uint16_t realnamelen; - lwres_uint16_t *aliaslen; - void *base; - size_t baselen; -} lwres_gnbaresponse_t; - - - -lwres_gnbarequest_render() -uses resolver context -ctx -to convert getnamebyaddr request structure -req -to canonical format. -The packet header structure -pkt -is initialised and transferred to -buffer -b. -The contents of -*req -are then appended to the buffer in canonical format. -lwres_gnbaresponse_render() -performs the same task, except it converts a getnamebyaddr response structure -lwres_gnbaresponse_t -to the lightweight resolver's canonical format. - - -lwres_gnbarequest_parse() -uses context -ctx -to convert the contents of packet -pkt -to a -lwres_gnbarequest_t -structure. -Buffer -b -provides space to be used for storing this structure. -When the function succeeds, the resulting -lwres_gnbarequest_t -is made available through -*structp. -lwres_gnbaresponse_parse() -offers the same semantics as -lwres_gnbarequest_parse() -except it yields a -lwres_gnbaresponse_t -structure. - - -lwres_gnbaresponse_free() -and -lwres_gnbarequest_free() -release the memory in resolver context -ctx -that was allocated to the -lwres_gnbaresponse_t -or -lwres_gnbarequest_t -structures referenced via -structp. -Any memory associated with ancillary buffers and strings for those -structures is also discarded. - - - -RETURN VALUES - -The getnamebyaddr opcode functions -lwres_gnbarequest_render(), -lwres_gnbaresponse_render() -lwres_gnbarequest_parse() -and -lwres_gnbaresponse_parse() -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -lwres_gnbarequest_t -and -lwres_gnbaresponse_t -structures. -lwres_gnbarequest_parse() -and -lwres_gnbaresponse_parse() -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -lwres_lwpacket_t -indicate that the packet is not a response to an earlier query. - - - -SEE ALSO - - -lwres_packet -3 -. - - - diff --git a/lib/liblwres/man/lwres_gnba.html b/lib/liblwres/man/lwres_gnba.html deleted file mode 100644 index 98cc04dd6..000000000 --- a/lib/liblwres/man/lwres_gnba.html +++ /dev/null @@ -1,408 +0,0 @@ - -lwres_gnba

lwres_gnba

Name

lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free -- lightweight resolver getnamebyaddress message handling

Synopsis

#include <lwres/lwres.h>

lwres_result_t -lwres_gnbarequest_render(lwres_context_t *ctx, lwres_gnbarequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b);

lwres_result_t -lwres_gnbaresponse_render(lwres_context_t *ctx, lwres_gnbaresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b);

lwres_result_t -lwres_gnbarequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gnbarequest_t **structp);

lwres_result_t -lwres_gnbaresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_gnbaresponse_t **structp);

void -lwres_gnbaresponse_free(lwres_context_t *ctx, lwres_gnbaresponse_t **structp);

void -lwres_gnbarequest_free(lwres_context_t *ctx, lwres_gnbarequest_t **structp);

DESCRIPTION

These are low-level routines for creating and parsing -lightweight resolver address-to-name lookup request and -response messages.

There are four main functions for the getnamebyaddr opcode. -One render function converts a getnamebyaddr request structure — -lwres_gnbarequest_t — -to the lightweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a getnamebyaddr request structure. -Another render function converts the getnamebyaddr response structure — -lwres_gnbaresponse_t -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a getnamebyaddr response structure.

These structures are defined in -lwres/lwres.h. -They are shown below. -

#define LWRES_OPCODE_GETNAMEBYADDR      0x00010002U
-
-typedef struct {
-        lwres_uint32_t  flags;
-        lwres_addr_t    addr;
-} lwres_gnbarequest_t;
-
-typedef struct {
-        lwres_uint32_t  flags;
-        lwres_uint16_t  naliases;
-        char           *realname;
-        char          **aliases;
-        lwres_uint16_t  realnamelen;
-        lwres_uint16_t *aliaslen;
-        void           *base;
-        size_t          baselen;
-} lwres_gnbaresponse_t;

lwres_gnbarequest_render() -uses resolver context -ctx -to convert getnamebyaddr request structure -req -to canonical format. -The packet header structure -pkt -is initialised and transferred to -buffer -b. -The contents of -*req -are then appended to the buffer in canonical format. -lwres_gnbaresponse_render() -performs the same task, except it converts a getnamebyaddr response structure -lwres_gnbaresponse_t -to the lightweight resolver's canonical format.

lwres_gnbarequest_parse() -uses context -ctx -to convert the contents of packet -pkt -to a -lwres_gnbarequest_t -structure. -Buffer -b -provides space to be used for storing this structure. -When the function succeeds, the resulting -lwres_gnbarequest_t -is made available through -*structp. -lwres_gnbaresponse_parse() -offers the same semantics as -lwres_gnbarequest_parse() -except it yields a -lwres_gnbaresponse_t -structure.

lwres_gnbaresponse_free() -and -lwres_gnbarequest_free() -release the memory in resolver context -ctx -that was allocated to the -lwres_gnbaresponse_t -or -lwres_gnbarequest_t -structures referenced via -structp. -Any memory associated with ancillary buffers and strings for those -structures is also discarded.

RETURN VALUES

The getnamebyaddr opcode functions -lwres_gnbarequest_render(), -lwres_gnbaresponse_render() -lwres_gnbarequest_parse() -and -lwres_gnbaresponse_parse() -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -lwres_gnbarequest_t -and -lwres_gnbaresponse_t -structures. -lwres_gnbarequest_parse() -and -lwres_gnbaresponse_parse() -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -lwres_lwpacket_t -indicate that the packet is not a response to an earlier query.

SEE ALSO

lwres_packet(3).

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_hstrerror.3 b/lib/liblwres/man/lwres_hstrerror.3 deleted file mode 100644 index dd7fa9c4c..000000000 --- a/lib/liblwres/man/lwres_hstrerror.3 +++ /dev/null @@ -1,67 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_HSTRERROR" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_herror, lwres_hstrerror \- lightweight resolver error message generation -.SH SYNOPSIS -\fB#include -.sp -.na -void -lwres_herror(const char *s); -.ad -.sp -.na -const char * -lwres_hstrerror(int err); -.ad -\fR.SH "DESCRIPTION" -.PP -\fBlwres_herror()\fR prints the string -\fIs\fR on \fBstderr\fR followed by the string -generated by \fBlwres_hstrerror()\fR for the error code -stored in the global variable lwres_h_errno. -.PP -\fBlwres_hstrerror()\fR returns an appropriate string -for the error code gievn by \fIerr\fR. The values of -the error codes and messages are as follows: -.TP -\fBNETDB_SUCCESS\fR -\fBResolver Error 0 (no error)\fR -.TP -\fBHOST_NOT_FOUND\fR -\fBUnknown host\fR -.TP -\fBTRY_AGAIN\fR -\fBHost name lookup failure\fR -.TP -\fBNO_RECOVERY\fR -\fBUnknown server error\fR -.TP -\fBNO_DATA\fR -\fBNo address associated with name\fR -.SH "RETURN VALUES" -.PP -The string \fBUnknown resolver error\fR is returned by -\fBlwres_hstrerror()\fR -when the value of -lwres_h_errno -is not a valid error code. -.SH "SEE ALSO" -.PP -\fBherror\fR(3), -\fBlwres_hstrerror\fR(3). diff --git a/lib/liblwres/man/lwres_hstrerror.docbook b/lib/liblwres/man/lwres_hstrerror.docbook deleted file mode 100644 index 2f4c06a11..000000000 --- a/lib/liblwres/man/lwres_hstrerror.docbook +++ /dev/null @@ -1,124 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_hstrerror -3 -BIND9 - - - -lwres_herror -lwres_hstrerror -lightweight resolver error message generation - - - -#include <lwres/netdb.h> - - -void -lwres_herror -const char *s - - - -const char * -lwres_hstrerror -int err - - - - - -DESCRIPTION - - -lwres_herror() prints the string -s on stderr followed by the string -generated by lwres_hstrerror() for the error code -stored in the global variable lwres_h_errno. - - - -lwres_hstrerror() returns an appropriate string -for the error code gievn by err. The values of -the error codes and messages are as follows: - - -NETDB_SUCCESS - - -Resolver Error 0 (no error) - -HOST_NOT_FOUND - - -Unknown host - -TRY_AGAIN - - -Host name lookup failure - -NO_RECOVERY - - -Unknown server error - -NO_DATA - - -No address associated with name - - - - - - -RETURN VALUES - -The string Unknown resolver error is returned by -lwres_hstrerror() -when the value of -lwres_h_errno -is not a valid error code. - - - -SEE ALSO - - -herror3 -, - - -lwres_hstrerror3 -. - - - - diff --git a/lib/liblwres/man/lwres_hstrerror.html b/lib/liblwres/man/lwres_hstrerror.html deleted file mode 100644 index 128b7e4f8..000000000 --- a/lib/liblwres/man/lwres_hstrerror.html +++ /dev/null @@ -1,242 +0,0 @@ - -lwres_hstrerror

lwres_hstrerror

Name

lwres_herror, lwres_hstrerror -- lightweight resolver error message generation

Synopsis

#include <lwres/netdb.h>

void -lwres_herror(const char *s);

const char * -lwres_hstrerror(int err);

DESCRIPTION

lwres_herror() prints the string -s on stderr followed by the string -generated by lwres_hstrerror() for the error code -stored in the global variable lwres_h_errno.

lwres_hstrerror() returns an appropriate string -for the error code gievn by err. The values of -the error codes and messages are as follows: - -

NETDB_SUCCESS

Resolver Error 0 (no error)

HOST_NOT_FOUND

Unknown host

TRY_AGAIN

Host name lookup failure

NO_RECOVERY

Unknown server error

NO_DATA

No address associated with name

RETURN VALUES

The string Unknown resolver error is returned by -lwres_hstrerror() -when the value of -lwres_h_errno -is not a valid error code.

SEE ALSO

herror(3), - -lwres_hstrerror(3).

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_inetntop.3 b/lib/liblwres/man/lwres_inetntop.3 deleted file mode 100644 index 983a33d85..000000000 --- a/lib/liblwres/man/lwres_inetntop.3 +++ /dev/null @@ -1,52 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_INETNTOP" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_net_ntop \- lightweight resolver IP address presentation -.SH SYNOPSIS -\fB#include -.sp -.na -const char * -lwres_net_ntop(int af, const void *src, char *dst, size_t size); -.ad -\fR.SH "DESCRIPTION" -.PP -\fBlwres_net_ntop()\fR converts an IP address of -protocol family \fIaf\fR \(em IPv4 or IPv6 \(em -at location \fIsrc\fR from network format to its -conventional representation as a string. For IPv4 addresses, that -string would be a dotted-decimal. An IPv6 address would be -represented in colon notation as described in RFC1884. -.PP -The generated string is copied to \fIdst\fR provided -\fIsize\fR indicates it is long enough to store the -ASCII representation of the address. -.SH "RETURN VALUES" -.PP -If successful, the function returns \fIdst\fR: -a pointer to a string containing the presentation format of the -address. \fBlwres_net_ntop()\fR returns -\fBNULL\fR and sets the global variable -errno to EAFNOSUPPORT if -the protocol family given in \fIaf\fR is not -supported. -.SH "SEE ALSO" -.PP -\fBRFC1884\fR, -\fBinet_ntop\fR(3), -\fBerrno\fR(3). diff --git a/lib/liblwres/man/lwres_inetntop.docbook b/lib/liblwres/man/lwres_inetntop.docbook deleted file mode 100644 index 8daa36351..000000000 --- a/lib/liblwres/man/lwres_inetntop.docbook +++ /dev/null @@ -1,99 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_inetntop -3 -BIND9 - - - -lwres_net_ntop -lightweight resolver IP address presentation - - - -#include <lwres/net.h> - - -const char * -lwres_net_ntop -int af -const void *src -char *dst -size_t size - - - - - -DESCRIPTION - - -lwres_net_ntop() converts an IP address of -protocol family af — IPv4 or IPv6 — -at location src from network format to its -conventional representation as a string. For IPv4 addresses, that -string would be a dotted-decimal. An IPv6 address would be -represented in colon notation as described in RFC1884. - - - -The generated string is copied to dst provided -size indicates it is long enough to store the -ASCII representation of the address. - - - - -RETURN VALUES - - -If successful, the function returns dst: -a pointer to a string containing the presentation format of the -address. lwres_net_ntop() returns -NULL and sets the global variable -errno to EAFNOSUPPORT if -the protocol family given in af is not -supported. - - - - -SEE ALSO - - -RFC1884 -, - -inet_ntop3 -, - -errno3 -. - - - diff --git a/lib/liblwres/man/lwres_inetntop.html b/lib/liblwres/man/lwres_inetntop.html deleted file mode 100644 index 09d4fea34..000000000 --- a/lib/liblwres/man/lwres_inetntop.html +++ /dev/null @@ -1,186 +0,0 @@ - -lwres_inetntop

lwres_inetntop

Name

lwres_net_ntop -- lightweight resolver IP address presentation

Synopsis

#include <lwres/net.h>

const char * -lwres_net_ntop(int af, const void *src, char *dst, size_t size);

DESCRIPTION

lwres_net_ntop() converts an IP address of -protocol family af — IPv4 or IPv6 — -at location src from network format to its -conventional representation as a string. For IPv4 addresses, that -string would be a dotted-decimal. An IPv6 address would be -represented in colon notation as described in RFC1884.

The generated string is copied to dst provided -size indicates it is long enough to store the -ASCII representation of the address.

RETURN VALUES

If successful, the function returns dst: -a pointer to a string containing the presentation format of the -address. lwres_net_ntop() returns -NULL and sets the global variable -errno to EAFNOSUPPORT if -the protocol family given in af is not -supported.

SEE ALSO

RFC1884, -inet_ntop(3), -errno(3).

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_noop.3 b/lib/liblwres/man/lwres_noop.3 deleted file mode 100644 index 50d127029..000000000 --- a/lib/liblwres/man/lwres_noop.3 +++ /dev/null @@ -1,160 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_NOOP" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free \- lightweight resolver no-op message handling -.SH SYNOPSIS -\fB#include -.sp -.na -lwres_result_t -lwres_nooprequest_render(lwres_context_t *ctx, lwres_nooprequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b); -.ad -.sp -.na -lwres_result_t -lwres_noopresponse_render(lwres_context_t *ctx, lwres_noopresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b); -.ad -.sp -.na -lwres_result_t -lwres_nooprequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_nooprequest_t **structp); -.ad -.sp -.na -lwres_result_t -lwres_noopresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_noopresponse_t **structp); -.ad -.sp -.na -void -lwres_noopresponse_free(lwres_context_t *ctx, lwres_noopresponse_t **structp); -.ad -.sp -.na -void -lwres_nooprequest_free(lwres_context_t *ctx, lwres_nooprequest_t **structp); -.ad -\fR.SH "DESCRIPTION" -.PP -These are low-level routines for creating and parsing -lightweight resolver no-op request and response messages. -.PP -The no-op message is analogous to a \fBping\fR packet: -a packet is sent to the resolver daemon and is simply echoed back. -The opcode is intended to allow a client to determine if the server is -operational or not. -.PP -There are four main functions for the no-op opcode. -One render function converts a no-op request structure \(em -\fBlwres_nooprequest_t\fR \(em -to the lighweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a no-op request structure. -Another render function converts the no-op response structure \(em -\fBlwres_noopresponse_t\fR -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a no-op response structure. -.PP -These structures are defined in -\fIlwres/lwres.h\fR. -They are shown below. -.sp -.nf -#define LWRES_OPCODE_NOOP 0x00000000U - -typedef struct { - lwres_uint16_t datalength; - unsigned char *data; -} lwres_nooprequest_t; - -typedef struct { - lwres_uint16_t datalength; - unsigned char *data; -} lwres_noopresponse_t; -.sp -.fi -Although the structures have different types, they are identical. -This is because the no-op opcode simply echos whatever data was sent: -the response is therefore identical to the request. -.PP -\fBlwres_nooprequest_render()\fR uses resolver -context \fIctx\fR to convert no-op request structure -\fIreq\fR to canonical format. The packet header -structure \fIpkt\fR is initialised and transferred to -buffer \fIb\fR. The contents of -\fI*req\fR are then appended to the buffer in -canonical format. \fBlwres_noopresponse_render()\fR -performs the same task, except it converts a no-op response structure -\fBlwres_noopresponse_t\fR to the lightweight resolver's -canonical format. -.PP -\fBlwres_nooprequest_parse()\fR uses context -\fIctx\fR to convert the contents of packet -\fIpkt\fR to a \fBlwres_nooprequest_t\fR -structure. Buffer \fIb\fR provides space to be used -for storing this structure. When the function succeeds, the resulting -\fBlwres_nooprequest_t\fR is made available through -\fI*structp\fR. -\fBlwres_noopresponse_parse()\fR offers the same -semantics as \fBlwres_nooprequest_parse()\fR except it -yields a \fBlwres_noopresponse_t\fR structure. -.PP -\fBlwres_noopresponse_free()\fR and -\fBlwres_nooprequest_free()\fR release the memory in -resolver context \fIctx\fR that was allocated to the -\fBlwres_noopresponse_t\fR or \fBlwres_nooprequest_t\fR -structures referenced via \fIstructp\fR. -.SH "RETURN VALUES" -.PP -The no-op opcode functions -\fBlwres_nooprequest_render()\fR, -\fBlwres_noopresponse_render()\fR -\fBlwres_nooprequest_parse()\fR -and -\fBlwres_noopresponse_parse()\fR -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -\fIb\fR -is too small to accommodate the packet header or the -\fBlwres_nooprequest_t\fR -and -\fBlwres_noopresponse_t\fR -structures. -\fBlwres_nooprequest_parse()\fR -and -\fBlwres_noopresponse_parse()\fR -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -\fBlwres_lwpacket_t\fR -indicate that the packet is not a response to an earlier query. -.SH "SEE ALSO" -.PP -\fBlwres_packet\fR(3) diff --git a/lib/liblwres/man/lwres_noop.docbook b/lib/liblwres/man/lwres_noop.docbook deleted file mode 100644 index 18762e515..000000000 --- a/lib/liblwres/man/lwres_noop.docbook +++ /dev/null @@ -1,229 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_noop -3 -BIND9 - - - -lwres_nooprequest_render -lwres_noopresponse_render -lwres_nooprequest_parse -lwres_noopresponse_parse -lwres_noopresponse_free -lwres_nooprequest_free -lightweight resolver no-op message handling - - - - -#include <lwres/lwres.h> - - -lwres_result_t -lwres_nooprequest_render -lwres_context_t *ctx -lwres_nooprequest_t *req -lwres_lwpacket_t *pkt -lwres_buffer_t *b - - - -lwres_result_t -lwres_noopresponse_render -lwres_context_t *ctx -lwres_noopresponse_t *req -lwres_lwpacket_t *pkt -lwres_buffer_t *b - - - -lwres_result_t -lwres_nooprequest_parse -lwres_context_t *ctx -lwres_buffer_t *b -lwres_lwpacket_t *pkt -lwres_nooprequest_t **structp - - - -lwres_result_t -lwres_noopresponse_parse -lwres_context_t *ctx -lwres_buffer_t *b -lwres_lwpacket_t *pkt -lwres_noopresponse_t **structp - - - -void -lwres_noopresponse_free -lwres_context_t *ctx -lwres_noopresponse_t **structp - - - -void -lwres_nooprequest_free -lwres_context_t *ctx -lwres_nooprequest_t **structp - - - - -DESCRIPTION - -These are low-level routines for creating and parsing -lightweight resolver no-op request and response messages. - - -The no-op message is analogous to a ping packet: -a packet is sent to the resolver daemon and is simply echoed back. -The opcode is intended to allow a client to determine if the server is -operational or not. - - -There are four main functions for the no-op opcode. -One render function converts a no-op request structure — -lwres_nooprequest_t — -to the lighweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a no-op request structure. -Another render function converts the no-op response structure — -lwres_noopresponse_t -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a no-op response structure. - - -These structures are defined in -lwres/lwres.h. - -They are shown below. - -#define LWRES_OPCODE_NOOP 0x00000000U - -typedef struct { - lwres_uint16_t datalength; - unsigned char *data; -} lwres_nooprequest_t; - -typedef struct { - lwres_uint16_t datalength; - unsigned char *data; -} lwres_noopresponse_t; - -Although the structures have different types, they are identical. -This is because the no-op opcode simply echos whatever data was sent: -the response is therefore identical to the request. - - - -lwres_nooprequest_render() uses resolver -context ctx to convert no-op request structure -req to canonical format. The packet header -structure pkt is initialised and transferred to -buffer b. The contents of -*req are then appended to the buffer in -canonical format. lwres_noopresponse_render() -performs the same task, except it converts a no-op response structure -lwres_noopresponse_t to the lightweight resolver's -canonical format. - - - -lwres_nooprequest_parse() uses context -ctx to convert the contents of packet -pkt to a lwres_nooprequest_t -structure. Buffer b provides space to be used -for storing this structure. When the function succeeds, the resulting -lwres_nooprequest_t is made available through -*structp. -lwres_noopresponse_parse() offers the same -semantics as lwres_nooprequest_parse() except it -yields a lwres_noopresponse_t structure. - - - -lwres_noopresponse_free() and -lwres_nooprequest_free() release the memory in -resolver context ctx that was allocated to the -lwres_noopresponse_t or lwres_nooprequest_t -structures referenced via structp. - - - - -RETURN VALUES - -The no-op opcode functions -lwres_nooprequest_render(), - -lwres_noopresponse_render() -lwres_nooprequest_parse() -and -lwres_noopresponse_parse() -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -lwres_nooprequest_t -and -lwres_noopresponse_t -structures. -lwres_nooprequest_parse() -and -lwres_noopresponse_parse() -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -lwres_lwpacket_t -indicate that the packet is not a response to an earlier query. - - - -SEE ALSO - - -lwres_packet3 - - - - - diff --git a/lib/liblwres/man/lwres_noop.html b/lib/liblwres/man/lwres_noop.html deleted file mode 100644 index fdb5da103..000000000 --- a/lib/liblwres/man/lwres_noop.html +++ /dev/null @@ -1,409 +0,0 @@ - -lwres_noop

lwres_noop

Name

lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free -- lightweight resolver no-op message handling

Synopsis

#include <lwres/lwres.h>

lwres_result_t -lwres_nooprequest_render(lwres_context_t *ctx, lwres_nooprequest_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b);

lwres_result_t -lwres_noopresponse_render(lwres_context_t *ctx, lwres_noopresponse_t *req, lwres_lwpacket_t *pkt, lwres_buffer_t *b);

lwres_result_t -lwres_nooprequest_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_nooprequest_t **structp);

lwres_result_t -lwres_noopresponse_parse(lwres_context_t *ctx, lwres_buffer_t *b, lwres_lwpacket_t *pkt, lwres_noopresponse_t **structp);

void -lwres_noopresponse_free(lwres_context_t *ctx, lwres_noopresponse_t **structp);

void -lwres_nooprequest_free(lwres_context_t *ctx, lwres_nooprequest_t **structp);

DESCRIPTION

These are low-level routines for creating and parsing -lightweight resolver no-op request and response messages.

The no-op message is analogous to a ping packet: -a packet is sent to the resolver daemon and is simply echoed back. -The opcode is intended to allow a client to determine if the server is -operational or not.

There are four main functions for the no-op opcode. -One render function converts a no-op request structure — -lwres_nooprequest_t — -to the lighweight resolver's canonical format. -It is complemented by a parse function that converts a packet in this -canonical format to a no-op request structure. -Another render function converts the no-op response structure — -lwres_noopresponse_t -to the canonical format. -This is complemented by a parse function which converts a packet in -canonical format to a no-op response structure.

These structures are defined in -lwres/lwres.h. - -They are shown below. -

#define LWRES_OPCODE_NOOP       0x00000000U
-
-typedef struct {
-        lwres_uint16_t  datalength;
-        unsigned char   *data;
-} lwres_nooprequest_t;
-
-typedef struct {
-        lwres_uint16_t  datalength;
-        unsigned char   *data;
-} lwres_noopresponse_t;
-Although the structures have different types, they are identical. -This is because the no-op opcode simply echos whatever data was sent: -the response is therefore identical to the request.

lwres_nooprequest_render() uses resolver -context ctx to convert no-op request structure -req to canonical format. The packet header -structure pkt is initialised and transferred to -buffer b. The contents of -*req are then appended to the buffer in -canonical format. lwres_noopresponse_render() -performs the same task, except it converts a no-op response structure -lwres_noopresponse_t to the lightweight resolver's -canonical format.

lwres_nooprequest_parse() uses context -ctx to convert the contents of packet -pkt to a lwres_nooprequest_t -structure. Buffer b provides space to be used -for storing this structure. When the function succeeds, the resulting -lwres_nooprequest_t is made available through -*structp. -lwres_noopresponse_parse() offers the same -semantics as lwres_nooprequest_parse() except it -yields a lwres_noopresponse_t structure.

lwres_noopresponse_free() and -lwres_nooprequest_free() release the memory in -resolver context ctx that was allocated to the -lwres_noopresponse_t or lwres_nooprequest_t -structures referenced via structp.

RETURN VALUES

The no-op opcode functions -lwres_nooprequest_render(), - -lwres_noopresponse_render() -lwres_nooprequest_parse() -and -lwres_noopresponse_parse() -all return -LWRES_R_SUCCESS -on success. -They return -LWRES_R_NOMEMORY -if memory allocation fails. -LWRES_R_UNEXPECTEDEND -is returned if the available space in the buffer -b -is too small to accommodate the packet header or the -lwres_nooprequest_t -and -lwres_noopresponse_t -structures. -lwres_nooprequest_parse() -and -lwres_noopresponse_parse() -will return -LWRES_R_UNEXPECTEDEND -if the buffer is not empty after decoding the received packet. -These functions will return -LWRES_R_FAILURE -if -pktflags -in the packet header structure -lwres_lwpacket_t -indicate that the packet is not a response to an earlier query.

SEE ALSO

lwres_packet(3)

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_packet.3 b/lib/liblwres/man/lwres_packet.3 deleted file mode 100644 index d7fb6f077..000000000 --- a/lib/liblwres/man/lwres_packet.3 +++ /dev/null @@ -1,149 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_PACKET" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_lwpacket_renderheader, lwres_lwpacket_parseheader \- lightweight resolver packet handling functions -.SH SYNOPSIS -\fB#include -.sp -.na -lwres_result_t -lwres_lwpacket_renderheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt); -.ad -.sp -.na -lwres_result_t -lwres_lwpacket_parseheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt); -.ad -\fR.SH "DESCRIPTION" -.PP -These functions rely on a -\fBstruct lwres_lwpacket\fR -which is defined in -\fIlwres/lwpacket.h\fR. -.sp -.nf -typedef struct lwres_lwpacket lwres_lwpacket_t; - -struct lwres_lwpacket { - lwres_uint32_t length; - lwres_uint16_t version; - lwres_uint16_t pktflags; - lwres_uint32_t serial; - lwres_uint32_t opcode; - lwres_uint32_t result; - lwres_uint32_t recvlength; - lwres_uint16_t authtype; - lwres_uint16_t authlength; -}; -.sp -.fi -.PP -The elements of this structure are: -.TP -\fBlength\fR -the overall packet length, including the entire packet header. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. -.TP -\fBversion\fR -the header format. There is currently only one format, -\fBLWRES_LWPACKETVERSION_0\fR. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. -.TP -\fBpktflags\fR -library-defined flags for this packet: for instance whether the packet -is a request or a reply. Flag values can be set, but not defined by -the caller. -This field is filled in by the application wit the exception of the -LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the -lwres_gabn_*() and lwres_gnba_*() calls. -.TP -\fBserial\fR -is set by the requestor and is returned in all replies. If two or more -packets from the same source have the same serial number and are from -the same source, they are assumed to be duplicates and the latter ones -may be dropped. -This field must be set by the application. -.TP -\fBopcode\fR -indicates the operation. -Opcodes between 0x00000000 and 0x03ffffff are -reserved for use by the lightweight resolver library. Opcodes between -0x04000000 and 0xffffffff are application defined. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. -.TP -\fBresult\fR -is only valid for replies. -Results between 0x04000000 and 0xffffffff are application defined. -Results between 0x00000000 and 0x03ffffff are reserved for library use. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. -.TP -\fBrecvlength\fR -is the maximum buffer size that the receiver can handle on requests -and the size of the buffer needed to satisfy a request when the buffer -is too large for replies. -This field is supplied by the application. -.TP -\fBauthtype\fR -defines the packet level authentication that is used. -Authorisation types between 0x1000 and 0xffff are application defined -and types between 0x0000 and 0x0fff are reserved for library use. -Currently these are not used and must be zero. -.TP -\fBauthlen\fR -gives the length of the authentication data. -Since packet authentication is currently not used, this must be zero. -.PP -The following opcodes are currently defined: -.TP -\fBNOOP\fR -Success is always returned and the packet contents are echoed. -The lwres_noop_*() functions should be used for this type. -.TP -\fBGETADDRSBYNAME\fR -returns all known addresses for a given name. -The lwres_gabn_*() functions should be used for this type. -.TP -\fBGETNAMEBYADDR\fR -return the hostname for the given address. -The lwres_gnba_*() functions should be used for this type. -.PP -\fBlwres_lwpacket_renderheader()\fR transfers the -contents of lightweight resolver packet structure -\fBlwres_lwpacket_t\fR \fI*pkt\fR in network -byte order to the lightweight resolver buffer, -\fI*b\fR. -.PP -\fBlwres_lwpacket_parseheader()\fR performs the -converse operation. It transfers data in network byte order from -buffer \fI*b\fR to resolver packet -\fI*pkt\fR. The contents of the buffer -\fIb\fR should correspond to a -\fBlwres_lwpacket_t\fR. -.SH "RETURN VALUES" -.PP -Successful calls to -\fBlwres_lwpacket_renderheader()\fR and -\fBlwres_lwpacket_parseheader()\fR return -LWRES_R_SUCCESS. If there is insufficient -space to copy data between the buffer \fI*b\fR and -lightweight resolver packet \fI*pkt\fR both functions -return LWRES_R_UNEXPECTEDEND. diff --git a/lib/liblwres/man/lwres_packet.docbook b/lib/liblwres/man/lwres_packet.docbook deleted file mode 100644 index 7b9ed38b3..000000000 --- a/lib/liblwres/man/lwres_packet.docbook +++ /dev/null @@ -1,218 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - -lwres_packet -3 -BIND9 - - - -lwres_lwpacket_renderheader -lwres_lwpacket_parseheader -lightweight resolver packet handling functions - - - -#include <lwres/lwpacket.h> - - -lwres_result_t -lwres_lwpacket_renderheader -lwres_buffer_t *b -lwres_lwpacket_t *pkt - - - -lwres_result_t -lwres_lwpacket_parseheader -lwres_buffer_t *b -lwres_lwpacket_t *pkt - - - - -DESCRIPTION - -These functions rely on a -struct lwres_lwpacket -which is defined in -lwres/lwpacket.h. - - -typedef struct lwres_lwpacket lwres_lwpacket_t; - -struct lwres_lwpacket { - lwres_uint32_t length; - lwres_uint16_t version; - lwres_uint16_t pktflags; - lwres_uint32_t serial; - lwres_uint32_t opcode; - lwres_uint32_t result; - lwres_uint32_t recvlength; - lwres_uint16_t authtype; - lwres_uint16_t authlength; -}; - - - - -The elements of this structure are: - -length - - -the overall packet length, including the entire packet header. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. - -version - - -the header format. There is currently only one format, -LWRES_LWPACKETVERSION_0. - -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. - -pktflags - - -library-defined flags for this packet: for instance whether the packet -is a request or a reply. Flag values can be set, but not defined by -the caller. -This field is filled in by the application wit the exception of the -LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the -lwres_gabn_*() and lwres_gnba_*() calls. - -serial - - -is set by the requestor and is returned in all replies. If two or more -packets from the same source have the same serial number and are from -the same source, they are assumed to be duplicates and the latter ones -may be dropped. -This field must be set by the application. - -opcode - - -indicates the operation. -Opcodes between 0x00000000 and 0x03ffffff are -reserved for use by the lightweight resolver library. Opcodes between -0x04000000 and 0xffffffff are application defined. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. - -result - - -is only valid for replies. -Results between 0x04000000 and 0xffffffff are application defined. -Results between 0x00000000 and 0x03ffffff are reserved for library use. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls. - -recvlength - - -is the maximum buffer size that the receiver can handle on requests -and the size of the buffer needed to satisfy a request when the buffer -is too large for replies. -This field is supplied by the application. - -authtype - - -defines the packet level authentication that is used. -Authorisation types between 0x1000 and 0xffff are application defined -and types between 0x0000 and 0x0fff are reserved for library use. -Currently these are not used and must be zero. - -authlen - - -gives the length of the authentication data. -Since packet authentication is currently not used, this must be zero. - - - - -The following opcodes are currently defined: - -NOOP - - -Success is always returned and the packet contents are echoed. -The lwres_noop_*() functions should be used for this type. - -GETADDRSBYNAME - - -returns all known addresses for a given name. -The lwres_gabn_*() functions should be used for this type. - -GETNAMEBYADDR - - -return the hostname for the given address. -The lwres_gnba_*() functions should be used for this type. - - - - - -lwres_lwpacket_renderheader() transfers the -contents of lightweight resolver packet structure -lwres_lwpacket_t *pkt in network -byte order to the lightweight resolver buffer, -*b. - - - -lwres_lwpacket_parseheader() performs the -converse operation. It transfers data in network byte order from -buffer *b to resolver packet -*pkt. The contents of the buffer -b should correspond to a -lwres_lwpacket_t. - - - - - -RETURN VALUES - Successful calls to -lwres_lwpacket_renderheader() and -lwres_lwpacket_parseheader() return -LWRES_R_SUCCESS. If there is insufficient -space to copy data between the buffer *b and -lightweight resolver packet *pkt both functions -return LWRES_R_UNEXPECTEDEND. - - - - diff --git a/lib/liblwres/man/lwres_packet.html b/lib/liblwres/man/lwres_packet.html deleted file mode 100644 index 5c5828f49..000000000 --- a/lib/liblwres/man/lwres_packet.html +++ /dev/null @@ -1,373 +0,0 @@ - -lwres_packet

lwres_packet

Name

lwres_lwpacket_renderheader, lwres_lwpacket_parseheader -- lightweight resolver packet handling functions

Synopsis

#include <lwres/lwpacket.h>

lwres_result_t -lwres_lwpacket_renderheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt);

lwres_result_t -lwres_lwpacket_parseheader(lwres_buffer_t *b, lwres_lwpacket_t *pkt);

DESCRIPTION

These functions rely on a -struct lwres_lwpacket -which is defined in -lwres/lwpacket.h. - -

typedef struct lwres_lwpacket lwres_lwpacket_t;
-
-struct lwres_lwpacket {
-        lwres_uint32_t          length;
-        lwres_uint16_t          version;
-        lwres_uint16_t          pktflags;
-        lwres_uint32_t          serial;
-        lwres_uint32_t          opcode;
-        lwres_uint32_t          result;
-        lwres_uint32_t          recvlength;
-        lwres_uint16_t          authtype;
-        lwres_uint16_t          authlength;
-};

The elements of this structure are: -

length

the overall packet length, including the entire packet header. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls.

version

the header format. There is currently only one format, -LWRES_LWPACKETVERSION_0. - -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls.

pktflags

library-defined flags for this packet: for instance whether the packet -is a request or a reply. Flag values can be set, but not defined by -the caller. -This field is filled in by the application wit the exception of the -LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the -lwres_gabn_*() and lwres_gnba_*() calls.

serial

is set by the requestor and is returned in all replies. If two or more -packets from the same source have the same serial number and are from -the same source, they are assumed to be duplicates and the latter ones -may be dropped. -This field must be set by the application.

opcode

indicates the operation. -Opcodes between 0x00000000 and 0x03ffffff are -reserved for use by the lightweight resolver library. Opcodes between -0x04000000 and 0xffffffff are application defined. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls.

result

is only valid for replies. -Results between 0x04000000 and 0xffffffff are application defined. -Results between 0x00000000 and 0x03ffffff are reserved for library use. -This field is filled in by the lwres_gabn_*() and lwres_gnba_*() -calls.

recvlength

is the maximum buffer size that the receiver can handle on requests -and the size of the buffer needed to satisfy a request when the buffer -is too large for replies. -This field is supplied by the application.

authtype

defines the packet level authentication that is used. -Authorisation types between 0x1000 and 0xffff are application defined -and types between 0x0000 and 0x0fff are reserved for library use. -Currently these are not used and must be zero.

authlen

gives the length of the authentication data. -Since packet authentication is currently not used, this must be zero.

The following opcodes are currently defined: -

NOOP

Success is always returned and the packet contents are echoed. -The lwres_noop_*() functions should be used for this type.

GETADDRSBYNAME

returns all known addresses for a given name. -The lwres_gabn_*() functions should be used for this type.

GETNAMEBYADDR

return the hostname for the given address. -The lwres_gnba_*() functions should be used for this type.

lwres_lwpacket_renderheader() transfers the -contents of lightweight resolver packet structure -lwres_lwpacket_t *pkt in network -byte order to the lightweight resolver buffer, -*b.

lwres_lwpacket_parseheader() performs the -converse operation. It transfers data in network byte order from -buffer *b to resolver packet -*pkt. The contents of the buffer -b should correspond to a -lwres_lwpacket_t.

RETURN VALUES

Successful calls to -lwres_lwpacket_renderheader() and -lwres_lwpacket_parseheader() return -LWRES_R_SUCCESS. If there is insufficient -space to copy data between the buffer *b and -lightweight resolver packet *pkt both functions -return LWRES_R_UNEXPECTEDEND.

\ No newline at end of file diff --git a/lib/liblwres/man/lwres_resutil.3 b/lib/liblwres/man/lwres_resutil.3 deleted file mode 100644 index 6db4825b0..000000000 --- a/lib/liblwres/man/lwres_resutil.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" -.\" Copyright (C) 2000, 2001 Internet Software Consortium. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM -.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL -.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, -.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING -.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, -.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION -.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.TH "LWRES_RESUTIL" "3" "Jun 30, 2000" "BIND9" "" -.SH NAME -lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr \- lightweight resolver utility functions -.SH SYNOPSIS -\fB#include -.sp -.na -lwres_result_t -lwres_string_parse(lwres_buffer_t *b, char **c, lwres_uint16_t *len); -.ad -.sp -.na -lwres_result_t -lwres_addr_parse(lwres_buffer_t *b, lwres_addr_t *addr); -.ad -.sp -.na -lwres_result_t -lwres_getaddrsbyname(lwres_context_t *ctx, const char *name, lwres_uint32_t addrtypes, lwres_gabnresponse_t **structp); -.ad -.sp -.na -lwres_result_t -lwres_getnamebyaddr(lwres_context_t *ctx, lwres_uint32_t addrtype, lwres_uint16_t addrlen, const unsigned char *addr, lwres_gnbaresponse_t **structp); -.ad -\fR.SH "DESCRIPTION" -.PP -\fBlwres_string_parse()\fR retrieves a DNS-encoded -string starting the current pointer of lightweight resolver buffer -\fIb\fR: i.e. b->current. -When the function returns, the address of the first byte of the -encoded string is returned via \fI*c\fR and the -length of that string is given by \fI*len\fR. The -buffer's current pointer is advanced to point at the character -following the string length, the encoded string, and the trailing -\fBNULL\fR character. -.PP -\fBlwres_addr_parse()\fR extracts an address from the -buffer \fIb\fR. The buffer's current pointer -b->current is presumed to point at an encoded -address: the address preceded by a 32-bit protocol family identifier -and a 16-bit length field. The encoded address is copied to -addr->address and -addr->length indicates the size in bytes of -the address that was copied. b->current is -advanced to point at the next byte of available data in the buffer -following the encoded address. -.PP -\fBlwres_getaddrsbyname()\fR -and -\fBlwres_getnamebyaddr()\fR -use the -\fBlwres_gnbaresponse_t\fR -structure defined below: -.sp -.nf -typedef struct { - lwres_uint32_t flags; - lwres_uint16_t naliases; - lwres_uint16_t naddrs; - char *realname; - char **aliases; - lwres_uint16_t realnamelen; - lwres_uint16_t *aliaslen; - lwres_addrlist_t addrs; - void *base; - size_t baselen; -} lwres_gabnresponse_t; -.sp -.fi -The contents of this structure are not manipulated directly but -they are controlled through the -\fBlwres_gabn\fR(3) -functions. -.PP -The lightweight resolver uses -\fBlwres_getaddrsbyname()\fR to perform foward lookups. -Hostname \fIname\fR is looked up using the resolver -context \fIctx\fR for memory allocation. -\fIaddrtypes\fR is a bitmask indicating which type of -addresses are to be looked up. Current values for this bitmask are -\fBLWRES_ADDRTYPE_V4\fR for IPv4 addresses and -\fBLWRES_ADDRTYPE_V6\fR for IPv6 addresses. Results of the -lookup are returned in \fI*structp\fR. -.PP -\fBlwres_getnamebyaddr()\fR performs reverse lookups. -Resolver context \fIctx\fR is used for memory -allocation. The address type is indicated by -\fIaddrtype\fR: \fBLWRES_ADDRTYPE_V4\fR or -\fBLWRES_ADDRTYPE_V6\fR. The address to be looked up is given -by \fIaddr\fR and its length is -\fIaddrlen\fR bytes. The result of the function call -is made available through \fI*structp\fR. -.SH "RETURN VALUES" -.PP -Successful calls to -\fBlwres_string_parse()\fR -and -\fBlwres_addr_parse()\fR -return -LWRES_R_SUCCESS. -Both functions return -LWRES_R_FAILURE -if the buffer is corrupt or -LWRES_R_UNEXPECTEDEND -if the buffer has less space than expected for the components of the -encoded string or address. -.PP -\fBlwres_getaddrsbyname()\fR -returns -LWRES_R_SUCCESS -on success and it returns -LWRES_R_NOTFOUND -if the hostname -\fIname\fR -could not be found. -.PP -LWRES_R_SUCCESS -is returned by a successful call to -\fBlwres_getnamebyaddr()\fR. -.PP -Both -\fBlwres_getaddrsbyname()\fR -and -\fBlwres_getnamebyaddr()\fR -return -LWRES_R_NOMEMORY -when memory allocation requests fail and -LWRES_R_UNEXPECTEDEND -if the buffers used for sending queries and receiving replies are too -small. -.SH "SEE ALSO" -.PP -\fBlwres_buffer\fR(3), -\fBlwres_gabn\fR(3). diff --git a/lib/liblwres/man/lwres_resutil.docbook b/lib/liblwres/man/lwres_resutil.docbook deleted file mode 100644 index 72d6dc614..000000000 --- a/lib/liblwres/man/lwres_resutil.docbook +++ /dev/null @@ -1,221 +0,0 @@ - - - - - - - - -Jun 30, 2000 - - - - lwres_resutil - 3 - BIND9 - - - -lwres_string_parse -lwres_addr_parse -lwres_getaddrsbyname -lwres_getnamebyaddr -lightweight resolver utility functions - - - -#include <lwres/lwres.h> - - -lwres_result_t -lwres_string_parse -lwres_buffer_t *b -char **c -lwres_uint16_t *len - - - -lwres_result_t -lwres_addr_parse -lwres_buffer_t *b -lwres_addr_t *addr - - - -lwres_result_t -lwres_getaddrsbyname -lwres_context_t *ctx -const char *name -lwres_uint32_t addrtypes -lwres_gabnresponse_t **structp - - - -lwres_result_t -lwres_getnamebyaddr -lwres_context_t *ctx -lwres_uint32_t addrtype -lwres_uint16_t addrlen -const unsigned char *addr -lwres_gnbaresponse_t **structp - - - - - -DESCRIPTION - - -lwres_string_parse() retrieves a DNS-encoded -string starting the current pointer of lightweight resolver buffer -b: i.e. b->current. -When the function returns, the address of the first byte of the -encoded string is returned via *c and the -length of that string is given by *len. The -buffer's current pointer is advanced to point at the character -following the string length, the encoded string, and the trailing -NULL character. - - - -lwres_addr_parse() extracts an address from the -buffer b. The buffer's current pointer -b->current is presumed to point at an encoded -address: the address preceded by a 32-bit protocol family identifier -and a 16-bit length field. The encoded address is copied to -addr->address and -addr->length indicates the size in bytes of -the address that was copied. b->current is -advanced to point at the next byte of available data in the buffer -following the encoded address. - - - -lwres_getaddrsbyname() -and -lwres_getnamebyaddr() -use the -lwres_gnbaresponse_t -structure defined below: - -typedef struct { - lwres_uint32_t flags; - lwres_uint16_t naliases; - lwres_uint16_t naddrs; - char *realname; - char **aliases; - lwres_uint16_t realnamelen; - lwres_uint16_t *aliaslen; - lwres_addrlist_t addrs; - void *base; - size_t baselen; -} lwres_gabnresponse_t; - -The contents of this structure are not manipulated directly but -they are controlled through the - -lwres_gabn3 - - -functions. - - - -The lightweight resolver uses -lwres_getaddrsbyname() to perform foward lookups. -Hostname name is looked up using the resolver -context ctx for memory allocation. -addrtypes is a bitmask indicating which type of -addresses are to be looked up. Current values for this bitmask are -LWRES_ADDRTYPE_V4 for IPv4 addresses and -LWRES_ADDRTYPE_V6 for IPv6 addresses. Results of the -lookup are returned in *structp. - - - -lwres_getnamebyaddr() performs reverse lookups. -Resolver context ctx is used for memory -allocation. The address type is indicated by -addrtype: LWRES_ADDRTYPE_V4 or -LWRES_ADDRTYPE_V6. The address to be looked up is given -by addr and its length is -addrlen bytes. The result of the function call -is made available through *structp. - - - - -RETURN VALUES - -Successful calls to -lwres_string_parse() -and -lwres_addr_parse() -return -LWRES_R_SUCCESS. -Both functions return -LWRES_R_FAILURE -if the buffer is corrupt or -LWRES_R_UNEXPECTEDEND -if the buffer has less space than expected for the components of the -encoded string or address. - - -lwres_getaddrsbyname() -returns -LWRES_R_SUCCESS -on success and it returns -LWRES_R_NOTFOUND -if the hostname -name -could not be found. - - -LWRES_R_SUCCESS -is returned by a successful call to -lwres_getnamebyaddr(). - - - -Both -lwres_getaddrsbyname() -and -lwres_getnamebyaddr() -return -LWRES_R_NOMEMORY -when memory allocation requests fail and -LWRES_R_UNEXPECTEDEND -if the buffers used for sending queries and receiving replies are too -small. - - - - -SEE ALSO - - -lwres_buffer3 -, - - -lwres_gabn3 -. - - - - diff --git a/lib/liblwres/man/lwres_resutil.html b/lib/liblwres/man/lwres_resutil.html deleted file mode 100644 index ae3a2f646..000000000 --- a/lib/liblwres/man/lwres_resutil.html +++ /dev/null @@ -1,412 +0,0 @@ - -lwres_resutil

lwres_resutil

Name

lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr -- lightweight resolver utility functions

Synopsis

#include <lwres/lwres.h>

lwres_result_t -lwres_string_parse(lwres_buffer_t *b, char **c, lwres_uint16_t *len);

lwres_result_t -lwres_addr_parse(lwres_buffer_t *b, lwres_addr_t *addr);

lwres_result_t -lwres_getaddrsbyname(lwres_context_t *ctx, const char *name, lwres_uint32_t addrtypes, lwres_gabnresponse_t **structp);

lwres_result_t -lwres_getnamebyaddr(lwres_context_t *ctx, lwres_uint32_t addrtype, lwres_uint16_t addrlen, const unsigned char *addr, lwres_gnbaresponse_t **structp);

DESCRIPTION

lwres_string_parse() retrieves a DNS-encoded -string starting the current pointer of lightweight resolver buffer -b: i.e. b->current. -When the function returns, the address of the first byte of the -encoded string is returned via *c and the -length of that string is given by *len. The -buffer's current pointer is advanced to point at the character -following the string length, the encoded string, and the trailing -NULL character.

lwres_addr_parse() extracts an address from the -buffer b. The buffer's current pointer -b->current is presumed to point at an encoded -address: the address preceded by a 32-bit protocol family identifier -and a 16-bit length field. The encoded address is copied to -addr->address and -addr->length indicates the size in bytes of -the address that was copied. b->current is -advanced to point at the next byte of available data in the buffer -following the encoded address.

lwres_getaddrsbyname() -and -lwres_getnamebyaddr() -use the -lwres_gnbaresponse_t -structure defined below: -

typedef struct {
-        lwres_uint32_t          flags;
-        lwres_uint16_t          naliases;
-        lwres_uint16_t          naddrs;
-        char                   *realname;
-        char                  **aliases;
-        lwres_uint16_t          realnamelen;
-        lwres_uint16_t         *aliaslen;
-        lwres_addrlist_t        addrs;
-        void                   *base;
-        size_t                  baselen;
-} lwres_gabnresponse_t;
-The contents of this structure are not manipulated directly but -they are controlled through the -lwres_gabn(3) -functions.

The lightweight resolver uses -lwres_getaddrsbyname() to perform foward lookups. -Hostname name is looked up using the resolver -context ctx for memory allocation. -addrtypes is a bitmask indicating which type of -addresses are to be looked up. Current values for this bitmask are -LWRES_ADDRTYPE_V4 for IPv4 addresses and -LWRES_ADDRTYPE_V6 for IPv6 addresses. Results of the -lookup are returned in *structp.

lwres_getnamebyaddr() performs reverse lookups. -Resolver context ctx is used for memory -allocation. The address type is indicated by -addrtype: LWRES_ADDRTYPE_V4 or -LWRES_ADDRTYPE_V6. The address to be looked up is given -by addr and its length is -addrlen bytes. The result of the function call -is made available through *structp.

RETURN VALUES

Successful calls to -lwres_string_parse() -and -lwres_addr_parse() -return -LWRES_R_SUCCESS. -Both functions return -LWRES_R_FAILURE -if the buffer is corrupt or -LWRES_R_UNEXPECTEDEND -if the buffer has less space than expected for the components of the -encoded string or address.

lwres_getaddrsbyname() -returns -LWRES_R_SUCCESS -on success and it returns -LWRES_R_NOTFOUND -if the hostname -name -could not be found.

LWRES_R_SUCCESS -is returned by a successful call to -lwres_getnamebyaddr().

Both -lwres_getaddrsbyname() -and -lwres_getnamebyaddr() -return -LWRES_R_NOMEMORY -when memory allocation requests fail and -LWRES_R_UNEXPECTEDEND -if the buffers used for sending queries and receiving replies are too -small.

SEE ALSO

lwres_buffer(3), - -lwres_gabn(3).

\ No newline at end of file diff --git a/lib/liblwres/unix/include/lwres/net.h b/lib/liblwres/unix/include/lwres/net.h deleted file mode 100644 index cb17700cd..000000000 --- a/lib/liblwres/unix/include/lwres/net.h +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: net.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef LWRES_NET_H -#define LWRES_NET_H 1 - -/***** - ***** Module Info - *****/ - -/* - * Basic Networking Types - * - * This module is responsible for defining the following basic networking - * types: - * - * struct in_addr - * struct in6_addr - * struct sockaddr - * struct sockaddr_in - * struct sockaddr_in6 - * - * It ensures that the AF_ and PF_ macros are defined. - * - * It declares ntoh[sl]() and hton[sl](). - * - * It declares lwres_net_aton(), lwres_net_ntop(), and lwres_net_pton(). - * - * It ensures that INADDR_LOOPBACK, INADDR_ANY and IN6ADDR_ANY_INIT - * are defined. - */ - -/*** - *** Imports. - ***/ - -#include /* Required for LWRES_PLATFORM_*. */ - -#include -#include /* Contractual promise. */ -#include -#include - -#include /* Contractual promise. */ -#include /* Contractual promise. */ -#ifdef LWRES_PLATFORM_NEEDNETINETIN6H -#include /* Required on UnixWare. */ -#endif -#ifdef LWRES_PLATFORM_NEEDNETINET6IN6H -#include /* Required on BSD/OS for in6_pktinfo. */ -#endif - -#include - -#ifndef LWRES_PLATFORM_HAVEIPV6 -#include /* Contractual promise. */ -#endif - -#ifdef LWRES_PLATFORM_HAVEINADDR6 -#define in6_addr in_addr6 /* Required for pre RFC2133 implementations. */ -#endif - -/* - * Required for some pre RFC2133 implementations. - * IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT were added in - * draft-ietf-ipngwg-bsd-api-04.txt or draft-ietf-ipngwg-bsd-api-05.txt. - * If 's6_addr' is defined then assume that there is a union and three - * levels otherwise assume two levels required. - */ -#ifndef IN6ADDR_ANY_INIT -#ifdef s6_addr -#define IN6ADDR_ANY_INIT { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } } -#else -#define IN6ADDR_ANY_INIT { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } -#endif -#endif - -#ifndef IN6ADDR_LOOPBACK_INIT -#ifdef s6_addr -#define IN6ADDR_LOOPBACK_INIT { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 } } } -#else -#define IN6ADDR_LOOPBACK_INIT { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 } } -#endif -#endif - -#ifndef AF_INET6 -#define AF_INET6 99 -#endif - -#ifndef PF_INET6 -#define PF_INET6 AF_INET6 -#endif - -#ifndef INADDR_LOOPBACK -#define INADDR_LOOPBACK 0x7f000001UL -#endif - -LWRES_LANG_BEGINDECLS - -const char * -lwres_net_ntop(int af, const void *src, char *dst, size_t size); - -int -lwres_net_pton(int af, const char *src, void *dst); - -int -lwres_net_aton(const char *cp, struct in_addr *addr); - -LWRES_LANG_ENDDECLS - -#endif /* LWRES_NET_H */ diff --git a/lib/liblwres/version.c b/lib/liblwres/version.c deleted file mode 100644 index ce0380d23..000000000 --- a/lib/liblwres/version.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (C) 2000, 2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* $Id: version.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -char lwres_version[] = VERSION; - -unsigned int lwres_libinterface = LIBINTERFACE; -unsigned int lwres_librevision = LIBREVISION; -unsigned int lwres_libage = LIBAGE; diff --git a/linux/Documentation/Configure.help.fs2_0.patch b/linux/Documentation/Configure.help.fs2_0.patch deleted file mode 100644 index 370b8944e..000000000 --- a/linux/Documentation/Configure.help.fs2_0.patch +++ /dev/null @@ -1,65 +0,0 @@ ---- linux/Documentation/Configure.help.orig Tue Jan 9 16:29:20 2001 -+++ linux/Documentation/Configure.help Fri Aug 9 14:47:14 2002 -@@ -4979,2 +4979,62 @@ - -+IP Security Protocol (IPSEC) (EXPERIMENTAL) -+CONFIG_IPSEC -+ This unit is experimental code. -+ Pick 'y' for static linking, 'm' for module support or 'n' for none. -+ This option adds support for network layer packet encryption and/or -+ authentication with participating hosts. The standards start with: -+ RFCs 2411, 2407 and 2401. Others are mentioned where they refer to -+ specific features below. There are more pending which can be -+ found at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-*. -+ A description of each document can also be found at: -+ http://ietf.org/ids.by.wg/ipsec.html. -+ Their charter can be found at: -+ http://www.ietf.org/html.charters/ipsec-charter.html -+ Snapshots and releases of the current work can be found at: -+ http://www.freeswan.org/ -+ -+IPSEC: IP-in-IP encapsulation -+CONFIG_IPSEC_IPIP -+ This option provides support for tunnel mode IPSEC. It is recommended -+ to enable this. -+ -+IPSEC: Authentication Header -+CONFIG_IPSEC_AH -+ This option provides support for the IPSEC Authentication Header -+ (IP protocol 51) which provides packet layer sender and content -+ authentication. It is recommended to enable this. RFC2402 -+ -+HMAC-MD5 algorithm -+CONFIG_IPSEC_AUTH_HMAC_MD5 -+ Provides support for authentication using the HMAC MD5 -+ algorithm with 96 bits of hash used as the authenticator. RFC2403 -+ -+HMAC-SHA1 algorithm -+CONFIG_IPSEC_AUTH_HMAC_SHA1 -+ Provides support for Authentication Header using the HMAC SHA1 -+ algorithm with 96 bits of hash used as the authenticator. RFC2404 -+ -+IPSEC: Encapsulating Security Payload -+CONFIG_IPSEC_ESP -+ This option provides support for the IPSEC Encapsulation Security -+ Payload (IP protocol 50) which provides packet layer content -+ hiding. It is recommended to enable this. RFC2406 -+ -+3DES algorithm -+CONFIG_IPSEC_ENC_3DES -+ Provides support for Encapsulation Security Payload protocol, using -+ the triple DES encryption algorithm. RFC2451 -+ -+IPSEC Debugging Option -+CONFIG_IPSEC_DEBUG -+ Enables IPSEC kernel debugging. It is further controlled by the -+ user space utility 'klipsdebug'. -+ -+IPSEC Regression Testing option -+CONFIG_IPSEC_REGRESS -+ Enables IPSEC regression testing. Creates a number of switches in -+ /proc/sys/net/ipsec which cause various failure modes in KLIPS. -+ For more details see FreeSWAN source under -+ testing/doc/regression_options.txt. -+ - # need an empty line after last entry, for sed script in Configure. diff --git a/linux/Documentation/Configure.help.fs2_2.patch b/linux/Documentation/Configure.help.fs2_2.patch deleted file mode 100644 index 52a133410..000000000 --- a/linux/Documentation/Configure.help.fs2_2.patch +++ /dev/null @@ -1,70 +0,0 @@ ---- /a3/kernel_sources/linux-2.2.20/Documentation/Configure.help Fri Nov 2 11:39:05 2001 -+++ linux2.2/Documentation/Configure.help Mon Jul 29 15:42:26 2002 -@@ -15237,5 +15237,66 @@ - --# -+ -+IP Security Protocol (IPSEC) (EXPERIMENTAL) -+CONFIG_IPSEC -+ This unit is experimental code. -+ Pick 'y' for static linking, 'm' for module support or 'n' for none. -+ This option adds support for network layer packet encryption and/or -+ authentication with participating hosts. The standards start with: -+ RFCs 2411, 2407 and 2401. Others are mentioned where they refer to -+ specific features below. There are more pending which can be found -+ at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-*. -+ A description of each document can also be found at: -+ http://ietf.org/ids.by.wg/ipsec.html. -+ Their charter can be found at: -+ http://www.ietf.org/html.charters/ipsec-charter.html -+ Snapshots and releases of the current work can be found at: -+ http://www.freeswan.org/ -+ -+IPSEC: IP-in-IP encapsulation -+CONFIG_IPSEC_IPIP -+ This option provides support for tunnel mode IPSEC. It is recommended -+ to enable this. -+ -+IPSEC: Authentication Header -+CONFIG_IPSEC_AH -+ This option provides support for the IPSEC Authentication Header -+ (IP protocol 51) which provides packet layer sender and content -+ authentication. It is recommended to enable this. RFC2402 -+ -+HMAC-MD5 algorithm -+CONFIG_IPSEC_AUTH_HMAC_MD5 -+ Provides support for authentication using the HMAC MD5 -+ algorithm with 96 bits of hash used as the authenticator. RFC2403 -+ -+HMAC-SHA1 algorithm -+CONFIG_IPSEC_AUTH_HMAC_SHA1 -+ Provides support for Authentication Header using the HMAC SHA1 -+ algorithm with 96 bits of hash used as the authenticator. RFC2404 -+ -+IPSEC: Encapsulating Security Payload -+CONFIG_IPSEC_ESP -+ This option provides support for the IPSEC Encapsulation Security -+ Payload (IP protocol 50) which provides packet layer content -+ hiding. It is recommended to enable this. RFC2406 -+ -+3DES algorithm -+CONFIG_IPSEC_ENC_3DES -+ Provides support for Encapsulation Security Payload protocol, using -+ the triple DES encryption algorithm. RFC2451 -+ -+IPSEC Debugging Option -+CONFIG_IPSEC_DEBUG -+ Enables IPSEC kernel debugging. It is further controlled by the -+ user space utility 'klipsdebug'. -+ -+IPSEC Regression Testing option -+CONFIG_IPSEC_REGRESS -+ Enables IPSEC regression testing. Creates a number of switches in -+ /proc/sys/net/ipsec which cause various failure modes in KLIPS. -+ For more details see FreeSWAN source under -+ testing/doc/regression_options.txt. -+ -+# - # A couple of things I keep forgetting: - # capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet, - # Intel, IRQ, Linux, MSDOS, NetWare, NetWinder, NFS, diff --git a/linux/Documentation/Configure.help.fs2_4.patch b/linux/Documentation/Configure.help.fs2_4.patch deleted file mode 100644 index 863d69c35..000000000 --- a/linux/Documentation/Configure.help.fs2_4.patch +++ /dev/null @@ -1,69 +0,0 @@ ---- linux/Documentation/Configure.help.orig Fri Dec 21 12:41:53 2001 -+++ linux/Documentation/Configure.help Mon Jul 29 16:35:32 2002 -@@ -24237,5 +24237,65 @@ - --# -+IP Security Protocol (IPSEC) (EXPERIMENTAL) -+CONFIG_IPSEC -+ This unit is experimental code. -+ Pick 'y' for static linking, 'm' for module support or 'n' for none. -+ This option adds support for network layer packet encryption and/or -+ authentication with participating hosts. The standards start with: -+ RFCs 2411, 2407 and 2401. Others are mentioned where they refer to -+ specific features below. There are more pending which can be found -+ at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-*. -+ A description of each document can also be found at: -+ http://ietf.org/ids.by.wg/ipsec.html. -+ Their charter can be found at: -+ http://www.ietf.org/html.charters/ipsec-charter.html -+ Snapshots and releases of the current work can be found at: -+ http://www.freeswan.org/ -+ -+IPSEC: IP-in-IP encapsulation -+CONFIG_IPSEC_IPIP -+ This option provides support for tunnel mode IPSEC. It is recommended -+ to enable this. -+ -+IPSEC: Authentication Header -+CONFIG_IPSEC_AH -+ This option provides support for the IPSEC Authentication Header -+ (IP protocol 51) which provides packet layer sender and content -+ authentication. It is recommended to enable this. RFC2402 -+ -+HMAC-MD5 algorithm -+CONFIG_IPSEC_AUTH_HMAC_MD5 -+ Provides support for authentication using the HMAC MD5 -+ algorithm with 96 bits of hash used as the authenticator. RFC2403 -+ -+HMAC-SHA1 algorithm -+CONFIG_IPSEC_AUTH_HMAC_SHA1 -+ Provides support for Authentication Header using the HMAC SHA1 -+ algorithm with 96 bits of hash used as the authenticator. RFC2404 -+ -+IPSEC: Encapsulating Security Payload -+CONFIG_IPSEC_ESP -+ This option provides support for the IPSEC Encapsulation Security -+ Payload (IP protocol 50) which provides packet layer content -+ hiding. It is recommended to enable this. RFC2406 -+ -+3DES algorithm -+CONFIG_IPSEC_ENC_3DES -+ Provides support for Encapsulation Security Payload protocol, using -+ the triple DES encryption algorithm. RFC2451 -+ -+IPSEC Debugging Option -+CONFIG_IPSEC_DEBUG -+ Enables IPSEC kernel debugging. It is further controlled by the -+ user space utility 'klipsdebug'. -+ -+IPSEC Regression Testing option -+CONFIG_IPSEC_REGRESS -+ Enables IPSEC regression testing. Creates a number of switches in -+ /proc/sys/net/ipsec which cause various failure modes in KLIPS. -+ For more details see FreeSWAN source under -+ testing/doc/regression_options.txt. -+ -+# - # A couple of things I keep forgetting: - # capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet, - # Intel, IRQ, ISDN, Linux, MSDOS, NetWare, NetWinder, diff --git a/linux/Makefile b/linux/Makefile deleted file mode 100644 index b5715105f..000000000 --- a/linux/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# FreeS/WAN subdir makefile -# Copyright (C) 1998-2001 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:25 as Exp $ - -FREESWANSRCDIR=.. -#SUBDIRS=net/ipsec - -include $(FREESWANSRCDIR)/Makefile.inc - -def: - @echo "Please read doc/intro.html or INSTALL before running make" - @false - -cleanall distclean mostlyclean realclean install programs checkprograms check clean spotless modules install_file_list: - @true - -# @for d in $(SUBDIRS); \ -# do \ -# (cd $$d && $(MAKE) TOPDIR=${KERNELSRC} FREESWANSRCDIR=$(FREESWANSRCDIR)/.. $@ ) || exit 1 ; \ -# done - diff --git a/linux/README.freeswan b/linux/README.freeswan deleted file mode 100644 index 7d868e4cb..000000000 --- a/linux/README.freeswan +++ /dev/null @@ -1,177 +0,0 @@ -* -* RCSID $Id: README.freeswan,v 1.1 2004/03/15 20:35:25 as Exp $ -* - - **************************************** - * IPSEC for Linux, Release 2.xx series * - **************************************** - - - -1. Files - -The contents of linux/net/ipsec/ (see below) join the linux kernel source tree. -as provided for higher up. - -The programs/ directory contains the user-level utilities which you need -to run IPSEC. See the top-level top/INSTALL to compile and install them. - -The test/ directory contains test scripts. - -The doc/ directory contains -- what else -- documentation. - -1.1. Kernel files - -The following are found in net/ipsec/: - -Makefile The Makefile -Config.in The configuration script for make menuconfig -defconfig Configuration defaults for first time. - -radij.c General-purpose radix-tree operations - -ipcomp.c IPCOMP interface code. - -pfkey_v2.c PF_KEYv2 socket interface code. -pfkey_v2_parser.c PF_KEYv2 message parsing and processing code. - -ipsec_init.c Initialization code, /proc interface. -ipsec_radij.c Interface with the radix tree code. -ipsec_netlink.c Interface with the netlink code. -ipsec_xform.c Routines and structures common to transforms. -ipsec_tunnel.c The outgoing packet processing code. -ipsec_rcv.c The incoming packet processing code. -ipsec_md5c.c Somewhat modified RSADSI MD5 C code. -ipsec_sha1.c Somewhat modified Steve Reid SHA-1 C code. - -sysctl_net_ipsec.c /proc/sys/net/ipsec/* variable definitions. - -version.c symbolic link to project version. - -radij.h Headers for radij.c - -ipcomp.h Headers used by IPCOMP code. - -ipsec_radij.h Interface with the radix tree code. -ipsec_netlink.h Headers used by the netlink interface. -ipsec_encap.h Headers defining encapsulation structures. -ipsec_xform.h Transform headers. -ipsec_tunnel.h Headers used by tunneling code. -ipsec_ipe4.h Headers for the IP-in-IP code. -ipsec_ah.h Headers common to AH transforms. -ipsec_md5h.h RSADSI MD5 headers. -ipsec_sha1.h SHA-1 headers. -ipsec_esp.h Headers common to ESP transfroms. -ipsec_rcv.h Headers for incoming packet processing code. - -1.2. User-level files. - -The following are found in utils/: - -eroute.c Create an "extended route" source code -spi.c Set up Security Associations source code -spigrp.c Link SPIs together source code. -tncfg.c Configure the tunneling features of the virtual interface - source code -klipsdebug.c Set/reset klips debugging features source code. -version.c symbolic link to project version. - -eroute.8 Create an "extended route" manual page -spi.8 Set up Security Associations manual page -spigrp.8 Link SPIs together manual page -tncfg.8 Configure the tunneling features of the virtual interface - manual page -klipsdebug.8 Set/reset klips debugging features manual page - -eroute.5 /proc/net/ipsec_eroute format manual page -spi.5 /proc/net/ipsec_spi format manual page -spigrp.5 /proc/net/ipsec_spigrp format manual page -tncfg.5 /proc/net/ipsec_tncfg format manual page -klipsdebug.5 /proc/net/ipsec_klipsdebug format manual page -version.5 /proc/net/ipsec_version format manual page -pf_key.5 /proc/net/pf_key format manual page - -Makefile Utilities makefile. - -*.8 Manpages for the respective utils. - - -1.3. Test files - -The test scripts are locate in testing/ and and documentation is found -at doc/src/umltesting.html. Automated testing via "make check" is available -provided that the User-Mode-Linux patches are available. - -* -* $Log: README.freeswan,v $ -* Revision 1.1 2004/03/15 20:35:25 as -* added files from freeswan-2.04-x509-1.5.3 -* -* Revision 1.11 2002/07/28 23:00:14 mcr -* removed docs on "test" directory. -* some slight "updates" -* -* Revision 1.10 2002/05/06 21:34:19 mcr -* Moved from linux/README,v -* -* Revision 1.9 2002/04/24 07:36:35 mcr -* Moved from ./klips/README,v -* -* Revision 1.8 2000/11/06 05:42:58 rgb -* Updated file list (had not been done in 2 years?). -* -* Revision 1.7 2000/08/21 17:30:09 rgb -* Remove any references to src/. -* -* Revision 1.6 1999/04/06 04:54:22 rgb -* Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes -* patch shell fixes. -* -* Revision 1.5 1998/11/25 04:54:34 rgb -* Updated files section to include newer transforms and other files. -* -* Revision 1.4 1998/05/01 03:47:17 rgb -* Minor cleanup of utils filenames overlooked in major overhaul. -* -* Revision 1.3 1998/05/01 03:40:31 rgb -* Major overhaul. -* Removed install/initialise section with pointers to top-level INSTALL.txt. -* Updated filelists and providing descriptions of all files. -* Removed usage example and moved it to doc/*_setup.txt. -* -* Revision 1.2 1998/04/09 03:01:13 henry -* INSTALL.txt moves up, loses its installation instructions, and turns -* into the klips README. -* -* Revision 1.1.1.1 1998/04/08 05:35:13 henry -* RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 -* -* -* Revision 0.7 rgb -* Cleaned up several transmission bugs. -* -* Revision 0.6 1997/09? ak -* Hooked in esp des-md5-96. -* Added copyrights. -* -* Revision 0.5 1997/06/03 04:28:46 ji -* Added transport mode. -* Added esp 3des-md5-96. -* -* Revision 0.4 1997/01/14 21:35:31 ji -* Added new transforms. -* Cleaned up the user-level programs. -* -* Revision 0.3 1996/11/20 11:59:33 ji -* *** empty log message *** -* -* -* New in this release (0.3; works with the 2.0.24 kernel) -* -* > Cleaned up a fair amount of crud. -* > Fixed truncated names of /proc/net entries. -* > Made RCS versioning visible to the external release. -* > Rationalized debugging facilities. -* > Rationalized untar directory structure. -* > Fixed non-incrementing IV in DES-CBC -* > Cleaned up this file a bit and provided additional examples diff --git a/linux/crypto/ciphers/des/COPYRIGHT b/linux/crypto/ciphers/des/COPYRIGHT deleted file mode 100644 index 5469e1e46..000000000 --- a/linux/crypto/ciphers/des/COPYRIGHT +++ /dev/null @@ -1,50 +0,0 @@ -Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) -All rights reserved. - -This package is an DES implementation written by Eric Young (eay@cryptsoft.com). -The implementation was written so as to conform with MIT's libdes. - -This library is free for commercial and non-commercial use as long as -the following conditions are aheared to. The following conditions -apply to all code found in this distribution. - -Copyright remains Eric Young's, and as such any Copyright notices in -the code are not to be removed. -If this package is used in a product, Eric Young should be given attribution -as the author of that the SSL library. This can be in the form of a textual -message at program startup or in documentation (online or textual) provided -with the package. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by Eric Young (eay@cryptsoft.com) - -THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The license and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied and put under another distrubution license -[including the GNU Public License.] - -The reason behind this being stated in this direct manner is past -experience in code simply being copied and the attribution removed -from it and then being distributed as part of other packages. This -implementation was a non-trivial and unpaid effort. diff --git a/linux/crypto/ciphers/des/INSTALL b/linux/crypto/ciphers/des/INSTALL deleted file mode 100644 index 32457d775..000000000 --- a/linux/crypto/ciphers/des/INSTALL +++ /dev/null @@ -1,69 +0,0 @@ -Check the CC and CFLAGS lines in the makefile - -If your C library does not support the times(3) function, change the -#define TIMES to -#undef TIMES in speed.c -If it does, check the HZ value for the times(3) function. -If your system does not define CLK_TCK it will be assumed to -be 100.0. - -If possible use gcc v 2.7.? -Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc) -In recent times, some system compilers give better performace. - -type 'make' - -run './destest' to check things are ok. -run './rpw' to check the tty code for reading passwords works. -run './speed' to see how fast those optimisations make the library run :-) -run './des_opts' to determin the best compile time options. - -The output from des_opts should be put in the makefile options and des_enc.c -should be rebuilt. For 64 bit computers, do not use the DES_PTR option. -For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int' -and then you can use the 'DES_PTR' option. - -The file options.txt has the options listed for best speed on quite a -few systems. Look and the options (UNROLL, PTR, RISC2 etc) and then -turn on the relevent option in the Makefile - -There are some special Makefile targets that make life easier. -make cc - standard cc build -make gcc - standard gcc build -make x86-elf - x86 assembler (elf), linux-elf. -make x86-out - x86 assembler (a.out), FreeBSD -make x86-solaris- x86 assembler -make x86-bsdi - x86 assembler (a.out with primative assembler). - -If at all possible use the assembler (for Windows NT/95, use -asm/win32.obj to link with). The x86 assembler is very very fast. - -A make install will by default install -libdes.a in /usr/local/lib/libdes.a -des in /usr/local/bin/des -des_crypt.man in /usr/local/man/man3/des_crypt.3 -des.man in /usr/local/man/man1/des.1 -des.h in /usr/include/des.h - -des(1) should be compatible with sunOS's but I have been unable to -test it. - -These routines should compile on MSDOS, most 32bit and 64bit version -of Unix (BSD and SYSV) and VMS, without modification. -The only problems should be #include files that are in the wrong places. - -These routines can be compiled under MSDOS. -I have successfully encrypted files using des(1) under MSDOS and then -decrypted the files on a SparcStation. -I have been able to compile and test the routines with -Microsoft C v 5.1 and Turbo C v 2.0. -The code in this library is in no way optimised for the 16bit -operation of MSDOS. - -When building for glibc, ignore all of the above and just unpack into -glibc-1.??/des and then gmake as per normal. - -As a final note on performace. Certain CPUs like sparcs and Alpha often give -a %10 speed difference depending on the link order. It is rather anoying -when one program reports 'x' DES encrypts a second and another reports -'x*0.9' the speed. diff --git a/linux/crypto/ciphers/des/Makefile.objs b/linux/crypto/ciphers/des/Makefile.objs deleted file mode 100644 index 4cef95963..000000000 --- a/linux/crypto/ciphers/des/Makefile.objs +++ /dev/null @@ -1,20 +0,0 @@ -obj-$(CONFIG_IPSEC_ENC_3DES) += cbc_enc.o -#obj-$(CONFIG_IPSEC_ENC_3DES) += des_opts.o -obj-$(CONFIG_IPSEC_ENC_3DES) += ecb_enc.o -#obj-$(CONFIG_IPSEC_ENC_3DES) += fcrypt.o -obj-$(CONFIG_IPSEC_ENC_3DES) += set_key.o - -ifeq ($(strip ${SUBARCH}),) -SUBARCH:=${ARCH} -endif - -ifeq (${SUBARCH},i386) -obj-$(CONFIG_IPSEC_ENC_3DES) += dx86unix.o -else -obj-$(CONFIG_IPSEC_ENC_3DES) += des_enc.o -endif - - - - - diff --git a/linux/crypto/ciphers/des/README b/linux/crypto/ciphers/des/README deleted file mode 100644 index 621a5ab46..000000000 --- a/linux/crypto/ciphers/des/README +++ /dev/null @@ -1,54 +0,0 @@ - - libdes, Version 4.01 10-Jan-97 - - Copyright (c) 1997, Eric Young - All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms specified in COPYRIGHT. - --- -The primary ftp site for this library is -ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz -libdes is now also shipped with SSLeay. Primary ftp site of -ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz - -The best way to build this library is to build it as part of SSLeay. - -This kit builds a DES encryption library and a DES encryption program. -It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb, -triple cfb, desx, and MIT's pcbc encryption modes and also has a fast -implementation of crypt(3). -It contains support routines to read keys from a terminal, -generate a random key, generate a key from an arbitrary length string, -read/write encrypted data from/to a file descriptor. - -The implementation was written so as to conform with the manual entry -for the des_crypt(3) library routines from MIT's project Athena. - -destest should be run after compilation to test the des routines. -rpw should be run after compilation to test the read password routines. -The des program is a replacement for the sun des command. I believe it -conforms to the sun version. - -The Imakefile is setup for use in the kerberos distribution. - -These routines are best compiled with gcc or any other good -optimising compiler. -Just turn you optimiser up to the highest settings and run destest -after the build to make sure everything works. - -I believe these routines are close to the fastest and most portable DES -routines that use small lookup tables (4.5k) that are publicly available. -The fcrypt routine is faster than ufc's fcrypt (when compiling with -gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines -(on a sun3/260 168 vs 336). It is a function of CPU on chip cache size. -[ 10-Jan-97 and a function of an incorrect speed testing program in - ufc which gave much better test figures that reality ]. - -It is worth noting that on sparc and Alpha CPUs, performance of the DES -library can vary by upto %10 due to the positioning of files after application -linkage. - -Eric Young (eay@cryptsoft.com) - diff --git a/linux/crypto/ciphers/des/README.freeswan b/linux/crypto/ciphers/des/README.freeswan deleted file mode 100644 index 40874d5f8..000000000 --- a/linux/crypto/ciphers/des/README.freeswan +++ /dev/null @@ -1,33 +0,0 @@ -The only changes the FreeS/WAN project has made to libdes-lite 4.04b are: - -We #ifdef-ed the declaration of DES_LONG in des.h, so it's more efficient -on the Alpha, instead of just noting the issue in a comment. - -We #ifdef-ed out the des_options() function in ecb_enc.c, because we don't -use it, and its call to sprintf() can cause subtle difficulties when KLIPS -is built as a module (depending on details of Linux configuration options). - -We changed some instances of CC=$(CC) in the Makefile to CC='$(CC)' to make -it cope better with Linux kernel Makefile stupidities, and took out an -explicit CC=gcc (unwise on systems with strange compilers). - -We deleted some references to and , and a declaration -of one function found only in the full libdes (not in libdes-lite), to -avoid dragging in bits of stdio/stdlib unnecessarily. (Our thanks to Hans -Schultz for spotting this and pointing out the fixes.) - -We deleted a couple of .obj files in the asm subdirectory, which appear to -have been included in the original library by accident. - -We have added an include of our Makefile.inc file, to permit overriding -things like choice of compiler (although the libdes Makefile would -probably need some work to make this effective). - - - -Note that Eric Young is no longer at the email address listed in these -files, and is (alas) no longer working on free crypto software. - - - -This file is RCSID $Id: README.freeswan,v 1.1 2004/03/15 20:35:25 as Exp $ diff --git a/linux/crypto/ciphers/des/VERSION b/linux/crypto/ciphers/des/VERSION deleted file mode 100644 index 345035195..000000000 --- a/linux/crypto/ciphers/des/VERSION +++ /dev/null @@ -1,406 +0,0 @@ -Version 4.04 - Fixed a few tests in destest. Also added x86 assember for - des_ncbc_encrypt() which is the standard cbc mode function. - This makes a very very large performace difference. - Ariel Glenn ariel@columbia.edu reports that the terminal - 'turn echo off' can return (errno == EINVAL) under solaris - when redirection is used. So I now catch that as well as ENOTTY. - - -Version 4.03 - Left a static out of enc_write.c, which caused to buffer to be - continiously malloc()ed. Does anyone use these functions? I keep - on feeling like removing them since I only had these in there - for a version of kerberised login. Anyway, this was pointed out - by Theo de Raadt - The 'n' bit ofb code was wrong, it was not shifting the shift - register. It worked correctly for n == 64. Thanks to - Gigi Ankeny for pointing this one out. - -Version 4.02 - I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)' - when checking for weak keys which is wrong :-(, pointed out by - Markus F.X.J. Oberhumer . - -Version 4.01 - Even faster inner loop in the DES assembler for x86 and a modification - for IP/FP which is faster on x86. Both of these changes are - from Svend Olaf Mikkelsen . His - changes make the assembler run %40 faster on a pentium. This is just - a case of getting the instruction sequence 'just right'. - All credit to 'Svend' :-) - Quite a few special x86 'make' targets. - A libdes-l (lite) distribution. - -Version 4.00 - After a bit of a pause, I'll up the major version number since this - is mostly a performace release. I've added x86 assembler and - added more options for performance. A %28 speedup for gcc - on a pentium and the assembler is a %50 speedup. - MIPS CPU's, sparc and Alpha are the main CPU's with speedups. - Run des_opts to work out which options should be used. - DES_RISC1/DES_RISC2 use alternative inner loops which use - more registers but should give speedups on any CPU that does - dual issue (pentium). DES_UNROLL unrolls the inner loop, - which costs in code size. - -Version 3.26 - I've finally removed one of the shifts in D_ENCRYPT. This - meant I've changed the des_SPtrans table (spr.h), the set_key() - function and some things in des_enc.c. This has definitly - made things faster :-). I've known about this one for some - time but I've been too lazy to follow it up :-). - Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^.. - instead of L^=((..)|(..)|(..).. This should save a register at - least. - Assember for x86. The file to replace is des_enc.c, which is replaced - by one of the assembler files found in asm. Look at des/asm/readme - for more info. - - /* Modification to fcrypt so it can be compiled to support - HPUX 10.x's long password format, define -DLONGCRYPT to use this. - Thanks to Jens Kupferschmidt . */ - - SIGWINCH case put in des_read_passwd() so the function does not - 'exit' if this function is recieved. - -Version 3.25 17/07/96 - Modified read_pwd.c so that stdin can be read if not a tty. - Thanks to Jeff Barber for the patches. - des_init_random_number_generator() shortened due to VMS linker - limits. - Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2 - 8 byte quantites xored before and after encryption. - des_xcbc_encryption() - the name is funny to preserve the des_ - prefix on all functions. - -Version 3.24 20/04/96 - The DES_PTR macro option checked and used by SSLeay configuration - -Version 3.23 11/04/96 - Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha, - it gives a %20 speedup :-) - Fixed the problem with des.pl under perl5. The patches were - sent by Ed Kubaitis (ejk@uiuc.edu). - if fcrypt.c, changed values to handle illegal salt values the way - normal crypt() implementations do. Some programs apparently use - them :-(. The patch was sent by Bjorn Gronvall - -Version 3.22 29/11/95 - Bug in des(1), an error with the uuencoding stuff when the - 'data' is small, thanks to Geoff Keating - for the patch. - -Version 3.21 22/11/95 - After some emailing back and forth with - Colin Plumb , I've tweaked a few things - and in a future version I will probably put in some of the - optimisation he suggested for use with the DES_USE_PTR option. - Extra routines from Mark Murray for use in - freeBSD. They mostly involve random number generation for use - with kerberos. They involve evil machine specific system calls - etc so I would normally suggest pushing this stuff into the - application and/or using RAND_seed()/RAND_bytes() if you are - using this DES library as part of SSLeay. - Redone the read_pw() function so that it is cleaner and - supports termios, thanks to Sameer Parekh - for the initial patches for this. - Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been - done just to make things more consistent. - I have also now added triple DES versions of cfb and ofb. - -Version 3.20 - Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com, - my des_random_seed() function was only copying 4 bytes of the - passed seed into the init structure. It is now fixed to copy 8. - My own suggestion is to used something like MD5 :-) - -Version 3.19 - While looking at my code one day, I though, why do I keep on - calling des_encrypt(in,out,ks,enc) when every function that - calls it has in and out the same. So I dropped the 'out' - parameter, people should not be using this function. - -Version 3.18 30/08/95 - Fixed a few bit with the distribution and the filenames. - 3.17 had been munged via a move to DOS and back again. - NO CODE CHANGES - -Version 3.17 14/07/95 - Fixed ede3 cbc which I had broken in 3.16. I have also - removed some unneeded variables in 7-8 of the routines. - -Version 3.16 26/06/95 - Added des_encrypt2() which does not use IP/FP, used by triple - des routines. Tweaked things a bit elsewhere. %13 speedup on - sparc and %6 on a R4400 for ede3 cbc mode. - -Version 3.15 06/06/95 - Added des_ncbc_encrypt(), it is des_cbc mode except that it is - 'normal' and copies the new iv value back over the top of the - passed parameter. - CHANGED des_ede3_cbc_encrypt() so that it too now overwrites - the iv. THIS WILL BREAK EXISTING CODE, but since this function - only new, I feel I can change it, not so with des_cbc_encrypt :-(. - I need to update the documentation. - -Version 3.14 31/05/95 - New release upon the world, as part of my SSL implementation. - New copyright and usage stuff. Basically free for all to use - as long as you say it came from me :-) - -Version 3.13 31/05/95 - A fix in speed.c, if HZ is not defined, I set it to 100.0 - which is reasonable for most unixes except SunOS 4.x. - I now have a #ifdef sun but timing for SunOS 4.x looked very - good :-(. At my last job where I used SunOS 4.x, it was - defined to be 60.0 (look at the old INSTALL documentation), at - the last release had it changed to 100.0 since I now work with - Solaris2 and SVR4 boxes. - Thanks to Rory Chisholm for pointing this - one out. - -Version 3.12 08/05/95 - As pointed out by The Crypt Keeper , - my D_ENCRYPT macro in crypt() had an un-necessary variable. - It has been removed. - -Version 3.11 03/05/95 - Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys - and one iv. It is a standard and I needed it for my SSL code. - It makes more sense to use this for triple DES than - 3cbc_encrypt(). I have also added (or should I say tested :-) - cfb64_encrypt() which is cfb64 but it will encrypt a partial - number of bytes - 3 bytes in 3 bytes out. Again this is for - my SSL library, as a form of encryption to use with SSL - telnet. - -Version 3.10 22/03/95 - Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls - to cbc3_encrypt, the 2 iv values that were being returned to - be used in the next call were reversed :-(. - Many thanks to Bill Wade for pointing out - this error. - -Version 3.09 01/02/95 - Fixed des_random_key to far more random, it was rather feeble - with regards to picking the initial seed. The problem was - pointed out by Olaf Kirch . - -Version 3.08 14/12/94 - Added Makefile.PL so libdes can be built into perl5. - Changed des_locl.h so RAND is always defined. - -Version 3.07 05/12/94 - Added GNUmake and stuff so the library can be build with - glibc. - -Version 3.06 30/08/94 - Added rpc_enc.c which contains _des_crypt. This is for use in - secure_rpc v 4.0 - Finally fixed the cfb_enc problems. - Fixed a few parameter parsing bugs in des (-3 and -b), thanks - to Rob McMillan - -Version 3.05 21/04/94 - for unsigned long l; gcc does not produce ((l>>34) == 0) - This causes bugs in cfb_enc. - Thanks to Hadmut Danisch - -Version 3.04 20/04/94 - Added a version number to des.c and libdes.a - -Version 3.03 12/01/94 - Fixed a bug in non zero iv in 3cbc_enc. - -Version 3.02 29/10/93 - I now work in a place where there are 6+ architectures and 14+ - OS versions :-). - Fixed TERMIO definition so the most sys V boxes will work :-) - -Release upon comp.sources.misc -Version 3.01 08/10/93 - Added des_3cbc_encrypt() - -Version 3.00 07/10/93 - Fixed up documentation. - quad_cksum definitely compatible with MIT's now. - -Version 2.30 24/08/93 - Triple DES now defaults to triple cbc but can do triple ecb - with the -b flag. - Fixed some MSDOS uuen/uudecoding problems, thanks to - Added prototypes. - -Version 2.22 29/06/93 - Fixed a bug in des_is_weak_key() which stopped it working :-( - thanks to engineering@MorningStar.Com. - -Version 2.21 03/06/93 - des(1) with no arguments gives quite a bit of help. - Added -c (generate ckecksum) flag to des(1). - Added -3 (triple DES) flag to des(1). - Added cfb and ofb routines to the library. - -Version 2.20 11/03/93 - Added -u (uuencode) flag to des(1). - I have been playing with byte order in quad_cksum to make it - compatible with MIT's version. All I can say is avid this - function if possible since MIT's output is endian dependent. - -Version 2.12 14/10/92 - Added MSDOS specific macro in ecb_encrypt which gives a %70 - speed up when the code is compiled with turbo C. - -Version 2.11 12/10/92 - Speedup in set_key (recoding of PC-1) - I now do it in 47 simple operations, down from 60. - Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) - for motivating me to look for a faster system :-) - The speedup is probably less that 1% but it is still 13 - instructions less :-). - -Version 2.10 06/10/92 - The code now works on the 64bit ETA10 and CRAY without modifications or - #defines. I believe the code should work on any machine that - defines long, int or short to be 8 bytes long. - Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu) - for helping me fix the code to run on 64bit machines (he had - access to an ETA10). - Thanks also to John Fletcher - for testing the routines on a CRAY. - read_password.c has been renamed to read_passwd.c - string_to_key.c has been renamed to string2key.c - -Version 2.00 14/09/92 - Made mods so that the library should work on 64bit CPU's. - Removed all my uchar and ulong defs. To many different - versions of unix define them in their header files in too many - different combinations :-) - IRIX - Sillicon Graphics mods (mostly in read_password.c). - Thanks to Andrew Daviel (advax@erich.triumf.ca) - -Version 1.99 26/08/92 - Fixed a bug or 2 in enc_read.c - Fixed a bug in enc_write.c - Fixed a pseudo bug in fcrypt.c (very obscure). - -Version 1.98 31/07/92 - Support for the ETA10. This is a strange machine that defines - longs and ints as 8 bytes and shorts as 4 bytes. - Since I do evil things with long * that assume that they are 4 - bytes. Look in the Makefile for the option to compile for - this machine. quad_cksum appears to have problems but I - will don't have the time to fix it right now, and this is not - a function that uses DES and so will not effect the main uses - of the library. - -Version 1.97 20/05/92 eay - Fixed the Imakefile and made some changes to des.h to fix some - problems when building this package with Kerberos v 4. - -Version 1.96 18/05/92 eay - Fixed a small bug in string_to_key() where problems could - occur if des_check_key was set to true and the string - generated a weak key. - -Patch2 posted to comp.sources.misc -Version 1.95 13/05/92 eay - Added an alternative version of the D_ENCRYPT macro in - ecb_encrypt and fcrypt. Depending on the compiler, one version or the - other will be faster. This was inspired by - Dana How , and her pointers about doing the - *(ulong *)((uchar *)ptr+(value&0xfc)) - vs - ptr[value&0x3f] - to stop the C compiler doing a <<2 to convert the long array index. - -Version 1.94 05/05/92 eay - Fixed an incompatibility between my string_to_key and the MIT - version. When the key is longer than 8 chars, I was wrapping - with a different method. To use the old version, define - OLD_STR_TO_KEY in the makefile. Thanks to - viktor@newsu.shearson.com (Viktor Dukhovni). - -Version 1.93 28/04/92 eay - Fixed the VMS mods so that echo is now turned off in - read_password. Thanks again to brennan@coco.cchs.su.oz.AU. - MSDOS support added. The routines can be compiled with - Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined. - -Patch1 posted to comp.sources.misc -Version 1.92 13/04/92 eay - Changed D_ENCRYPT so that the rotation of R occurs outside of - the loop. This required rotating all the longs in sp.h (now - called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM> - speed.c has been changed so it will work without SIGALRM. If - times(3) is not present it will try to use ftime() instead. - -Version 1.91 08/04/92 eay - Added -E/-D options to des(1) so it can use string_to_key. - Added SVR4 mods suggested by witr@rwwa.COM - Added VMS mods suggested by brennan@coco.cchs.su.oz.AU. If - anyone knows how to turn of tty echo in VMS please tell me or - implement it yourself :-). - Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS - does not like IN/OUT being used. - -Libdes posted to comp.sources.misc -Version 1.9 24/03/92 eay - Now contains a fast small crypt replacement. - Added des(1) command. - Added des_rw_mode so people can use cbc encryption with - enc_read and enc_write. - -Version 1.8 15/10/91 eay - Bug in cbc_cksum. - Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this - one out. - -Version 1.7 24/09/91 eay - Fixed set_key :-) - set_key is 4 times faster and takes less space. - There are a few minor changes that could be made. - -Version 1.6 19/09/1991 eay - Finally go IP and FP finished. - Now I need to fix set_key. - This version is quite a bit faster that 1.51 - -Version 1.52 15/06/1991 eay - 20% speedup in ecb_encrypt by changing the E bit selection - to use 2 32bit words. This also required modification of the - sp table. There is still a way to speedup the IP and IP-1 - (hints from outer@sq.com) still working on this one :-(. - -Version 1.51 07/06/1991 eay - Faster des_encrypt by loop unrolling - Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu) - -Version 1.50 28/05/1991 eay - Optimised the code a bit more for the sparc. I have improved the - speed of the inner des_encrypt by speeding up the initial and - final permutations. - -Version 1.40 23/10/1990 eay - Fixed des_random_key, it did not produce a random key :-( - -Version 1.30 2/10/1990 eay - Have made des_quad_cksum the same as MIT's, the full package - should be compatible with MIT's - Have tested on a DECstation 3100 - Still need to fix des_set_key (make it faster). - Does des_cbc_encrypts at 70.5k/sec on a 3100. - -Version 1.20 18/09/1990 eay - Fixed byte order dependencies. - Fixed (I hope) all the word alignment problems. - Speedup in des_ecb_encrypt. - -Version 1.10 11/09/1990 eay - Added des_enc_read and des_enc_write. - Still need to fix des_quad_cksum. - Still need to document des_enc_read and des_enc_write. - -Version 1.00 27/08/1990 eay - diff --git a/linux/crypto/ciphers/des/asm/crypt586.pl b/linux/crypto/ciphers/des/asm/crypt586.pl deleted file mode 100644 index 297e38dec..000000000 --- a/linux/crypto/ciphers/des/asm/crypt586.pl +++ /dev/null @@ -1,204 +0,0 @@ -#!/usr/bin/perl -# -# The inner loop instruction sequence and the IP/FP modifications are from -# Svend Olaf Mikkelsen -# I've added the stuff needed for crypt() but I've not worried about making -# things perfect. -# - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],"crypt586.pl"); - -$L="edi"; -$R="esi"; - -&external_label("des_SPtrans"); -&fcrypt_body("fcrypt_body"); -&asm_finish(); - -sub fcrypt_body - { - local($name,$do_ip)=@_; - - &function_begin($name,"EXTRN _des_SPtrans:DWORD"); - - &comment(""); - &comment("Load the 2 words"); - $ks="ebp"; - - &xor( $L, $L); - &xor( $R, $R); - &mov($ks,&wparam(1)); - - &push(25); # add a variable - - &set_label("start"); - for ($i=0; $i<16; $i+=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); - } - &mov("ebx", &swtmp(0)); - &mov("eax", $L); - &dec("ebx"); - &mov($L, $R); - &mov($R, "eax"); - &mov(&swtmp(0), "ebx"); - &jnz(&label("start")); - - &comment(""); - &comment("FP"); - &mov("edx",&wparam(0)); - - &FP_new($R,$L,"eax",3); - &mov(&DWP(0,"edx","",0),"eax"); - &mov(&DWP(4,"edx","",0),$L); - - &pop("ecx"); # remove variable - - &function_end($name); - } - -sub D_ENCRYPT - { - local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_; - - &mov( $u, &wparam(2)); # 2 - &mov( $t, $R); - &shr( $t, 16); # 1 - &mov( $tmp2, &wparam(3)); # 2 - &xor( $t, $R); # 1 - - &and( $u, $t); # 2 - &and( $t, $tmp2); # 2 - - &mov( $tmp1, $u); - &shl( $tmp1, 16); # 1 - &mov( $tmp2, $t); - &shl( $tmp2, 16); # 1 - &xor( $u, $tmp1); # 2 - &xor( $t, $tmp2); # 2 - &mov( $tmp1, &DWP(&n2a($S*4),$ks,"",0)); # 2 - &xor( $u, $tmp1); - &mov( $tmp2, &DWP(&n2a(($S+1)*4),$ks,"",0)); # 2 - &xor( $u, $R); - &xor( $t, $R); - &xor( $t, $tmp2); - - &and( $u, "0xfcfcfcfc" ); # 2 - &xor( $tmp1, $tmp1); # 1 - &and( $t, "0xcfcfcfcf" ); # 2 - &xor( $tmp2, $tmp2); - &movb( &LB($tmp1), &LB($u) ); - &movb( &LB($tmp2), &HB($u) ); - &rotr( $t, 4 ); - &mov( $ks, &DWP(" $desSP",$tmp1,"",0)); - &movb( &LB($tmp1), &LB($t) ); - &xor( $L, $ks); - &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0)); - &xor( $L, $ks); - &movb( &LB($tmp2), &HB($t) ); - &shr( $u, 16); - &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0)); - &xor( $L, $ks); - &movb( &LB($tmp1), &HB($u) ); - &shr( $t, 16); - &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0)); - &xor( $L, $ks); - &mov( $ks, &wparam(1)); - &movb( &LB($tmp2), &HB($t) ); - &and( $u, "0xff" ); - &and( $t, "0xff" ); - &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0)); - &xor( $L, $tmp1); - } - -sub n2a - { - sprintf("%d",$_[0]); - } - -# now has a side affect of rotating $a by $shift -sub R_PERM_OP - { - local($a,$b,$tt,$shift,$mask,$last)=@_; - - &rotl( $a, $shift ) if ($shift != 0); - &mov( $tt, $a ); - &xor( $a, $b ); - &and( $a, $mask ); - if ($notlast eq $b) - { - &xor( $b, $a ); - &xor( $tt, $a ); - } - else - { - &xor( $tt, $a ); - &xor( $b, $a ); - } - &comment(""); - } - -sub IP_new - { - local($l,$r,$tt,$lr)=@_; - - &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l); - &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); - &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); - - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotr($tt, 3-$lr); } - else { &rotl($tt, $lr-3); } - } - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotr($r, 2-$lr); } - else { &rotl($r, $lr-2); } - } - } - -sub FP_new - { - local($l,$r,$tt,$lr)=@_; - - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotl($r, 2-$lr); } - else { &rotr($r, $lr-2); } - } - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotl($l, 3-$lr); } - else { &rotr($l, $lr-3); } - } - - &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r); - &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l); - &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r); - &rotr($tt , 4); - } - diff --git a/linux/crypto/ciphers/des/asm/des-586.pl b/linux/crypto/ciphers/des/asm/des-586.pl deleted file mode 100644 index 7f2e09fa7..000000000 --- a/linux/crypto/ciphers/des/asm/des-586.pl +++ /dev/null @@ -1,251 +0,0 @@ -#!/usr/bin/perl -# -# The inner loop instruction sequence and the IP/FP modifications are from -# Svend Olaf Mikkelsen -# - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; -require "desboth.pl"; - -# base code is in microsft -# op dest, source -# format. -# - -&asm_init($ARGV[0],"des-586.pl"); - -$L="edi"; -$R="esi"; - -&external_label("des_SPtrans"); -&des_encrypt("des_encrypt",1); -&des_encrypt("des_encrypt2",0); -&des_encrypt3("des_encrypt3",1); -&des_encrypt3("des_decrypt3",0); -&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); -&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); - -&asm_finish(); - -sub des_encrypt - { - local($name,$do_ip)=@_; - - &function_begin_B($name,"EXTRN _des_SPtrans:DWORD"); - - &push("esi"); - &push("edi"); - - &comment(""); - &comment("Load the 2 words"); - $ks="ebp"; - - if ($do_ip) - { - &mov($R,&wparam(0)); - &xor( "ecx", "ecx" ); - - &push("ebx"); - &push("ebp"); - - &mov("eax",&DWP(0,$R,"",0)); - &mov("ebx",&wparam(2)); # get encrypt flag - &mov($L,&DWP(4,$R,"",0)); - &comment(""); - &comment("IP"); - &IP_new("eax",$L,$R,3); - } - else - { - &mov("eax",&wparam(0)); - &xor( "ecx", "ecx" ); - - &push("ebx"); - &push("ebp"); - - &mov($R,&DWP(0,"eax","",0)); - &mov("ebx",&wparam(2)); # get encrypt flag - &rotl($R,3); - &mov($L,&DWP(4,"eax","",0)); - &rotl($L,3); - } - - &mov( $ks, &wparam(1) ); - &cmp("ebx","0"); - &je(&label("start_decrypt")); - - for ($i=0; $i<16; $i+=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); - } - &jmp(&label("end")); - - &set_label("start_decrypt"); - - for ($i=15; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); - } - - &set_label("end"); - - if ($do_ip) - { - &comment(""); - &comment("FP"); - &mov("edx",&wparam(0)); - &FP_new($L,$R,"eax",3); - - &mov(&DWP(0,"edx","",0),"eax"); - &mov(&DWP(4,"edx","",0),$R); - } - else - { - &comment(""); - &comment("Fixup"); - &rotr($L,3); # r - &mov("eax",&wparam(0)); - &rotr($R,3); # l - &mov(&DWP(0,"eax","",0),$L); - &mov(&DWP(4,"eax","",0),$R); - } - - &pop("ebp"); - &pop("ebx"); - &pop("edi"); - &pop("esi"); - &ret(); - - &function_end_B($name); - } - -sub D_ENCRYPT - { - local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_; - - &mov( $u, &DWP(&n2a($S*4),$ks,"",0)); - &xor( $tmp1, $tmp1); - &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0)); - &xor( $u, $R); - &xor( $t, $R); - &and( $u, "0xfcfcfcfc" ); - &and( $t, "0xcfcfcfcf" ); - &movb( &LB($tmp1), &LB($u) ); - &movb( &LB($tmp2), &HB($u) ); - &rotr( $t, 4 ); - &mov( $ks, &DWP(" $desSP",$tmp1,"",0)); - &movb( &LB($tmp1), &LB($t) ); - &xor( $L, $ks); - &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0)); - &xor( $L, $ks); ###### - &movb( &LB($tmp2), &HB($t) ); - &shr( $u, 16); - &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0)); - &xor( $L, $ks); ###### - &movb( &LB($tmp1), &HB($u) ); - &shr( $t, 16); - &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0)); - &xor( $L, $ks); - &mov( $ks, &wparam(1) ); - &movb( &LB($tmp2), &HB($t) ); - &and( $u, "0xff" ); - &and( $t, "0xff" ); - &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0)); - &xor( $L, $tmp1); - } - -sub n2a - { - sprintf("%d",$_[0]); - } - -# now has a side affect of rotating $a by $shift -sub R_PERM_OP - { - local($a,$b,$tt,$shift,$mask,$last)=@_; - - &rotl( $a, $shift ) if ($shift != 0); - &mov( $tt, $a ); - &xor( $a, $b ); - &and( $a, $mask ); - if (!$last eq $b) - { - &xor( $b, $a ); - &xor( $tt, $a ); - } - else - { - &xor( $tt, $a ); - &xor( $b, $a ); - } - &comment(""); - } - -sub IP_new - { - local($l,$r,$tt,$lr)=@_; - - &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l); - &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); - &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); - - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotr($tt, 3-$lr); } - else { &rotl($tt, $lr-3); } - } - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotr($r, 2-$lr); } - else { &rotl($r, $lr-2); } - } - } - -sub FP_new - { - local($l,$r,$tt,$lr)=@_; - - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotl($r, 2-$lr); } - else { &rotr($r, $lr-2); } - } - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotl($l, 3-$lr); } - else { &rotr($l, $lr-3); } - } - - &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r); - &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l); - &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r); - &rotr($tt , 4); - } - diff --git a/linux/crypto/ciphers/des/asm/des686.pl b/linux/crypto/ciphers/des/asm/des686.pl deleted file mode 100644 index cf1a82fb5..000000000 --- a/linux/crypto/ciphers/des/asm/des686.pl +++ /dev/null @@ -1,230 +0,0 @@ -#!/usr/bin/perl - -$prog="des686.pl"; - -# base code is in microsft -# op dest, source -# format. -# - -# WILL NOT WORK ANYMORE WITH desboth.pl -require "desboth.pl"; - -if ( ($ARGV[0] eq "elf")) - { require "x86unix.pl"; } -elsif ( ($ARGV[0] eq "a.out")) - { $aout=1; require "x86unix.pl"; } -elsif ( ($ARGV[0] eq "sol")) - { $sol=1; require "x86unix.pl"; } -elsif ( ($ARGV[0] eq "cpp")) - { $cpp=1; require "x86unix.pl"; } -elsif ( ($ARGV[0] eq "win32")) - { require "x86ms.pl"; } -else - { - print STDERR <<"EOF"; -Pick one target type from - elf - linux, FreeBSD etc - a.out - old linux - sol - x86 solaris - cpp - format so x86unix.cpp can be used - win32 - Windows 95/Windows NT -EOF - exit(1); - } - -&comment("Don't even think of reading this code"); -&comment("It was automatically generated by $prog"); -&comment("Which is a perl program used to generate the x86 assember for"); -&comment("any of elf, a.out, Win32, or Solaris"); -&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+"); -&comment("eric "); -&comment(""); - -&file("dx86xxxx"); - -$L="edi"; -$R="esi"; - -&des_encrypt("des_encrypt",1); -&des_encrypt("des_encrypt2",0); - -&des_encrypt3("des_encrypt3",1); -&des_encrypt3("des_decrypt3",0); - -&file_end(); - -sub des_encrypt - { - local($name,$do_ip)=@_; - - &function_begin($name,"EXTRN _des_SPtrans:DWORD"); - - &comment(""); - &comment("Load the 2 words"); - &mov("eax",&wparam(0)); - &mov($L,&DWP(0,"eax","",0)); - &mov($R,&DWP(4,"eax","",0)); - - $ksp=&wparam(1); - - if ($do_ip) - { - &comment(""); - &comment("IP"); - &IP_new($L,$R,"eax"); - } - - &comment(""); - &comment("fixup rotate"); - &rotl($R,3); - &rotl($L,3); - &exch($L,$R); - - &comment(""); - &comment("load counter, key_schedule and enc flag"); - &mov("eax",&wparam(2)); # get encrypt flag - &mov("ebp",&wparam(1)); # get ks - &cmp("eax","0"); - &je(&label("start_decrypt")); - - # encrypting part - - for ($i=0; $i<16; $i+=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); - } - &jmp(&label("end")); - - &set_label("start_decrypt"); - - for ($i=15; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx"); - } - - &set_label("end"); - - &comment(""); - &comment("Fixup"); - &rotr($L,3); # r - &rotr($R,3); # l - - if ($do_ip) - { - &comment(""); - &comment("FP"); - &FP_new($R,$L,"eax"); - } - - &mov("eax",&wparam(0)); - &mov(&DWP(0,"eax","",0),$L); - &mov(&DWP(4,"eax","",0),$R); - - &function_end($name); - } - - -# The logic is to load R into 2 registers and operate on both at the same time. -# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte' -# while also masking the other copy and doing a lookup. We then also accumulate the -# L value in 2 registers then combine them at the end. -sub D_ENCRYPT - { - local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_; - - &mov( $u, &DWP(&n2a($S*4),$ks,"",0)); - &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0)); - &xor( $u, $R ); - &xor( $t, $R ); - &rotr( $t, 4 ); - - # the numbers at the end of the line are origional instruction order - &mov( $tmp2, $u ); # 1 2 - &mov( $tmp1, $t ); # 1 1 - &and( $tmp2, "0xfc" ); # 1 4 - &and( $tmp1, "0xfc" ); # 1 3 - &shr( $t, 8 ); # 1 5 - &xor( $L, &DWP("0x100+$desSP",$tmp1,"",0)); # 1 7 - &shr( $u, 8 ); # 1 6 - &mov( $tmp1, &DWP(" $desSP",$tmp2,"",0)); # 1 8 - - &mov( $tmp2, $u ); # 2 2 - &xor( $L, $tmp1 ); # 1 9 - &and( $tmp2, "0xfc" ); # 2 4 - &mov( $tmp1, $t ); # 2 1 - &and( $tmp1, "0xfc" ); # 2 3 - &shr( $t, 8 ); # 2 5 - &xor( $L, &DWP("0x300+$desSP",$tmp1,"",0)); # 2 7 - &shr( $u, 8 ); # 2 6 - &mov( $tmp1, &DWP("0x200+$desSP",$tmp2,"",0)); # 2 8 - &mov( $tmp2, $u ); # 3 2 - - &xor( $L, $tmp1 ); # 2 9 - &and( $tmp2, "0xfc" ); # 3 4 - - &mov( $tmp1, $t ); # 3 1 - &shr( $u, 8 ); # 3 6 - &and( $tmp1, "0xfc" ); # 3 3 - &shr( $t, 8 ); # 3 5 - &xor( $L, &DWP("0x500+$desSP",$tmp1,"",0)); # 3 7 - &mov( $tmp1, &DWP("0x400+$desSP",$tmp2,"",0)); # 3 8 - - &and( $t, "0xfc" ); # 4 1 - &xor( $L, $tmp1 ); # 3 9 - - &and( $u, "0xfc" ); # 4 2 - &xor( $L, &DWP("0x700+$desSP",$t,"",0)); # 4 3 - &xor( $L, &DWP("0x600+$desSP",$u,"",0)); # 4 4 - } - -sub PERM_OP - { - local($a,$b,$tt,$shift,$mask)=@_; - - &mov( $tt, $a ); - &shr( $tt, $shift ); - &xor( $tt, $b ); - &and( $tt, $mask ); - &xor( $b, $tt ); - &shl( $tt, $shift ); - &xor( $a, $tt ); - } - -sub IP_new - { - local($l,$r,$tt)=@_; - - &PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f"); - &PERM_OP($l,$r,$tt,16,"0x0000ffff"); - &PERM_OP($r,$l,$tt, 2,"0x33333333"); - &PERM_OP($l,$r,$tt, 8,"0x00ff00ff"); - &PERM_OP($r,$l,$tt, 1,"0x55555555"); - } - -sub FP_new - { - local($l,$r,$tt)=@_; - - &PERM_OP($l,$r,$tt, 1,"0x55555555"); - &PERM_OP($r,$l,$tt, 8,"0x00ff00ff"); - &PERM_OP($l,$r,$tt, 2,"0x33333333"); - &PERM_OP($r,$l,$tt,16,"0x0000ffff"); - &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f"); - } - -sub n2a - { - sprintf("%d",$_[0]); - } diff --git a/linux/crypto/ciphers/des/asm/desboth.pl b/linux/crypto/ciphers/des/asm/desboth.pl deleted file mode 100644 index 8f939953a..000000000 --- a/linux/crypto/ciphers/des/asm/desboth.pl +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl - -$L="edi"; -$R="esi"; - -sub des_encrypt3 - { - local($name,$enc)=@_; - - &function_begin_B($name,""); - &push("ebx"); - &mov("ebx",&wparam(0)); - - &push("ebp"); - &push("esi"); - - &push("edi"); - - &comment(""); - &comment("Load the data words"); - &mov($L,&DWP(0,"ebx","",0)); - &mov($R,&DWP(4,"ebx","",0)); - &stack_push(3); - - &comment(""); - &comment("IP"); - &IP_new($L,$R,"edx",0); - - # put them back - - if ($enc) - { - &mov(&DWP(4,"ebx","",0),$R); - &mov("eax",&wparam(1)); - &mov(&DWP(0,"ebx","",0),"edx"); - &mov("edi",&wparam(2)); - &mov("esi",&wparam(3)); - } - else - { - &mov(&DWP(4,"ebx","",0),$R); - &mov("esi",&wparam(1)); - &mov(&DWP(0,"ebx","",0),"edx"); - &mov("edi",&wparam(2)); - &mov("eax",&wparam(3)); - } - &mov(&swtmp(2), (($enc)?"1":"0")); - &mov(&swtmp(1), "eax"); - &mov(&swtmp(0), "ebx"); - &call("des_encrypt2"); - &mov(&swtmp(2), (($enc)?"0":"1")); - &mov(&swtmp(1), "edi"); - &mov(&swtmp(0), "ebx"); - &call("des_encrypt2"); - &mov(&swtmp(2), (($enc)?"1":"0")); - &mov(&swtmp(1), "esi"); - &mov(&swtmp(0), "ebx"); - &call("des_encrypt2"); - - &stack_pop(3); - &mov($L,&DWP(0,"ebx","",0)); - &mov($R,&DWP(4,"ebx","",0)); - - &comment(""); - &comment("FP"); - &FP_new($L,$R,"eax",0); - - &mov(&DWP(0,"ebx","",0),"eax"); - &mov(&DWP(4,"ebx","",0),$R); - - &pop("edi"); - &pop("esi"); - &pop("ebp"); - &pop("ebx"); - &ret(); - &function_end_B($name); - } - - diff --git a/linux/crypto/ciphers/des/asm/perlasm/cbc.pl b/linux/crypto/ciphers/des/asm/perlasm/cbc.pl deleted file mode 100644 index 278930579..000000000 --- a/linux/crypto/ciphers/des/asm/perlasm/cbc.pl +++ /dev/null @@ -1,342 +0,0 @@ -#!/usr/bin/perl - -# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) -# des_cblock (*input); -# des_cblock (*output); -# long length; -# des_key_schedule schedule; -# des_cblock (*ivec); -# int enc; -# -# calls -# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); -# - -#&cbc("des_ncbc_encrypt","des_encrypt",0); -#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt", -# 1,4,5,3,5,-1); -#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt", -# 0,4,5,3,5,-1); -#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3", -# 0,6,7,3,4,5); -# -# When doing a cipher that needs bigendian order, -# for encrypt, the iv is kept in bigendian form, -# while for decrypt, it is kept in little endian. -sub cbc - { - local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_; - # name is the function name - # enc_func and dec_func and the functions to call for encrypt/decrypt - # swap is true if byte order needs to be reversed - # iv_off is parameter number for the iv - # enc_off is parameter number for the encrypt/decrypt flag - # p1,p2,p3 are the offsets for parameters to be passed to the - # underlying calls. - - &function_begin_B($name,""); - &comment(""); - - $in="esi"; - $out="edi"; - $count="ebp"; - - &push("ebp"); - &push("ebx"); - &push("esi"); - &push("edi"); - - $data_off=4; - $data_off+=4 if ($p1 > 0); - $data_off+=4 if ($p2 > 0); - $data_off+=4 if ($p3 > 0); - - &mov($count, &wparam(2)); # length - - &comment("getting iv ptr from parameter $iv_off"); - &mov("ebx", &wparam($iv_off)); # Get iv ptr - - &mov($in, &DWP(0,"ebx","",0));# iv[0] - &mov($out, &DWP(4,"ebx","",0));# iv[1] - - &push($out); - &push($in); - &push($out); # used in decrypt for iv[1] - &push($in); # used in decrypt for iv[0] - - &mov("ebx", "esp"); # This is the address of tin[2] - - &mov($in, &wparam(0)); # in - &mov($out, &wparam(1)); # out - - # We have loaded them all, how lets push things - &comment("getting encrypt flag from parameter $enc_off"); - &mov("ecx", &wparam($enc_off)); # Get enc flag - if ($p3 > 0) - { - &comment("get and push parameter $p3"); - if ($enc_off != $p3) - { &mov("eax", &wparam($p3)); &push("eax"); } - else { &push("ecx"); } - } - if ($p2 > 0) - { - &comment("get and push parameter $p2"); - if ($enc_off != $p2) - { &mov("eax", &wparam($p2)); &push("eax"); } - else { &push("ecx"); } - } - if ($p1 > 0) - { - &comment("get and push parameter $p1"); - if ($enc_off != $p1) - { &mov("eax", &wparam($p1)); &push("eax"); } - else { &push("ecx"); } - } - &push("ebx"); # push data/iv - - &cmp("ecx",0); - &jz(&label("decrypt")); - - &and($count,0xfffffff8); - &mov("eax", &DWP($data_off,"esp","",0)); # load iv[0] - &mov("ebx", &DWP($data_off+4,"esp","",0)); # load iv[1] - - &jz(&label("encrypt_finish")); - - ############################################################# - - &set_label("encrypt_loop"); - # encrypt start - # "eax" and "ebx" hold iv (or the last cipher text) - - &mov("ecx", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("edx", &DWP(4,$in,"",0)); # second 4 bytes - - &xor("eax", "ecx"); - &xor("ebx", "edx"); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($enc_func); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP(0,$out,"",0),"eax"); - &mov(&DWP(4,$out,"",0),"ebx"); - - # eax and ebx are the next iv. - - &add($in, 8); - &add($out, 8); - - &sub($count, 8); - &jnz(&label("encrypt_loop")); - -###################################################################3 - &set_label("encrypt_finish"); - &mov($count, &wparam(2)); # length - &and($count, 7); - &jz(&label("finish")); - &xor("ecx","ecx"); - &xor("edx","edx"); - &mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4)); - &jmp_ptr($count); - -&set_label("ej7"); - &xor("edx", "edx") if $ppro; # ppro friendly - &movb(&HB("edx"), &BP(6,$in,"",0)); - &shl("edx",8); -&set_label("ej6"); - &movb(&HB("edx"), &BP(5,$in,"",0)); -&set_label("ej5"); - &movb(&LB("edx"), &BP(4,$in,"",0)); -&set_label("ej4"); - &mov("ecx", &DWP(0,$in,"",0)); - &jmp(&label("ejend")); -&set_label("ej3"); - &movb(&HB("ecx"), &BP(2,$in,"",0)); - &xor("ecx", "ecx") if $ppro; # ppro friendly - &shl("ecx",8); -&set_label("ej2"); - &movb(&HB("ecx"), &BP(1,$in,"",0)); -&set_label("ej1"); - &movb(&LB("ecx"), &BP(0,$in,"",0)); -&set_label("ejend"); - - &xor("eax", "ecx"); - &xor("ebx", "edx"); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($enc_func); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP(0,$out,"",0),"eax"); - &mov(&DWP(4,$out,"",0),"ebx"); - - &jmp(&label("finish")); - - ############################################################# - ############################################################# - &set_label("decrypt",1); - # decrypt start - &and($count,0xfffffff8); - # The next 2 instructions are only for if the jz is taken - &mov("eax", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("ebx", &DWP($data_off+12,"esp","",0)); # get iv[1] - &jz(&label("decrypt_finish")); - - &set_label("decrypt_loop"); - &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($dec_func); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] - - &xor("ecx", "eax"); - &xor("edx", "ebx"); - - &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, - &mov("ebx", &DWP(4,$in,"",0)); # next iv actually - - &mov(&DWP(0,$out,"",0),"ecx"); - &mov(&DWP(4,$out,"",0),"edx"); - - &mov(&DWP($data_off+8,"esp","",0), "eax"); # save iv - &mov(&DWP($data_off+12,"esp","",0), "ebx"); # - - &add($in, 8); - &add($out, 8); - - &sub($count, 8); - &jnz(&label("decrypt_loop")); -############################ ENDIT #######################3 - &set_label("decrypt_finish"); - &mov($count, &wparam(2)); # length - &and($count, 7); - &jz(&label("finish")); - - &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($dec_func); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] - - &xor("ecx", "eax"); - &xor("edx", "ebx"); - - # this is for when we exit - &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, - &mov("ebx", &DWP(4,$in,"",0)); # next iv actually - -&set_label("dj7"); - &rotr("edx", 16); - &movb(&BP(6,$out,"",0), &LB("edx")); - &shr("edx",16); -&set_label("dj6"); - &movb(&BP(5,$out,"",0), &HB("edx")); -&set_label("dj5"); - &movb(&BP(4,$out,"",0), &LB("edx")); -&set_label("dj4"); - &mov(&DWP(0,$out,"",0), "ecx"); - &jmp(&label("djend")); -&set_label("dj3"); - &rotr("ecx", 16); - &movb(&BP(2,$out,"",0), &LB("ecx")); - &shl("ecx",16); -&set_label("dj2"); - &movb(&BP(1,$in,"",0), &HB("ecx")); -&set_label("dj1"); - &movb(&BP(0,$in,"",0), &LB("ecx")); -&set_label("djend"); - - # final iv is still in eax:ebx - &jmp(&label("finish")); - - -############################ FINISH #######################3 - &set_label("finish",1); - &mov("ecx", &wparam($iv_off)); # Get iv ptr - - ################################################# - $total=16+4; - $total+=4 if ($p1 > 0); - $total+=4 if ($p2 > 0); - $total+=4 if ($p3 > 0); - &add("esp",$total); - - &mov(&DWP(0,"ecx","",0), "eax"); # save iv - &mov(&DWP(4,"ecx","",0), "ebx"); # save iv - - &function_end_A($name); - - &set_label("cbc_enc_jmp_table",1); - &data_word("0"); - &data_word(&label("ej1")); - &data_word(&label("ej2")); - &data_word(&label("ej3")); - &data_word(&label("ej4")); - &data_word(&label("ej5")); - &data_word(&label("ej6")); - &data_word(&label("ej7")); - &set_label("cbc_dec_jmp_table",1); - &data_word("0"); - &data_word(&label("dj1")); - &data_word(&label("dj2")); - &data_word(&label("dj3")); - &data_word(&label("dj4")); - &data_word(&label("dj5")); - &data_word(&label("dj6")); - &data_word(&label("dj7")); - - &function_end_B($name); - - } - -1; diff --git a/linux/crypto/ciphers/des/asm/perlasm/readme b/linux/crypto/ciphers/des/asm/perlasm/readme deleted file mode 100644 index f02bbee75..000000000 --- a/linux/crypto/ciphers/des/asm/perlasm/readme +++ /dev/null @@ -1,124 +0,0 @@ -The perl scripts in this directory are my 'hack' to generate -multiple different assembler formats via the one origional script. - -The way to use this library is to start with adding the path to this directory -and then include it. - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -The first thing we do is setup the file and type of assember - -&asm_init($ARGV[0],$0); - -The first argument is the 'type'. Currently -'cpp', 'sol', 'a.out', 'elf' or 'win32'. -Argument 2 is the file name. - -The reciprocal function is -&asm_finish() which should be called at the end. - -There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler, -and x86unix.pl which is the unix (gas) version. - -Functions of interest are: -&external_label("des_SPtrans"); declare and external variable -&LB(reg); Low byte for a register -&HB(reg); High byte for a register -&BP(off,base,index,scale) Byte pointer addressing -&DWP(off,base,index,scale) Word pointer addressing -&stack_push(num) Basically a 'sub esp, num*4' with extra -&stack_pop(num) inverse of stack_push -&function_begin(name,extra) Start a function with pushing of - edi, esi, ebx and ebp. extra is extra win32 - external info that may be required. -&function_begin_B(name,extra) Same as norma function_begin but no pushing. -&function_end(name) Call at end of function. -&function_end_A(name) Standard pop and ret, for use inside functions -&function_end_B(name) Call at end but with poping or 'ret'. -&swtmp(num) Address on stack temp word. -&wparam(num) Parameter number num, that was push - in C convention. This all works over pushes - and pops. -&comment("hello there") Put in a comment. -&label("loop") Refer to a label, normally a jmp target. -&set_label("loop") Set a label at this point. -&data_word(word) Put in a word of data. - -So how does this all hold together? Given - -int calc(int len, int *data) - { - int i,j=0; - - for (i=0; i"); -&comment(""); - - $filename =~ s/\.pl$//; - &file($filename); - } - -sub asm_finish_cpp - { - return unless $cpp; - - local($tmp,$i); - foreach $i (&get_labels()) - { - $tmp.="#define $i _$i\n"; - } - print <<"EOF"; -/* Run the C pre-processor over this file with one of the following defined - * ELF - elf object files, - * OUT - a.out object files, - * BSDI - BSDI style a.out object files - * SOL - Solaris style elf - */ - -#define TYPE(a,b) .type a,b -#define SIZE(a,b) .size a,b - -#if defined(OUT) || defined(BSDI) -$tmp -#endif - -#ifdef OUT -#define OK 1 -#define ALIGN 4 -#endif - -#ifdef BSDI -#define OK 1 -#define ALIGN 4 -#undef SIZE -#undef TYPE -#endif - -#if defined(ELF) || defined(SOL) -#define OK 1 -#define ALIGN 16 -#endif - -#ifndef OK -You need to define one of -ELF - elf systems - linux-elf, NetBSD and DG-UX -OUT - a.out systems - linux-a.out and FreeBSD -SOL - solaris systems, which are elf with strange comment lines -BSDI - a.out with a very primative version of as. -#endif - -/* Let the Assembler begin :-) */ -EOF - } - -1; diff --git a/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl b/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl deleted file mode 100644 index 0681ea18c..000000000 --- a/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl +++ /dev/null @@ -1,345 +0,0 @@ -#!/usr/bin/perl - -package x86ms; - -$label="L000"; - -%lb=( 'eax', 'al', - 'ebx', 'bl', - 'ecx', 'cl', - 'edx', 'dl', - 'ax', 'al', - 'bx', 'bl', - 'cx', 'cl', - 'dx', 'dl', - ); - -%hb=( 'eax', 'ah', - 'ebx', 'bh', - 'ecx', 'ch', - 'edx', 'dh', - 'ax', 'ah', - 'bx', 'bh', - 'cx', 'ch', - 'dx', 'dh', - ); - -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } -sub main'external_label { push(@labels,@_); } - -sub main'LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main'HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main'BP - { - &get_mem("BYTE",@_); - } - -sub main'DWP - { - &get_mem("DWORD",@_); - } - -sub main'stack_push - { - local($num)=@_; - $stack+=$num*4; - &main'sub("esp",$num*4); - } - -sub main'stack_pop - { - local($num)=@_; - $stack-=$num*4; - &main'add("esp",$num*4); - } - -sub get_mem - { - local($size,$addr,$reg1,$reg2,$idx)=@_; - local($t,$post); - local($ret)="$size PTR "; - - $addr =~ s/^\s+//; - if ($addr =~ /^(.+)\+(.+)$/) - { - $reg2=&conv($1); - $addr="_$2"; - } - elsif ($addr =~ /^[_a-zA-Z]/) - { - $addr="_$addr"; - } - - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - if (($addr ne "") && ($addr ne 0)) - { - if ($addr !~ /^-/) - { $ret.=$addr; } - else { $post=$addr; } - } - if ($reg2 ne "") - { - $t=""; - $t="*$idx" if ($idx != 0); - $reg1="+".$reg1 if ("$reg1$post" ne ""); - $ret.="[$reg2$t$reg1$post]"; - } - else - { - $ret.="[$reg1$post]" - } - return($ret); - } - -sub main'mov { &out2("mov",@_); } -sub main'movb { &out2("mov",@_); } -sub main'and { &out2("and",@_); } -sub main'or { &out2("or",@_); } -sub main'shl { &out2("shl",@_); } -sub main'shr { &out2("shr",@_); } -sub main'xor { &out2("xor",@_); } -sub main'xorb { &out2("xor",@_); } -sub main'add { &out2("add",@_); } -sub main'adc { &out2("adc",@_); } -sub main'sub { &out2("sub",@_); } -sub main'rotl { &out2("rol",@_); } -sub main'rotr { &out2("ror",@_); } -sub main'exch { &out2("xchg",@_); } -sub main'cmp { &out2("cmp",@_); } -sub main'lea { &out2("lea",@_); } -sub main'mul { &out1("mul",@_); } -sub main'div { &out1("div",@_); } -sub main'dec { &out1("dec",@_); } -sub main'inc { &out1("inc",@_); } -sub main'jmp { &out1("jmp",@_); } -sub main'jmp_ptr { &out1p("jmp",@_); } -sub main'je { &out1("je",@_); } -sub main'jle { &out1("jle",@_); } -sub main'jz { &out1("jz",@_); } -sub main'jge { &out1("jge",@_); } -sub main'jl { &out1("jl",@_); } -sub main'jb { &out1("jb",@_); } -sub main'jnz { &out1("jnz",@_); } -sub main'jne { &out1("jne",@_); } -sub main'push { &out1("push",@_); $stack+=4; } -sub main'pop { &out1("pop",@_); $stack-=4; } -sub main'bswap { &out1("bswap",@_); &using486(); } -sub main'not { &out1("not",@_); } -sub main'call { &out1("call",'_'.$_[0]); } -sub main'ret { &out0("ret"); } -sub main'nop { &out0("nop"); } - -sub out2 - { - local($name,$p1,$p2)=@_; - local($l,$t); - - push(@out,"\t$name\t"); - $t=&conv($p1).","; - $l=length($t); - push(@out,$t); - $l=4-($l+9)/8; - push(@out,"\t" x $l); - push(@out,&conv($p2)); - push(@out,"\n"); - } - -sub out0 - { - local($name)=@_; - - push(@out,"\t$name\n"); - } - -sub out1 - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub conv - { - local($p)=@_; - - $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - return $p; - } - -sub using486 - { - return if $using486; - $using486++; - grep(s/\.386/\.486/,@out); - } - -sub main'file - { - local($file)=@_; - - local($tmp)=<<"EOF"; - TITLE $file.asm - .386 -.model FLAT -EOF - push(@out,$tmp); - } - -sub main'function_begin - { - local($func,$extra)=@_; - - push(@labels,$func); - - local($tmp)=<<"EOF"; -_TEXT SEGMENT -PUBLIC _$func -$extra -_$func PROC NEAR - push ebp - push ebx - push esi - push edi -EOF - push(@out,$tmp); - $stack=20; - } - -sub main'function_begin_B - { - local($func,$extra)=@_; - - local($tmp)=<<"EOF"; -_TEXT SEGMENT -PUBLIC _$func -$extra -_$func PROC NEAR -EOF - push(@out,$tmp); - $stack=4; - } - -sub main'function_end - { - local($func)=@_; - - local($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -_$func ENDP -_TEXT ENDS -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_B - { - local($func)=@_; - - local($tmp)=<<"EOF"; -_$func ENDP -_TEXT ENDS -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_A - { - local($func)=@_; - - local($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF - push(@out,$tmp); - } - -sub main'file_end - { - push(@out,"END\n"); - } - -sub main'wparam - { - local($num)=@_; - - return(&main'DWP($stack+$num*4,"esp","",0)); - } - -sub main'swtmp - { - return(&main'DWP($_[0]*4,"esp","",0)); - } - -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main'wtmp -# { -# local($num)=@_; -# -# return(&main'DWP(-(($num+1)*4),"esp","",0)); -# } - -sub main'comment - { - foreach (@_) - { - push(@out,"\t; $_\n"); - } - } - -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="\$${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } - -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="${label}${_[0]}"; - $label++; - } - push(@out,"$label{$_[0]}:\n"); - } - -sub main'data_word - { - push(@out,"\tDD\t$_[0]\n"); - } - -sub out1p - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t ".&conv($p1)."\n"); - } diff --git a/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl b/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl deleted file mode 100644 index 1d661221c..000000000 --- a/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl +++ /dev/null @@ -1,403 +0,0 @@ -#!/usr/bin/perl - -package x86unix; - -$label="L000"; - -$align=($main'aout)?"4":"16"; -$under=($main'aout)?"_":""; -$com_start=($main'sol)?"/":"#"; - -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } -sub main'external_label { push(@labels,@_); } - -if ($main'cpp) - { - $align="ALIGN"; - $under=""; - $com_start='/*'; - $com_end='*/'; - } - -%lb=( 'eax', '%al', - 'ebx', '%bl', - 'ecx', '%cl', - 'edx', '%dl', - 'ax', '%al', - 'bx', '%bl', - 'cx', '%cl', - 'dx', '%dl', - ); - -%hb=( 'eax', '%ah', - 'ebx', '%bh', - 'ecx', '%ch', - 'edx', '%dh', - 'ax', '%ah', - 'bx', '%bh', - 'cx', '%ch', - 'dx', '%dh', - ); - -%regs=( 'eax', '%eax', - 'ebx', '%ebx', - 'ecx', '%ecx', - 'edx', '%edx', - 'esi', '%esi', - 'edi', '%edi', - 'ebp', '%ebp', - 'esp', '%esp', - ); - -%reg_val=( - 'eax', 0x00, - 'ebx', 0x03, - 'ecx', 0x01, - 'edx', 0x02, - 'esi', 0x06, - 'edi', 0x07, - 'ebp', 0x05, - 'esp', 0x04, - ); - -sub main'LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main'HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main'DWP - { - local($addr,$reg1,$reg2,$idx)=@_; - - $ret=""; - $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - $ret.=$addr if ($addr ne "") && ($addr ne 0); - if ($reg2 ne "") - { $ret.="($reg1,$reg2,$idx)"; } - else - { $ret.="($reg1)" } - return($ret); - } - -sub main'BP - { - return(&main'DWP(@_)); - } - -#sub main'BP -# { -# local($addr,$reg1,$reg2,$idx)=@_; -# -# $ret=""; -# -# $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; -# $reg1="$regs{$reg1}" if defined($regs{$reg1}); -# $reg2="$regs{$reg2}" if defined($regs{$reg2}); -# $ret.=$addr if ($addr ne "") && ($addr ne 0); -# if ($reg2 ne "") -# { $ret.="($reg1,$reg2,$idx)"; } -# else -# { $ret.="($reg1)" } -# return($ret); -# } - -sub main'mov { &out2("movl",@_); } -sub main'movb { &out2("movb",@_); } -sub main'and { &out2("andl",@_); } -sub main'or { &out2("orl",@_); } -sub main'shl { &out2("sall",@_); } -sub main'shr { &out2("shrl",@_); } -sub main'xor { &out2("xorl",@_); } -sub main'xorb { &out2("xorb",@_); } -sub main'add { &out2("addl",@_); } -sub main'adc { &out2("adcl",@_); } -sub main'sub { &out2("subl",@_); } -sub main'rotl { &out2("roll",@_); } -sub main'rotr { &out2("rorl",@_); } -sub main'exch { &out2("xchg",@_); } -sub main'cmp { &out2("cmpl",@_); } -sub main'lea { &out2("leal",@_); } -sub main'mul { &out1("mull",@_); } -sub main'div { &out1("divl",@_); } -sub main'jmp { &out1("jmp",@_); } -sub main'jmp_ptr { &out1p("jmp",@_); } -sub main'je { &out1("je",@_); } -sub main'jle { &out1("jle",@_); } -sub main'jne { &out1("jne",@_); } -sub main'jnz { &out1("jnz",@_); } -sub main'jz { &out1("jz",@_); } -sub main'jge { &out1("jge",@_); } -sub main'jl { &out1("jl",@_); } -sub main'jb { &out1("jb",@_); } -sub main'dec { &out1("decl",@_); } -sub main'inc { &out1("incl",@_); } -sub main'push { &out1("pushl",@_); $stack+=4; } -sub main'pop { &out1("popl",@_); $stack-=4; } -sub main'bswap { &out1("bswapl",@_); } -sub main'not { &out1("notl",@_); } -sub main'call { &out1("call",$under.$_[0]); } -sub main'ret { &out0("ret"); } -sub main'nop { &out0("nop"); } - -sub out2 - { - local($name,$p1,$p2)=@_; - local($l,$ll,$t); - local(%special)=( "roll",0xD1C0,"rorl",0xD1C8, - "rcll",0xD1D0,"rcrl",0xD1D8, - "shll",0xD1E0,"shrl",0xD1E8, - "sarl",0xD1F8); - - if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1)) - { - $op=$special{$name}|$reg_val{$p1}; - $tmp1=sprintf ".byte %d\n",($op>>8)&0xff; - $tmp2=sprintf ".byte %d\t",$op &0xff; - push(@out,$tmp1); - push(@out,$tmp2); - - $p2=&conv($p2); - $p1=&conv($p1); - &main'comment("$name $p2 $p1"); - return; - } - - push(@out,"\t$name\t"); - $t=&conv($p2).","; - $l=length($t); - push(@out,$t); - $ll=4-($l+9)/8; - $tmp1=sprintf "\t" x $ll; - push(@out,$tmp1); - push(@out,&conv($p1)."\n"); - } - -sub out1 - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub out1p - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t*".&conv($p1)."\n"); - } - -sub out0 - { - push(@out,"\t$_[0]\n"); - } - -sub conv - { - local($p)=@_; - -# $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - - $p=$regs{$p} if (defined($regs{$p})); - - $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/; - $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/; - return $p; - } - -sub main'file - { - local($file)=@_; - - local($tmp)=<<"EOF"; - .file "$file.s" - .version "01.01" -gcc2_compiled.: -EOF - push(@out,$tmp); - } - -sub main'function_begin - { - local($func)=@_; - - $func=$under.$func; - - local($tmp)=<<"EOF"; -.text - .align $align -.globl $func -EOF - push(@out,$tmp); - if ($main'cpp) - { $tmp=push(@out,"\tTYPE($func,\@function)\n"); } - else { $tmp=push(@out,"\t.type\t$func,\@function\n"); } - push(@out,"$func:\n"); - $tmp=<<"EOF"; - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - -EOF - push(@out,$tmp); - $stack=20; - } - -sub main'function_begin_B - { - local($func,$extra)=@_; - - $func=$under.$func; - - local($tmp)=<<"EOF"; -.text - .align $align -.globl $func -EOF - push(@out,$tmp); - if ($main'cpp) - { push(@out,"\tTYPE($func,\@function)\n"); } - else { push(@out,"\t.type $func,\@function\n"); } - push(@out,"$func:\n"); - $stack=4; - } - -sub main'function_end - { - local($func)=@_; - - $func=$under.$func; - - local($tmp)=<<"EOF"; - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.${func}_end: -EOF - push(@out,$tmp); - if ($main'cpp) - { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } - else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); } - push(@out,".ident \"$func\"\n"); - $stack=0; - %label=(); - } - -sub main'function_end_A - { - local($func)=@_; - - local($tmp)=<<"EOF"; - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -EOF - push(@out,$tmp); - } - -sub main'function_end_B - { - local($func)=@_; - - $func=$under.$func; - - push(@out,".${func}_end:\n"); - if ($main'cpp) - { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } - else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); } - push(@out,".ident \"desasm.pl\"\n"); - $stack=0; - %label=(); - } - -sub main'wparam - { - local($num)=@_; - - return(&main'DWP($stack+$num*4,"esp","",0)); - } - -sub main'stack_push - { - local($num)=@_; - $stack+=$num*4; - &main'sub("esp",$num*4); - } - -sub main'stack_pop - { - local($num)=@_; - $stack-=$num*4; - &main'add("esp",$num*4); - } - -sub main'swtmp - { - return(&main'DWP($_[0]*4,"esp","",0)); - } - -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main'wtmp -# { -# local($num)=@_; -# -# return(&main'DWP(-($num+1)*4,"esp","",0)); -# } - -sub main'comment - { - foreach (@_) - { - if (/^\s*$/) - { push(@out,"\n"); } - else - { push(@out,"\t$com_start $_ $com_end\n"); } - } - } - -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=".${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } - -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=".${label}${_[0]}"; - $label++; - } - push(@out,".align $align\n") if ($_[1] != 0); - push(@out,"$label{$_[0]}:\n"); - } - -sub main'file_end - { - } - -sub main'data_word - { - push(@out,"\t.long $_[0]\n"); - } diff --git a/linux/crypto/ciphers/des/asm/readme b/linux/crypto/ciphers/des/asm/readme deleted file mode 100644 index f8529d930..000000000 --- a/linux/crypto/ciphers/des/asm/readme +++ /dev/null @@ -1,131 +0,0 @@ -First up, let me say I don't like writing in assembler. It is not portable, -dependant on the particular CPU architecture release and is generally a pig -to debug and get right. Having said that, the x86 architecture is probably -the most important for speed due to number of boxes and since -it appears to be the worst architecture to to get -good C compilers for. So due to this, I have lowered myself to do -assembler for the inner DES routines in libdes :-). - -The file to implement in assembler is des_enc.c. Replace the following -4 functions -des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt); -des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt); -des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); -des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); - -They encrypt/decrypt the 64 bits held in 'data' using -the 'ks' key schedules. The only difference between the 4 functions is that -des_encrypt2() does not perform IP() or FP() on the data (this is an -optimization for when doing triple DES and des_encrypt3() and des_decrypt3() -perform triple des. The triple DES routines are in here because it does -make a big difference to have them located near the des_encrypt2 function -at link time.. - -Now as we all know, there are lots of different operating systems running on -x86 boxes, and unfortunately they normally try to make sure their assembler -formating is not the same as the other peoples. -The 4 main formats I know of are -Microsoft Windows 95/Windows NT -Elf Includes Linux and FreeBSD(?). -a.out The older Linux. -Solaris Same as Elf but different comments :-(. - -Now I was not overly keen to write 4 different copies of the same code, -so I wrote a few perl routines to output the correct assembler, given -a target assembler type. This code is ugly and is just a hack. -The libraries are x86unix.pl and x86ms.pl. -des586.pl, des686.pl and des-som[23].pl are the programs to actually -generate the assembler. - -So to generate elf assembler -perl des-som3.pl elf >dx86-elf.s -For Windows 95/NT -perl des-som2.pl win32 >win32.asm - -[ update 4 Jan 1996 ] -I have added another way to do things. -perl des-som3.pl cpp >dx86-cpp.s -generates a file that will be included by dx86unix.cpp when it is compiled. -To build for elf, a.out, solaris, bsdi etc, -cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o -cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o -cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o -cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o -This was done to cut down the number of files in the distribution. - -Now the ugly part. I acquired my copy of Intels -"Optimization's For Intel's 32-Bit Processors" and found a few interesting -things. First, the aim of the exersize is to 'extract' one byte at a time -from a word and do an array lookup. This involves getting the byte from -the 4 locations in the word and moving it to a new word and doing the lookup. -The most obvious way to do this is -xor eax, eax # clear word -movb al, cl # get low byte -xor edi DWORD PTR 0x100+des_SP[eax] # xor in word -movb al, ch # get next byte -xor edi DWORD PTR 0x300+des_SP[eax] # xor in word -shr ecx 16 -which seems ok. For the pentium, this system appears to be the best. -One has to do instruction interleaving to keep both functional units -operating, but it is basically very efficient. - -Now the crunch. When a full register is used after a partial write, eg. -mov al, cl -xor edi, DWORD PTR 0x100+des_SP[eax] -386 - 1 cycle stall -486 - 1 cycle stall -586 - 0 cycle stall -686 - at least 7 cycle stall (page 22 of the above mentioned document). - -So the technique that produces the best results on a pentium, according to -the documentation, will produce hideous results on a pentium pro. - -To get around this, des686.pl will generate code that is not as fast on -a pentium, should be very good on a pentium pro. -mov eax, ecx # copy word -shr ecx, 8 # line up next byte -and eax, 0fch # mask byte -xor edi DWORD PTR 0x100+des_SP[eax] # xor in array lookup -mov eax, ecx # get word -shr ecx 8 # line up next byte -and eax, 0fch # mask byte -xor edi DWORD PTR 0x300+des_SP[eax] # xor in array lookup - -Due to the execution units in the pentium, this actually works quite well. -For a pentium pro it should be very good. This is the type of output -Visual C++ generates. - -There is a third option. instead of using -mov al, ch -which is bad on the pentium pro, one may be able to use -movzx eax, ch -which may not incur the partial write penalty. On the pentium, -this instruction takes 4 cycles so is not worth using but on the -pentium pro it appears it may be worth while. I need access to one to -experiment :-). - -eric (20 Oct 1996) - -22 Nov 1996 - I have asked people to run the 2 different version on pentium -pros and it appears that the intel documentation is wrong. The -mov al,bh is still faster on a pentium pro, so just use the des586.pl -install des686.pl - -3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these -functions into des_enc.c because it does make a massive performance -difference on some boxes to have the functions code located close to -the des_encrypt2() function. - -9 Jan 1997 - des-som2.pl is now the correct perl script to use for -pentiums. It contains an inner loop from -Svend Olaf Mikkelsen which does raw ecb DES calls at -273,000 per second. He had a previous version at 250,000 and the best -I was able to get was 203,000. The content has not changed, this is all -due to instruction sequencing (and actual instructions choice) which is able -to keep both functional units of the pentium going. -We may have lost the ugly register usage restrictions when x86 went 32 bit -but for the pentium it has been replaced by evil instruction ordering tricks. - -13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf. -raw DES at 281,000 per second on a pentium 100. - diff --git a/linux/crypto/ciphers/des/cbc_enc.c b/linux/crypto/ciphers/des/cbc_enc.c deleted file mode 100644 index a06f9f99e..000000000 --- a/linux/crypto/ciphers/des/cbc_enc.c +++ /dev/null @@ -1,135 +0,0 @@ -/* crypto/des/cbc_enc.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_locl.h" - -void des_cbc_encrypt(input, output, length, schedule, ivec, enc) -des_cblock (*input); -des_cblock (*output); -long length; -des_key_schedule schedule; -des_cblock (*ivec); -int enc; - { - register DES_LONG tin0,tin1; - register DES_LONG tout0,tout1,xor0,xor1; - register unsigned char *in,*out; - register long l=length; - DES_LONG tin[2]; - unsigned char *iv; - - in=(unsigned char *)input; - out=(unsigned char *)output; - iv=(unsigned char *)ivec; - - if (enc) - { - c2l(iv,tout0); - c2l(iv,tout1); - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); - c2l(in,tin1); - tin0^=tout0; tin[0]=tin0; - tin1^=tout1; tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); - tout0=tin[0]; l2c(tout0,out); - tout1=tin[1]; l2c(tout1,out); - } - if (l != -8) - { - c2ln(in,tin0,tin1,l+8); - tin0^=tout0; tin[0]=tin0; - tin1^=tout1; tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); - tout0=tin[0]; l2c(tout0,out); - tout1=tin[1]; l2c(tout1,out); - } - } - else - { - c2l(iv,xor0); - c2l(iv,xor1); - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); tin[0]=tin0; - c2l(in,tin1); tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2c(tout0,out); - l2c(tout1,out); - xor0=tin0; - xor1=tin1; - } - if (l != -8) - { - c2l(in,tin0); tin[0]=tin0; - c2l(in,tin1); tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2cn(tout0,tout1,out,l+8); - /* xor0=tin0; - xor1=tin1; */ - } - } - tin0=tin1=tout0=tout1=xor0=xor1=0; - tin[0]=tin[1]=0; - } - diff --git a/linux/crypto/ciphers/des/des.doc b/linux/crypto/ciphers/des/des.doc deleted file mode 100644 index 1e3015812..000000000 --- a/linux/crypto/ciphers/des/des.doc +++ /dev/null @@ -1,505 +0,0 @@ -The DES library. - -Please note that this library was originally written to operate with -eBones, a version of Kerberos that had had encryption removed when it left -the USA and then put back in. As such there are some routines that I will -advise not using but they are still in the library for historical reasons. -For all calls that have an 'input' and 'output' variables, they can be the -same. - -This library requires the inclusion of 'des.h'. - -All of the encryption functions take what is called a des_key_schedule as an -argument. A des_key_schedule is an expanded form of the des key. -A des_key is 8 bytes of odd parity, the type used to hold the key is a -des_cblock. A des_cblock is an array of 8 bytes, often in this library -description I will refer to input bytes when the function specifies -des_cblock's as input or output, this just means that the variable should -be a multiple of 8 bytes. - -The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to -specify decryption. The functions and global variable are as follows: - -int des_check_key; - DES keys are supposed to be odd parity. If this variable is set to - a non-zero value, des_set_key() will check that the key has odd - parity and is not one of the known weak DES keys. By default this - variable is turned off; - -void des_set_odd_parity( -des_cblock *key ); - This function takes a DES key (8 bytes) and sets the parity to odd. - -int des_is_weak_key( -des_cblock *key ); - This function returns a non-zero value if the DES key passed is a - weak, DES key. If it is a weak key, don't use it, try a different - one. If you are using 'random' keys, the chances of hitting a weak - key are 1/2^52 so it is probably not worth checking for them. - -int des_set_key( -des_cblock *key, -des_key_schedule schedule); - Des_set_key converts an 8 byte DES key into a des_key_schedule. - A des_key_schedule is an expanded form of the key which is used to - perform actual encryption. It can be regenerated from the DES key - so it only needs to be kept when encryption or decryption is about - to occur. Don't save or pass around des_key_schedule's since they - are CPU architecture dependent, DES keys are not. If des_check_key - is non zero, zero is returned if the key has the wrong parity or - the key is a weak key, else 1 is returned. - -int des_key_sched( -des_cblock *key, -des_key_schedule schedule); - An alternative name for des_set_key(). - -int des_rw_mode; /* defaults to DES_PCBC_MODE */ - This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default). - This specifies the function to use in the enc_read() and enc_write() - functions. - -void des_encrypt( -unsigned long *data, -des_key_schedule ks, -int enc); - This is the DES encryption function that gets called by just about - every other DES routine in the library. You should not use this - function except to implement 'modes' of DES. I say this because the - functions that call this routine do the conversion from 'char *' to - long, and this needs to be done to make sure 'non-aligned' memory - access do not occur. The characters are loaded 'little endian', - have a look at my source code for more details on how I use this - function. - Data is a pointer to 2 unsigned long's and ks is the - des_key_schedule to use. enc, is non zero specifies encryption, - zero if decryption. - -void des_encrypt2( -unsigned long *data, -des_key_schedule ks, -int enc); - This functions is the same as des_encrypt() except that the DES - initial permutation (IP) and final permutation (FP) have been left - out. As for des_encrypt(), you should not use this function. - It is used by the routines in my library that implement triple DES. - IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same - as des_encrypt() des_encrypt() des_encrypt() except faster :-). - -void des_ecb_encrypt( -des_cblock *input, -des_cblock *output, -des_key_schedule ks, -int enc); - This is the basic Electronic Code Book form of DES, the most basic - form. Input is encrypted into output using the key represented by - ks. If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise - decryption occurs. Input is 8 bytes long and output is 8 bytes. - (the des_cblock structure is 8 chars). - -void des_ecb3_encrypt( -des_cblock *input, -des_cblock *output, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -int enc); - This is the 3 key EDE mode of ECB DES. What this means is that - the 8 bytes of input is encrypted with ks1, decrypted with ks2 and - then encrypted again with ks3, before being put into output; - C=E(ks3,D(ks2,E(ks1,M))). There is a macro, des_ecb2_encrypt() - that only takes 2 des_key_schedules that implements, - C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1. - -void des_cbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks, -des_cblock *ivec, -int enc); - This routine implements DES in Cipher Block Chaining mode. - Input, which should be a multiple of 8 bytes is encrypted - (or decrypted) to output which will also be a multiple of 8 bytes. - The number of bytes is in length (and from what I've said above, - should be a multiple of 8). If length is not a multiple of 8, I'm - not being held responsible :-). ivec is the initialisation vector. - This function does not modify this variable. To correctly implement - cbc mode, you need to do one of 2 things; copy the last 8 bytes of - cipher text for use as the next ivec in your application, - or use des_ncbc_encrypt(). - Only this routine has this problem with updating the ivec, all - other routines that are implementing cbc mode update ivec. - -void des_ncbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule sk, -des_cblock *ivec, -int enc); - For historical reasons, des_cbc_encrypt() did not update the - ivec with the value requires so that subsequent calls to - des_cbc_encrypt() would 'chain'. This was needed so that the same - 'length' values would not need to be used when decrypting. - des_ncbc_encrypt() does the right thing. It is the same as - des_cbc_encrypt accept that ivec is updates with the correct value - to pass in subsequent calls to des_ncbc_encrypt(). I advise using - des_ncbc_encrypt() instead of des_cbc_encrypt(); - -void des_xcbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule sk, -des_cblock *ivec, -des_cblock *inw, -des_cblock *outw, -int enc); - This is RSA's DESX mode of DES. It uses inw and outw to - 'whiten' the encryption. inw and outw are secret (unlike the iv) - and are as such, part of the key. So the key is sort of 24 bytes. - This is much better than cbc des. - -void des_3cbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule sk1, -des_key_schedule sk2, -des_cblock *ivec1, -des_cblock *ivec2, -int enc); - This function is flawed, do not use it. I have left it in the - library because it is used in my des(1) program and will function - correctly when used by des(1). If I removed the function, people - could end up unable to decrypt files. - This routine implements outer triple cbc encryption using 2 ks and - 2 ivec's. Use des_ede2_cbc_encrypt() instead. - -void des_ede3_cbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -des_cblock *ivec, -int enc); - This function implements inner triple CBC DES encryption with 3 - keys. What this means is that each 'DES' operation - inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))). - Again, this is cbc mode so an ivec is requires. - This mode is used by SSL. - There is also a des_ede2_cbc_encrypt() that only uses 2 - des_key_schedule's, the first being reused for the final - encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of triple DES - is used by the RSAref library. - -void des_pcbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks, -des_cblock *ivec, -int enc); - This is Propagating Cipher Block Chaining mode of DES. It is used - by Kerberos v4. It's parameters are the same as des_ncbc_encrypt(). - -void des_cfb_encrypt( -unsigned char *in, -unsigned char *out, -int numbits, -long length, -des_key_schedule ks, -des_cblock *ivec, -int enc); - Cipher Feedback Back mode of DES. This implementation 'feeds back' - in numbit blocks. The input (and output) is in multiples of numbits - bits. numbits should to be a multiple of 8 bits. Length is the - number of bytes input. If numbits is not a multiple of 8 bits, - the extra bits in the bytes will be considered padding. So if - numbits is 12, for each 2 input bytes, the 4 high bits of the - second byte will be ignored. So to encode 72 bits when using - a numbits of 12 take 12 bytes. To encode 72 bits when using - numbits of 9 will take 16 bytes. To encode 80 bits when using - numbits of 16 will take 10 bytes. etc, etc. This padding will - apply to both input and output. - - -void des_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num, -int enc); - This is one of the more useful functions in this DES library, it - implements CFB mode of DES with 64bit feedback. Why is this - useful you ask? Because this routine will allow you to encrypt an - arbitrary number of bytes, no 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. num contains 'how far' we are though ivec. If this does - not make much sense, read more about cfb mode of DES :-). - -void des_ede3_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -des_cblock *ivec, -int *num, -int enc); - Same as des_cfb64_encrypt() accept that the DES operation is - triple DES. As usual, there is a macro for - des_ede2_cfb64_encrypt() which reuses ks1. - -void des_ofb_encrypt( -unsigned char *in, -unsigned char *out, -int numbits, -long length, -des_key_schedule ks, -des_cblock *ivec); - This is a implementation of Output Feed Back mode of DES. It is - the same as des_cfb_encrypt() in that numbits is the size of the - units dealt with during input and output (in bits). - -void des_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num); - The same as des_cfb64_encrypt() except that it is Output Feed Back - mode. - -void des_ede3_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -des_cblock *ivec, -int *num); - Same as des_ofb64_encrypt() accept that the DES operation is - triple DES. As usual, there is a macro for - des_ede2_ofb64_encrypt() which reuses ks1. - -int des_read_pw_string( -char *buf, -int length, -char *prompt, -int verify); - This routine is used to get a password from the terminal with echo - turned off. Buf is where the string will end up and length is the - size of buf. Prompt is a string presented to the 'user' and if - verify is set, the key is asked for twice and unless the 2 copies - match, an error is returned. A return code of -1 indicates a - system error, 1 failure due to use interaction, and 0 is success. - -unsigned long des_cbc_cksum( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks, -des_cblock *ivec); - This function produces an 8 byte checksum from input that it puts in - output and returns the last 4 bytes as a long. The checksum is - generated via cbc mode of DES in which only the last 8 byes are - kept. I would recommend not using this function but instead using - the EVP_Digest routines, or at least using MD5 or SHA. This - function is used by Kerberos v4 so that is why it stays in the - library. - -char *des_fcrypt( -const char *buf, -const char *salt -char *ret); - This is my fast version of the unix crypt(3) function. This version - takes only a small amount of space relative to other fast - crypt() implementations. This is different to the normal crypt - in that the third parameter is the buffer that the return value - is written into. It needs to be at least 14 bytes long. This - function is thread safe, unlike the normal crypt. - -char *crypt( -const char *buf, -const char *salt); - This function calls des_fcrypt() with a static array passed as the - third parameter. This emulates the normal non-thread safe semantics - of crypt(3). - -void des_string_to_key( -char *str, -des_cblock *key); - This function takes str and converts it into a DES key. I would - recommend using MD5 instead and use the first 8 bytes of output. - When I wrote the first version of these routines back in 1990, MD5 - did not exist but I feel these routines are still sound. This - routines is compatible with the one in MIT's libdes. - -void des_string_to_2keys( -char *str, -des_cblock *key1, -des_cblock *key2); - This function takes str and converts it into 2 DES keys. - I would recommend using MD5 and using the 16 bytes as the 2 keys. - I have nothing against these 2 'string_to_key' routines, it's just - that if you say that your encryption key is generated by using the - 16 bytes of an MD5 hash, every-one knows how you generated your - keys. - -int des_read_password( -des_cblock *key, -char *prompt, -int verify); - This routine combines des_read_pw_string() with des_string_to_key(). - -int des_read_2passwords( -des_cblock *key1, -des_cblock *key2, -char *prompt, -int verify); - This routine combines des_read_pw_string() with des_string_to_2key(). - -void des_random_seed( -des_cblock key); - This routine sets a starting point for des_random_key(). - -void des_random_key( -des_cblock ret); - This function return a random key. Make sure to 'seed' the random - number generator (with des_random_seed()) before using this function. - I personally now use a MD5 based random number system. - -int des_enc_read( -int fd, -char *buf, -int len, -des_key_schedule ks, -des_cblock *iv); - This function will write to a file descriptor the encrypted data - from buf. This data will be preceded by a 4 byte 'byte count' and - will be padded out to 8 bytes. The encryption is either CBC of - PCBC depending on the value of des_rw_mode. If it is DES_PCBC_MODE, - pcbc is used, if DES_CBC_MODE, cbc is used. The default is to use - DES_PCBC_MODE. - -int des_enc_write( -int fd, -char *buf, -int len, -des_key_schedule ks, -des_cblock *iv); - This routines read stuff written by des_enc_read() and decrypts it. - I have used these routines quite a lot but I don't believe they are - suitable for non-blocking io. If you are after a full - authentication/encryption over networks, have a look at SSL instead. - -unsigned long des_quad_cksum( -des_cblock *input, -des_cblock *output, -long length, -int out_count, -des_cblock *seed); - This is a function from Kerberos v4 that is not anything to do with - DES but was needed. It is a cksum that is quicker to generate than - des_cbc_cksum(); I personally would use MD5 routines now. -===== -Modes of DES -Quite a bit of the following information has been taken from - AS 2805.5.2 - Australian Standard - Electronic funds transfer - Requirements for interfaces, - Part 5.2: Modes of operation for an n-bit block cipher algorithm - Appendix A - -There are several different modes in which DES can be used, they are -as follows. - -Electronic Codebook Mode (ECB) (des_ecb_encrypt()) -- 64 bits are enciphered at a time. -- The order of the blocks can be rearranged without detection. -- The same plaintext block always produces the same ciphertext block - (for the same key) making it vulnerable to a 'dictionary attack'. -- An error will only affect one ciphertext block. - -Cipher Block Chaining Mode (CBC) (des_cbc_encrypt()) -- a multiple of 64 bits are enciphered at a time. -- The CBC mode produces the same ciphertext whenever the same - plaintext is encrypted using the same key and starting variable. -- The chaining operation makes the ciphertext blocks dependent on the - current and all preceding plaintext blocks and therefore blocks can not - be rearranged. -- The use of different starting variables prevents the same plaintext - enciphering to the same ciphertext. -- An error will affect the current and the following ciphertext blocks. - -Cipher Feedback Mode (CFB) (des_cfb_encrypt()) -- a number of bits (j) <= 64 are enciphered at a time. -- The CFB mode produces the same ciphertext whenever the same - plaintext is encrypted using the same key and starting variable. -- The chaining operation makes the ciphertext variables dependent on the - current and all preceding variables and therefore j-bit variables are - chained together and can not be rearranged. -- The use of different starting variables prevents the same plaintext - enciphering to the same ciphertext. -- The strength of the CFB mode depends on the size of k (maximal if - j == k). In my implementation this is always the case. -- Selection of a small value for j will require more cycles through - the encipherment algorithm per unit of plaintext and thus cause - greater processing overheads. -- Only multiples of j bits can be enciphered. -- An error will affect the current and the following ciphertext variables. - -Output Feedback Mode (OFB) (des_ofb_encrypt()) -- a number of bits (j) <= 64 are enciphered at a time. -- The OFB mode produces the same ciphertext whenever the same - plaintext enciphered using the same key and starting variable. More - over, in the OFB mode the same key stream is produced when the same - key and start variable are used. Consequently, for security reasons - a specific start variable should be used only once for a given key. -- The absence of chaining makes the OFB more vulnerable to specific attacks. -- The use of different start variables values prevents the same - plaintext enciphering to the same ciphertext, by producing different - key streams. -- Selection of a small value for j will require more cycles through - the encipherment algorithm per unit of plaintext and thus cause - greater processing overheads. -- Only multiples of j bits can be enciphered. -- OFB mode of operation does not extend ciphertext errors in the - resultant plaintext output. Every bit error in the ciphertext causes - only one bit to be in error in the deciphered plaintext. -- OFB mode is not self-synchronising. If the two operation of - encipherment and decipherment get out of synchronism, the system needs - to be re-initialised. -- Each re-initialisation should use a value of the start variable - different from the start variable values used before with the same - key. The reason for this is that an identical bit stream would be - produced each time from the same parameters. This would be - susceptible to a ' known plaintext' attack. - -Triple ECB Mode (des_ecb3_encrypt()) -- Encrypt with key1, decrypt with key2 and encrypt with key3 again. -- As for ECB encryption but increases the key length to 168 bits. - There are theoretic attacks that can be used that make the effective - key length 112 bits, but this attack also requires 2^56 blocks of - memory, not very likely, even for the NSA. -- If both keys are the same it is equivalent to encrypting once with - just one key. -- If the first and last key are the same, the key length is 112 bits. - There are attacks that could reduce the key space to 55 bit's but it - requires 2^56 blocks of memory. -- If all 3 keys are the same, this is effectively the same as normal - ecb mode. - -Triple CBC Mode (des_ede3_cbc_encrypt()) -- Encrypt with key1, decrypt with key2 and then encrypt with key3. -- As for CBC encryption but increases the key length to 168 bits with - the same restrictions as for triple ecb mode. diff --git a/linux/crypto/ciphers/des/des_crypt.man b/linux/crypto/ciphers/des/des_crypt.man deleted file mode 100644 index 0ecc41687..000000000 --- a/linux/crypto/ciphers/des/des_crypt.man +++ /dev/null @@ -1,508 +0,0 @@ -.TH DES_CRYPT 3 -.SH NAME -des_read_password, des_read_2password, -des_string_to_key, des_string_to_2key, des_read_pw_string, -des_random_key, des_set_key, -des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt, -des_3cbc_encrypt, -des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt, -des_cbc_cksum, des_quad_cksum, -des_enc_read, des_enc_write, des_set_odd_parity, -des_is_weak_key, crypt \- (non USA) DES encryption -.SH SYNOPSIS -.nf -.nj -.ft B -#include -.PP -.B int des_read_password(key,prompt,verify) -des_cblock *key; -char *prompt; -int verify; -.PP -.B int des_read_2password(key1,key2,prompt,verify) -des_cblock *key1,*key2; -char *prompt; -int verify; -.PP -.B int des_string_to_key(str,key) -char *str; -des_cblock *key; -.PP -.B int des_string_to_2keys(str,key1,key2) -char *str; -des_cblock *key1,*key2; -.PP -.B int des_read_pw_string(buf,length,prompt,verify) -char *buf; -int length; -char *prompt; -int verify; -.PP -.B int des_random_key(key) -des_cblock *key; -.PP -.B int des_set_key(key,schedule) -des_cblock *key; -des_key_schedule schedule; -.PP -.B int des_key_sched(key,schedule) -des_cblock *key; -des_key_schedule schedule; -.PP -.B int des_ecb_encrypt(input,output,schedule,encrypt) -des_cblock *input; -des_cblock *output; -des_key_schedule schedule; -int encrypt; -.PP -.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt) -des_cblock *input; -des_cblock *output; -des_key_schedule ks1,ks2; -int encrypt; -.PP -.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule schedule; -des_cblock *ivec; -int encrypt; -.PP -.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule sk1; -des_key_schedule sk2; -des_cblock *ivec1; -des_cblock *ivec2; -int encrypt; -.PP -.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule schedule; -des_cblock *ivec; -int encrypt; -.PP -.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt) -unsigned char *input; -unsigned char *output; -int numbits; -long length; -des_key_schedule schedule; -des_cblock *ivec; -int encrypt; -.PP -.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec) -unsigned char *input,*output; -int numbits; -long length; -des_key_schedule schedule; -des_cblock *ivec; -.PP -.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule schedule; -des_cblock *ivec; -.PP -.B unsigned long des_quad_cksum(input,output,length,out_count,seed) -des_cblock *input; -des_cblock *output; -long length; -int out_count; -des_cblock *seed; -.PP -.B int des_check_key; -.PP -.B int des_enc_read(fd,buf,len,sched,iv) -int fd; -char *buf; -int len; -des_key_schedule sched; -des_cblock *iv; -.PP -.B int des_enc_write(fd,buf,len,sched,iv) -int fd; -char *buf; -int len; -des_key_schedule sched; -des_cblock *iv; -.PP -.B extern int des_rw_mode; -.PP -.B void des_set_odd_parity(key) -des_cblock *key; -.PP -.B int des_is_weak_key(key) -des_cblock *key; -.PP -.B char *crypt(passwd,salt) -char *passwd; -char *salt; -.PP -.fi -.SH DESCRIPTION -This library contains a fast implementation of the DES encryption -algorithm. -.PP -There are two phases to the use of DES encryption. -The first is the generation of a -.I des_key_schedule -from a key, -the second is the actual encryption. -A des key is of type -.I des_cblock. -This type is made from 8 characters with odd parity. -The least significant bit in the character is the parity bit. -The key schedule is an expanded form of the key; it is used to speed the -encryption process. -.PP -.I des_read_password -writes the string specified by prompt to the standard output, -turns off echo and reads an input string from standard input -until terminated with a newline. -If verify is non-zero, it prompts and reads the input again and verifies -that both entered passwords are the same. -The entered string is converted into a des key by using the -.I des_string_to_key -routine. -The new key is placed in the -.I des_cblock -that was passed (by reference) to the routine. -If there were no errors, -.I des_read_password -returns 0, --1 is returned if there was a terminal error and 1 is returned for -any other error. -.PP -.I des_read_2password -operates in the same way as -.I des_read_password -except that it generates 2 keys by using the -.I des_string_to_2key -function. -.PP -.I des_read_pw_string -is called by -.I des_read_password -to read and verify a string from a terminal device. -The string is returned in -.I buf. -The size of -.I buf -is passed to the routine via the -.I length -parameter. -.PP -.I des_string_to_key -converts a string into a valid des key. -.PP -.I des_string_to_2key -converts a string into 2 valid des keys. -This routine is best suited for used to generate keys for use with -.I des_ecb3_encrypt. -.PP -.I des_random_key -returns a random key that is made of a combination of process id, -time and an increasing counter. -.PP -Before a des key can be used it is converted into a -.I des_key_schedule -via the -.I des_set_key -routine. -If the -.I des_check_key -flag is non-zero, -.I des_set_key -will check that the key passed is of odd parity and is not a week or -semi-weak key. -If the parity is wrong, -then -1 is returned. -If the key is a weak key, -then -2 is returned. -If an error is returned, -the key schedule is not generated. -.PP -.I des_key_sched -is another name for the -.I des_set_key -function. -.PP -The following routines mostly operate on an input and output stream of -.I des_cblock's. -.PP -.I des_ecb_encrypt -is the basic DES encryption routine that encrypts or decrypts a single 8-byte -.I des_cblock -in -.I electronic code book -mode. -It always transforms the input data, pointed to by -.I input, -into the output data, -pointed to by the -.I output -argument. -If the -.I encrypt -argument is non-zero (DES_ENCRYPT), -the -.I input -(cleartext) is encrypted in to the -.I output -(ciphertext) using the key_schedule specified by the -.I schedule -argument, -previously set via -.I des_set_key. -If -.I encrypt -is zero (DES_DECRYPT), -the -.I input -(now ciphertext) -is decrypted into the -.I output -(now cleartext). -Input and output may overlap. -No meaningful value is returned. -.PP -.I des_ecb3_encrypt -encrypts/decrypts the -.I input -block by using triple ecb DES encryption. -This involves encrypting the input with -.I ks1, -decryption with the key schedule -.I ks2, -and then encryption with the first again. -This routine greatly reduces the chances of brute force breaking of -DES and has the advantage of if -.I ks1 -and -.I ks2 -are the same, it is equivalent to just encryption using ecb mode and -.I ks1 -as the key. -.PP -.I des_cbc_encrypt -encrypts/decrypts using the -.I cipher-block-chaining -mode of DES. -If the -.I encrypt -argument is non-zero, -the routine cipher-block-chain encrypts the cleartext data pointed to by the -.I input -argument into the ciphertext pointed to by the -.I output -argument, -using the key schedule provided by the -.I schedule -argument, -and initialisation vector provided by the -.I ivec -argument. -If the -.I length -argument is not an integral multiple of eight bytes, -the last block is copied to a temporary area and zero filled. -The output is always -an integral multiple of eight bytes. -To make multiple cbc encrypt calls on a large amount of data appear to -be one -.I des_cbc_encrypt -call, the -.I ivec -of subsequent calls should be the last 8 bytes of the output. -.PP -.I des_3cbc_encrypt -encrypts/decrypts the -.I input -block by using triple cbc DES encryption. -This involves encrypting the input with key schedule -.I ks1, -decryption with the key schedule -.I ks2, -and then encryption with the first again. -2 initialisation vectors are required, -.I ivec1 -and -.I ivec2. -Unlike -.I des_cbc_encrypt, -these initialisation vectors are modified by the subroutine. -This routine greatly reduces the chances of brute force breaking of -DES and has the advantage of if -.I ks1 -and -.I ks2 -are the same, it is equivalent to just encryption using cbc mode and -.I ks1 -as the key. -.PP -.I des_pcbc_encrypt -encrypt/decrypts using a modified block chaining mode. -It provides better error propagation characteristics than cbc -encryption. -.PP -.I des_cfb_encrypt -encrypt/decrypts using cipher feedback mode. This method takes an -array of characters as input and outputs and array of characters. It -does not require any padding to 8 character groups. Note: the ivec -variable is changed and the new changed value needs to be passed to -the next call to this function. Since this function runs a complete -DES ecb encryption per numbits, this function is only suggested for -use when sending small numbers of characters. -.PP -.I des_ofb_encrypt -encrypt using output feedback mode. This method takes an -array of characters as input and outputs and array of characters. It -does not require any padding to 8 character groups. Note: the ivec -variable is changed and the new changed value needs to be passed to -the next call to this function. Since this function runs a complete -DES ecb encryption per numbits, this function is only suggested for -use when sending small numbers of characters. -.PP -.I des_cbc_cksum -produces an 8 byte checksum based on the input stream (via cbc encryption). -The last 4 bytes of the checksum is returned and the complete 8 bytes is -placed in -.I output. -.PP -.I des_quad_cksum -returns a 4 byte checksum from the input bytes. -The algorithm can be iterated over the input, -depending on -.I out_count, -1, 2, 3 or 4 times. -If -.I output -is non-NULL, -the 8 bytes generated by each pass are written into -.I output. -.PP -.I des_enc_write -is used to write -.I len -bytes -to file descriptor -.I fd -from buffer -.I buf. -The data is encrypted via -.I pcbc_encrypt -(default) using -.I sched -for the key and -.I iv -as a starting vector. -The actual data send down -.I fd -consists of 4 bytes (in network byte order) containing the length of the -following encrypted data. The encrypted data then follows, padded with random -data out to a multiple of 8 bytes. -.PP -.I des_enc_read -is used to read -.I len -bytes -from file descriptor -.I fd -into buffer -.I buf. -The data being read from -.I fd -is assumed to have come from -.I des_enc_write -and is decrypted using -.I sched -for the key schedule and -.I iv -for the initial vector. -The -.I des_enc_read/des_enc_write -pair can be used to read/write to files, pipes and sockets. -I have used them in implementing a version of rlogin in which all -data is encrypted. -.PP -.I des_rw_mode -is used to specify the encryption mode to use with -.I des_enc_read -and -.I des_end_write. -If set to -.I DES_PCBC_MODE -(the default), des_pcbc_encrypt is used. -If set to -.I DES_CBC_MODE -des_cbc_encrypt is used. -These two routines and the variable are not part of the normal MIT library. -.PP -.I des_set_odd_parity -sets the parity of the passed -.I key -to odd. This routine is not part of the standard MIT library. -.PP -.I des_is_weak_key -returns 1 is the passed key is a weak key (pick again :-), -0 if it is ok. -This routine is not part of the standard MIT library. -.PP -.I crypt -is a replacement for the normal system crypt. -It is much faster than the system crypt. -.PP -.SH FILES -/usr/include/des.h -.br -/usr/lib/libdes.a -.PP -The encryption routines have been tested on 16bit, 32bit and 64bit -machines of various endian and even works under VMS. -.PP -.SH BUGS -.PP -If you think this manual is sparse, -read the des_crypt(3) manual from the MIT kerberos (or bones outside -of the USA) distribution. -.PP -.I des_cfb_encrypt -and -.I des_ofb_encrypt -operates on input of 8 bits. What this means is that if you set -numbits to 12, and length to 2, the first 12 bits will come from the 1st -input byte and the low half of the second input byte. The second 12 -bits will have the low 8 bits taken from the 3rd input byte and the -top 4 bits taken from the 4th input byte. The same holds for output. -This function has been implemented this way because most people will -be using a multiple of 8 and because once you get into pulling bytes input -bytes apart things get ugly! -.PP -.I des_read_pw_string -is the most machine/OS dependent function and normally generates the -most problems when porting this code. -.PP -.I des_string_to_key -is probably different from the MIT version since there are lots -of fun ways to implement one-way encryption of a text string. -.PP -The routines are optimised for 32 bit machines and so are not efficient -on IBM PCs. -.PP -NOTE: extensive work has been done on this library since this document -was origionally written. Please try to read des.doc from the libdes -distribution since it is far more upto date and documents more of the -functions. Libdes is now also being shipped as part of SSLeay, a -general cryptographic library that amonst other things implements -netscapes SSL protocoll. The most recent version can be found in -SSLeay distributions. -.SH AUTHOR -Eric Young (eay@cryptsoft.com) diff --git a/linux/crypto/ciphers/des/des_enc.c b/linux/crypto/ciphers/des/des_enc.c deleted file mode 100644 index 1e1906d25..000000000 --- a/linux/crypto/ciphers/des/des_enc.c +++ /dev/null @@ -1,502 +0,0 @@ -/* crypto/des/des_enc.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_locl.h" - -void des_encrypt(data, ks, enc) -DES_LONG *data; -des_key_schedule ks; -int enc; - { - register DES_LONG l,r,t,u; -#ifdef DES_PTR - register unsigned char *des_SP=(unsigned char *)des_SPtrans; -#endif -#ifndef DES_UNROLL - register int i; -#endif - register DES_LONG *s; - - r=data[0]; - l=data[1]; - - IP(r,l); - /* Things have been modified so that the initial rotate is - * done outside the loop. This required the - * des_SPtrans values in sp.h to be rotated 1 bit to the right. - * One perl script later and things have a 5% speed up on a sparc2. - * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> - * for pointing this out. */ - /* clear the top bits on machines with 8byte longs */ - /* shift left by 2 */ - r=ROTATE(r,29)&0xffffffffL; - l=ROTATE(l,29)&0xffffffffL; - - s=(DES_LONG *)ks; - /* I don't know if it is worth the effort of loop unrolling the - * inner loop */ - if (enc) - { -#ifdef DES_UNROLL - D_ENCRYPT(l,r, 0); /* 1 */ - D_ENCRYPT(r,l, 2); /* 2 */ - D_ENCRYPT(l,r, 4); /* 3 */ - D_ENCRYPT(r,l, 6); /* 4 */ - D_ENCRYPT(l,r, 8); /* 5 */ - D_ENCRYPT(r,l,10); /* 6 */ - D_ENCRYPT(l,r,12); /* 7 */ - D_ENCRYPT(r,l,14); /* 8 */ - D_ENCRYPT(l,r,16); /* 9 */ - D_ENCRYPT(r,l,18); /* 10 */ - D_ENCRYPT(l,r,20); /* 11 */ - D_ENCRYPT(r,l,22); /* 12 */ - D_ENCRYPT(l,r,24); /* 13 */ - D_ENCRYPT(r,l,26); /* 14 */ - D_ENCRYPT(l,r,28); /* 15 */ - D_ENCRYPT(r,l,30); /* 16 */ -#else - for (i=0; i<32; i+=8) - { - D_ENCRYPT(l,r,i+0); /* 1 */ - D_ENCRYPT(r,l,i+2); /* 2 */ - D_ENCRYPT(l,r,i+4); /* 3 */ - D_ENCRYPT(r,l,i+6); /* 4 */ - } -#endif - } - else - { -#ifdef DES_UNROLL - D_ENCRYPT(l,r,30); /* 16 */ - D_ENCRYPT(r,l,28); /* 15 */ - D_ENCRYPT(l,r,26); /* 14 */ - D_ENCRYPT(r,l,24); /* 13 */ - D_ENCRYPT(l,r,22); /* 12 */ - D_ENCRYPT(r,l,20); /* 11 */ - D_ENCRYPT(l,r,18); /* 10 */ - D_ENCRYPT(r,l,16); /* 9 */ - D_ENCRYPT(l,r,14); /* 8 */ - D_ENCRYPT(r,l,12); /* 7 */ - D_ENCRYPT(l,r,10); /* 6 */ - D_ENCRYPT(r,l, 8); /* 5 */ - D_ENCRYPT(l,r, 6); /* 4 */ - D_ENCRYPT(r,l, 4); /* 3 */ - D_ENCRYPT(l,r, 2); /* 2 */ - D_ENCRYPT(r,l, 0); /* 1 */ -#else - for (i=30; i>0; i-=8) - { - D_ENCRYPT(l,r,i-0); /* 16 */ - D_ENCRYPT(r,l,i-2); /* 15 */ - D_ENCRYPT(l,r,i-4); /* 14 */ - D_ENCRYPT(r,l,i-6); /* 13 */ - } -#endif - } - - /* rotate and clear the top bits on machines with 8byte longs */ - l=ROTATE(l,3)&0xffffffffL; - r=ROTATE(r,3)&0xffffffffL; - - FP(r,l); - data[0]=l; - data[1]=r; - l=r=t=u=0; - } - -void des_encrypt2(data, ks, enc) -DES_LONG *data; -des_key_schedule ks; -int enc; - { - register DES_LONG l,r,t,u; -#ifdef DES_PTR - register unsigned char *des_SP=(unsigned char *)des_SPtrans; -#endif -#ifndef DES_UNROLL - register int i; -#endif - register DES_LONG *s; - - r=data[0]; - l=data[1]; - - /* Things have been modified so that the initial rotate is - * done outside the loop. This required the - * des_SPtrans values in sp.h to be rotated 1 bit to the right. - * One perl script later and things have a 5% speed up on a sparc2. - * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> - * for pointing this out. */ - /* clear the top bits on machines with 8byte longs */ - r=ROTATE(r,29)&0xffffffffL; - l=ROTATE(l,29)&0xffffffffL; - - s=(DES_LONG *)ks; - /* I don't know if it is worth the effort of loop unrolling the - * inner loop */ - if (enc) - { -#ifdef DES_UNROLL - D_ENCRYPT(l,r, 0); /* 1 */ - D_ENCRYPT(r,l, 2); /* 2 */ - D_ENCRYPT(l,r, 4); /* 3 */ - D_ENCRYPT(r,l, 6); /* 4 */ - D_ENCRYPT(l,r, 8); /* 5 */ - D_ENCRYPT(r,l,10); /* 6 */ - D_ENCRYPT(l,r,12); /* 7 */ - D_ENCRYPT(r,l,14); /* 8 */ - D_ENCRYPT(l,r,16); /* 9 */ - D_ENCRYPT(r,l,18); /* 10 */ - D_ENCRYPT(l,r,20); /* 11 */ - D_ENCRYPT(r,l,22); /* 12 */ - D_ENCRYPT(l,r,24); /* 13 */ - D_ENCRYPT(r,l,26); /* 14 */ - D_ENCRYPT(l,r,28); /* 15 */ - D_ENCRYPT(r,l,30); /* 16 */ -#else - for (i=0; i<32; i+=8) - { - D_ENCRYPT(l,r,i+0); /* 1 */ - D_ENCRYPT(r,l,i+2); /* 2 */ - D_ENCRYPT(l,r,i+4); /* 3 */ - D_ENCRYPT(r,l,i+6); /* 4 */ - } -#endif - } - else - { -#ifdef DES_UNROLL - D_ENCRYPT(l,r,30); /* 16 */ - D_ENCRYPT(r,l,28); /* 15 */ - D_ENCRYPT(l,r,26); /* 14 */ - D_ENCRYPT(r,l,24); /* 13 */ - D_ENCRYPT(l,r,22); /* 12 */ - D_ENCRYPT(r,l,20); /* 11 */ - D_ENCRYPT(l,r,18); /* 10 */ - D_ENCRYPT(r,l,16); /* 9 */ - D_ENCRYPT(l,r,14); /* 8 */ - D_ENCRYPT(r,l,12); /* 7 */ - D_ENCRYPT(l,r,10); /* 6 */ - D_ENCRYPT(r,l, 8); /* 5 */ - D_ENCRYPT(l,r, 6); /* 4 */ - D_ENCRYPT(r,l, 4); /* 3 */ - D_ENCRYPT(l,r, 2); /* 2 */ - D_ENCRYPT(r,l, 0); /* 1 */ -#else - for (i=30; i>0; i-=8) - { - D_ENCRYPT(l,r,i-0); /* 16 */ - D_ENCRYPT(r,l,i-2); /* 15 */ - D_ENCRYPT(l,r,i-4); /* 14 */ - D_ENCRYPT(r,l,i-6); /* 13 */ - } -#endif - } - /* rotate and clear the top bits on machines with 8byte longs */ - data[0]=ROTATE(l,3)&0xffffffffL; - data[1]=ROTATE(r,3)&0xffffffffL; - l=r=t=u=0; - } - -void des_encrypt3(data,ks1,ks2,ks3) -DES_LONG *data; -des_key_schedule ks1; -des_key_schedule ks2; -des_key_schedule ks3; - { - register DES_LONG l,r; - - l=data[0]; - r=data[1]; - IP(l,r); - data[0]=l; - data[1]=r; - des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT); - des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT); - des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT); - l=data[0]; - r=data[1]; - FP(r,l); - data[0]=l; - data[1]=r; - } - -void des_decrypt3(data,ks1,ks2,ks3) -DES_LONG *data; -des_key_schedule ks1; -des_key_schedule ks2; -des_key_schedule ks3; - { - register DES_LONG l,r; - - l=data[0]; - r=data[1]; - IP(l,r); - data[0]=l; - data[1]=r; - des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT); - des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT); - des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT); - l=data[0]; - r=data[1]; - FP(r,l); - data[0]=l; - data[1]=r; - } - -#ifndef DES_DEFAULT_OPTIONS - -void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) -des_cblock (*input); -des_cblock (*output); -long length; -des_key_schedule schedule; -des_cblock (*ivec); -int enc; - { - register DES_LONG tin0,tin1; - register DES_LONG tout0,tout1,xor0,xor1; - register unsigned char *in,*out; - register long l=length; - DES_LONG tin[2]; - unsigned char *iv; - - in=(unsigned char *)input; - out=(unsigned char *)output; - iv=(unsigned char *)ivec; - - if (enc) - { - c2l(iv,tout0); - c2l(iv,tout1); - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); - c2l(in,tin1); - tin0^=tout0; tin[0]=tin0; - tin1^=tout1; tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); - tout0=tin[0]; l2c(tout0,out); - tout1=tin[1]; l2c(tout1,out); - } - if (l != -8) - { - c2ln(in,tin0,tin1,l+8); - tin0^=tout0; tin[0]=tin0; - tin1^=tout1; tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); - tout0=tin[0]; l2c(tout0,out); - tout1=tin[1]; l2c(tout1,out); - } - iv=(unsigned char *)ivec; - l2c(tout0,iv); - l2c(tout1,iv); - } - else - { - c2l(iv,xor0); - c2l(iv,xor1); - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); tin[0]=tin0; - c2l(in,tin1); tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2c(tout0,out); - l2c(tout1,out); - xor0=tin0; - xor1=tin1; - } - if (l != -8) - { - c2l(in,tin0); tin[0]=tin0; - c2l(in,tin1); tin[1]=tin1; - des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2cn(tout0,tout1,out,l+8); - xor0=tin0; - xor1=tin1; - } - - iv=(unsigned char *)ivec; - l2c(xor0,iv); - l2c(xor1,iv); - } - tin0=tin1=tout0=tout1=xor0=xor1=0; - tin[0]=tin[1]=0; - } - -void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc) -des_cblock (*input); -des_cblock (*output); -long length; -des_key_schedule ks1; -des_key_schedule ks2; -des_key_schedule ks3; -des_cblock (*ivec); -int enc; - { - register DES_LONG tin0,tin1; - register DES_LONG tout0,tout1,xor0,xor1; - register unsigned char *in,*out; - register long l=length; - DES_LONG tin[2]; - unsigned char *iv; - - in=(unsigned char *)input; - out=(unsigned char *)output; - iv=(unsigned char *)ivec; - - if (enc) - { - c2l(iv,tout0); - c2l(iv,tout1); - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); - c2l(in,tin1); - tin0^=tout0; - tin1^=tout1; - - tin[0]=tin0; - tin[1]=tin1; - des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); - tout0=tin[0]; - tout1=tin[1]; - - l2c(tout0,out); - l2c(tout1,out); - } - if (l != -8) - { - c2ln(in,tin0,tin1,l+8); - tin0^=tout0; - tin1^=tout1; - - tin[0]=tin0; - tin[1]=tin1; - des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); - tout0=tin[0]; - tout1=tin[1]; - - l2c(tout0,out); - l2c(tout1,out); - } - iv=(unsigned char *)ivec; - l2c(tout0,iv); - l2c(tout1,iv); - } - else - { - register DES_LONG t0,t1; - - c2l(iv,xor0); - c2l(iv,xor1); - for (l-=8; l>=0; l-=8) - { - c2l(in,tin0); - c2l(in,tin1); - - t0=tin0; - t1=tin1; - - tin[0]=tin0; - tin[1]=tin1; - des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); - tout0=tin[0]; - tout1=tin[1]; - - tout0^=xor0; - tout1^=xor1; - l2c(tout0,out); - l2c(tout1,out); - xor0=t0; - xor1=t1; - } - if (l != -8) - { - c2l(in,tin0); - c2l(in,tin1); - - t0=tin0; - t1=tin1; - - tin[0]=tin0; - tin[1]=tin1; - des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); - tout0=tin[0]; - tout1=tin[1]; - - tout0^=xor0; - tout1^=xor1; - l2cn(tout0,tout1,out,l+8); - xor0=t0; - xor1=t1; - } - - iv=(unsigned char *)ivec; - l2c(xor0,iv); - l2c(xor1,iv); - } - tin0=tin1=tout0=tout1=xor0=xor1=0; - tin[0]=tin[1]=0; - } - -#endif /* DES_DEFAULT_OPTIONS */ diff --git a/linux/crypto/ciphers/des/des_locl.h b/linux/crypto/ciphers/des/des_locl.h deleted file mode 100644 index 020d6b7ca..000000000 --- a/linux/crypto/ciphers/des/des_locl.h +++ /dev/null @@ -1,515 +0,0 @@ -/* crypto/des/des_locl.org */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * Always modify des_locl.org since des_locl.h is automatically generated from - * it during SSLeay configuration. - * - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - -#ifndef HEADER_DES_LOCL_H -#define HEADER_DES_LOCL_H - -#if defined(WIN32) || defined(WIN16) -#ifndef MSDOS -#define MSDOS -#endif -#endif - -#include "crypto/des.h" - -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#define DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#define DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#define DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ - #define DES_PTR - #define DES_RISC1 - #define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ - #define DES_PTR - #define DES_RISC2 - #define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ - #define DES_PTR - #define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ - #define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ - #define DES_PTR - #define DES_RISC2 - #define DES_UNROLL -#elif defined( i386 ) /* x86 boxes, should be gcc */ - #define DES_PTR - #define DES_RISC1 - #define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ - -#ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */ -#include -#include -#include -#include -#ifndef RAND -#define RAND -#endif -#undef NOPROTO -#endif - -#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS) -#ifndef __KERNEL__ -#include -#else -#include -#endif -#endif - -#ifndef RAND -#define RAND -#endif - -#ifdef linux -#undef RAND -#endif - -#ifdef MSDOS -#define getpid() 2 -#define RAND -#undef NOPROTO -#endif - -#if defined(NOCONST) -#define const -#endif - -#ifdef __STDC__ -#undef NOPROTO -#endif - -#ifdef RAND -#define srandom(s) srand(s) -#define random rand -#endif - -#define ITERATIONS 16 -#define HALF_ITERATIONS 8 - -/* used in des_read and des_write */ -#define MAXWRITE (1024*16) -#define BSIZE (MAXWRITE+4) - -#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ - case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ - case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ - case 5: l2|=((DES_LONG)(*(--(c)))); \ - case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ - case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ - case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ - case 1: l1|=((DES_LONG)(*(--(c)))); \ - } \ - } - -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* replacements for htonl and ntohl since I have no idea what to do - * when faced with machines with 8 byte longs. */ -#define HDRSIZE 4 - -#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))) - -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -#if defined(WIN32) -#define ROTATE(a,n) (_lrotr(a,n)) -#else -#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) -#endif - -/* Don't worry about the LOAD_DATA() stuff, that is used by - * fcrypt() to add it's little bit to the front */ - -#ifdef DES_FCRYPT - -#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ - { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } - -#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ - t=R^(R>>16L); \ - u=t&E0; t&=E1; \ - tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ - tmp=(t<<16); t^=R^s[S+1]; t^=tmp -#else -#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) -#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ - u=R^s[S ]; \ - t=R^s[S+1] -#endif - -/* The changes to this macro may help or hinder, depending on the - * compiler and the achitecture. gcc2 always seems to do well :-). - * Inspired by Dana How - * DO NOT use the alternative version on machines with 8 byte longs. - * It does not seem to work on the Alpha, even when DES_LONG is 4 - * bytes, probably an issue of accessing non-word aligned objects :-( */ -#ifdef DES_PTR - -/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there - * is no reason to not xor all the sub items together. This potentially - * saves a register since things can be xored directly into L */ - -#if defined(DES_RISC1) || defined(DES_RISC2) -#ifdef DES_RISC1 -#define D_ENCRYPT(LL,R,S) { \ - unsigned int u1,u2,u3; \ - LOAD_DATA(R,S,u,t,E0,E1,u1); \ - u2=(int)u>>8L; \ - u1=(int)u&0xfc; \ - u2&=0xfc; \ - t=ROTATE(t,4); \ - u>>=16L; \ - LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ - u3=(int)(u>>8L); \ - u1=(int)u&0xfc; \ - u3&=0xfc; \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \ - u2=(int)t>>8L; \ - u1=(int)t&0xfc; \ - u2&=0xfc; \ - t>>=16L; \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ - u3=(int)t>>8L; \ - u1=(int)t&0xfc; \ - u3&=0xfc; \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); } -#endif -#ifdef DES_RISC2 -#define D_ENCRYPT(LL,R,S) { \ - unsigned int u1,u2,s1,s2; \ - LOAD_DATA(R,S,u,t,E0,E1,u1); \ - u2=(int)u>>8L; \ - u1=(int)u&0xfc; \ - u2&=0xfc; \ - t=ROTATE(t,4); \ - LL^= *(DES_LONG *)((unsigned char *)des_SP +u1); \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \ - s1=(int)(u>>16L); \ - s2=(int)(u>>24L); \ - s1&=0xfc; \ - s2&=0xfc; \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \ - u2=(int)t>>8L; \ - u1=(int)t&0xfc; \ - u2&=0xfc; \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \ - s1=(int)(t>>16L); \ - s2=(int)(t>>24L); \ - s1&=0xfc; \ - s2&=0xfc; \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \ - LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); } -#endif -#else -#define D_ENCRYPT(LL,R,S) { \ - LOAD_DATA_tmp(R,S,u,t,E0,E1); \ - t=ROTATE(t,4); \ - LL^= \ - *(DES_LONG *)((unsigned char *)des_SP +((u )&0xfc))^ \ - *(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \ - *(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \ - *(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \ - *(DES_LONG *)((unsigned char *)des_SP+0x100+((t )&0xfc))^ \ - *(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \ - *(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \ - *(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); } -#endif - -#else /* original version */ - -#if defined(DES_RISC1) || defined(DES_RISC2) -#ifdef DES_RISC1 -#define D_ENCRYPT(LL,R,S) {\ - unsigned int u1,u2,u3; \ - LOAD_DATA(R,S,u,t,E0,E1,u1); \ - u>>=2L; \ - t=ROTATE(t,6); \ - u2=(int)u>>8L; \ - u1=(int)u&0x3f; \ - u2&=0x3f; \ - u>>=16L; \ - LL^=des_SPtrans[0][u1]; \ - LL^=des_SPtrans[2][u2]; \ - u3=(int)u>>8L; \ - u1=(int)u&0x3f; \ - u3&=0x3f; \ - LL^=des_SPtrans[4][u1]; \ - LL^=des_SPtrans[6][u3]; \ - u2=(int)t>>8L; \ - u1=(int)t&0x3f; \ - u2&=0x3f; \ - t>>=16L; \ - LL^=des_SPtrans[1][u1]; \ - LL^=des_SPtrans[3][u2]; \ - u3=(int)t>>8L; \ - u1=(int)t&0x3f; \ - u3&=0x3f; \ - LL^=des_SPtrans[5][u1]; \ - LL^=des_SPtrans[7][u3]; } -#endif -#ifdef DES_RISC2 -#define D_ENCRYPT(LL,R,S) {\ - unsigned int u1,u2,s1,s2; \ - LOAD_DATA(R,S,u,t,E0,E1,u1); \ - u>>=2L; \ - t=ROTATE(t,6); \ - u2=(int)u>>8L; \ - u1=(int)u&0x3f; \ - u2&=0x3f; \ - LL^=des_SPtrans[0][u1]; \ - LL^=des_SPtrans[2][u2]; \ - s1=(int)u>>16L; \ - s2=(int)u>>24L; \ - s1&=0x3f; \ - s2&=0x3f; \ - LL^=des_SPtrans[4][s1]; \ - LL^=des_SPtrans[6][s2]; \ - u2=(int)t>>8L; \ - u1=(int)t&0x3f; \ - u2&=0x3f; \ - LL^=des_SPtrans[1][u1]; \ - LL^=des_SPtrans[3][u2]; \ - s1=(int)t>>16; \ - s2=(int)t>>24L; \ - s1&=0x3f; \ - s2&=0x3f; \ - LL^=des_SPtrans[5][s1]; \ - LL^=des_SPtrans[7][s2]; } -#endif - -#else - -#define D_ENCRYPT(LL,R,S) {\ - LOAD_DATA_tmp(R,S,u,t,E0,E1); \ - t=ROTATE(t,4); \ - LL^=\ - des_SPtrans[0][(u>> 2L)&0x3f]^ \ - des_SPtrans[2][(u>>10L)&0x3f]^ \ - des_SPtrans[4][(u>>18L)&0x3f]^ \ - des_SPtrans[6][(u>>26L)&0x3f]^ \ - des_SPtrans[1][(t>> 2L)&0x3f]^ \ - des_SPtrans[3][(t>>10L)&0x3f]^ \ - des_SPtrans[5][(t>>18L)&0x3f]^ \ - des_SPtrans[7][(t>>26L)&0x3f]; } -#endif -#endif - - /* IP and FP - * The problem is more of a geometric problem that random bit fiddling. - 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 - 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 - 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 - 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 - - 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 - 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 - 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 - 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 - - The output has been subject to swaps of the form - 0 1 -> 3 1 but the odd and even bits have been put into - 2 3 2 0 - different words. The main trick is to remember that - t=((l>>size)^r)&(mask); - r^=t; - l^=(t<>(n))^(b))&(m)),\ - (b)^=(t),\ - (a)^=((t)<<(n))) - -#define IP(l,r) \ - { \ - register DES_LONG tt; \ - PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ - PERM_OP(l,r,tt,16,0x0000ffffL); \ - PERM_OP(r,l,tt, 2,0x33333333L); \ - PERM_OP(l,r,tt, 8,0x00ff00ffL); \ - PERM_OP(r,l,tt, 1,0x55555555L); \ - } - -#define FP(l,r) \ - { \ - register DES_LONG tt; \ - PERM_OP(l,r,tt, 1,0x55555555L); \ - PERM_OP(r,l,tt, 8,0x00ff00ffL); \ - PERM_OP(l,r,tt, 2,0x33333333L); \ - PERM_OP(r,l,tt,16,0x0000ffffL); \ - PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ - } - -extern const DES_LONG des_SPtrans[8][64]; - -#ifndef NOPROTO -void fcrypt_body(DES_LONG *out,des_key_schedule ks, - DES_LONG Eswap0, DES_LONG Eswap1); -#else -void fcrypt_body(); -#endif - -#endif diff --git a/linux/crypto/ciphers/des/des_opts.c b/linux/crypto/ciphers/des/des_opts.c deleted file mode 100644 index b6693c405..000000000 --- a/linux/crypto/ciphers/des/des_opts.c +++ /dev/null @@ -1,620 +0,0 @@ -/* crypto/des/des_opts.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* define PART1, PART2, PART3 or PART4 to build only with a few of the options. - * This is for machines with 64k code segment size restrictions. */ - -#ifndef MSDOS -#define TIMES -#endif - -#include -#ifndef MSDOS -#include -#else -#include -extern void exit(); -#endif -#include -#ifndef VMS -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif -#else /* VMS */ -#include -struct tms { - time_t tms_utime; - time_t tms_stime; - time_t tms_uchild; /* I dunno... */ - time_t tms_uchildsys; /* so these names are a guess :-) */ - } -#endif -#ifndef TIMES -#include -#endif - -#ifdef sun -#include -#include -#endif - -#include "des_locl.h" -#include "spr.h" - -#define DES_DEFAULT_OPTIONS - -#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4) -#define PART1 -#define PART2 -#define PART3 -#define PART4 -#endif - -#ifdef PART1 - -#undef DES_UNROLL -#undef DES_RISC1 -#undef DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#define des_encrypt des_encrypt_u4_cisc_idx -#define des_encrypt2 des_encrypt2_u4_cisc_idx -#define des_encrypt3 des_encrypt3_u4_cisc_idx -#define des_decrypt3 des_decrypt3_u4_cisc_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#undef DES_RISC1 -#undef DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u16_cisc_idx -#define des_encrypt2 des_encrypt2_u16_cisc_idx -#define des_encrypt3 des_encrypt3_u16_cisc_idx -#define des_decrypt3 des_decrypt3_u16_cisc_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#undef DES_UNROLL -#define DES_RISC1 -#undef DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc1_idx -#define des_encrypt2 des_encrypt2_u4_risc1_idx -#define des_encrypt3 des_encrypt3_u4_risc1_idx -#define des_decrypt3 des_decrypt3_u4_risc1_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#endif - -#ifdef PART2 - -#undef DES_UNROLL -#undef DES_RISC1 -#define DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc2_idx -#define des_encrypt2 des_encrypt2_u4_risc2_idx -#define des_encrypt3 des_encrypt3_u4_risc2_idx -#define des_decrypt3 des_decrypt3_u4_risc2_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#define DES_RISC1 -#undef DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc1_idx -#define des_encrypt2 des_encrypt2_u16_risc1_idx -#define des_encrypt3 des_encrypt3_u16_risc1_idx -#define des_decrypt3 des_decrypt3_u16_risc1_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#undef DES_RISC1 -#define DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc2_idx -#define des_encrypt2 des_encrypt2_u16_risc2_idx -#define des_encrypt3 des_encrypt3_u16_risc2_idx -#define des_decrypt3 des_decrypt3_u16_risc2_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#endif - -#ifdef PART3 - -#undef DES_UNROLL -#undef DES_RISC1 -#undef DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u4_cisc_ptr -#define des_encrypt2 des_encrypt2_u4_cisc_ptr -#define des_encrypt3 des_encrypt3_u4_cisc_ptr -#define des_decrypt3 des_decrypt3_u4_cisc_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#undef DES_RISC1 -#undef DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u16_cisc_ptr -#define des_encrypt2 des_encrypt2_u16_cisc_ptr -#define des_encrypt3 des_encrypt3_u16_cisc_ptr -#define des_decrypt3 des_decrypt3_u16_cisc_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#undef DES_UNROLL -#define DES_RISC1 -#undef DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc1_ptr -#define des_encrypt2 des_encrypt2_u4_risc1_ptr -#define des_encrypt3 des_encrypt3_u4_risc1_ptr -#define des_decrypt3 des_decrypt3_u4_risc1_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#endif - -#ifdef PART4 - -#undef DES_UNROLL -#undef DES_RISC1 -#define DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u4_risc2_ptr -#define des_encrypt2 des_encrypt2_u4_risc2_ptr -#define des_encrypt3 des_encrypt3_u4_risc2_ptr -#define des_decrypt3 des_decrypt3_u4_risc2_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#define DES_RISC1 -#undef DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc1_ptr -#define des_encrypt2 des_encrypt2_u16_risc1_ptr -#define des_encrypt3 des_encrypt3_u16_risc1_ptr -#define des_decrypt3 des_decrypt3_u16_risc1_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#undef DES_RISC1 -#define DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef des_encrypt -#undef des_encrypt2 -#undef des_encrypt3 -#undef des_decrypt3 -#define des_encrypt des_encrypt_u16_risc2_ptr -#define des_encrypt2 des_encrypt2_u16_risc2_ptr -#define des_encrypt3 des_encrypt3_u16_risc2_ptr -#define des_decrypt3 des_decrypt3_u16_risc2_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#endif - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */ -# ifndef VMS -# define HZ 100.0 -# else /* VMS */ -# define HZ 100.0 -# endif -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -#ifndef NOPROTO -double Time_F(int s); -#else -double Time_F(); -#endif - -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -#ifndef NOPROTO -SIGRETTYPE sig_done(int sig); -#else -SIGRETTYPE sig_done(); -#endif - -SIGRETTYPE sig_done(sig) -int sig; - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(s) -int s; - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -#ifdef SIGALRM -#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10); -#else -#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb); -#endif - -#define time_it(func,name,index) \ - print_name(name); \ - Time_F(START); \ - for (count=0,run=1; COND(cb); count++) \ - { \ - unsigned long d[2]; \ - func(d,&(sch[0]),DES_ENCRYPT); \ - } \ - tm[index]=Time_F(STOP); \ - fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \ - tm[index]=((double)COUNT(cb))/tm[index]; - -#define print_it(name,index) \ - fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \ - tm[index]*8,1.0e6/tm[index]); - -int main(argc,argv) -int argc; -char **argv; - { - long count; - static unsigned char buf[BUFSIZE]; - static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; - static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; - static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; - des_key_schedule sch,sch2,sch3; - double d,tm[16],max=0; - int rank[16]; - char *str[16]; - int max_idx=0,i,num=0,j; -#ifndef SIGALARM - long ca,cb,cc,cd,ce; -#endif - - for (i=0; i<12; i++) - { - tm[i]=0.0; - rank[i]=0; - } - -#ifndef TIMES - fprintf(stderr,"To get the most acurate results, try to run this\n"); - fprintf(stderr,"program when this computer is idle.\n"); -#endif - - des_set_key((C_Block *)key,sch); - des_set_key((C_Block *)key2,sch2); - des_set_key((C_Block *)key3,sch3); - -#ifndef SIGALRM - fprintf(stderr,"First we calculate the approximate speed ...\n"); - des_set_key((C_Block *)key,sch); - count=10; - do { - long i; - unsigned long data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - des_encrypt(data,&(sch[0]),DES_ENCRYPT); - d=Time_F(STOP); - } while (d < 3.0); - ca=count; - cb=count*3; - cc=count*3*8/BUFSIZE+1; - cd=count*8/BUFSIZE+1; - - ce=count/20+1; -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - alarm(10); -#endif - -#ifdef PART1 - time_it(des_encrypt_u4_cisc_idx, "des_encrypt_u4_cisc_idx ", 0); - time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1); - time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2); - num+=3; -#endif -#ifdef PART2 - time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3); - time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4); - time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5); - num+=3; -#endif -#ifdef PART3 - time_it(des_encrypt_u4_cisc_ptr, "des_encrypt_u4_cisc_ptr ", 6); - time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7); - time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8); - num+=3; -#endif -#ifdef PART4 - time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9); - time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10); - time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11); - num+=3; -#endif - -#ifdef PART1 - str[0]=" 4 c i"; - print_it("des_encrypt_u4_cisc_idx ",0); - max=tm[0]; - max_idx=0; - str[1]="16 c i"; - print_it("des_encrypt_u16_cisc_idx ",1); - if (max < tm[1]) { max=tm[1]; max_idx=1; } - str[2]=" 4 r1 i"; - print_it("des_encrypt_u4_risc1_idx ",2); - if (max < tm[2]) { max=tm[2]; max_idx=2; } -#endif -#ifdef PART2 - str[3]="16 r1 i"; - print_it("des_encrypt_u16_risc1_idx",3); - if (max < tm[3]) { max=tm[3]; max_idx=3; } - str[4]=" 4 r2 i"; - print_it("des_encrypt_u4_risc2_idx ",4); - if (max < tm[4]) { max=tm[4]; max_idx=4; } - str[5]="16 r2 i"; - print_it("des_encrypt_u16_risc2_idx",5); - if (max < tm[5]) { max=tm[5]; max_idx=5; } -#endif -#ifdef PART3 - str[6]=" 4 c p"; - print_it("des_encrypt_u4_cisc_ptr ",6); - if (max < tm[6]) { max=tm[6]; max_idx=6; } - str[7]="16 c p"; - print_it("des_encrypt_u16_cisc_ptr ",7); - if (max < tm[7]) { max=tm[7]; max_idx=7; } - str[8]=" 4 r1 p"; - print_it("des_encrypt_u4_risc1_ptr ",8); - if (max < tm[8]) { max=tm[8]; max_idx=8; } -#endif -#ifdef PART4 - str[9]="16 r1 p"; - print_it("des_encrypt_u16_risc1_ptr",9); - if (max < tm[9]) { max=tm[9]; max_idx=9; } - str[10]=" 4 r2 p"; - print_it("des_encrypt_u4_risc2_ptr ",10); - if (max < tm[10]) { max=tm[10]; max_idx=10; } - str[11]="16 r2 p"; - print_it("des_encrypt_u16_risc2_ptr",11); - if (max < tm[11]) { max=tm[11]; max_idx=11; } -#endif - printf("options des ecb/s\n"); - printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]); - d=tm[max_idx]; - tm[max_idx]= -2.0; - max= -1.0; - for (;;) - { - for (i=0; i<12; i++) - { - if (max < tm[i]) { max=tm[i]; j=i; } - } - if (max < 0.0) break; - printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0); - tm[j]= -2.0; - max= -1.0; - } - - switch (max_idx) - { - case 0: - printf("-DDES_DEFAULT_OPTIONS\n"); - break; - case 1: - printf("-DDES_UNROLL\n"); - break; - case 2: - printf("-DDES_RISC1\n"); - break; - case 3: - printf("-DDES_UNROLL -DDES_RISC1\n"); - break; - case 4: - printf("-DDES_RISC2\n"); - break; - case 5: - printf("-DDES_UNROLL -DDES_RISC2\n"); - break; - case 6: - printf("-DDES_PTR\n"); - break; - case 7: - printf("-DDES_UNROLL -DDES_PTR\n"); - break; - case 8: - printf("-DDES_RISC1 -DDES_PTR\n"); - break; - case 9: - printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n"); - break; - case 10: - printf("-DDES_RISC2 -DDES_PTR\n"); - break; - case 11: - printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n"); - break; - } - exit(0); -#if defined(LINT) || defined(MSDOS) - return(0); -#endif - } diff --git a/linux/crypto/ciphers/des/des_ver.h b/linux/crypto/ciphers/des/des_ver.h deleted file mode 100644 index 98352bc0d..000000000 --- a/linux/crypto/ciphers/des/des_ver.h +++ /dev/null @@ -1,60 +0,0 @@ -/* crypto/des/des_ver.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -extern char *DES_version; /* SSLeay version string */ -extern char *libdes_version; /* old libdes version string */ diff --git a/linux/crypto/ciphers/des/destest.c b/linux/crypto/ciphers/des/destest.c deleted file mode 100644 index ae896499e..000000000 --- a/linux/crypto/ciphers/des/destest.c +++ /dev/null @@ -1,871 +0,0 @@ -/* crypto/des/destest.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#if defined(WIN32) || defined(WIN16) || defined(WINDOWS) -#ifndef MSDOS -#define MSDOS -#endif -#endif - -#include -#include -#ifndef MSDOS -#include -#else -#include -#endif -#include -#include "des_locl.h" - -/* tisk tisk - the test keys don't all have odd parity :-( */ -/* test data */ -#define NUM_TESTS 34 -static unsigned char key_data[NUM_TESTS][8]={ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}, - {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57}, - {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E}, - {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86}, - {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E}, - {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6}, - {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE}, - {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6}, - {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE}, - {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16}, - {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F}, - {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46}, - {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E}, - {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76}, - {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07}, - {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F}, - {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7}, - {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF}, - {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6}, - {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF}, - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, - {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, - {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}}; - -static unsigned char plain_data[NUM_TESTS][8]={ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42}, - {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA}, - {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72}, - {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A}, - {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2}, - {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A}, - {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2}, - {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A}, - {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02}, - {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A}, - {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32}, - {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA}, - {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62}, - {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2}, - {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA}, - {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92}, - {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A}, - {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2}, - {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}}; - -static unsigned char cipher_data[NUM_TESTS][8]={ - {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, - {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58}, - {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B}, - {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33}, - {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D}, - {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD}, - {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, - {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4}, - {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B}, - {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71}, - {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A}, - {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A}, - {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95}, - {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B}, - {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09}, - {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A}, - {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F}, - {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88}, - {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77}, - {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A}, - {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56}, - {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56}, - {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56}, - {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC}, - {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A}, - {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41}, - {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93}, - {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00}, - {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06}, - {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7}, - {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51}, - {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE}, - {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D}, - {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}}; - -static unsigned char cipher_ecb2[NUM_TESTS-1][8]={ - {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E}, - {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16}, - {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27}, - {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6}, - {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25}, - {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A}, - {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74}, - {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6}, - {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67}, - {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10}, - {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85}, - {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA}, - {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3}, - {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3}, - {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A}, - {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69}, - {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1}, - {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7}, - {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F}, - {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87}, - {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A}, - {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE}, - {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3}, - {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD}, - {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84}, - {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85}, - {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC}, - {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89}, - {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E}, - {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89}, - {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7}, - {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8}, - {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}}; - -static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; -static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; -static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; -static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; -static char cbc_data[40]="7654321 Now is the time for \0001"; - -static unsigned char cbc_ok[32]={ - 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, - 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb, - 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68, - 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; - -static unsigned char xcbc_ok[32]={ - 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48, - 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD, - 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76, - 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2, - }; - -static unsigned char cbc3_ok[32]={ - 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0, - 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC, - 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4, - 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75}; - -static unsigned char pcbc_ok[32]={ - 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, - 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15, - 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f, - 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88}; - -static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; -static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; -static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; -static unsigned char plain[24]= - { - 0x4e,0x6f,0x77,0x20,0x69,0x73, - 0x20,0x74,0x68,0x65,0x20,0x74, - 0x69,0x6d,0x65,0x20,0x66,0x6f, - 0x72,0x20,0x61,0x6c,0x6c,0x20 - }; -static unsigned char cfb_cipher8[24]= { - 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8, - 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 }; -static unsigned char cfb_cipher16[24]={ - 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70, - 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B }; -static unsigned char cfb_cipher32[24]={ - 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD, - 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 }; -static unsigned char cfb_cipher48[24]={ - 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85, - 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F }; -static unsigned char cfb_cipher64[24]={ - 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B, - 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 }; - -static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; -static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; -static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8]; -static unsigned char ofb_cipher[24]= - { - 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51, - 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f, - 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 - }; - -DES_LONG cbc_cksum_ret=0xB462FEF7L; -unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; - -#ifndef NOPROTO -static char *pt(unsigned char *p); -static int cfb_test(int bits, unsigned char *cfb_cipher); -static int cfb64_test(unsigned char *cfb_cipher); -static int ede_cfb64_test(unsigned char *cfb_cipher); -#else -static char *pt(); -static int cfb_test(); -static int cfb64_test(); -static int ede_cfb64_test(); -#endif - -int main(argc,argv) -int argc; -char *argv[]; - { - int i,j,err=0; - des_cblock in,out,outin,iv3; - des_key_schedule ks,ks2,ks3; - unsigned char cbc_in[40]; - unsigned char cbc_out[40]; - DES_LONG cs; - unsigned char qret[4][4],cret[8]; - DES_LONG lqret[4]; - int num; - char *str; - - printf("Doing ecb\n"); - for (i=0; i>4)&0xf]; - ret[i*2+1]=f[p[i]&0xf]; - } - ret[16]='\0'; - return(ret); - } - -#ifndef LIBDES_LIT - -static int cfb_test(bits, cfb_cipher) -int bits; -unsigned char *cfb_cipher; - { - des_key_schedule ks; - int i,err=0; - - des_key_sched((C_Block *)cfb_key,ks); - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks, - (C_Block *)cfb_tmp,DES_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt encrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks, - (C_Block *)cfb_tmp,DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt decrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - return(err); - } - -static int cfb64_test(cfb_cipher) -unsigned char *cfb_cipher; - { - des_key_schedule ks; - int err=0,i,n; - - des_key_sched((C_Block *)cfb_key,ks); - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks, - (C_Block *)cfb_tmp,&n,DES_ENCRYPT); - des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), - (long)sizeof(plain)-12,ks, - (C_Block *)cfb_tmp,&n,DES_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt encrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks, - (C_Block *)cfb_tmp,&n,DES_DECRYPT); - des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - (long)sizeof(plain)-17,ks, - (C_Block *)cfb_tmp,&n,DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt decrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf2[i]))); - } - return(err); - } - -static int ede_cfb64_test(cfb_cipher) -unsigned char *cfb_cipher; - { - des_key_schedule ks; - int err=0,i,n; - - des_key_sched((C_Block *)cfb_key,ks); - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks, - (C_Block *)cfb_tmp,&n,DES_ENCRYPT); - des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), - (long)sizeof(plain)-12,ks,ks,ks, - (C_Block *)cfb_tmp,&n,DES_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) - { - err=1; - printf("ede_cfb_encrypt encrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks, - (C_Block *)cfb_tmp,&n,DES_DECRYPT); - des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - (long)sizeof(plain)-17,ks,ks,ks, - (C_Block *)cfb_tmp,&n,DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - err=1; - printf("ede_cfb_encrypt decrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf2[i]))); - } - return(err); - } - -#endif - diff --git a/linux/crypto/ciphers/des/dx86unix.S b/linux/crypto/ciphers/des/dx86unix.S deleted file mode 100644 index 31dc0d0e1..000000000 --- a/linux/crypto/ciphers/des/dx86unix.S +++ /dev/null @@ -1,3160 +0,0 @@ -/* - * This file was originally generated by Michael Richardson - * via the perl scripts found in the ASM subdir. It remains copyright of - * Eric Young, see the file COPYRIGHT. - * - * This was last done on October 9, 2002. - * - * While this file does not need to go through cpp, we pass it through - * CPP by naming it dx86unix.S instead of dx86unix.s because there is - * a bug in Rules.make for .s builds - specifically it references EXTRA_CFLAGS - * which may contain stuff that AS doesn't understand instead of - * referencing EXTRA_AFLAGS. - */ - - .file "dx86unix.S" - .version "01.01" -.text - .align 16 -.globl des_encrypt - .type des_encrypt , @function -des_encrypt: - pushl %esi - pushl %edi - - - movl 12(%esp), %esi - xorl %ecx, %ecx - pushl %ebx - pushl %ebp - movl (%esi), %eax - movl 28(%esp), %ebx - movl 4(%esi), %edi - - - roll $4, %eax - movl %eax, %esi - xorl %edi, %eax - andl $0xf0f0f0f0, %eax - xorl %eax, %esi - xorl %eax, %edi - - roll $20, %edi - movl %edi, %eax - xorl %esi, %edi - andl $0xfff0000f, %edi - xorl %edi, %eax - xorl %edi, %esi - - roll $14, %eax - movl %eax, %edi - xorl %esi, %eax - andl $0x33333333, %eax - xorl %eax, %edi - xorl %eax, %esi - - roll $22, %esi - movl %esi, %eax - xorl %edi, %esi - andl $0x03fc03fc, %esi - xorl %esi, %eax - xorl %esi, %edi - - roll $9, %eax - movl %eax, %esi - xorl %edi, %eax - andl $0xaaaaaaaa, %eax - xorl %eax, %esi - xorl %eax, %edi - -.byte 209 -.byte 199 - movl 24(%esp), %ebp - cmpl $0, %ebx - je .L000start_decrypt - - - movl (%ebp), %eax - xorl %ebx, %ebx - movl 4(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 8(%ebp), %eax - xorl %ebx, %ebx - movl 12(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 16(%ebp), %eax - xorl %ebx, %ebx - movl 20(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 24(%ebp), %eax - xorl %ebx, %ebx - movl 28(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 32(%ebp), %eax - xorl %ebx, %ebx - movl 36(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 40(%ebp), %eax - xorl %ebx, %ebx - movl 44(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 48(%ebp), %eax - xorl %ebx, %ebx - movl 52(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 56(%ebp), %eax - xorl %ebx, %ebx - movl 60(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 64(%ebp), %eax - xorl %ebx, %ebx - movl 68(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 72(%ebp), %eax - xorl %ebx, %ebx - movl 76(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 80(%ebp), %eax - xorl %ebx, %ebx - movl 84(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 88(%ebp), %eax - xorl %ebx, %ebx - movl 92(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 96(%ebp), %eax - xorl %ebx, %ebx - movl 100(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 104(%ebp), %eax - xorl %ebx, %ebx - movl 108(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 112(%ebp), %eax - xorl %ebx, %ebx - movl 116(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 120(%ebp), %eax - xorl %ebx, %ebx - movl 124(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - jmp .L001end -.L000start_decrypt: - - - movl 120(%ebp), %eax - xorl %ebx, %ebx - movl 124(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 112(%ebp), %eax - xorl %ebx, %ebx - movl 116(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 104(%ebp), %eax - xorl %ebx, %ebx - movl 108(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 96(%ebp), %eax - xorl %ebx, %ebx - movl 100(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 88(%ebp), %eax - xorl %ebx, %ebx - movl 92(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 80(%ebp), %eax - xorl %ebx, %ebx - movl 84(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 72(%ebp), %eax - xorl %ebx, %ebx - movl 76(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 64(%ebp), %eax - xorl %ebx, %ebx - movl 68(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 56(%ebp), %eax - xorl %ebx, %ebx - movl 60(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 48(%ebp), %eax - xorl %ebx, %ebx - movl 52(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 40(%ebp), %eax - xorl %ebx, %ebx - movl 44(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 32(%ebp), %eax - xorl %ebx, %ebx - movl 36(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 24(%ebp), %eax - xorl %ebx, %ebx - movl 28(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 16(%ebp), %eax - xorl %ebx, %ebx - movl 20(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 8(%ebp), %eax - xorl %ebx, %ebx - movl 12(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl (%ebp), %eax - xorl %ebx, %ebx - movl 4(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi -.L001end: - - - movl 20(%esp), %edx -.byte 209 -.byte 206 - movl %edi, %eax - xorl %esi, %edi - andl $0xaaaaaaaa, %edi - xorl %edi, %eax - xorl %edi, %esi - - roll $23, %eax - movl %eax, %edi - xorl %esi, %eax - andl $0x03fc03fc, %eax - xorl %eax, %edi - xorl %eax, %esi - - roll $10, %edi - movl %edi, %eax - xorl %esi, %edi - andl $0x33333333, %edi - xorl %edi, %eax - xorl %edi, %esi - - roll $18, %esi - movl %esi, %edi - xorl %eax, %esi - andl $0xfff0000f, %esi - xorl %esi, %edi - xorl %esi, %eax - - roll $12, %edi - movl %edi, %esi - xorl %eax, %edi - andl $0xf0f0f0f0, %edi - xorl %edi, %esi - xorl %edi, %eax - - rorl $4, %eax - movl %eax, (%edx) - movl %esi, 4(%edx) - popl %ebp - popl %ebx - popl %edi - popl %esi - ret -.des_encrypt_end: - .size des_encrypt , .des_encrypt_end-des_encrypt -.ident "desasm.pl" -.text - .align 16 -.globl des_encrypt2 - .type des_encrypt2 , @function -des_encrypt2: - pushl %esi - pushl %edi - - - movl 12(%esp), %eax - xorl %ecx, %ecx - pushl %ebx - pushl %ebp - movl (%eax), %esi - movl 28(%esp), %ebx - roll $3, %esi - movl 4(%eax), %edi - roll $3, %edi - movl 24(%esp), %ebp - cmpl $0, %ebx - je .L002start_decrypt - - - movl (%ebp), %eax - xorl %ebx, %ebx - movl 4(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 8(%ebp), %eax - xorl %ebx, %ebx - movl 12(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 16(%ebp), %eax - xorl %ebx, %ebx - movl 20(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 24(%ebp), %eax - xorl %ebx, %ebx - movl 28(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 32(%ebp), %eax - xorl %ebx, %ebx - movl 36(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 40(%ebp), %eax - xorl %ebx, %ebx - movl 44(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 48(%ebp), %eax - xorl %ebx, %ebx - movl 52(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 56(%ebp), %eax - xorl %ebx, %ebx - movl 60(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 64(%ebp), %eax - xorl %ebx, %ebx - movl 68(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 72(%ebp), %eax - xorl %ebx, %ebx - movl 76(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 80(%ebp), %eax - xorl %ebx, %ebx - movl 84(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 88(%ebp), %eax - xorl %ebx, %ebx - movl 92(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 96(%ebp), %eax - xorl %ebx, %ebx - movl 100(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 104(%ebp), %eax - xorl %ebx, %ebx - movl 108(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 112(%ebp), %eax - xorl %ebx, %ebx - movl 116(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 120(%ebp), %eax - xorl %ebx, %ebx - movl 124(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - jmp .L003end -.L002start_decrypt: - - - movl 120(%ebp), %eax - xorl %ebx, %ebx - movl 124(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 112(%ebp), %eax - xorl %ebx, %ebx - movl 116(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 104(%ebp), %eax - xorl %ebx, %ebx - movl 108(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 96(%ebp), %eax - xorl %ebx, %ebx - movl 100(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 88(%ebp), %eax - xorl %ebx, %ebx - movl 92(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 80(%ebp), %eax - xorl %ebx, %ebx - movl 84(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 72(%ebp), %eax - xorl %ebx, %ebx - movl 76(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 64(%ebp), %eax - xorl %ebx, %ebx - movl 68(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 56(%ebp), %eax - xorl %ebx, %ebx - movl 60(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 48(%ebp), %eax - xorl %ebx, %ebx - movl 52(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 40(%ebp), %eax - xorl %ebx, %ebx - movl 44(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 32(%ebp), %eax - xorl %ebx, %ebx - movl 36(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 24(%ebp), %eax - xorl %ebx, %ebx - movl 28(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl 16(%ebp), %eax - xorl %ebx, %ebx - movl 20(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi - - - movl 8(%ebp), %eax - xorl %ebx, %ebx - movl 12(%ebp), %edx - xorl %esi, %eax - xorl %esi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %edi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %edi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %edi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %edi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %edi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %edi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %edi - - - movl (%ebp), %eax - xorl %ebx, %ebx - movl 4(%ebp), %edx - xorl %edi, %eax - xorl %edi, %edx - andl $0xfcfcfcfc, %eax - andl $0xcfcfcfcf, %edx - movb %al, %bl - movb %ah, %cl - rorl $4, %edx - movl des_SPtrans(%ebx),%ebp - movb %dl, %bl - xorl %ebp, %esi - movl 0x200+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movb %dh, %cl - shrl $16, %eax - movl 0x100+des_SPtrans(%ebx),%ebp - xorl %ebp, %esi - movb %ah, %bl - shrl $16, %edx - movl 0x300+des_SPtrans(%ecx),%ebp - xorl %ebp, %esi - movl 24(%esp), %ebp - movb %dh, %cl - andl $0xff, %eax - andl $0xff, %edx - movl 0x600+des_SPtrans(%ebx),%ebx - xorl %ebx, %esi - movl 0x700+des_SPtrans(%ecx),%ebx - xorl %ebx, %esi - movl 0x400+des_SPtrans(%eax),%ebx - xorl %ebx, %esi - movl 0x500+des_SPtrans(%edx),%ebx - xorl %ebx, %esi -.L003end: - - - rorl $3, %edi - movl 20(%esp), %eax - rorl $3, %esi - movl %edi, (%eax) - movl %esi, 4(%eax) - popl %ebp - popl %ebx - popl %edi - popl %esi - ret -.des_encrypt2_end: - .size des_encrypt2 , .des_encrypt2_end-des_encrypt2 -.ident "desasm.pl" -.text - .align 16 -.globl des_encrypt3 - .type des_encrypt3 , @function -des_encrypt3: - pushl %ebx - movl 8(%esp), %ebx - pushl %ebp - pushl %esi - pushl %edi - - - movl (%ebx), %edi - movl 4(%ebx), %esi - subl $12, %esp - - - roll $4, %edi - movl %edi, %edx - xorl %esi, %edi - andl $0xf0f0f0f0, %edi - xorl %edi, %edx - xorl %edi, %esi - - roll $20, %esi - movl %esi, %edi - xorl %edx, %esi - andl $0xfff0000f, %esi - xorl %esi, %edi - xorl %esi, %edx - - roll $14, %edi - movl %edi, %esi - xorl %edx, %edi - andl $0x33333333, %edi - xorl %edi, %esi - xorl %edi, %edx - - roll $22, %edx - movl %edx, %edi - xorl %esi, %edx - andl $0x03fc03fc, %edx - xorl %edx, %edi - xorl %edx, %esi - - roll $9, %edi - movl %edi, %edx - xorl %esi, %edi - andl $0xaaaaaaaa, %edi - xorl %edi, %edx - xorl %edi, %esi - - rorl $3, %edx - rorl $2, %esi - movl %esi, 4(%ebx) - movl 36(%esp), %eax - movl %edx, (%ebx) - movl 40(%esp), %edi - movl 44(%esp), %esi - movl $1, 8(%esp) - movl %eax, 4(%esp) - movl %ebx, (%esp) - call des_encrypt2 - movl $0, 8(%esp) - movl %edi, 4(%esp) - movl %ebx, (%esp) - call des_encrypt2 - movl $1, 8(%esp) - movl %esi, 4(%esp) - movl %ebx, (%esp) - call des_encrypt2 - addl $12, %esp - movl (%ebx), %edi - movl 4(%ebx), %esi - - - roll $2, %esi - roll $3, %edi - movl %edi, %eax - xorl %esi, %edi - andl $0xaaaaaaaa, %edi - xorl %edi, %eax - xorl %edi, %esi - - roll $23, %eax - movl %eax, %edi - xorl %esi, %eax - andl $0x03fc03fc, %eax - xorl %eax, %edi - xorl %eax, %esi - - roll $10, %edi - movl %edi, %eax - xorl %esi, %edi - andl $0x33333333, %edi - xorl %edi, %eax - xorl %edi, %esi - - roll $18, %esi - movl %esi, %edi - xorl %eax, %esi - andl $0xfff0000f, %esi - xorl %esi, %edi - xorl %esi, %eax - - roll $12, %edi - movl %edi, %esi - xorl %eax, %edi - andl $0xf0f0f0f0, %edi - xorl %edi, %esi - xorl %edi, %eax - - rorl $4, %eax - movl %eax, (%ebx) - movl %esi, 4(%ebx) - popl %edi - popl %esi - popl %ebp - popl %ebx - ret -.des_encrypt3_end: - .size des_encrypt3 , .des_encrypt3_end-des_encrypt3 -.ident "desasm.pl" -.text - .align 16 -.globl des_decrypt3 - .type des_decrypt3 , @function -des_decrypt3: - pushl %ebx - movl 8(%esp), %ebx - pushl %ebp - pushl %esi - pushl %edi - - - movl (%ebx), %edi - movl 4(%ebx), %esi - subl $12, %esp - - - roll $4, %edi - movl %edi, %edx - xorl %esi, %edi - andl $0xf0f0f0f0, %edi - xorl %edi, %edx - xorl %edi, %esi - - roll $20, %esi - movl %esi, %edi - xorl %edx, %esi - andl $0xfff0000f, %esi - xorl %esi, %edi - xorl %esi, %edx - - roll $14, %edi - movl %edi, %esi - xorl %edx, %edi - andl $0x33333333, %edi - xorl %edi, %esi - xorl %edi, %edx - - roll $22, %edx - movl %edx, %edi - xorl %esi, %edx - andl $0x03fc03fc, %edx - xorl %edx, %edi - xorl %edx, %esi - - roll $9, %edi - movl %edi, %edx - xorl %esi, %edi - andl $0xaaaaaaaa, %edi - xorl %edi, %edx - xorl %edi, %esi - - rorl $3, %edx - rorl $2, %esi - movl %esi, 4(%ebx) - movl 36(%esp), %esi - movl %edx, (%ebx) - movl 40(%esp), %edi - movl 44(%esp), %eax - movl $0, 8(%esp) - movl %eax, 4(%esp) - movl %ebx, (%esp) - call des_encrypt2 - movl $1, 8(%esp) - movl %edi, 4(%esp) - movl %ebx, (%esp) - call des_encrypt2 - movl $0, 8(%esp) - movl %esi, 4(%esp) - movl %ebx, (%esp) - call des_encrypt2 - addl $12, %esp - movl (%ebx), %edi - movl 4(%ebx), %esi - - - roll $2, %esi - roll $3, %edi - movl %edi, %eax - xorl %esi, %edi - andl $0xaaaaaaaa, %edi - xorl %edi, %eax - xorl %edi, %esi - - roll $23, %eax - movl %eax, %edi - xorl %esi, %eax - andl $0x03fc03fc, %eax - xorl %eax, %edi - xorl %eax, %esi - - roll $10, %edi - movl %edi, %eax - xorl %esi, %edi - andl $0x33333333, %edi - xorl %edi, %eax - xorl %edi, %esi - - roll $18, %esi - movl %esi, %edi - xorl %eax, %esi - andl $0xfff0000f, %esi - xorl %esi, %edi - xorl %esi, %eax - - roll $12, %edi - movl %edi, %esi - xorl %eax, %edi - andl $0xf0f0f0f0, %edi - xorl %edi, %esi - xorl %edi, %eax - - rorl $4, %eax - movl %eax, (%ebx) - movl %esi, 4(%ebx) - popl %edi - popl %esi - popl %ebp - popl %ebx - ret -.des_decrypt3_end: - .size des_decrypt3 , .des_decrypt3_end-des_decrypt3 -.ident "desasm.pl" -.text - .align 16 -.globl des_ncbc_encrypt - .type des_ncbc_encrypt , @function -des_ncbc_encrypt: - - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 28(%esp), %ebp - - movl 36(%esp), %ebx - movl (%ebx), %esi - movl 4(%ebx), %edi - pushl %edi - pushl %esi - pushl %edi - pushl %esi - movl %esp, %ebx - movl 36(%esp), %esi - movl 40(%esp), %edi - - movl 56(%esp), %ecx - - pushl %ecx - - movl 52(%esp), %eax - pushl %eax - pushl %ebx - cmpl $0, %ecx - jz .L004decrypt - andl $4294967288, %ebp - movl 12(%esp), %eax - movl 16(%esp), %ebx - jz .L005encrypt_finish -.L006encrypt_loop: - movl (%esi), %ecx - movl 4(%esi), %edx - xorl %ecx, %eax - xorl %edx, %ebx - movl %eax, 12(%esp) - movl %ebx, 16(%esp) - call des_encrypt - movl 12(%esp), %eax - movl 16(%esp), %ebx - movl %eax, (%edi) - movl %ebx, 4(%edi) - addl $8, %esi - addl $8, %edi - subl $8, %ebp - jnz .L006encrypt_loop -.L005encrypt_finish: - movl 56(%esp), %ebp - andl $7, %ebp - jz .L007finish - xorl %ecx, %ecx - xorl %edx, %edx - movl .L008cbc_enc_jmp_table(,%ebp,4),%ebp - jmp *%ebp -.L009ej7: - movb 6(%esi), %dh - sall $8, %edx -.L010ej6: - movb 5(%esi), %dh -.L011ej5: - movb 4(%esi), %dl -.L012ej4: - movl (%esi), %ecx - jmp .L013ejend -.L014ej3: - movb 2(%esi), %ch - sall $8, %ecx -.L015ej2: - movb 1(%esi), %ch -.L016ej1: - movb (%esi), %cl -.L013ejend: - xorl %ecx, %eax - xorl %edx, %ebx - movl %eax, 12(%esp) - movl %ebx, 16(%esp) - call des_encrypt - movl 12(%esp), %eax - movl 16(%esp), %ebx - movl %eax, (%edi) - movl %ebx, 4(%edi) - jmp .L007finish -.align 16 -.L004decrypt: - andl $4294967288, %ebp - movl 20(%esp), %eax - movl 24(%esp), %ebx - jz .L017decrypt_finish -.L018decrypt_loop: - movl (%esi), %eax - movl 4(%esi), %ebx - movl %eax, 12(%esp) - movl %ebx, 16(%esp) - call des_encrypt - movl 12(%esp), %eax - movl 16(%esp), %ebx - movl 20(%esp), %ecx - movl 24(%esp), %edx - xorl %eax, %ecx - xorl %ebx, %edx - movl (%esi), %eax - movl 4(%esi), %ebx - movl %ecx, (%edi) - movl %edx, 4(%edi) - movl %eax, 20(%esp) - movl %ebx, 24(%esp) - addl $8, %esi - addl $8, %edi - subl $8, %ebp - jnz .L018decrypt_loop -.L017decrypt_finish: - movl 56(%esp), %ebp - andl $7, %ebp - jz .L007finish - movl (%esi), %eax - movl 4(%esi), %ebx - movl %eax, 12(%esp) - movl %ebx, 16(%esp) - call des_encrypt - movl 12(%esp), %eax - movl 16(%esp), %ebx - movl 20(%esp), %ecx - movl 24(%esp), %edx - xorl %eax, %ecx - xorl %ebx, %edx - movl (%esi), %eax - movl 4(%esi), %ebx -.L019dj7: - rorl $16, %edx - movb %dl, 6(%edi) - shrl $16, %edx -.L020dj6: - movb %dh, 5(%edi) -.L021dj5: - movb %dl, 4(%edi) -.L022dj4: - movl %ecx, (%edi) - jmp .L023djend -.L024dj3: - rorl $16, %ecx - movb %cl, 2(%edi) - sall $16, %ecx -.L025dj2: - movb %ch, 1(%esi) -.L026dj1: - movb %cl, (%esi) -.L023djend: - jmp .L007finish -.align 16 -.L007finish: - movl 64(%esp), %ecx - addl $28, %esp - movl %eax, (%ecx) - movl %ebx, 4(%ecx) - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.align 16 -.L008cbc_enc_jmp_table: - .long 0 - .long .L016ej1 - .long .L015ej2 - .long .L014ej3 - .long .L012ej4 - .long .L011ej5 - .long .L010ej6 - .long .L009ej7 -.align 16 -.L027cbc_dec_jmp_table: - .long 0 - .long .L026dj1 - .long .L025dj2 - .long .L024dj3 - .long .L022dj4 - .long .L021dj5 - .long .L020dj6 - .long .L019dj7 -.des_ncbc_encrypt_end: - .size des_ncbc_encrypt , .des_ncbc_encrypt_end-des_ncbc_encrypt -.ident "desasm.pl" -.text - .align 16 -.globl des_ede3_cbc_encrypt - .type des_ede3_cbc_encrypt , @function -des_ede3_cbc_encrypt: - - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 28(%esp), %ebp - - movl 44(%esp), %ebx - movl (%ebx), %esi - movl 4(%ebx), %edi - pushl %edi - pushl %esi - pushl %edi - pushl %esi - movl %esp, %ebx - movl 36(%esp), %esi - movl 40(%esp), %edi - - movl 64(%esp), %ecx - - movl 56(%esp), %eax - pushl %eax - - movl 56(%esp), %eax - pushl %eax - - movl 56(%esp), %eax - pushl %eax - pushl %ebx - cmpl $0, %ecx - jz .L028decrypt - andl $4294967288, %ebp - movl 16(%esp), %eax - movl 20(%esp), %ebx - jz .L029encrypt_finish -.L030encrypt_loop: - movl (%esi), %ecx - movl 4(%esi), %edx - xorl %ecx, %eax - xorl %edx, %ebx - movl %eax, 16(%esp) - movl %ebx, 20(%esp) - call des_encrypt3 - movl 16(%esp), %eax - movl 20(%esp), %ebx - movl %eax, (%edi) - movl %ebx, 4(%edi) - addl $8, %esi - addl $8, %edi - subl $8, %ebp - jnz .L030encrypt_loop -.L029encrypt_finish: - movl 60(%esp), %ebp - andl $7, %ebp - jz .L031finish - xorl %ecx, %ecx - xorl %edx, %edx - movl .L032cbc_enc_jmp_table(,%ebp,4),%ebp - jmp *%ebp -.L033ej7: - movb 6(%esi), %dh - sall $8, %edx -.L034ej6: - movb 5(%esi), %dh -.L035ej5: - movb 4(%esi), %dl -.L036ej4: - movl (%esi), %ecx - jmp .L037ejend -.L038ej3: - movb 2(%esi), %ch - sall $8, %ecx -.L039ej2: - movb 1(%esi), %ch -.L040ej1: - movb (%esi), %cl -.L037ejend: - xorl %ecx, %eax - xorl %edx, %ebx - movl %eax, 16(%esp) - movl %ebx, 20(%esp) - call des_encrypt3 - movl 16(%esp), %eax - movl 20(%esp), %ebx - movl %eax, (%edi) - movl %ebx, 4(%edi) - jmp .L031finish -.align 16 -.L028decrypt: - andl $4294967288, %ebp - movl 24(%esp), %eax - movl 28(%esp), %ebx - jz .L041decrypt_finish -.L042decrypt_loop: - movl (%esi), %eax - movl 4(%esi), %ebx - movl %eax, 16(%esp) - movl %ebx, 20(%esp) - call des_decrypt3 - movl 16(%esp), %eax - movl 20(%esp), %ebx - movl 24(%esp), %ecx - movl 28(%esp), %edx - xorl %eax, %ecx - xorl %ebx, %edx - movl (%esi), %eax - movl 4(%esi), %ebx - movl %ecx, (%edi) - movl %edx, 4(%edi) - movl %eax, 24(%esp) - movl %ebx, 28(%esp) - addl $8, %esi - addl $8, %edi - subl $8, %ebp - jnz .L042decrypt_loop -.L041decrypt_finish: - movl 60(%esp), %ebp - andl $7, %ebp - jz .L031finish - movl (%esi), %eax - movl 4(%esi), %ebx - movl %eax, 16(%esp) - movl %ebx, 20(%esp) - call des_decrypt3 - movl 16(%esp), %eax - movl 20(%esp), %ebx - movl 24(%esp), %ecx - movl 28(%esp), %edx - xorl %eax, %ecx - xorl %ebx, %edx - movl (%esi), %eax - movl 4(%esi), %ebx -.L043dj7: - rorl $16, %edx - movb %dl, 6(%edi) - shrl $16, %edx -.L044dj6: - movb %dh, 5(%edi) -.L045dj5: - movb %dl, 4(%edi) -.L046dj4: - movl %ecx, (%edi) - jmp .L047djend -.L048dj3: - rorl $16, %ecx - movb %cl, 2(%edi) - sall $16, %ecx -.L049dj2: - movb %ch, 1(%esi) -.L050dj1: - movb %cl, (%esi) -.L047djend: - jmp .L031finish -.align 16 -.L031finish: - movl 76(%esp), %ecx - addl $32, %esp - movl %eax, (%ecx) - movl %ebx, 4(%ecx) - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.align 16 -.L032cbc_enc_jmp_table: - .long 0 - .long .L040ej1 - .long .L039ej2 - .long .L038ej3 - .long .L036ej4 - .long .L035ej5 - .long .L034ej6 - .long .L033ej7 -.align 16 -.L051cbc_dec_jmp_table: - .long 0 - .long .L050dj1 - .long .L049dj2 - .long .L048dj3 - .long .L046dj4 - .long .L045dj5 - .long .L044dj6 - .long .L043dj7 -.des_ede3_cbc_encrypt_end: - .size des_ede3_cbc_encrypt , .des_ede3_cbc_encrypt_end-des_ede3_cbc_encrypt -.ident "desasm.pl" diff --git a/linux/crypto/ciphers/des/ecb_enc.c b/linux/crypto/ciphers/des/ecb_enc.c deleted file mode 100644 index 0b7afcf3a..000000000 --- a/linux/crypto/ciphers/des/ecb_enc.c +++ /dev/null @@ -1,128 +0,0 @@ -/* crypto/des/ecb_enc.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_locl.h" -#include "spr.h" - -char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay"; -char *DES_version="DES part of SSLeay 0.8.2b 08-Jan-1998"; - -/* RCSID $Id: ecb_enc.c,v 1.1 2004/03/15 20:35:25 as Exp $ */ -/* This function ifdef'ed out for FreeS/WAN project. */ -#ifdef notdef -char *des_options() - { - static int init=1; - static char buf[32]; - - if (init) - { - char *ptr,*unroll,*risc,*size; - - init=0; -#ifdef DES_PTR - ptr="ptr"; -#else - ptr="idx"; -#endif -#if defined(DES_RISC1) || defined(DES_RISC2) -#ifdef DES_RISC1 - risc="risc1"; -#endif -#ifdef DES_RISC2 - risc="risc2"; -#endif -#else - risc="cisc"; -#endif -#ifdef DES_UNROLL - unroll="16"; -#else - unroll="4"; -#endif - if (sizeof(DES_LONG) != sizeof(long)) - size="int"; - else - size="long"; - sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); - } - return(buf); - } -#endif - - -void des_ecb_encrypt(input, output, ks, enc) -des_cblock (*input); -des_cblock (*output); -des_key_schedule ks; -int enc; - { - register DES_LONG l; - register unsigned char *in,*out; - DES_LONG ll[2]; - - in=(unsigned char *)input; - out=(unsigned char *)output; - c2l(in,l); ll[0]=l; - c2l(in,l); ll[1]=l; - des_encrypt(ll,ks,enc); - l=ll[0]; l2c(l,out); - l=ll[1]; l2c(l,out); - l=ll[0]=ll[1]=0; - } - diff --git a/linux/crypto/ciphers/des/fcrypt.c b/linux/crypto/ciphers/des/fcrypt.c deleted file mode 100644 index 8b9d0495b..000000000 --- a/linux/crypto/ciphers/des/fcrypt.c +++ /dev/null @@ -1,152 +0,0 @@ -/* NOCW */ - -/* This version of crypt has been developed from my MIT compatable - * DES library. - * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au - * Eric Young (eay@cryptsoft.com) - */ - -/* Modification by Jens Kupferschmidt (Cu) - * I have included directive PARA for shared memory computers. - * I have included a directive LONGCRYPT to using this routine to cipher - * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN - * definition is the maximum of lenght of password and can changed. I have - * defined 24. - */ - -#include "des_locl.h" - -/* Added more values to handle illegal salt values the way normal - * crypt() implementations do. The patch was sent by - * Bjorn Gronvall - */ -static unsigned const char con_salt[128]={ -0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9, -0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1, -0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9, -0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1, -0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9, -0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01, -0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09, -0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A, -0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12, -0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A, -0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22, -0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24, -0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C, -0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34, -0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C, -0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44, -}; - -static unsigned const char cov_2char[64]={ -0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, -0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, -0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, -0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, -0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62, -0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A, -0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72, -0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A -}; - -#ifndef NOPROTO -void fcrypt_body(DES_LONG *out,des_key_schedule ks, - DES_LONG Eswap0, DES_LONG Eswap1); - -#ifdef PERL5 -char *des_crypt(const char *buf,const char *salt); -#else -char *crypt(const char *buf,const char *salt); -#endif -#else -void fcrypt_body(); -#ifdef PERL5 -char *des_crypt(); -#else -char *crypt(); -#endif -#endif - -#ifdef PERL5 -char *des_crypt(buf,salt) -#else -char *crypt(buf,salt) -#endif -const char *buf; -const char *salt; - { - static char buff[14]; - - return(des_fcrypt(buf,salt,buff)); - } - - -char *des_fcrypt(buf,salt,ret) -const char *buf; -const char *salt; -char *ret; - { - unsigned int i,j,x,y; - DES_LONG Eswap0,Eswap1; - DES_LONG out[2],ll; - des_cblock key; - des_key_schedule ks; - unsigned char bb[9]; - unsigned char *b=bb; - unsigned char c,u; - - /* eay 25/08/92 - * If you call crypt("pwd","*") as often happens when you - * have * as the pwd field in /etc/passwd, the function - * returns *\0XXXXXXXXX - * The \0 makes the string look like * so the pwd "*" would - * crypt to "*". This was found when replacing the crypt in - * our shared libraries. People found that the disbled - * accounts effectivly had no passwd :-(. */ - x=ret[0]=((salt[0] == '\0')?'A':salt[0]); - Eswap0=con_salt[x]<<2; - x=ret[1]=((salt[1] == '\0')?'A':salt[1]); - Eswap1=con_salt[x]<<6; - -/* EAY -r=strlen(buf); -r=(r+7)/8; -*/ - for (i=0; i<8; i++) - { - c= *(buf++); - if (!c) break; - key[i]=(c<<1); - } - for (; i<8; i++) - key[i]=0; - - des_set_key((des_cblock *)(key),ks); - fcrypt_body(&(out[0]),ks,Eswap0,Eswap1); - - ll=out[0]; l2c(ll,b); - ll=out[1]; l2c(ll,b); - y=0; - u=0x80; - bb[8]=0; - for (i=2; i<13; i++) - { - c=0; - for (j=0; j<6; j++) - { - c<<=1; - if (bb[y] & u) c|=1; - u>>=1; - if (!u) - { - y++; - u=0x80; - } - } - ret[i]=cov_2char[c]; - } - ret[13]='\0'; - return(ret); - } - diff --git a/linux/crypto/ciphers/des/fcrypt_b.c b/linux/crypto/ciphers/des/fcrypt_b.c deleted file mode 100644 index 5900645e7..000000000 --- a/linux/crypto/ciphers/des/fcrypt_b.c +++ /dev/null @@ -1,148 +0,0 @@ -/* crypto/des/fcrypt_b.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* #include */ - -/* This version of crypt has been developed from my MIT compatable - * DES library. - * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au - * Eric Young (eay@cryptsoft.com) - */ - -#define DES_FCRYPT -#include "des_locl.h" -#undef DES_FCRYPT - -#undef PERM_OP -#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ - (b)^=(t),\ - (a)^=((t)<<(n))) - -#undef HPERM_OP -#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ - (a)=(a)^(t)^(t>>(16-(n))))\ - -void fcrypt_body(out, ks, Eswap0, Eswap1) -DES_LONG *out; -des_key_schedule ks; -DES_LONG Eswap0; -DES_LONG Eswap1; - { - register DES_LONG l,r,t,u; -#ifdef DES_PTR - register unsigned char *des_SP=(unsigned char *)des_SPtrans; -#endif - register DES_LONG *s; - register int j; - register DES_LONG E0,E1; - - l=0; - r=0; - - s=(DES_LONG *)ks; - E0=Eswap0; - E1=Eswap1; - - for (j=0; j<25; j++) - { -#ifdef DES_UNROLL - register int i; - - for (i=0; i<32; i+=8) - { - D_ENCRYPT(l,r,i+0); /* 1 */ - D_ENCRYPT(r,l,i+2); /* 2 */ - D_ENCRYPT(l,r,i+4); /* 1 */ - D_ENCRYPT(r,l,i+6); /* 2 */ - } -#else - D_ENCRYPT(l,r, 0); /* 1 */ - D_ENCRYPT(r,l, 2); /* 2 */ - D_ENCRYPT(l,r, 4); /* 3 */ - D_ENCRYPT(r,l, 6); /* 4 */ - D_ENCRYPT(l,r, 8); /* 5 */ - D_ENCRYPT(r,l,10); /* 6 */ - D_ENCRYPT(l,r,12); /* 7 */ - D_ENCRYPT(r,l,14); /* 8 */ - D_ENCRYPT(l,r,16); /* 9 */ - D_ENCRYPT(r,l,18); /* 10 */ - D_ENCRYPT(l,r,20); /* 11 */ - D_ENCRYPT(r,l,22); /* 12 */ - D_ENCRYPT(l,r,24); /* 13 */ - D_ENCRYPT(r,l,26); /* 14 */ - D_ENCRYPT(l,r,28); /* 15 */ - D_ENCRYPT(r,l,30); /* 16 */ -#endif - - t=l; - l=r; - r=t; - } - l=ROTATE(l,3)&0xffffffffL; - r=ROTATE(r,3)&0xffffffffL; - - PERM_OP(l,r,t, 1,0x55555555L); - PERM_OP(r,l,t, 8,0x00ff00ffL); - PERM_OP(l,r,t, 2,0x33333333L); - PERM_OP(r,l,t,16,0x0000ffffL); - PERM_OP(l,r,t, 4,0x0f0f0f0fL); - - out[0]=r; - out[1]=l; - } - diff --git a/linux/crypto/ciphers/des/options.txt b/linux/crypto/ciphers/des/options.txt deleted file mode 100644 index 6e2b50f76..000000000 --- a/linux/crypto/ciphers/des/options.txt +++ /dev/null @@ -1,39 +0,0 @@ -Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds -instead of the default 4. -RISC1 and RISC2 are 2 alternatives for the inner loop and -PTR means to use pointers arithmatic instead of arrays. - -FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler 577,000 4620k/s -IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR 496,000 3968k/s -solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1] 459,400 3672k/s -FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1 433,000 3468k/s -solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 380,000 3041k/s -linux - pentium 100mhz - gcc 2.7.0 - assembler 281,000 2250k/s -NT 4.0 - pentium 100mhz - VC 4.2 - assembler 281,000 2250k/s -AIX 4.1? - PPC604 100mhz - cc - UNROLL 275,000 2200k/s -IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR 235,300 1882k/s -IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR 233,700 1869k/s -NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR 191,000 1528k/s -DEC Alpha 165mhz?? - cc - RISC2 PTR [2] 181,000 1448k/s -linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR 158,500 1268k/s -HPUX 10 - 9000/887 - cc - UNROLL [3] 148,000 1190k/s -solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL 123,600 989k/s -IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR 101,000 808k/s -DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL 81,000 648k/s -solaris 2.4 486 50mhz - gcc 2.6.3 - assembler 65,000 522k/s -HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR 76,000 608k/s -solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2 43,500 344k/s -AIX - old slow one :-) - cc - 39,000 312k/s - -Notes. -[1] For the ultra sparc, SunC 4.0 - cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts' - gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s. - I'll record the higher since it is coming from the library but it - is all rather weird. -[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000. -[3] I was unable to get access to this machine when it was not heavily loaded. - As such, my timing program was never able to get more that %30 of the CPU. - This would cause the program to give much lower speed numbers because - it would be 'fighting' to stay in the cache with the other CPU burning - processes. diff --git a/linux/crypto/ciphers/des/podd.h b/linux/crypto/ciphers/des/podd.h deleted file mode 100644 index c00cd6ba0..000000000 --- a/linux/crypto/ciphers/des/podd.h +++ /dev/null @@ -1,75 +0,0 @@ -/* crypto/des/podd.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -static const unsigned char odd_parity[256]={ - 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, - 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, - 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, - 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, - 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, - 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, - 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, -112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, -128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, -145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, -161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, -176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, -193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, -208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, -224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, -241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254}; diff --git a/linux/crypto/ciphers/des/set_key.c b/linux/crypto/ciphers/des/set_key.c deleted file mode 100644 index 99ac27348..000000000 --- a/linux/crypto/ciphers/des/set_key.c +++ /dev/null @@ -1,246 +0,0 @@ -/* crypto/des/set_key.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* set_key.c v 1.4 eay 24/9/91 - * 1.4 Speed up by 400% :-) - * 1.3 added register declarations. - * 1.2 unrolled make_key_sched a bit more - * 1.1 added norm_expand_bits - * 1.0 First working version - */ -#include "des_locl.h" -#include "podd.h" -#include "sk.h" - -#ifndef NOPROTO -static int check_parity(des_cblock (*key)); -#else -static int check_parity(); -#endif - -int des_check_key=0; - -void des_set_odd_parity(key) -des_cblock (*key); - { - int i; - - for (i=0; i>(n))^(b))&(m)),\ - * (b)^=(t),\ - * (a)=((a)^((t)<<(n)))) - */ - -#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ - (a)=(a)^(t)^(t>>(16-(n)))) - -/* return 0 if key parity is odd (correct), - * return -1 if key parity error, - * return -2 if illegal weak key. - */ -int des_set_key(key, schedule) -des_cblock (*key); -des_key_schedule schedule; - { - static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; - register DES_LONG c,d,t,s,t2; - register unsigned char *in; - register DES_LONG *k; - register int i; - - if (des_check_key) - { - if (!check_parity(key)) - return(-1); - - if (des_is_weak_key(key)) - return(-2); - } - - k=(DES_LONG *)schedule; - in=(unsigned char *)key; - - c2l(in,c); - c2l(in,d); - - /* do PC1 in 60 simple operations */ -/* PERM_OP(d,c,t,4,0x0f0f0f0fL); - HPERM_OP(c,t,-2, 0xcccc0000L); - HPERM_OP(c,t,-1, 0xaaaa0000L); - HPERM_OP(c,t, 8, 0x00ff0000L); - HPERM_OP(c,t,-1, 0xaaaa0000L); - HPERM_OP(d,t,-8, 0xff000000L); - HPERM_OP(d,t, 8, 0x00ff0000L); - HPERM_OP(d,t, 2, 0x33330000L); - d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L); - d=(d>>8)|((c&0xf0000000L)>>4); - c&=0x0fffffffL; */ - - /* I now do it in 47 simple operations :-) - * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) - * for the inspiration. :-) */ - PERM_OP (d,c,t,4,0x0f0f0f0fL); - HPERM_OP(c,t,-2,0xcccc0000L); - HPERM_OP(d,t,-2,0xcccc0000L); - PERM_OP (d,c,t,1,0x55555555L); - PERM_OP (c,d,t,8,0x00ff00ffL); - PERM_OP (d,c,t,1,0x55555555L); - d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) | - ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L)); - c&=0x0fffffffL; - - for (i=0; i>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); } - else - { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); } - c&=0x0fffffffL; - d&=0x0fffffffL; - /* could be a few less shifts but I am to lazy at this - * point in time to investigate */ - s= des_skb[0][ (c )&0x3f ]| - des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]| - des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]| - des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) | - ((c>>22L)&0x38)]; - t= des_skb[4][ (d )&0x3f ]| - des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| - des_skb[6][ (d>>15L)&0x3f ]| - des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)]; - - /* table contained 0213 4657 */ - t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL; - *(k++)=ROTATE(t2,30)&0xffffffffL; - - t2=((s>>16L)|(t&0xffff0000L)); - *(k++)=ROTATE(t2,26)&0xffffffffL; - } - return(0); - } - -int des_key_sched(key, schedule) -des_cblock (*key); -des_key_schedule schedule; - { - return(des_set_key(key,schedule)); - } diff --git a/linux/crypto/ciphers/des/sk.h b/linux/crypto/ciphers/des/sk.h deleted file mode 100644 index 240703070..000000000 --- a/linux/crypto/ciphers/des/sk.h +++ /dev/null @@ -1,204 +0,0 @@ -/* crypto/des/sk.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -static const DES_LONG des_skb[8][64]={ -{ -/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ -0x00000000L,0x00000010L,0x20000000L,0x20000010L, -0x00010000L,0x00010010L,0x20010000L,0x20010010L, -0x00000800L,0x00000810L,0x20000800L,0x20000810L, -0x00010800L,0x00010810L,0x20010800L,0x20010810L, -0x00000020L,0x00000030L,0x20000020L,0x20000030L, -0x00010020L,0x00010030L,0x20010020L,0x20010030L, -0x00000820L,0x00000830L,0x20000820L,0x20000830L, -0x00010820L,0x00010830L,0x20010820L,0x20010830L, -0x00080000L,0x00080010L,0x20080000L,0x20080010L, -0x00090000L,0x00090010L,0x20090000L,0x20090010L, -0x00080800L,0x00080810L,0x20080800L,0x20080810L, -0x00090800L,0x00090810L,0x20090800L,0x20090810L, -0x00080020L,0x00080030L,0x20080020L,0x20080030L, -0x00090020L,0x00090030L,0x20090020L,0x20090030L, -0x00080820L,0x00080830L,0x20080820L,0x20080830L, -0x00090820L,0x00090830L,0x20090820L,0x20090830L, -},{ -/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ -0x00000000L,0x02000000L,0x00002000L,0x02002000L, -0x00200000L,0x02200000L,0x00202000L,0x02202000L, -0x00000004L,0x02000004L,0x00002004L,0x02002004L, -0x00200004L,0x02200004L,0x00202004L,0x02202004L, -0x00000400L,0x02000400L,0x00002400L,0x02002400L, -0x00200400L,0x02200400L,0x00202400L,0x02202400L, -0x00000404L,0x02000404L,0x00002404L,0x02002404L, -0x00200404L,0x02200404L,0x00202404L,0x02202404L, -0x10000000L,0x12000000L,0x10002000L,0x12002000L, -0x10200000L,0x12200000L,0x10202000L,0x12202000L, -0x10000004L,0x12000004L,0x10002004L,0x12002004L, -0x10200004L,0x12200004L,0x10202004L,0x12202004L, -0x10000400L,0x12000400L,0x10002400L,0x12002400L, -0x10200400L,0x12200400L,0x10202400L,0x12202400L, -0x10000404L,0x12000404L,0x10002404L,0x12002404L, -0x10200404L,0x12200404L,0x10202404L,0x12202404L, -},{ -/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ -0x00000000L,0x00000001L,0x00040000L,0x00040001L, -0x01000000L,0x01000001L,0x01040000L,0x01040001L, -0x00000002L,0x00000003L,0x00040002L,0x00040003L, -0x01000002L,0x01000003L,0x01040002L,0x01040003L, -0x00000200L,0x00000201L,0x00040200L,0x00040201L, -0x01000200L,0x01000201L,0x01040200L,0x01040201L, -0x00000202L,0x00000203L,0x00040202L,0x00040203L, -0x01000202L,0x01000203L,0x01040202L,0x01040203L, -0x08000000L,0x08000001L,0x08040000L,0x08040001L, -0x09000000L,0x09000001L,0x09040000L,0x09040001L, -0x08000002L,0x08000003L,0x08040002L,0x08040003L, -0x09000002L,0x09000003L,0x09040002L,0x09040003L, -0x08000200L,0x08000201L,0x08040200L,0x08040201L, -0x09000200L,0x09000201L,0x09040200L,0x09040201L, -0x08000202L,0x08000203L,0x08040202L,0x08040203L, -0x09000202L,0x09000203L,0x09040202L,0x09040203L, -},{ -/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ -0x00000000L,0x00100000L,0x00000100L,0x00100100L, -0x00000008L,0x00100008L,0x00000108L,0x00100108L, -0x00001000L,0x00101000L,0x00001100L,0x00101100L, -0x00001008L,0x00101008L,0x00001108L,0x00101108L, -0x04000000L,0x04100000L,0x04000100L,0x04100100L, -0x04000008L,0x04100008L,0x04000108L,0x04100108L, -0x04001000L,0x04101000L,0x04001100L,0x04101100L, -0x04001008L,0x04101008L,0x04001108L,0x04101108L, -0x00020000L,0x00120000L,0x00020100L,0x00120100L, -0x00020008L,0x00120008L,0x00020108L,0x00120108L, -0x00021000L,0x00121000L,0x00021100L,0x00121100L, -0x00021008L,0x00121008L,0x00021108L,0x00121108L, -0x04020000L,0x04120000L,0x04020100L,0x04120100L, -0x04020008L,0x04120008L,0x04020108L,0x04120108L, -0x04021000L,0x04121000L,0x04021100L,0x04121100L, -0x04021008L,0x04121008L,0x04021108L,0x04121108L, -},{ -/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ -0x00000000L,0x10000000L,0x00010000L,0x10010000L, -0x00000004L,0x10000004L,0x00010004L,0x10010004L, -0x20000000L,0x30000000L,0x20010000L,0x30010000L, -0x20000004L,0x30000004L,0x20010004L,0x30010004L, -0x00100000L,0x10100000L,0x00110000L,0x10110000L, -0x00100004L,0x10100004L,0x00110004L,0x10110004L, -0x20100000L,0x30100000L,0x20110000L,0x30110000L, -0x20100004L,0x30100004L,0x20110004L,0x30110004L, -0x00001000L,0x10001000L,0x00011000L,0x10011000L, -0x00001004L,0x10001004L,0x00011004L,0x10011004L, -0x20001000L,0x30001000L,0x20011000L,0x30011000L, -0x20001004L,0x30001004L,0x20011004L,0x30011004L, -0x00101000L,0x10101000L,0x00111000L,0x10111000L, -0x00101004L,0x10101004L,0x00111004L,0x10111004L, -0x20101000L,0x30101000L,0x20111000L,0x30111000L, -0x20101004L,0x30101004L,0x20111004L,0x30111004L, -},{ -/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ -0x00000000L,0x08000000L,0x00000008L,0x08000008L, -0x00000400L,0x08000400L,0x00000408L,0x08000408L, -0x00020000L,0x08020000L,0x00020008L,0x08020008L, -0x00020400L,0x08020400L,0x00020408L,0x08020408L, -0x00000001L,0x08000001L,0x00000009L,0x08000009L, -0x00000401L,0x08000401L,0x00000409L,0x08000409L, -0x00020001L,0x08020001L,0x00020009L,0x08020009L, -0x00020401L,0x08020401L,0x00020409L,0x08020409L, -0x02000000L,0x0A000000L,0x02000008L,0x0A000008L, -0x02000400L,0x0A000400L,0x02000408L,0x0A000408L, -0x02020000L,0x0A020000L,0x02020008L,0x0A020008L, -0x02020400L,0x0A020400L,0x02020408L,0x0A020408L, -0x02000001L,0x0A000001L,0x02000009L,0x0A000009L, -0x02000401L,0x0A000401L,0x02000409L,0x0A000409L, -0x02020001L,0x0A020001L,0x02020009L,0x0A020009L, -0x02020401L,0x0A020401L,0x02020409L,0x0A020409L, -},{ -/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ -0x00000000L,0x00000100L,0x00080000L,0x00080100L, -0x01000000L,0x01000100L,0x01080000L,0x01080100L, -0x00000010L,0x00000110L,0x00080010L,0x00080110L, -0x01000010L,0x01000110L,0x01080010L,0x01080110L, -0x00200000L,0x00200100L,0x00280000L,0x00280100L, -0x01200000L,0x01200100L,0x01280000L,0x01280100L, -0x00200010L,0x00200110L,0x00280010L,0x00280110L, -0x01200010L,0x01200110L,0x01280010L,0x01280110L, -0x00000200L,0x00000300L,0x00080200L,0x00080300L, -0x01000200L,0x01000300L,0x01080200L,0x01080300L, -0x00000210L,0x00000310L,0x00080210L,0x00080310L, -0x01000210L,0x01000310L,0x01080210L,0x01080310L, -0x00200200L,0x00200300L,0x00280200L,0x00280300L, -0x01200200L,0x01200300L,0x01280200L,0x01280300L, -0x00200210L,0x00200310L,0x00280210L,0x00280310L, -0x01200210L,0x01200310L,0x01280210L,0x01280310L, -},{ -/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ -0x00000000L,0x04000000L,0x00040000L,0x04040000L, -0x00000002L,0x04000002L,0x00040002L,0x04040002L, -0x00002000L,0x04002000L,0x00042000L,0x04042000L, -0x00002002L,0x04002002L,0x00042002L,0x04042002L, -0x00000020L,0x04000020L,0x00040020L,0x04040020L, -0x00000022L,0x04000022L,0x00040022L,0x04040022L, -0x00002020L,0x04002020L,0x00042020L,0x04042020L, -0x00002022L,0x04002022L,0x00042022L,0x04042022L, -0x00000800L,0x04000800L,0x00040800L,0x04040800L, -0x00000802L,0x04000802L,0x00040802L,0x04040802L, -0x00002800L,0x04002800L,0x00042800L,0x04042800L, -0x00002802L,0x04002802L,0x00042802L,0x04042802L, -0x00000820L,0x04000820L,0x00040820L,0x04040820L, -0x00000822L,0x04000822L,0x00040822L,0x04040822L, -0x00002820L,0x04002820L,0x00042820L,0x04042820L, -0x00002822L,0x04002822L,0x00042822L,0x04042822L, -}}; diff --git a/linux/crypto/ciphers/des/speed.c b/linux/crypto/ciphers/des/speed.c deleted file mode 100644 index e3d753b2e..000000000 --- a/linux/crypto/ciphers/des/speed.c +++ /dev/null @@ -1,329 +0,0 @@ -/* crypto/des/speed.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ -/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ - -#ifndef MSDOS -#define TIMES -#endif - -#include -#ifndef MSDOS -#include -#else -#include -extern int exit(); -#endif -#include -#ifndef VMS -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif -#else /* VMS */ -#include -struct tms { - time_t tms_utime; - time_t tms_stime; - time_t tms_uchild; /* I dunno... */ - time_t tms_uchildsys; /* so these names are a guess :-) */ - } -#endif -#ifndef TIMES -#include -#endif - -#ifdef sun -#include -#include -#endif - -#include "des_locl.h" - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */ -# ifndef VMS -# define HZ 100.0 -# else /* VMS */ -# define HZ 100.0 -# endif -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -#ifndef NOPROTO -double Time_F(int s); -#else -double Time_F(); -#endif - -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) || defined(_AIX) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -#ifndef NOPROTO -SIGRETTYPE sig_done(int sig); -#else -SIGRETTYPE sig_done(); -#endif - -SIGRETTYPE sig_done(sig) -int sig; - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(s) -int s; - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1e3; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -int main(argc,argv) -int argc; -char **argv; - { - long count; - static unsigned char buf[BUFSIZE]; - static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; - static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; - static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; - des_key_schedule sch,sch2,sch3; - double a,b,c,d,e; -#ifndef SIGALRM - long ca,cb,cc,cd,ce; -#endif - -#ifndef TIMES - printf("To get the most acurate results, try to run this\n"); - printf("program when this computer is idle.\n"); -#endif - - des_set_key((C_Block *)key2,sch2); - des_set_key((C_Block *)key3,sch3); - -#ifndef SIGALRM - printf("First we calculate the approximate speed ...\n"); - des_set_key((C_Block *)key,sch); - count=10; - do { - long i; - DES_LONG data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - des_encrypt(data,&(sch[0]),DES_ENCRYPT); - d=Time_F(STOP); - } while (d < 3.0); - ca=count; - cb=count*3; - cc=count*3*8/BUFSIZE+1; - cd=count*8/BUFSIZE+1; - ce=count/20+1; - printf("Doing set_key %ld times\n",ca); -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - printf("Doing set_key for 10 seconds\n"); - alarm(10); -#endif - - Time_F(START); - for (count=0,run=1; COND(ca); count++) - des_set_key((C_Block *)key,sch); - d=Time_F(STOP); - printf("%ld set_key's in %.2f seconds\n",count,d); - a=((double)COUNT(ca))/d; - -#ifdef SIGALRM - printf("Doing des_encrypt's for 10 seconds\n"); - alarm(10); -#else - printf("Doing des_encrypt %ld times\n",cb); -#endif - Time_F(START); - for (count=0,run=1; COND(cb); count++) - { - DES_LONG data[2]; - - des_encrypt(data,&(sch[0]),DES_ENCRYPT); - } - d=Time_F(STOP); - printf("%ld des_encrypt's in %.2f second\n",count,d); - b=((double)COUNT(cb)*8)/d; - -#ifdef SIGALRM - printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n", - BUFSIZE); - alarm(10); -#else - printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc, - BUFSIZE); -#endif - Time_F(START); - for (count=0,run=1; COND(cc); count++) - des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]), - (C_Block *)&(key[0]),DES_ENCRYPT); - d=Time_F(STOP); - printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n", - count,BUFSIZE,d); - c=((double)COUNT(cc)*BUFSIZE)/d; - -#ifdef SIGALRM - printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n", - BUFSIZE); - alarm(10); -#else - printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd, - BUFSIZE); -#endif - Time_F(START); - for (count=0,run=1; COND(cd); count++) - des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE, - &(sch[0]), - &(sch2[0]), - &(sch3[0]), - (C_Block *)&(key[0]), - DES_ENCRYPT); - d=Time_F(STOP); - printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n", - count,BUFSIZE,d); - d=((double)COUNT(cd)*BUFSIZE)/d; - -#ifdef SIGALRM - printf("Doing crypt for 10 seconds\n"); - alarm(10); -#else - printf("Doing crypt %ld times\n",ce); -#endif - Time_F(START); - for (count=0,run=1; COND(ce); count++) - crypt("testing1","ef"); - e=Time_F(STOP); - printf("%ld crypts in %.2f second\n",count,e); - e=((double)COUNT(ce))/e; - - printf("set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a); - printf("DES raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b); - printf("DES cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c); - printf("DES ede cbc bytes per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d); - printf("crypt per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e); - exit(0); -#if defined(LINT) || defined(MSDOS) - return(0); -#endif - } diff --git a/linux/crypto/ciphers/des/spr.h b/linux/crypto/ciphers/des/spr.h deleted file mode 100644 index a84d6a723..000000000 --- a/linux/crypto/ciphers/des/spr.h +++ /dev/null @@ -1,204 +0,0 @@ -/* crypto/des/spr.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -const DES_LONG des_SPtrans[8][64]={ -{ -/* nibble 0 */ -0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, -0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, -0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, -0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, -0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, -0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, -0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, -0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, -0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, -0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, -0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, -0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, -0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, -0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, -0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, -0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, -},{ -/* nibble 1 */ -0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, -0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, -0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, -0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, -0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, -0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, -0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, -0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, -0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, -0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, -0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, -0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, -0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, -0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, -0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, -0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, -},{ -/* nibble 2 */ -0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, -0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, -0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, -0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, -0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, -0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, -0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, -0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, -0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, -0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, -0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, -0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, -0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, -0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, -0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, -0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, -},{ -/* nibble 3 */ -0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, -0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, -0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, -0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, -0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, -0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, -0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, -0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, -0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, -0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, -0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, -0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, -0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, -0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, -0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, -0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, -},{ -/* nibble 4 */ -0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, -0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, -0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, -0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, -0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, -0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, -0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, -0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, -0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, -0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, -0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, -0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, -0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, -0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, -0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, -0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, -},{ -/* nibble 5 */ -0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, -0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, -0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, -0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, -0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, -0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, -0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, -0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, -0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, -0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, -0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, -0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, -0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, -0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, -0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, -0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, -},{ -/* nibble 6 */ -0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, -0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, -0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, -0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, -0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, -0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, -0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, -0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, -0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, -0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, -0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, -0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, -0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, -0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, -0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, -0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, -},{ -/* nibble 7 */ -0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, -0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, -0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, -0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, -0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, -0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, -0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, -0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, -0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, -0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, -0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, -0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, -0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, -0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, -0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, -0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, -}}; diff --git a/linux/include/crypto/des.h b/linux/include/crypto/des.h deleted file mode 100644 index baddf8647..000000000 --- a/linux/include/crypto/des.h +++ /dev/null @@ -1,308 +0,0 @@ -/* crypto/des/des.org */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * Always modify des.org since des.h is automatically generated from - * it during SSLeay configuration. - * - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - -#ifndef HEADER_DES_H -#define HEADER_DES_H - -#ifdef __cplusplus -extern "C" { -#endif - - -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -/* Must be unsigned int on ia64/Itanium or DES breaks badly */ - -#ifdef __KERNEL__ -#include -#else -#include -#endif - -#ifndef DES_LONG -#define DES_LONG u_int32_t -#endif - -typedef unsigned char des_cblock[8]; -typedef struct des_ks_struct - { - union { - des_cblock _; - /* make sure things are correct size on machines with - * 8 byte longs */ - DES_LONG pad[2]; - } ks; -#undef _ -#define _ ks._ - } des_key_schedule[16]; - -#define DES_KEY_SZ (sizeof(des_cblock)) -#define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) - -#define DES_ENCRYPT 1 -#define DES_DECRYPT 0 - -#define DES_CBC_MODE 0 -#define DES_PCBC_MODE 1 - -#define des_ecb2_encrypt(i,o,k1,k2,e) \ - des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - -#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - -#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ - des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) - -#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ - des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) - -#define C_Block des_cblock -#define Key_schedule des_key_schedule -#ifdef KERBEROS -#define ENCRYPT DES_ENCRYPT -#define DECRYPT DES_DECRYPT -#endif -#define KEY_SZ DES_KEY_SZ -#define string_to_key des_string_to_key -#define read_pw_string des_read_pw_string -#define random_key des_random_key -#define pcbc_encrypt des_pcbc_encrypt -#define set_key des_set_key -#define key_sched des_key_sched -#define ecb_encrypt des_ecb_encrypt -#define cbc_encrypt des_cbc_encrypt -#define ncbc_encrypt des_ncbc_encrypt -#define xcbc_encrypt des_xcbc_encrypt -#define cbc_cksum des_cbc_cksum -#define quad_cksum des_quad_cksum - -/* For compatibility with the MIT lib - eay 20/05/92 */ -typedef des_key_schedule bit_64; -#define des_fixup_key_parity des_set_odd_parity -#define des_check_key_parity check_parity - -extern int des_check_key; /* defaults to false */ -extern int des_rw_mode; /* defaults to DES_PCBC_MODE */ - -/* The next line is used to disable full ANSI prototypes, if your - * compiler has problems with the prototypes, make sure this line always - * evaluates to true :-) */ -#if defined(MSDOS) || defined(__STDC__) -#undef NOPROTO -#endif -#ifndef NOPROTO -char *des_options(void); -void des_ecb3_encrypt(des_cblock *input,des_cblock *output, - des_key_schedule ks1,des_key_schedule ks2, - des_key_schedule ks3, int enc); -DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output, - long length,des_key_schedule schedule,des_cblock *ivec); -void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec,int enc); -void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec,int enc); -void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec, - des_cblock *inw,des_cblock *outw,int enc); -void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, - long length,des_key_schedule schedule,des_cblock *ivec,int enc); -void des_ecb_encrypt(des_cblock *input,des_cblock *output, - des_key_schedule ks,int enc); -void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); -void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); -void des_encrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3); -void des_decrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3); -void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int enc); -void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int *num, int enc); -void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, des_cblock *ivec, int *num); - -void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white), - des_cblock (*out_white)); - -int des_enc_read(int fd,char *buf,int len,des_key_schedule sched, - des_cblock *iv); -int des_enc_write(int fd,char *buf,int len,des_key_schedule sched, - des_cblock *iv); -char *des_fcrypt(const char *buf,const char *salt, char *ret); -#ifdef PERL5 -char *des_crypt(const char *buf,const char *salt); -#else -/* some stupid compilers complain because I have declared char instead - * of const char */ -#ifndef __KERNEL__ -#ifdef HEADER_DES_LOCL_H -char *crypt(const char *buf,const char *salt); -#else /* HEADER_DES_LOCL_H */ -char *crypt(void); -#endif /* HEADER_DES_LOCL_H */ -#endif /* __KERNEL__ */ -#endif /* PERL5 */ -void des_ofb_encrypt(unsigned char *in,unsigned char *out, - int numbits,long length,des_key_schedule schedule,des_cblock *ivec); -void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length, - des_key_schedule schedule,des_cblock *ivec,int enc); -DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output, - long length,int out_count,des_cblock *seed); -void des_random_seed(des_cblock key); -void des_random_key(des_cblock ret); -int des_read_password(des_cblock *key,char *prompt,int verify); -int des_read_2passwords(des_cblock *key1,des_cblock *key2, - char *prompt,int verify); -int des_read_pw_string(char *buf,int length,char *prompt,int verify); -void des_set_odd_parity(des_cblock *key); -int des_is_weak_key(des_cblock *key); -int des_set_key(des_cblock *key,des_key_schedule schedule); -int des_key_sched(des_cblock *key,des_key_schedule schedule); -void des_string_to_key(char *str,des_cblock *key); -void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2); -void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - des_key_schedule schedule, des_cblock *ivec, int *num, int enc); -void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, - des_key_schedule schedule, des_cblock *ivec, int *num); -int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify); - -/* Extra functions from Mark Murray */ -/* The following functions are not in the normal unix build or the - * SSLeay build. When using the SSLeay build, use RAND_seed() - * and RAND_bytes() instead. */ -int des_new_random_key(des_cblock *key); -void des_init_random_number_generator(des_cblock *key); -void des_set_random_generator_seed(des_cblock *key); -void des_set_sequence_number(des_cblock new_sequence_number); -void des_generate_random_block(des_cblock *block); - -#else - -char *des_options(); -void des_ecb3_encrypt(); -DES_LONG des_cbc_cksum(); -void des_cbc_encrypt(); -void des_ncbc_encrypt(); -void des_xcbc_encrypt(); -void des_cfb_encrypt(); -void des_ede3_cfb64_encrypt(); -void des_ede3_ofb64_encrypt(); -void des_ecb_encrypt(); -void des_encrypt(); -void des_encrypt2(); -void des_encrypt3(); -void des_decrypt3(); -void des_ede3_cbc_encrypt(); -int des_enc_read(); -int des_enc_write(); -char *des_fcrypt(); -#ifdef PERL5 -char *des_crypt(); -#else -char *crypt(); -#endif -void des_ofb_encrypt(); -void des_pcbc_encrypt(); -DES_LONG des_quad_cksum(); -void des_random_seed(); -void des_random_key(); -int des_read_password(); -int des_read_2passwords(); -int des_read_pw_string(); -void des_set_odd_parity(); -int des_is_weak_key(); -int des_set_key(); -int des_key_sched(); -void des_string_to_key(); -void des_string_to_2keys(); -void des_cfb64_encrypt(); -void des_ofb64_encrypt(); -int des_read_pw(); -void des_xwhite_in2out(); - -/* Extra functions from Mark Murray */ -/* The following functions are not in the normal unix build or the - * SSLeay build. When using the SSLeay build, use RAND_seed() - * and RAND_bytes() instead. */ -#ifdef FreeBSD -int des_new_random_key(); -void des_init_random_number_generator(); -void des_set_random_generator_seed(); -void des_set_sequence_number(); -void des_generate_random_block(); -#endif - -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/linux/include/freeswan.h b/linux/include/freeswan.h deleted file mode 100644 index 4ef948b0a..000000000 --- a/linux/include/freeswan.h +++ /dev/null @@ -1,477 +0,0 @@ -#ifndef _FREESWAN_H -/* - * header file for FreeS/WAN library functions - * Copyright (C) 1998, 1999, 2000 Henry Spencer. - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: freeswan.h,v 1.2 2004/03/22 21:53:17 as Exp $ - */ -#define _FREESWAN_H /* seen it, no need to see it again */ - - - -/* - * We've just got to have some datatypes defined... And annoyingly, just - * where we get them depends on whether we're in userland or not. - */ -#ifdef __KERNEL__ - -# include -# include - -#else /* __KERNEL__ */ - -# include -# include - -# define uint8_t u_int8_t -# define uint16_t u_int16_t -# define uint32_t u_int32_t -# define uint64_t u_int64_t - -# define DEBUG_NO_STATIC static - -#endif /* __KERNEL__ */ - -#include - - -/* - * Grab the kernel version to see if we have NET_21, and therefore - * IPv6. Some of this is repeated from ipsec_kversions.h. Of course, - * we aren't really testing if the kernel has IPv6, but rather if the - * the include files do. - */ -#include -#ifndef KERNEL_VERSION -#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) -#define NET_21 -#endif - -#ifndef IPPROTO_COMP -# define IPPROTO_COMP 108 -#endif /* !IPPROTO_COMP */ - -#ifndef IPPROTO_INT -# define IPPROTO_INT 61 -#endif /* !IPPROTO_INT */ - -#ifdef CONFIG_IPSEC_DEBUG -# define DEBUG_NO_STATIC -#else /* CONFIG_IPSEC_DEBUG */ -# define DEBUG_NO_STATIC static -#endif /* CONFIG_IPSEC_DEBUG */ - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL /* KERNEL ifdef */ -#ifndef NAT_TRAVERSAL -#define NAT_TRAVERSAL -#endif -#endif -#ifdef NAT_TRAVERSAL -#define ESPINUDP_WITH_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ -#define ESPINUDP_WITH_NON_ESP 2 /* draft-ietf-ipsec-nat-t-ike-02 */ -#endif - -/* - * Basic data types for the address-handling functions. - * ip_address and ip_subnet are supposed to be opaque types; do not - * use their definitions directly, they are subject to change! - */ - -/* first, some quick fakes in case we're on an old system with no IPv6 */ -#ifndef s6_addr16 -struct in6_addr { - union - { - __u8 u6_addr8[16]; - __u16 u6_addr16[8]; - __u32 u6_addr32[4]; - } in6_u; -#define s6_addr in6_u.u6_addr8 -#define s6_addr16 in6_u.u6_addr16 -#define s6_addr32 in6_u.u6_addr32 -}; -struct sockaddr_in6 { - unsigned short int sin6_family; /* AF_INET6 */ - __u16 sin6_port; /* Transport layer port # */ - __u32 sin6_flowinfo; /* IPv6 flow information */ - struct in6_addr sin6_addr; /* IPv6 address */ - __u32 sin6_scope_id; /* scope id (new in RFC2553) */ -}; -#endif /* !s6_addr16 */ - -/* then the main types */ -typedef struct { - union { - struct sockaddr_in v4; - struct sockaddr_in6 v6; - } u; -} ip_address; -typedef struct { - ip_address addr; - int maskbits; -} ip_subnet; - -/* and the SA ID stuff */ -#ifdef __KERNEL__ -typedef __u32 ipsec_spi_t; -#else -typedef u_int32_t ipsec_spi_t; -#endif -typedef struct { /* to identify an SA, we need: */ - ip_address dst; /* A. destination host */ - ipsec_spi_t spi; /* B. 32-bit SPI, assigned by dest. host */ -# define SPI_PASS 256 /* magic values... */ -# define SPI_DROP 257 /* ...for use... */ -# define SPI_REJECT 258 /* ...with SA_INT */ -# define SPI_HOLD 259 -# define SPI_TRAP 260 -# define SPI_TRAPSUBNET 261 - int proto; /* C. protocol */ -# define SA_ESP 50 /* IPPROTO_ESP */ -# define SA_AH 51 /* IPPROTO_AH */ -# define SA_IPIP 4 /* IPPROTO_IPIP */ -# define SA_COMP 108 /* IPPROTO_COMP */ -# define SA_INT 61 /* IANA reserved for internal use */ -} ip_said; -struct sa_id { /* old v4-only version */ - struct in_addr dst; - ipsec_spi_t spi; - int proto; -}; - -/* misc */ -typedef const char *err_t; /* error message, or NULL for success */ -struct prng { /* pseudo-random-number-generator guts */ - unsigned char sbox[256]; - int i, j; - unsigned long count; -}; - - -/* - * definitions for user space, taken from freeswan/ipsec_sa.h - */ -typedef uint32_t IPsecSAref_t; - -#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t)) - -#define IPsecSAref2NFmark(x) ((x) << (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) -#define NFmark2IPsecSAref(x) ((x) >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) - -#define IPSEC_SAREF_NULL (~((IPsecSAref_t)0)) - -/* GCC magic for use in function definitions! */ -#ifdef GCC_LINT -# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1))) -# define NEVER_RETURNS __attribute__ ((noreturn)) -# define UNUSED __attribute__ ((unused)) -# define BLANK_FORMAT " " /* GCC_LINT whines about empty formats */ -#else -# define PRINTF_LIKE(n) /* ignore */ -# define NEVER_RETURNS /* ignore */ -# define UNUSED /* ignore */ -# define BLANK_FORMAT "" -#endif - - - - - -/* - * new IPv6-compatible functions - */ - -/* text conversions */ -err_t ttoul(const char *src, size_t srclen, int format, unsigned long *dst); -size_t ultot(unsigned long src, int format, char *buf, size_t buflen); -#define ULTOT_BUF (22+1) /* holds 64 bits in octal */ -err_t ttoaddr(const char *src, size_t srclen, int af, ip_address *dst); -err_t tnatoaddr(const char *src, size_t srclen, int af, ip_address *dst); -size_t addrtot(const ip_address *src, int format, char *buf, size_t buflen); -/* RFC 1886 old IPv6 reverse-lookup format is the bulkiest */ -#define ADDRTOT_BUF (32*2 + 3 + 1 + 3 + 1 + 1) -err_t ttosubnet(const char *src, size_t srclen, int af, ip_subnet *dst); -size_t subnettot(const ip_subnet *src, int format, char *buf, size_t buflen); -#define SUBNETTOT_BUF (ADDRTOT_BUF + 1 + 3) -err_t ttosa(const char *src, size_t srclen, ip_said *dst); -size_t satot(const ip_said *src, int format, char *bufptr, size_t buflen); -#define SATOT_BUF (5 + ULTOA_BUF + 1 + ADDRTOT_BUF) -err_t ttodata(const char *src, size_t srclen, int base, char *buf, - size_t buflen, size_t *needed); -err_t ttodatav(const char *src, size_t srclen, int base, - char *buf, size_t buflen, size_t *needed, - char *errp, size_t errlen, unsigned int flags); -#define TTODATAV_BUF 40 /* ttodatav's largest non-literal message */ -#define TTODATAV_IGNORESPACE (1<<1) /* ignore spaces in base64 encodings*/ -#define TTODATAV_SPACECOUNTS 0 /* do not ignore spaces in base64 */ - -size_t datatot(const char *src, size_t srclen, int format, char *buf, - size_t buflen); -size_t keyblobtoid(const unsigned char *src, size_t srclen, char *dst, - size_t dstlen); -size_t splitkeytoid(const unsigned char *e, size_t elen, const unsigned char *m, - size_t mlen, char *dst, size_t dstlen); -#define KEYID_BUF 10 /* up to 9 text digits plus NUL */ -err_t ttoprotoport(char *src, size_t src_len, u_int8_t *proto, u_int16_t *port, - int *has_port_wildcard); - -/* initializations */ -void initsaid(const ip_address *addr, ipsec_spi_t spi, int proto, ip_said *dst); -err_t loopbackaddr(int af, ip_address *dst); -err_t unspecaddr(int af, ip_address *dst); -err_t anyaddr(int af, ip_address *dst); -err_t initaddr(const unsigned char *src, size_t srclen, int af, ip_address *dst); -err_t initsubnet(const ip_address *addr, int maskbits, int clash, ip_subnet *dst); -err_t addrtosubnet(const ip_address *addr, ip_subnet *dst); - -/* misc. conversions and related */ -err_t rangetosubnet(const ip_address *from, const ip_address *to, ip_subnet *dst); -int addrtypeof(const ip_address *src); -int subnettypeof(const ip_subnet *src); -size_t addrlenof(const ip_address *src); -size_t addrbytesptr(const ip_address *src, const unsigned char **dst); -size_t addrbytesof(const ip_address *src, unsigned char *dst, size_t dstlen); -int masktocount(const ip_address *src); -void networkof(const ip_subnet *src, ip_address *dst); -void maskof(const ip_subnet *src, ip_address *dst); - -/* tests */ -int sameaddr(const ip_address *a, const ip_address *b); -int addrcmp(const ip_address *a, const ip_address *b); -int samesubnet(const ip_subnet *a, const ip_subnet *b); -int addrinsubnet(const ip_address *a, const ip_subnet *s); -int subnetinsubnet(const ip_subnet *a, const ip_subnet *b); -int subnetishost(const ip_subnet *s); -int samesaid(const ip_said *a, const ip_said *b); -int sameaddrtype(const ip_address *a, const ip_address *b); -int samesubnettype(const ip_subnet *a, const ip_subnet *b); -int isanyaddr(const ip_address *src); -int isunspecaddr(const ip_address *src); -int isloopbackaddr(const ip_address *src); - -/* low-level grot */ -int portof(const ip_address *src); -void setportof(int port, ip_address *dst); -struct sockaddr *sockaddrof(ip_address *src); -size_t sockaddrlenof(const ip_address *src); - -/* PRNG */ -void prng_init(struct prng *prng, const unsigned char *key, size_t keylen); -void prng_bytes(struct prng *prng, unsigned char *dst, size_t dstlen); -unsigned long prng_count(struct prng *prng); -void prng_final(struct prng *prng); - -/* odds and ends */ -const char *ipsec_version_code(void); -const char *ipsec_version_string(void); -const char **ipsec_copyright_notice(void); - -const char *dns_string_rr(int rr, char *buf, int bufsize); -const char *dns_string_datetime(time_t seconds, - char *buf, - int bufsize); - - -/* - * old functions, to be deleted eventually - */ - -/* unsigned long */ -const char * /* NULL for success, else string literal */ -atoul( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - int base, /* 0 means figure it out */ - unsigned long *resultp -); -size_t /* space needed for full conversion */ -ultoa( - unsigned long n, - int base, - char *dst, - size_t dstlen -); -#define ULTOA_BUF 21 /* just large enough for largest result, */ - /* assuming 64-bit unsigned long! */ - -/* Internet addresses */ -const char * /* NULL for success, else string literal */ -atoaddr( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - struct in_addr *addr -); -size_t /* space needed for full conversion */ -addrtoa( - struct in_addr addr, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); -#define ADDRTOA_BUF 16 /* just large enough for largest result */ - -/* subnets */ -const char * /* NULL for success, else string literal */ -atosubnet( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - struct in_addr *addr, - struct in_addr *mask -); -size_t /* space needed for full conversion */ -subnettoa( - struct in_addr addr, - struct in_addr mask, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); -#define SUBNETTOA_BUF 32 /* large enough for worst case result */ - -/* ranges */ -const char * /* NULL for success, else string literal */ -atoasr( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - char *type, /* 'a', 's', 'r' */ - struct in_addr *addrs /* two-element array */ -); -size_t /* space needed for full conversion */ -rangetoa( - struct in_addr *addrs, /* two-element array */ - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); -#define RANGETOA_BUF 34 /* large enough for worst case result */ - -/* data types for SA conversion functions */ - -/* SAs */ -const char * /* NULL for success, else string literal */ -atosa( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - struct sa_id *sa -); -size_t /* space needed for full conversion */ -satoa( - struct sa_id sa, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); -#define SATOA_BUF (3+ULTOA_BUF+ADDRTOA_BUF) - -/* generic data, e.g. keys */ -const char * /* NULL for success, else string literal */ -atobytes( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - char *dst, - size_t dstlen, - size_t *lenp /* NULL means don't bother telling me */ -); -size_t /* 0 failure, else true size */ -bytestoa( - const char *src, - size_t srclen, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); - -/* old versions of generic-data functions; deprecated */ -size_t /* 0 failure, else true size */ -atodata( - const char *src, - size_t srclen, /* 0 means strlen(src) */ - char *dst, - size_t dstlen -); -size_t /* 0 failure, else true size */ -datatoa( - const char *src, - size_t srclen, - int format, /* character; 0 means default */ - char *dst, - size_t dstlen -); - -/* part extraction and special addresses */ -struct in_addr -subnetof( - struct in_addr addr, - struct in_addr mask -); -struct in_addr -hostof( - struct in_addr addr, - struct in_addr mask -); -struct in_addr -broadcastof( - struct in_addr addr, - struct in_addr mask -); - -/* mask handling */ -int -goodmask( - struct in_addr mask -); -int -masktobits( - struct in_addr mask -); -struct in_addr -bitstomask( - int n -); - - - -/* - * general utilities - */ - -#ifndef __KERNEL__ -/* option pickup from files (userland only because of use of FILE) */ -const char *optionsfrom(const char *filename, int *argcp, char ***argvp, - int optind, FILE *errorreport); -#endif - -/* - * Debugging levels for pfkey_lib_debug - */ -#define PF_KEY_DEBUG_PARSE_NONE 0 -#define PF_KEY_DEBUG_PARSE_PROBLEM 1 -#define PF_KEY_DEBUG_PARSE_STRUCT 2 -#define PF_KEY_DEBUG_PARSE_FLOW 4 -#define PF_KEY_DEBUG_PARSE_MAX 7 - -extern unsigned int pfkey_lib_debug; /* bits selecting what to report */ - -/* - * pluto and lwdnsq need to know the maximum size of the commands to, - * and replies from lwdnsq. - */ - -#define LWDNSQ_CMDBUF_LEN 1024 -#define LWDNSQ_RESULT_LEN_MAX 4096 - -#endif /* _FREESWAN_H */ diff --git a/linux/include/freeswan/ipcomp.h b/linux/include/freeswan/ipcomp.h deleted file mode 100644 index ed8095517..000000000 --- a/linux/include/freeswan/ipcomp.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * IPCOMP zlib interface code. - * Copyright (C) 2000 Svenning Soerensen - * Copyright (C) 2000, 2001 Richard Guy Briggs - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - - RCSID $Id: ipcomp.h,v 1.1 2004/03/15 20:35:25 as Exp $ - - */ - -/* SSS */ - -#ifndef _IPCOMP_H -#define _IPCOMP_H - -/* Prefix all global deflate symbols with "ipcomp_" to avoid collisions with ppp_deflate & ext2comp */ -#ifndef IPCOMP_PREFIX -#define IPCOMP_PREFIX -#endif /* IPCOMP_PREFIX */ - -#ifndef IPPROTO_COMP -#define IPPROTO_COMP 108 -#endif /* IPPROTO_COMP */ - -#ifdef CONFIG_IPSEC_DEBUG -extern int sysctl_ipsec_debug_ipcomp; -#endif /* CONFIG_IPSEC_DEBUG */ - -struct ipcomphdr { /* IPCOMP header */ - __u8 ipcomp_nh; /* Next header (protocol) */ - __u8 ipcomp_flags; /* Reserved, must be 0 */ - __u16 ipcomp_cpi; /* Compression Parameter Index */ -}; - -extern struct inet_protocol comp_protocol; -extern int sysctl_ipsec_debug_ipcomp; - -#define IPCOMP_UNCOMPRESSABLE 0x000000001 -#define IPCOMP_COMPRESSIONERROR 0x000000002 -#define IPCOMP_PARMERROR 0x000000004 -#define IPCOMP_DECOMPRESSIONERROR 0x000000008 - -#define IPCOMP_ADAPT_INITIAL_TRIES 8 -#define IPCOMP_ADAPT_INITIAL_SKIP 4 -#define IPCOMP_ADAPT_SUBSEQ_TRIES 2 -#define IPCOMP_ADAPT_SUBSEQ_SKIP 8 - -/* Function prototypes */ -struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags); -struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags); - -#endif /* _IPCOMP_H */ diff --git a/linux/include/freeswan/ipsec_ah.h b/linux/include/freeswan/ipsec_ah.h deleted file mode 100644 index e088288d3..000000000 --- a/linux/include/freeswan/ipsec_ah.h +++ /dev/null @@ -1,235 +0,0 @@ -/* - * Authentication Header declarations - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_ah.h,v 1.2 2004/03/22 21:53:18 as Exp $ - */ - -#include "ipsec_md5h.h" -#include "ipsec_sha1.h" - -#ifndef IPPROTO_AH -#define IPPROTO_AH 51 -#endif /* IPPROTO_AH */ - -#define AH_FLENGTH 12 /* size of fixed part */ -#define AHMD5_KMAX 64 /* MD5 max 512 bits key */ -#define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */ - -#define AHMD596_KLEN 16 /* MD5 128 bits key */ -#define AHSHA196_KLEN 20 /* SHA1 160 bits key */ - -#define AHMD596_ALEN 16 /* MD5 128 bits authentication length */ -#define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */ - -#define AHMD596_BLKLEN 64 /* MD5 block length */ -#define AHSHA196_BLKLEN 64 /* SHA1 block length */ -#define AHSHA2_256_BLKLEN 64 /* SHA2-256 block length */ -#define AHSHA2_384_BLKLEN 128 /* SHA2-384 block length (?) */ -#define AHSHA2_512_BLKLEN 128 /* SHA2-512 block length */ - -#define AH_BLKLEN_MAX 128 /* keep up to date! */ - -#define AH_AMAX AHSHA196_ALEN /* keep up to date! */ -#define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */ -#define AHHMAC_RPLLEN 4 /* 32 bit replay counter */ - -#define DB_AH_PKTRX 0x0001 -#define DB_AH_PKTRX2 0x0002 -#define DB_AH_DMP 0x0004 -#define DB_AH_IPSA 0x0010 -#define DB_AH_XF 0x0020 -#define DB_AH_INAU 0x0040 -#define DB_AH_REPLAY 0x0100 - -#ifdef __KERNEL__ - -/* General HMAC algorithm is described in RFC 2104 */ - -#define HMAC_IPAD 0x36 -#define HMAC_OPAD 0x5C - -struct md5_ctx { - MD5_CTX ictx; /* context after H(K XOR ipad) */ - MD5_CTX octx; /* context after H(K XOR opad) */ -}; - -struct sha1_ctx { - SHA1_CTX ictx; /* context after H(K XOR ipad) */ - SHA1_CTX octx; /* context after H(K XOR opad) */ -}; - -struct auth_alg { - void (*init)(void *ctx); - void (*update)(void *ctx, unsigned char *bytes, __u32 len); - void (*final)(unsigned char *hash, void *ctx); - int hashlen; -}; - -extern struct inet_protocol ah_protocol; - -struct options; - -extern int -ah_rcv(struct sk_buff *skb, - struct device *dev, - struct options *opt, - __u32 daddr, - unsigned short len, - __u32 saddr, - int redo, - struct inet_protocol *protocol); - -struct ahhdr /* Generic AH header */ -{ - __u8 ah_nh; /* Next header (protocol) */ - __u8 ah_hl; /* AH length, in 32-bit words */ - __u16 ah_rv; /* reserved, must be 0 */ - __u32 ah_spi; /* Security Parameters Index */ - __u32 ah_rpl; /* Replay prevention */ - __u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */ -}; -#define AH_BASIC_LEN 8 /* basic AH header is 8 bytes, nh,hl,rv,spi - * and the ah_hl, says how many bytes after that - * to cover. */ - - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_ah; -#endif /* CONFIG_IPSEC_DEBUG */ -#endif /* __KERNEL__ */ - -/* - * $Log: ipsec_ah.h,v $ - * Revision 1.2 2004/03/22 21:53:18 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.4.1 2004/03/16 09:48:18 as - * alg-0.8.1rc12 patch merged - * - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.20 2003/02/06 02:21:34 rgb - * - * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h . - * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr". - * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code. - * - * Revision 1.19 2002/09/16 21:19:13 mcr - * fixes for west-ah-icmp-01 - length of AH header must be - * calculated properly, and next_header field properly copied. - * - * Revision 1.18 2002/05/14 02:37:02 rgb - * Change reference from _TDB to _IPSA. - * - * Revision 1.17 2002/04/24 07:36:46 mcr - * Moved from ./klips/net/ipsec/ipsec_ah.h,v - * - * Revision 1.16 2002/02/20 01:27:06 rgb - * Ditched a pile of structs only used by the old Netlink interface. - * - * Revision 1.15 2001/12/11 02:35:57 rgb - * Change "struct net_device" to "struct device" for 2.2 compatibility. - * - * Revision 1.14 2001/11/26 09:23:47 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.13.2.1 2001/09/25 02:18:24 mcr - * replace "struct device" with "struct netdevice" - * - * Revision 1.13 2001/06/14 19:35:08 rgb - * Update copyright date. - * - * Revision 1.12 2000/09/12 03:21:20 rgb - * Cleared out unused htonq. - * - * Revision 1.11 2000/09/08 19:12:55 rgb - * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. - * - * Revision 1.10 2000/01/21 06:13:10 rgb - * Tidied up spacing. - * Added macros for HMAC padding magic numbers.(kravietz) - * - * Revision 1.9 1999/12/07 18:16:23 rgb - * Fixed comments at end of #endif lines. - * - * Revision 1.8 1999/04/11 00:28:56 henry - * GPL boilerplate - * - * Revision 1.7 1999/04/06 04:54:25 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.6 1999/01/26 02:06:01 rgb - * Removed CONFIG_IPSEC_ALGO_SWITCH macro. - * - * Revision 1.5 1999/01/22 06:17:49 rgb - * Updated macro comments. - * Added context types to support algorithm switch code. - * 64-bit clean-up -- converting 'u long long' to __u64. - * - * Revision 1.4 1998/07/14 15:54:56 rgb - * Add #ifdef __KERNEL__ to protect kernel-only structures. - * - * Revision 1.3 1998/06/30 18:05:16 rgb - * Comment out references to htonq. - * - * Revision 1.2 1998/06/25 19:33:46 rgb - * Add prototype for protocol receive function. - * Rearrange for more logical layout. - * - * Revision 1.1 1998/06/18 21:27:43 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.4 1998/05/18 22:28:43 rgb - * Disable key printing facilities from /proc/net/ipsec_*. - * - * Revision 1.3 1998/04/21 21:29:07 rgb - * Rearrange debug switches to change on the fly debug output from user - * space. Only kernel changes checked in at this time. radij.c was also - * changed to temporarily remove buggy debugging code in rj_delete causing - * an OOPS and hence, netlink device open errors. - * - * Revision 1.2 1998/04/12 22:03:17 rgb - * Updated ESP-3DES-HMAC-MD5-96, - * ESP-DES-HMAC-MD5-96, - * AH-HMAC-MD5-96, - * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository - * from old standards (RFC182[5-9] to new (as of March 1998) drafts. - * - * Fixed eroute references in /proc/net/ipsec*. - * - * Started to patch module unloading memory leaks in ipsec_netlink and - * radij tree unloading. - * - * Revision 1.1 1998/04/09 03:05:55 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:02 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.4 1997/01/15 01:28:15 ji - * Added definitions for new AH transforms. - * - * Revision 0.3 1996/11/20 14:35:48 ji - * Minor Cleanup. - * Rationalized debugging code. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * - */ diff --git a/linux/include/freeswan/ipsec_alg.h b/linux/include/freeswan/ipsec_alg.h deleted file mode 100644 index a393784b1..000000000 --- a/linux/include/freeswan/ipsec_alg.h +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Modular extensions service and registration functions interface - * - * Author: JuanJo Ciarlante - * - * $Id: ipsec_alg.h,v 1.2 2004/03/22 21:53:18 as Exp $ - * - */ -/* - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - */ -#ifndef IPSEC_ALG_H -#define IPSEC_ALG_H - -/* - * gcc >= 3.2 has removed __FUNCTION__, replaced by C99 __func__ - * *BUT* its a compiler variable. - */ -#if (__GNUC__ >= 3) -#ifndef __FUNCTION__ -#define __FUNCTION__ __func__ -#endif -#endif - -/* Version 0.8.1-0 */ -#define IPSEC_ALG_VERSION 0x00080100 - -#include -#include -#include -/* - * The following structs are used via pointers in ipsec_alg object to - * avoid ipsec_alg.h coupling with freeswan headers, thus simplifying - * module development - */ -struct ipsec_sa; -struct esp; - -/************************************** - * - * Main registration object - * - *************************************/ -#define IPSEC_ALG_VERSION_QUAD(v) \ - (v>>24),((v>>16)&0xff),((v>>8)&0xff),(v&0xff) -/* - * Main ipsec_alg objects: "OOPrograming wannabe" - * Hierachy (carefully handled with _minimal_ cast'ing): - * - * ipsec_alg+ - * +->ipsec_alg_enc (ixt_alg_type=SADB_EXT_SUPPORTED_ENCRYPT) - * +->ipsec_alg_auth (ixt_alg_type=SADB_EXT_SUPPORTED_AUTH) - */ - -/*************************************************************** - * - * INTERFACE object: struct ipsec_alg - * - ***************************************************************/ - -/* - * common part for every struct ipsec_alg_* - * (sortof poor's man OOP) - */ -#define IPSEC_ALG_STRUCT_COMMON \ - unsigned ixt_version; /* only allow this version (or 'near')*/ \ - struct list_head ixt_list; /* dlinked list */ \ - struct module *ixt_module; /* THIS_MODULE */ \ - unsigned ixt_state; /* state flags */ \ - atomic_t ixt_refcnt; /* ref. count when pointed from ipsec_sa */ \ - char ixt_name[16]; /* descriptive short name, eg. "3des" */ \ - void *ixt_data; /* private for algo implementation */ \ - uint8_t ixt_blocksize; /* blocksize in bytes */ \ - \ - /* THIS IS A COPY of struct supported (lib/pfkey.h) \ - * please keep in sync until we migrate 'supported' stuff \ - * to ipsec_alg \ - */ \ - uint16_t ixt_alg_type; /* correspond to IPSEC_ALG_{ENCRYPT,AUTH} */ \ - uint8_t ixt_alg_id; /* enc. alg. number, eg. ESP_3DES */ \ - uint8_t ixt_ivlen; /* ivlen in bits, expected to be multiple of 8! */ \ - uint16_t ixt_keyminbits;/* min. keybits (of entropy) */ \ - uint16_t ixt_keymaxbits;/* max. keybits (of entropy) */ - -#define ixt_support ixt_alg_type - -#define IPSEC_ALG_ST_SUPP 0x01 -#define IPSEC_ALG_ST_REGISTERED 0x02 -#define IPSEC_ALG_ST_EXCL 0x04 -struct ipsec_alg { - IPSEC_ALG_STRUCT_COMMON -}; -/* - * Note the const in cbc_encrypt IV arg: - * some ciphers like to toast passed IV (eg. 3DES): make a local IV copy - */ -struct ipsec_alg_enc { - IPSEC_ALG_STRUCT_COMMON - unsigned ixt_e_keylen; /* raw key length in bytes */ - unsigned ixt_e_ctx_size; /* sa_p->key_e_size */ - int (*ixt_e_set_key)(struct ipsec_alg_enc *alg, __u8 *key_e, const __u8 *key, size_t keysize); - __u8 *(*ixt_e_new_key)(struct ipsec_alg_enc *alg, const __u8 *key, size_t keysize); - void (*ixt_e_destroy_key)(struct ipsec_alg_enc *alg, __u8 *key_e); - int (*ixt_e_cbc_encrypt)(struct ipsec_alg_enc *alg, __u8 *key_e, __u8 *in, int ilen, const __u8 *iv, int encrypt); -}; -struct ipsec_alg_auth { - IPSEC_ALG_STRUCT_COMMON - unsigned ixt_a_keylen; /* raw key length in bytes */ - unsigned ixt_a_ctx_size; /* sa_p->key_a_size */ - unsigned ixt_a_authlen; /* 'natural' auth. hash len (bytes) */ - int (*ixt_a_hmac_set_key)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *key, int keylen); - int (*ixt_a_hmac_hash)(struct ipsec_alg_auth *alg, __u8 *key_a, const __u8 *dat, int len, __u8 *hash, int hashlen); -}; -/* - * These are _copies_ of SADB_EXT_SUPPORTED_{AUTH,ENCRYPT}, - * to avoid header coupling for true constants - * about headers ... "cp is your friend" --Linus - */ -#define IPSEC_ALG_TYPE_AUTH 14 -#define IPSEC_ALG_TYPE_ENCRYPT 15 - -/*************************************************************** - * - * INTERFACE for module loading,testing, and unloading - * - ***************************************************************/ -/* - registration calls */ -int register_ipsec_alg(struct ipsec_alg *); -int unregister_ipsec_alg(struct ipsec_alg *); -/* - optional (simple test) for algos */ -int ipsec_alg_test(unsigned alg_type, unsigned alg_id, int testparm); -/* inline wrappers (usefull for type validation */ -static inline int register_ipsec_alg_enc(struct ipsec_alg_enc *ixt) { - return register_ipsec_alg((struct ipsec_alg*)ixt); -} -static inline int unregister_ipsec_alg_enc(struct ipsec_alg_enc *ixt) { - return unregister_ipsec_alg((struct ipsec_alg*)ixt); -} -static inline int register_ipsec_alg_auth(struct ipsec_alg_auth *ixt) { - return register_ipsec_alg((struct ipsec_alg*)ixt); -} -static inline int unregister_ipsec_alg_auth(struct ipsec_alg_auth *ixt) { - return unregister_ipsec_alg((struct ipsec_alg*)ixt); -} - -/***************************************************************** - * - * INTERFACE for ENC services: key creation, encrypt function - * - *****************************************************************/ - -#define IPSEC_ALG_ENCRYPT 1 -#define IPSEC_ALG_DECRYPT 0 - -/* encryption key context creation function */ -int ipsec_alg_enc_key_create(struct ipsec_sa *sa_p); -/* - * ipsec_alg_esp_encrypt(): encrypt ilen bytes in idat returns - * 0 or ERR<0 - */ -int ipsec_alg_esp_encrypt(struct ipsec_sa *sa_p, __u8 *idat, int ilen, const __u8 *iv, int action); - -/*************************************************************** - * - * INTERFACE for AUTH services: key creation, hash functions - * - ***************************************************************/ -int ipsec_alg_auth_key_create(struct ipsec_sa *sa_p); -int ipsec_alg_sa_esp_hash(const struct ipsec_sa *sa_p, const __u8 *espp, int len, __u8 *hash, int hashlen) ; -#define ipsec_alg_sa_esp_update(c,k,l) ipsec_alg_sa_esp_hash(c,k,l,NULL,0) - -/* only called from ipsec_init.c */ -int ipsec_alg_init(void); - -/* algo module glue for static algos */ -void ipsec_alg_static_init(void); -typedef int (*ipsec_alg_init_func_t) (void); - -/********************************************** - * - * INTERFACE for ipsec_sa init and wipe - * - **********************************************/ - -/* returns true if ipsec_sa has ipsec_alg obj attached */ -/* - * Initializes ipsec_sa's ipsec_alg object, using already loaded - * proto, authalg, encalg.; links ipsec_alg objects (enc, auth) - */ -int ipsec_alg_sa_init(struct ipsec_sa *sa_p); -/* - * Destroys ipsec_sa's ipsec_alg object - * unlinking ipsec_alg objects - */ -int ipsec_alg_sa_wipe(struct ipsec_sa *sa_p); - -/********************************************** - * - * 2.2 backport for some 2.4 useful module stuff - * - **********************************************/ -#ifdef MODULE -#ifndef THIS_MODULE -#define THIS_MODULE (&__this_module) -#endif -#ifndef module_init -typedef int (*__init_module_func_t)(void); -typedef void (*__cleanup_module_func_t)(void); - -#define module_init(x) \ - int init_module(void) __attribute__((alias(#x))); \ - static inline __init_module_func_t __init_module_inline(void) \ - { return x; } -#define module_exit(x) \ - void cleanup_module(void) __attribute__((alias(#x))); \ - static inline __cleanup_module_func_t __cleanup_module_inline(void) \ - { return x; } -#endif - -#define IPSEC_ALG_MODULE_INIT( func_name ) \ - static int func_name(void); \ - module_init(func_name); \ - static int __init func_name(void) -#define IPSEC_ALG_MODULE_EXIT( func_name ) \ - static void func_name(void); \ - module_exit(func_name); \ - static void __exit func_name(void) -#else /* not MODULE */ -#ifndef THIS_MODULE -#define THIS_MODULE NULL -#endif -/* - * I only want module_init() magic - * when algo.c file *is THE MODULE*, in all other - * cases, initialization is called explicitely from ipsec_alg_init() - */ -#define IPSEC_ALG_MODULE_INIT( func_name ) \ - extern int func_name(void); \ - int func_name(void) -#define IPSEC_ALG_MODULE_EXIT( func_name ) \ - extern void func_name(void); \ - void func_name(void) -#endif - -#endif /* IPSEC_ALG_H */ diff --git a/linux/include/freeswan/ipsec_encap.h b/linux/include/freeswan/ipsec_encap.h deleted file mode 100644 index 17cd69269..000000000 --- a/linux/include/freeswan/ipsec_encap.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - * declarations relevant to encapsulation-like operations - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_encap.h,v 1.1 2004/03/15 20:35:25 as Exp $ - */ - -#ifndef _IPSEC_ENCAP_H_ - -#define SENT_IP4 16 /* data is two struct in_addr + proto + ports*/ - /* (2 * sizeof(struct in_addr)) */ - /* sizeof(struct sockaddr_encap) - - offsetof(struct sockaddr_encap, Sen.Sip4.Src) */ - -struct sockaddr_encap -{ - __u8 sen_len; /* length */ - __u8 sen_family; /* AF_ENCAP */ - __u16 sen_type; /* see SENT_* */ - union - { - struct /* SENT_IP4 */ - { - struct in_addr Src; - struct in_addr Dst; - __u8 Proto; - __u16 Sport; - __u16 Dport; - } Sip4; - } Sen; -}; - -#define sen_ip_src Sen.Sip4.Src -#define sen_ip_dst Sen.Sip4.Dst -#define sen_proto Sen.Sip4.Proto -#define sen_sport Sen.Sip4.Sport -#define sen_dport Sen.Sip4.Dport - -#ifndef AF_ENCAP -#define AF_ENCAP 26 -#endif /* AF_ENCAP */ - -#define _IPSEC_ENCAP_H_ -#endif /* _IPSEC_ENCAP_H_ */ - -/* - * $Log: ipsec_encap.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.17 2002/04/24 07:36:46 mcr - * Moved from ./klips/net/ipsec/ipsec_encap.h,v - * - * Revision 1.16 2001/11/26 09:23:47 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.15.2.1 2001/09/25 02:18:54 mcr - * struct eroute moved to ipsec_eroute.h - * - * Revision 1.15 2001/09/14 16:58:36 rgb - * Added support for storing the first and last packets through a HOLD. - * - * Revision 1.14 2001/09/08 21:13:31 rgb - * Added pfkey ident extension support for ISAKMPd. (NetCelo) - * - * Revision 1.13 2001/06/14 19:35:08 rgb - * Update copyright date. - * - * Revision 1.12 2001/05/27 06:12:10 rgb - * Added structures for pid, packet count and last access time to eroute. - * Added packet count to beginning of /proc/net/ipsec_eroute. - * - * Revision 1.11 2000/09/08 19:12:56 rgb - * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. - * - * Revision 1.10 2000/03/22 16:15:36 rgb - * Fixed renaming of dev_get (MB). - * - * Revision 1.9 2000/01/21 06:13:26 rgb - * Added a macro for AF_ENCAP - * - * Revision 1.8 1999/12/31 14:56:55 rgb - * MB fix for 2.3 dev-use-count. - * - * Revision 1.7 1999/11/18 04:09:18 rgb - * Replaced all kernel version macros to shorter, readable form. - * - * Revision 1.6 1999/09/24 00:34:13 rgb - * Add Marc Boucher's support for 2.3.xx+. - * - * Revision 1.5 1999/04/11 00:28:57 henry - * GPL boilerplate - * - * Revision 1.4 1999/04/06 04:54:25 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.3 1998/10/19 14:44:28 rgb - * Added inclusion of freeswan.h. - * sa_id structure implemented and used: now includes protocol. - * - * Revision 1.2 1998/07/14 18:19:33 rgb - * Added #ifdef __KERNEL__ directives to restrict scope of header. - * - * Revision 1.1 1998/06/18 21:27:44 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.2 1998/04/21 21:29:10 rgb - * Rearrange debug switches to change on the fly debug output from user - * space. Only kernel changes checked in at this time. radij.c was also - * changed to temporarily remove buggy debugging code in rj_delete causing - * an OOPS and hence, netlink device open errors. - * - * Revision 1.1 1998/04/09 03:05:58 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:02 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.4 1997/01/15 01:28:15 ji - * Minor cosmetic changes. - * - * Revision 0.3 1996/11/20 14:35:48 ji - * Minor Cleanup. - * Rationalized debugging code. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * - */ diff --git a/linux/include/freeswan/ipsec_eroute.h b/linux/include/freeswan/ipsec_eroute.h deleted file mode 100644 index 2ee2a10b8..000000000 --- a/linux/include/freeswan/ipsec_eroute.h +++ /dev/null @@ -1,103 +0,0 @@ -/* - * @(#) declarations of eroute structures - * - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs - * Copyright (C) 2001 Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_eroute.h,v 1.1 2004/03/15 20:35:25 as Exp $ - * - * derived from ipsec_encap.h 1.15 on 2001/9/18 by mcr. - * - */ - -#ifndef _IPSEC_EROUTE_H_ - -#include "radij.h" -#include "ipsec_encap.h" -#include "ipsec_radij.h" - -/* - * The "type" is really part of the address as far as the routing - * system is concerned. By using only one bit in the type field - * for each type, we sort-of make sure that different types of - * encapsulation addresses won't be matched against the wrong type. - */ - -/* - * An entry in the radix tree - */ - -struct rjtentry -{ - struct radij_node rd_nodes[2]; /* tree glue, and other values */ -#define rd_key(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_key)) -#define rd_mask(r) ((struct sockaddr_encap *)((r)->rd_nodes->rj_mask)) - short rd_flags; - short rd_count; -}; - -struct ident -{ - __u16 type; /* identity type */ - __u64 id; /* identity id */ - __u8 len; /* identity len */ - caddr_t data; /* identity data */ -}; - -/* - * An encapsulation route consists of a pointer to a - * radix tree entry and a SAID (a destination_address/SPI/protocol triple). - */ - -struct eroute -{ - struct rjtentry er_rjt; - struct sa_id er_said; - uint32_t er_pid; - uint32_t er_count; - uint64_t er_lasttime; - struct sockaddr_encap er_eaddr; /* MCR get rid of _encap, it is silly*/ - struct sockaddr_encap er_emask; - struct ident er_ident_s; - struct ident er_ident_d; - struct sk_buff* er_first; - struct sk_buff* er_last; -}; - -#define er_dst er_said.dst -#define er_spi er_said.spi - -#define _IPSEC_EROUTE_H_ -#endif /* _IPSEC_EROUTE_H_ */ - -/* - * $Log: ipsec_eroute.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.3 2002/04/24 07:36:46 mcr - * Moved from ./klips/net/ipsec/ipsec_eroute.h,v - * - * Revision 1.2 2001/11/26 09:16:13 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.1.2.1 2001/09/25 02:18:54 mcr - * struct eroute moved to ipsec_eroute.h - * - * - * Local variables: - * c-file-style: "linux" - * End: - * - */ diff --git a/linux/include/freeswan/ipsec_errs.h b/linux/include/freeswan/ipsec_errs.h deleted file mode 100644 index f14b5e675..000000000 --- a/linux/include/freeswan/ipsec_errs.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * @(#) definition of ipsec_errs structure - * - * Copyright (C) 2001 Richard Guy Briggs - * and Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_errs.h,v 1.1 2004/03/15 20:35:25 as Exp $ - * - */ - -/* - * This file describes the errors/statistics that FreeSWAN collects. - * - */ - -struct ipsec_errs { - __u32 ips_alg_errs; /* number of algorithm errors */ - __u32 ips_auth_errs; /* # of authentication errors */ - __u32 ips_encsize_errs; /* # of encryption size errors*/ - __u32 ips_encpad_errs; /* # of encryption pad errors*/ - __u32 ips_replaywin_errs; /* # of pkt sequence errors */ -}; - -/* - * $Log: ipsec_errs.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.3 2002/04/24 07:36:46 mcr - * Moved from ./klips/net/ipsec/ipsec_errs.h,v - * - * Revision 1.2 2001/11/26 09:16:13 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.1.2.1 2001/09/25 02:25:57 mcr - * lifetime structure created and common functions created. - * - * - * Local variables: - * c-file-style: "linux" - * End: - * - */ diff --git a/linux/include/freeswan/ipsec_esp.h b/linux/include/freeswan/ipsec_esp.h deleted file mode 100644 index c7d5ea15d..000000000 --- a/linux/include/freeswan/ipsec_esp.h +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_esp.h,v 1.2 2004/03/22 21:53:18 as Exp $ - */ - -#include "freeswan/ipsec_md5h.h" -#include "freeswan/ipsec_sha1.h" - -#include "crypto/des.h" - -#ifndef IPPROTO_ESP -#define IPPROTO_ESP 50 -#endif /* IPPROTO_ESP */ - -#define ESP_HEADER_LEN 8 /* 64 bits header (spi+rpl)*/ - -#define EMT_ESPDESCBC_ULEN 20 /* coming from user mode */ -#define EMT_ESPDES_KMAX 64 /* 512 bit secret key enough? */ -#define EMT_ESPDES_KEY_SZ 8 /* 56 bit secret key with parity = 64 bits */ -#define EMT_ESP3DES_KEY_SZ 24 /* 168 bit secret key with parity = 192 bits */ -#define EMT_ESPDES_IV_SZ 8 /* IV size */ -#define ESP_DESCBC_BLKLEN 8 /* DES-CBC block size */ - -#define ESP_IV_MAXSZ 16 /* This is _critical_ */ -#define ESP_IV_MAXSZ_INT (ESP_IV_MAXSZ/sizeof(int)) - -#define DB_ES_PKTRX 0x0001 -#define DB_ES_PKTRX2 0x0002 -#define DB_ES_IPSA 0x0010 -#define DB_ES_XF 0x0020 -#define DB_ES_IPAD 0x0040 -#define DB_ES_INAU 0x0080 -#define DB_ES_OINFO 0x0100 -#define DB_ES_OINFO2 0x0200 -#define DB_ES_OH 0x0400 -#define DB_ES_REPLAY 0x0800 - -#ifdef __KERNEL__ -struct des_eks { - des_key_schedule ks; -}; - -extern struct inet_protocol esp_protocol; - -struct options; - -extern int -esp_rcv(struct sk_buff *skb, - struct device *dev, - struct options *opt, - __u32 daddr, - unsigned short len, - __u32 saddr, - int redo, - struct inet_protocol *protocol); - -/* Only for 64 bits IVs, eg. ESP_3DES :P */ -struct esphdr -{ - __u32 esp_spi; /* Security Parameters Index */ - __u32 esp_rpl; /* Replay counter */ - __u8 esp_iv[8]; /* iv */ -}; - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_esp; -#endif /* CONFIG_IPSEC_DEBUG */ -#endif /* __KERNEL__ */ - -/* - * $Log: ipsec_esp.h,v $ - * Revision 1.2 2004/03/22 21:53:18 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.4.1 2004/03/16 09:48:18 as - * alg-0.8.1rc12 patch merged - * - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.21 2003/02/06 02:21:34 rgb - * - * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h . - * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr". - * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code. - * - * Revision 1.20 2002/05/14 02:37:02 rgb - * Change reference from _TDB to _IPSA. - * - * Revision 1.19 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.18 2002/04/24 07:36:46 mcr - * Moved from ./klips/net/ipsec/ipsec_esp.h,v - * - * Revision 1.17 2002/02/20 01:27:07 rgb - * Ditched a pile of structs only used by the old Netlink interface. - * - * Revision 1.16 2001/12/11 02:35:57 rgb - * Change "struct net_device" to "struct device" for 2.2 compatibility. - * - * Revision 1.15 2001/11/26 09:23:48 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.14.2.3 2001/10/23 04:16:42 mcr - * get definition of des_key_schedule from des.h - * - * Revision 1.14.2.2 2001/10/22 20:33:13 mcr - * use "des_key_schedule" structure instead of cooking our own. - * - * Revision 1.14.2.1 2001/09/25 02:18:25 mcr - * replace "struct device" with "struct netdevice" - * - * Revision 1.14 2001/06/14 19:35:08 rgb - * Update copyright date. - * - * Revision 1.13 2000/09/08 19:12:56 rgb - * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. - * - * Revision 1.12 2000/08/01 14:51:50 rgb - * Removed _all_ remaining traces of DES. - * - * Revision 1.11 2000/01/10 16:36:20 rgb - * Ditch last of EME option flags, including initiator. - * - * Revision 1.10 1999/12/07 18:16:22 rgb - * Fixed comments at end of #endif lines. - * - * Revision 1.9 1999/04/11 00:28:57 henry - * GPL boilerplate - * - * Revision 1.8 1999/04/06 04:54:25 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.7 1999/01/26 02:06:00 rgb - * Removed CONFIG_IPSEC_ALGO_SWITCH macro. - * - * Revision 1.6 1999/01/22 15:22:05 rgb - * Re-enable IV in the espblkrply_edata structure to avoid breaking pluto - * until pluto can be fixed properly. - * - * Revision 1.5 1999/01/22 06:18:16 rgb - * Updated macro comments. - * Added key schedule types to support algorithm switch code. - * - * Revision 1.4 1998/08/12 00:07:32 rgb - * Added data structures for new xforms: null, {,3}dessha1. - * - * Revision 1.3 1998/07/14 15:57:01 rgb - * Add #ifdef __KERNEL__ to protect kernel-only structures. - * - * Revision 1.2 1998/06/25 19:33:46 rgb - * Add prototype for protocol receive function. - * Rearrange for more logical layout. - * - * Revision 1.1 1998/06/18 21:27:45 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.6 1998/06/05 02:28:08 rgb - * Minor comment fix. - * - * Revision 1.5 1998/05/27 22:34:00 rgb - * Changed structures to accomodate key separation. - * - * Revision 1.4 1998/05/18 22:28:43 rgb - * Disable key printing facilities from /proc/net/ipsec_*. - * - * Revision 1.3 1998/04/21 21:29:07 rgb - * Rearrange debug switches to change on the fly debug output from user - * space. Only kernel changes checked in at this time. radij.c was also - * changed to temporarily remove buggy debugging code in rj_delete causing - * an OOPS and hence, netlink device open errors. - * - * Revision 1.2 1998/04/12 22:03:20 rgb - * Updated ESP-3DES-HMAC-MD5-96, - * ESP-DES-HMAC-MD5-96, - * AH-HMAC-MD5-96, - * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository - * from old standards (RFC182[5-9] to new (as of March 1998) drafts. - * - * Fixed eroute references in /proc/net/ipsec*. - * - * Started to patch module unloading memory leaks in ipsec_netlink and - * radij tree unloading. - * - * Revision 1.1 1998/04/09 03:06:00 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:02 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.5 1997/06/03 04:24:48 ji - * Added ESP-3DES-MD5-96 transform. - * - * Revision 0.4 1997/01/15 01:28:15 ji - * Added definitions for new ESP transforms. - * - * Revision 0.3 1996/11/20 14:35:48 ji - * Minor Cleanup. - * Rationalized debugging code. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * - */ diff --git a/linux/include/freeswan/ipsec_ipe4.h b/linux/include/freeswan/ipsec_ipe4.h deleted file mode 100644 index 73b6ae899..000000000 --- a/linux/include/freeswan/ipsec_ipe4.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * IP-in-IP Header declarations - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_ipe4.h,v 1.1 2004/03/15 20:35:25 as Exp $ - */ - -/* The packet header is an IP header! */ - -struct ipe4_xdata /* transform table data */ -{ - struct in_addr i4_src; - struct in_addr i4_dst; -}; - -#define EMT_IPE4_ULEN 8 /* coming from user mode */ - - -/* - * $Log: ipsec_ipe4.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.5 2002/04/24 07:36:46 mcr - * Moved from ./klips/net/ipsec/ipsec_ipe4.h,v - * - * Revision 1.4 2001/06/14 19:35:08 rgb - * Update copyright date. - * - * Revision 1.3 1999/04/11 00:28:57 henry - * GPL boilerplate - * - * Revision 1.2 1999/04/06 04:54:25 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.1 1998/06/18 21:27:47 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.1 1998/04/09 03:06:07 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:03 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.4 1997/01/15 01:28:15 ji - * No changes. - * - * Revision 0.3 1996/11/20 14:48:53 ji - * Release update only. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * - */ diff --git a/linux/include/freeswan/ipsec_kversion.h b/linux/include/freeswan/ipsec_kversion.h deleted file mode 100644 index 7bf56ac7f..000000000 --- a/linux/include/freeswan/ipsec_kversion.h +++ /dev/null @@ -1,227 +0,0 @@ -#ifndef _FREESWAN_KVERSIONS_H -/* - * header file for FreeS/WAN library functions - * Copyright (C) 1998, 1999, 2000 Henry Spencer. - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ipsec_kversion.h,v 1.1 2004/03/15 20:35:25 as Exp $ - */ -#define _FREESWAN_KVERSIONS_H /* seen it, no need to see it again */ - -/* - * this file contains a series of atomic defines that depend upon - * kernel version numbers. The kernel versions are arranged - * in version-order number (which is often not chronological) - * and each clause enables or disables a feature. - */ - -/* - * First, assorted kernel-version-dependent trickery. - */ -#include -#ifndef KERNEL_VERSION -#define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,0) -#define HEADER_CACHE_BIND_21 -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,1,0) -#define SPINLOCK -#define PROC_FS_21 -#define NETLINK_SOCK -#define NET_21 -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,1,19) -#define net_device_stats enet_statistics -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) -#define SPINLOCK_23 -#define NETDEV_23 -# ifndef CONFIG_IP_ALIAS -# define CONFIG_IP_ALIAS -# endif -#include -#include -#include -# ifdef NETLINK_XFRM -# define NETDEV_25 -# endif -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,25) -#define PROC_FS_2325 -#undef PROC_FS_21 -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,30) -#define PROC_NO_DUMMY -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,35) -#define SKB_COPY_EXPAND -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,37) -#define IP_SELECT_IDENT -#endif - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,50)) && defined(CONFIG_NETFILTER) -#define SKB_RESET_NFCT -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,2) -#define IP_SELECT_IDENT_NEW -#endif - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) -#define IPH_is_SKB_PULLED -#define SKB_COW_NEW -#define PROTO_HANDLER_SINGLE_PARM -#define IP_FRAGMENT_LINEARIZE 1 -#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */ -# ifdef REDHAT_BOGOSITY -# define IP_SELECT_IDENT_NEW -# define IPH_is_SKB_PULLED -# define SKB_COW_NEW -# define PROTO_HANDLER_SINGLE_PARM -# endif /* REDHAT_BOGOSITY */ -#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,4) */ - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9) -#define MALLOC_SLAB -#define LINUX_KERNEL_HAS_SNPRINTF -#endif - -#ifdef NET_21 -# include -#else - /* old kernel in.h has some IPv6 stuff, but not quite enough */ -# define s6_addr16 s6_addr -# define AF_INET6 10 -# define uint8_t __u8 -# define uint16_t __u16 -# define uint32_t __u32 -# define uint64_t __u64 -#endif - -#ifdef NET_21 -# define ipsec_kfree_skb(a) kfree_skb(a) -#else /* NET_21 */ -# define ipsec_kfree_skb(a) kfree_skb(a, FREE_WRITE) -#endif /* NET_21 */ - -#ifdef NETDEV_23 -# define device net_device -# define ipsec_dev_get dev_get_by_name -# define __ipsec_dev_get __dev_get_by_name -# define ipsec_dev_put(x) dev_put(x) -# define __ipsec_dev_put(x) __dev_put(x) -# define ipsec_dev_hold(x) dev_hold(x) -#else /* NETDEV_23 */ -# define ipsec_dev_get dev_get -# define __ipsec_dev_put(x) -# define ipsec_dev_put(x) -# define ipsec_dev_hold(x) -#endif /* NETDEV_23 */ - -#ifndef SPINLOCK -# include - /* simulate spin locks and read/write locks */ - typedef struct { - volatile char lock; - } spinlock_t; - - typedef struct { - volatile unsigned int lock; - } rwlock_t; - -# define spin_lock_init(x) { (x)->lock = 0;} -# define rw_lock_init(x) { (x)->lock = 0; } - -# define spin_lock(x) { while ((x)->lock) barrier(); (x)->lock=1;} -# define spin_lock_irq(x) { cli(); spin_lock(x);} -# define spin_lock_irqsave(x,flags) { save_flags(flags); spin_lock_irq(x);} - -# define spin_unlock(x) { (x)->lock=0;} -# define spin_unlock_irq(x) { spin_unlock(x); sti();} -# define spin_unlock_irqrestore(x,flags) { spin_unlock(x); restore_flags(flags);} - -# define read_lock(x) spin_lock(x) -# define read_lock_irq(x) spin_lock_irq(x) -# define read_lock_irqsave(x,flags) spin_lock_irqsave(x,flags) - -# define read_unlock(x) spin_unlock(x) -# define read_unlock_irq(x) spin_unlock_irq(x) -# define read_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags) - -# define write_lock(x) spin_lock(x) -# define write_lock_irq(x) spin_lock_irq(x) -# define write_lock_irqsave(x,flags) spin_lock_irqsave(x,flags) - -# define write_unlock(x) spin_unlock(x) -# define write_unlock_irq(x) spin_unlock_irq(x) -# define write_unlock_irqrestore(x,flags) spin_unlock_irqrestore(x,flags) -#endif /* !SPINLOCK */ - -#ifndef SPINLOCK_23 -# define spin_lock_bh(x) spin_lock_irq(x) -# define spin_unlock_bh(x) spin_unlock_irq(x) - -# define read_lock_bh(x) read_lock_irq(x) -# define read_unlock_bh(x) read_unlock_irq(x) - -# define write_lock_bh(x) write_lock_irq(x) -# define write_unlock_bh(x) write_unlock_irq(x) -#endif /* !SPINLOCK_23 */ - -#endif /* _FREESWAN_KVERSIONS_H */ - -/* - * $Log: ipsec_kversion.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.7 2003/07/31 22:48:08 mcr - * derive NET25-ness from presence of NETLINK_XFRM macro. - * - * Revision 1.6 2003/06/24 20:22:32 mcr - * added new global: ipsecdevices[] so that we can keep track of - * the ipsecX devices. They will be referenced with dev_hold(), - * so 2.2 may need this as well. - * - * Revision 1.5 2003/04/03 17:38:09 rgb - * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. - * - * Revision 1.4 2002/04/24 07:36:46 mcr - * Moved from ./klips/net/ipsec/ipsec_kversion.h,v - * - * Revision 1.3 2002/04/12 03:21:17 mcr - * three parameter version of ip_select_ident appears first - * in 2.4.2 (RH7.1) not 2.4.4. - * - * Revision 1.2 2002/03/08 21:35:22 rgb - * Defined LINUX_KERNEL_HAS_SNPRINTF to shut up compiler warnings after - * 2.4.9. (Andreas Piesk). - * - * Revision 1.1 2002/01/29 02:11:42 mcr - * removal of kversions.h - sources that needed it now use ipsec_param.h. - * updating of IPv6 structures to match latest in6.h version. - * removed dead code from freeswan.h that also duplicated kversions.h - * code. - * - * - */ diff --git a/linux/include/freeswan/ipsec_life.h b/linux/include/freeswan/ipsec_life.h deleted file mode 100644 index 4cf270272..000000000 --- a/linux/include/freeswan/ipsec_life.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Definitions relevant to IPSEC lifetimes - * Copyright (C) 2001 Richard Guy Briggs - * and Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_life.h,v 1.1 2004/03/15 20:35:25 as Exp $ - * - * This file derived from ipsec_xform.h on 2001/9/18 by mcr. - * - */ - -/* - * This file describes the book keeping fields for the - * IPsec Security Association Structure. ("ipsec_sa") - * - * This structure is never allocated directly by kernel code, - * (it is always a static/auto or is part of a structure) - * so it does not have a reference count. - * - */ - -#ifndef _IPSEC_LIFE_H_ - -/* - * _count is total count. - * _hard is hard limit (kill SA after this number) - * _soft is soft limit (try to renew SA after this number) - * _last is used in some special cases. - * - */ - -struct ipsec_lifetime64 -{ - __u64 ipl_count; - __u64 ipl_soft; - __u64 ipl_hard; - __u64 ipl_last; -}; - -struct ipsec_lifetimes -{ - /* number of bytes processed */ - struct ipsec_lifetime64 ipl_bytes; - - /* number of packets processed */ - struct ipsec_lifetime64 ipl_packets; - - /* time since SA was added */ - struct ipsec_lifetime64 ipl_addtime; - - /* time since SA was first used */ - struct ipsec_lifetime64 ipl_usetime; - - /* from rfc2367: - * For CURRENT, the number of different connections, - * endpoints, or flows that the association has been - * allocated towards. For HARD and SOFT, the number of - * these the association may be allocated towards - * before it expires. The concept of a connection, - * flow, or endpoint is system specific. - * - * mcr(2001-9-18) it is unclear what purpose these serve for FreeSWAN. - * They are maintained for PF_KEY compatibility. - */ - struct ipsec_lifetime64 ipl_allocations; -}; - -enum ipsec_life_alive { - ipsec_life_harddied = -1, - ipsec_life_softdied = 0, - ipsec_life_okay = 1 -}; - -enum ipsec_life_type { - ipsec_life_timebased = 1, - ipsec_life_countbased= 0 -}; - -#define _IPSEC_LIFE_H_ -#endif /* _IPSEC_LIFE_H_ */ - - -/* - * $Log: ipsec_life.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.3 2002/04/24 07:36:46 mcr - * Moved from ./klips/net/ipsec/ipsec_life.h,v - * - * Revision 1.2 2001/11/26 09:16:14 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.1.2.1 2001/09/25 02:25:58 mcr - * lifetime structure created and common functions created. - * - * - * Local variables: - * c-file-style: "linux" - * End: - * - */ diff --git a/linux/include/freeswan/ipsec_md5h.h b/linux/include/freeswan/ipsec_md5h.h deleted file mode 100644 index 3fc54bc82..000000000 --- a/linux/include/freeswan/ipsec_md5h.h +++ /dev/null @@ -1,140 +0,0 @@ -/* - * RCSID $Id: ipsec_md5h.h,v 1.1 2004/03/15 20:35:25 as Exp $ - */ - -/* - * The rest of this file is Copyright RSA DSI. See the following comments - * for the full Copyright notice. - */ - -#ifndef _IPSEC_MD5H_H_ -#define _IPSEC_MD5H_H_ - -/* GLOBAL.H - RSAREF types and constants - */ - -/* PROTOTYPES should be set to one if and only if the compiler supports - function argument prototyping. - The following makes PROTOTYPES default to 0 if it has not already - been defined with C compiler flags. - */ -#ifndef PROTOTYPES -#define PROTOTYPES 1 -#endif /* !PROTOTYPES */ - -/* POINTER defines a generic pointer type */ -typedef __u8 *POINTER; - -/* UINT2 defines a two byte word */ -typedef __u16 UINT2; - -/* UINT4 defines a four byte word */ -typedef __u32 UINT4; - -/* PROTO_LIST is defined depending on how PROTOTYPES is defined above. - If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it - returns an empty list. - */ - -#if PROTOTYPES -#define PROTO_LIST(list) list -#else /* PROTOTYPES */ -#define PROTO_LIST(list) () -#endif /* PROTOTYPES */ - - -/* MD5.H - header file for MD5C.C - */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. - */ - -/* MD5 context. */ -typedef struct { - UINT4 state[4]; /* state (ABCD) */ - UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ - unsigned char buffer[64]; /* input buffer */ -} MD5_CTX; - -void MD5Init PROTO_LIST ((void *)); -void MD5Update PROTO_LIST - ((void *, unsigned char *, __u32)); -void MD5Final PROTO_LIST ((unsigned char [16], void *)); - -#endif /* _IPSEC_MD5H_H_ */ - -/* - * $Log: ipsec_md5h.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.8 2002/09/10 01:45:09 mcr - * changed type of MD5_CTX and SHA1_CTX to void * so that - * the function prototypes would match, and could be placed - * into a pointer to a function. - * - * Revision 1.7 2002/04/24 07:36:46 mcr - * Moved from ./klips/net/ipsec/ipsec_md5h.h,v - * - * Revision 1.6 1999/12/13 13:59:13 rgb - * Quick fix to argument size to Update bugs. - * - * Revision 1.5 1999/12/07 18:16:23 rgb - * Fixed comments at end of #endif lines. - * - * Revision 1.4 1999/04/06 04:54:26 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.3 1999/01/22 06:19:58 rgb - * 64-bit clean-up. - * - * Revision 1.2 1998/11/30 13:22:54 rgb - * Rationalised all the klips kernel file headers. They are much shorter - * now and won't conflict under RH5.2. - * - * Revision 1.1 1998/06/18 21:27:48 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.2 1998/04/23 20:54:03 rgb - * Fixed md5 and sha1 include file nesting issues, to be cleaned up when - * verified. - * - * Revision 1.1 1998/04/09 03:04:21 henry - * sources moved up from linux/net/ipsec - * these two include files modified not to include others except in kernel - * - * Revision 1.1.1.1 1998/04/08 05:35:03 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.4 1997/01/15 01:28:15 ji - * No changes. - * - * Revision 0.3 1996/11/20 14:48:53 ji - * Release update only. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * - */ diff --git a/linux/include/freeswan/ipsec_param.h b/linux/include/freeswan/ipsec_param.h deleted file mode 100644 index 02b36e6a3..000000000 --- a/linux/include/freeswan/ipsec_param.h +++ /dev/null @@ -1,226 +0,0 @@ -/* - * @(#) FreeSWAN tunable paramaters - * - * Copyright (C) 2001 Richard Guy Briggs - * and Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_param.h,v 1.2 2004/04/28 08:07:11 as Exp $ - * - */ - -/* - * This file provides a set of #define's which may be tuned by various - * people/configurations. It keeps all compile-time tunables in one place. - * - * This file should be included before all other IPsec kernel-only files. - * - */ - -#ifndef _IPSEC_PARAM_H_ - -#ifdef __KERNEL__ -#include "ipsec_kversion.h" - -/* Set number of ipsecX virtual devices here. */ -/* This must be < exp(field width of IPSEC_DEV_FORMAT) */ -/* It must also be reasonable so as not to overload the memory and CPU */ -/* constraints of the host. */ -#define IPSEC_NUM_IF 4 -/* The field width must be < IF_NAM_SIZ - strlen("ipsec") - 1. */ -/* With "ipsec" being 5 characters, that means 10 is the max field width */ -/* but machine memory and CPU constraints are not likely to tollerate */ -/* more than 3 digits. The default is one digit. */ -/* Update: userland scripts get upset if they can't find "ipsec0", so */ -/* for now, no "0"-padding should be used (which would have been helpful */ -/* to make text-searches work */ -#define IPSEC_DEV_FORMAT "ipsec%d" -/* For, say, 500 virtual ipsec devices, I would recommend: */ -/* #define IPSEC_NUM_IF 500 */ -/* #define IPSEC_DEV_FORMAT "ipsec%03d" */ -/* Note that the "interfaces=" line in /etc/ipsec.conf would be, um, challenging. */ - -/* use dynamic ipsecX device allocation */ -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif /* CONFIG_IPSEC_DYNDEV */ - - -#ifdef CONFIG_IPSEC_BIGGATE -# define SADB_HASHMOD 8069 -#else /* CONFIG_IPSEC_BIGGATE */ -# define SADB_HASHMOD 257 -#endif /* CONFIG_IPSEC_BIGGATE */ -#endif /* __KERNEL__ */ - -/* - * This is for the SA reference table. This number is related to the - * maximum number of SAs that KLIPS can concurrently deal with, plus enough - * space for keeping expired SAs around. - * - * TABLE_MAX_WIDTH is the number of bits that we will use. - * MAIN_TABLE_WIDTH is the number of bits used for the primary index table. - * - */ -#ifndef IPSEC_SA_REF_TABLE_IDX_WIDTH -# define IPSEC_SA_REF_TABLE_IDX_WIDTH 16 -#endif - -#ifndef IPSEC_SA_REF_MAINTABLE_IDX_WIDTH -# define IPSEC_SA_REF_MAINTABLE_IDX_WIDTH 4 -#endif - -#ifndef IPSEC_SA_REF_FREELIST_NUM_ENTRIES -# define IPSEC_SA_REF_FREELIST_NUM_ENTRIES 256 -#endif - -#ifndef IPSEC_SA_REF_CODE -# define IPSEC_SA_REF_CODE 1 -#endif - -#ifdef __KERNEL__ -/* This is defined for 2.4, but not 2.2.... */ -#ifndef ARPHRD_VOID -# define ARPHRD_VOID 0xFFFF -#endif - -/* - * Worry about PROC_FS stuff - */ -#if defined(PROC_FS_2325) -/* kernel 2.4 */ -# define IPSEC_PROC_LAST_ARG ,int *eof,void *data -# define IPSEC_PROCFS_DEBUG_NO_STATIC -# define IPSEC_PROC_SUBDIRS -#else -/* kernel <2.4 */ -# define IPSEC_PROCFS_DEBUG_NO_STATIC DEBUG_NO_STATIC - -# ifndef PROC_NO_DUMMY -# define IPSEC_PROC_LAST_ARG , int dummy -# else -# define IPSEC_PROC_LAST_ARG -# endif /* !PROC_NO_DUMMY */ -#endif /* PROC_FS_2325 */ - -#if !defined(LINUX_KERNEL_HAS_SNPRINTF) -/* GNU CPP specific! */ -# define snprintf(buf, len, fmt...) sprintf(buf, ##fmt) -#endif /* !LINUX_KERNEL_HAS_SNPRINTF */ - -#ifdef SPINLOCK -# ifdef SPINLOCK_23 -# include /* *lock* */ -# else /* SPINLOCK_23 */ -# include /* *lock* */ -# endif /* SPINLOCK_23 */ -#endif /* SPINLOCK */ - -#ifndef KLIPS_FIXES_DES_PARITY -# define KLIPS_FIXES_DES_PARITY 1 -#endif /* !KLIPS_FIXES_DES_PARITY */ - -/* we don't really want to print these unless there are really big problems */ -#ifndef KLIPS_DIVULGE_CYPHER_KEY -# define KLIPS_DIVULGE_CYPHER_KEY 0 -#endif /* !KLIPS_DIVULGE_CYPHER_KEY */ - -#ifndef KLIPS_DIVULGE_HMAC_KEY -# define KLIPS_DIVULGE_HMAC_KEY 0 -#endif /* !KLIPS_DIVULGE_HMAC_KEY */ - -#ifndef IPSEC_DISALLOW_IPOPTIONS -# define IPSEC_DISALLOW_IPOPTIONS 1 -#endif /* !KLIPS_DIVULGE_HMAC_KEY */ - -/* extra toggles for regression testing */ -#ifdef CONFIG_IPSEC_REGRESS - -/* - * should pfkey_acquire() become 100% lossy? - * - */ -extern int sysctl_ipsec_regress_pfkey_lossage; -#ifndef KLIPS_PFKEY_ACQUIRE_LOSSAGE -# ifdef CONFIG_IPSEC_PFKEY_ACQUIRE_LOSSAGE -# define KLIPS_PFKEY_ACQUIRE_LOSSAGE 100 -# else /* CONFIG_IPSEC_PFKEY_ACQUIRE_LOSSAGE */ -/* not by default! */ -# define KLIPS_PFKEY_ACQUIRE_LOSSAGE 0 -# endif /* CONFIG_IPSEC_PFKEY_ACQUIRE_LOSSAGE */ -#endif /* KLIPS_PFKEY_ACQUIRE_LOSSAGE */ - -#endif /* CONFIG_IPSEC_REGRESS */ - -/* - * debugging routines. - */ -#ifdef CONFIG_IPSEC_DEBUG -extern void ipsec_print_ip(struct iphdr *ip); - - #define KLIPS_PRINT(flag, format, args...) \ - ((flag) ? printk(KERN_INFO format , ## args) : 0) - #define KLIPS_PRINTMORE(flag, format, args...) \ - ((flag) ? printk(format , ## args) : 0) - #define KLIPS_IP_PRINT(flag, ip) \ - ((flag) ? ipsec_print_ip(ip) : 0) -#else /* CONFIG_IPSEC_DEBUG */ - #define KLIPS_PRINT(flag, format, args...) do ; while(0) - #define KLIPS_PRINTMORE(flag, format, args...) do ; while(0) - #define KLIPS_IP_PRINT(flag, ip) do ; while(0) -#endif /* CONFIG_IPSEC_DEBUG */ - - -/* - * Stupid kernel API differences in APIs. Not only do some - * kernels not have ip_select_ident, but some have differing APIs, - * and SuSE has one with one parameter, but no way of checking to - * see what is really what. - */ - -#ifdef SUSE_LINUX_2_4_19_IS_STUPID -#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph) -#else - -/* simplest case, nothing */ -#if !defined(IP_SELECT_IDENT) -#define KLIPS_IP_SELECT_IDENT(iph, skb) do { iph->id = htons(ip_id_count++); } while(0) -#endif - -/* kernels > 2.3.37-ish */ -#if defined(IP_SELECT_IDENT) && !defined(IP_SELECT_IDENT_NEW) -#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst) -#endif - -/* kernels > 2.4.2 */ -#if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW) -#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst, NULL) -#endif - -#endif /* SUSE_LINUX_2_4_19_IS_STUPID */ - -/* - * make klips fail test:east-espiv-01. - * exploit is at testing/attacks/espiv - * - */ -#define KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK 0 - - -/* IP_FRAGMENT_LINEARIZE is set in freeswan.h if Kernel > 2.4.4 */ -#ifndef IP_FRAGMENT_LINEARIZE -# define IP_FRAGMENT_LINEARIZE 0 -#endif /* IP_FRAGMENT_LINEARIZE */ -#endif /* __KERNEL__ */ - -#define _IPSEC_PARAM_H_ -#endif /* _IPSEC_PARAM_H_ */ diff --git a/linux/include/freeswan/ipsec_policy.h b/linux/include/freeswan/ipsec_policy.h deleted file mode 100644 index 90b58ad52..000000000 --- a/linux/include/freeswan/ipsec_policy.h +++ /dev/null @@ -1,225 +0,0 @@ -#ifndef _IPSEC_POLICY_H -/* - * policy interface file between pluto and applications - * Copyright (C) 2003 Michael Richardson - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ipsec_policy.h,v 1.4 2004/10/04 22:43:56 as Exp $ - */ -#define _IPSEC_POLICY_H /* seen it, no need to see it again */ - - -/* - * this file defines an interface between an application (or rather an - * application library) and a key/policy daemon. It provides for inquiries - * as to the current state of a connected socket, as well as for general - * questions. - * - * In general, the interface is defined as a series of functional interfaces, - * and the policy messages should be internal. However, because this is in - * fact an ABI between pieces of the system that may get compiled and revised - * seperately, this ABI must be public and revision controlled. - * - * It is expected that the daemon will always support previous versions. - */ - -#define IPSEC_POLICY_MSG_REVISION (unsigned)200305061 - -enum ipsec_policy_command { - IPSEC_CMD_QUERY_FD = 1, - IPSEC_CMD_QUERY_HOSTPAIR = 2, - IPSEC_CMD_QUERY_DSTONLY = 3, -}; - -struct ipsec_policy_msg_head { - u_int32_t ipm_version; - u_int32_t ipm_msg_len; - u_int32_t ipm_msg_type; - u_int32_t ipm_msg_seq; -}; - -enum ipsec_privacy_quality { - IPSEC_PRIVACY_NONE = 0, - IPSEC_PRIVACY_INTEGRAL = 4, /* not private at all. AH-like */ - IPSEC_PRIVACY_UNKNOWN = 8, /* something is claimed, but details unavail */ - IPSEC_PRIVACY_ROT13 = 12, /* trivially breakable, i.e. 1DES */ - IPSEC_PRIVACY_GAK = 16, /* known eavesdroppers */ - IPSEC_PRIVACY_PRIVATE = 32, /* secure for at least a decade */ - IPSEC_PRIVACY_STRONG = 64, /* ridiculously secure */ - IPSEC_PRIVACY_TORTOISE = 192, /* even stronger, but very slow */ - IPSEC_PRIVACY_OTP = 224, /* some kind of *true* one time pad */ -}; - -enum ipsec_bandwidth_quality { - IPSEC_QOS_UNKNOWN = 0, /* unknown bandwidth */ - IPSEC_QOS_INTERACTIVE = 16, /* reasonably moderate jitter, moderate fast. - Good enough for telnet/ssh. */ - IPSEC_QOS_VOIP = 32, /* faster crypto, predicable jitter */ - IPSEC_QOS_FTP = 64, /* higher throughput crypto, perhaps hardware - offloaded, but latency/jitter may be bad */ - IPSEC_QOS_WIRESPEED = 128, /* expect to be able to fill your pipe */ -}; - -/* moved from programs/pluto/constants.h */ -/* IPsec AH transform values - * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.3 - * and in http://www.iana.org/assignments/isakmp-registry - */ -enum ipsec_authentication_algo { - AH_NONE = 0, - AH_MD5 = 2, - AH_SHA = 3, - AH_DES = 4, - AH_SHA2_256 = 5, - AH_SHA2_384 = 6, - AH_SHA2_512 = 7, - AH_RIPEMD = 8 -}; - -/* IPsec ESP transform values - * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.4 - * and from http://www.iana.org/assignments/isakmp-registry - */ - -enum ipsec_cipher_algo { - ESP_NONE = 0, - ESP_DES_IV64 = 1, - ESP_DES = 2, - ESP_3DES = 3, - ESP_RC5 = 4, - ESP_IDEA = 5, - ESP_CAST = 6, - ESP_BLOWFISH = 7, - ESP_3IDEA = 8, - ESP_DES_IV32 = 9, - ESP_RC4 = 10, - ESP_NULL = 11, - ESP_AES = 12, - ESP_AES_CTR = 13, - ESP_AES_CCM_8 = 14, - ESP_AES_CCM_12 = 15, - ESP_AES_CCM_16 = 16, - ESP_SERPENT = 252, - ESP_TWOFISH = 253 -}; - -/* IPCOMP transform values - * RFC2407 The Internet IP security Domain of Interpretation for ISAKMP 4.4.5 - */ - -enum ipsec_comp_algo { - IPSCOMP_NONE = 0, - IPCOMP_OUI = 1, - IPCOMP_DEFLATE = 2, - IPCOMP_LZS = 3, - IPCOMP_LZJH = 4 -}; - -/* Identification type values - * RFC 2407 The Internet IP security Domain of Interpretation for ISAKMP 4.6.2.1 - */ - -enum ipsec_id_type { - ID_IMPOSSIBLE= (-2), /* private to Pluto */ - ID_MYID= (-1), /* private to Pluto */ - ID_NONE= 0, /* private to Pluto */ - ID_IPV4_ADDR= 1, - ID_FQDN= 2, - ID_USER_FQDN= 3, - ID_IPV4_ADDR_SUBNET= 4, - ID_IPV6_ADDR= 5, - ID_IPV6_ADDR_SUBNET= 6, - ID_IPV4_ADDR_RANGE= 7, - ID_IPV6_ADDR_RANGE= 8, - ID_DER_ASN1_DN= 9, - ID_DER_ASN1_GN= 10, - ID_KEY_ID= 11 -}; - -/* Certificate type values - * RFC 2408 ISAKMP, chapter 3.9 - */ -enum ipsec_cert_type { - CERT_NONE= 0, - CERT_PKCS7_WRAPPED_X509= 1, /* self-signed certificate from disk */ - CERT_PGP= 2, - CERT_DNS_SIGNED_KEY= 3, /* KEY RR from DNS */ - CERT_X509_SIGNATURE= 4, - CERT_X509_KEY_EXCHANGE= 5, - CERT_KERBEROS_TOKENS= 6, - CERT_CRL= 7, - CERT_ARL= 8, - CERT_SPKI= 9, - CERT_X509_ATTRIBUTE= 10, - CERT_RAW_RSA= 11, /* raw RSA from config file */ -}; - -/* a SIG record in ASCII */ -struct ipsec_dns_sig { - char fqdn[256]; - char dns_sig[768]; /* empty string if not signed */ -}; - -struct ipsec_raw_key { - char id_name[256]; - char fs_keyid[8]; -}; - -struct ipsec_identity { - enum ipsec_id_type ii_type; - enum ipsec_cert_type ii_format; - union { - struct ipsec_dns_sig ipsec_dns_signed; - /* some thing for PGP */ - /* some thing for PKIX */ - struct ipsec_raw_key ipsec_raw_key; - } ii_credential; -}; - -#define IPSEC_MAX_CREDENTIALS 32 - -struct ipsec_policy_cmd_query { - struct ipsec_policy_msg_head head; - - /* Query section */ - ip_address query_local; /* us */ - ip_address query_remote; /* them */ - u_short src_port, dst_port; - - /* Answer section */ - enum ipsec_privacy_quality strength; - enum ipsec_bandwidth_quality bandwidth; - enum ipsec_authentication_algo auth_detail; - enum ipsec_cipher_algo esp_detail; - enum ipsec_comp_algo comp_detail; - - int credential_count; - - struct ipsec_identity credentials[IPSEC_MAX_CREDENTIALS]; -}; - -#define IPSEC_POLICY_SOCKET "/var/run/pluto.info" - -/* prototypes */ -extern err_t ipsec_policy_lookup(int fd, struct ipsec_policy_cmd_query *result); -extern err_t ipsec_policy_init(void); -extern err_t ipsec_policy_final(void); -extern err_t ipsec_policy_readmsg(int policysock, - unsigned char *buf, size_t buflen); -extern err_t ipsec_policy_sendrecv(unsigned char *buf, size_t buflen); -extern err_t ipsec_policy_cgilookup(struct ipsec_policy_cmd_query *result); - - -extern const char *ipsec_policy_version_code(void); -extern const char *ipsec_policy_version_string(void); - -#endif /* _IPSEC_POLICY_H */ diff --git a/linux/include/freeswan/ipsec_proto.h b/linux/include/freeswan/ipsec_proto.h deleted file mode 100644 index 55f947512..000000000 --- a/linux/include/freeswan/ipsec_proto.h +++ /dev/null @@ -1,111 +0,0 @@ -/* - * @(#) prototypes for FreeSWAN functions - * - * Copyright (C) 2001 Richard Guy Briggs - * and Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_proto.h,v 1.3 2004/06/13 19:55:14 as Exp $ - * - */ - -#ifndef _IPSEC_PROTO_H_ - -#include "ipsec_param.h" - -/* - * This file is a kernel only file that declares prototypes for - * all intra-module function calls and global data structures. - * - * Include this file last. - * - */ - -/* ipsec_init.c */ -extern struct prng ipsec_prng; - -/* ipsec_sa.c */ -extern struct ipsec_sa *ipsec_sadb_hash[SADB_HASHMOD]; -extern spinlock_t tdb_lock; -extern int ipsec_sadb_init(void); - -extern struct ipsec_sa *ipsec_sa_getbyid(struct sa_id*); -extern int ipsec_sa_put(struct ipsec_sa *); -extern /* void */ int ipsec_sa_del(struct ipsec_sa *); -extern /* void */ int ipsec_sa_delchain(struct ipsec_sa *); -extern /* void */ int ipsec_sa_add(struct ipsec_sa *); - -extern int ipsec_sadb_cleanup(__u8); -extern int ipsec_sa_wipe(struct ipsec_sa *); - -/* debug declarations */ - -/* ipsec_proc.c */ -extern int ipsec_proc_init(void); -extern void ipsec_proc_cleanup(void); - -/* ipsec_radij.c */ -extern int ipsec_makeroute(struct sockaddr_encap *ea, - struct sockaddr_encap *em, - struct sa_id said, - uint32_t pid, - struct sk_buff *skb, - struct ident *ident_s, - struct ident *ident_d); - -extern int ipsec_breakroute(struct sockaddr_encap *ea, - struct sockaddr_encap *em, - struct sk_buff **first, - struct sk_buff **last); - -int ipsec_radijinit(void); -int ipsec_cleareroutes(void); -int ipsec_radijcleanup(void); - -/* ipsec_life.c */ -extern enum ipsec_life_alive ipsec_lifetime_check(struct ipsec_lifetime64 *il64, - const char *lifename, - const char *saname, - enum ipsec_life_type ilt, - enum ipsec_direction idir, - struct ipsec_sa *ips); - - -extern int ipsec_lifetime_format(char *buffer, - int buflen, - char *lifename, - enum ipsec_life_type timebaselife, - struct ipsec_lifetime64 *lifetime); - -extern void ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime, - __u64 newvalue); - -extern void ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime, - __u64 newvalue); - - - - -#ifdef CONFIG_IPSEC_DEBUG - -extern int debug_xform; -extern int debug_eroute; -extern int debug_spi; -extern int debug_netlink; - -#endif /* CONFIG_IPSEC_DEBUG */ - - - - -#define _IPSEC_PROTO_H -#endif /* _IPSEC_PROTO_H_ */ diff --git a/linux/include/freeswan/ipsec_radij.h b/linux/include/freeswan/ipsec_radij.h deleted file mode 100644 index 7776dd8e4..000000000 --- a/linux/include/freeswan/ipsec_radij.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * @(#) Definitions relevant to the IPSEC <> radij tree interfacing - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_radij.h,v 1.3 2004/04/28 05:44:29 as Exp $ - */ - -#ifndef _IPSEC_RADIJ_H - -#include - -int ipsec_walk(char *); - -int ipsec_rj_walker_procprint(struct radij_node *, void *); -int ipsec_rj_walker_delete(struct radij_node *, void *); - -/* This structure is used to pass information between - * ipsec_eroute_get_info and ipsec_rj_walker_procprint - * (through rj_walktree) and between calls of ipsec_rj_walker_procprint. - */ -struct wsbuf -{ - /* from caller of ipsec_eroute_get_info: */ - char *const buffer; /* start of buffer provided */ - const int length; /* length of buffer provided */ - const off_t offset; /* file position of first character of interest */ - /* accumulated by ipsec_rj_walker_procprint: */ - int len; /* number of character filled into buffer */ - off_t begin; /* file position contained in buffer[0] (<=offset) */ -}; - - -extern struct radij_node_head *rnh; -extern spinlock_t eroute_lock; - -struct eroute * ipsec_findroute(struct sockaddr_encap *); - -#define O1(x) (int)(((x)>>24)&0xff) -#define O2(x) (int)(((x)>>16)&0xff) -#define O3(x) (int)(((x)>>8)&0xff) -#define O4(x) (int)(((x))&0xff) - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_radij; -void rj_dumptrees(void); - -#define DB_RJ_DUMPTREES 0x0001 -#define DB_RJ_FINDROUTE 0x0002 -#endif /* CONFIG_IPSEC_DEBUG */ - -#define _IPSEC_RADIJ_H -#endif diff --git a/linux/include/freeswan/ipsec_rcv.h b/linux/include/freeswan/ipsec_rcv.h deleted file mode 100644 index 3ae239bf9..000000000 --- a/linux/include/freeswan/ipsec_rcv.h +++ /dev/null @@ -1,196 +0,0 @@ -/* - * - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_rcv.h,v 1.1 2004/03/15 20:35:25 as Exp $ - */ - -#define DB_RX_PKTRX 0x0001 -#define DB_RX_PKTRX2 0x0002 -#define DB_RX_DMP 0x0004 -#define DB_RX_IPSA 0x0010 -#define DB_RX_XF 0x0020 -#define DB_RX_IPAD 0x0040 -#define DB_RX_INAU 0x0080 -#define DB_RX_OINFO 0x0100 -#define DB_RX_OINFO2 0x0200 -#define DB_RX_OH 0x0400 -#define DB_RX_REPLAY 0x0800 - -#ifdef __KERNEL__ -/* struct options; */ - -#define __NO_VERSION__ -#include -#include /* for CONFIG_IP_FORWARD */ -#include -#include - -#define IPSEC_BIRTH_TEMPLATE_MAXLEN 256 - -struct ipsec_birth_reply { - int packet_template_len; - unsigned char packet_template[IPSEC_BIRTH_TEMPLATE_MAXLEN]; -}; - -extern struct ipsec_birth_reply ipsec_ipv4_birth_packet; -extern struct ipsec_birth_reply ipsec_ipv6_birth_packet; - -extern int -#ifdef PROTO_HANDLER_SINGLE_PARM -ipsec_rcv(struct sk_buff *skb); -#else /* PROTO_HANDLER_SINGLE_PARM */ -ipsec_rcv(struct sk_buff *skb, -#ifdef NET_21 - unsigned short xlen); -#else /* NET_21 */ - struct device *dev, - struct options *opt, - __u32 daddr, - unsigned short len, - __u32 saddr, - int redo, - struct inet_protocol *protocol); -#endif /* NET_21 */ -#endif /* PROTO_HANDLER_SINGLE_PARM */ - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_rcv; -#endif /* CONFIG_IPSEC_DEBUG */ -extern int sysctl_ipsec_inbound_policy_check; -#endif /* __KERNEL__ */ - -/* - * $Log: ipsec_rcv.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.17 2002/09/03 16:32:32 mcr - * definitions of ipsec_birth_reply. - * - * Revision 1.16 2002/05/14 02:36:00 rgb - * Change references to _TDB to _IPSA. - * - * Revision 1.15 2002/04/24 07:36:47 mcr - * Moved from ./klips/net/ipsec/ipsec_rcv.h,v - * - * Revision 1.14 2001/09/07 22:15:48 rgb - * Fix for removal of transport layer protocol handler arg in 2.4.4. - * - * Revision 1.13 2001/06/14 19:35:09 rgb - * Update copyright date. - * - * Revision 1.12 2001/03/16 07:36:44 rgb - * Fixed #endif comment to sate compiler. - * - * Revision 1.11 2000/09/21 04:34:21 rgb - * Moved declaration of sysctl_ipsec_inbound_policy_check outside - * CONFIG_IPSEC_DEBUG. (MB) - * - * Revision 1.10 2000/09/18 02:36:10 rgb - * Exported sysctl_ipsec_inbound_policy_check for skb_decompress(). - * - * Revision 1.9 2000/09/08 19:12:56 rgb - * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. - * - * Revision 1.8 1999/11/18 04:09:19 rgb - * Replaced all kernel version macros to shorter, readable form. - * - * Revision 1.7 1999/05/25 01:45:37 rgb - * Fix version macros for 2.0.x as a module. - * - * Revision 1.6 1999/05/08 21:24:27 rgb - * Add includes for 2.2.x include into net/ipv4/protocol.c - * - * Revision 1.5 1999/05/05 22:02:32 rgb - * Add a quick and dirty port to 2.2 kernels by Marc Boucher . - * - * Revision 1.4 1999/04/11 00:28:59 henry - * GPL boilerplate - * - * Revision 1.3 1999/04/06 04:54:27 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.2 1999/01/22 20:06:59 rgb - * Fixed cut-and-paste error from ipsec_esp.h. - * - * Revision 1.1 1999/01/21 20:29:12 rgb - * Converted from transform switching to algorithm switching. - * - * Log: ipsec_esp.h,v - * Revision 1.4 1998/08/12 00:07:32 rgb - * Added data structures for new xforms: null, {,3}dessha1. - * - * Revision 1.3 1998/07/14 15:57:01 rgb - * Add #ifdef __KERNEL__ to protect kernel-only structures. - * - * Revision 1.2 1998/06/25 19:33:46 rgb - * Add prototype for protocol receive function. - * Rearrange for more logical layout. - * - * Revision 1.1 1998/06/18 21:27:45 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.6 1998/06/05 02:28:08 rgb - * Minor comment fix. - * - * Revision 1.5 1998/05/27 22:34:00 rgb - * Changed structures to accomodate key separation. - * - * Revision 1.4 1998/05/18 22:28:43 rgb - * Disable key printing facilities from /proc/net/ipsec_*. - * - * Revision 1.3 1998/04/21 21:29:07 rgb - * Rearrange debug switches to change on the fly debug output from user - * space. Only kernel changes checked in at this time. radij.c was also - * changed to temporarily remove buggy debugging code in rj_delete causing - * an OOPS and hence, netlink device open errors. - * - * Revision 1.2 1998/04/12 22:03:20 rgb - * Updated ESP-3DES-HMAC-MD5-96, - * ESP-DES-HMAC-MD5-96, - * AH-HMAC-MD5-96, - * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository - * from old standards (RFC182[5-9] to new (as of March 1998) drafts. - * - * Fixed eroute references in /proc/net/ipsec*. - * - * Started to patch module unloading memory leaks in ipsec_netlink and - * radij tree unloading. - * - * Revision 1.1 1998/04/09 03:06:00 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:02 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.5 1997/06/03 04:24:48 ji - * Added ESP-3DES-MD5-96 transform. - * - * Revision 0.4 1997/01/15 01:28:15 ji - * Added definitions for new ESP transforms. - * - * Revision 0.3 1996/11/20 14:35:48 ji - * Minor Cleanup. - * Rationalized debugging code. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * - */ - - diff --git a/linux/include/freeswan/ipsec_sa.h b/linux/include/freeswan/ipsec_sa.h deleted file mode 100644 index 555df42d3..000000000 --- a/linux/include/freeswan/ipsec_sa.h +++ /dev/null @@ -1,338 +0,0 @@ -/* - * @(#) Definitions of IPsec Security Association (ipsec_sa) - * - * Copyright (C) 2001, 2002, 2003 - * Richard Guy Briggs - * and Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_sa.h,v 1.3 2004/04/28 08:07:11 as Exp $ - * - * This file derived from ipsec_xform.h on 2001/9/18 by mcr. - * - */ - -/* - * This file describes the IPsec Security Association Structure. - * - * This structure keeps track of a single transform that may be done - * to a set of packets. It can describe applying the transform or - * apply the reverse. (e.g. compression vs expansion). However, it - * only describes one at a time. To describe both, two structures would - * be used, but since the sides of the transform are performed - * on different machines typically it is usual to have only one side - * of each association. - * - */ - -#ifndef _IPSEC_SA_H_ - -#ifdef __KERNEL__ -#include "ipsec_stats.h" -#include "ipsec_life.h" -#include "ipsec_eroute.h" -#endif /* __KERNEL__ */ -#include "ipsec_param.h" - - -/* SAs are held in a table. - * Entries in this table are referenced by IPsecSAref_t values. - * IPsecSAref_t values are conceptually subscripts. Because - * we want to allocate the table piece-meal, the subscripting - * is implemented with two levels, a bit like paged virtual memory. - * This representation mechanism is known as an Iliffe Vector. - * - * The Main table (AKA the refTable) consists of 2^IPSEC_SA_REF_MAINTABLE_IDX_WIDTH - * pointers to subtables. - * Each subtable has 2^IPSEC_SA_REF_SUBTABLE_IDX_WIDTH entries, each of which - * is a pointer to an SA. - * - * An IPsecSAref_t contains either an exceptional value (signified by the - * high-order bit being on) or a reference to a table entry. A table entry - * reference has the subtable subscript in the low-order - * IPSEC_SA_REF_SUBTABLE_IDX_WIDTH bits and the Main table subscript - * in the next lowest IPSEC_SA_REF_MAINTABLE_IDX_WIDTH bits. - * - * The Maintable entry for an IPsecSAref_t x, a pointer to its subtable, is - * IPsecSAref2table(x). It is of type struct IPsecSArefSubTable *. - * - * The pointer to the SA for x is IPsecSAref2SA(x). It is of type - * struct ipsec_sa*. The macro definition clearly shows the two-level - * access needed to find the SA pointer. - * - * The Maintable is allocated when IPsec is initialized. - * Each subtable is allocated when needed, but the first is allocated - * when IPsec is initialized. - * - * IPsecSAref_t is designed to be smaller than an NFmark so that - * they can be stored in NFmarks and still leave a few bits for other - * purposes. The spare bits are in the low order of the NFmark - * but in the high order of the IPsecSAref_t, so conversion is required. - * We pick the upper bits of NFmark on the theory that they are less likely to - * interfere with more pedestrian uses of nfmark. - */ - - -typedef unsigned short int IPsecRefTableUnusedCount; - -#define IPSEC_SA_REF_TABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH) - -#ifdef __KERNEL__ -#if ((IPSEC_SA_REF_TABLE_IDX_WIDTH - (1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) < 0) -#error "IPSEC_SA_REF_TABLE_IDX_WIDTH("IPSEC_SA_REF_TABLE_IDX_WIDTH") MUST be < 1 + IPSEC_SA_REF_MAINTABLE_IDX_WIDTH("IPSEC_SA_REF_MAINTABLE_IDX_WIDTH")" -#endif - -#define IPSEC_SA_REF_SUBTABLE_IDX_WIDTH (IPSEC_SA_REF_TABLE_IDX_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH) - -#define IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_MAINTABLE_IDX_WIDTH) -#define IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES (1 << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) - -#ifdef CONFIG_NETFILTER -#define IPSEC_SA_REF_HOST_FIELD(x) ((struct sk_buff*)(x))->nfmark -#define IPSEC_SA_REF_HOST_FIELD_TYPE typeof(IPSEC_SA_REF_HOST_FIELD(NULL)) -#else /* CONFIG_NETFILTER */ -/* just make it work for now, it doesn't matter, since there is no nfmark */ -#define IPSEC_SA_REF_HOST_FIELD_TYPE unsigned long -#endif /* CONFIG_NETFILTER */ -#define IPSEC_SA_REF_HOST_FIELD_WIDTH (8 * sizeof(IPSEC_SA_REF_HOST_FIELD_TYPE)) -#define IPSEC_SA_REF_FIELD_WIDTH (8 * sizeof(IPsecSAref_t)) - -#define IPSEC_SA_REF_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_TABLE_IDX_WIDTH)) -#define IPSEC_SA_REF_TABLE_MASK ((IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH)) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) -#define IPSEC_SA_REF_ENTRY_MASK (IPSEC_SAREF_NULL >> (IPSEC_SA_REF_FIELD_WIDTH - IPSEC_SA_REF_SUBTABLE_IDX_WIDTH)) - -#define IPsecSAref2table(x) (((x) & IPSEC_SA_REF_TABLE_MASK) >> IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) -#define IPsecSAref2entry(x) ((x) & IPSEC_SA_REF_ENTRY_MASK) -#define IPsecSArefBuild(x,y) (((x) << IPSEC_SA_REF_SUBTABLE_IDX_WIDTH) + (y)) - -#define IPsecSAref2SA(x) (ipsec_sadb.refTable[IPsecSAref2table(x)]->entry[IPsecSAref2entry(x)]) -#define IPsecSA2SAref(x) ((x)->ips_ref) - -#define EMT_INBOUND 0x01 /* SA direction, 1=inbound */ - -/* 'struct ipsec_sa' should be 64bit aligned when allocated. */ -struct ipsec_sa -{ - IPsecSAref_t ips_ref; /* reference table entry number */ - atomic_t ips_refcount; /* reference count for this struct */ - struct ipsec_sa *ips_hnext; /* next in hash chain */ - struct ipsec_sa *ips_inext; /* pointer to next xform */ - struct ipsec_sa *ips_onext; /* pointer to prev xform */ - - struct ifnet *ips_rcvif; /* related rcv encap interface */ - - struct sa_id ips_said; /* SA ID */ - - __u32 ips_seq; /* seq num of msg that initiated this SA */ - __u32 ips_pid; /* PID of process that initiated this SA */ - __u8 ips_authalg; /* auth algorithm for this SA */ - __u8 ips_encalg; /* enc algorithm for this SA */ - - struct ipsec_stats ips_errs; - - __u8 ips_replaywin; /* replay window size */ - __u8 ips_state; /* state of SA */ - __u32 ips_replaywin_lastseq; /* last pkt sequence num */ - __u64 ips_replaywin_bitmap; /* bitmap of received pkts */ - __u32 ips_replaywin_maxdiff; /* max pkt sequence difference */ - - __u32 ips_flags; /* generic xform flags */ - - - struct ipsec_lifetimes ips_life; /* lifetime records */ - - /* selector information */ - struct sockaddr*ips_addr_s; /* src sockaddr */ - struct sockaddr*ips_addr_d; /* dst sockaddr */ - struct sockaddr*ips_addr_p; /* proxy sockaddr */ - __u16 ips_addr_s_size; - __u16 ips_addr_d_size; - __u16 ips_addr_p_size; - ip_address ips_flow_s; - ip_address ips_flow_d; - ip_address ips_mask_s; - ip_address ips_mask_d; - - __u16 ips_key_bits_a; /* size of authkey in bits */ - __u16 ips_auth_bits; /* size of authenticator in bits */ - __u16 ips_key_bits_e; /* size of enckey in bits */ - __u16 ips_iv_bits; /* size of IV in bits */ - __u8 ips_iv_size; - __u16 ips_key_a_size; - __u16 ips_key_e_size; - - caddr_t ips_key_a; /* authentication key */ - caddr_t ips_key_e; /* encryption key */ - caddr_t ips_iv; /* Initialisation Vector */ - - struct ident ips_ident_s; /* identity src */ - struct ident ips_ident_d; /* identity dst */ - -#ifdef CONFIG_IPSEC_IPCOMP - __u16 ips_comp_adapt_tries; /* ipcomp self-adaption tries */ - __u16 ips_comp_adapt_skip; /* ipcomp self-adaption to-skip */ - __u64 ips_comp_ratio_cbytes; /* compressed bytes */ - __u64 ips_comp_ratio_dbytes; /* decompressed (or uncompressed) bytes */ -#endif /* CONFIG_IPSEC_IPCOMP */ - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - __u8 ips_natt_type; - __u8 ips_natt_reserved[3]; - __u16 ips_natt_sport; - __u16 ips_natt_dport; - - struct sockaddr *ips_natt_oa; - __u16 ips_natt_oa_size; - __u16 ips_natt_reserved2; -#endif - -#if 0 - __u32 ips_sens_dpd; - __u8 ips_sens_sens_level; - __u8 ips_sens_sens_len; - __u64* ips_sens_sens_bitmap; - __u8 ips_sens_integ_level; - __u8 ips_sens_integ_len; - __u64* ips_sens_integ_bitmap; -#endif - struct ipsec_alg_enc *ips_alg_enc; - struct ipsec_alg_auth *ips_alg_auth; - IPsecSAref_t ips_ref_rel; -}; - -struct IPsecSArefSubTable -{ - struct ipsec_sa* entry[IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES]; -}; - -struct ipsec_sadb { - struct IPsecSArefSubTable* refTable[IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES]; - IPsecSAref_t refFreeList[IPSEC_SA_REF_FREELIST_NUM_ENTRIES]; - int refFreeListHead; - int refFreeListTail; - IPsecSAref_t refFreeListCont; - IPsecSAref_t said_hash[SADB_HASHMOD]; - spinlock_t sadb_lock; -}; - -extern struct ipsec_sadb ipsec_sadb; - -extern int ipsec_SAref_recycle(void); -extern int ipsec_SArefSubTable_alloc(unsigned table); -extern int ipsec_saref_freelist_init(void); -extern int ipsec_sadb_init(void); -extern struct ipsec_sa *ipsec_sa_alloc(int*error); /* pass in error var by pointer */ -extern IPsecSAref_t ipsec_SAref_alloc(int*erorr); /* pass in error var by pointer */ -extern int ipsec_sa_free(struct ipsec_sa* ips); -extern struct ipsec_sa *ipsec_sa_getbyid(struct sa_id *said); -extern int ipsec_sa_put(struct ipsec_sa *ips); -extern int ipsec_sa_add(struct ipsec_sa *ips); -extern int ipsec_sa_del(struct ipsec_sa *ips); -extern int ipsec_sa_delchain(struct ipsec_sa *ips); -extern int ipsec_sadb_cleanup(__u8 proto); -extern int ipsec_sadb_free(void); -extern int ipsec_sa_wipe(struct ipsec_sa *ips); -#endif /* __KERNEL__ */ - -enum ipsec_direction { - ipsec_incoming = 1, - ipsec_outgoing = 2 -}; - -#define _IPSEC_SA_H_ -#endif /* _IPSEC_SA_H_ */ - -/* - * $Log: ipsec_sa.h,v $ - * Revision 1.3 2004/04/28 08:07:11 as - * added dhr's freeswan-2.06 changes - * - * Revision 1.2 2004/03/22 21:53:18 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.2.1.2.1 2004/03/16 09:48:18 as - * alg-0.8.1rc12 patch merged - * - * Revision 1.1.2.1 2004/03/15 22:30:06 as - * nat-0.6c patch merged - * - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.15 2003/05/11 00:53:09 mcr - * IPsecSAref_t and macros were moved to freeswan.h. - * - * Revision 1.14 2003/02/12 19:31:55 rgb - * Fixed bug in "file seen" machinery. - * Updated copyright year. - * - * Revision 1.13 2003/01/30 02:31:52 rgb - * - * Re-wrote comments describing SAref system for accuracy. - * Rename SAref table macro names for clarity. - * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. - * Transmit error code through to caller from callee for better diagnosis of problems. - * Enclose all macro arguments in parens to avoid any possible obscrure bugs. - * - * Revision 1.12 2002/10/07 18:31:19 rgb - * Change comment to reflect the flexible nature of the main and sub-table widths. - * Added a counter for the number of unused entries in each subtable. - * Further break up host field type macro to host field. - * Move field width sanity checks to ipsec_sa.c - * Define a mask for an entire saref. - * - * Revision 1.11 2002/09/20 15:40:33 rgb - * Re-write most of the SAref macros and types to eliminate any pointer references to Entrys. - * Fixed SAref/nfmark macros. - * Rework saref freeslist. - * Place all ipsec sadb globals into one struct. - * Restrict some bits to kernel context for use to klips utils. - * - * Revision 1.10 2002/09/20 05:00:34 rgb - * Update copyright date. - * - * Revision 1.9 2002/09/17 17:19:29 mcr - * make it compile even if there is no netfilter - we lost - * functionality, but it works, especially on 2.2. - * - * Revision 1.8 2002/07/28 22:59:53 mcr - * clarified/expanded one comment. - * - * Revision 1.7 2002/07/26 08:48:31 rgb - * Added SA ref table code. - * - * Revision 1.6 2002/05/31 17:27:48 rgb - * Comment fix. - * - * Revision 1.5 2002/05/27 18:55:03 rgb - * Remove final vistiges of tdb references via IPSEC_KLIPS1_COMPAT. - * - * Revision 1.4 2002/05/23 07:13:36 rgb - * Convert "usecount" to "refcount" to remove ambiguity. - * - * Revision 1.3 2002/04/24 07:36:47 mcr - * Moved from ./klips/net/ipsec/ipsec_sa.h,v - * - * Revision 1.2 2001/11/26 09:16:15 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.1.2.1 2001/09/25 02:24:58 mcr - * struct tdb -> struct ipsec_sa. - * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c - * ipsec_xform.c removed. header file still contains useful things. - * - * - * Local variables: - * c-file-style: "linux" - * End: - * - */ diff --git a/linux/include/freeswan/ipsec_sha1.h b/linux/include/freeswan/ipsec_sha1.h deleted file mode 100644 index 116170e6b..000000000 --- a/linux/include/freeswan/ipsec_sha1.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * RCSID $Id: ipsec_sha1.h,v 1.1 2004/03/15 20:35:25 as Exp $ - */ - -/* - * Here is the original comment from the distribution: - -SHA-1 in C -By Steve Reid -100% Public Domain - - * Adapted for use by the IPSEC code by John Ioannidis - */ - - -#ifndef _IPSEC_SHA1_H_ -#define _IPSEC_SHA1_H_ - -typedef struct -{ - __u32 state[5]; - __u32 count[2]; - __u8 buffer[64]; -} SHA1_CTX; - -void SHA1Transform(__u32 state[5], __u8 buffer[64]); -void SHA1Init(void *context); -void SHA1Update(void *context, unsigned char *data, __u32 len); -void SHA1Final(unsigned char digest[20], void *context); - - -#endif /* _IPSEC_SHA1_H_ */ - -/* - * $Log: ipsec_sha1.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.7 2002/09/10 01:45:09 mcr - * changed type of MD5_CTX and SHA1_CTX to void * so that - * the function prototypes would match, and could be placed - * into a pointer to a function. - * - * Revision 1.6 2002/04/24 07:36:47 mcr - * Moved from ./klips/net/ipsec/ipsec_sha1.h,v - * - * Revision 1.5 1999/12/13 13:59:13 rgb - * Quick fix to argument size to Update bugs. - * - * Revision 1.4 1999/12/07 18:16:23 rgb - * Fixed comments at end of #endif lines. - * - * Revision 1.3 1999/04/06 04:54:27 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.2 1998/11/30 13:22:54 rgb - * Rationalised all the klips kernel file headers. They are much shorter - * now and won't conflict under RH5.2. - * - * Revision 1.1 1998/06/18 21:27:50 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.2 1998/04/23 20:54:05 rgb - * Fixed md5 and sha1 include file nesting issues, to be cleaned up when - * verified. - * - * Revision 1.1 1998/04/09 03:04:21 henry - * sources moved up from linux/net/ipsec - * these two include files modified not to include others except in kernel - * - * Revision 1.1.1.1 1998/04/08 05:35:04 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.4 1997/01/15 01:28:15 ji - * New transform - * - */ diff --git a/linux/include/freeswan/ipsec_stats.h b/linux/include/freeswan/ipsec_stats.h deleted file mode 100644 index e4be11d29..000000000 --- a/linux/include/freeswan/ipsec_stats.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * @(#) definition of ipsec_stats structure - * - * Copyright (C) 2001 Richard Guy Briggs - * and Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_stats.h,v 1.2 2004/03/30 19:33:52 as Exp $ - * - */ - -/* - * This file describes the errors/statistics that FreeSWAN collects. - */ - -#ifndef _IPSEC_STATS_H_ - -struct ipsec_stats { - __u32 ips_alg_errs; /* number of algorithm errors */ - __u32 ips_auth_errs; /* # of authentication errors */ - __u32 ips_encsize_errs; /* # of encryption size errors*/ - __u32 ips_encpad_errs; /* # of encryption pad errors*/ - __u32 ips_replaywin_errs; /* # of pkt sequence errors */ -}; - -extern int ipsec_snprintf(char * buf, ssize_t size, const char *fmt, ...); - -#define _IPSEC_STATS_H_ -#endif /* _IPSEC_STATS_H_ */ diff --git a/linux/include/freeswan/ipsec_tunnel.h b/linux/include/freeswan/ipsec_tunnel.h deleted file mode 100644 index 3b25e95e1..000000000 --- a/linux/include/freeswan/ipsec_tunnel.h +++ /dev/null @@ -1,265 +0,0 @@ -/* - * IPSEC tunneling code - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_tunnel.h,v 1.1 2004/03/15 20:35:25 as Exp $ - */ - - -#ifdef NET_21 -# define DEV_QUEUE_XMIT(skb, device, pri) {\ - skb->dev = device; \ - neigh_compat_output(skb); \ - /* skb->dst->output(skb); */ \ - } -# define ICMP_SEND(skb_in, type, code, info, dev) \ - icmp_send(skb_in, type, code, htonl(info)) -# define IP_SEND(skb, dev) \ - ip_send(skb); -#else /* NET_21 */ -# define DEV_QUEUE_XMIT(skb, device, pri) {\ - dev_queue_xmit(skb, device, pri); \ - } -# define ICMP_SEND(skb_in, type, code, info, dev) \ - icmp_send(skb_in, type, code, info, dev) -# define IP_SEND(skb, dev) \ - if(ntohs(iph->tot_len) > physmtu) { \ - ip_fragment(NULL, skb, dev, 0); \ - ipsec_kfree_skb(skb); \ - } else { \ - dev_queue_xmit(skb, dev, SOPRI_NORMAL); \ - } -#endif /* NET_21 */ - - -/* - * Heavily based on drivers/net/new_tunnel.c. Lots - * of ideas also taken from the 2.1.x version of drivers/net/shaper.c - */ - -struct ipsectunnelconf -{ - __u32 cf_cmd; - union - { - char cfu_name[12]; - } cf_u; -#define cf_name cf_u.cfu_name -}; - -#define IPSEC_SET_DEV (SIOCDEVPRIVATE) -#define IPSEC_DEL_DEV (SIOCDEVPRIVATE + 1) -#define IPSEC_CLR_DEV (SIOCDEVPRIVATE + 2) - -#ifdef __KERNEL__ -#include -#ifndef KERNEL_VERSION -# define KERNEL_VERSION(x,y,z) (((x)<<16)+((y)<<8)+(z)) -#endif -struct ipsecpriv -{ - struct sk_buff_head sendq; - struct device *dev; - struct wait_queue *wait_queue; - char locked; - int (*hard_start_xmit) (struct sk_buff *skb, - struct device *dev); - int (*hard_header) (struct sk_buff *skb, - struct device *dev, - unsigned short type, - void *daddr, - void *saddr, - unsigned len); -#ifdef NET_21 - int (*rebuild_header)(struct sk_buff *skb); -#else /* NET_21 */ - int (*rebuild_header)(void *buff, struct device *dev, - unsigned long raddr, struct sk_buff *skb); -#endif /* NET_21 */ - int (*set_mac_address)(struct device *dev, void *addr); -#ifndef NET_21 - void (*header_cache_bind)(struct hh_cache **hhp, struct device *dev, - unsigned short htype, __u32 daddr); -#endif /* !NET_21 */ - void (*header_cache_update)(struct hh_cache *hh, struct device *dev, unsigned char * haddr); - struct net_device_stats *(*get_stats)(struct device *dev); - struct net_device_stats mystats; - int mtu; /* What is the desired MTU? */ -}; - -extern char ipsec_tunnel_c_version[]; - -extern struct device *ipsecdevices[IPSEC_NUM_IF]; - -int ipsec_tunnel_init_devices(void); - -/* void */ int ipsec_tunnel_cleanup_devices(void); - -extern /* void */ int ipsec_init(void); - -extern int ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev); - -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_tunnel; -extern int sysctl_ipsec_debug_verbose; -#endif /* CONFIG_IPSEC_DEBUG */ -#endif /* __KERNEL__ */ - -#ifdef CONFIG_IPSEC_DEBUG -#define DB_TN_INIT 0x0001 -#define DB_TN_PROCFS 0x0002 -#define DB_TN_XMIT 0x0010 -#define DB_TN_OHDR 0x0020 -#define DB_TN_CROUT 0x0040 -#define DB_TN_OXFS 0x0080 -#define DB_TN_REVEC 0x0100 -#endif /* CONFIG_IPSEC_DEBUG */ - -/* - * $Log: ipsec_tunnel.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.28 2003/06/24 20:22:32 mcr - * added new global: ipsecdevices[] so that we can keep track of - * the ipsecX devices. They will be referenced with dev_hold(), - * so 2.2 may need this as well. - * - * Revision 1.27 2003/04/03 17:38:09 rgb - * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. - * - * Revision 1.26 2003/02/12 19:32:20 rgb - * Updated copyright year. - * - * Revision 1.25 2002/05/27 18:56:07 rgb - * Convert to dynamic ipsec device allocation. - * - * Revision 1.24 2002/04/24 07:36:48 mcr - * Moved from ./klips/net/ipsec/ipsec_tunnel.h,v - * - * Revision 1.23 2001/11/06 19:50:44 rgb - * Moved IP_SEND, ICMP_SEND, DEV_QUEUE_XMIT macros to ipsec_tunnel.h for - * use also by pfkey_v2_parser.c - * - * Revision 1.22 2001/09/15 16:24:05 rgb - * Re-inject first and last HOLD packet when an eroute REPLACE is done. - * - * Revision 1.21 2001/06/14 19:35:10 rgb - * Update copyright date. - * - * Revision 1.20 2000/09/15 11:37:02 rgb - * Merge in heavily modified Svenning Soerensen's - * IPCOMP zlib deflate code. - * - * Revision 1.19 2000/09/08 19:12:56 rgb - * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. - * - * Revision 1.18 2000/07/28 13:50:54 rgb - * Changed enet_statistics to net_device_stats and added back compatibility - * for pre-2.1.19. - * - * Revision 1.17 1999/11/19 01:12:15 rgb - * Purge unneeded proc_info prototypes, now that static linking uses - * dynamic proc_info registration. - * - * Revision 1.16 1999/11/18 18:51:00 rgb - * Changed all device registrations for static linking to - * dynamic to reduce the number and size of patches. - * - * Revision 1.15 1999/11/18 04:14:21 rgb - * Replaced all kernel version macros to shorter, readable form. - * Added CONFIG_PROC_FS compiler directives in case it is shut off. - * Added Marc Boucher's 2.3.25 proc patches. - * - * Revision 1.14 1999/05/25 02:50:10 rgb - * Fix kernel version macros for 2.0.x static linking. - * - * Revision 1.13 1999/05/25 02:41:06 rgb - * Add ipsec_klipsdebug support for static linking. - * - * Revision 1.12 1999/05/05 22:02:32 rgb - * Add a quick and dirty port to 2.2 kernels by Marc Boucher . - * - * Revision 1.11 1999/04/29 15:19:50 rgb - * Add return values to init and cleanup functions. - * - * Revision 1.10 1999/04/16 16:02:39 rgb - * Bump up macro to 4 ipsec I/Fs. - * - * Revision 1.9 1999/04/15 15:37:25 rgb - * Forward check changes from POST1_00 branch. - * - * Revision 1.5.2.1 1999/04/02 04:26:14 rgb - * Backcheck from HEAD, pre1.0. - * - * Revision 1.8 1999/04/11 00:29:01 henry - * GPL boilerplate - * - * Revision 1.7 1999/04/06 04:54:28 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.6 1999/03/31 05:44:48 rgb - * Keep PMTU reduction private. - * - * Revision 1.5 1999/02/10 22:31:20 rgb - * Change rebuild_header member to reflect generality of link layer. - * - * Revision 1.4 1998/12/01 13:22:04 rgb - * Added support for debug printing of version info. - * - * Revision 1.3 1998/07/29 20:42:46 rgb - * Add a macro for clearing all tunnel devices. - * Rearrange structures and declarations for sharing with userspace. - * - * Revision 1.2 1998/06/25 20:01:45 rgb - * Make prototypes available for ipsec_init and ipsec proc_dir_entries - * for static linking. - * - * Revision 1.1 1998/06/18 21:27:50 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.3 1998/05/18 21:51:50 rgb - * Added macros for num of I/F's and a procfs debug switch. - * - * Revision 1.2 1998/04/21 21:29:09 rgb - * Rearrange debug switches to change on the fly debug output from user - * space. Only kernel changes checked in at this time. radij.c was also - * changed to temporarily remove buggy debugging code in rj_delete causing - * an OOPS and hence, netlink device open errors. - * - * Revision 1.1 1998/04/09 03:06:13 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:05 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.5 1997/06/03 04:24:48 ji - * Added transport mode. - * Changed the way routing is done. - * Lots of bug fixes. - * - * Revision 0.4 1997/01/15 01:28:15 ji - * No changes. - * - * Revision 0.3 1996/11/20 14:39:04 ji - * Minor cleanups. - * Rationalized debugging code. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * - */ diff --git a/linux/include/freeswan/ipsec_xform.h b/linux/include/freeswan/ipsec_xform.h deleted file mode 100644 index 1dc6b6083..000000000 --- a/linux/include/freeswan/ipsec_xform.h +++ /dev/null @@ -1,274 +0,0 @@ -/* - * Definitions relevant to IPSEC transformations - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_xform.h,v 1.3 2004/09/29 22:26:13 as Exp $ - */ - -#ifndef _IPSEC_XFORM_H_ - -#include -#include "ipsec_policy.h" - -#define XF_NONE 0 /* No transform set */ -#define XF_IP4 1 /* IPv4 inside IPv4 */ -#define XF_AHMD5 2 /* AH MD5 */ -#define XF_AHSHA 3 /* AH SHA */ -#define XF_ESP3DES 5 /* ESP DES3-CBC */ -#define XF_AHHMACMD5 6 /* AH-HMAC-MD5 with opt replay prot */ -#define XF_AHHMACSHA1 7 /* AH-HMAC-SHA1 with opt replay prot */ -#define XF_ESP3DESMD5 9 /* triple DES, HMAC-MD-5, 128-bits of authentication */ -#define XF_ESP3DESMD596 10 /* triple DES, HMAC-MD-5, 96-bits of authentication */ -#define XF_ESPNULLMD596 12 /* NULL, HMAC-MD-5 with 96-bits of authentication */ -#define XF_ESPNULLSHA196 13 /* NULL, HMAC-SHA-1 with 96-bits of authentication */ -#define XF_ESP3DESSHA196 14 /* triple DES, HMAC-SHA-1, 96-bits of authentication */ -#define XF_IP6 15 /* IPv6 inside IPv6 */ -#define XF_COMPDEFLATE 16 /* IPCOMP deflate */ - -#define XF_CLR 126 /* Clear SA table */ -#define XF_DEL 127 /* Delete SA */ - -#define XFT_AUTH 0x0001 -#define XFT_CONF 0x0100 - -/* available if CONFIG_IPSEC_DEBUG is defined */ -#define DB_XF_INIT 0x0001 - -#define PROTO2TXT(x) \ - (x) == IPPROTO_AH ? "AH" : \ - (x) == IPPROTO_ESP ? "ESP" : \ - (x) == IPPROTO_IPIP ? "IPIP" : \ - (x) == IPPROTO_COMP ? "COMP" : \ - "UNKNOWN_proto" -static inline const char *enc_name_id (unsigned id) { - static char buf[16]; - snprintf(buf, sizeof(buf), "_ID%d", id); - return buf; -} -static inline const char *auth_name_id (unsigned id) { - static char buf[16]; - snprintf(buf, sizeof(buf), "_ID%d", id); - return buf; -} -#define IPS_XFORM_NAME(x) \ - PROTO2TXT((x)->ips_said.proto), \ - (x)->ips_said.proto == IPPROTO_COMP ? \ - ((x)->ips_encalg == SADB_X_CALG_DEFLATE ? \ - "_DEFLATE" : "_UNKNOWN_comp") : \ - (x)->ips_encalg == ESP_NONE ? "" : \ - (x)->ips_encalg == ESP_3DES ? "_3DES" : \ - (x)->ips_encalg == ESP_AES ? "_AES" : \ - (x)->ips_encalg == ESP_SERPENT ? "_SERPENT" : \ - (x)->ips_encalg == ESP_TWOFISH ? "_TWOFISH" : \ - enc_name_id(x->ips_encalg)/* "_UNKNOWN_encr" */, \ - (x)->ips_authalg == AH_NONE ? "" : \ - (x)->ips_authalg == AH_MD5 ? "_HMAC_MD5" : \ - (x)->ips_authalg == AH_SHA ? "_HMAC_SHA1" : \ - (x)->ips_authalg == AH_SHA2_256 ? "_HMAC_SHA2_256" : \ - (x)->ips_authalg == AH_SHA2_384 ? "_HMAC_SHA2_384" : \ - (x)->ips_authalg == AH_SHA2_512 ? "_HMAC_SHA2_512" : \ - auth_name_id(x->ips_authalg) /* "_UNKNOWN_auth" */ \ - -#define _IPSEC_XFORM_H_ -#endif /* _IPSEC_XFORM_H_ */ - -/* - * $Log: ipsec_xform.h,v $ - * Revision 1.3 2004/09/29 22:26:13 as - * included ipsec_policy.h - * - * Revision 1.2 2004/03/22 21:53:18 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.4.1 2004/03/16 09:48:18 as - * alg-0.8.1rc12 patch merged - * - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.36 2002/04/24 07:36:48 mcr - * Moved from ./klips/net/ipsec/ipsec_xform.h,v - * - * Revision 1.35 2001/11/26 09:23:51 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.33.2.1 2001/09/25 02:24:58 mcr - * struct tdb -> struct ipsec_sa. - * sa(tdb) manipulation functions renamed and moved to ipsec_sa.c - * ipsec_xform.c removed. header file still contains useful things. - * - * Revision 1.34 2001/11/06 19:47:17 rgb - * Changed lifetime_packets to uint32 from uint64. - * - * Revision 1.33 2001/09/08 21:13:34 rgb - * Added pfkey ident extension support for ISAKMPd. (NetCelo) - * - * Revision 1.32 2001/07/06 07:40:01 rgb - * Reformatted for readability. - * Added inbound policy checking fields for use with IPIP SAs. - * - * Revision 1.31 2001/06/14 19:35:11 rgb - * Update copyright date. - * - * Revision 1.30 2001/05/30 08:14:03 rgb - * Removed vestiges of esp-null transforms. - * - * Revision 1.29 2001/01/30 23:42:47 rgb - * Allow pfkey msgs from pid other than user context required for ACQUIRE - * and subsequent ADD or UDATE. - * - * Revision 1.28 2000/11/06 04:30:40 rgb - * Add Svenning's adaptive content compression. - * - * Revision 1.27 2000/09/19 00:38:25 rgb - * Fixed algorithm name bugs introduced for ipcomp. - * - * Revision 1.26 2000/09/17 21:36:48 rgb - * Added proto2txt macro. - * - * Revision 1.25 2000/09/17 18:56:47 rgb - * Added IPCOMP support. - * - * Revision 1.24 2000/09/12 19:34:12 rgb - * Defined XF_IP6 from Gerhard for ipv6 tunnel support. - * - * Revision 1.23 2000/09/12 03:23:14 rgb - * Cleaned out now unused tdb_xform and tdb_xdata members of struct tdb. - * - * Revision 1.22 2000/09/08 19:12:56 rgb - * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. - * - * Revision 1.21 2000/09/01 18:32:43 rgb - * Added (disabled) sensitivity members to tdb struct. - * - * Revision 1.20 2000/08/30 05:31:01 rgb - * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst. - * Kill remainder of tdb_xform, tdb_xdata, xformsw. - * - * Revision 1.19 2000/08/01 14:51:52 rgb - * Removed _all_ remaining traces of DES. - * - * Revision 1.18 2000/01/21 06:17:45 rgb - * Tidied up spacing. - * - * Revision 1.17 1999/11/17 15:53:40 rgb - * Changed all occurrences of #include "../../../lib/freeswan.h" - * to #include which works due to -Ilibfreeswan in the - * klips/net/ipsec/Makefile. - * - * Revision 1.16 1999/10/16 04:23:07 rgb - * Add stats for replaywin_errs, replaywin_max_sequence_difference, - * authentication errors, encryption size errors, encryption padding - * errors, and time since last packet. - * - * Revision 1.15 1999/10/16 00:29:11 rgb - * Added SA lifetime packet counting variables. - * - * Revision 1.14 1999/10/01 00:04:14 rgb - * Added tdb structure locking. - * Add function to initialize tdb hash table. - * - * Revision 1.13 1999/04/29 15:20:57 rgb - * dd return values to init and cleanup functions. - * Eliminate unnessessary usage of tdb_xform member to further switch - * away from the transform switch to the algorithm switch. - * Change gettdb parameter to a pointer to reduce stack loading and - * facilitate parameter sanity checking. - * Add a parameter to tdbcleanup to be able to delete a class of SAs. - * - * Revision 1.12 1999/04/15 15:37:25 rgb - * Forward check changes from POST1_00 branch. - * - * Revision 1.9.2.2 1999/04/13 20:35:57 rgb - * Fix spelling mistake in comment. - * - * Revision 1.9.2.1 1999/03/30 17:13:52 rgb - * Extend struct tdb to support pfkey. - * - * Revision 1.11 1999/04/11 00:29:01 henry - * GPL boilerplate - * - * Revision 1.10 1999/04/06 04:54:28 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.9 1999/01/26 02:09:31 rgb - * Removed CONFIG_IPSEC_ALGO_SWITCH macro. - * Removed dead code. - * - * Revision 1.8 1999/01/22 06:29:35 rgb - * Added algorithm switch code. - * Cruft clean-out. - * - * Revision 1.7 1998/11/10 05:37:35 rgb - * Add support for SA direction flag. - * - * Revision 1.6 1998/10/19 14:44:29 rgb - * Added inclusion of freeswan.h. - * sa_id structure implemented and used: now includes protocol. - * - * Revision 1.5 1998/08/12 00:12:30 rgb - * Added macros for new xforms. Added prototypes for new xforms. - * - * Revision 1.4 1998/07/28 00:04:20 rgb - * Add macro for clearing the SA table. - * - * Revision 1.3 1998/07/14 18:06:46 rgb - * Added #ifdef __KERNEL__ directives to restrict scope of header. - * - * Revision 1.2 1998/06/23 03:02:19 rgb - * Created a prototype for ipsec_tdbcleanup when it was moved from - * ipsec_init.c. - * - * Revision 1.1 1998/06/18 21:27:51 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.4 1998/06/11 05:55:31 rgb - * Added transform version string pointer to xformsw structure definition. - * Added extern declarations for transform version strings. - * - * Revision 1.3 1998/05/18 22:02:54 rgb - * Modify the *_zeroize function prototypes to include one parameter. - * - * Revision 1.2 1998/04/21 21:29:08 rgb - * Rearrange debug switches to change on the fly debug output from user - * space. Only kernel changes checked in at this time. radij.c was also - * changed to temporarily remove buggy debugging code in rj_delete causing - * an OOPS and hence, netlink device open errors. - * - * Revision 1.1 1998/04/09 03:06:14 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:06 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.5 1997/06/03 04:24:48 ji - * Added ESP-3DES-MD5-96 - * - * Revision 0.4 1997/01/15 01:28:15 ji - * Added new transforms. - * - * Revision 0.3 1996/11/20 14:39:04 ji - * Minor cleanups. - * Rationalized debugging code. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * Local variables: - * c-file-style: "linux" - * End: - * - */ diff --git a/linux/include/freeswan/ipsec_xmit.h b/linux/include/freeswan/ipsec_xmit.h deleted file mode 100644 index 033984886..000000000 --- a/linux/include/freeswan/ipsec_xmit.h +++ /dev/null @@ -1,140 +0,0 @@ -/* - * IPSEC tunneling code - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_xmit.h,v 1.3 2004/06/13 19:37:07 as Exp $ - */ - -#include "freeswan/ipsec_sa.h" - -enum ipsec_xmit_value -{ - IPSEC_XMIT_STOLEN=2, - IPSEC_XMIT_PASS=1, - IPSEC_XMIT_OK=0, - IPSEC_XMIT_ERRMEMALLOC=-1, - IPSEC_XMIT_ESP_BADALG=-2, - IPSEC_XMIT_BADPROTO=-3, - IPSEC_XMIT_ESP_PUSHPULLERR=-4, - IPSEC_XMIT_BADLEN=-5, - IPSEC_XMIT_AH_BADALG=-6, - IPSEC_XMIT_SAIDNOTFOUND=-7, - IPSEC_XMIT_SAIDNOTLIVE=-8, - IPSEC_XMIT_REPLAYROLLED=-9, - IPSEC_XMIT_LIFETIMEFAILED=-10, - IPSEC_XMIT_CANNOTFRAG=-11, - IPSEC_XMIT_MSSERR=-12, - IPSEC_XMIT_ERRSKBALLOC=-13, - IPSEC_XMIT_ENCAPFAIL=-14, - IPSEC_XMIT_NODEV=-15, - IPSEC_XMIT_NOPRIVDEV=-16, - IPSEC_XMIT_NOPHYSDEV=-17, - IPSEC_XMIT_NOSKB=-18, - IPSEC_XMIT_NOIPV6=-19, - IPSEC_XMIT_NOIPOPTIONS=-20, - IPSEC_XMIT_TTLEXPIRED=-21, - IPSEC_XMIT_BADHHLEN=-22, - IPSEC_XMIT_PUSHPULLERR=-23, - IPSEC_XMIT_ROUTEERR=-24, - IPSEC_XMIT_RECURSDETECT=-25, - IPSEC_XMIT_IPSENDFAILURE=-26, -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - IPSEC_XMIT_ESPUDP=-27, -#endif -}; - -struct ipsec_xmit_state -{ - struct sk_buff *skb; /* working skb pointer */ - struct device *dev; /* working dev pointer */ - struct ipsecpriv *prv; /* Our device' private space */ - struct sk_buff *oskb; /* Original skb pointer */ - struct net_device_stats *stats; /* This device's statistics */ - struct iphdr *iph; /* Our new IP header */ - __u32 newdst; /* The other SG's IP address */ - __u32 orgdst; /* Original IP destination address */ - __u32 orgedst; /* 1st SG's IP address */ - __u32 newsrc; /* The new source SG's IP address */ - __u32 orgsrc; /* Original IP source address */ - __u32 innersrc; /* Innermost IP source address */ - int iphlen; /* IP header length */ - int pyldsz; /* upper protocol payload size */ - int headroom; - int tailroom; - int max_headroom; /* The extra header space needed */ - int max_tailroom; /* The extra stuffing needed */ - int ll_headroom; /* The extra link layer hard_header space needed */ - int tot_headroom; /* The total header space needed */ - int tot_tailroom; /* The totalstuffing needed */ - __u8 *saved_header; /* saved copy of the hard header */ - unsigned short sport, dport; - - struct sockaddr_encap matcher; /* eroute search key */ - struct eroute *eroute; - struct ipsec_sa *ipsp, *ipsq; /* ipsec_sa pointers */ - char sa_txt[SATOA_BUF]; - size_t sa_len; - int hard_header_stripped; /* has the hard header been removed yet? */ - int hard_header_len; - struct device *physdev; -/* struct device *virtdev; */ - short physmtu; - short mtudiff; -#ifdef NET_21 - struct rtable *route; -#endif /* NET_21 */ - struct sa_id outgoing_said; -#ifdef NET_21 - int pass; -#endif /* NET_21 */ - int error; - uint32_t eroute_pid; - struct ipsec_sa ips; -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - uint8_t natt_type; - uint8_t natt_head; - uint16_t natt_sport; - uint16_t natt_dport; -#endif -}; - -#if 0 /* save for alg refactorisation */ -struct xform_functions -{ - enum ipsec_xmit_value (*checks)(struct ipsec_xmit_state *ixs, - struct sk_buff *skb); - enum ipsec_xmit_value (*encrypt)(struct ipsec_xmit_state *ixs); - - enum ipsec_xmit_value (*setup_auth)(struct ipsec_xmit_state *ixs, - struct sk_buff *skb, - __u32 *replay, - unsigned char **authenticator); - enum ipsec_xmit_value (*calc_auth)(struct ipsec_xmit_state *ixs, - struct sk_buff *skb); -}; -#endif - -enum ipsec_xmit_value -ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs); - -enum ipsec_xmit_value -ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs); - -enum ipsec_xmit_value -ipsec_xmit_encap_bundle(struct ipsec_xmit_state *ixs); - -extern int ipsec_xmit_trap_count; -extern int ipsec_xmit_trap_sendcount; - -extern void ipsec_extract_ports(struct iphdr * iph, struct sockaddr_encap * er); diff --git a/linux/include/freeswan/radij.h b/linux/include/freeswan/radij.h deleted file mode 100644 index 2a66093a0..000000000 --- a/linux/include/freeswan/radij.h +++ /dev/null @@ -1,280 +0,0 @@ -/* - * RCSID $Id: radij.h,v 1.1 2004/03/15 20:35:25 as Exp $ - */ - -/* - * This file is defived from ${SRC}/sys/net/radix.h of BSD 4.4lite - * - * Variable and procedure names have been modified so that they don't - * conflict with the original BSD code, as a small number of modifications - * have been introduced and we may want to reuse this code in BSD. - * - * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek - * chi or a German ch sound (as `doch', not as in `milch'), or even a - * spanish j as in Juan. It is not as far back in the throat like - * the corresponding Hebrew sound, nor is it a soft breath like the English h. - * It has nothing to do with the Dutch ij sound. - * - * Here is the appropriate copyright notice: - */ - -/* - * Copyright (c) 1988, 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)radix.h 8.1 (Berkeley) 6/10/93 - */ - -#ifndef _RADIJ_H_ -#define _RADIJ_H_ - -/* -#define RJ_DEBUG -*/ - -#ifdef __KERNEL__ - -#ifndef __P -#ifdef __STDC__ -#define __P(x) x -#else -#define __P(x) () -#endif -#endif - -/* - * Radix search tree node layout. - */ - -struct radij_node -{ - struct radij_mask *rj_mklist; /* list of masks contained in subtree */ - struct radij_node *rj_p; /* parent */ - short rj_b; /* bit offset; -1-index(netmask) */ - char rj_bmask; /* node: mask for bit test*/ - u_char rj_flags; /* enumerated next */ -#define RJF_NORMAL 1 /* leaf contains normal route */ -#define RJF_ROOT 2 /* leaf is root leaf for tree */ -#define RJF_ACTIVE 4 /* This node is alive (for rtfree) */ - union { - struct { /* leaf only data: */ - caddr_t rj_Key; /* object of search */ - caddr_t rj_Mask; /* netmask, if present */ - struct radij_node *rj_Dupedkey; - } rj_leaf; - struct { /* node only data: */ - int rj_Off; /* where to start compare */ - struct radij_node *rj_L;/* progeny */ - struct radij_node *rj_R;/* progeny */ - }rj_node; - } rj_u; -#ifdef RJ_DEBUG - int rj_info; - struct radij_node *rj_twin; - struct radij_node *rj_ybro; -#endif -}; - -#define rj_dupedkey rj_u.rj_leaf.rj_Dupedkey -#define rj_key rj_u.rj_leaf.rj_Key -#define rj_mask rj_u.rj_leaf.rj_Mask -#define rj_off rj_u.rj_node.rj_Off -#define rj_l rj_u.rj_node.rj_L -#define rj_r rj_u.rj_node.rj_R - -/* - * Annotations to tree concerning potential routes applying to subtrees. - */ - -extern struct radij_mask { - short rm_b; /* bit offset; -1-index(netmask) */ - char rm_unused; /* cf. rj_bmask */ - u_char rm_flags; /* cf. rj_flags */ - struct radij_mask *rm_mklist; /* more masks to try */ - caddr_t rm_mask; /* the mask */ - int rm_refs; /* # of references to this struct */ -} *rj_mkfreelist; - -#define MKGet(m) {\ - if (rj_mkfreelist) {\ - m = rj_mkfreelist; \ - rj_mkfreelist = (m)->rm_mklist; \ - } else \ - R_Malloc(m, struct radij_mask *, sizeof (*(m))); }\ - -#define MKFree(m) { (m)->rm_mklist = rj_mkfreelist; rj_mkfreelist = (m);} - -struct radij_node_head { - struct radij_node *rnh_treetop; - int rnh_addrsize; /* permit, but not require fixed keys */ - int rnh_pktsize; /* permit, but not require fixed keys */ -#if 0 - struct radij_node *(*rnh_addaddr) /* add based on sockaddr */ - __P((void *v, void *mask, - struct radij_node_head *head, struct radij_node nodes[])); -#endif - int (*rnh_addaddr) /* add based on sockaddr */ - __P((void *v, void *mask, - struct radij_node_head *head, struct radij_node nodes[])); - struct radij_node *(*rnh_addpkt) /* add based on packet hdr */ - __P((void *v, void *mask, - struct radij_node_head *head, struct radij_node nodes[])); -#if 0 - struct radij_node *(*rnh_deladdr) /* remove based on sockaddr */ - __P((void *v, void *mask, struct radij_node_head *head)); -#endif - int (*rnh_deladdr) /* remove based on sockaddr */ - __P((void *v, void *mask, struct radij_node_head *head, struct radij_node **node)); - struct radij_node *(*rnh_delpkt) /* remove based on packet hdr */ - __P((void *v, void *mask, struct radij_node_head *head)); - struct radij_node *(*rnh_matchaddr) /* locate based on sockaddr */ - __P((void *v, struct radij_node_head *head)); - struct radij_node *(*rnh_matchpkt) /* locate based on packet hdr */ - __P((void *v, struct radij_node_head *head)); - int (*rnh_walktree) /* traverse tree */ - __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w)); - struct radij_node rnh_nodes[3]; /* empty tree for common case */ -}; - - -#define Bcmp(a, b, n) memcmp(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) -#define Bcopy(a, b, n) memmove(((caddr_t)(b)), ((caddr_t)(a)), (unsigned)(n)) -#define Bzero(p, n) memset((caddr_t)(p), 0, (unsigned)(n)) -#define R_Malloc(p, t, n) ((p = (t) kmalloc((size_t)(n), GFP_ATOMIC)), Bzero((p),(n))) -#define Free(p) kfree((caddr_t)p); - -void rj_init __P((void)); -int rj_inithead __P((void **, int)); -int rj_refines __P((void *, void *)); -int rj_walktree __P((struct radij_node_head *head, int (*f)(struct radij_node *rn, void *w), void *w)); -struct radij_node - *rj_addmask __P((void *, int, int)) /* , rgb */ ; -int /* * */ rj_addroute __P((void *, void *, struct radij_node_head *, - struct radij_node [2])) /* , rgb */ ; -int /* * */ rj_delete __P((void *, void *, struct radij_node_head *, struct radij_node **)) /* , rgb */ ; -struct radij_node /* rgb */ - *rj_insert __P((void *, struct radij_node_head *, int *, - struct radij_node [2])), - *rj_match __P((void *, struct radij_node_head *)), - *rj_newpair __P((void *, int, struct radij_node[2])), - *rj_search __P((void *, struct radij_node *)), - *rj_search_m __P((void *, struct radij_node *, void *)); - -void rj_deltree(struct radij_node_head *); -void rj_delnodes(struct radij_node *); -void rj_free_mkfreelist(void); -int radijcleartree(void); -int radijcleanup(void); - -extern struct radij_node_head *mask_rjhead; -extern int maj_keylen; -#endif /* __KERNEL__ */ - -#endif /* _RADIJ_H_ */ - - -/* - * $Log: radij.h,v $ - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.12 2002/04/24 07:36:48 mcr - * Moved from ./klips/net/ipsec/radij.h,v - * - * Revision 1.11 2001/09/20 15:33:00 rgb - * Min/max cleanup. - * - * Revision 1.10 1999/11/18 04:09:20 rgb - * Replaced all kernel version macros to shorter, readable form. - * - * Revision 1.9 1999/05/05 22:02:33 rgb - * Add a quick and dirty port to 2.2 kernels by Marc Boucher . - * - * Revision 1.8 1999/04/29 15:24:58 rgb - * Add check for existence of macros min/max. - * - * Revision 1.7 1999/04/11 00:29:02 henry - * GPL boilerplate - * - * Revision 1.6 1999/04/06 04:54:29 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.5 1999/01/22 06:30:32 rgb - * 64-bit clean-up. - * - * Revision 1.4 1998/11/30 13:22:55 rgb - * Rationalised all the klips kernel file headers. They are much shorter - * now and won't conflict under RH5.2. - * - * Revision 1.3 1998/10/25 02:43:27 rgb - * Change return type on rj_addroute and rj_delete and add and argument - * to the latter to be able to transmit more infomation about errors. - * - * Revision 1.2 1998/07/14 18:09:51 rgb - * Add a routine to clear eroute table. - * Added #ifdef __KERNEL__ directives to restrict scope of header. - * - * Revision 1.1 1998/06/18 21:30:22 henry - * move sources from klips/src to klips/net/ipsec to keep stupid kernel - * build scripts happier about symlinks - * - * Revision 1.4 1998/05/25 20:34:16 rgb - * Remove temporary ipsec_walk, rj_deltree and rj_delnodes functions. - * - * Rename ipsec_rj_walker (ipsec_walk) to ipsec_rj_walker_procprint and - * add ipsec_rj_walker_delete. - * - * Recover memory for eroute table on unload of module. - * - * Revision 1.3 1998/04/22 16:51:37 rgb - * Tidy up radij debug code from recent rash of modifications to debug code. - * - * Revision 1.2 1998/04/14 17:30:38 rgb - * Fix up compiling errors for radij tree memory reclamation. - * - * Revision 1.1 1998/04/09 03:06:16 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:04 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.4 1997/01/15 01:28:15 ji - * No changes. - * - * Revision 0.3 1996/11/20 14:44:45 ji - * Release update only. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * - */ diff --git a/linux/include/mast.h b/linux/include/mast.h deleted file mode 100644 index 626559b59..000000000 --- a/linux/include/mast.h +++ /dev/null @@ -1,33 +0,0 @@ -struct mast_callbacks { - int (*packet_encap)(struct device *mast, void *context, - struct sk_buff *skb, int flowref); - int (*link_inquire)(struct device *mast, void *context); -}; - - -struct device *mast_init (int family, - struct mast_callbacks *callbacks, - unsigned int flags, - unsigned int desired_unit, - unsigned int max_flowref, - void *context); - -int mast_destroy(struct device *mast); - -int mast_recv(struct device *mast, struct sk_buff *skb, int flowref); - -/* free this skb as being useless, increment failure count. */ -int mast_toast(struct device *mast, struct sk_buff *skb, int flowref); - -int mast_linkstat (struct device *mast, int flowref, - int status); - -int mast_setreference (struct device *mast, - int defaultSA); - -int mast_setneighbor (struct device *mast, - struct sockaddr *source, - struct sockaddr *destination, - int flowref); - - diff --git a/linux/include/pfkey.h b/linux/include/pfkey.h deleted file mode 100644 index f858cd95e..000000000 --- a/linux/include/pfkey.h +++ /dev/null @@ -1,498 +0,0 @@ -/* - * FreeS/WAN specific PF_KEY headers - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: pfkey.h,v 1.2 2004/03/22 21:53:18 as Exp $ - */ - -#ifndef __NET_IPSEC_PF_KEY_H -#define __NET_IPSEC_PF_KEY_H -#ifdef __KERNEL__ -extern struct proto_ops pfkey_proto_ops; -typedef struct sock pfkey_sock; -extern int debug_pfkey; - -extern /* void */ int pfkey_init(void); -extern /* void */ int pfkey_cleanup(void); - -extern struct sock *pfkey_sock_list; -struct socket_list -{ - struct socket *socketp; - struct socket_list *next; -}; -extern int pfkey_list_insert_socket(struct socket*, struct socket_list**); -extern int pfkey_list_remove_socket(struct socket*, struct socket_list**); -extern struct socket_list *pfkey_open_sockets; -extern struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1]; - -/* - * There is a field-by-field copy in klips/net/ipsec/ipsec_alg.h - * please keep in sync until we migrate all support stuff - * to ipsec_alg objects - */ -struct supported -{ - uint16_t supported_alg_exttype; - uint8_t supported_alg_id; - uint8_t supported_alg_ivlen; - uint16_t supported_alg_minbits; - uint16_t supported_alg_maxbits; -}; -extern struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1]; -struct supported_list -{ - struct supported *supportedp; - struct supported_list *next; -}; -extern int pfkey_list_insert_supported(struct supported*, struct supported_list**); -extern int pfkey_list_remove_supported(struct supported*, struct supported_list**); - -struct sockaddr_key -{ - uint16_t key_family; /* PF_KEY */ - uint16_t key_pad; /* not used */ - uint32_t key_pid; /* process ID */ -}; - -struct pfkey_extracted_data -{ - struct ipsec_sa* ips; - struct ipsec_sa* ips2; - struct eroute *eroute; -}; - -extern int -pfkey_alloc_eroute(struct eroute** eroute); - -extern int -pfkey_sa_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_lifetime_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_address_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_key_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_ident_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_sens_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_prop_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_supported_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_spirange_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_x_satype_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int -pfkey_x_debug_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data* extr); - -extern int pfkey_register_reply(int satype, struct sadb_msg *); -extern int pfkey_upmsg(struct socket *, struct sadb_msg *); -extern int pfkey_expire(struct ipsec_sa *, int); -extern int pfkey_acquire(struct ipsec_sa *); -#else /* ! __KERNEL__ */ - -extern void (*pfkey_debug_func)(const char *message, ...); - -#endif /* __KERNEL__ */ - -extern uint8_t satype2proto(uint8_t satype); -extern uint8_t proto2satype(uint8_t proto); -extern char* satype2name(uint8_t satype); -extern char* proto2name(uint8_t proto); - -struct key_opt -{ - uint32_t key_pid; /* process ID */ - struct sock *sk; -}; - -#define key_pid(sk) ((struct key_opt*)&((sk)->protinfo))->key_pid - -#define IPSEC_PFKEYv2_ALIGN (sizeof(uint64_t)/sizeof(uint8_t)) -#define BITS_PER_OCTET 8 -#define OCTETBITS 8 -#define PFKEYBITS 64 -#define DIVUP(x,y) ((x + y -1) / y) /* divide, rounding upwards */ -#define ALIGN_N(x,y) (DIVUP(x,y) * y) /* align on y boundary */ - -#define PFKEYv2_MAX_MSGSIZE 4096 - -/* - * PF_KEYv2 permitted and required extensions in and out bitmaps - */ -struct pf_key_ext_parsers_def { - int (*parser)(struct sadb_ext*); - char *parser_name; -}; - - -extern unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/]; -#define EXT_BITS_IN 0 -#define EXT_BITS_OUT 1 -#define EXT_BITS_PERM 0 -#define EXT_BITS_REQ 1 - -extern void pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]); -extern void pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]); -extern void pfkey_msg_free(struct sadb_msg **pfkey_msg); - -extern int pfkey_msg_parse(struct sadb_msg *pfkey_msg, - struct pf_key_ext_parsers_def *ext_parsers[], - struct sadb_ext **extensions, - int dir); - -/* - * PF_KEYv2 build function prototypes - */ - -int -pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, - uint8_t msg_type, - uint8_t satype, - uint8_t msg_errno, - uint32_t seq, - uint32_t pid); - -int -pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t spi, /* in network order */ - uint8_t replay_window, - uint8_t sa_state, - uint8_t auth, - uint8_t encrypt, - uint32_t flags, - uint32_t/*IPsecSAref_t*/ ref); - -int -pfkey_sa_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t spi, /* in network order */ - uint8_t replay_window, - uint8_t sa_state, - uint8_t auth, - uint8_t encrypt, - uint32_t flags); - -int -pfkey_lifetime_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t allocations, - uint64_t bytes, - uint64_t addtime, - uint64_t usetime, - uint32_t packets); - -int -pfkey_address_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint8_t proto, - uint8_t prefixlen, - struct sockaddr* address); - -int -pfkey_key_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t key_bits, - char* key); - -int -pfkey_ident_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t ident_type, - uint64_t ident_id, - uint8_t ident_len, - char* ident_string); - -#ifdef NAT_TRAVERSAL -#ifdef __KERNEL__ -extern int pfkey_nat_t_new_mapping(struct ipsec_sa *, struct sockaddr *, __u16); -extern int pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr); -extern int pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr); -#endif /* __KERNEL__ */ -int -pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext, - uint8_t type); -int -pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t port); -#endif - -int -pfkey_sens_build(struct sadb_ext** pfkey_ext, - uint32_t dpd, - uint8_t sens_level, - uint8_t sens_len, - uint64_t* sens_bitmap, - uint8_t integ_level, - uint8_t integ_len, - uint64_t* integ_bitmap); - -int pfkey_x_protocol_build(struct sadb_ext **, uint8_t); - - -int -pfkey_prop_build(struct sadb_ext** pfkey_ext, - uint8_t replay, - unsigned int comb_num, - struct sadb_comb* comb); - -int -pfkey_supported_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - unsigned int alg_num, - struct sadb_alg* alg); - -int -pfkey_spirange_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint32_t min, - uint32_t max); - -int -pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext); - -int -pfkey_x_satype_build(struct sadb_ext** pfkey_ext, - uint8_t satype); - -int -pfkey_x_debug_build(struct sadb_ext** pfkey_ext, - uint32_t tunnel, - uint32_t netlink, - uint32_t xform, - uint32_t eroute, - uint32_t spi, - uint32_t radij, - uint32_t esp, - uint32_t ah, - uint32_t rcv, - uint32_t pfkey, - uint32_t ipcomp, - uint32_t verbose); - -int -pfkey_msg_build(struct sadb_msg** pfkey_msg, - struct sadb_ext* extensions[], - int dir); - -/* in pfkey_v2_debug.c - routines to decode numbers -> strings */ -const char * -pfkey_v2_sadb_ext_string(int extnum); - -const char * -pfkey_v2_sadb_type_string(int sadb_type); - - -#endif /* __NET_IPSEC_PF_KEY_H */ - -/* - * $Log: pfkey.h,v $ - * Revision 1.2 2004/03/22 21:53:18 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.2.1.2.1 2004/03/16 09:48:18 as - * alg-0.8.1rc12 patch merged - * - * Revision 1.1.2.1 2004/03/15 22:30:06 as - * nat-0.6c patch merged - * - * Revision 1.1 2004/03/15 20:35:25 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.42 2003/08/25 22:08:19 mcr - * removed pfkey_proto_init() from pfkey.h for 2.6 support. - * - * Revision 1.41 2003/05/07 17:28:57 mcr - * new function pfkey_debug_func added for us in debugging from - * pfkey library. - * - * Revision 1.40 2003/01/30 02:31:34 rgb - * - * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. - * - * Revision 1.39 2002/09/20 15:40:21 rgb - * Switch from pfkey_alloc_ipsec_sa() to ipsec_sa_alloc(). - * Added ref parameter to pfkey_sa_build(). - * Cleaned out unused cruft. - * - * Revision 1.38 2002/05/14 02:37:24 rgb - * Change all references to tdb, TDB or Tunnel Descriptor Block to ips, - * ipsec_sa or ipsec_sa. - * Added function prototypes for the functions moved to - * pfkey_v2_ext_process.c. - * - * Revision 1.37 2002/04/24 07:36:49 mcr - * Moved from ./lib/pfkey.h,v - * - * Revision 1.36 2002/01/20 20:34:49 mcr - * added pfkey_v2_sadb_type_string to decode sadb_type to string. - * - * Revision 1.35 2001/11/27 05:27:47 mcr - * pfkey parses are now maintained by a structure - * that includes their name for debug purposes. - * - * Revision 1.34 2001/11/26 09:23:53 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.33 2001/11/06 19:47:47 rgb - * Added packet parameter to lifetime and comb structures. - * - * Revision 1.32 2001/09/08 21:13:34 rgb - * Added pfkey ident extension support for ISAKMPd. (NetCelo) - * - * Revision 1.31 2001/06/14 19:35:16 rgb - * Update copyright date. - * - * Revision 1.30 2001/02/27 07:04:52 rgb - * Added satype2name prototype. - * - * Revision 1.29 2001/02/26 19:59:33 rgb - * Ditch unused sadb_satype2proto[], replaced by satype2proto(). - * - * Revision 1.28 2000/10/10 20:10:19 rgb - * Added support for debug_ipcomp and debug_verbose to klipsdebug. - * - * Revision 1.27 2000/09/21 04:20:45 rgb - * Fixed array size off-by-one error. (Thanks Svenning!) - * - * Revision 1.26 2000/09/12 03:26:05 rgb - * Added pfkey_acquire prototype. - * - * Revision 1.25 2000/09/08 19:21:28 rgb - * Fix pfkey_prop_build() parameter to be only single indirection. - * - * Revision 1.24 2000/09/01 18:46:42 rgb - * Added a supported algorithms array lists, one per satype and registered - * existing algorithms. - * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to - * list. - * - * Revision 1.23 2000/08/27 01:55:26 rgb - * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code. - * - * Revision 1.22 2000/08/20 21:39:23 rgb - * Added kernel prototypes for kernel funcitions pfkey_upmsg() and - * pfkey_expire(). - * - * Revision 1.21 2000/08/15 17:29:23 rgb - * Fixes from SZI to untested pfkey_prop_build(). - * - * Revision 1.20 2000/05/10 20:14:19 rgb - * Fleshed out sensitivity, proposal and supported extensions. - * - * Revision 1.19 2000/03/16 14:07:23 rgb - * Renamed ALIGN macro to avoid fighting with others in kernel. - * - * Revision 1.18 2000/01/22 23:24:06 rgb - * Added prototypes for proto2satype(), satype2proto() and proto2name(). - * - * Revision 1.17 2000/01/21 06:26:59 rgb - * Converted from double tdb arguments to one structure (extr) - * containing pointers to all temporary information structures. - * Added klipsdebug switching capability. - * Dropped unused argument to pfkey_x_satype_build(). - * - * Revision 1.16 1999/12/29 21:17:41 rgb - * Changed pfkey_msg_build() I/F to include a struct sadb_msg** - * parameter for cleaner manipulation of extensions[] and to guard - * against potential memory leaks. - * Changed the I/F to pfkey_msg_free() for the same reason. - * - * Revision 1.15 1999/12/09 23:12:54 rgb - * Added macro for BITS_PER_OCTET. - * Added argument to pfkey_sa_build() to do eroutes. - * - * Revision 1.14 1999/12/08 20:33:25 rgb - * Changed sa_family_t to uint16_t for 2.0.xx compatibility. - * - * Revision 1.13 1999/12/07 19:53:40 rgb - * Removed unused first argument from extension parsers. - * Changed __u* types to uint* to avoid use of asm/types.h and - * sys/types.h in userspace code. - * Added function prototypes for pfkey message and extensions - * initialisation and cleanup. - * - * Revision 1.12 1999/12/01 22:19:38 rgb - * Change pfkey_sa_build to accept an SPI in network byte order. - * - * Revision 1.11 1999/11/27 11:55:26 rgb - * Added extern sadb_satype2proto to enable moving protocol lookup table - * to lib/pfkey_v2_parse.c. - * Delete unused, moved typedefs. - * Add argument to pfkey_msg_parse() for direction. - * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. - * - * Revision 1.10 1999/11/23 22:29:21 rgb - * This file has been moved in the distribution from klips/net/ipsec to - * lib. - * Add macros for dealing with alignment and rounding up more opaquely. - * The uint_t type defines have been moved to freeswan.h to avoid - * chicken-and-egg problems. - * Add macros for dealing with alignment and rounding up more opaque. - * Added prototypes for using extention header bitmaps. - * Added prototypes of all the build functions. - * - * Revision 1.9 1999/11/20 21:59:48 rgb - * Moved socketlist type declarations and prototypes for shared use. - * Slightly modified scope of sockaddr_key declaration. - * - * Revision 1.8 1999/11/17 14:34:25 rgb - * Protect sa_family_t from being used in userspace with GLIBC<2. - * - * Revision 1.7 1999/10/27 19:40:35 rgb - * Add a maximum PFKEY packet size macro. - * - * Revision 1.6 1999/10/26 16:58:58 rgb - * Created a sockaddr_key and key_opt socket extension structures. - * - * Revision 1.5 1999/06/10 05:24:41 rgb - * Renamed variables to reduce confusion. - * - * Revision 1.4 1999/04/29 15:21:11 rgb - * Add pfkey support to debugging. - * Add return values to init and cleanup functions. - * - * Revision 1.3 1999/04/15 17:58:07 rgb - * Add RCSID labels. - * - */ diff --git a/linux/include/pfkeyv2.h b/linux/include/pfkeyv2.h deleted file mode 100644 index 48579e27a..000000000 --- a/linux/include/pfkeyv2.h +++ /dev/null @@ -1,385 +0,0 @@ -/* - * RCSID $Id: pfkeyv2.h,v 1.5 2004/10/04 22:43:56 as Exp $ - */ - -/* -RFC 2367 PF_KEY Key Management API July 1998 - - -Appendix D: Sample Header File - -This file defines structures and symbols for the PF_KEY Version 2 -key management interface. It was written at the U.S. Naval Research -Laboratory. This file is in the public domain. The authors ask that -you leave this credit intact on any copies of this file. -*/ -#ifndef __PFKEY_V2_H -#define __PFKEY_V2_H 1 - -#define PF_KEY_V2 2 -#define PFKEYV2_REVISION 199806L - -#define SADB_RESERVED 0 -#define SADB_GETSPI 1 -#define SADB_UPDATE 2 -#define SADB_ADD 3 -#define SADB_DELETE 4 -#define SADB_GET 5 -#define SADB_ACQUIRE 6 -#define SADB_REGISTER 7 -#define SADB_EXPIRE 8 -#define SADB_FLUSH 9 -#define SADB_DUMP 10 -#define SADB_X_PROMISC 11 -#define SADB_X_PCHANGE 12 -#define SADB_X_GRPSA 13 -#define SADB_X_ADDFLOW 14 -#define SADB_X_DELFLOW 15 -#define SADB_X_DEBUG 16 -#ifdef NAT_TRAVERSAL -#define SADB_X_NAT_T_NEW_MAPPING 17 -#define SADB_MAX 17 -#else -#define SADB_MAX 16 -#endif - -struct sadb_msg { - uint8_t sadb_msg_version; - uint8_t sadb_msg_type; - uint8_t sadb_msg_errno; - uint8_t sadb_msg_satype; - uint16_t sadb_msg_len; - uint16_t sadb_msg_reserved; - uint32_t sadb_msg_seq; - uint32_t sadb_msg_pid; -}; - -struct sadb_ext { - uint16_t sadb_ext_len; - uint16_t sadb_ext_type; -}; - -struct sadb_sa { - uint16_t sadb_sa_len; - uint16_t sadb_sa_exttype; - uint32_t sadb_sa_spi; - uint8_t sadb_sa_replay; - uint8_t sadb_sa_state; - uint8_t sadb_sa_auth; - uint8_t sadb_sa_encrypt; - uint32_t sadb_sa_flags; - uint32_t /*IPsecSAref_t*/ sadb_x_sa_ref; /* 32 bits */ - uint8_t sadb_x_reserved[4]; -}; - -struct sadb_sa_v1 { - uint16_t sadb_sa_len; - uint16_t sadb_sa_exttype; - uint32_t sadb_sa_spi; - uint8_t sadb_sa_replay; - uint8_t sadb_sa_state; - uint8_t sadb_sa_auth; - uint8_t sadb_sa_encrypt; - uint32_t sadb_sa_flags; -}; - -struct sadb_lifetime { - uint16_t sadb_lifetime_len; - uint16_t sadb_lifetime_exttype; - uint32_t sadb_lifetime_allocations; - uint64_t sadb_lifetime_bytes; - uint64_t sadb_lifetime_addtime; - uint64_t sadb_lifetime_usetime; - uint32_t sadb_x_lifetime_packets; - uint32_t sadb_x_lifetime_reserved; -}; - -struct sadb_address { - uint16_t sadb_address_len; - uint16_t sadb_address_exttype; - uint8_t sadb_address_proto; - uint8_t sadb_address_prefixlen; - uint16_t sadb_address_reserved; -}; - -struct sadb_key { - uint16_t sadb_key_len; - uint16_t sadb_key_exttype; - uint16_t sadb_key_bits; - uint16_t sadb_key_reserved; -}; - -struct sadb_ident { - uint16_t sadb_ident_len; - uint16_t sadb_ident_exttype; - uint16_t sadb_ident_type; - uint16_t sadb_ident_reserved; - uint64_t sadb_ident_id; -}; - -struct sadb_sens { - uint16_t sadb_sens_len; - uint16_t sadb_sens_exttype; - uint32_t sadb_sens_dpd; - uint8_t sadb_sens_sens_level; - uint8_t sadb_sens_sens_len; - uint8_t sadb_sens_integ_level; - uint8_t sadb_sens_integ_len; - uint32_t sadb_sens_reserved; -}; - -struct sadb_prop { - uint16_t sadb_prop_len; - uint16_t sadb_prop_exttype; - uint8_t sadb_prop_replay; - uint8_t sadb_prop_reserved[3]; -}; - -struct sadb_comb { - uint8_t sadb_comb_auth; - uint8_t sadb_comb_encrypt; - uint16_t sadb_comb_flags; - uint16_t sadb_comb_auth_minbits; - uint16_t sadb_comb_auth_maxbits; - uint16_t sadb_comb_encrypt_minbits; - uint16_t sadb_comb_encrypt_maxbits; - uint32_t sadb_comb_reserved; - uint32_t sadb_comb_soft_allocations; - uint32_t sadb_comb_hard_allocations; - uint64_t sadb_comb_soft_bytes; - uint64_t sadb_comb_hard_bytes; - uint64_t sadb_comb_soft_addtime; - uint64_t sadb_comb_hard_addtime; - uint64_t sadb_comb_soft_usetime; - uint64_t sadb_comb_hard_usetime; - uint32_t sadb_x_comb_soft_packets; - uint32_t sadb_x_comb_hard_packets; -}; - -struct sadb_supported { - uint16_t sadb_supported_len; - uint16_t sadb_supported_exttype; - uint32_t sadb_supported_reserved; -}; - -struct sadb_alg { - uint8_t sadb_alg_id; - uint8_t sadb_alg_ivlen; - uint16_t sadb_alg_minbits; - uint16_t sadb_alg_maxbits; - uint16_t sadb_alg_reserved; -}; - -struct sadb_spirange { - uint16_t sadb_spirange_len; - uint16_t sadb_spirange_exttype; - uint32_t sadb_spirange_min; - uint32_t sadb_spirange_max; - uint32_t sadb_spirange_reserved; -}; - -struct sadb_x_kmprivate { - uint16_t sadb_x_kmprivate_len; - uint16_t sadb_x_kmprivate_exttype; - uint32_t sadb_x_kmprivate_reserved; -}; - -struct sadb_x_satype { - uint16_t sadb_x_satype_len; - uint16_t sadb_x_satype_exttype; - uint8_t sadb_x_satype_satype; - uint8_t sadb_x_satype_reserved[3]; -}; - -struct sadb_x_policy { - uint16_t sadb_x_policy_len; - uint16_t sadb_x_policy_exttype; - uint16_t sadb_x_policy_type; - uint8_t sadb_x_policy_dir; - uint8_t sadb_x_policy_reserved; - uint32_t sadb_x_policy_id; - uint32_t sadb_x_policy_reserved2; -}; - -struct sadb_x_debug { - uint16_t sadb_x_debug_len; - uint16_t sadb_x_debug_exttype; - uint32_t sadb_x_debug_tunnel; - uint32_t sadb_x_debug_netlink; - uint32_t sadb_x_debug_xform; - uint32_t sadb_x_debug_eroute; - uint32_t sadb_x_debug_spi; - uint32_t sadb_x_debug_radij; - uint32_t sadb_x_debug_esp; - uint32_t sadb_x_debug_ah; - uint32_t sadb_x_debug_rcv; - uint32_t sadb_x_debug_pfkey; - uint32_t sadb_x_debug_ipcomp; - uint32_t sadb_x_debug_verbose; - uint8_t sadb_x_debug_reserved[4]; -}; - -#ifdef NAT_TRAVERSAL -struct sadb_x_nat_t_type { - uint16_t sadb_x_nat_t_type_len; - uint16_t sadb_x_nat_t_type_exttype; - uint8_t sadb_x_nat_t_type_type; - uint8_t sadb_x_nat_t_type_reserved[3]; -}; -struct sadb_x_nat_t_port { - uint16_t sadb_x_nat_t_port_len; - uint16_t sadb_x_nat_t_port_exttype; - uint16_t sadb_x_nat_t_port_port; - uint16_t sadb_x_nat_t_port_reserved; -}; -#endif - -/* - * A protocol structure for passing through the transport level - * protocol. It contains more fields than are actually used/needed - * but it is this way to be compatible with the structure used in - * OpenBSD (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfkeyv2.h) - */ -struct sadb_protocol { - uint16_t sadb_protocol_len; - uint16_t sadb_protocol_exttype; - uint8_t sadb_protocol_proto; - uint8_t sadb_protocol_direction; - uint8_t sadb_protocol_flags; - uint8_t sadb_protocol_reserved2; -}; - -#define SADB_EXT_RESERVED 0 -#define SADB_EXT_SA 1 -#define SADB_EXT_LIFETIME_CURRENT 2 -#define SADB_EXT_LIFETIME_HARD 3 -#define SADB_EXT_LIFETIME_SOFT 4 -#define SADB_EXT_ADDRESS_SRC 5 -#define SADB_EXT_ADDRESS_DST 6 -#define SADB_EXT_ADDRESS_PROXY 7 -#define SADB_EXT_KEY_AUTH 8 -#define SADB_EXT_KEY_ENCRYPT 9 -#define SADB_EXT_IDENTITY_SRC 10 -#define SADB_EXT_IDENTITY_DST 11 -#define SADB_EXT_SENSITIVITY 12 -#define SADB_EXT_PROPOSAL 13 -#define SADB_EXT_SUPPORTED_AUTH 14 -#define SADB_EXT_SUPPORTED_ENCRYPT 15 -#define SADB_EXT_SPIRANGE 16 -#define SADB_X_EXT_KMPRIVATE 17 -#define SADB_X_EXT_SATYPE2 18 -#ifdef KERNEL26_HAS_KAME_DUPLICATES -#define SADB_X_EXT_POLICY 18 -#endif -#define SADB_X_EXT_SA2 19 -#define SADB_X_EXT_ADDRESS_DST2 20 -#define SADB_X_EXT_ADDRESS_SRC_FLOW 21 -#define SADB_X_EXT_ADDRESS_DST_FLOW 22 -#define SADB_X_EXT_ADDRESS_SRC_MASK 23 -#define SADB_X_EXT_ADDRESS_DST_MASK 24 -#define SADB_X_EXT_DEBUG 25 -#define SADB_X_EXT_PROTOCOL 26 -#ifdef NAT_TRAVERSAL -#define SADB_X_EXT_NAT_T_TYPE 27 -#define SADB_X_EXT_NAT_T_SPORT 28 -#define SADB_X_EXT_NAT_T_DPORT 29 -#define SADB_X_EXT_NAT_T_OA 30 -#define SADB_EXT_MAX 30 -#else -#define SADB_EXT_MAX 26 -#endif - -/* SADB_X_DELFLOW required over and above SADB_X_SAFLAGS_CLEARFLOW */ -#define SADB_X_EXT_ADDRESS_DELFLOW \ - ( (1<adler to the adler32 checksum of all input read - so far (that is, total_in bytes). - - deflate() may update data_type if it can make a good guess about - the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered - binary. This field is only for information purposes and does not affect - the compression algorithm in any manner. - - deflate() returns Z_OK if some progress has been made (more input - processed or more output produced), Z_STREAM_END if all input has been - consumed and all output has been produced (only when flush is set to - Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example - if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible - (for example avail_in or avail_out was zero). -*/ - - -ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm)); -/* - All dynamically allocated data structures for this stream are freed. - This function discards any unprocessed input and does not flush any - pending output. - - deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the - stream state was inconsistent, Z_DATA_ERROR if the stream was freed - prematurely (some input or output was discarded). In the error case, - msg may be set but then points to a static string (which must not be - deallocated). -*/ - - -/* -ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm)); - - Initializes the internal stream state for decompression. The fields - next_in, avail_in, zalloc, zfree and opaque must be initialized before by - the caller. If next_in is not Z_NULL and avail_in is large enough (the exact - value depends on the compression method), inflateInit determines the - compression method from the zlib header and allocates all data structures - accordingly; otherwise the allocation will be deferred to the first call of - inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to - use default allocation functions. - - inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough - memory, Z_VERSION_ERROR if the zlib library version is incompatible with the - version assumed by the caller. msg is set to null if there is no error - message. inflateInit does not perform any decompression apart from reading - the zlib header if present: this will be done by inflate(). (So next_in and - avail_in may be modified, but next_out and avail_out are unchanged.) -*/ - - -ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush)); -/* - inflate decompresses as much data as possible, and stops when the input - buffer becomes empty or the output buffer becomes full. It may some - introduce some output latency (reading input without producing any output) - except when forced to flush. - - The detailed semantics are as follows. inflate performs one or both of the - following actions: - - - Decompress more input starting at next_in and update next_in and avail_in - accordingly. If not all input can be processed (because there is not - enough room in the output buffer), next_in is updated and processing - will resume at this point for the next call of inflate(). - - - Provide more output starting at next_out and update next_out and avail_out - accordingly. inflate() provides as much output as possible, until there - is no more input data or no more space in the output buffer (see below - about the flush parameter). - - Before the call of inflate(), the application should ensure that at least - one of the actions is possible, by providing more input and/or consuming - more output, and updating the next_* and avail_* values accordingly. - The application can consume the uncompressed output when it wants, for - example when the output buffer is full (avail_out == 0), or after each - call of inflate(). If inflate returns Z_OK and with zero avail_out, it - must be called again after making room in the output buffer because there - might be more output pending. - - If the parameter flush is set to Z_SYNC_FLUSH, inflate flushes as much - output as possible to the output buffer. The flushing behavior of inflate is - not specified for values of the flush parameter other than Z_SYNC_FLUSH - and Z_FINISH, but the current implementation actually flushes as much output - as possible anyway. - - inflate() should normally be called until it returns Z_STREAM_END or an - error. However if all decompression is to be performed in a single step - (a single call of inflate), the parameter flush should be set to - Z_FINISH. In this case all pending input is processed and all pending - output is flushed; avail_out must be large enough to hold all the - uncompressed data. (The size of the uncompressed data may have been saved - by the compressor for this purpose.) The next operation on this stream must - be inflateEnd to deallocate the decompression state. The use of Z_FINISH - is never required, but can be used to inform inflate that a faster routine - may be used for the single inflate() call. - - If a preset dictionary is needed at this point (see inflateSetDictionary - below), inflate sets strm-adler to the adler32 checksum of the - dictionary chosen by the compressor and returns Z_NEED_DICT; otherwise - it sets strm->adler to the adler32 checksum of all output produced - so far (that is, total_out bytes) and returns Z_OK, Z_STREAM_END or - an error code as described below. At the end of the stream, inflate() - checks that its computed adler32 checksum is equal to that saved by the - compressor and returns Z_STREAM_END only if the checksum is correct. - - inflate() returns Z_OK if some progress has been made (more input processed - or more output produced), Z_STREAM_END if the end of the compressed data has - been reached and all uncompressed output has been produced, Z_NEED_DICT if a - preset dictionary is needed at this point, Z_DATA_ERROR if the input data was - corrupted (input stream not conforming to the zlib format or incorrect - adler32 checksum), Z_STREAM_ERROR if the stream structure was inconsistent - (for example if next_in or next_out was NULL), Z_MEM_ERROR if there was not - enough memory, Z_BUF_ERROR if no progress is possible or if there was not - enough room in the output buffer when Z_FINISH is used. In the Z_DATA_ERROR - case, the application may then call inflateSync to look for a good - compression block. -*/ - - -ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm)); -/* - All dynamically allocated data structures for this stream are freed. - This function discards any unprocessed input and does not flush any - pending output. - - inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state - was inconsistent. In the error case, msg may be set but then points to a - static string (which must not be deallocated). -*/ - - /* Advanced functions */ - -/* - The following functions are needed only in some special applications. -*/ - -/* -ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm, - int level, - int method, - int windowBits, - int memLevel, - int strategy)); - - This is another version of deflateInit with more compression options. The - fields next_in, zalloc, zfree and opaque must be initialized before by - the caller. - - The method parameter is the compression method. It must be Z_DEFLATED in - this version of the library. - - The windowBits parameter is the base two logarithm of the window size - (the size of the history buffer). It should be in the range 8..15 for this - version of the library. Larger values of this parameter result in better - compression at the expense of memory usage. The default value is 15 if - deflateInit is used instead. - - The memLevel parameter specifies how much memory should be allocated - for the internal compression state. memLevel=1 uses minimum memory but - is slow and reduces compression ratio; memLevel=9 uses maximum memory - for optimal speed. The default value is 8. See zconf.h for total memory - usage as a function of windowBits and memLevel. - - The strategy parameter is used to tune the compression algorithm. Use the - value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a - filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no - string match). Filtered data consists mostly of small values with a - somewhat random distribution. In this case, the compression algorithm is - tuned to compress them better. The effect of Z_FILTERED is to force more - Huffman coding and less string matching; it is somewhat intermediate - between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects - the compression ratio but not the correctness of the compressed output even - if it is not set appropriately. - - deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough - memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid - method). msg is set to null if there is no error message. deflateInit2 does - not perform any compression: this will be done by deflate(). -*/ - -ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm, - const Bytef *dictionary, - uInt dictLength)); -/* - Initializes the compression dictionary from the given byte sequence - without producing any compressed output. This function must be called - immediately after deflateInit, deflateInit2 or deflateReset, before any - call of deflate. The compressor and decompressor must use exactly the same - dictionary (see inflateSetDictionary). - - The dictionary should consist of strings (byte sequences) that are likely - to be encountered later in the data to be compressed, with the most commonly - used strings preferably put towards the end of the dictionary. Using a - dictionary is most useful when the data to be compressed is short and can be - predicted with good accuracy; the data can then be compressed better than - with the default empty dictionary. - - Depending on the size of the compression data structures selected by - deflateInit or deflateInit2, a part of the dictionary may in effect be - discarded, for example if the dictionary is larger than the window size in - deflate or deflate2. Thus the strings most likely to be useful should be - put at the end of the dictionary, not at the front. - - Upon return of this function, strm->adler is set to the Adler32 value - of the dictionary; the decompressor may later use this value to determine - which dictionary has been used by the compressor. (The Adler32 value - applies to the whole dictionary even if only a subset of the dictionary is - actually used by the compressor.) - - deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a - parameter is invalid (such as NULL dictionary) or the stream state is - inconsistent (for example if deflate has already been called for this stream - or if the compression method is bsort). deflateSetDictionary does not - perform any compression: this will be done by deflate(). -*/ - -ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest, - z_streamp source)); -/* - Sets the destination stream as a complete copy of the source stream. - - This function can be useful when several compression strategies will be - tried, for example when there are several ways of pre-processing the input - data with a filter. The streams that will be discarded should then be freed - by calling deflateEnd. Note that deflateCopy duplicates the internal - compression state which can be quite large, so this strategy is slow and - can consume lots of memory. - - deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_STREAM_ERROR if the source stream state was inconsistent - (such as zalloc being NULL). msg is left unchanged in both source and - destination. -*/ - -ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm)); -/* - This function is equivalent to deflateEnd followed by deflateInit, - but does not free and reallocate all the internal compression state. - The stream will keep the same compression level and any other attributes - that may have been set by deflateInit2. - - deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source - stream state was inconsistent (such as zalloc or state being NULL). -*/ - -ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm, - int level, - int strategy)); -/* - Dynamically update the compression level and compression strategy. The - interpretation of level and strategy is as in deflateInit2. This can be - used to switch between compression and straight copy of the input data, or - to switch to a different kind of input data requiring a different - strategy. If the compression level is changed, the input available so far - is compressed with the old level (and may be flushed); the new level will - take effect only at the next call of deflate(). - - Before the call of deflateParams, the stream state must be set as for - a call of deflate(), since the currently available input may have to - be compressed and flushed. In particular, strm->avail_out must be non-zero. - - deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source - stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR - if strm->avail_out was zero. -*/ - -/* -ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, - int windowBits)); - - This is another version of inflateInit with an extra parameter. The - fields next_in, avail_in, zalloc, zfree and opaque must be initialized - before by the caller. - - The windowBits parameter is the base two logarithm of the maximum window - size (the size of the history buffer). It should be in the range 8..15 for - this version of the library. The default value is 15 if inflateInit is used - instead. If a compressed stream with a larger window size is given as - input, inflate() will return with the error code Z_DATA_ERROR instead of - trying to allocate a larger window. - - inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough - memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative - memLevel). msg is set to null if there is no error message. inflateInit2 - does not perform any decompression apart from reading the zlib header if - present: this will be done by inflate(). (So next_in and avail_in may be - modified, but next_out and avail_out are unchanged.) -*/ - -ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm, - const Bytef *dictionary, - uInt dictLength)); -/* - Initializes the decompression dictionary from the given uncompressed byte - sequence. This function must be called immediately after a call of inflate - if this call returned Z_NEED_DICT. The dictionary chosen by the compressor - can be determined from the Adler32 value returned by this call of - inflate. The compressor and decompressor must use exactly the same - dictionary (see deflateSetDictionary). - - inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a - parameter is invalid (such as NULL dictionary) or the stream state is - inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the - expected one (incorrect Adler32 value). inflateSetDictionary does not - perform any decompression: this will be done by subsequent calls of - inflate(). -*/ - -ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm)); -/* - Skips invalid compressed data until a full flush point (see above the - description of deflate with Z_FULL_FLUSH) can be found, or until all - available input is skipped. No output is provided. - - inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR - if no more input was provided, Z_DATA_ERROR if no flush point has been found, - or Z_STREAM_ERROR if the stream structure was inconsistent. In the success - case, the application may save the current current value of total_in which - indicates where valid compressed data was found. In the error case, the - application may repeatedly call inflateSync, providing more input each time, - until success or end of the input data. -*/ - -ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm)); -/* - This function is equivalent to inflateEnd followed by inflateInit, - but does not free and reallocate all the internal decompression state. - The stream will keep attributes that may have been set by inflateInit2. - - inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source - stream state was inconsistent (such as zalloc or state being NULL). -*/ - - - /* utility functions */ - -/* - The following utility functions are implemented on top of the - basic stream-oriented functions. To simplify the interface, some - default options are assumed (compression level and memory usage, - standard memory allocation functions). The source code of these - utility functions can easily be modified if you need special options. -*/ - -ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen, - const Bytef *source, uLong sourceLen)); -/* - Compresses the source buffer into the destination buffer. sourceLen is - the byte length of the source buffer. Upon entry, destLen is the total - size of the destination buffer, which must be at least 0.1% larger than - sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the - compressed buffer. - This function can be used to compress a whole file at once if the - input file is mmap'ed. - compress returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_BUF_ERROR if there was not enough room in the output - buffer. -*/ - -ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen, - const Bytef *source, uLong sourceLen, - int level)); -/* - Compresses the source buffer into the destination buffer. The level - parameter has the same meaning as in deflateInit. sourceLen is the byte - length of the source buffer. Upon entry, destLen is the total size of the - destination buffer, which must be at least 0.1% larger than sourceLen plus - 12 bytes. Upon exit, destLen is the actual size of the compressed buffer. - - compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough - memory, Z_BUF_ERROR if there was not enough room in the output buffer, - Z_STREAM_ERROR if the level parameter is invalid. -*/ - -ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen, - const Bytef *source, uLong sourceLen)); -/* - Decompresses the source buffer into the destination buffer. sourceLen is - the byte length of the source buffer. Upon entry, destLen is the total - size of the destination buffer, which must be large enough to hold the - entire uncompressed data. (The size of the uncompressed data must have - been saved previously by the compressor and transmitted to the decompressor - by some mechanism outside the scope of this compression library.) - Upon exit, destLen is the actual size of the compressed buffer. - This function can be used to decompress a whole file at once if the - input file is mmap'ed. - - uncompress returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_BUF_ERROR if there was not enough room in the output - buffer, or Z_DATA_ERROR if the input data was corrupted. -*/ - - -typedef voidp gzFile; - -ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode)); -/* - Opens a gzip (.gz) file for reading or writing. The mode parameter - is as in fopen ("rb" or "wb") but can also include a compression level - ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for - Huffman only compression as in "wb1h". (See the description - of deflateInit2 for more information about the strategy parameter.) - - gzopen can be used to read a file which is not in gzip format; in this - case gzread will directly read from the file without decompression. - - gzopen returns NULL if the file could not be opened or if there was - insufficient memory to allocate the (de)compression state; errno - can be checked to distinguish the two cases (if errno is zero, the - zlib error is Z_MEM_ERROR). */ - -ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode)); -/* - gzdopen() associates a gzFile with the file descriptor fd. File - descriptors are obtained from calls like open, dup, creat, pipe or - fileno (in the file has been previously opened with fopen). - The mode parameter is as in gzopen. - The next call of gzclose on the returned gzFile will also close the - file descriptor fd, just like fclose(fdopen(fd), mode) closes the file - descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode). - gzdopen returns NULL if there was insufficient memory to allocate - the (de)compression state. -*/ - -ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy)); -/* - Dynamically update the compression level or strategy. See the description - of deflateInit2 for the meaning of these parameters. - gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not - opened for writing. -*/ - -ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len)); -/* - Reads the given number of uncompressed bytes from the compressed file. - If the input file was not in gzip format, gzread copies the given number - of bytes into the buffer. - gzread returns the number of uncompressed bytes actually read (0 for - end of file, -1 for error). */ - -ZEXTERN int ZEXPORT gzwrite OF((gzFile file, - const voidp buf, unsigned len)); -/* - Writes the given number of uncompressed bytes into the compressed file. - gzwrite returns the number of uncompressed bytes actually written - (0 in case of error). -*/ - -ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)); -/* - Converts, formats, and writes the args to the compressed file under - control of the format string, as in fprintf. gzprintf returns the number of - uncompressed bytes actually written (0 in case of error). -*/ - -ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s)); -/* - Writes the given null-terminated string to the compressed file, excluding - the terminating null character. - gzputs returns the number of characters written, or -1 in case of error. -*/ - -ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len)); -/* - Reads bytes from the compressed file until len-1 characters are read, or - a newline character is read and transferred to buf, or an end-of-file - condition is encountered. The string is then terminated with a null - character. - gzgets returns buf, or Z_NULL in case of error. -*/ - -ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c)); -/* - Writes c, converted to an unsigned char, into the compressed file. - gzputc returns the value that was written, or -1 in case of error. -*/ - -ZEXTERN int ZEXPORT gzgetc OF((gzFile file)); -/* - Reads one byte from the compressed file. gzgetc returns this byte - or -1 in case of end of file or error. -*/ - -ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush)); -/* - Flushes all pending output into the compressed file. The parameter - flush is as in the deflate() function. The return value is the zlib - error number (see function gzerror below). gzflush returns Z_OK if - the flush parameter is Z_FINISH and all output could be flushed. - gzflush should be called only when strictly necessary because it can - degrade compression. -*/ - -ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file, - z_off_t offset, int whence)); -/* - Sets the starting position for the next gzread or gzwrite on the - given compressed file. The offset represents a number of bytes in the - uncompressed data stream. The whence parameter is defined as in lseek(2); - the value SEEK_END is not supported. - If the file is opened for reading, this function is emulated but can be - extremely slow. If the file is opened for writing, only forward seeks are - supported; gzseek then compresses a sequence of zeroes up to the new - starting position. - - gzseek returns the resulting offset location as measured in bytes from - the beginning of the uncompressed stream, or -1 in case of error, in - particular if the file is opened for writing and the new starting position - would be before the current position. -*/ - -ZEXTERN int ZEXPORT gzrewind OF((gzFile file)); -/* - Rewinds the given file. This function is supported only for reading. - - gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET) -*/ - -ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file)); -/* - Returns the starting position for the next gzread or gzwrite on the - given compressed file. This position represents a number of bytes in the - uncompressed data stream. - - gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR) -*/ - -ZEXTERN int ZEXPORT gzeof OF((gzFile file)); -/* - Returns 1 when EOF has previously been detected reading the given - input stream, otherwise zero. -*/ - -ZEXTERN int ZEXPORT gzclose OF((gzFile file)); -/* - Flushes all pending output if necessary, closes the compressed file - and deallocates all the (de)compression state. The return value is the zlib - error number (see function gzerror below). -*/ - -ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum)); -/* - Returns the error message for the last error which occurred on the - given compressed file. errnum is set to zlib error number. If an - error occurred in the file system and not in the compression library, - errnum is set to Z_ERRNO and the application may consult errno - to get the exact error code. -*/ - - /* checksum functions */ - -/* - These functions are not related to compression but are exported - anyway because they might be useful in applications using the - compression library. -*/ - -ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len)); - -/* - Update a running Adler-32 checksum with the bytes buf[0..len-1] and - return the updated checksum. If buf is NULL, this function returns - the required initial value for the checksum. - An Adler-32 checksum is almost as reliable as a CRC32 but can be computed - much faster. Usage example: - - uLong adler = adler32(0L, Z_NULL, 0); - - while (read_buffer(buffer, length) != EOF) { - adler = adler32(adler, buffer, length); - } - if (adler != original_adler) error(); -*/ - -ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len)); -/* - Update a running crc with the bytes buf[0..len-1] and return the updated - crc. If buf is NULL, this function returns the required initial value - for the crc. Pre- and post-conditioning (one's complement) is performed - within this function so it shouldn't be done by the application. - Usage example: - - uLong crc = crc32(0L, Z_NULL, 0); - - while (read_buffer(buffer, length) != EOF) { - crc = crc32(crc, buffer, length); - } - if (crc != original_crc) error(); -*/ - - - /* various hacks, don't look :) */ - -/* deflateInit and inflateInit are macros to allow checking the zlib version - * and the compiler's view of z_stream: - */ -ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level, - const char *version, int stream_size)); -ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm, - const char *version, int stream_size)); -ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method, - int windowBits, int memLevel, - int strategy, const char *version, - int stream_size)); -ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits, - const char *version, int stream_size)); -#define deflateInit(strm, level) \ - deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream)) -#define inflateInit(strm) \ - inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream)) -#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ - deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\ - (strategy), ZLIB_VERSION, sizeof(z_stream)) -#define inflateInit2(strm, windowBits) \ - inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream)) - - -#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL) - struct internal_state {int dummy;}; /* hack for buggy compilers */ -#endif - -ZEXTERN const char * ZEXPORT zError OF((int err)); -ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z)); -ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void)); - -#ifdef __cplusplus -} -#endif - -#endif /* _ZLIB_H */ diff --git a/linux/include/zlib/zutil.h b/linux/include/zlib/zutil.h deleted file mode 100644 index 6214815c6..000000000 --- a/linux/include/zlib/zutil.h +++ /dev/null @@ -1,225 +0,0 @@ -/* zutil.h -- internal interface and configuration of the compression library - * Copyright (C) 1995-2002 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -/* @(#) $Id: zutil.h,v 1.1 2004/03/15 20:35:25 as Exp $ */ - -#ifndef _Z_UTIL_H -#define _Z_UTIL_H - -#include "zlib.h" - -#include -#define HAVE_MEMCPY - -#if 0 // #ifdef STDC -# include -# include -# include -#endif -#ifndef __KERNEL__ -#ifdef NO_ERRNO_H - extern int errno; -#else -# include -#endif -#endif - -#ifndef local -# define local static -#endif -/* compile with -Dlocal if your debugger can't find static symbols */ - -typedef unsigned char uch; -typedef uch FAR uchf; -typedef unsigned short ush; -typedef ush FAR ushf; -typedef unsigned long ulg; - -extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */ -/* (size given to avoid silly warnings with Visual C++) */ - -#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)] - -#define ERR_RETURN(strm,err) \ - return (strm->msg = ERR_MSG(err), (err)) -/* To be used only when the state is known to be valid */ - - /* common constants */ - -#ifndef DEF_WBITS -# define DEF_WBITS MAX_WBITS -#endif -/* default windowBits for decompression. MAX_WBITS is for compression only */ - -#if MAX_MEM_LEVEL >= 8 -# define DEF_MEM_LEVEL 8 -#else -# define DEF_MEM_LEVEL MAX_MEM_LEVEL -#endif -/* default memLevel */ - -#define STORED_BLOCK 0 -#define STATIC_TREES 1 -#define DYN_TREES 2 -/* The three kinds of block type */ - -#define MIN_MATCH 3 -#define MAX_MATCH 258 -/* The minimum and maximum match lengths */ - -#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */ - - /* target dependencies */ - -#ifdef MSDOS -# define OS_CODE 0x00 -# if defined(__TURBOC__) || defined(__BORLANDC__) -# if(__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__)) - /* Allow compilation with ANSI keywords only enabled */ - void _Cdecl farfree( void *block ); - void *_Cdecl farmalloc( unsigned long nbytes ); -# else -# include -# endif -# else /* MSC or DJGPP */ -# include -# endif -#endif - -#ifdef OS2 -# define OS_CODE 0x06 -#endif - -#ifdef WIN32 /* Window 95 & Windows NT */ -# define OS_CODE 0x0b -#endif - -#if defined(VAXC) || defined(VMS) -# define OS_CODE 0x02 -# define F_OPEN(name, mode) \ - fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512") -#endif - -#ifdef AMIGA -# define OS_CODE 0x01 -#endif - -#if defined(ATARI) || defined(atarist) -# define OS_CODE 0x05 -#endif - -#if defined(MACOS) || defined(TARGET_OS_MAC) -# define OS_CODE 0x07 -# if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os -# include /* for fdopen */ -# else -# ifndef fdopen -# define fdopen(fd,mode) NULL /* No fdopen() */ -# endif -# endif -#endif - -#ifdef __50SERIES /* Prime/PRIMOS */ -# define OS_CODE 0x0F -#endif - -#ifdef TOPS20 -# define OS_CODE 0x0a -#endif - -#if defined(_BEOS_) || defined(RISCOS) -# define fdopen(fd,mode) NULL /* No fdopen() */ -#endif - -#if (defined(_MSC_VER) && (_MSC_VER > 600)) -# define fdopen(fd,type) _fdopen(fd,type) -#endif - - - /* Common defaults */ - -#ifndef OS_CODE -# define OS_CODE 0x03 /* assume Unix */ -#endif - -#ifndef F_OPEN -# define F_OPEN(name, mode) fopen((name), (mode)) -#endif - - /* functions */ - -#ifdef HAVE_STRERROR - extern char *strerror OF((int)); -# define zstrerror(errnum) strerror(errnum) -#else -# define zstrerror(errnum) "" -#endif - -#if defined(pyr) -# define NO_MEMCPY -#endif -#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__) - /* Use our own functions for small and medium model with MSC <= 5.0. - * You may have to use the same strategy for Borland C (untested). - * The __SC__ check is for Symantec. - */ -# define NO_MEMCPY -#endif -#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY) -# define HAVE_MEMCPY -#endif -#ifdef HAVE_MEMCPY -# ifdef SMALL_MEDIUM /* MSDOS small or medium model */ -# define zmemcpy _fmemcpy -# define zmemcmp _fmemcmp -# define zmemzero(dest, len) _fmemset(dest, 0, len) -# else -# define zmemcpy memcpy -# define zmemcmp memcmp -# define zmemzero(dest, len) memset(dest, 0, len) -# endif -#else - extern void zmemcpy OF((Bytef* dest, const Bytef* source, uInt len)); - extern int zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len)); - extern void zmemzero OF((Bytef* dest, uInt len)); -#endif - -/* Diagnostic functions */ -#ifdef DEBUG -# include - extern int z_verbose; - extern void z_error OF((char *m)); -# define Assert(cond,msg) {if(!(cond)) z_error(msg);} -# define Trace(x) {if (z_verbose>=0) fprintf x ;} -# define Tracev(x) {if (z_verbose>0) fprintf x ;} -# define Tracevv(x) {if (z_verbose>1) fprintf x ;} -# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;} -# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;} -#else -# define Assert(cond,msg) -# define Trace(x) -# define Tracev(x) -# define Tracevv(x) -# define Tracec(c,x) -# define Tracecv(c,x) -#endif - - -typedef uLong (ZEXPORT *check_func) OF((uLong check, const Bytef *buf, - uInt len)); -voidpf zcalloc OF((voidpf opaque, unsigned items, unsigned size)); -void zcfree OF((voidpf opaque, voidpf ptr)); - -#define ZALLOC(strm, items, size) \ - (*((strm)->zalloc))((strm)->opaque, (items), (size)) -#define ZFREE(strm, addr) (*((strm)->zfree))((strm)->opaque, (voidpf)(addr)) -#define TRY_FREE(s, p) {if (p) ZFREE(s, p);} - -#endif /* _Z_UTIL_H */ diff --git a/linux/lib/libfreeswan/Makefile.objs b/linux/lib/libfreeswan/Makefile.objs deleted file mode 100644 index 41a89dba9..000000000 --- a/linux/lib/libfreeswan/Makefile.objs +++ /dev/null @@ -1,18 +0,0 @@ -obj-y += ultoa.o -obj-y += addrtoa.o -obj-y += subnettoa.o -obj-y += subnetof.o -obj-y += goodmask.o -obj-y += datatot.o -obj-y += rangetoa.o -obj-y += satoa.o -obj-y += prng.o -obj-y += pfkey_v2_parse.o -obj-y += pfkey_v2_build.o -obj-y += pfkey_v2_debug.o -obj-y += pfkey_v2_ext_bits.o -obj-y += version.o - - -version.c: ${LIBFREESWANDIR}/version.in.c ${FREESWANSRCDIR}/Makefile.ver - sed '/"/s/xxx/$(IPSECVERSION)/' ${LIBFREESWANDIR}/version.in.c >$@ diff --git a/linux/lib/libfreeswan/addrtoa.c b/linux/lib/libfreeswan/addrtoa.c deleted file mode 100644 index b1cc038ed..000000000 --- a/linux/lib/libfreeswan/addrtoa.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * addresses to ASCII - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: addrtoa.c,v 1.1 2004/03/15 20:35:25 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -#define NBYTES 4 /* bytes in an address */ -#define PERBYTE 4 /* three digits plus a dot or NUL */ -#define BUFLEN (NBYTES*PERBYTE) - -#if BUFLEN != ADDRTOA_BUF -#error "ADDRTOA_BUF in freeswan.h inconsistent with addrtoa() code" -#endif - -/* - - addrtoa - convert binary address to ASCII dotted decimal - */ -size_t /* space needed for full conversion */ -addrtoa(addr, format, dst, dstlen) -struct in_addr addr; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - unsigned long a = ntohl(addr.s_addr); - int i; - size_t n; - unsigned long byte; - char buf[BUFLEN]; - char *p; - - switch (format) { - case 0: - break; - default: - return 0; - break; - } - - p = buf; - for (i = NBYTES-1; i >= 0; i--) { - byte = (a >> (i*8)) & 0xff; - p += ultoa(byte, 10, p, PERBYTE); - if (i != 0) - *(p-1) = '.'; - } - n = p - buf; - - if (dstlen > 0) { - if (n > dstlen) - buf[dstlen - 1] = '\0'; - strcpy(dst, buf); - } - return n; -} diff --git a/linux/lib/libfreeswan/addrtot.c b/linux/lib/libfreeswan/addrtot.c deleted file mode 100644 index f229789f0..000000000 --- a/linux/lib/libfreeswan/addrtot.c +++ /dev/null @@ -1,302 +0,0 @@ -/* - * addresses to text - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: addrtot.c,v 1.1 2004/03/15 20:35:25 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -#define IP4BYTES 4 /* bytes in an IPv4 address */ -#define PERBYTE 4 /* three digits plus a dot or NUL */ -#define IP6BYTES 16 /* bytes in an IPv6 address */ - -/* forwards */ -static size_t normal4(const unsigned char *s, size_t len, char *b, char **dp); -static size_t normal6(const unsigned char *s, size_t len, char *b, char **dp, int squish); -static size_t reverse4(const unsigned char *s, size_t len, char *b, char **dp); -static size_t reverse6(const unsigned char *s, size_t len, char *b, char **dp); - -/* - - addrtot - convert binary address to text (dotted decimal or IPv6 string) - */ -size_t /* space needed for full conversion */ -addrtot(src, format, dst, dstlen) -const ip_address *src; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - const unsigned char *b; - size_t n; - char buf[1+ADDRTOT_BUF+1]; /* :address: */ - char *p; - int t = addrtypeof(src); -# define TF(t, f) (((t)<<8) | (f)) - - n = addrbytesptr(src, &b); - if (n == 0) - return 0; - - switch (TF(t, format)) { - case TF(AF_INET, 0): - n = normal4(b, n, buf, &p); - break; - case TF(AF_INET6, 0): - n = normal6(b, n, buf, &p, 1); - break; - case TF(AF_INET, 'Q'): - n = normal4(b, n, buf, &p); - break; - case TF(AF_INET6, 'Q'): - n = normal6(b, n, buf, &p, 0); - break; - case TF(AF_INET, 'r'): - n = reverse4(b, n, buf, &p); - break; - case TF(AF_INET6, 'r'): - n = reverse6(b, n, buf, &p); - break; - default: /* including (AF_INET, 'R') */ - return 0; - break; - } - - if (dstlen > 0) { - if (dstlen < n) - p[dstlen - 1] = '\0'; - strcpy(dst, p); - } - return n; -} - -/* - - normal4 - normal IPv4 address-text conversion - */ -static size_t /* size of text, including NUL */ -normal4(srcp, srclen, buf, dstp) -const unsigned char *srcp; -size_t srclen; -char *buf; /* guaranteed large enough */ -char **dstp; /* where to put result pointer */ -{ - int i; - char *p; - - if (srclen != IP4BYTES) /* "can't happen" */ - return 0; - p = buf; - for (i = 0; i < IP4BYTES; i++) { - p += ultot(srcp[i], 10, p, PERBYTE); - if (i != IP4BYTES - 1) - *(p-1) = '.'; /* overwrites the NUL */ - } - *dstp = buf; - return p - buf; -} - -/* - - normal6 - normal IPv6 address-text conversion - */ -static size_t /* size of text, including NUL */ -normal6(srcp, srclen, buf, dstp, squish) -const unsigned char *srcp; -size_t srclen; -char *buf; /* guaranteed large enough, plus 2 */ -char **dstp; /* where to put result pointer */ -int squish; /* whether to squish out 0:0 */ -{ - int i; - unsigned long piece; - char *p; - char *q; - - if (srclen != IP6BYTES) /* "can't happen" */ - return 0; - p = buf; - *p++ = ':'; - for (i = 0; i < IP6BYTES/2; i++) { - piece = (srcp[2*i] << 8) + srcp[2*i + 1]; - p += ultot(piece, 16, p, 5); /* 5 = abcd + NUL */ - *(p-1) = ':'; /* overwrites the NUL */ - } - *p = '\0'; - q = strstr(buf, ":0:0:"); - if (squish && q != NULL) { /* zero squishing is possible */ - p = q + 1; - while (*p == '0' && *(p+1) == ':') - p += 2; - q++; - *q++ = ':'; /* overwrite first 0 */ - while (*p != '\0') - *q++ = *p++; - *q = '\0'; - if (!(*(q-1) == ':' && *(q-2) == ':')) - *--q = '\0'; /* strip final : unless :: */ - p = buf; - if (!(*p == ':' && *(p+1) == ':')) - p++; /* skip initial : unless :: */ - } else { - q = p; - *--q = '\0'; /* strip final : */ - p = buf + 1; /* skip initial : */ - } - *dstp = p; - return q - p + 1; -} - -/* - - reverse4 - IPv4 reverse-lookup conversion - */ -static size_t /* size of text, including NUL */ -reverse4(srcp, srclen, buf, dstp) -const unsigned char *srcp; -size_t srclen; -char *buf; /* guaranteed large enough */ -char **dstp; /* where to put result pointer */ -{ - int i; - char *p; - - if (srclen != IP4BYTES) /* "can't happen" */ - return 0; - p = buf; - for (i = IP4BYTES-1; i >= 0; i--) { - p += ultot(srcp[i], 10, p, PERBYTE); - *(p-1) = '.'; /* overwrites the NUL */ - } - strcpy(p, "IN-ADDR.ARPA."); - *dstp = buf; - return strlen(buf) + 1; -} - -/* - - reverse6 - IPv6 reverse-lookup conversion (RFC 1886) - * A trifle inefficient, really shouldn't use ultot... - */ -static size_t /* size of text, including NUL */ -reverse6(srcp, srclen, buf, dstp) -const unsigned char *srcp; -size_t srclen; -char *buf; /* guaranteed large enough */ -char **dstp; /* where to put result pointer */ -{ - int i; - unsigned long piece; - char *p; - - if (srclen != IP6BYTES) /* "can't happen" */ - return 0; - p = buf; - for (i = IP6BYTES-1; i >= 0; i--) { - piece = srcp[i]; - p += ultot(piece&0xf, 16, p, 2); - *(p-1) = '.'; - p += ultot(piece>>4, 16, p, 2); - *(p-1) = '.'; - } - strcpy(p, "IP6.ARPA."); - *dstp = buf; - return strlen(buf) + 1; -} - -/* - - reverse6 - modern IPv6 reverse-lookup conversion (RFC 2874) - * this version removed as it was obsoleted in the end. - */ - -#ifdef ADDRTOT_MAIN - -#include -#include -#include -#include - -void regress(void); - -int -main(int argc, char *argv[]) -{ - if (argc < 2) { - fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n", - argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - exit(0); -} - -struct rtab { - char *input; - char format; - char *output; /* NULL means error expected */ -} rtab[] = { - {"1.2.3.0", 0, "1.2.3.0"}, - {"1:2::3:4", 0, "1:2::3:4"}, - {"1:2::3:4", 'Q', "1:2:0:0:0:0:3:4"}, - {"1:2:0:0:3:4:0:0", 0, "1:2::3:4:0:0"}, - {"1.2.3.4", 'r' , "4.3.2.1.IN-ADDR.ARPA."}, - /* 0 1 2 3 4 5 6 7 8 9 a b c d e f 0 1 2 3 4 5 6 7 8 9 a b c d e f */ - {"1:2::3:4", 'r', "4.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.0.0.IP6.ARPA."}, - {NULL, 0, NULL} -}; - -void -regress() -{ - struct rtab *r; - int status = 0; - ip_address a; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - - for (r = rtab; r->input != NULL; r++) { - strcpy(in, r->input); - - /* convert it *to* internal format */ - oops = ttoaddr(in, strlen(in), 0, &a); - - /* now convert it back */ - - n = addrtot(&a, r->format, buf, sizeof(buf)); - - if (n == 0 && r->output == NULL) - {} /* okay, error expected */ - - else if (n == 0) { - printf("`%s' atoasr failed\n", r->input); - status = 1; - - } else if (r->output == NULL) { - printf("`%s' atoasr succeeded unexpectedly '%c'\n", - r->input, r->format); - status = 1; - } else { - if (strcasecmp(r->output, buf) != 0) { - printf("`%s' '%c' gave `%s', expected `%s'\n", - r->input, r->format, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* ADDRTOT_MAIN */ diff --git a/linux/lib/libfreeswan/addrtypeof.c b/linux/lib/libfreeswan/addrtypeof.c deleted file mode 100644 index e63509911..000000000 --- a/linux/lib/libfreeswan/addrtypeof.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * extract parts of an ip_address - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: addrtypeof.c,v 1.1 2004/03/15 20:35:25 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - addrtypeof - get the type of an ip_address - */ -int -addrtypeof(src) -const ip_address *src; -{ - return src->u.v4.sin_family; -} - -/* - - addrbytesptr - get pointer to the address bytes of an ip_address - */ -size_t /* 0 for error */ -addrbytesptr(src, dstp) -const ip_address *src; -const unsigned char **dstp; /* NULL means just a size query */ -{ - const unsigned char *p; - size_t n; - - switch (src->u.v4.sin_family) { - case AF_INET: - p = (const unsigned char *)&src->u.v4.sin_addr.s_addr; - n = 4; - break; - case AF_INET6: - p = (const unsigned char *)&src->u.v6.sin6_addr; - n = 16; - break; - default: - return 0; - break; - } - - if (dstp != NULL) - *dstp = p; - return n; -} - -/* - - addrlenof - get length of the address bytes of an ip_address - */ -size_t /* 0 for error */ -addrlenof(src) -const ip_address *src; -{ - return addrbytesptr(src, NULL); -} - -/* - - addrbytesof - get the address bytes of an ip_address - */ -size_t /* 0 for error */ -addrbytesof(src, dst, dstlen) -const ip_address *src; -unsigned char *dst; -size_t dstlen; -{ - const unsigned char *p; - size_t n; - size_t ncopy; - - n = addrbytesptr(src, &p); - if (n == 0) - return 0; - - if (dstlen > 0) { - ncopy = n; - if (ncopy > dstlen) - ncopy = dstlen; - memcpy(dst, p, ncopy); - } - return n; -} diff --git a/linux/lib/libfreeswan/anyaddr.3 b/linux/lib/libfreeswan/anyaddr.3 deleted file mode 100644 index 4594a9ff9..000000000 --- a/linux/lib/libfreeswan/anyaddr.3 +++ /dev/null @@ -1,87 +0,0 @@ -.TH IPSEC_ANYADDR 3 "8 Sept 2000" -.\" RCSID $Id: anyaddr.3,v 1.1 2004/03/15 20:35:25 as Exp $ -.SH NAME -ipsec anyaddr \- get "any" address -.br -ipsec isanyaddr \- test address for equality to "any" address -.br -ipsec unspecaddr \- get "unspecified" address -.br -ipsec isunspecaddr \- test address for equality to "unspecified" address -.br -ipsec loopbackaddr \- get loopback address -.br -ipsec isloopbackaddr \- test address for equality to loopback address -.SH SYNOPSIS -.B "#include -.sp -.B "const char *anyaddr(int af, ip_address *dst);" -.br -.B "int isanyaddr(const ip_address *src);" -.br -.B "const char *unspecaddr(int af, ip_address *dst);" -.br -.B "int isunspecaddr(const ip_address *src);" -.br -.B "const char *loopbackaddr(int af, ip_address *dst);" -.br -.B "int isloopbackaddr(const ip_address *src);" -.SH DESCRIPTION -These functions fill in, and test for, special values of the -.I ip_address -type. -.PP -.I Anyaddr -fills in the destination -.I *dst -with the ``any'' address of address family -.IR af -(normally -.B AF_INET -or -.BR AF_INET6 ). -The IPv4 ``any'' address is the one embodied in the old -.B INADDR_ANY -macro. -.PP -.I Isanyaddr -returns -.B 1 -if the -.I src -address equals the ``any'' address, -and -.B 0 -otherwise. -.PP -Similarly, -.I unspecaddr -supplies, and -.I isunspecaddr -tests for, -the ``unspecified'' address, -which may be the same as the ``any'' address. -.PP -Similarly, -.I loopbackaddr -supplies, and -.I islookbackaddr -tests for, -the loopback address. -.PP -.IR Anyaddr , -.IR unspecaddr , -and -.I loopbackaddr -return -.B NULL -for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.SH SEE ALSO -inet(3), ipsec_addrtot(3), ipsec_sameaddr(3) -.SH DIAGNOSTICS -Fatal errors in the address-supplying functions are: -unknown address family. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. diff --git a/linux/lib/libfreeswan/anyaddr.c b/linux/lib/libfreeswan/anyaddr.c deleted file mode 100644 index 08aae6334..000000000 --- a/linux/lib/libfreeswan/anyaddr.c +++ /dev/null @@ -1,146 +0,0 @@ -/* - * special addresses - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: anyaddr.c,v 1.1 2004/03/15 20:35:25 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* these are mostly fallbacks for the no-IPv6-support-in-library case */ -#ifndef IN6ADDR_ANY_INIT -#define IN6ADDR_ANY_INIT {{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 }} -#endif -#ifndef IN6ADDR_LOOPBACK_INIT -#define IN6ADDR_LOOPBACK_INIT {{ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 }} -#endif - -static struct in6_addr v6any = IN6ADDR_ANY_INIT; -static struct in6_addr v6loop = IN6ADDR_LOOPBACK_INIT; - -/* - - anyaddr - initialize to the any-address value - */ -err_t /* NULL for success, else string literal */ -anyaddr(af, dst) -int af; /* address family */ -ip_address *dst; -{ - uint32_t v4any = htonl(INADDR_ANY); - - switch (af) { - case AF_INET: - return initaddr((unsigned char *)&v4any, sizeof(v4any), af, dst); - break; - case AF_INET6: - return initaddr((unsigned char *)&v6any, sizeof(v6any), af, dst); - break; - default: - return "unknown address family in anyaddr/unspecaddr"; - break; - } -} - -/* - - unspecaddr - initialize to the unspecified-address value - */ -err_t /* NULL for success, else string literal */ -unspecaddr(af, dst) -int af; /* address family */ -ip_address *dst; -{ - return anyaddr(af, dst); -} - -/* - - loopbackaddr - initialize to the loopback-address value - */ -err_t /* NULL for success, else string literal */ -loopbackaddr(af, dst) -int af; /* address family */ -ip_address *dst; -{ - uint32_t v4loop = htonl(INADDR_LOOPBACK); - - switch (af) { - case AF_INET: - return initaddr((unsigned char *)&v4loop, sizeof(v4loop), af, dst); - break; - case AF_INET6: - return initaddr((unsigned char *)&v6loop, sizeof(v6loop), af, dst); - break; - default: - return "unknown address family in loopbackaddr"; - break; - } -} - -/* - - isanyaddr - test for the any-address value - */ -int -isanyaddr(src) -const ip_address *src; -{ - uint32_t v4any = htonl(INADDR_ANY); - int cmp; - - switch (src->u.v4.sin_family) { - case AF_INET: - cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4any, sizeof(v4any)); - break; - case AF_INET6: - cmp = memcmp(&src->u.v6.sin6_addr, &v6any, sizeof(v6any)); - break; - default: - return 0; - break; - } - - return (cmp == 0) ? 1 : 0; -} - -/* - - isunspecaddr - test for the unspecified-address value - */ -int -isunspecaddr(src) -const ip_address *src; -{ - return isanyaddr(src); -} - -/* - - isloopbackaddr - test for the loopback-address value - */ -int -isloopbackaddr(src) -const ip_address *src; -{ - uint32_t v4loop = htonl(INADDR_LOOPBACK); - int cmp; - - switch (src->u.v4.sin_family) { - case AF_INET: - cmp = memcmp(&src->u.v4.sin_addr.s_addr, &v4loop, sizeof(v4loop)); - break; - case AF_INET6: - cmp = memcmp(&src->u.v6.sin6_addr, &v6loop, sizeof(v6loop)); - break; - default: - return 0; - break; - } - - return (cmp == 0) ? 1 : 0; -} diff --git a/linux/lib/libfreeswan/atoaddr.3 b/linux/lib/libfreeswan/atoaddr.3 deleted file mode 100644 index a7dc8dca3..000000000 --- a/linux/lib/libfreeswan/atoaddr.3 +++ /dev/null @@ -1,294 +0,0 @@ -.TH IPSEC_ATOADDR 3 "11 June 2001" -.\" RCSID $Id: atoaddr.3,v 1.1 2004/03/15 20:35:25 as Exp $ -.SH NAME -ipsec atoaddr, addrtoa \- convert Internet addresses to and from ASCII -.br -ipsec atosubnet, subnettoa \- convert subnet/mask ASCII form to and from addresses -.SH SYNOPSIS -.B "#include -.sp -.B "const char *atoaddr(const char *src, size_t srclen," -.ti +1c -.B "struct in_addr *addr);" -.br -.B "size_t addrtoa(struct in_addr addr, int format," -.ti +1c -.B "char *dst, size_t dstlen);" -.sp -.B "const char *atosubnet(const char *src, size_t srclen," -.ti +1c -.B "struct in_addr *addr, struct in_addr *mask);" -.br -.B "size_t subnettoa(struct in_addr addr, struct in_addr mask," -.ti +1c -.B "int format, char *dst, size_t dstlen);" -.SH DESCRIPTION -These functions are obsolete; see -.IR ipsec_ttoaddr (3) -for their replacements. -.PP -.I Atoaddr -converts an ASCII name or dotted-decimal address into a binary address -(in network byte order). -.I Addrtoa -does the reverse conversion, back to an ASCII dotted-decimal address. -.I Atosubnet -and -.I subnettoa -do likewise for the ``address/mask'' ASCII form used to write a -specification of a subnet. -.PP -An address is specified in ASCII as a -dotted-decimal address (e.g. -.BR 1.2.3.4 ), -an eight-digit network-order hexadecimal number with the usual C prefix (e.g. -.BR 0x01020304 , -which is synonymous with -.BR 1.2.3.4 ), -an eight-digit host-order hexadecimal number with a -.B 0h -prefix (e.g. -.BR 0h01020304 , -which is synonymous with -.B 1.2.3.4 -on a big-endian host and -.B 4.3.2.1 -on a little-endian host), -a DNS name to be looked up via -.IR gethostbyname (3), -or an old-style network name to be looked up via -.IR getnetbyname (3). -.PP -A dotted-decimal address may be incomplete, in which case -ASCII-to-binary conversion implicitly appends -as many instances of -.B .0 -as necessary to bring it up to four components. -The components of a dotted-decimal address are always taken as -decimal, and leading zeros are ignored. -For example, -.B 10 -is synonymous with -.BR 10.0.0.0 , -and -.B 128.009.000.032 -is synonymous with -.BR 128.9.0.32 -(the latter example is verbatim from RFC 1166). -The result of -.I addrtoa -is always complete and does not contain leading zeros. -.PP -The letters in -a hexadecimal address may be uppercase or lowercase or any mixture thereof. -Use of hexadecimal addresses is -.B strongly -.BR discouraged ; -they are included only to save hassles when dealing with -the handful of perverted programs which already print -network addresses in hexadecimal. -.PP -DNS names may be complete (optionally terminated with a ``.'') -or incomplete, and are looked up as specified by local system configuration -(see -.IR resolver (5)). -The -.I h_addr -value returned by -.IR gethostbyname (3) -is used, -so with current DNS implementations, -the result when the name corresponds to more than one address is -difficult to predict. -Name lookup resorts to -.IR getnetbyname (3) -only if -.IR gethostbyname (3) -fails. -.PP -A subnet specification is of the form \fInetwork\fB/\fImask\fR. -The -.I network -and -.I mask -can be any form acceptable to -.IR atoaddr . -In addition, the -.I mask -can be a decimal integer (leading zeros ignored) giving a bit count, -in which case -it stands for a mask with that number of high bits on and all others off -(e.g., -.B 24 -means -.BR 255.255.255.0 ). -In any case, the mask must be contiguous -(a sequence of high bits on and all remaining low bits off). -As a special case, the subnet specification -.B %default -is a synonym for -.BR 0.0.0.0/0 . -.PP -.I Atosubnet -ANDs the mask with the address before returning, -so that any non-network bits in the address are turned off -(e.g., -.B 10.1.2.3/24 -is synonymous with -.BR 10.1.2.0/24 ). -.I Subnettoa -generates the decimal-integer-bit-count -form of the mask, -with no leading zeros, -unless the mask is non-contiguous. -.PP -The -.I srclen -parameter of -.I atoaddr -and -.I atosubnet -specifies the length of the ASCII string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I dstlen -parameter of -.I addrtoa -and -.I subnettoa -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines constants, -.B ADDRTOA_BUF -and -.BR SUBNETTOA_BUF , -which are the sizes of buffers just large enough for worst-case results. -.PP -The -.I format -parameter of -.I addrtoa -and -.I subnettoa -specifies what format is to be used for the conversion. -The value -.B 0 -(not the ASCII character -.BR '0' , -but a zero value) -specifies a reasonable default, -and is in fact the only format currently available. -This parameter is a hedge against future needs. -.PP -The ASCII-to-binary functions return NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -The binary-to-ASCII functions return -.B 0 -for a failure, and otherwise -always return the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.SH SEE ALSO -inet(3) -.SH DIAGNOSTICS -Fatal errors in -.I atoaddr -are: -empty input; -attempt to allocate temporary storage for a very long name failed; -name lookup failed; -syntax error in dotted-decimal form; -dotted-decimal component too large to fit in 8 bits. -.PP -Fatal errors in -.I atosubnet -are: -no -.B / -in -.IR src ; -.I atoaddr -error in conversion of -.I network -or -.IR mask ; -bit-count mask too big; -mask non-contiguous. -.PP -Fatal errors in -.I addrtoa -and -.I subnettoa -are: -unknown format. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The interpretation of incomplete dotted-decimal addresses -(e.g. -.B 10/24 -means -.BR 10.0.0.0/24 ) -differs from that of some older conversion -functions, e.g. those of -.IR inet (3). -The behavior of the older functions has never been -particularly consistent or particularly useful. -.PP -Ignoring leading zeros in dotted-decimal components and bit counts -is arguably the most useful behavior in this application, -but it might occasionally cause confusion with the historical use of leading -zeros to denote octal numbers. -.PP -It is barely possible that somebody, somewhere, -might have a legitimate use for non-contiguous subnet masks. -.PP -.IR Getnetbyname (3) -is a historical dreg. -.PP -The restriction of ASCII-to-binary error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The ASCII-to-binary error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = atoaddr( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/linux/lib/libfreeswan/atoaddr.c b/linux/lib/libfreeswan/atoaddr.c deleted file mode 100644 index 0c787b10d..000000000 --- a/linux/lib/libfreeswan/atoaddr.c +++ /dev/null @@ -1,238 +0,0 @@ -/* - * conversion from ASCII forms of addresses to internal ones - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: atoaddr.c,v 1.1 2004/03/15 20:35:25 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - * Define NOLEADINGZEROS to interpret 032 as an error, not as 32. There - * is deliberately no way to interpret it as 26 (i.e., as octal). - */ - -/* - * Legal characters in a domain name. Underscore technically is not, - * but is a common misunderstanding. - */ -static const char namechars[] = "abcdefghijklmnopqrstuvwxyz0123456789" - "ABCDEFGHIJKLMNOPQRSTUVWXYZ-_."; - -static const char *try8hex(const char *, size_t, struct in_addr *); -static const char *try8hosthex(const char *, size_t, struct in_addr *); -static const char *trydotted(const char *, size_t, struct in_addr *); -static const char *getbyte(const char **, const char *, int *); - -/* - - atoaddr - convert ASCII name or dotted-decimal address to binary address - */ -const char * /* NULL for success, else string literal */ -atoaddr(src, srclen, addrp) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -struct in_addr *addrp; -{ - struct hostent *h; - struct netent *ne = NULL; - const char *oops; -# define HEXLEN 10 /* strlen("0x11223344") */ -# ifndef ATOADDRBUF -# define ATOADDRBUF 100 -# endif - char namebuf[ATOADDRBUF]; - char *p = namebuf; - char *q; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - /* might it be hex? */ - if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'x')) - return try8hex(src+2, srclen-2, addrp); - if (srclen == HEXLEN && *src == '0' && CIEQ(*(src+1), 'h')) - return try8hosthex(src+2, srclen-2, addrp); - - /* try it as dotted decimal */ - oops = trydotted(src, srclen, addrp); - if (oops == NULL) - return NULL; /* it worked */ - if (*oops != '?') - return oops; /* it *was* probably meant as a d.q. */ - - /* try it as a name -- first, NUL-terminate it */ - if (srclen > sizeof(namebuf)-1) { - p = (char *) MALLOC(srclen+1); - if (p == NULL) - return "unable to allocate temporary space for name"; - } - p[0] = '\0'; - strncat(p, src, srclen); - - /* next, check that it's a vaguely legal name */ - for (q = p; *q != '\0'; q++) - if (!isprint(*q)) - return "unprintable character in name"; - if (strspn(p, namechars) != srclen) - return "illegal (non-DNS-name) character in name"; - - /* try as host name, failing that as /etc/networks network name */ - h = gethostbyname(p); - if (h == NULL) - ne = getnetbyname(p); - if (p != namebuf) - FREE(p); - if (h == NULL && ne == NULL) - return "name lookup failed"; - - if (h != NULL) - memcpy(&addrp->s_addr, h->h_addr, sizeof(addrp->s_addr)); - else - addrp->s_addr = htonl(ne->n_net); - return NULL; -} - -/* - - try8hosthex - try conversion as an eight-digit host-order hex number - */ -const char * /* NULL for success, else string literal */ -try8hosthex(src, srclen, addrp) -const char *src; -size_t srclen; /* should be 8 */ -struct in_addr *addrp; -{ - const char *oops; - unsigned long addr; - - if (srclen != 8) - return "internal error, try8hex called with bad length"; - - oops = atoul(src, srclen, 16, &addr); - if (oops != NULL) - return oops; - - addrp->s_addr = addr; - return NULL; -} - -/* - - try8hex - try conversion as an eight-digit network-order hex number - */ -const char * /* NULL for success, else string literal */ -try8hex(src, srclen, addrp) -const char *src; -size_t srclen; /* should be 8 */ -struct in_addr *addrp; -{ - const char *oops; - - oops = try8hosthex(src, srclen, addrp); - if (oops != NULL) - return oops; - - addrp->s_addr = htonl(addrp->s_addr); - return NULL; -} - -/* - - trydotted - try conversion as dotted decimal - * - * If the first char of a complaint is '?', that means "didn't look like - * dotted decimal at all". - */ -const char * /* NULL for success, else string literal */ -trydotted(src, srclen, addrp) -const char *src; -size_t srclen; -struct in_addr *addrp; -{ - const char *stop = src + srclen; /* just past end */ - int byte; - const char *oops; - unsigned long addr; - int i; -# define NBYTES 4 -# define BYTE 8 - - addr = 0; - for (i = 0; i < NBYTES && src < stop; i++) { - oops = getbyte(&src, stop, &byte); - if (oops != NULL) { - if (*oops != '?') - return oops; /* bad number */ - if (i > 1) - return oops+1; /* failed number */ - return oops; /* with leading '?' */ - } - addr = (addr << BYTE) | byte; - if (i < 3 && src < stop && *src++ != '.') { - if (i == 0) - return "?syntax error in dotted-decimal address"; - else - return "syntax error in dotted-decimal address"; - } - } - addr <<= (NBYTES - i) * BYTE; - if (src != stop) - return "extra garbage on end of dotted-decimal address"; - - addrp->s_addr = htonl(addr); - return NULL; -} - -/* - - getbyte - try to scan a byte in dotted decimal - * A subtlety here is that all this arithmetic on ASCII digits really is - * highly portable -- ANSI C guarantees that digits 0-9 are contiguous. - * It's easier to just do it ourselves than set up for a call to atoul(). - * - * If the first char of a complaint is '?', that means "didn't look like a - * number at all". - */ -const char * /* NULL for success, else string literal */ -getbyte(srcp, stop, retp) -const char **srcp; /* *srcp is updated */ -const char *stop; /* first untouchable char */ -int *retp; /* return-value pointer */ -{ - char c; - const char *p; - int no; - - if (*srcp >= stop) - return "?empty number in dotted-decimal address"; - - if (stop - *srcp >= 3 && **srcp == '0' && CIEQ(*(*srcp+1), 'x')) - return "hex numbers not supported in dotted-decimal addresses"; -#ifdef NOLEADINGZEROS - if (stop - *srcp >= 2 && **srcp == '0' && isdigit(*(*srcp+1))) - return "octal numbers not supported in dotted-decimal addresses"; -#endif /* NOLEADINGZEROS */ - - /* must be decimal, if it's numeric at all */ - no = 0; - p = *srcp; - while (p < stop && no <= 255 && (c = *p) >= '0' && c <= '9') { - no = no*10 + (c - '0'); - p++; - } - if (p == *srcp) - return "?non-numeric component in dotted-decimal address"; - *srcp = p; - if (no > 255) - return "byte overflow in dotted-decimal address"; - *retp = no; - return NULL; -} diff --git a/linux/lib/libfreeswan/atoasr.3 b/linux/lib/libfreeswan/atoasr.3 deleted file mode 100644 index 1bd805db1..000000000 --- a/linux/lib/libfreeswan/atoasr.3 +++ /dev/null @@ -1,186 +0,0 @@ -.TH IPSEC_ATOASR 3 "11 June 2001" -.\" RCSID $Id: atoasr.3,v 1.1 2004/03/15 20:35:25 as Exp $ -.SH NAME -ipsec atoasr \- convert ASCII to Internet address, subnet, or range -.br -ipsec rangetoa \- convert Internet address range to ASCII -.SH SYNOPSIS -.B "#include -.sp -.B "const char *atoasr(const char *src, size_t srclen," -.ti +1c -.B "char *type, struct in_addr *addrs);" -.br -.B "size_t rangetoa(struct in_addr *addrs, int format, -.ti +1c -.B "char *dst, size_t dstlen);" -.SH DESCRIPTION -These functions are obsolete; -there is no current equivalent, -because so far they have not proved useful. -.PP -.I Atoasr -converts an ASCII address, subnet, or address range -into a suitable combination of binary addresses -(in network byte order). -.I Rangetoa -converts an address range back into ASCII, -using dotted-decimal form for the addresses -(the other reverse conversions are handled by -.IR ipsec_addrtoa (3) -and -.IR ipsec_subnettoa (3)). -.PP -A single address can be any form acceptable to -.IR ipsec_atoaddr (3): -dotted decimal, DNS name, or hexadecimal number. -A subnet -specification uses the form \fInetwork\fB/\fImask\fR -interpreted by -.IR ipsec_atosubnet (3). -.PP -An address range is two -.IR ipsec_atoaddr (3) -addresses separated by a -.B ... -delimiter. -If there are four dots rather than three, the first is taken as -part of the begin address, -e.g. for a complete DNS name which ends with -.B . -to suppress completion attempts. -The begin address of a range must be -less than or equal to the end address. -.PP -The -.I srclen -parameter of -.I atoasr -specifies the length of the ASCII string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I type -parameter of -.I atoasr -must point to a -.B char -variable used to record which form was found. -The -.I addrs -parameter must point to a two-element array of -.B "struct in_addr" -which receives the results. -The values stored into -.BR *type , -and the corresponding values in the array, are: -.PP -.ta 3c +2c +3c - *type addrs[0] addrs[1] -.sp 0.8 -address \&\fB'a'\fR address - -.br -subnet \&\fB's'\fR network mask -.br -range \&\fB'r'\fR begin end -.PP -The -.I dstlen -parameter of -.I rangetoa -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines a constant, -.BR RANGETOA_BUF , -which is the size of a buffer just large enough for worst-case results. -.PP -The -.I format -parameter of -.I rangetoa -specifies what format is to be used for the conversion. -The value -.B 0 -(not the ASCII character -.BR '0' , -but a zero value) -specifies a reasonable default, -and is in fact the only format currently available. -This parameter is a hedge against future needs. -.PP -.I Atoasr -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.I Rangetoa -returns -.B 0 -for a failure, and otherwise -always returns the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.SH SEE ALSO -ipsec_atoaddr(3), ipsec_atosubnet(3) -.SH DIAGNOSTICS -Fatal errors in -.I atoasr -are: -empty input; -error in -.IR ipsec_atoaddr (3) -or -.IR ipsec_atosubnet (3) -during conversion; -begin address of range exceeds end address. -.PP -Fatal errors in -.I rangetoa -are: -unknown format. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = atoasr( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/linux/lib/libfreeswan/atoasr.c b/linux/lib/libfreeswan/atoasr.c deleted file mode 100644 index a68409bfb..000000000 --- a/linux/lib/libfreeswan/atoasr.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - * convert from ASCII form of address/subnet/range to binary - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: atoasr.c,v 1.1 2004/03/15 20:35:25 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - atoasr - convert ASCII to address, subnet, or range - */ -const char * /* NULL for success, else string literal */ -atoasr(src, srclen, typep, addrsp) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -char *typep; /* return type code: 'a', 's', 'r' */ -struct in_addr addrsp[2]; -{ - const char *punct; - const char *stop; - const char *oops; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - /* subnet is easy to spot */ - punct = memchr(src, '/', srclen); - if (punct != NULL) { - *typep = 's'; - return atosubnet(src, srclen, &addrsp[0], &addrsp[1]); - } - - /* try for a range */ - stop = src + srclen; - for (punct = src; (punct = memchr(punct, '.', stop - punct)) != NULL; - punct++) - if (stop - punct > 3 && *(punct+1) == '.' && *(punct+2) == '.') - break; /* NOTE BREAK OUT */ - if (punct == NULL) { - /* didn't find the range delimiter, must be plain address */ - *typep = 'a'; - return atoaddr(src, srclen, &addrsp[0]); - } - - /* looks like a range */ - *typep = 'r'; - if (stop - punct > 4 && *(punct+3) == '.') - punct++; /* first dot is trailing dot of name */ - oops = atoaddr(src, punct - src, &addrsp[0]); - if (oops != NULL) - return oops; - oops = atoaddr(punct+3, stop - (punct+3), &addrsp[1]); - if (oops != NULL) - return oops; - if (ntohl(addrsp[0].s_addr) > ntohl(addrsp[1].s_addr)) - return "invalid range, begin > end"; - return NULL; -} - - - -#ifdef ATOASR_MAIN - -#include -#include -#include -#include - -void regress(void); - -int -main(int argc, char *argv[]) -{ - struct in_addr a[2]; - char buf[100]; - const char *oops; - size_t n; - char type; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {addr|net/mask|begin...end|-r}\n", - argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - oops = atoasr(argv[1], 0, &type, a); - if (oops != NULL) { - fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); - exit(1); - } - switch (type) { - case 'a': - n = addrtoa(a[0], 0, buf, sizeof(buf)); - break; - case 's': - n = subnettoa(a[0], a[1], 0, buf, sizeof(buf)); - break; - case 'r': - n = rangetoa(a, 0, buf, sizeof(buf)); - break; - default: - fprintf(stderr, "%s: unknown type '%c'\n", argv[0], type); - exit(1); - break; - } - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conversion of ", argv[0]); - fprintf(stderr, "%s ", inet_ntoa(a[0])); - fprintf(stderr, "%s", inet_ntoa(a[1])); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - char *input; - char *output; /* NULL means error expected */ -} rtab[] = { - {"1.2.3.0", "1.2.3.0"}, - {"1.2.3.0/255.255.255.0", "1.2.3.0/24"}, - {"1.2.3.0...1.2.3.5", "1.2.3.0...1.2.3.5"}, - {"1.2.3.4.5", NULL}, - {"1.2.3.4/", NULL}, - {"1.2.3.4...", NULL}, - {"1.2.3.4....", NULL}, - {"localhost/32", "127.0.0.1/32"}, - {"localhost...127.0.0.3", "127.0.0.1...127.0.0.3"}, - {"127.0.0.0...localhost", "127.0.0.0...127.0.0.1"}, - {"127.0.0.3...localhost", NULL}, - {NULL, NULL} -}; - -void -regress(void) -{ - struct rtab *r; - int status = 0; - struct in_addr a[2]; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - char type; - - for (r = rtab; r->input != NULL; r++) { - strcpy(in, r->input); - oops = atoasr(in, 0, &type, a); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s' atoasr failed: %s\n", r->input, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s' atoasr succeeded unexpectedly '%c'\n", - r->input, type); - status = 1; - } else { - switch (type) { - case 'a': - n = addrtoa(a[0], 0, buf, sizeof(buf)); - break; - case 's': - n = subnettoa(a[0], a[1], 0, buf, sizeof(buf)); - break; - case 'r': - n = rangetoa(a, 0, buf, sizeof(buf)); - break; - default: - fprintf(stderr, "`%s' unknown type '%c'\n", - r->input, type); - n = 0; - status = 1; - break; - } - if (n > sizeof(buf)) { - printf("`%s' '%c' reverse failed: need %ld\n", - r->input, type, (long)n); - status = 1; - } else if (n > 0 && strcmp(r->output, buf) != 0) { - printf("`%s' '%c' gave `%s', expected `%s'\n", - r->input, type, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* ATOASR_MAIN */ diff --git a/linux/lib/libfreeswan/atosa.3 b/linux/lib/libfreeswan/atosa.3 deleted file mode 100644 index 116483a73..000000000 --- a/linux/lib/libfreeswan/atosa.3 +++ /dev/null @@ -1,218 +0,0 @@ -.TH IPSEC_ATOSA 3 "11 June 2001" -.\" RCSID $Id: atosa.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec atosa, satoa \- convert IPsec Security Association IDs to and from ASCII -.SH SYNOPSIS -.B "#include -.sp -.B "const char *atosa(const char *src, size_t srclen," -.ti +1c -.B "struct sa_id *sa); -.br -.B "size_t satoa(struct sa_id sa, int format," -.ti +1c -.B "char *dst, size_t dstlen);" -.sp -.B "struct sa_id {" -.ti +1c -.B "struct in_addr dst;" -.ti +1c -.B "ipsec_spi_t spi;" -.ti +1c -.B "int proto;" -.br -.B "};" -.SH DESCRIPTION -These functions are obsolete; see -.IR ipsec_ttosa (3) -for their replacements. -.PP -.I Atosa -converts an ASCII Security Association (SA) specifier into an -.B sa_id -structure (containing -a destination-host address -in network byte order, -an SPI number in network byte order, and -a protocol code). -.I Satoa -does the reverse conversion, back to an ASCII SA specifier. -.PP -An SA is specified in ASCII with a mail-like syntax, e.g. -.BR esp507@1.2.3.4 . -An SA specifier contains -a protocol prefix (currently -.BR ah , -.BR esp , -or -.BR tun ), -an unsigned integer SPI number, -and an IP address. -The SPI number can be decimal or hexadecimal -(with -.B 0x -prefix), as accepted by -.IR ipsec_atoul (3). -The IP address can be any form accepted by -.IR ipsec_atoaddr (3), -e.g. dotted-decimal address or DNS name. -.PP -As a special case, the SA specifier -.B %passthrough -signifies the special SA used to indicate that packets should be -passed through unaltered. -(At present, this is a synonym for -.BR tun0x0@0.0.0.0 , -but that is subject to change without notice.) -This form is known to both -.I atosa -and -.IR satoa , -so the internal form of -.B %passthrough -is never visible. -.PP -The -.B -header file supplies the -.B sa_id -structure, as well as a data type -.B ipsec_spi_t -which is an unsigned 32-bit integer. -(There is no consistency between kernel and user on what such a type -is called, hence the header hides the differences.) -.PP -The protocol code uses the same numbers that IP does. -For user convenience, given the difficulty in acquiring the exact set of -protocol names used by the kernel, -.B -defines the names -.BR SA_ESP , -.BR SA_AH , -and -.B SA_IPIP -to have the same values as the kernel names -.BR IPPROTO_ESP , -.BR IPPROTO_AH , -and -.BR IPPROTO_IPIP . -.PP -The -.I srclen -parameter of -.I atosa -specifies the length of the ASCII string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I dstlen -parameter of -.I satoa -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines a constant, -.BR SATOA_BUF , -which is the size of a buffer just large enough for worst-case results. -.PP -The -.I format -parameter of -.I satoa -specifies what format is to be used for the conversion. -The value -.B 0 -(not the ASCII character -.BR '0' , -but a zero value) -specifies a reasonable default -(currently -lowercase protocol prefix, lowercase hexadecimal SPI, dotted-decimal address). -The value -.B d -causes the SPI to be generated in decimal instead. -.PP -.I Atosa -returns -.B NULL -for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.I Satoa -returns -.B 0 -for a failure, and otherwise -always returns the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.SH SEE ALSO -ipsec_atoul(3), ipsec_atoaddr(3), inet(3) -.SH DIAGNOSTICS -Fatal errors in -.I atosa -are: -empty input; -input too small to be a legal SA specifier; -no -.B @ -in input; -unknown protocol prefix; -conversion error in -.I atoul -or -.IR atoaddr . -.PP -Fatal errors in -.I satoa -are: -unknown format; unknown protocol code. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The -.B tun -protocol code is a FreeS/WANism which may eventually disappear. -.PP -The restriction of ASCII-to-binary error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The ASCII-to-binary error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = atoaddr( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/linux/lib/libfreeswan/atosa.c b/linux/lib/libfreeswan/atosa.c deleted file mode 100644 index cc3b055d0..000000000 --- a/linux/lib/libfreeswan/atosa.c +++ /dev/null @@ -1,200 +0,0 @@ -/* - * convert from ASCII form of SA ID to binary - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: atosa.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -static struct satype { - char *prefix; - size_t prelen; /* strlen(prefix) */ - int proto; -} satypes[] = { - { "ah", 2, SA_AH }, - { "esp", 3, SA_ESP }, - { "tun", 3, SA_IPIP }, - { "comp", 4, SA_COMP }, - { NULL, 0, 0, } -}; - -/* - - atosa - convert ASCII "ah507@10.0.0.1" to SA identifier - */ -const char * /* NULL for success, else string literal */ -atosa(src, srclen, sa) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -struct sa_id *sa; -{ - const char *at; - const char *addr; - const char *spi = NULL; - struct satype *sat; - unsigned long ul; - const char *oops; -# define MINLEN 5 /* ah0@0 is as short as it can get */ - static char ptname[] = PASSTHROUGHNAME; -# define PTNLEN (sizeof(ptname)-1) /* -1 for NUL */ - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - if (srclen < MINLEN) - return "string too short to be SA specifier"; - if (srclen == PTNLEN && memcmp(src, ptname, PTNLEN) == 0) { - src = PASSTHROUGHIS; - srclen = strlen(src); - } - - at = memchr(src, '@', srclen); - if (at == NULL) - return "no @ in SA specifier"; - - for (sat = satypes; sat->prefix != NULL; sat++) - if (sat->prelen < srclen && - strncmp(src, sat->prefix, sat->prelen) == 0) { - sa->proto = sat->proto; - spi = src + sat->prelen; - break; /* NOTE BREAK OUT */ - } - if (sat->prefix == NULL) - return "SA specifier lacks valid protocol prefix"; - - if (spi >= at) - return "no SPI in SA specifier"; - oops = atoul(spi, at - spi, 13, &ul); - if (oops != NULL) - return oops; - sa->spi = htonl(ul); - - addr = at + 1; - oops = atoaddr(addr, srclen - (addr - src), &sa->dst); - if (oops != NULL) - return oops; - - return NULL; -} - - - -#ifdef ATOSA_MAIN - -#include -#include -#include -#include - -void regress(void); - -int -main(int argc, char *argv[]) -{ - struct sa_id sa; - char buf[100]; - const char *oops; - size_t n; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {ahnnn@aaa|-r}\n", argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - oops = atosa(argv[1], 0, &sa); - if (oops != NULL) { - fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); - exit(1); - } - n = satoa(sa, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conv of `%d'", argv[0], sa.proto); - fprintf(stderr, "%lu@", (long unsigned int)sa.spi); - fprintf(stderr, "%s", inet_ntoa(sa.dst)); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - char *input; - char *output; /* NULL means error expected */ -} rtab[] = { - {"esp257@1.2.3.0", "esp257@1.2.3.0"}, - {"ah0x20@1.2.3.4", "ah32@1.2.3.4"}, - {"tun011@111.2.3.99", "tun11@111.2.3.99"}, - {"", NULL}, - {"_", NULL}, - {"ah2.2", NULL}, - {"goo2@1.2.3.4", NULL}, - {"esp9@1.2.3.4", "esp9@1.2.3.4"}, - {"espp9@1.2.3.4", NULL}, - {"es9@1.2.3.4", NULL}, - {"ah@1.2.3.4", NULL}, - {"esp7x7@1.2.3.4", NULL}, - {"esp77@1.0x2.3.4", NULL}, - {PASSTHROUGHNAME, PASSTHROUGHNAME}, - {NULL, NULL} -}; - -void -regress(void) -{ - struct rtab *r; - int status = 0; - struct sa_id sa; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - - for (r = rtab; r->input != NULL; r++) { - strcpy(in, r->input); - oops = atosa(in, 0, &sa); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s' atosa failed: %s\n", r->input, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s' atosa succeeded unexpectedly\n", - r->input); - status = 1; - } else { - n = satoa(sa, 'd', buf, sizeof(buf)); - if (n > sizeof(buf)) { - printf("`%s' satoa failed: need %ld\n", - r->input, (long)n); - status = 1; - } else if (strcmp(r->output, buf) != 0) { - printf("`%s' gave `%s', expected `%s'\n", - r->input, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* ATOSA_MAIN */ diff --git a/linux/lib/libfreeswan/atosubnet.c b/linux/lib/libfreeswan/atosubnet.c deleted file mode 100644 index 9300c2895..000000000 --- a/linux/lib/libfreeswan/atosubnet.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * convert from ASCII form of subnet specification to binary - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: atosubnet.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -#ifndef DEFAULTSUBNET -#define DEFAULTSUBNET "%default" -#endif - -/* - - atosubnet - convert ASCII "addr/mask" to address and mask - * Mask can be integer bit count. - */ -const char * /* NULL for success, else string literal */ -atosubnet(src, srclen, addrp, maskp) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -struct in_addr *addrp; -struct in_addr *maskp; -{ - const char *slash; - const char *mask; - size_t mlen; - const char *oops; - unsigned long bc; - static char def[] = DEFAULTSUBNET; -# define DEFLEN (sizeof(def) - 1) /* -1 for NUL */ - static char defis[] = "0/0"; -# define DEFILEN (sizeof(defis) - 1) - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - if (srclen == DEFLEN && strncmp(src, def, srclen) == 0) { - src = defis; - srclen = DEFILEN; - } - - slash = memchr(src, '/', srclen); - if (slash == NULL) - return "no / in subnet specification"; - mask = slash + 1; - mlen = srclen - (mask - src); - - oops = atoaddr(src, slash-src, addrp); - if (oops != NULL) - return oops; - - oops = atoul(mask, mlen, 10, &bc); - if (oops == NULL) { - /* atoul succeeded, it's a bit-count mask */ - if (bc > ABITS) - return "bit-count mask too large"; -#ifdef NOLEADINGZEROS - if (mlen > 1 && *mask == '0') - return "octal not allowed in mask"; -#endif /* NOLEADINGZEROS */ - *maskp = bitstomask((int)bc); - } else { - oops = atoaddr(mask, mlen, maskp); - if (oops != NULL) - return oops; - if (!goodmask(*maskp)) - return "non-contiguous mask"; - } - - addrp->s_addr &= maskp->s_addr; - return NULL; -} - - - -#ifdef ATOSUBNET_MAIN - -#include -#include -#include -#include - -void regress(void); - -int -main(int argc, char *argv[]) -{ - struct in_addr a; - struct in_addr m; - char buf[100]; - const char *oops; - size_t n; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {addr/mask|-r}\n", argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - oops = atosubnet(argv[1], 0, &a, &m); - if (oops != NULL) { - fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); - exit(1); - } - n = subnettoa(a, m, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conversion of ", argv[0]); - fprintf(stderr, "%s/", inet_ntoa(a)); - fprintf(stderr, "%s", inet_ntoa(m)); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - char *input; - char *output; /* NULL means error expected */ -} rtab[] = { - {"1.2.3.0/255.255.255.0", "1.2.3.0/24"}, - {"1.2.3.0/24", "1.2.3.0/24"}, - {"1.2.3.1/255.255.255.240", "1.2.3.0/28"}, - {"1.2.3.1/32", "1.2.3.1/32"}, - {"1.2.3.1/0", "0.0.0.0/0"}, -/* "1.2.3.1/255.255.127.0", "1.2.3.0/255.255.127.0", */ - {"1.2.3.1/255.255.127.0", NULL}, - {"128.009.000.032/32", "128.9.0.32/32"}, - {"128.0x9.0.32/32", NULL}, - {"0x80090020/32", "128.9.0.32/32"}, - {"0x800x0020/32", NULL}, - {"128.9.0.32/0xffFF0000", "128.9.0.0/16"}, - {"128.9.0.32/0xff0000FF", NULL}, - {"128.9.0.32/0x0000ffFF", NULL}, - {"128.9.0.32/0x00ffFF0000", NULL}, - {"128.9.0.32/0xffFF", NULL}, - {"128.9.0.32.27/32", NULL}, - {"128.9.0k32/32", NULL}, - {"328.9.0.32/32", NULL}, - {"128.9..32/32", NULL}, - {"10/8", "10.0.0.0/8"}, - {"10.0/8", "10.0.0.0/8"}, - {"10.0.0/8", "10.0.0.0/8"}, - {"10.0.1/24", "10.0.1.0/24"}, - {"_", NULL}, - {"_/_", NULL}, - {"1.2.3.1", NULL}, - {"1.2.3.1/_", NULL}, - {"1.2.3.1/24._", NULL}, - {"1.2.3.1/99", NULL}, - {"localhost/32", "127.0.0.1/32"}, - {"%default", "0.0.0.0/0"}, - {NULL, NULL} -}; - -void -regress() -{ - struct rtab *r; - int status = 0; - struct in_addr a; - struct in_addr m; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - - for (r = rtab; r->input != NULL; r++) { - strcpy(in, r->input); - oops = atosubnet(in, 0, &a, &m); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s' atosubnet failed: %s\n", r->input, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s' atosubnet succeeded unexpectedly\n", - r->input); - status = 1; - } else { - n = subnettoa(a, m, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - printf("`%s' subnettoa failed: need %ld\n", - r->input, (long)n); - status = 1; - } else if (strcmp(r->output, buf) != 0) { - printf("`%s' gave `%s', expected `%s'\n", - r->input, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* ATOSUBNET_MAIN */ diff --git a/linux/lib/libfreeswan/atoul.3 b/linux/lib/libfreeswan/atoul.3 deleted file mode 100644 index a606fa4a9..000000000 --- a/linux/lib/libfreeswan/atoul.3 +++ /dev/null @@ -1,161 +0,0 @@ -.TH IPSEC_ATOUL 3 "11 June 2001" -.\" RCSID $Id: atoul.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec atoul, ultoa \- convert unsigned-long numbers to and from ASCII -.SH SYNOPSIS -.B "#include -.sp -.B "const char *atoul(const char *src, size_t srclen," -.ti +1c -.B "int base, unsigned long *n);" -.br -.B "size_t ultoa(unsigned long n, int base, char *dst," -.ti +1c -.B "size_t dstlen);" -.SH DESCRIPTION -These functions are obsolete; see -.IR ipsec_ttoul (3) -for their replacements. -.PP -.I Atoul -converts an ASCII number into a binary -.B "unsigned long" -value. -.I Ultoa -does the reverse conversion, back to an ASCII version. -.PP -Numbers are specified in ASCII as -decimal (e.g. -.BR 123 ), -octal with a leading zero (e.g. -.BR 012 , -which has value 10), -or hexadecimal with a leading -.B 0x -(e.g. -.BR 0x1f , -which has value 31) -in either upper or lower case. -.PP -The -.I srclen -parameter of -.I atoul -specifies the length of the ASCII string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I base -parameter of -.I atoul -can be -.BR 8 , -.BR 10 , -or -.BR 16 , -in which case the number supplied is assumed to be of that form -(and in the case of -.BR 16 , -to lack any -.B 0x -prefix). -It can also be -.BR 0 , -in which case the number is examined for a leading zero -or a leading -.B 0x -to determine its base, -or -.B 13 -(halfway between 10 and 16), -which has the same effect as -.B 0 -except that a non-hexadecimal -number is considered decimal regardless of any leading zero. -.PP -The -.I dstlen -parameter of -.I ultoa -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -.PP -The -.I base -parameter of -.I ultoa -must be -.BR 8 , -.BR 10 , -or -.BR 16 . -.PP -.I Atoul -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.I Ultoa -returns the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.SH SEE ALSO -atol(3), strtoul(3) -.SH DIAGNOSTICS -Fatal errors in -.I atoul -are: -empty input; -unknown -.IR base ; -non-digit character found; -number too large for an -.BR "unsigned long" . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -There is no provision for reporting an invalid -.I base -parameter given to -.IR ultoa . -.PP -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = atoul( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/linux/lib/libfreeswan/atoul.c b/linux/lib/libfreeswan/atoul.c deleted file mode 100644 index e32a8cdab..000000000 --- a/linux/lib/libfreeswan/atoul.c +++ /dev/null @@ -1,90 +0,0 @@ -/* - * convert from ASCII form of unsigned long to binary - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: atoul.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - atoul - convert ASCII substring to unsigned long number - */ -const char * /* NULL for success, else string literal */ -atoul(src, srclen, base, resultp) -const char *src; -size_t srclen; /* 0 means strlen(src) */ -int base; /* 0 means figure it out */ -unsigned long *resultp; -{ - const char *stop; - static char hex[] = "0123456789abcdef"; - static char uchex[] = "0123456789ABCDEF"; - int d; - char c; - char *p; - unsigned long r; - unsigned long rlimit; - int dlimit; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - if (base == 0 || base == 13) { - if (srclen > 2 && *src == '0' && CIEQ(*(src+1), 'x')) - return atoul(src+2, srclen-2, 16, resultp); - if (srclen > 1 && *src == '0' && base != 13) - return atoul(src+1, srclen-1, 8, resultp); - return atoul(src, srclen, 10, resultp); - } - if (base != 8 && base != 10 && base != 16) - return "unsupported number base"; - - r = 0; - stop = src + srclen; - if (base == 16) { - while (src < stop) { - c = *src++; - p = strchr(hex, c); - if (p != NULL) - d = p - hex; - else { - p = strchr(uchex, c); - if (p == NULL) - return "non-hex-digit in hex number"; - d = p - uchex; - } - r = (r << 4) | d; - } - /* defer length check to catch invalid digits first */ - if (srclen > sizeof(unsigned long) * 2) - return "hex number too long"; - } else { - rlimit = ULONG_MAX / base; - dlimit = (int)(ULONG_MAX - rlimit*base); - while (src < stop) { - c = *src++; - d = c - '0'; - if (d < 0 || d >= base) - return "non-digit in number"; - if (r > rlimit || (r == rlimit && d > dlimit)) - return "unsigned-long overflow"; - r = r*base + d; - } - } - - *resultp = r; - return NULL; -} diff --git a/linux/lib/libfreeswan/copyright.c b/linux/lib/libfreeswan/copyright.c deleted file mode 100644 index 0e836f6c2..000000000 --- a/linux/lib/libfreeswan/copyright.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * return IPsec copyright notice - * Copyright (C) 2001, 2002 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: copyright.c,v 1.6 2005/11/02 21:51:13 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -static const char *co[] = { - "Copyright (C) 1999-2005 Henry Spencer, Richard Guy Briggs,", - " D. Hugh Redelmeier, Sandy Harris, Claudia Schmeing,", - " Michael Richardson, Angelos D. Keromytis, John Ioannidis,", - "", - " Ken Bantoft, Stephen J. Bevan, JuanJo Ciarlante, Mathieu Lafon,", - " Stephane Laroche, Kai Martius, Tuomo Soini, Herbert Xu,", - "", - " Andreas Steffen, Martin Berner, Marco Bertossa, David Buechi,", - " Ueli Galizzi, Christoph Gysin, Andreas Hess, Patric Lichtsteiner,", - " Michael Meier, Andreas Schleiss, Ariane Seiler,", - " Mario Strasser, Lukas Suter, Roger Wegmann, Simon Zwahlen,", - " Zuercher Hochschule Winterthur (Switzerland).", - "", - " Jan Hutter, Martin Willi, Andreas Steffen,", - " Hochschule fuer Technik Rapperswil (Switzerland).", - "", - "This program is free software; you can redistribute it and/or modify it", - "under the terms of the GNU General Public License as published by the", - "Free Software Foundation; either version 2 of the License, or (at your", - "option) any later version. See .", - "", - "This program is distributed in the hope that it will be useful, but", - "WITHOUT ANY WARRANTY; without even the implied warranty of", - "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General", - "Public License (file COPYING in the distribution) for more details.", - NULL -}; - -/* - - ipsec_copyright_notice - return copyright notice, as a vector of strings - */ -const char ** -ipsec_copyright_notice() -{ - return co; -} diff --git a/linux/lib/libfreeswan/datatot.c b/linux/lib/libfreeswan/datatot.c deleted file mode 100644 index fbeb35fa9..000000000 --- a/linux/lib/libfreeswan/datatot.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * convert from binary data (e.g. key) to text form - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: datatot.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -static void convert(const char *src, size_t nreal, int format, char *out); - -/* - - datatot - convert data bytes to text - */ -size_t /* true length (with NUL) for success */ -datatot(src, srclen, format, dst, dstlen) -const char *src; -size_t srclen; -int format; /* character indicating what format */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t inblocksize; /* process this many bytes at a time */ - size_t outblocksize; /* producing this many */ - size_t breakevery; /* add a _ every this many (0 means don't) */ - size_t sincebreak; /* output bytes since last _ */ - char breakchar; /* character used to break between groups */ - char inblock[10]; /* enough for any format */ - char outblock[10]; /* enough for any format */ - char fake[1]; /* fake output area for dstlen == 0 */ - size_t needed; /* return value */ - char *stop; /* where the terminating NUL will go */ - size_t ntodo; /* remaining input */ - size_t nreal; - char *out; - char *prefix; - - breakevery = 0; - breakchar = '_'; - - switch (format) { - case 0: - case 'h': - format = 'x'; - breakevery = 8; - /* FALLTHROUGH */ - case 'x': - inblocksize = 1; - outblocksize = 2; - prefix = "0x"; - break; - case ':': - format = 'x'; - breakevery = 2; - breakchar = ':'; - /* FALLTHROUGH */ - case 16: - inblocksize = 1; - outblocksize = 2; - prefix = ""; - format = 'x'; - break; - case 's': - inblocksize = 3; - outblocksize = 4; - prefix = "0s"; - break; - case 64: /* beware, equals ' ' */ - inblocksize = 3; - outblocksize = 4; - prefix = ""; - format = 's'; - break; - default: - return 0; - break; - } - assert(inblocksize < sizeof(inblock)); - assert(outblocksize < sizeof(outblock)); - assert(breakevery % outblocksize == 0); - - if (srclen == 0) - return 0; - ntodo = srclen; - - if (dstlen == 0) { /* dispose of awkward special case */ - dst = fake; - dstlen = 1; - } - stop = dst + dstlen - 1; - - nreal = strlen(prefix); - needed = nreal; /* for starters */ - if (dstlen <= nreal) { /* prefix won't fit */ - strncpy(dst, prefix, dstlen - 1); - dst += dstlen - 1; - } else { - strcpy(dst, prefix); - dst += nreal; - } - assert(dst <= stop); - sincebreak = 0; - - while (ntodo > 0) { - if (ntodo < inblocksize) { /* incomplete input */ - memset(inblock, 0, sizeof(inblock)); - memcpy(inblock, src, ntodo); - src = inblock; - nreal = ntodo; - ntodo = inblocksize; - } else - nreal = inblocksize; - out = (outblocksize > stop - dst) ? outblock : dst; - - convert(src, nreal, format, out); - needed += outblocksize; - sincebreak += outblocksize; - if (dst < stop) { - if (out != dst) { - assert(outblocksize > stop - dst); - memcpy(dst, out, stop - dst); - dst = stop; - } else - dst += outblocksize; - } - - src += inblocksize; - ntodo -= inblocksize; - if (breakevery != 0 && sincebreak >= breakevery && ntodo > 0) { - if (dst < stop) - *dst++ = breakchar; - needed++; - sincebreak = 0; - } - } - - assert(dst <= stop); - *dst++ = '\0'; - needed++; - - return needed; -} - -/* - - convert - convert one input block to one output block - */ -static void -convert(src, nreal, format, out) -const char *src; -size_t nreal; /* how much of the input block is real */ -int format; -char *out; -{ - static char hex[] = "0123456789abcdef"; - static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "0123456789+/"; - unsigned char c; - unsigned char c1, c2, c3; - - assert(nreal > 0); - switch (format) { - case 'x': - assert(nreal == 1); - c = (unsigned char)*src; - *out++ = hex[c >> 4]; - *out++ = hex[c & 0xf]; - break; - case 's': - c1 = (unsigned char)*src++; - c2 = (unsigned char)*src++; - c3 = (unsigned char)*src++; - *out++ = base64[c1 >> 2]; /* top 6 bits of c1 */ - c = (c1 & 0x3) << 4; /* bottom 2 of c1... */ - c |= c2 >> 4; /* ...top 4 of c2 */ - *out++ = base64[c]; - if (nreal == 1) - *out++ = '='; - else { - c = (c2 & 0xf) << 2; /* bottom 4 of c2... */ - c |= c3 >> 6; /* ...top 2 of c3 */ - *out++ = base64[c]; - } - if (nreal <= 2) - *out++ = '='; - else - *out++ = base64[c3 & 0x3f]; /* bottom 6 of c3 */ - break; - default: - assert(nreal == 0); /* unknown format */ - break; - } -} - -/* - - datatoa - convert data to ASCII - * backward-compatibility synonym for datatot - */ -size_t /* true length (with NUL) for success */ -datatoa(src, srclen, format, dst, dstlen) -const char *src; -size_t srclen; -int format; /* character indicating what format */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - return datatot(src, srclen, format, dst, dstlen); -} - -/* - - bytestoa - convert data bytes to ASCII - * backward-compatibility synonym for datatot - */ -size_t /* true length (with NUL) for success */ -bytestoa(src, srclen, format, dst, dstlen) -const char *src; -size_t srclen; -int format; /* character indicating what format */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - return datatot(src, srclen, format, dst, dstlen); -} diff --git a/linux/lib/libfreeswan/goodmask.3 b/linux/lib/libfreeswan/goodmask.3 deleted file mode 100644 index 4a573e51e..000000000 --- a/linux/lib/libfreeswan/goodmask.3 +++ /dev/null @@ -1,57 +0,0 @@ -.TH IPSEC_GOODMASK 3 "11 June 2001" -.\" RCSID $Id: goodmask.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec goodmask \- is this Internet subnet mask a valid one? -.br -ipsec masktobits \- convert Internet subnet mask to bit count -.br -ipsec bitstomask \- convert bit count to Internet subnet mask -.SH SYNOPSIS -.B "#include -.sp -.B "int goodmask(struct in_addr mask);" -.br -.B "int masktobits(struct in_addr mask);" -.br -.B "struct in_addr bitstomask(int n);" -.SH DESCRIPTION -These functions are obsolete; -see -.IR ipsec_masktocount (3) -for a partial replacement. -.PP -.I Goodmask -reports whether the subnet -.I mask -is a valid one, -i.e. consists of a (possibly empty) sequence of -.BR 1 s -followed by a (possibly empty) sequence of -.BR 0 s. -.I Masktobits -takes a (valid) subnet mask and returns the number of -.B 1 -bits in it. -.I Bitstomask -reverses this, -returning the subnet mask corresponding to bit count -.IR n . -.PP -All masks are in network byte order. -.SH SEE ALSO -inet(3), ipsec_atosubnet(3) -.SH DIAGNOSTICS -.I Masktobits -returns -.B \-1 -for an invalid mask. -.I Bitstomask -returns an all-zeros mask for a negative or out-of-range -.IR n . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The error-reporting convention of -.I bitstomask -is less than ideal; -zero is sometimes a legitimate mask. diff --git a/linux/lib/libfreeswan/goodmask.c b/linux/lib/libfreeswan/goodmask.c deleted file mode 100644 index fe7a42335..000000000 --- a/linux/lib/libfreeswan/goodmask.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * minor utilities for subnet-mask manipulation - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: goodmask.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - goodmask - is this a good (^1*0*$) subnet mask? - * You are not expected to understand this. See Henry S. Warren Jr, - * "Functions realizable with word-parallel logical and two's-complement - * addition instructions", CACM 20.6 (June 1977), p.439. - */ -int /* predicate */ -goodmask(mask) -struct in_addr mask; -{ - unsigned long x = ntohl(mask.s_addr); - /* clear rightmost contiguous string of 1-bits */ -# define CRCS1B(x) (((x|(x-1))+1)&x) -# define TOPBIT (1UL << 31) - - /* either zero, or has one string of 1-bits which is left-justified */ - if (x == 0 || (CRCS1B(x) == 0 && (x&TOPBIT))) - return 1; - return 0; -} - -/* - - masktobits - how many bits in this mask? - * The algorithm is essentially a binary search, but highly optimized - * for this particular task. - */ -int /* -1 means !goodmask() */ -masktobits(mask) -struct in_addr mask; -{ - unsigned long m = ntohl(mask.s_addr); - int masklen; - - if (!goodmask(mask)) - return -1; - - if (m&0x00000001UL) - return 32; - masklen = 0; - if (m&(0x0000ffffUL<<1)) { /* <<1 for 1-origin numbering */ - masklen |= 0x10; - m <<= 16; - } - if (m&(0x00ff0000UL<<1)) { - masklen |= 0x08; - m <<= 8; - } - if (m&(0x0f000000UL<<1)) { - masklen |= 0x04; - m <<= 4; - } - if (m&(0x30000000UL<<1)) { - masklen |= 0x02; - m <<= 2; - } - if (m&(0x40000000UL<<1)) - masklen |= 0x01; - - return masklen; -} - -/* - - bitstomask - return a mask with this many high bits on - */ -struct in_addr -bitstomask(n) -int n; -{ - struct in_addr result; - - if (n > 0 && n <= ABITS) - result.s_addr = htonl(~((1UL << (ABITS - n)) - 1)); - else if (n == 0) - result.s_addr = 0; - else - result.s_addr = 0; /* best error report we can do */ - return result; -} diff --git a/linux/lib/libfreeswan/initaddr.3 b/linux/lib/libfreeswan/initaddr.3 deleted file mode 100644 index b963f21cc..000000000 --- a/linux/lib/libfreeswan/initaddr.3 +++ /dev/null @@ -1,129 +0,0 @@ -.TH IPSEC_INITADDR 3 "11 Sept 2000" -.\" RCSID $Id: initaddr.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec initaddr \- initialize an ip_address -.br -ipsec addrtypeof \- get address type of an ip_address -.br -ipsec addrlenof \- get length of address within an ip_address -.br -ipsec addrbytesof \- get copy of address within an ip_address -.br -ipsec addrbytesptr \- get pointer to address within an ip_address -.SH SYNOPSIS -.B "#include " -.sp -.B "const char *initaddr(const char *src, size_t srclen," -.ti +1c -.B "int af, ip_address *dst);" -.br -.B "int addrtypeof(const ip_address *src);" -.br -.B "size_t addrlenof(const ip_address *src);" -.br -.B "size_t addrbytesof(const ip_address *src," -.ti +1c -.B "unsigned char *dst, size_t dstlen);" -.br -.B "size_t addrbytesptr(const ip_address *src," -.ti +1c -.B "const unsigned char **dst);" -.SH DESCRIPTION -The -.B -library uses an internal type -.I ip_address -to contain one of the (currently two) types of IP address. -These functions provide basic tools for creating and examining this type. -.PP -.I Initaddr -initializes a variable -.I *dst -of type -.I ip_address -from an address -(in network byte order, -indicated by a pointer -.I src -and a length -.IR srclen ) -and an address family -.I af -(typically -.B AF_INET -or -.BR AF_INET6 ). -The length must be consistent with the address family. -.PP -.I Addrtypeof -returns the address type of an address, -normally -.B AF_INET -or -.BR AF_INET6 . -(The -.B -header file arranges to include the necessary headers for these -names to be known.) -.PP -.I Addrlenof -returns the size (in bytes) of the address within an -.IR ip_address , -to permit storage allocation etc. -.PP -.I Addrbytesof -copies the address within the -.I ip_address -.I src -to the buffer indicated by the pointer -.I dst -and the length -.IR dstlen , -and returns the address length (in bytes). -If the address will not fit, -as many bytes as will fit are copied; -the returned length is still the full length. -It is the caller's responsibility to check the -returned value to ensure that there was enough room. -.PP -.I Addrbytesptr -sets -.I *dst -to a pointer to the internal address within the -.IR ip_address , -and returns the address length (in bytes). -If -.I dst -is -.BR NULL , -it just returns the address length. -The pointer points to -.B const -to discourage misuse. -.PP -.I Initaddr -returns -.B NULL -for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.PP -The functions which return -.I size_t -return -.B 0 -for a failure. -.SH SEE ALSO -inet(3), ipsec_ttoaddr(3) -.SH DIAGNOSTICS -An unknown address family is a fatal error for any of these functions -except -.IR addrtypeof . -An address-size mismatch is a fatal error for -.IR initaddr . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -.I Addrtypeof -should probably have been named -.IR addrfamilyof . diff --git a/linux/lib/libfreeswan/initaddr.c b/linux/lib/libfreeswan/initaddr.c deleted file mode 100644 index c215f6bdf..000000000 --- a/linux/lib/libfreeswan/initaddr.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * initialize address structure - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: initaddr.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - initaddr - initialize ip_address from bytes - */ -err_t /* NULL for success, else string literal */ -initaddr(src, srclen, af, dst) -const unsigned char *src; -size_t srclen; -int af; /* address family */ -ip_address *dst; -{ - switch (af) { - case AF_INET: - if (srclen != 4) - return "IPv4 address must be exactly 4 bytes"; - dst->u.v4.sin_family = af; - dst->u.v4.sin_port = 0; /* unused */ - memcpy((char *)&dst->u.v4.sin_addr.s_addr, src, srclen); - break; - case AF_INET6: - if (srclen != 16) - return "IPv6 address must be exactly 16 bytes"; - dst->u.v6.sin6_family = af; - dst->u.v6.sin6_flowinfo = 0; /* unused */ - dst->u.v6.sin6_port = 0; /* unused */ - memcpy((char *)&dst->u.v6.sin6_addr, src, srclen); - break; - default: - return "unknown address family in initaddr"; - break; - } - return NULL; -} diff --git a/linux/lib/libfreeswan/initsaid.c b/linux/lib/libfreeswan/initsaid.c deleted file mode 100644 index 4790f6981..000000000 --- a/linux/lib/libfreeswan/initsaid.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * initialize SA ID structure - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: initsaid.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - initsaid - initialize SA ID from bits - */ -void -initsaid(addr, spi, proto, dst) -const ip_address *addr; -ipsec_spi_t spi; -int proto; -ip_said *dst; -{ - dst->dst = *addr; - dst->spi = spi; - dst->proto = proto; -} diff --git a/linux/lib/libfreeswan/initsubnet.3 b/linux/lib/libfreeswan/initsubnet.3 deleted file mode 100644 index 670f71778..000000000 --- a/linux/lib/libfreeswan/initsubnet.3 +++ /dev/null @@ -1,137 +0,0 @@ -.TH IPSEC_INITSUBNET 3 "12 March 2002" -.\" RCSID $Id: initsubnet.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec initsubnet \- initialize an ip_subnet -.br -ipsec addrtosubnet \- initialize a singleton ip_subnet -.br -ipsec subnettypeof \- get address type of an ip_subnet -.br -ipsec masktocount \- convert subnet mask to bit count -.br -ipsec networkof \- get base address of an ip_subnet -.br -ipsec maskof \- get subnet mask of an ip_subnet -.SH SYNOPSIS -.B "#include " -.sp -.B "const char *initsubnet(const ip_address *addr," -.ti +1c -.B "int maskbits, int clash, ip_subnet *dst);" -.br -.B "const char *addrtosubnet(const ip_address *addr," -.ti +1c -.B "ip_subnet *dst);" -.sp -.B "int subnettypeof(const ip_subnet *src);" -.br -.B "int masktocount(const ip_address *src);" -.br -.B "void networkof(const ip_subnet *src, ip_address *dst);" -.br -.B "void maskof(const ip_subnet *src, ip_address *dst);" -.SH DESCRIPTION -The -.B -library uses an internal type -.I ip_subnet -to contain a description of an IP subnet -(base address plus mask). -These functions provide basic tools for creating and examining this type. -.PP -.I Initsubnet -initializes a variable -.I *dst -of type -.I ip_subnet -from a base address and -a count of mask bits. -The -.I clash -parameter specifies what to do if the base address includes -.B 1 -bits outside the prefix specified by the mask -(that is, in the ``host number'' part of the address): -.RS -.IP '0' 5 -zero out host-number bits -.IP 'x' -non-zero host-number bits are an error -.RE -.PP -.I Initsubnet -returns -.B NULL -for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.PP -.I Addrtosubnet -initializes an -.I ip_subnet -variable -.I *dst -to a ``singleton subnet'' containing the single address -.IR *addr . -It returns -.B NULL -for success and -a pointer to a string-literal error message for failure. -.PP -.I Subnettypeof -returns the address type of a subnet, -normally -.B AF_INET -or -.BR AF_INET6 . -(The -.B -header file arranges to include the necessary headers for these -names to be known.) -.PP -.I Masktocount -converts a subnet mask, expressed as an address, to a bit count -suitable for use with -.IR initsubnet . -It returns -.B \-1 -for error; see DIAGNOSTICS. -.PP -.I Networkof -fills in -.I *dst -with the base address of subnet -.IR src . -.PP -.I Maskof -fills in -.I *dst -with the subnet mask of subnet -.IR src , -expressed as an address. -.SH SEE ALSO -inet(3), ipsec_ttosubnet(3), ipsec_rangetosubnet(3) -.SH DIAGNOSTICS -Fatal errors in -.I initsubnet -are: -unknown address family; -unknown -.I clash -value; -impossible mask bit count; -non-zero host-number bits and -.I clash -is -.BR 'x' . -Fatal errors in -.I addrtosubnet -are: -unknown address family. -Fatal errors in -.I masktocount -are: -unknown address family; -mask bits not contiguous. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. diff --git a/linux/lib/libfreeswan/initsubnet.c b/linux/lib/libfreeswan/initsubnet.c deleted file mode 100644 index 75ca72f36..000000000 --- a/linux/lib/libfreeswan/initsubnet.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * initialize subnet structure - * Copyright (C) 2000, 2002 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: initsubnet.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - initsubnet - initialize ip_subnet from address and count - * - * The only hard part is checking for host-part bits turned on. - */ -err_t /* NULL for success, else string literal */ -initsubnet(addr, count, clash, dst) -const ip_address *addr; -int count; -int clash; /* '0' zero host-part bits, 'x' die on them */ -ip_subnet *dst; -{ - unsigned char *p; - int n; - int c; - unsigned m; - int die; - - dst->addr = *addr; - n = addrbytesptr(&dst->addr, (const unsigned char **)&p); - if (n == 0) - return "unknown address family"; - - switch (clash) { - case '0': - die = 0; - break; - case 'x': - die = 1; - break; - default: - return "unknown clash-control value in initsubnet"; - break; - } - - c = count / 8; - if (c > n) - return "impossible mask count"; - p += c; - n -= c; - - m = 0xff; - c = count % 8; - if (n > 0 && c != 0) /* partial byte */ - m >>= c; - for (; n > 0; n--) { - if ((*p & m) != 0) { - if (die) - return "improper subnet, host-part bits on"; - *p &= ~m; - } - m = 0xff; - p++; - } - - dst->maskbits = count; - return NULL; -} - -/* - - addrtosubnet - initialize ip_subnet from a single address - */ -err_t /* NULL for success, else string literal */ -addrtosubnet(addr, dst) -const ip_address *addr; -ip_subnet *dst; -{ - int n; - - dst->addr = *addr; - n = addrbytesptr(&dst->addr, (const unsigned char **)NULL); - if (n == 0) - return "unknown address family"; - dst->maskbits = n*8; - return NULL; -} diff --git a/linux/lib/libfreeswan/internal.h b/linux/lib/libfreeswan/internal.h deleted file mode 100644 index 16ad78da0..000000000 --- a/linux/lib/libfreeswan/internal.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * internal definitions for use within the library; do not export! - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: internal.h,v 1.1 2004/03/15 20:35:26 as Exp $ - */ - -#ifndef ABITS -#define ABITS 32 /* bits in an IPv4 address */ -#endif - -/* case-independent ASCII character equality comparison */ -#define CIEQ(c1, c2) ( ((c1)&~040) == ((c2)&~040) ) - -/* syntax for passthrough SA */ -#ifndef PASSTHROUGHNAME -#define PASSTHROUGHNAME "%passthrough" -#define PASSTHROUGH4NAME "%passthrough4" -#define PASSTHROUGH6NAME "%passthrough6" -#define PASSTHROUGHIS "tun0@0.0.0.0" -#define PASSTHROUGH4IS "tun0@0.0.0.0" -#define PASSTHROUGH6IS "tun0@::" -#define PASSTHROUGHTYPE "tun" -#define PASSTHROUGHSPI 0 -#define PASSTHROUGHDST 0 -#endif - -/* - * Headers, greatly complicated by stupid and unnecessary inconsistencies - * between the user environment and the kernel environment. These are done - * here so that this mess need exist in only one place. - * - * It may seem like a -I or two could avoid most of this, but on closer - * inspection it is not quite that easy. - */ - -/* things that need to come from one place or the other, depending */ -#ifdef __KERNEL__ -#include -#include -#include -#include -#include -#define assert(foo) /* nothing */ -#else -#include -#include -#include -#include -#include -#endif - -/* things that exist only in userland */ -#ifndef __KERNEL__ - -/* You'd think this would be okay in the kernel too -- it's just a */ -/* bunch of constants -- but no, in RH5.1 it screws up other things. */ -/* (Credit: Mike Warfield tracked this problem down. Thanks Mike!) */ -/* Fortunately, we don't need it in the kernel subset of the library. */ -#include - -/* header files for things that should never be called in kernel */ -#include - -/* memory allocation, currently user-only, macro-ized just in case */ -#include -#define MALLOC(n) malloc(n) -#define FREE(p) free(p) - -#endif /* __KERNEL__ */ - diff --git a/linux/lib/libfreeswan/keyblobtoid.3 b/linux/lib/libfreeswan/keyblobtoid.3 deleted file mode 100644 index be381531a..000000000 --- a/linux/lib/libfreeswan/keyblobtoid.3 +++ /dev/null @@ -1,103 +0,0 @@ -.TH IPSEC_KEYBLOBTOID 3 "25 March 2002" -.\" RCSID $Id: keyblobtoid.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec keyblobtoid, splitkeytoid \- generate key IDs from RSA keys -.SH SYNOPSIS -.B "#include -.sp -.B "size_t keyblobtoid(const unsigned char *blob," -.ti +1c -.B "size_t bloblen, char *dst, size_t dstlen);" -.br -.B "size_t splitkeytoid(const unsigned char *e, size_t elen," -.ti +1c -.B "const unsigned char *m, size_t mlen, char *dst, -.ti +1c -.B "size_t dstlen);" -.SH DESCRIPTION -.I Keyblobtoid -and -.I splitkeytoid -generate -key IDs -from RSA keys, -for use in messages and reporting, -writing the result to -.IR dst . -A -.I key ID -is a short ASCII string identifying a key; -currently it is just the first nine characters of the base64 -encoding of the RFC 2537/3110 ``byte blob'' representation of the key. -(Beware that no finite key ID can be collision-proof: -there is always some small chance of two random keys having the -same ID.) -.PP -.I Keyblobtoid -generates a key ID from a key which is already in the form of an -RFC 2537/3110 binary key -.I blob -(encoded exponent length, exponent, modulus). -.PP -.I Splitkeytoid -generates a key ID from a key given in the form of a separate -(binary) exponent -.I e -and modulus -.IR m . -.PP -The -.I dstlen -parameter of either -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines a constant -.B KEYID_BUF -which is the size of a buffer large enough for worst-case results. -.PP -Both functions return -.B 0 -for a failure, and otherwise -always return the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.P -With keys generated by -.IR ipsec_rsasigkey (3), -the first two base64 digits are always the same, -and the third carries only about one bit of information. -It's worse with keys using longer fixed exponents, -e.g. the 24-bit exponent that's common in X.509 certificates. -However, being able to relate key IDs to the full -base64 text form of keys by eye is sufficiently useful that this -waste of space seems justifiable. -The choice of nine digits is a compromise between bulk and -probability of collision. -.SH SEE ALSO -RFC 3110, -\fIRSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)\fR, -Eastlake, 2001 -(superseding the older but better-known RFC 2537). -.SH DIAGNOSTICS -Fatal errors are: -key too short to supply enough bits to construct a complete key ID -(almost certainly indicating a garbage key); -exponent too long for its length to be representable. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. diff --git a/linux/lib/libfreeswan/keyblobtoid.c b/linux/lib/libfreeswan/keyblobtoid.c deleted file mode 100644 index 7798601cf..000000000 --- a/linux/lib/libfreeswan/keyblobtoid.c +++ /dev/null @@ -1,148 +0,0 @@ -/* - * generate printable key IDs - * Copyright (C) 2002 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: keyblobtoid.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - keyblobtoid - generate a printable key ID from an RFC 2537/3110 key blob - * Current algorithm is just to use first nine base64 digits. - */ -size_t -keyblobtoid(src, srclen, dst, dstlen) -const unsigned char *src; -size_t srclen; -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - char buf[KEYID_BUF]; - size_t ret; -# define NDIG 9 - - if (srclen < (NDIG*6 + 7)/8) { - strcpy(buf, "?len= ?"); - buf[5] = '0' + srclen; - ret = 0; - } else { - (void) datatot(src, srclen, 64, buf, NDIG+1); - ret = NDIG+1; - } - - if (dstlen > 0) { - if (strlen(buf)+1 > dstlen) - *(buf + dstlen - 1) = '\0'; - strcpy(dst, buf); - } - return ret; -} - -/* - - splitkeytoid - generate a printable key ID from exponent/modulus pair - * Just constructs the beginnings of a key blob and calls keyblobtoid(). - */ -size_t -splitkeytoid(e, elen, m, mlen, dst, dstlen) -const unsigned char *e; -size_t elen; -const unsigned char *m; -size_t mlen; -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - unsigned char buf[KEYID_BUF]; /* ample room */ - unsigned char *bufend = buf + sizeof(buf); - unsigned char *p; - size_t n; - - p = buf; - if (elen <= 255) - *p++ = elen; - else if ((elen &~ 0xffff) == 0) { - *p++ = 0; - *p++ = (elen>>8) & 0xff; - *p++ = elen & 0xff; - } else - return 0; /* unrepresentable exponent length */ - - n = bufend - p; - if (elen < n) - n = elen; - memcpy(p, e, n); - p += n; - - n = bufend - p; - if (n > 0) { - if (mlen < n) - n = mlen; - memcpy(p, m, n); - p += n; - } - - return keyblobtoid(buf, p - buf, dst, dstlen); -} - - - -#ifdef KEYBLOBTOID_MAIN - -#include - -void regress(); - -int -main(argc, argv) -int argc; -char *argv[]; -{ - typedef unsigned char uc; - uc hexblob[] = "\x01\x03\x85\xf2\xd6\x76\x9b\x03\x59\xb6\x21\x52"; - uc hexe[] = "\x03"; - uc hexm[] = "\x85\xf2\xd6\x76\x9b\x03\x59\xb6\x21\x52\xef\x85"; - char b64nine[] = "AQOF8tZ2m"; - char b64six[] = "AQOF8t"; - char buf[100]; - size_t n; - char *b = b64nine; - size_t bl = strlen(b) + 1; - int st = 0; - - n = keyblobtoid(hexblob, strlen(hexblob), buf, sizeof(buf)); - if (n != bl) { - fprintf(stderr, "%s: keyblobtoid returned %d not %d\n", - argv[0], n, bl); - st = 1; - } - if (strcmp(buf, b) != 0) { - fprintf(stderr, "%s: keyblobtoid generated `%s' not `%s'\n", - argv[0], buf, b); - st = 1; - } - n = splitkeytoid(hexe, strlen(hexe), hexm, strlen(hexm), buf, - sizeof(buf)); - if (n != bl) { - fprintf(stderr, "%s: splitkeytoid returned %d not %d\n", - argv[0], n, bl); - st = 1; - } - if (strcmp(buf, b) != 0) { - fprintf(stderr, "%s: splitkeytoid generated `%s' not `%s'\n", - argv[0], buf, b); - st = 1; - } - exit(st); -} - -#endif /* KEYBLOBTOID_MAIN */ diff --git a/linux/lib/libfreeswan/optionsfrom.3 b/linux/lib/libfreeswan/optionsfrom.3 deleted file mode 100644 index e270475bd..000000000 --- a/linux/lib/libfreeswan/optionsfrom.3 +++ /dev/null @@ -1,182 +0,0 @@ -.TH IPSEC_OPTIONSFROM 3 "16 Oct 1998" -.\" RCSID $Id: optionsfrom.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec optionsfrom \- read additional ``command-line'' options from file -.SH SYNOPSIS -.B "#include -.sp -.B "const char *optionsfrom(char *filename, int *argcp," -.ti +1c -.B "char ***argvp, int optind, FILE *errsto);" -.SH DESCRIPTION -.I Optionsfrom -is called from within a -.IR getopt_long (3) -scan, -as the result of the appearance of an option (preferably -.BR \-\-optionsfrom ) -to insert additional ``command-line'' arguments -into the scan immediately after -the option. -Typically this would be done to pick up options which are -security-sensitive and should not be visible to -.IR ps (1) -and similar commands, -and hence cannot be supplied as part -of the actual command line or the environment. -.PP -.I Optionsfrom -reads the additional arguments from the specified -.IR filename , -allocates a new argument vector to hold pointers to the existing -arguments plus the new ones, -and amends -.I argc -and -.I argv -(via the pointers -.I argcp -and -.IR argvp , -which must point to the -.I argc -and -.I argv -being supplied to -.IR getopt_long (3)) -accordingly. -.I Optind -must be the index, in the original argument vector, -of the next argument. -.PP -If -.I errsto -is NULL, -.I optionsfrom -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -If -.I errsto -is non-NULL and an error occurs, -.I optionsfrom -prints a suitable complaint onto the -.I errsto -descriptor and invokes -.I exit -with an exit status of 2; -this is a convenience for cases where more sophisticated -responses are not required. -.PP -The text of existing arguments is not disturbed by -.IR optionsfrom , -so pointers to them and into them remain valid. -.PP -The file of additional arguments is an ASCII text file. -Lines consisting solely of white space, -and lines beginning with -.BR # , -are comments and are ignored. -Otherwise, a line which does not begin with -.BR \- -is taken to be a single argument; -if it both begins and ends with double-quote ("), -those quotes are stripped off (note, no other processing is done within -the line!). -A line beginning with -.B \- -is considered to contain multiple arguments separated by white space. -.PP -Because -.I optionsfrom -reads its entire file before the -.IR getopt_long (3) -scan is resumed, an -.I optionsfrom -file can contain another -.B \-\-optionsfrom -option. -Obviously, infinite loops are possible here. -If -.I errsto -is non-NULL, -.I optionsfrom -considers it an error to be called more than 100 times. -If -.I errsto -is NULL, -loop detection is up to the caller -(and the internal loop counter is zeroed out). -.SH EXAMPLE -A reasonable way to invoke -.I optionsfrom -would be like so: -.PP -.nf -.ft B -#include - -struct option opts[] = { - /* ... */ - "optionsfrom", 1, NULL, '+', - /* ... */ -}; - -int -main(argc, argv) -int argc; -char *argv[]; -{ - int opt; - extern char *optarg; - extern int optind; - - while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) - switch (opt) { - /* ... */ - case '+': /* optionsfrom */ - optionsfrom(optarg, &argc, &argv, optind, stderr); - /* does not return on error */ - break; - /* ... */ - } - /* ... */ -.ft -.fi -.SH SEE ALSO -getopt_long(3) -.SH DIAGNOSTICS -Errors in -.I optionsfrom -are: -unable to open file; -attempt to allocate temporary storage for argument or -argument vector failed; -read error in file; -line too long. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The double-quote convention is rather simplistic. -.PP -Line length is currently limited to 1023 bytes, -and there is no continuation convention. -.PP -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -.PP -There is a certain element of unwarranted chumminess with -the insides of -.IR getopt_long (3) -here. -No non-public interfaces are actually used, but -.IR optionsfrom -does rely on -.IR getopt_long (3) -being well-behaved in certain ways that are not actually -promised by the specs. diff --git a/linux/lib/libfreeswan/optionsfrom.c b/linux/lib/libfreeswan/optionsfrom.c deleted file mode 100644 index d96a3124d..000000000 --- a/linux/lib/libfreeswan/optionsfrom.c +++ /dev/null @@ -1,301 +0,0 @@ -/* - * pick up more options from a file, in the middle of an option scan - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: optionsfrom.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -#include - -#define MAX 100 /* loop-detection limit */ - -/* internal work area */ -struct work { -# define LOTS 1024 - char buf[LOTS]; - char *line; - char *pending; -}; - -static const char *dowork(const char *, int *, char ***, int); -static const char *getanarg(FILE *, struct work *, char **); -static char *getline(FILE *, char *, size_t); - -/* - - optionsfrom - add some options, taken from a file, to argc/argv - * If errsto is non-NULL, does not return in event of error. - */ -const char * /* NULL for success, else string literal */ -optionsfrom(filename, argcp, argvp, optind, errsto) -const char *filename; -int *argcp; /* pointer to argc */ -char ***argvp; /* pointer to argv */ -int optind; /* current optind, number of next argument */ -FILE *errsto; /* where to report errors (NULL means return) */ -{ - const char *e; - static int nuses = 0; - - if (errsto != NULL) { - nuses++; - if (nuses >= MAX) { - fprintf(errsto, - "%s: optionsfrom called %d times, looping?\n", - (*argvp)[0], nuses); - exit(2); - } - } else - nuses = 0; - - e = dowork(filename, argcp, argvp, optind); - if (e != NULL && errsto != NULL) { - fprintf(errsto, "%s: optionsfrom failed: %s\n", (*argvp)[0], e); - exit(2); - } - return e; -} - -/* - - dowork - do all the real work of optionsfrom - * Does not alter the existing arguments, but does relocate and alter - * the argv pointer vector. - */ -static const char * /* NULL for success, else string literal */ -dowork(filename, argcp, argvp, optind) -const char *filename; -int *argcp; /* pointer to argc */ -char ***argvp; /* pointer to argv */ -int optind; /* current optind, number of next argument */ -{ - char **newargv; - char **tmp; - int newargc; - int next; /* place for next argument */ - int room; /* how many more new arguments we can hold */ -# define SOME 10 /* first guess at how many we'll need */ - FILE *f; - int i; - const char *p; - struct work wa; /* for getanarg() */ - - f = fopen(filename, "r"); - if (f == NULL) - return "unable to open file"; - - newargc = *argcp + SOME; - newargv = malloc((newargc+1) * sizeof(char *)); - if (newargv == NULL) - return "unable to allocate memory"; - memcpy(newargv, *argvp, optind * sizeof(char *)); - room = SOME; - next = optind; - - newargv[next] = NULL; - wa.pending = NULL; - while ((p = getanarg(f, &wa, &newargv[next])) == NULL) { - if (room == 0) { - newargc += SOME; - tmp = realloc(newargv, (newargc+1) * sizeof(char *)); - if (tmp == NULL) { - p = "out of space for new argv"; - break; /* NOTE BREAK OUT */ - } - newargv = tmp; - room += SOME; - } - next++; - room--; - } - if (p != NULL && !feof(f)) { /* error of some kind */ - for (i = optind+1; i <= next; i++) - if (newargv[i] != NULL) - free(newargv[i]); - free(newargv); - fclose(f); - return p; - } - - fclose(f); - memcpy(newargv + next, *argvp + optind, - (*argcp+1-optind) * sizeof(char *)); - *argcp += next - optind; - *argvp = newargv; - return NULL; -} - -/* - - getanarg - get a malloced argument from the file - */ -static const char * /* NULL for success, else string literal */ -getanarg(f, w, linep) -FILE *f; -struct work *w; -char **linep; /* where to store pointer if successful */ -{ - size_t len; - char *p; - char *endp; - - while (w->pending == NULL) { /* no pending line */ - if ((w->line = getline(f, w->buf, sizeof(w->buf))) == NULL) - return "error in line read"; /* caller checks EOF */ - if (w->line[0] != '#' && - *(w->line + strspn(w->line, " \t")) != '\0') - w->pending = w->line; - } - - if (w->pending == w->line && w->line[0] != '-') { - /* fresh plain line */ - w->pending = NULL; - p = w->line; - endp = p + strlen(p); - if (*p == '"' && endp > p+1 && *(endp-1) == '"') { - p++; - endp--; - *endp = '\0'; - } - if (w->line == w->buf) { - *linep = malloc(endp - p + 1); - if (*linep == NULL) - return "out of memory for new line"; - strcpy(*linep, p); - } else /* getline already malloced it */ - *linep = p; - return NULL; - } - - /* chip off a piece of a pending line */ - p = w->pending; - p += strspn(p, " \t"); - endp = p + strcspn(p, " \t"); - len = endp - p; - if (*endp != '\0') { - *endp++ = '\0'; - endp += strspn(endp, " \t"); - } - /* endp now points to next real character, or to line-end NUL */ - *linep = malloc(len + 1); - if (*linep == NULL) { - if (w->line != w->buf) - free(w->line); - return "out of memory for new argument"; - } - strcpy(*linep, p); - if (*endp == '\0') { - w->pending = NULL; - if (w->line != w->buf) - free(w->line); - } else - w->pending = endp; - return NULL; -} - -/* - - getline - read a line from the file, trim newline off - */ -static char * /* pointer to line, NULL for eof/error */ -getline(f, buf, bufsize) -FILE *f; -char *buf; /* buffer to use, if convenient */ -size_t bufsize; /* size of buf */ -{ - size_t len; - - if (fgets(buf, bufsize, f) == NULL) - return NULL; - len = strlen(buf); - - if (len < bufsize-1 || buf[bufsize-1] == '\n') { - /* it fit */ - buf[len-1] = '\0'; - return buf; - } - - /* oh crud, buffer overflow */ - /* for now, to hell with it */ - return NULL; -} - - - -#ifdef TEST - -#include - -char usage[] = "Usage: tester [--foo] [--bar] [--optionsfrom file] arg ..."; -struct option opts[] = { - "foo", 0, NULL, 'f', - "bar", 0, NULL, 'b', - "builtin", 0, NULL, 'B', - "optionsfrom", 1, NULL, '+', - "help", 0, NULL, 'h', - "version", 0, NULL, 'v', - 0, 0, NULL, 0, -}; - -int -main(argc, argv) -int argc; -char *argv[]; -{ - int opt; - extern char *optarg; - extern int optind; - int errflg = 0; - const char *p; - int i; - FILE *errs = NULL; - - while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) - switch (opt) { - case 'f': - case 'b': - break; - case 'B': - errs = stderr; - break; - case '+': /* optionsfrom */ - p = optionsfrom(optarg, &argc, &argv, optind, errs); - if (p != NULL) { - fprintf(stderr, "%s: optionsfrom error: %s\n", - argv[0], p); - exit(1); - } - break; - case 'h': /* help */ - printf("%s\n", usage); - exit(0); - break; - case 'v': /* version */ - printf("1\n"); - exit(0); - break; - case '?': - default: - errflg = 1; - break; - } - if (errflg) { - fprintf(stderr, "%s\n", usage); - exit(2); - } - - for (i = 1; i < argc; i++) - printf("%d: `%s'\n", i, argv[i]); - exit(0); -} - - -#endif /* TEST */ diff --git a/linux/lib/libfreeswan/pfkey_v2_build.c b/linux/lib/libfreeswan/pfkey_v2_build.c deleted file mode 100644 index be58c552f..000000000 --- a/linux/lib/libfreeswan/pfkey_v2_build.c +++ /dev/null @@ -1,1438 +0,0 @@ -/* - * RFC2367 PF_KEYv2 Key management API message parser - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: pfkey_v2_build.c,v 1.4 2005/04/07 19:43:52 as Exp $ - */ - -/* - * Template from klips/net/ipsec/ipsec/ipsec_parser.c. - */ - -char pfkey_v2_build_c_version[] = "$Id: pfkey_v2_build.c,v 1.4 2005/04/07 19:43:52 as Exp $"; - -/* - * Some ugly stuff to allow consistent debugging code for use in the - * kernel and in user space -*/ - -#ifdef __KERNEL__ - -# include /* for printk */ - -# include "freeswan/ipsec_kversion.h" /* for malloc switch */ -# ifdef MALLOC_SLAB -# include /* kmalloc() */ -# else /* MALLOC_SLAB */ -# include /* kmalloc() */ -# endif /* MALLOC_SLAB */ -# include /* error codes */ -# include /* size_t */ -# include /* mark_bh */ - -# include /* struct device, and other headers */ -# include /* eth_type_trans */ -# include /* struct iphdr */ -# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -# include /* struct ipv6hdr */ -# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ - -# define MALLOC(size) kmalloc(size, GFP_ATOMIC) -# define FREE(obj) kfree(obj) -# include -#else /* __KERNEL__ */ - -# include -# include -# include -# include -# include /* memset */ - -# include -unsigned int pfkey_lib_debug = 0; - -void (*pfkey_debug_func)(const char *message, ...) PRINTF_LIKE(1); - -/* #define PLUTO */ - -#define DEBUGGING(args...) if(pfkey_lib_debug) { \ - if(pfkey_debug_func != NULL) { \ - (*pfkey_debug_func)("pfkey_lib_debug:" args); \ - } else { \ - printf("pfkey_lib_debug:" args); \ - } } -# define MALLOC(size) malloc(size) -# define FREE(obj) free(obj) -#endif /* __KERNEL__ */ - -#include -#include - -#ifdef __KERNEL__ - -#include "freeswan/radij.h" /* rd_nodes */ -#include "freeswan/ipsec_encap.h" /* sockaddr_encap */ - -# define DEBUGGING(args...) \ - KLIPS_PRINT(debug_pfkey, "klips_debug:" args) -#endif /* __KERNEL__ */ - -#include "freeswan/ipsec_sa.h" /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */ - -#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) - -void -pfkey_extensions_init(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) -{ - int i; - - for (i = 0; i != SADB_EXT_MAX + 1; i++) { - extensions[i] = NULL; - } -} - -void -pfkey_extensions_free(struct sadb_ext *extensions[SADB_EXT_MAX + 1]) -{ - int i; - - if (!extensions) { - return; - } - - if (extensions[0]) { - memset(extensions[0], 0, sizeof(struct sadb_msg)); - FREE(extensions[0]); - extensions[0] = NULL; - } - - for (i = 1; i != SADB_EXT_MAX + 1; i++) { - if(extensions[i]) { - memset(extensions[i], 0, extensions[i]->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); - FREE(extensions[i]); - extensions[i] = NULL; - } - } -} - -void -pfkey_msg_free(struct sadb_msg **pfkey_msg) -{ - if (*pfkey_msg) { - memset(*pfkey_msg, 0, (*pfkey_msg)->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); - FREE(*pfkey_msg); - *pfkey_msg = NULL; - } -} - -/* Default extension builders taken from the KLIPS code */ - -int -pfkey_msg_hdr_build(struct sadb_ext** pfkey_ext, - uint8_t msg_type, - uint8_t satype, - uint8_t msg_errno, - uint32_t seq, - uint32_t pid) -{ - int error = 0; - struct sadb_msg *pfkey_msg = (struct sadb_msg *)*pfkey_ext; - - DEBUGGING( - "pfkey_msg_hdr_build:\n"); - DEBUGGING( - "pfkey_msg_hdr_build: " - "on_entry &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n", - &pfkey_ext, - pfkey_ext, - *pfkey_ext); - /* sanity checks... */ - if (pfkey_msg) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "why is pfkey_msg already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (!msg_type) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "msg type not set, must be non-zero..\n"); - SENDERR(EINVAL); - } - - if (msg_type > SADB_MAX) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "msg type too large:%d.\n", - msg_type); - SENDERR(EINVAL); - } - - if (satype > SADB_SATYPE_MAX) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "satype %d > max %d\n", - satype, SADB_SATYPE_MAX); - SENDERR(EINVAL); - } - - pfkey_msg = (struct sadb_msg*)MALLOC(sizeof(struct sadb_msg)); - *pfkey_ext = (struct sadb_ext*)pfkey_msg; - - if (pfkey_msg == NULL) { - DEBUGGING( - "pfkey_msg_hdr_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_msg, 0, sizeof(struct sadb_msg)); - - pfkey_msg->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; - - pfkey_msg->sadb_msg_type = msg_type; - pfkey_msg->sadb_msg_satype = satype; - - pfkey_msg->sadb_msg_version = PF_KEY_V2; - pfkey_msg->sadb_msg_errno = msg_errno; - pfkey_msg->sadb_msg_reserved = 0; - pfkey_msg->sadb_msg_seq = seq; - pfkey_msg->sadb_msg_pid = pid; - DEBUGGING( - "pfkey_msg_hdr_build: " - "on_exit &pfkey_ext=0p%p pfkey_ext=0p%p *pfkey_ext=0p%p.\n", - &pfkey_ext, - pfkey_ext, - *pfkey_ext); -errlab: - return error; -} - -int -pfkey_sa_ref_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t spi, - uint8_t replay_window, - uint8_t sa_state, - uint8_t auth, - uint8_t encrypt, - uint32_t flags, - uint32_t/*IPsecSAref_t*/ ref) -{ - int error = 0; - struct sadb_sa *pfkey_sa = (struct sadb_sa *)*pfkey_ext; - - DEBUGGING( - "pfkey_sa_build: " - "spi=%08x replay=%d sa_state=%d auth=%d encrypt=%d flags=%d\n", - ntohl(spi), /* in network order */ - replay_window, - sa_state, - auth, - encrypt, - flags); - /* sanity checks... */ - if (pfkey_sa) { - DEBUGGING( - "pfkey_sa_build: " - "why is pfkey_sa already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (exttype != SADB_EXT_SA - && exttype != SADB_X_EXT_SA2) { - DEBUGGING( - "pfkey_sa_build: " - "invalid exttype=%d.\n", - exttype); - SENDERR(EINVAL); - } - - if (replay_window > 64) { - DEBUGGING( - "pfkey_sa_build: " - "replay window size: %d -- must be 0 <= size <= 64\n", - replay_window); - SENDERR(EINVAL); - } - - if (auth > SADB_AALG_MAX) { - DEBUGGING( - "pfkey_sa_build: " - "auth=%d > SADB_AALG_MAX=%d.\n", - auth, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - - if (encrypt > SADB_EALG_MAX) { - DEBUGGING( - "pfkey_sa_build: " - "encrypt=%d > SADB_EALG_MAX=%d.\n", - encrypt, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - - if (sa_state > SADB_SASTATE_MAX) { - DEBUGGING( - "pfkey_sa_build: " - "sa_state=%d exceeds MAX=%d.\n", - sa_state, - SADB_SASTATE_MAX); - SENDERR(EINVAL); - } - - if (sa_state == SADB_SASTATE_DEAD) { - DEBUGGING( - "pfkey_sa_build: " - "sa_state=%d is DEAD=%d is not allowed.\n", - sa_state, - SADB_SASTATE_DEAD); - SENDERR(EINVAL); - } - - if ((IPSEC_SAREF_NULL != ref) && (ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) { - DEBUGGING( - "pfkey_sa_build: " - "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n", - ref, - IPSEC_SAREF_NULL, - IPSEC_SA_REF_TABLE_NUM_ENTRIES); - SENDERR(EINVAL); - } - - pfkey_sa = (struct sadb_sa*)MALLOC(sizeof(struct sadb_sa)); - *pfkey_ext = (struct sadb_ext*)pfkey_sa; - - if (pfkey_sa == NULL) { - DEBUGGING( - "pfkey_sa_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_sa, 0, sizeof(struct sadb_sa)); - - pfkey_sa->sadb_sa_len = sizeof(*pfkey_sa) / IPSEC_PFKEYv2_ALIGN; - pfkey_sa->sadb_sa_exttype = exttype; - pfkey_sa->sadb_sa_spi = spi; - pfkey_sa->sadb_sa_replay = replay_window; - pfkey_sa->sadb_sa_state = sa_state; - pfkey_sa->sadb_sa_auth = auth; - pfkey_sa->sadb_sa_encrypt = encrypt; - pfkey_sa->sadb_sa_flags = flags; - pfkey_sa->sadb_x_sa_ref = ref; - -errlab: - return error; -} - -int -pfkey_sa_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t spi, - uint8_t replay_window, - uint8_t sa_state, - uint8_t auth, - uint8_t encrypt, - uint32_t flags) -{ - return pfkey_sa_ref_build(pfkey_ext, - exttype, - spi, - replay_window, - sa_state, - auth, - encrypt, - flags, - IPSEC_SAREF_NULL); -} - -int -pfkey_lifetime_build(struct sadb_ext ** pfkey_ext, - uint16_t exttype, - uint32_t allocations, - uint64_t bytes, - uint64_t addtime, - uint64_t usetime, - uint32_t packets) -{ - int error = 0; - struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)*pfkey_ext; - - DEBUGGING( - "pfkey_lifetime_build:\n"); - /* sanity checks... */ - if (pfkey_lifetime) { - DEBUGGING( - "pfkey_lifetime_build: " - "why is pfkey_lifetime already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (exttype != SADB_EXT_LIFETIME_CURRENT - && exttype != SADB_EXT_LIFETIME_HARD - && exttype != SADB_EXT_LIFETIME_SOFT) { - DEBUGGING( - "pfkey_lifetime_build: " - "invalid exttype=%d.\n", - exttype); - SENDERR(EINVAL); - } - - pfkey_lifetime = (struct sadb_lifetime*)MALLOC(sizeof(struct sadb_lifetime)); - *pfkey_ext = (struct sadb_ext*)pfkey_lifetime; - - if (pfkey_lifetime == NULL) { - DEBUGGING( - "pfkey_lifetime_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_lifetime, 0, sizeof(struct sadb_lifetime)); - - pfkey_lifetime->sadb_lifetime_len = sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN; - pfkey_lifetime->sadb_lifetime_exttype = exttype; - pfkey_lifetime->sadb_lifetime_allocations = allocations; - pfkey_lifetime->sadb_lifetime_bytes = bytes; - pfkey_lifetime->sadb_lifetime_addtime = addtime; - pfkey_lifetime->sadb_lifetime_usetime = usetime; - pfkey_lifetime->sadb_x_lifetime_packets = packets; - -errlab: - return error; -} - -int -pfkey_address_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint8_t proto, - uint8_t prefixlen, - struct sockaddr* address) -{ - int error = 0; - int saddr_len = 0; - char ipaddr_txt[ADDRTOT_BUF + 6/*extra for port number*/]; - struct sadb_address *pfkey_address = (struct sadb_address *)*pfkey_ext; - - DEBUGGING( - "pfkey_address_build: " - "exttype=%d proto=%d prefixlen=%d\n", - exttype, - proto, - prefixlen); - /* sanity checks... */ - if (pfkey_address) { - DEBUGGING( - "pfkey_address_build: " - "why is pfkey_address already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (!address) { - DEBUGGING("pfkey_address_build: " - "address is NULL\n"); - SENDERR(EINVAL); - } - - switch(exttype) { - case SADB_EXT_ADDRESS_SRC: - case SADB_EXT_ADDRESS_DST: - case SADB_EXT_ADDRESS_PROXY: - case SADB_X_EXT_ADDRESS_DST2: - case SADB_X_EXT_ADDRESS_SRC_FLOW: - case SADB_X_EXT_ADDRESS_DST_FLOW: - case SADB_X_EXT_ADDRESS_SRC_MASK: - case SADB_X_EXT_ADDRESS_DST_MASK: -#ifdef NAT_TRAVERSAL - case SADB_X_EXT_NAT_T_OA: -#endif - break; - default: - DEBUGGING( - "pfkey_address_build: " - "unrecognised ext_type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - switch (address->sa_family) { - case AF_INET: - DEBUGGING( - "pfkey_address_build: " - "found address family AF_INET.\n"); - saddr_len = sizeof(struct sockaddr_in); - sprintf(ipaddr_txt, "%d.%d.%d.%d:%d" - , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 0) & 0xFF - , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 8) & 0xFF - , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 16) & 0xFF - , (((struct sockaddr_in*)address)->sin_addr.s_addr >> 24) & 0xFF - , ntohs(((struct sockaddr_in*)address)->sin_port)); - break; - case AF_INET6: - DEBUGGING( - "pfkey_address_build: " - "found address family AF_INET6.\n"); - saddr_len = sizeof(struct sockaddr_in6); - sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x-%x" - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[0]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[1]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[2]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[3]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[4]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[5]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[6]) - , ntohs(((struct sockaddr_in6*)address)->sin6_addr.s6_addr16[7]) - , ntohs(((struct sockaddr_in6*)address)->sin6_port)); - break; - default: - DEBUGGING( - "pfkey_address_build: " - "address->sa_family=%d not supported.\n", - address->sa_family); - SENDERR(EPFNOSUPPORT); - } - - DEBUGGING( - "pfkey_address_build: " - "found address=%s.\n", - ipaddr_txt); - if (prefixlen != 0) { - DEBUGGING( - "pfkey_address_build: " - "address prefixes not supported yet.\n"); - SENDERR(EAFNOSUPPORT); /* not supported yet */ - } - - pfkey_address = (struct sadb_address*) - MALLOC(ALIGN_N(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)); - *pfkey_ext = (struct sadb_ext*)pfkey_address; - - if (pfkey_address == NULL) { - DEBUGGING( - "pfkey_lifetime_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_address, - 0, - ALIGN_N(sizeof(struct sadb_address) + saddr_len, - IPSEC_PFKEYv2_ALIGN)); - - pfkey_address->sadb_address_len = DIVUP(sizeof(struct sadb_address) + saddr_len, - IPSEC_PFKEYv2_ALIGN); - - pfkey_address->sadb_address_exttype = exttype; - pfkey_address->sadb_address_proto = proto; - pfkey_address->sadb_address_prefixlen = prefixlen; - pfkey_address->sadb_address_reserved = 0; - - memcpy((char*)pfkey_address + sizeof(struct sadb_address), - address, - saddr_len); - -#if 0 - for (i = 0; i < sizeof(struct sockaddr_in) - offsetof(struct sockaddr_in, sin_zero); i++) { - pfkey_address_s_ska.sin_zero[i] = 0; - } -#endif - DEBUGGING( - "pfkey_address_build: " - "successful.\n"); - - errlab: - return error; -} - -int -pfkey_key_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t key_bits, - char* key) -{ - int error = 0; - struct sadb_key *pfkey_key = (struct sadb_key *)*pfkey_ext; - - DEBUGGING( - "pfkey_key_build:\n"); - /* sanity checks... */ - if (pfkey_key) { - DEBUGGING( - "pfkey_key_build: " - "why is pfkey_key already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (!key_bits) { - DEBUGGING( - "pfkey_key_build: " - "key_bits is zero, it must be non-zero.\n"); - SENDERR(EINVAL); - } - - if ( !((exttype == SADB_EXT_KEY_AUTH) || (exttype == SADB_EXT_KEY_ENCRYPT))) { - DEBUGGING( - "pfkey_key_build: " - "unsupported extension type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - pfkey_key = (struct sadb_key*) - MALLOC(sizeof(struct sadb_key) + - DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN); - *pfkey_ext = (struct sadb_ext*)pfkey_key; - - if (pfkey_key == NULL) { - DEBUGGING( - "pfkey_key_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_key, - 0, - sizeof(struct sadb_key) + - DIVUP(key_bits, 64) * IPSEC_PFKEYv2_ALIGN); - - pfkey_key->sadb_key_len = DIVUP(sizeof(struct sadb_key) * IPSEC_PFKEYv2_ALIGN + key_bits, - 64); - pfkey_key->sadb_key_exttype = exttype; - pfkey_key->sadb_key_bits = key_bits; - pfkey_key->sadb_key_reserved = 0; - memcpy((char*)pfkey_key + sizeof(struct sadb_key), - key, - DIVUP(key_bits, 8)); - -errlab: - return error; -} - -int -pfkey_ident_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t ident_type, - uint64_t ident_id, - uint8_t ident_len, - char* ident_string) -{ - int error = 0; - struct sadb_ident *pfkey_ident = (struct sadb_ident *)*pfkey_ext; - int data_len = ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); - - DEBUGGING( - "pfkey_ident_build:\n"); - /* sanity checks... */ - if (pfkey_ident) { - DEBUGGING( - "pfkey_ident_build: " - "why is pfkey_ident already pointing to something?\n"); - SENDERR(EINVAL); - } - - if ( !((exttype == SADB_EXT_IDENTITY_SRC) || - (exttype == SADB_EXT_IDENTITY_DST))) { - DEBUGGING( - "pfkey_ident_build: " - "unsupported extension type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - if (ident_type == SADB_IDENTTYPE_RESERVED) { - DEBUGGING( - "pfkey_ident_build: " - "ident_type must be non-zero.\n"); - SENDERR(EINVAL); - } - - if (ident_type > SADB_IDENTTYPE_MAX) { - DEBUGGING( - "pfkey_ident_build: " - "identtype=%d out of range.\n", - ident_type); - SENDERR(EINVAL); - } - - if ((ident_type == SADB_IDENTTYPE_PREFIX || - ident_type == SADB_IDENTTYPE_FQDN) && - !ident_string) { - DEBUGGING( - "pfkey_ident_build: " - "string required to allocate size of extension.\n"); - SENDERR(EINVAL); - } - -#if 0 - if (ident_type == SADB_IDENTTYPE_USERFQDN) { - } -#endif - - pfkey_ident = (struct sadb_ident*) - MALLOC(ident_len * IPSEC_PFKEYv2_ALIGN); - *pfkey_ext = (struct sadb_ext*)pfkey_ident; - - if (pfkey_ident == NULL) { - DEBUGGING( - "pfkey_ident_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_ident, 0, ident_len * IPSEC_PFKEYv2_ALIGN); - - pfkey_ident->sadb_ident_len = ident_len; - pfkey_ident->sadb_ident_exttype = exttype; - pfkey_ident->sadb_ident_type = ident_type; - pfkey_ident->sadb_ident_reserved = 0; - pfkey_ident->sadb_ident_id = ident_id; - memcpy((char*)pfkey_ident + sizeof(struct sadb_ident), - ident_string, - data_len); - -errlab: - return error; -} - -int -pfkey_sens_build(struct sadb_ext** pfkey_ext, - uint32_t dpd, - uint8_t sens_level, - uint8_t sens_len, - uint64_t* sens_bitmap, - uint8_t integ_level, - uint8_t integ_len, - uint64_t* integ_bitmap) -{ - int error = 0; - struct sadb_sens *pfkey_sens = (struct sadb_sens *)*pfkey_ext; - int i; - uint64_t* bitmap; - - DEBUGGING( - "pfkey_sens_build:\n"); - /* sanity checks... */ - if (pfkey_sens) { - DEBUGGING( - "pfkey_sens_build: " - "why is pfkey_sens already pointing to something?\n"); - SENDERR(EINVAL); - } - - DEBUGGING( - "pfkey_sens_build: " - "Sorry, I can't build exttype=%d yet.\n", - (*pfkey_ext)->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - - pfkey_sens = (struct sadb_sens*) - MALLOC(sizeof(struct sadb_sens) + - (sens_len + integ_len) * sizeof(uint64_t)); - *pfkey_ext = (struct sadb_ext*)pfkey_sens; - - if (pfkey_sens == NULL) { - DEBUGGING( - "pfkey_sens_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_sens, - 0, - sizeof(struct sadb_sens) + - (sens_len + integ_len) * sizeof(uint64_t)); - - pfkey_sens->sadb_sens_len = (sizeof(struct sadb_sens) + - (sens_len + integ_len) * sizeof(uint64_t)) / IPSEC_PFKEYv2_ALIGN; - pfkey_sens->sadb_sens_exttype = SADB_EXT_SENSITIVITY; - pfkey_sens->sadb_sens_dpd = dpd; - pfkey_sens->sadb_sens_sens_level = sens_level; - pfkey_sens->sadb_sens_sens_len = sens_len; - pfkey_sens->sadb_sens_integ_level = integ_level; - pfkey_sens->sadb_sens_integ_len = integ_len; - pfkey_sens->sadb_sens_reserved = 0; - - bitmap = (uint64_t*)((char*)pfkey_ext + sizeof(struct sadb_sens)); - for (i = 0; i < sens_len; i++) { - *bitmap = sens_bitmap[i]; - bitmap++; - } - for (i = 0; i < integ_len; i++) { - *bitmap = integ_bitmap[i]; - bitmap++; - } - -errlab: - return error; -} - -int -pfkey_prop_build(struct sadb_ext** pfkey_ext, - uint8_t replay, - unsigned int comb_num, - struct sadb_comb* comb) -{ - int error = 0; - int i; - struct sadb_prop *pfkey_prop = (struct sadb_prop *)*pfkey_ext; - struct sadb_comb *combp; - - DEBUGGING( - "pfkey_prop_build:\n"); - /* sanity checks... */ - if (pfkey_prop) { - DEBUGGING( - "pfkey_prop_build: " - "why is pfkey_prop already pointing to something?\n"); - SENDERR(EINVAL); - } - - pfkey_prop = (struct sadb_prop*) - MALLOC(sizeof(struct sadb_prop) + - comb_num * sizeof(struct sadb_comb)); - - *pfkey_ext = (struct sadb_ext*)pfkey_prop; - - if (pfkey_prop == NULL) { - DEBUGGING( - "pfkey_prop_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_prop, - 0, - sizeof(struct sadb_prop) + - comb_num * sizeof(struct sadb_comb)); - - pfkey_prop->sadb_prop_len = (sizeof(struct sadb_prop) + - comb_num * sizeof(struct sadb_comb)) / IPSEC_PFKEYv2_ALIGN; - - pfkey_prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; - pfkey_prop->sadb_prop_replay = replay; - - for (i=0; i<3; i++) { - pfkey_prop->sadb_prop_reserved[i] = 0; - } - - combp = (struct sadb_comb*)((char*)*pfkey_ext + sizeof(struct sadb_prop)); - for (i = 0; i < comb_num; i++) { - memcpy (combp, &(comb[i]), sizeof(struct sadb_comb)); - combp++; - } - -#if 0 - uint8_t sadb_comb_auth; - uint8_t sadb_comb_encrypt; - uint16_t sadb_comb_flags; - uint16_t sadb_comb_auth_minbits; - uint16_t sadb_comb_auth_maxbits; - uint16_t sadb_comb_encrypt_minbits; - uint16_t sadb_comb_encrypt_maxbits; - uint32_t sadb_comb_reserved; - uint32_t sadb_comb_soft_allocations; - uint32_t sadb_comb_hard_allocations; - uint64_t sadb_comb_soft_bytes; - uint64_t sadb_comb_hard_bytes; - uint64_t sadb_comb_soft_addtime; - uint64_t sadb_comb_hard_addtime; - uint64_t sadb_comb_soft_usetime; - uint64_t sadb_comb_hard_usetime; - uint32_t sadb_comb_soft_packets; - uint32_t sadb_comb_hard_packets; -#endif -errlab: - return error; -} - -int -pfkey_supported_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - unsigned int alg_num, - struct sadb_alg* alg) -{ - int error = 0; - unsigned int i; - struct sadb_supported *pfkey_supported = (struct sadb_supported *)*pfkey_ext; - struct sadb_alg *pfkey_alg; - - /* sanity checks... */ - if (pfkey_supported) { - DEBUGGING( - "pfkey_supported_build: " - "why is pfkey_supported already pointing to something?\n"); - SENDERR(EINVAL); - } - - if ( !((exttype == SADB_EXT_SUPPORTED_AUTH) || (exttype == SADB_EXT_SUPPORTED_ENCRYPT))) { - DEBUGGING( - "pfkey_supported_build: " - "unsupported extension type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - pfkey_supported = (struct sadb_supported*) - MALLOC(sizeof(struct sadb_supported) + - alg_num * sizeof(struct sadb_alg)); - - *pfkey_ext = (struct sadb_ext*)pfkey_supported; - - if (pfkey_supported == NULL) { - DEBUGGING( - "pfkey_supported_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_supported, - 0, - sizeof(struct sadb_supported) + - alg_num * - sizeof(struct sadb_alg)); - - pfkey_supported->sadb_supported_len = (sizeof(struct sadb_supported) + - alg_num * - sizeof(struct sadb_alg)) / - IPSEC_PFKEYv2_ALIGN; - pfkey_supported->sadb_supported_exttype = exttype; - pfkey_supported->sadb_supported_reserved = 0; - - pfkey_alg = (struct sadb_alg*)((char*)pfkey_supported + sizeof(struct sadb_supported)); - for(i = 0; i < alg_num; i++) { - memcpy (pfkey_alg, &(alg[i]), sizeof(struct sadb_alg)); - pfkey_alg->sadb_alg_reserved = 0; - pfkey_alg++; - } - -#if 0 - DEBUGGING( - "pfkey_supported_build: " - "Sorry, I can't build exttype=%d yet.\n", - (*pfkey_ext)->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - - uint8_t sadb_alg_id; - uint8_t sadb_alg_ivlen; - uint16_t sadb_alg_minbits; - uint16_t sadb_alg_maxbits; - uint16_t sadb_alg_reserved; -#endif -errlab: - return error; -} - -int -pfkey_spirange_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint32_t min, /* in network order */ - uint32_t max) /* in network order */ -{ - int error = 0; - struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)*pfkey_ext; - - /* sanity checks... */ - if (pfkey_spirange) { - DEBUGGING( - "pfkey_spirange_build: " - "why is pfkey_spirange already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (ntohl(max) < ntohl(min)) { - DEBUGGING( - "pfkey_spirange_build: " - "minspi=%08x must be < maxspi=%08x.\n", - ntohl(min), - ntohl(max)); - SENDERR(EINVAL); - } - - if (ntohl(min) <= 255) { - DEBUGGING( - "pfkey_spirange_build: " - "minspi=%08x must be > 255.\n", - ntohl(min)); - SENDERR(EEXIST); - } - - pfkey_spirange = (struct sadb_spirange*) - MALLOC(sizeof(struct sadb_spirange)); - *pfkey_ext = (struct sadb_ext*)pfkey_spirange; - - if (pfkey_spirange == NULL) { - DEBUGGING( - "pfkey_spirange_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_spirange, - 0, - sizeof(struct sadb_spirange)); - - pfkey_spirange->sadb_spirange_len = sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN; - - pfkey_spirange->sadb_spirange_exttype = SADB_EXT_SPIRANGE; - pfkey_spirange->sadb_spirange_min = min; - pfkey_spirange->sadb_spirange_max = max; - pfkey_spirange->sadb_spirange_reserved = 0; - errlab: - return error; -} - -int -pfkey_x_kmprivate_build(struct sadb_ext** pfkey_ext) -{ - int error = 0; - struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)*pfkey_ext; - - /* sanity checks... */ - if (pfkey_x_kmprivate) { - DEBUGGING( - "pfkey_x_kmprivate_build: " - "why is pfkey_x_kmprivate already pointing to something?\n"); - SENDERR(EINVAL); - } - - pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0; - - DEBUGGING( - "pfkey_x_kmprivate_build: " - "Sorry, I can't build exttype=%d yet.\n", - (*pfkey_ext)->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - - pfkey_x_kmprivate = (struct sadb_x_kmprivate*) - MALLOC(sizeof(struct sadb_x_kmprivate)); - *pfkey_ext = (struct sadb_ext*)pfkey_x_kmprivate; - - if (pfkey_x_kmprivate == NULL) { - DEBUGGING( - "pfkey_x_kmprivate_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_x_kmprivate, - 0, - sizeof(struct sadb_x_kmprivate)); - - pfkey_x_kmprivate->sadb_x_kmprivate_len = - sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN; - - pfkey_x_kmprivate->sadb_x_kmprivate_exttype = SADB_X_EXT_KMPRIVATE; - pfkey_x_kmprivate->sadb_x_kmprivate_reserved = 0; -errlab: - return error; -} - -int -pfkey_x_satype_build(struct sadb_ext** pfkey_ext, - uint8_t satype) -{ - int error = 0; - int i; - struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)*pfkey_ext; - - DEBUGGING( - "pfkey_x_satype_build:\n"); - /* sanity checks... */ - if (pfkey_x_satype) { - DEBUGGING( - "pfkey_x_satype_build: " - "why is pfkey_x_satype already pointing to something?\n"); - SENDERR(EINVAL); - } - - if (!satype) { - DEBUGGING( - "pfkey_x_satype_build: " - "SA type not set, must be non-zero.\n"); - SENDERR(EINVAL); - } - - if (satype > SADB_SATYPE_MAX) { - DEBUGGING( - "pfkey_x_satype_build: " - "satype %d > max %d\n", - satype, SADB_SATYPE_MAX); - SENDERR(EINVAL); - } - - pfkey_x_satype = (struct sadb_x_satype*) - MALLOC(sizeof(struct sadb_x_satype)); - - *pfkey_ext = (struct sadb_ext*)pfkey_x_satype; - - if (pfkey_x_satype == NULL) { - DEBUGGING( - "pfkey_x_satype_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - memset(pfkey_x_satype, - 0, - sizeof(struct sadb_x_satype)); - - pfkey_x_satype->sadb_x_satype_len = sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN; - - pfkey_x_satype->sadb_x_satype_exttype = SADB_X_EXT_SATYPE2; - pfkey_x_satype->sadb_x_satype_satype = satype; - for (i=0; i<3; i++) { - pfkey_x_satype->sadb_x_satype_reserved[i] = 0; - } - -errlab: - return error; -} - -int -pfkey_x_debug_build(struct sadb_ext** pfkey_ext, - uint32_t tunnel, - uint32_t netlink, - uint32_t xform, - uint32_t eroute, - uint32_t spi, - uint32_t radij, - uint32_t esp, - uint32_t ah, - uint32_t rcv, - uint32_t pfkey, - uint32_t ipcomp, - uint32_t verbose) -{ - int error = 0; - int i; - struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)*pfkey_ext; - - DEBUGGING( - "pfkey_x_debug_build:\n"); - /* sanity checks... */ - if (pfkey_x_debug) { - DEBUGGING( - "pfkey_x_debug_build: " - "why is pfkey_x_debug already pointing to something?\n"); - SENDERR(EINVAL); - } - - DEBUGGING( - "pfkey_x_debug_build: " - "tunnel=%x netlink=%x xform=%x eroute=%x spi=%x radij=%x esp=%x ah=%x rcv=%x pfkey=%x ipcomp=%x verbose=%x?\n", - tunnel, netlink, xform, eroute, spi, radij, esp, ah, rcv, pfkey, ipcomp, verbose); - - pfkey_x_debug = (struct sadb_x_debug*) - MALLOC(sizeof(struct sadb_x_debug)); - *pfkey_ext = (struct sadb_ext*)pfkey_x_debug; - - if (pfkey_x_debug == NULL) { - DEBUGGING( - "pfkey_x_debug_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } -#if 0 - memset(pfkey_x_debug, - 0, - sizeof(struct sadb_x_debug)); -#endif - - pfkey_x_debug->sadb_x_debug_len = sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN; - pfkey_x_debug->sadb_x_debug_exttype = SADB_X_EXT_DEBUG; - - pfkey_x_debug->sadb_x_debug_tunnel = tunnel; - pfkey_x_debug->sadb_x_debug_netlink = netlink; - pfkey_x_debug->sadb_x_debug_xform = xform; - pfkey_x_debug->sadb_x_debug_eroute = eroute; - pfkey_x_debug->sadb_x_debug_spi = spi; - pfkey_x_debug->sadb_x_debug_radij = radij; - pfkey_x_debug->sadb_x_debug_esp = esp; - pfkey_x_debug->sadb_x_debug_ah = ah; - pfkey_x_debug->sadb_x_debug_rcv = rcv; - pfkey_x_debug->sadb_x_debug_pfkey = pfkey; - pfkey_x_debug->sadb_x_debug_ipcomp = ipcomp; - pfkey_x_debug->sadb_x_debug_verbose = verbose; - - for (i=0; i<4; i++) { - pfkey_x_debug->sadb_x_debug_reserved[i] = 0; - } - -errlab: - return error; -} - -#ifdef NAT_TRAVERSAL -int -pfkey_x_nat_t_type_build(struct sadb_ext** pfkey_ext, - uint8_t type) -{ - int error = 0; - int i; - struct sadb_x_nat_t_type *pfkey_x_nat_t_type = (struct sadb_x_nat_t_type *)*pfkey_ext; - - DEBUGGING( - "pfkey_x_nat_t_type_build:\n"); - /* sanity checks... */ - if (pfkey_x_nat_t_type) { - DEBUGGING( - "pfkey_x_nat_t_type_build: " - "why is pfkey_x_nat_t_type already pointing to something?\n"); - SENDERR(EINVAL); - } - - DEBUGGING( - "pfkey_x_nat_t_type_build: " - "type=%d\n", type); - - pfkey_x_nat_t_type = (struct sadb_x_nat_t_type*) - MALLOC(sizeof(struct sadb_x_nat_t_type)); - - *pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_type; - if (pfkey_x_nat_t_type == NULL) { - DEBUGGING( - "pfkey_x_nat_t_type_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - - pfkey_x_nat_t_type->sadb_x_nat_t_type_len = sizeof(struct sadb_x_nat_t_type) / IPSEC_PFKEYv2_ALIGN; - pfkey_x_nat_t_type->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; - pfkey_x_nat_t_type->sadb_x_nat_t_type_type = type; - for (i=0; i<3; i++) { - pfkey_x_nat_t_type->sadb_x_nat_t_type_reserved[i] = 0; - } - -errlab: - return error; -} -int -pfkey_x_nat_t_port_build(struct sadb_ext** pfkey_ext, - uint16_t exttype, - uint16_t port) -{ - int error = 0; - struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)*pfkey_ext; - - DEBUGGING( - "pfkey_x_nat_t_port_build:\n"); - /* sanity checks... */ - if (pfkey_x_nat_t_port) { - DEBUGGING( - "pfkey_x_nat_t_port_build: " - "why is pfkey_x_nat_t_port already pointing to something?\n"); - SENDERR(EINVAL); - } - - switch (exttype) { - case SADB_X_EXT_NAT_T_SPORT: - case SADB_X_EXT_NAT_T_DPORT: - break; - default: - DEBUGGING( - "pfkey_nat_t_port_build: " - "unrecognised ext_type=%d.\n", - exttype); - SENDERR(EINVAL); - } - - DEBUGGING( - "pfkey_x_nat_t_port_build: " - "ext=%d, port=%d\n", exttype, port); - - pfkey_x_nat_t_port = (struct sadb_x_nat_t_port*) - MALLOC(sizeof(struct sadb_x_nat_t_port)); - *pfkey_ext = (struct sadb_ext*)pfkey_x_nat_t_port; - - if (pfkey_x_nat_t_port == NULL) { - DEBUGGING( - "pfkey_x_nat_t_port_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - - pfkey_x_nat_t_port->sadb_x_nat_t_port_len = sizeof(struct sadb_x_nat_t_port) / IPSEC_PFKEYv2_ALIGN; - pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype = exttype; - pfkey_x_nat_t_port->sadb_x_nat_t_port_port = port; - pfkey_x_nat_t_port->sadb_x_nat_t_port_reserved = 0; - -errlab: - return error; -} -#endif - -int pfkey_x_protocol_build(struct sadb_ext **pfkey_ext, - uint8_t protocol) -{ - int error = 0; - struct sadb_protocol * p = (struct sadb_protocol *)*pfkey_ext; - DEBUGGING("pfkey_x_protocol_build: protocol=%u\n", protocol); - /* sanity checks... */ - if (p != 0) { - DEBUGGING("pfkey_x_protocol_build: bogus protocol pointer\n"); - SENDERR(EINVAL); - } - if ((p = (struct sadb_protocol*)MALLOC(sizeof(*p))) == 0) { - DEBUGGING("pfkey_build: memory allocation failed\n"); - SENDERR(ENOMEM); - } - *pfkey_ext = (struct sadb_ext *)p; - p->sadb_protocol_len = sizeof(*p) / sizeof(uint64_t); - p->sadb_protocol_exttype = SADB_X_EXT_PROTOCOL; - p->sadb_protocol_proto = protocol; - p->sadb_protocol_flags = 0; - p->sadb_protocol_reserved2 = 0; - errlab: - return error; -} - - -#if I_DONT_THINK_THIS_WILL_BE_USEFUL -int (*ext_default_builders[SADB_EXT_MAX +1])(struct sadb_msg*, struct sadb_ext*) - = -{ - NULL, /* pfkey_msg_build, */ - pfkey_sa_build, - pfkey_lifetime_build, - pfkey_lifetime_build, - pfkey_lifetime_build, - pfkey_address_build, - pfkey_address_build, - pfkey_address_build, - pfkey_key_build, - pfkey_key_build, - pfkey_ident_build, - pfkey_ident_build, - pfkey_sens_build, - pfkey_prop_build, - pfkey_supported_build, - pfkey_supported_build, - pfkey_spirange_build, - pfkey_x_kmprivate_build, - pfkey_x_satype_build, - pfkey_sa_build, - pfkey_address_build, - pfkey_address_build, - pfkey_address_build, - pfkey_address_build, - pfkey_address_build, - pfkey_x_ext_debug_build -}; -#endif - -int -pfkey_msg_build(struct sadb_msg **pfkey_msg, struct sadb_ext *extensions[], int dir) -{ - int error = 0; - unsigned ext; - unsigned total_size; - struct sadb_ext *pfkey_ext; - int extensions_seen = 0; - struct sadb_ext *extensions_check[SADB_EXT_MAX + 1]; - - if (!extensions[0]) { - DEBUGGING( - "pfkey_msg_build: " - "extensions[0] must be specified (struct sadb_msg).\n"); - SENDERR(EINVAL); - } - - total_size = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; - for (ext = 1; ext <= SADB_EXT_MAX; ext++) { - if(extensions[ext]) { - total_size += (extensions[ext])->sadb_ext_len; - } - } - - if (!(*pfkey_msg = (struct sadb_msg*)MALLOC(total_size * IPSEC_PFKEYv2_ALIGN))) { - DEBUGGING( - "pfkey_msg_build: " - "memory allocation failed\n"); - SENDERR(ENOMEM); - } - - DEBUGGING( - "pfkey_msg_build: " - "pfkey_msg=0p%p allocated %lu bytes, &(extensions[0])=0p%p\n", - *pfkey_msg, - (unsigned long)(total_size * IPSEC_PFKEYv2_ALIGN), - &(extensions[0])); - memcpy(*pfkey_msg, - extensions[0], - sizeof(struct sadb_msg)); - (*pfkey_msg)->sadb_msg_len = total_size; - (*pfkey_msg)->sadb_msg_reserved = 0; - extensions_seen = 1 ; - - pfkey_ext = (struct sadb_ext*)(((char*)(*pfkey_msg)) + sizeof(struct sadb_msg)); - - for (ext = 1; ext <= SADB_EXT_MAX; ext++) { - /* copy from extension[ext] to buffer */ - if (extensions[ext]) { - /* Is this type of extension permitted for this type of message? */ - if (!(extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type] & - 1<sadb_msg_type], - 1<sadb_ext_len * IPSEC_PFKEYv2_ALIGN), - ext, - extensions[ext], - pfkey_ext); - memcpy(pfkey_ext, - extensions[ext], - (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); - { - char *pfkey_ext_c = (char *)pfkey_ext; - - pfkey_ext_c += (extensions[ext])->sadb_ext_len * IPSEC_PFKEYv2_ALIGN; - pfkey_ext = (struct sadb_ext *)pfkey_ext_c; - } - /* Mark that we have seen this extension and remember the header location */ - extensions_seen |= ( 1 << ext ); - } - } - - /* check required extensions */ - DEBUGGING( - "pfkey_msg_build: " - "extensions permitted=%08x, seen=%08x, required=%08x.\n", - extensions_bitmaps[dir][EXT_BITS_PERM][(*pfkey_msg)->sadb_msg_type], - extensions_seen, - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]); - - if ((extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) != - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) { - DEBUGGING( - "pfkey_msg_build: " - "required extensions missing:%08x.\n", - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type] - - (extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][(*pfkey_msg)->sadb_msg_type]) ); - SENDERR(EINVAL); - } - - error = pfkey_msg_parse(*pfkey_msg, NULL, extensions_check, dir); - if (error) { - DEBUGGING( - "pfkey_msg_build: " - "Trouble parsing newly built pfkey message, error=%d.\n", - error); - SENDERR(-error); - } - -errlab: - - return error; -} diff --git a/linux/lib/libfreeswan/pfkey_v2_debug.c b/linux/lib/libfreeswan/pfkey_v2_debug.c deleted file mode 100644 index 2f2ddd3b1..000000000 --- a/linux/lib/libfreeswan/pfkey_v2_debug.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - * @(#) pfkey version 2 debugging messages - * - * Copyright (C) 2001 Richard Guy Briggs - * and Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: pfkey_v2_debug.c,v 1.2 2004/03/22 21:53:18 as Exp $ - * - */ - -#ifdef __KERNEL__ - -# include /* for printk */ - -# include "freeswan/ipsec_kversion.h" /* for malloc switch */ -# ifdef MALLOC_SLAB -# include /* kmalloc() */ -# else /* MALLOC_SLAB */ -# include /* kmalloc() */ -# endif /* MALLOC_SLAB */ -# include /* error codes */ -# include /* size_t */ -# include /* mark_bh */ - -# include /* struct device, and other headers */ -# include /* eth_type_trans */ -extern int debug_pfkey; - -#else /* __KERNEL__ */ - -# include -# include -# include - -#endif /* __KERNEL__ */ - -#include "freeswan.h" -#include "pfkeyv2.h" -#include "pfkey.h" - -/* - * This file provides ASCII translations of PF_KEY magic numbers. - * - */ - -static char *pfkey_sadb_ext_strings[]={ - "reserved", /* SADB_EXT_RESERVED 0 */ - "security-association", /* SADB_EXT_SA 1 */ - "lifetime-current", /* SADB_EXT_LIFETIME_CURRENT 2 */ - "lifetime-hard", /* SADB_EXT_LIFETIME_HARD 3 */ - "lifetime-soft", /* SADB_EXT_LIFETIME_SOFT 4 */ - "source-address", /* SADB_EXT_ADDRESS_SRC 5 */ - "destination-address", /* SADB_EXT_ADDRESS_DST 6 */ - "proxy-address", /* SADB_EXT_ADDRESS_PROXY 7 */ - "authentication-key", /* SADB_EXT_KEY_AUTH 8 */ - "cipher-key", /* SADB_EXT_KEY_ENCRYPT 9 */ - "source-identity", /* SADB_EXT_IDENTITY_SRC 10 */ - "destination-identity", /* SADB_EXT_IDENTITY_DST 11 */ - "sensitivity-label", /* SADB_EXT_SENSITIVITY 12 */ - "proposal", /* SADB_EXT_PROPOSAL 13 */ - "supported-auth", /* SADB_EXT_SUPPORTED_AUTH 14 */ - "supported-cipher", /* SADB_EXT_SUPPORTED_ENCRYPT 15 */ - "spi-range", /* SADB_EXT_SPIRANGE 16 */ - "X-kmpprivate", /* SADB_X_EXT_KMPRIVATE 17 */ - "X-satype2", /* SADB_X_EXT_SATYPE2 18 */ - "X-security-association", /* SADB_X_EXT_SA2 19 */ - "X-destination-address2", /* SADB_X_EXT_ADDRESS_DST2 20 */ - "X-source-flow-address", /* SADB_X_EXT_ADDRESS_SRC_FLOW 21 */ - "X-dest-flow-address", /* SADB_X_EXT_ADDRESS_DST_FLOW 22 */ - "X-source-mask", /* SADB_X_EXT_ADDRESS_SRC_MASK 23 */ - "X-dest-mask", /* SADB_X_EXT_ADDRESS_DST_MASK 24 */ - "X-set-debug", /* SADB_X_EXT_DEBUG 25 */ -#ifdef NAT_TRAVERSAL - "X-NAT-T-type", /* SADB_X_EXT_NAT_T_TYPE 26 */ - "X-NAT-T-sport", /* SADB_X_EXT_NAT_T_SPORT 27 */ - "X-NAT-T-dport", /* SADB_X_EXT_NAT_T_DPORT 28 */ - "X-NAT-T-OA", /* SADB_X_EXT_NAT_T_OA 29 */ -#endif -}; - -const char * -pfkey_v2_sadb_ext_string(int ext) -{ - if(ext <= SADB_EXT_MAX) { - return pfkey_sadb_ext_strings[ext]; - } else { - return "unknown-ext"; - } -} - - -static char *pfkey_sadb_type_strings[]={ - "reserved", /* SADB_RESERVED */ - "getspi", /* SADB_GETSPI */ - "update", /* SADB_UPDATE */ - "add", /* SADB_ADD */ - "delete", /* SADB_DELETE */ - "get", /* SADB_GET */ - "acquire", /* SADB_ACQUIRE */ - "register", /* SADB_REGISTER */ - "expire", /* SADB_EXPIRE */ - "flush", /* SADB_FLUSH */ - "dump", /* SADB_DUMP */ - "x-promisc", /* SADB_X_PROMISC */ - "x-pchange", /* SADB_X_PCHANGE */ - "x-groupsa", /* SADB_X_GRPSA */ - "x-addflow(eroute)", /* SADB_X_ADDFLOW */ - "x-delflow(eroute)", /* SADB_X_DELFLOW */ - "x-debug", /* SADB_X_DEBUG */ -}; - -const char * -pfkey_v2_sadb_type_string(int sadb_type) -{ - if(sadb_type <= SADB_MAX) { - return pfkey_sadb_type_strings[sadb_type]; - } else { - return "unknown-sadb-type"; - } -} - - - - -/* - * $Log: pfkey_v2_debug.c,v $ - * Revision 1.2 2004/03/22 21:53:18 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.2.1 2004/03/15 22:30:06 as - * nat-0.6c patch merged - * - * Revision 1.1 2004/03/15 20:35:26 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.7 2002/09/20 05:01:26 rgb - * Fixed limit inclusion error in both type and ext string conversion. - * - * Revision 1.6 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.5 2002/04/24 07:36:40 mcr - * Moved from ./lib/pfkey_v2_debug.c,v - * - * Revision 1.4 2002/01/29 22:25:36 rgb - * Re-add ipsec_kversion.h to keep MALLOC happy. - * - * Revision 1.3 2002/01/29 01:59:09 mcr - * removal of kversions.h - sources that needed it now use ipsec_param.h. - * updating of IPv6 structures to match latest in6.h version. - * removed dead code from freeswan.h that also duplicated kversions.h - * code. - * - * Revision 1.2 2002/01/20 20:34:50 mcr - * added pfkey_v2_sadb_type_string to decode sadb_type to string. - * - * Revision 1.1 2001/11/27 05:30:06 mcr - * initial set of debug strings for pfkey debugging. - * this will eventually only be included for debug builds. - * - * Revision 1.1 2001/09/21 04:12:03 mcr - * first compilable version. - * - * - * Local variables: - * c-file-style: "linux" - * End: - * - */ diff --git a/linux/lib/libfreeswan/pfkey_v2_ext_bits.c b/linux/lib/libfreeswan/pfkey_v2_ext_bits.c deleted file mode 100644 index fe3f45306..000000000 --- a/linux/lib/libfreeswan/pfkey_v2_ext_bits.c +++ /dev/null @@ -1,803 +0,0 @@ -/* - * RFC2367 PF_KEYv2 Key management API message parser - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: pfkey_v2_ext_bits.c,v 1.2 2004/03/22 21:53:18 as Exp $ - */ - -/* - * Template from klips/net/ipsec/ipsec/ipsec_parse.c. - */ - -char pfkey_v2_ext_bits_c_version[] = "$Id: pfkey_v2_ext_bits.c,v 1.2 2004/03/22 21:53:18 as Exp $"; - -/* - * Some ugly stuff to allow consistent debugging code for use in the - * kernel and in user space -*/ - -#ifdef __KERNEL__ - -# include /* for printk */ - -# include "freeswan/ipsec_kversion.h" /* for malloc switch */ -# ifdef MALLOC_SLAB -# include /* kmalloc() */ -# else /* MALLOC_SLAB */ -# include /* kmalloc() */ -# endif /* MALLOC_SLAB */ -# include /* error codes */ -# include /* size_t */ -# include /* mark_bh */ - -# include /* struct device, and other headers */ -# include /* eth_type_trans */ -# include /* struct iphdr */ -# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -# include -# endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ - -#else /* __KERNEL__ */ - -# include -# include -# include -#endif - -#include -#include -#include - -unsigned int extensions_bitmaps[2/*in/out*/][2/*perm/req*/][SADB_MAX + 1/*ext*/] = { - -/* INBOUND EXTENSIONS */ -{ - -/* PERMITTED IN */ -{ -/* SADB_RESERVED */ -0 -, -/* SADB_GETSPI */ -1<. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: pfkey_v2_parse.c,v 1.4 2004/06/13 20:35:07 as Exp $ - */ - -/* - * Template from klips/net/ipsec/ipsec/ipsec_parser.c. - */ - -char pfkey_v2_parse_c_version[] = "$Id: pfkey_v2_parse.c,v 1.4 2004/06/13 20:35:07 as Exp $"; - -/* - * Some ugly stuff to allow consistent debugging code for use in the - * kernel and in user space -*/ - -#ifdef __KERNEL__ - -# include /* for printk */ - -#include "freeswan/ipsec_kversion.h" /* for malloc switch */ - -# ifdef MALLOC_SLAB -# include /* kmalloc() */ -# else /* MALLOC_SLAB */ -# include /* kmalloc() */ -# endif /* MALLOC_SLAB */ -# include /* error codes */ -# include /* size_t */ -# include /* mark_bh */ - -# include /* struct device, and other headers */ -# include /* eth_type_trans */ -# include /* struct iphdr */ -# if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -# include /* struct ipv6hdr */ -# endif /* if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ -extern int debug_pfkey; - -# include - -#include "freeswan/ipsec_encap.h" - -#else /* __KERNEL__ */ - -# include -# include -# include - -# include -# include "programs/pluto/constants.h" -# include "programs/pluto/defs.h" /* for PRINTF_LIKE */ -# include "programs/pluto/log.h" /* for debugging and DBG_log */ - -/* #define PLUTO */ - -# ifdef PLUTO -# define DEBUGGING(level, args...) { DBG_log("pfkey_lib_debug:" args); } -# else -# define DEBUGGING(level, args...) if(pfkey_lib_debug & level) { printf("pfkey_lib_debug:" args); } else { ; } -# endif - -#endif /* __KERNEL__ */ - - -#include -#include - -#ifdef __KERNEL__ -extern int sysctl_ipsec_debug_verbose; -# define DEBUGGING(level, args...) \ - KLIPS_PRINT( \ - ((debug_pfkey & level & (PF_KEY_DEBUG_PARSE_STRUCT | PF_KEY_DEBUG_PARSE_PROBLEM)) \ - || (sysctl_ipsec_debug_verbose && (debug_pfkey & level & PF_KEY_DEBUG_PARSE_FLOW))) \ - , "klips_debug:" args) -#endif /* __KERNEL__ */ -#include "freeswan/ipsec_sa.h" /* IPSEC_SAREF_NULL, IPSEC_SA_REF_TABLE_IDX_WIDTH */ - - -#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) - -struct satype_tbl { - uint8_t proto; - uint8_t satype; - char* name; -} static satype_tbl[] = { -#ifdef __KERNEL__ - { IPPROTO_ESP, SADB_SATYPE_ESP, "ESP" }, - { IPPROTO_AH, SADB_SATYPE_AH, "AH" }, - { IPPROTO_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, -#ifdef CONFIG_IPSEC_IPCOMP - { IPPROTO_COMP, SADB_X_SATYPE_COMP, "COMP" }, -#endif /* CONFIG_IPSEC_IPCOMP */ - { IPPROTO_INT, SADB_X_SATYPE_INT, "INT" }, -#else /* __KERNEL__ */ - { SA_ESP, SADB_SATYPE_ESP, "ESP" }, - { SA_AH, SADB_SATYPE_AH, "AH" }, - { SA_IPIP, SADB_X_SATYPE_IPIP, "IPIP" }, - { SA_COMP, SADB_X_SATYPE_COMP, "COMP" }, - { SA_INT, SADB_X_SATYPE_INT, "INT" }, -#endif /* __KERNEL__ */ - { 0, 0, "UNKNOWN" } -}; - -uint8_t -satype2proto(uint8_t satype) -{ - int i =0; - - while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) { - i++; - } - return satype_tbl[i].proto; -} - -uint8_t -proto2satype(uint8_t proto) -{ - int i = 0; - - while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { - i++; - } - return satype_tbl[i].satype; -} - -char* -satype2name(uint8_t satype) -{ - int i = 0; - - while(satype_tbl[i].satype != satype && satype_tbl[i].satype != 0) { - i++; - } - return satype_tbl[i].name; -} - -char* -proto2name(uint8_t proto) -{ - int i = 0; - - while(satype_tbl[i].proto != proto && satype_tbl[i].proto != 0) { - i++; - } - return satype_tbl[i].name; -} - -/* Default extension parsers taken from the KLIPS code */ - -DEBUG_NO_STATIC int -pfkey_sa_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext; -#if 0 - struct sadb_sa sav2; -#endif - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_sa_parse: entry\n"); - /* sanity checks... */ - if(!pfkey_sa) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - -#if 0 - /* check if this structure is short, and if so, fix it up. - * XXX this is NOT the way to do things. - */ - if(pfkey_sa->sadb_sa_len == sizeof(struct sadb_sa_v1)/IPSEC_PFKEYv2_ALIGN) { - - /* yes, so clear out a temporary structure, and copy first */ - memset(&sav2, 0, sizeof(sav2)); - memcpy(&sav2, pfkey_sa, sizeof(struct sadb_sa_v1)); - sav2.sadb_x_sa_ref=-1; - sav2.sadb_sa_len = sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN; - - pfkey_sa = &sav2; - } -#endif - - - if(pfkey_sa->sadb_sa_len != sizeof(struct sadb_sa) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "length wrong pfkey_sa->sadb_sa_len=%d sizeof(struct sadb_sa)=%d.\n", - pfkey_sa->sadb_sa_len, - (int)sizeof(struct sadb_sa)); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_encrypt > SADB_EALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "pfkey_sa->sadb_sa_encrypt=%d > SADB_EALG_MAX=%d.\n", - pfkey_sa->sadb_sa_encrypt, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_auth > SADB_AALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "pfkey_sa->sadb_sa_auth=%d > SADB_AALG_MAX=%d.\n", - pfkey_sa->sadb_sa_auth, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_state > SADB_SASTATE_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "state=%d exceeds MAX=%d.\n", - pfkey_sa->sadb_sa_state, - SADB_SASTATE_MAX); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_state == SADB_SASTATE_DEAD) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "state=%d is DEAD=%d.\n", - pfkey_sa->sadb_sa_state, - SADB_SASTATE_DEAD); - SENDERR(EINVAL); - } - - if(pfkey_sa->sadb_sa_replay > 64) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "replay window size: %d -- must be 0 <= size <= 64\n", - pfkey_sa->sadb_sa_replay); - SENDERR(EINVAL); - } - - if(! ((pfkey_sa->sadb_sa_exttype == SADB_EXT_SA) || - (pfkey_sa->sadb_sa_exttype == SADB_X_EXT_SA2))) - { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "unknown exttype=%d, expecting SADB_EXT_SA=%d or SADB_X_EXT_SA2=%d.\n", - pfkey_sa->sadb_sa_exttype, - SADB_EXT_SA, - SADB_X_EXT_SA2); - SENDERR(EINVAL); - } - - if((IPSEC_SAREF_NULL != pfkey_sa->sadb_x_sa_ref) && (pfkey_sa->sadb_x_sa_ref >= (1 << IPSEC_SA_REF_TABLE_IDX_WIDTH))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sa_parse: " - "SAref=%d must be (SAref == IPSEC_SAREF_NULL(%d) || SAref < IPSEC_SA_REF_TABLE_NUM_ENTRIES(%d)).\n", - pfkey_sa->sadb_x_sa_ref, - IPSEC_SAREF_NULL, - IPSEC_SA_REF_TABLE_NUM_ENTRIES); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_sa_parse: " - "successfully found len=%d exttype=%d(%s) spi=%08lx replay=%d state=%d auth=%d encrypt=%d flags=%d ref=%d.\n", - pfkey_sa->sadb_sa_len, - pfkey_sa->sadb_sa_exttype, - pfkey_v2_sadb_ext_string(pfkey_sa->sadb_sa_exttype), - (long unsigned int)ntohl(pfkey_sa->sadb_sa_spi), - pfkey_sa->sadb_sa_replay, - pfkey_sa->sadb_sa_state, - pfkey_sa->sadb_sa_auth, - pfkey_sa->sadb_sa_encrypt, - pfkey_sa->sadb_sa_flags, - pfkey_sa->sadb_x_sa_ref); - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_lifetime_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_lifetime_parse:enter\n"); - /* sanity checks... */ - if(!pfkey_lifetime) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_lifetime_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - - if(pfkey_lifetime->sadb_lifetime_len != - sizeof(struct sadb_lifetime) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_lifetime_parse: " - "length wrong pfkey_lifetime->sadb_lifetime_len=%d sizeof(struct sadb_lifetime)=%d.\n", - pfkey_lifetime->sadb_lifetime_len, - (int)sizeof(struct sadb_lifetime)); - SENDERR(EINVAL); - } - - if((pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_HARD) && - (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_SOFT) && - (pfkey_lifetime->sadb_lifetime_exttype != SADB_EXT_LIFETIME_CURRENT)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_lifetime_parse: " - "unexpected ext_type=%d.\n", - pfkey_lifetime->sadb_lifetime_exttype); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_lifetime_parse: " - "life_type=%d(%s) alloc=%u bytes=%u add=%u use=%u pkts=%u.\n", - pfkey_lifetime->sadb_lifetime_exttype, - pfkey_v2_sadb_ext_string(pfkey_lifetime->sadb_lifetime_exttype), - pfkey_lifetime->sadb_lifetime_allocations, - (unsigned)pfkey_lifetime->sadb_lifetime_bytes, - (unsigned)pfkey_lifetime->sadb_lifetime_addtime, - (unsigned)pfkey_lifetime->sadb_lifetime_usetime, - pfkey_lifetime->sadb_x_lifetime_packets); -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_address_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int saddr_len = 0; - struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext; - struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address)); - char ipaddr_txt[ADDRTOT_BUF]; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_address_parse:enter\n"); - /* sanity checks... */ - if(!pfkey_address) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - - if(pfkey_address->sadb_address_len < - (sizeof(struct sadb_address) + sizeof(struct sockaddr))/ - IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "size wrong 1 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", - pfkey_address->sadb_address_len, - (int)sizeof(struct sadb_address), - (int)sizeof(struct sockaddr)); - SENDERR(EINVAL); - } - - if(pfkey_address->sadb_address_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "res=%d, must be zero.\n", - pfkey_address->sadb_address_reserved); - SENDERR(EINVAL); - } - - switch(pfkey_address->sadb_address_exttype) { - case SADB_EXT_ADDRESS_SRC: - case SADB_EXT_ADDRESS_DST: - case SADB_EXT_ADDRESS_PROXY: - case SADB_X_EXT_ADDRESS_DST2: - case SADB_X_EXT_ADDRESS_SRC_FLOW: - case SADB_X_EXT_ADDRESS_DST_FLOW: - case SADB_X_EXT_ADDRESS_SRC_MASK: - case SADB_X_EXT_ADDRESS_DST_MASK: -#ifdef NAT_TRAVERSAL - case SADB_X_EXT_NAT_T_OA: -#endif - break; - default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "unexpected ext_type=%d.\n", - pfkey_address->sadb_address_exttype); - SENDERR(EINVAL); - } - - switch(s->sa_family) { - case AF_INET: - saddr_len = sizeof(struct sockaddr_in); - sprintf(ipaddr_txt, "%d.%d.%d.%d" - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 0) & 0xFF - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 8) & 0xFF - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 16) & 0xFF - , (((struct sockaddr_in*)s)->sin_addr.s_addr >> 24) & 0xFF); - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_address_parse: " - "found exttype=%u(%s) family=%d(AF_INET) address=%s proto=%u port=%u.\n", - pfkey_address->sadb_address_exttype, - pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype), - s->sa_family, - ipaddr_txt, - pfkey_address->sadb_address_proto, - ntohs(((struct sockaddr_in*)s)->sin_port)); - break; - case AF_INET6: - saddr_len = sizeof(struct sockaddr_in6); - sprintf(ipaddr_txt, "%x:%x:%x:%x:%x:%x:%x:%x" - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[0]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[1]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[2]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[3]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[4]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[5]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[6]) - , ntohs(((struct sockaddr_in6*)s)->sin6_addr.s6_addr16[7])); - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_address_parse: " - "found exttype=%u(%s) family=%d(AF_INET6) address=%s proto=%u port=%u.\n", - pfkey_address->sadb_address_exttype, - pfkey_v2_sadb_ext_string(pfkey_address->sadb_address_exttype), - s->sa_family, - ipaddr_txt, - pfkey_address->sadb_address_proto, - ((struct sockaddr_in6*)s)->sin6_port); - break; - default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "s->sa_family=%d not supported.\n", - s->sa_family); - SENDERR(EPFNOSUPPORT); - } - - if(pfkey_address->sadb_address_len != - DIVUP(sizeof(struct sadb_address) + saddr_len, IPSEC_PFKEYv2_ALIGN)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "size wrong 2 ext_len=%d, adr_ext_len=%d, saddr_len=%d.\n", - pfkey_address->sadb_address_len, - (int)sizeof(struct sadb_address), - saddr_len); - SENDERR(EINVAL); - } - - if(pfkey_address->sadb_address_prefixlen != 0) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_address_parse: " - "address prefixes not supported yet.\n"); - SENDERR(EAFNOSUPPORT); /* not supported yet */ - } - - /* XXX check if port!=0 */ - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_address_parse: successful.\n"); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_key_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_key_parse:enter\n"); - /* sanity checks... */ - - if(!pfkey_key) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "NULL pointer passed in.\n"); - SENDERR(EINVAL); - } - - if(pfkey_key->sadb_key_len < sizeof(struct sadb_key) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_key->sadb_key_len, - (int)sizeof(struct sadb_key)); - SENDERR(EINVAL); - } - - if(!pfkey_key->sadb_key_bits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "key length set to zero, must be non-zero.\n"); - SENDERR(EINVAL); - } - - if(pfkey_key->sadb_key_len != - DIVUP(sizeof(struct sadb_key) * OCTETBITS + pfkey_key->sadb_key_bits, - PFKEYBITS)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "key length=%d does not agree with extension length=%d.\n", - pfkey_key->sadb_key_bits, - pfkey_key->sadb_key_len); - SENDERR(EINVAL); - } - - if(pfkey_key->sadb_key_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "res=%d, must be zero.\n", - pfkey_key->sadb_key_reserved); - SENDERR(EINVAL); - } - - if(! ( (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_AUTH) || - (pfkey_key->sadb_key_exttype == SADB_EXT_KEY_ENCRYPT))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "expecting extension type AUTH or ENCRYPT, got %d.\n", - pfkey_key->sadb_key_exttype); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_key_parse: " - "success, found len=%d exttype=%d(%s) bits=%d reserved=%d.\n", - pfkey_key->sadb_key_len, - pfkey_key->sadb_key_exttype, - pfkey_v2_sadb_ext_string(pfkey_key->sadb_key_exttype), - pfkey_key->sadb_key_bits, - pfkey_key->sadb_key_reserved); - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_ident_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_ident->sadb_ident_len < sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_ident->sadb_ident_len, - (int)sizeof(struct sadb_ident)); - SENDERR(EINVAL); - } - - if(pfkey_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "ident_type=%d out of range, must be less than %d.\n", - pfkey_ident->sadb_ident_type, - SADB_IDENTTYPE_MAX); - SENDERR(EINVAL); - } - - if(pfkey_ident->sadb_ident_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "res=%d, must be zero.\n", - pfkey_ident->sadb_ident_reserved); - SENDERR(EINVAL); - } - - /* string terminator/padding must be zero */ - if(pfkey_ident->sadb_ident_len > sizeof(struct sadb_ident) / IPSEC_PFKEYv2_ALIGN) { - if(*((char*)pfkey_ident + pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_ident_parse: " - "string padding must be zero, last is 0x%02x.\n", - *((char*)pfkey_ident + - pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - 1)); - SENDERR(EINVAL); - } - } - - if( ! ((pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_SRC) || - (pfkey_ident->sadb_ident_exttype == SADB_EXT_IDENTITY_DST))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_key_parse: " - "expecting extension type IDENTITY_SRC or IDENTITY_DST, got %d.\n", - pfkey_ident->sadb_ident_exttype); - SENDERR(EINVAL); - } - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_sens_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_sens *pfkey_sens = (struct sadb_sens *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_sens->sadb_sens_len < sizeof(struct sadb_sens) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sens_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_sens->sadb_sens_len, - (int)sizeof(struct sadb_sens)); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_sens_parse: " - "Sorry, I can't parse exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); -#if 0 - SENDERR(EINVAL); /* don't process these yet */ -#endif - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_prop_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int i, num_comb; - struct sadb_prop *pfkey_prop = (struct sadb_prop *)pfkey_ext; - struct sadb_comb *pfkey_comb = (struct sadb_comb *)((char*)pfkey_ext + sizeof(struct sadb_prop)); - - /* sanity checks... */ - if((pfkey_prop->sadb_prop_len < sizeof(struct sadb_prop) / IPSEC_PFKEYv2_ALIGN) || - (((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) % sizeof(struct sadb_comb))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "size wrong ext_len=%d, prop_ext_len=%d comb_ext_len=%d.\n", - pfkey_prop->sadb_prop_len, - (int)sizeof(struct sadb_prop), - (int)sizeof(struct sadb_comb)); - SENDERR(EINVAL); - } - - if(pfkey_prop->sadb_prop_replay > 64) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "replay window size: %d -- must be 0 <= size <= 64\n", - pfkey_prop->sadb_prop_replay); - SENDERR(EINVAL); - } - - for(i=0; i<3; i++) { - if(pfkey_prop->sadb_prop_reserved[i]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "res[%d]=%d, must be zero.\n", - i, pfkey_prop->sadb_prop_reserved[i]); - SENDERR(EINVAL); - } - } - - num_comb = ((pfkey_prop->sadb_prop_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_prop)) / sizeof(struct sadb_comb); - - for(i = 0; i < num_comb; i++) { - if(pfkey_comb->sadb_comb_auth > SADB_AALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth=%d > SADB_AALG_MAX=%d.\n", - i, - pfkey_comb->sadb_comb_auth, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_auth) { - if(!pfkey_comb->sadb_comb_auth_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_minbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(!pfkey_comb->sadb_comb_auth_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_maxbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_auth_minbits > pfkey_comb->sadb_comb_auth_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_minbits=%d > maxbits=%d, fatal.\n", - i, - pfkey_comb->sadb_comb_auth_minbits, - pfkey_comb->sadb_comb_auth_maxbits); - SENDERR(EINVAL); - } - } else { - if(pfkey_comb->sadb_comb_auth_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_minbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_auth_minbits); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_auth_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_auth_maxbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_auth_maxbits); - SENDERR(EINVAL); - } - } - - if(pfkey_comb->sadb_comb_encrypt > SADB_EALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_comb_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt=%d > SADB_EALG_MAX=%d.\n", - i, - pfkey_comb->sadb_comb_encrypt, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_encrypt) { - if(!pfkey_comb->sadb_comb_encrypt_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_minbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(!pfkey_comb->sadb_comb_encrypt_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=0, fatal.\n", - i); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_encrypt_minbits > pfkey_comb->sadb_comb_encrypt_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d > maxbits=%d, fatal.\n", - i, - pfkey_comb->sadb_comb_encrypt_minbits, - pfkey_comb->sadb_comb_encrypt_maxbits); - SENDERR(EINVAL); - } - } else { - if(pfkey_comb->sadb_comb_encrypt_minbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_minbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_encrypt_minbits); - SENDERR(EINVAL); - } - if(pfkey_comb->sadb_comb_encrypt_maxbits) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_encrypt_maxbits=%d != 0, fatal.\n", - i, - pfkey_comb->sadb_comb_encrypt_maxbits); - SENDERR(EINVAL); - } - } - - /* XXX do sanity check on flags */ - - if(pfkey_comb->sadb_comb_hard_allocations && pfkey_comb->sadb_comb_soft_allocations > pfkey_comb->sadb_comb_hard_allocations) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_allocations=%d > hard_allocations=%d, fatal.\n", - i, - pfkey_comb->sadb_comb_soft_allocations, - pfkey_comb->sadb_comb_hard_allocations); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_hard_bytes && pfkey_comb->sadb_comb_soft_bytes > pfkey_comb->sadb_comb_hard_bytes) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_bytes=%Ld > hard_bytes=%Ld, fatal.\n", - i, - (unsigned long long int)pfkey_comb->sadb_comb_soft_bytes, - (unsigned long long int)pfkey_comb->sadb_comb_hard_bytes); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_hard_addtime && pfkey_comb->sadb_comb_soft_addtime > pfkey_comb->sadb_comb_hard_addtime) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_addtime=%Ld > hard_addtime=%Ld, fatal.\n", - i, - (unsigned long long int)pfkey_comb->sadb_comb_soft_addtime, - (unsigned long long int)pfkey_comb->sadb_comb_hard_addtime); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_hard_usetime && pfkey_comb->sadb_comb_soft_usetime > pfkey_comb->sadb_comb_hard_usetime) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_comb_soft_usetime=%Ld > hard_usetime=%Ld, fatal.\n", - i, - (unsigned long long int)pfkey_comb->sadb_comb_soft_usetime, - (unsigned long long int)pfkey_comb->sadb_comb_hard_usetime); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_x_comb_hard_packets && pfkey_comb->sadb_x_comb_soft_packets > pfkey_comb->sadb_x_comb_hard_packets) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "pfkey_comb[%d]->sadb_x_comb_soft_packets=%d > hard_packets=%d, fatal.\n", - i, - pfkey_comb->sadb_x_comb_soft_packets, - pfkey_comb->sadb_x_comb_hard_packets); - SENDERR(EINVAL); - } - - if(pfkey_comb->sadb_comb_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_prop_parse: " - "comb[%d].res=%d, must be zero.\n", - i, - pfkey_comb->sadb_comb_reserved); - SENDERR(EINVAL); - } - pfkey_comb++; - } - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_supported_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - unsigned int i, num_alg; - struct sadb_supported *pfkey_supported = (struct sadb_supported *)pfkey_ext; - struct sadb_alg *pfkey_alg = (struct sadb_alg*)((char*)pfkey_ext + sizeof(struct sadb_supported)); - - /* sanity checks... */ - if((pfkey_supported->sadb_supported_len < - sizeof(struct sadb_supported) / IPSEC_PFKEYv2_ALIGN) || - (((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - - sizeof(struct sadb_supported)) % sizeof(struct sadb_alg))) { - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "size wrong ext_len=%d, supported_ext_len=%d alg_ext_len=%d.\n", - pfkey_supported->sadb_supported_len, - (int)sizeof(struct sadb_supported), - (int)sizeof(struct sadb_alg)); - SENDERR(EINVAL); - } - - if(pfkey_supported->sadb_supported_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "res=%d, must be zero.\n", - pfkey_supported->sadb_supported_reserved); - SENDERR(EINVAL); - } - - num_alg = ((pfkey_supported->sadb_supported_len * IPSEC_PFKEYv2_ALIGN) - sizeof(struct sadb_supported)) / sizeof(struct sadb_alg); - - for(i = 0; i < num_alg; i++) { - /* process algo description */ - if(pfkey_alg->sadb_alg_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], id=%d, ivlen=%d, minbits=%d, maxbits=%d, res=%d, must be zero.\n", - i, - pfkey_alg->sadb_alg_id, - pfkey_alg->sadb_alg_ivlen, - pfkey_alg->sadb_alg_minbits, - pfkey_alg->sadb_alg_maxbits, - pfkey_alg->sadb_alg_reserved); - SENDERR(EINVAL); - } - - /* XXX can alg_id auth/enc be determined from info given? - Yes, but OpenBSD's method does not iteroperate with rfc2367. - rgb, 2000-04-06 */ - - switch(pfkey_supported->sadb_supported_exttype) { - case SADB_EXT_SUPPORTED_AUTH: - if(pfkey_alg->sadb_alg_id > SADB_AALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], alg_id=%d > SADB_AALG_MAX=%d, fatal.\n", - i, - pfkey_alg->sadb_alg_id, - SADB_AALG_MAX); - SENDERR(EINVAL); - } - break; - case SADB_EXT_SUPPORTED_ENCRYPT: - if(pfkey_alg->sadb_alg_id > SADB_EALG_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", - i, - pfkey_alg->sadb_alg_id, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - break; - default: - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_supported_parse: " - "alg[%d], alg_id=%d > SADB_EALG_MAX=%d, fatal.\n", - i, - pfkey_alg->sadb_alg_id, - SADB_EALG_MAX); - SENDERR(EINVAL); - } - pfkey_alg++; - } - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_spirange_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_spirange *pfkey_spirange = (struct sadb_spirange *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_spirange->sadb_spirange_len != - sizeof(struct sadb_spirange) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_spirange->sadb_spirange_len, - (int)sizeof(struct sadb_spirange)); - SENDERR(EINVAL); - } - - if(pfkey_spirange->sadb_spirange_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "reserved=%d must be set to zero.\n", - pfkey_spirange->sadb_spirange_reserved); - SENDERR(EINVAL); - } - - if(ntohl(pfkey_spirange->sadb_spirange_max) < ntohl(pfkey_spirange->sadb_spirange_min)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "minspi=%08x must be < maxspi=%08x.\n", - ntohl(pfkey_spirange->sadb_spirange_min), - ntohl(pfkey_spirange->sadb_spirange_max)); - SENDERR(EINVAL); - } - - if(ntohl(pfkey_spirange->sadb_spirange_min) <= 255) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_spirange_parse: " - "minspi=%08x must be > 255.\n", - ntohl(pfkey_spirange->sadb_spirange_min)); - SENDERR(EEXIST); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_spirange_parse: " - "ext_len=%u ext_type=%u(%s) min=%u max=%u res=%u.\n", - pfkey_spirange->sadb_spirange_len, - pfkey_spirange->sadb_spirange_exttype, - pfkey_v2_sadb_ext_string(pfkey_spirange->sadb_spirange_exttype), - pfkey_spirange->sadb_spirange_min, - pfkey_spirange->sadb_spirange_max, - pfkey_spirange->sadb_spirange_reserved); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_kmprivate_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_x_kmprivate *pfkey_x_kmprivate = (struct sadb_x_kmprivate *)pfkey_ext; - - /* sanity checks... */ - if(pfkey_x_kmprivate->sadb_x_kmprivate_len < - sizeof(struct sadb_x_kmprivate) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_kmprivate_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_x_kmprivate->sadb_x_kmprivate_len, - (int)sizeof(struct sadb_x_kmprivate)); - SENDERR(EINVAL); - } - - if(pfkey_x_kmprivate->sadb_x_kmprivate_reserved) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_kmprivate_parse: " - "reserved=%d must be set to zero.\n", - pfkey_x_kmprivate->sadb_x_kmprivate_reserved); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_kmprivate_parse: " - "Sorry, I can't parse exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_satype_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int i; - struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_x_satype_parse: enter\n"); - /* sanity checks... */ - if(pfkey_x_satype->sadb_x_satype_len != - sizeof(struct sadb_x_satype) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_x_satype->sadb_x_satype_len, - (int)sizeof(struct sadb_x_satype)); - SENDERR(EINVAL); - } - - if(!pfkey_x_satype->sadb_x_satype_satype) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "satype is zero, must be non-zero.\n"); - SENDERR(EINVAL); - } - - if(pfkey_x_satype->sadb_x_satype_satype > SADB_SATYPE_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "satype %d > max %d, invalid.\n", - pfkey_x_satype->sadb_x_satype_satype, SADB_SATYPE_MAX); - SENDERR(EINVAL); - } - - if(!(satype2proto(pfkey_x_satype->sadb_x_satype_satype))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "proto lookup from satype=%d failed.\n", - pfkey_x_satype->sadb_x_satype_satype); - SENDERR(EINVAL); - } - - for(i = 0; i < 3; i++) { - if(pfkey_x_satype->sadb_x_satype_reserved[i]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_satype_parse: " - "reserved[%d]=%d must be set to zero.\n", - i, pfkey_x_satype->sadb_x_satype_reserved[i]); - SENDERR(EINVAL); - } - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_x_satype_parse: " - "len=%u ext=%u(%s) satype=%u(%s) res=%u,%u,%u.\n", - pfkey_x_satype->sadb_x_satype_len, - pfkey_x_satype->sadb_x_satype_exttype, - pfkey_v2_sadb_ext_string(pfkey_x_satype->sadb_x_satype_exttype), - pfkey_x_satype->sadb_x_satype_satype, - satype2name(pfkey_x_satype->sadb_x_satype_satype), - pfkey_x_satype->sadb_x_satype_reserved[0], - pfkey_x_satype->sadb_x_satype_reserved[1], - pfkey_x_satype->sadb_x_satype_reserved[2]); -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_ext_debug_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - int i; - struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_x_debug_parse: enter\n"); - /* sanity checks... */ - if(pfkey_x_debug->sadb_x_debug_len != - sizeof(struct sadb_x_debug) / IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_debug_parse: " - "size wrong ext_len=%d, key_ext_len=%d.\n", - pfkey_x_debug->sadb_x_debug_len, - (int)sizeof(struct sadb_x_debug)); - SENDERR(EINVAL); - } - - for(i = 0; i < 4; i++) { - if(pfkey_x_debug->sadb_x_debug_reserved[i]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_debug_parse: " - "reserved[%d]=%d must be set to zero.\n", - i, pfkey_x_debug->sadb_x_debug_reserved[i]); - SENDERR(EINVAL); - } - } - -errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_ext_protocol_parse(struct sadb_ext *pfkey_ext) -{ - int error = 0; - struct sadb_protocol *p = (struct sadb_protocol *)pfkey_ext; - - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, "pfkey_x_protocol_parse:\n"); - /* sanity checks... */ - - if (p->sadb_protocol_len != sizeof(*p)/IPSEC_PFKEYv2_ALIGN) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_x_protocol_parse: size wrong ext_len=%d, key_ext_len=%d.\n", - p->sadb_protocol_len, (int)sizeof(*p)); - SENDERR(EINVAL); - } - - if (p->sadb_protocol_reserved2 != 0) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_protocol_parse: res=%d, must be zero.\n", - p->sadb_protocol_reserved2); - SENDERR(EINVAL); - } - - errlab: - return error; -} - -#ifdef NAT_TRAVERSAL -DEBUG_NO_STATIC int -pfkey_x_ext_nat_t_type_parse(struct sadb_ext *pfkey_ext) -{ - return 0; -} -DEBUG_NO_STATIC int -pfkey_x_ext_nat_t_port_parse(struct sadb_ext *pfkey_ext) -{ - return 0; -} -#endif - -#define DEFINEPARSER(NAME) static struct pf_key_ext_parsers_def NAME##_def={NAME, #NAME}; - -DEFINEPARSER(pfkey_sa_parse); -DEFINEPARSER(pfkey_lifetime_parse); -DEFINEPARSER(pfkey_address_parse); -DEFINEPARSER(pfkey_key_parse); -DEFINEPARSER(pfkey_ident_parse); -DEFINEPARSER(pfkey_sens_parse); -DEFINEPARSER(pfkey_prop_parse); -DEFINEPARSER(pfkey_supported_parse); -DEFINEPARSER(pfkey_spirange_parse); -DEFINEPARSER(pfkey_x_kmprivate_parse); -DEFINEPARSER(pfkey_x_satype_parse); -DEFINEPARSER(pfkey_x_ext_debug_parse); -DEFINEPARSER(pfkey_x_ext_protocol_parse); -#ifdef NAT_TRAVERSAL -DEFINEPARSER(pfkey_x_ext_nat_t_type_parse); -DEFINEPARSER(pfkey_x_ext_nat_t_port_parse); -#endif - -struct pf_key_ext_parsers_def *ext_default_parsers[]= -{ - NULL, /* pfkey_msg_parse, */ - &pfkey_sa_parse_def, - &pfkey_lifetime_parse_def, - &pfkey_lifetime_parse_def, - &pfkey_lifetime_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_key_parse_def, - &pfkey_key_parse_def, - &pfkey_ident_parse_def, - &pfkey_ident_parse_def, - &pfkey_sens_parse_def, - &pfkey_prop_parse_def, - &pfkey_supported_parse_def, - &pfkey_supported_parse_def, - &pfkey_spirange_parse_def, - &pfkey_x_kmprivate_parse_def, - &pfkey_x_satype_parse_def, - &pfkey_sa_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_address_parse_def, - &pfkey_x_ext_debug_parse_def, - &pfkey_x_ext_protocol_parse_def -#ifdef NAT_TRAVERSAL - , - &pfkey_x_ext_nat_t_type_parse_def, - &pfkey_x_ext_nat_t_port_parse_def, - &pfkey_x_ext_nat_t_port_parse_def, - &pfkey_address_parse_def -#endif -}; - -int -pfkey_msg_parse(struct sadb_msg *pfkey_msg, - struct pf_key_ext_parsers_def *ext_parsers[], - struct sadb_ext *extensions[], - int dir) -{ - int error = 0; - int remain; - struct sadb_ext *pfkey_ext; - int extensions_seen = 0; - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_msg_parse: " - "parsing message ver=%d, type=%d(%s), errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n", - pfkey_msg->sadb_msg_version, - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type), - pfkey_msg->sadb_msg_errno, - pfkey_msg->sadb_msg_satype, - satype2name(pfkey_msg->sadb_msg_satype), - pfkey_msg->sadb_msg_len, - pfkey_msg->sadb_msg_reserved, - pfkey_msg->sadb_msg_seq, - pfkey_msg->sadb_msg_pid); - - if(ext_parsers == NULL) ext_parsers = ext_default_parsers; - - pfkey_extensions_init(extensions); - - remain = pfkey_msg->sadb_msg_len; - remain -= sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; - - pfkey_ext = (struct sadb_ext*)((char*)pfkey_msg + - sizeof(struct sadb_msg)); - - extensions[0] = (struct sadb_ext *) pfkey_msg; - - - if(pfkey_msg->sadb_msg_version != PF_KEY_V2) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "not PF_KEY_V2 msg, found %d, should be %d.\n", - pfkey_msg->sadb_msg_version, - PF_KEY_V2); - SENDERR(EINVAL); - } - - if(!pfkey_msg->sadb_msg_type) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "msg type not set, must be non-zero..\n"); - SENDERR(EINVAL); - } - - if(pfkey_msg->sadb_msg_type > SADB_MAX) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "msg type=%d > max=%d.\n", - pfkey_msg->sadb_msg_type, - SADB_MAX); - SENDERR(EINVAL); - } - - switch(pfkey_msg->sadb_msg_type) { - case SADB_GETSPI: - case SADB_UPDATE: - case SADB_ADD: - case SADB_DELETE: - case SADB_GET: - case SADB_X_GRPSA: - case SADB_X_ADDFLOW: - if(!satype2proto(pfkey_msg->sadb_msg_satype)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "satype %d conversion to proto failed for msg_type %d (%s).\n", - pfkey_msg->sadb_msg_satype, - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); - SENDERR(EINVAL); - } else { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "satype %d(%s) conversion to proto gives %d for msg_type %d(%s).\n", - pfkey_msg->sadb_msg_satype, - satype2name(pfkey_msg->sadb_msg_satype), - satype2proto(pfkey_msg->sadb_msg_satype), - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); - } - case SADB_ACQUIRE: - case SADB_REGISTER: - case SADB_EXPIRE: - if(!pfkey_msg->sadb_msg_satype) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "satype is zero, must be non-zero for msg_type %d(%s).\n", - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type)); - SENDERR(EINVAL); - } - default: - break; - } - - /* errno must not be set in downward messages */ - /* this is not entirely true... a response to an ACQUIRE could return an error */ - if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type != SADB_ACQUIRE) && pfkey_msg->sadb_msg_errno) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "errno set to %d.\n", - pfkey_msg->sadb_msg_errno); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "remain=%d, ext_type=%d(%s), ext_len=%d.\n", - remain, - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - pfkey_ext->sadb_ext_len); - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "extensions permitted=%08x, required=%08x.\n", - extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); - - extensions_seen = 1; - - while( (remain * IPSEC_PFKEYv2_ALIGN) >= sizeof(struct sadb_ext) ) { - /* Is there enough message left to support another extension header? */ - if(remain < pfkey_ext->sadb_ext_len) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "remain %d less than ext len %d.\n", - remain, pfkey_ext->sadb_ext_len); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "parsing ext type=%d(%s) remain=%d.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - remain); - - /* Is the extension header type valid? */ - if((pfkey_ext->sadb_ext_type > SADB_EXT_MAX) || (!pfkey_ext->sadb_ext_type)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) invalid, SADB_EXT_MAX=%d.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - SADB_EXT_MAX); - SENDERR(EINVAL); - } - - /* Have we already seen this type of extension? */ - if((extensions_seen & ( 1 << pfkey_ext->sadb_ext_type )) != 0) - { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) already seen.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - SENDERR(EINVAL); - } - - /* Do I even know about this type of extension? */ - if(ext_parsers[pfkey_ext->sadb_ext_type]==NULL) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) unknown, ignoring.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - goto next_ext; - } - - /* Is this type of extension permitted for this type of message? */ - if(!(extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type] & - 1<sadb_ext_type)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ext type %d(%s) not permitted, exts_perm_in=%08x, 1<sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], - 1<sadb_ext_type); - SENDERR(EINVAL); - } - - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_msg_parse: " - "remain=%d ext_type=%d(%s) ext_len=%d parsing ext 0p%p with parser %s.\n", - remain, - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - pfkey_ext->sadb_ext_len, - pfkey_ext, - ext_parsers[pfkey_ext->sadb_ext_type]->parser_name); - - /* Parse the extension */ - if((error = - (*ext_parsers[pfkey_ext->sadb_ext_type]->parser)(pfkey_ext))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "extension parsing for type %d(%s) failed with error %d.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type), - error); - SENDERR(-error); - } - DEBUGGING(PF_KEY_DEBUG_PARSE_FLOW, - "pfkey_msg_parse: " - "Extension %d(%s) parsed.\n", - pfkey_ext->sadb_ext_type, - pfkey_v2_sadb_ext_string(pfkey_ext->sadb_ext_type)); - - /* Mark that we have seen this extension and remember the header location */ - extensions_seen |= ( 1 << pfkey_ext->sadb_ext_type ); - extensions[pfkey_ext->sadb_ext_type] = pfkey_ext; - - next_ext: - /* Calculate how much message remains */ - remain -= pfkey_ext->sadb_ext_len; - - if(!remain) { - break; - } - /* Find the next extension header */ - pfkey_ext = (struct sadb_ext*)((char*)pfkey_ext + - pfkey_ext->sadb_ext_len * IPSEC_PFKEYv2_ALIGN); - } - - if(remain) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "unexpected remainder of %d.\n", - remain); - /* why is there still something remaining? */ - SENDERR(EINVAL); - } - - /* check required extensions */ - DEBUGGING(PF_KEY_DEBUG_PARSE_STRUCT, - "pfkey_msg_parse: " - "extensions permitted=%08x, seen=%08x, required=%08x.\n", - extensions_bitmaps[dir][EXT_BITS_PERM][pfkey_msg->sadb_msg_type], - extensions_seen, - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]); - - /* don't check further if it is an error return message since it - may not have a body */ - if(pfkey_msg->sadb_msg_errno) { - SENDERR(-error); - } - - if((extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) != - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type]) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "required extensions missing:%08x.\n", - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type] - - (extensions_seen & - extensions_bitmaps[dir][EXT_BITS_REQ][pfkey_msg->sadb_msg_type])); - SENDERR(EINVAL); - } - - if((dir == EXT_BITS_IN) && (pfkey_msg->sadb_msg_type == SADB_X_DELFLOW) - && ((extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW) - != SADB_X_EXT_ADDRESS_DELFLOW) - && (((extensions_seen & (1<sadb_sa_flags - & SADB_X_SAFLAGS_CLEARFLOW) - != SADB_X_SAFLAGS_CLEARFLOW))) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "required SADB_X_DELFLOW extensions missing: either %08x must be present or %08x must be present with SADB_X_SAFLAGS_CLEARFLOW set.\n", - SADB_X_EXT_ADDRESS_DELFLOW - - (extensions_seen & SADB_X_EXT_ADDRESS_DELFLOW), - (1<sadb_msg_type) { - case SADB_ADD: - case SADB_UPDATE: - /* check maturity */ - if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != - SADB_SASTATE_MATURE) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "state=%d for add or update should be MATURE=%d.\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, - SADB_SASTATE_MATURE); - SENDERR(EINVAL); - } - - /* check AH and ESP */ - switch(((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype) { - case SADB_SATYPE_AH: - if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_auth != - SADB_AALG_NONE)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "auth alg is zero, must be non-zero for AH SAs.\n"); - SENDERR(EINVAL); - } - if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt != - SADB_EALG_NONE) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "AH handed encalg=%d, must be zero.\n", - ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt); - SENDERR(EINVAL); - } - break; - case SADB_SATYPE_ESP: - if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt != - SADB_EALG_NONE)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "encrypt alg=%d is zero, must be non-zero for ESP=%d SAs.\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); - SENDERR(EINVAL); - } - if((((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_encrypt == - SADB_EALG_NULL) && - (((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth == - SADB_AALG_NONE) ) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "ESP handed encNULL+authNONE, illegal combination.\n"); - SENDERR(EINVAL); - } - break; - case SADB_X_SATYPE_COMP: - if(!(((struct sadb_sa*)extensions[SADB_EXT_SA]) && - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt != - SADB_EALG_NONE)) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "encrypt alg=%d is zero, must be non-zero for COMP=%d SAs.\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_encrypt, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); - SENDERR(EINVAL); - } - if(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth != - SADB_AALG_NONE) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "COMP handed auth=%d, must be zero.\n", - ((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_auth); - SENDERR(EINVAL); - } - break; - default: - break; - } - if(ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi) <= 255) { - DEBUGGING(PF_KEY_DEBUG_PARSE_PROBLEM, - "pfkey_msg_parse: " - "spi=%08x must be > 255.\n", - ntohl(((struct sadb_sa*)(extensions[SADB_EXT_SA]))->sadb_sa_spi)); - SENDERR(EINVAL); - } - default: - break; - } -errlab: - - return error; -} - -/* - * $Log: pfkey_v2_parse.c,v $ - * Revision 1.4 2004/06/13 20:35:07 as - * removed references to ipsec_netlink.h - * - * Revision 1.3 2004/03/30 10:00:17 as - * 64 bit issues - * - * Revision 1.2 2004/03/22 21:53:18 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.2.1 2004/03/15 22:30:06 as - * nat-0.6c patch merged - * - * Revision 1.1 2004/03/15 20:35:26 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.53 2003/01/30 02:32:09 rgb - * - * Rename SAref table macro names for clarity. - * Convert IPsecSAref_t from signed to unsigned to fix apparent SAref exhaustion bug. - * - * Revision 1.52 2002/12/30 06:53:07 mcr - * deal with short SA structures... #if 0 out for now. Probably - * not quite the right way. - * - * Revision 1.51 2002/12/13 18:16:02 mcr - * restored sa_ref code - * - * Revision 1.50 2002/12/13 18:06:52 mcr - * temporarily removed sadb_x_sa_ref reference for 2.xx - * - * Revision 1.49 2002/10/05 05:02:58 dhr - * - * C labels go on statements - * - * Revision 1.48 2002/09/20 15:40:45 rgb - * Added sadb_x_sa_ref to struct sadb_sa. - * - * Revision 1.47 2002/09/20 05:01:31 rgb - * Fixed usage of pfkey_lib_debug. - * Format for function declaration style consistency. - * Added text labels to elucidate numeric values presented. - * Re-organised debug output to reduce noise in output. - * - * Revision 1.46 2002/07/24 18:44:54 rgb - * Type fiddling to tame ia64 compiler. - * - * Revision 1.45 2002/05/23 07:14:11 rgb - * Cleaned up %p variants to 0p%p for test suite cleanup. - * - * Revision 1.44 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.43 2002/04/24 07:36:40 mcr - * Moved from ./lib/pfkey_v2_parse.c,v - * - * Revision 1.42 2002/01/29 22:25:36 rgb - * Re-add ipsec_kversion.h to keep MALLOC happy. - * - * Revision 1.41 2002/01/29 01:59:10 mcr - * removal of kversions.h - sources that needed it now use ipsec_param.h. - * updating of IPv6 structures to match latest in6.h version. - * removed dead code from freeswan.h that also duplicated kversions.h - * code. - * - * Revision 1.40 2002/01/20 20:34:50 mcr - * added pfkey_v2_sadb_type_string to decode sadb_type to string. - * - * Revision 1.39 2001/11/27 05:29:22 mcr - * pfkey parses are now maintained by a structure - * that includes their name for debug purposes. - * DEBUGGING() macro changed so that it takes a debug - * level so that pf_key() can use this to decode the - * structures without innundanting humans. - * Also uses pfkey_v2_sadb_ext_string() in messages. - * - * Revision 1.38 2001/11/06 19:47:47 rgb - * Added packet parameter to lifetime and comb structures. - * - * Revision 1.37 2001/10/18 04:45:24 rgb - * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, - * lib/freeswan.h version macros moved to lib/kversions.h. - * Other compiler directive cleanups. - * - * Revision 1.36 2001/06/14 19:35:16 rgb - * Update copyright date. - * - * Revision 1.35 2001/05/03 19:44:51 rgb - * Standardise on SENDERR() macro. - * - * Revision 1.34 2001/03/16 07:41:51 rgb - * Put freeswan.h include before pluto includes. - * - * Revision 1.33 2001/02/27 07:13:51 rgb - * Added satype2name() function. - * Added text to default satype_tbl entry. - * Added satype2name() conversions for most satype debug output. - * - * Revision 1.32 2001/02/26 20:01:09 rgb - * Added internal IP protocol 61 for magic SAs. - * Ditch unused sadb_satype2proto[], replaced by satype2proto(). - * Re-formatted debug output (split lines, consistent spacing). - * Removed acquire, register and expire requirements for a known satype. - * Changed message type checking to a switch structure. - * Verify expected NULL auth for IPCOMP. - * Enforced spi > 0x100 requirement, now that pass uses a magic SA for - * appropriate message types. - * - * Revision 1.31 2000/12/01 07:09:00 rgb - * Added ipcomp sanity check to require encalgo is set. - * - * Revision 1.30 2000/11/17 18:10:30 rgb - * Fixed bugs mostly relating to spirange, to treat all spi variables as - * network byte order since this is the way PF_KEYv2 stored spis. - * - * Revision 1.29 2000/10/12 00:02:39 rgb - * Removed 'format, ##' nonsense from debug macros for RH7.0. - * - * Revision 1.28 2000/09/20 16:23:04 rgb - * Remove over-paranoid extension check in the presence of sadb_msg_errno. - * - * Revision 1.27 2000/09/20 04:04:21 rgb - * Changed static functions to DEBUG_NO_STATIC to reveal function names in - * oopsen. - * - * Revision 1.26 2000/09/15 11:37:02 rgb - * Merge in heavily modified Svenning Soerensen's - * IPCOMP zlib deflate code. - * - * Revision 1.25 2000/09/12 22:35:37 rgb - * Restructured to remove unused extensions from CLEARFLOW messages. - * - * Revision 1.24 2000/09/12 18:59:54 rgb - * Added Gerhard's IPv6 support to pfkey parts of libfreeswan. - * - * Revision 1.23 2000/09/12 03:27:00 rgb - * Moved DEBUGGING definition to compile kernel with debug off. - * - * Revision 1.22 2000/09/09 06:39:27 rgb - * Restrict pfkey errno check to downward messages only. - * - * Revision 1.21 2000/09/08 19:22:34 rgb - * Enabled pfkey_sens_parse(). - * Added check for errno on downward acquire messages only. - * - * Revision 1.20 2000/09/01 18:48:23 rgb - * Fixed reserved check bug and added debug output in - * pfkey_supported_parse(). - * Fixed debug output label bug in pfkey_ident_parse(). - * - * Revision 1.19 2000/08/27 01:55:26 rgb - * Define OCTETBITS and PFKEYBITS to avoid using 'magic' numbers in code. - * - * Revision 1.18 2000/08/24 17:00:36 rgb - * Ignore unknown extensions instead of failing. - * - * Revision 1.17 2000/06/02 22:54:14 rgb - * Added Gerhard Gessler's struct sockaddr_storage mods for IPv6 support. - * - * Revision 1.16 2000/05/10 19:25:11 rgb - * Fleshed out proposal and supported extensions. - * - * Revision 1.15 2000/01/24 21:15:31 rgb - * Added disabled pluto pfkey lib debug flag. - * Added algo debugging reporting. - * - * Revision 1.14 2000/01/22 23:24:29 rgb - * Added new functions proto2satype() and satype2proto() and lookup - * table satype_tbl. Also added proto2name() since it was easy. - * - * Revision 1.13 2000/01/21 09:43:59 rgb - * Cast ntohl(spi) as (unsigned long int) to shut up compiler. - * - * Revision 1.12 2000/01/21 06:28:19 rgb - * Added address cases for eroute flows. - * Indented compiler directives for readability. - * Added klipsdebug switching capability. - * - * Revision 1.11 1999/12/29 21:14:59 rgb - * Fixed debug text cut and paste typo. - * - * Revision 1.10 1999/12/10 17:45:24 rgb - * Added address debugging. - * - * Revision 1.9 1999/12/09 23:11:42 rgb - * Ditched include since we no longer use memset(). - * Use new pfkey_extensions_init() instead of memset(). - * Added check for SATYPE in pfkey_msg_build(). - * Tidy up comments and debugging comments. - * - * Revision 1.8 1999/12/07 19:55:26 rgb - * Removed unused first argument from extension parsers. - * Removed static pluto debug flag. - * Moved message type and state checking to pfkey_msg_parse(). - * Changed print[fk] type from lx to x to quiet compiler. - * Removed redundant remain check. - * Changed __u* types to uint* to avoid use of asm/types.h and - * sys/types.h in userspace code. - * - * Revision 1.7 1999/12/01 22:20:51 rgb - * Moved pfkey_lib_debug variable into the library. - * Added pfkey version check into header parsing. - * Added check for SATYPE only for those extensions that require a - * non-zero value. - * - * Revision 1.6 1999/11/27 11:58:05 rgb - * Added ipv6 headers. - * Moved sadb_satype2proto protocol lookup table from - * klips/net/ipsec/pfkey_v2_parser.c. - * Enable lifetime_current checking. - * Debugging error messages added. - * Add argument to pfkey_msg_parse() for direction. - * Consolidated the 4 1-d extension bitmap arrays into one 4-d array. - * Add CVS log entry to bottom of file. - * Moved auth and enc alg check to pfkey_msg_parse(). - * Enable accidentally disabled spirange parsing. - * Moved protocol/algorithm checks from klips/net/ipsec/pfkey_v2_parser.c - * - * Local variables: - * c-file-style: "linux" - * End: - * - */ diff --git a/linux/lib/libfreeswan/portof.3 b/linux/lib/libfreeswan/portof.3 deleted file mode 100644 index fac0d8bc3..000000000 --- a/linux/lib/libfreeswan/portof.3 +++ /dev/null @@ -1,70 +0,0 @@ -.TH IPSEC_PORTOF 3 "8 Sept 2000" -.\" RCSID $Id: portof.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec portof \- get port field of an ip_address -.br -ipsec setportof \- set port field of an ip_address -.br -ipsec sockaddrof \- get pointer to internal sockaddr of an ip_address -.br -ipsec sockaddrlenof \- get length of internal sockaddr of an ip_address -.SH SYNOPSIS -.B "#include " -.sp -.B "int portof(const ip_address *src);" -.br -.B "void setportof(int port, ip_address *dst);" -.br -.B "struct sockaddr *sockaddrof(ip_address *src);" -.br -.B "size_t sockaddrlenof(const ip_address *src);" -.SH DESCRIPTION -The -.B -internal type -.I ip_address -contains one of the -.I sockaddr -types internally. -\fIReliance on this feature is discouraged\fR, -but it may occasionally be necessary. -These functions provide low-level tools for this purpose. -.PP -.I Portof -and -.I setportof -respectively read and write the port-number field of the internal -.IR sockaddr . -The values are in network byte order. -.PP -.I Sockaddrof -returns a pointer to the internal -.IR sockaddr , -for passing to other functions. -.PP -.I Sockaddrlenof -reports the size of the internal -.IR sockaddr , -for use in storage allocation. -.SH SEE ALSO -inet(3), ipsec_initaddr(3) -.SH DIAGNOSTICS -.I Portof -returns -.BR \-1 , -.I sockaddrof -returns -.BR NULL , -and -.I sockaddrlenof -returns -.B 0 -if an unknown address family is found within the -.IR ip_address . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -These functions all depend on low-level details of the -.I ip_address -type, which are in principle subject to change. -Avoid using them unless really necessary. diff --git a/linux/lib/libfreeswan/portof.c b/linux/lib/libfreeswan/portof.c deleted file mode 100644 index d028ea034..000000000 --- a/linux/lib/libfreeswan/portof.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - * low-level ip_address ugliness - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: portof.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - portof - get the port field of an ip_address - */ -int /* network order */ -portof(src) -const ip_address *src; -{ - switch (src->u.v4.sin_family) { - case AF_INET: - return src->u.v4.sin_port; - break; - case AF_INET6: - return src->u.v6.sin6_port; - break; - default: - return -1; /* "can't happen" */ - break; - } -} - -/* - - setportof - set the port field of an ip_address - */ -void -setportof(port, dst) -int port; /* network order */ -ip_address *dst; -{ - switch (dst->u.v4.sin_family) { - case AF_INET: - dst->u.v4.sin_port = port; - break; - case AF_INET6: - dst->u.v6.sin6_port = port; - break; - } -} - -/* - - sockaddrof - get a pointer to the sockaddr hiding inside an ip_address - */ -struct sockaddr * -sockaddrof(src) -ip_address *src; -{ - switch (src->u.v4.sin_family) { - case AF_INET: - return (struct sockaddr *)&src->u.v4; - break; - case AF_INET6: - return (struct sockaddr *)&src->u.v6; - break; - default: - return NULL; /* "can't happen" */ - break; - } -} - -/* - - sockaddrlenof - get length of the sockaddr hiding inside an ip_address - */ -size_t /* 0 for error */ -sockaddrlenof(src) -const ip_address *src; -{ - switch (src->u.v4.sin_family) { - case AF_INET: - return sizeof(src->u.v4); - break; - case AF_INET6: - return sizeof(src->u.v6); - break; - default: - return 0; - break; - } -} diff --git a/linux/lib/libfreeswan/prng.3 b/linux/lib/libfreeswan/prng.3 deleted file mode 100644 index 51f19364f..000000000 --- a/linux/lib/libfreeswan/prng.3 +++ /dev/null @@ -1,121 +0,0 @@ -.TH IPSEC_PRNG 3 "1 April 2002" -.\" RCSID $Id: prng.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec prng_init \- initialize IPsec pseudorandom-number generator -.br -ipsec prng_bytes \- get bytes from IPsec pseudorandom-number generator -.br -ipsec prng_final \- close down IPsec pseudorandom-number generator -.SH SYNOPSIS -.B "#include -.sp -.B "void prng_init(struct prng *prng," -.ti +1c -.B "const unsigned char *key, size_t keylen);" -.br -.B "void prng_bytes(struct prng *prng, char *dst," -.ti +1c -.B "size_t dstlen);" -.br -.B "unsigned long prng_count(struct prng *prng);" -.br -.B "void prng_final(struct prng *prng);" -.SH DESCRIPTION -.I Prng_init -initializes a crypto-quality pseudo-random-number generator from a key; -.I prng_bytes -obtains pseudo-random bytes from it; -.I prng_count -reports the number of bytes extracted from it to date; -.I prng_final -closes it down. -It is the user's responsibility to initialize a PRNG before using it, -and not to use it again after it is closed down. -.PP -.I Prng_init -initializes, -or re-initializes, -the specified -.I prng -from the -.IR key , -whose length is given by -.IR keylen . -The user must allocate the -.B "struct prng" -pointed to by -.IR prng . -There is no particular constraint on the length of the key, -although a key longer than 256 bytes is unnecessary because -only the first 256 would be used. -Initialization requires on the order of 3000 integer operations, -independent of key length. -.PP -.I Prng_bytes -obtains -.I dstlen -pseudo-random bytes from the PRNG and puts them in -.IR buf . -This is quite fast, -on the order of 10 integer operations per byte. -.PP -.I Prng_count -reports the number of bytes obtained from the PRNG -since it was (last) initialized. -.PP -.I Prng_final -closes down a PRNG by -zeroing its internal memory, -obliterating all trace of the state used to generate its previous output. -This requires on the order of 250 integer operations. -.PP -The -.B -header file supplies the definition of the -.B prng -structure. -Examination of its innards is discouraged, as they may change. -.PP -The PRNG algorithm -used by these functions is currently identical to that of RC4(TM). -This algorithm is cryptographically strong, -sufficiently unpredictable that even a hostile observer will -have difficulty determining the next byte of output from past history, -provided it is initialized from a reasonably large key composed of -highly random bytes (see -.IR random (4)). -The usual run of software pseudo-random-number generators -(e.g. -.IR random (3)) -are -.I not -cryptographically strong. -.PP -The well-known attacks against RC4(TM), -e.g. as found in 802.11b's WEP encryption system, -apply only if multiple PRNGs are initialized with closely-related keys -(e.g., using a counter appended to a base key). -If such keys are used, the first few hundred pseudo-random bytes -from each PRNG should be discarded, -to give the PRNGs a chance to randomize their innards properly. -No useful attacks are known if the key is well randomized to begin with. -.SH SEE ALSO -random(3), random(4) -.br -Bruce Schneier, -\fIApplied Cryptography\fR, 2nd ed., 1996, ISBN 0-471-11709-9, -pp. 397-8. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -If an attempt is made to obtain more than 4e9 bytes -between initializations, -the PRNG will continue to work but -.IR prng_count 's -output will stick at -.BR 4000000000 . -Fixing this would require a longer integer type and does -not seem worth the trouble, -since you should probably re-initialize before then anyway... -.PP -``RC4'' is a trademark of RSA Data Security, Inc. diff --git a/linux/lib/libfreeswan/prng.c b/linux/lib/libfreeswan/prng.c deleted file mode 100644 index e31836783..000000000 --- a/linux/lib/libfreeswan/prng.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * crypto-class pseudorandom number generator - * currently uses same algorithm as RC4(TM), from Schneier 2nd ed p397 - * Copyright (C) 2002 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: prng.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - prng_init - initialize PRNG from a key - */ -void -prng_init(prng, key, keylen) -struct prng *prng; -const unsigned char *key; -size_t keylen; -{ - unsigned char k[256]; - int i, j; - unsigned const char *p; - unsigned const char *keyend = key + keylen; - unsigned char t; - - for (i = 0; i <= 255; i++) - prng->sbox[i] = i; - p = key; - for (i = 0; i <= 255; i++) { - k[i] = *p++; - if (p >= keyend) - p = key; - } - j = 0; - for (i = 0; i <= 255; i++) { - j = (j + prng->sbox[i] + k[i]) & 0xff; - t = prng->sbox[i]; - prng->sbox[i] = prng->sbox[j]; - prng->sbox[j] = t; - k[i] = 0; /* clear out key memory */ - } - prng->i = 0; - prng->j = 0; - prng->count = 0; -} - -/* - - prng_bytes - get some pseudorandom bytes from PRNG - */ -void -prng_bytes(prng, dst, dstlen) -struct prng *prng; -unsigned char *dst; -size_t dstlen; -{ - int i, j, t; - unsigned char *p = dst; - size_t remain = dstlen; -# define MAX 4000000000ul - - while (remain > 0) { - i = (prng->i + 1) & 0xff; - prng->i = i; - j = (prng->j + prng->sbox[i]) & 0xff; - prng->j = j; - t = prng->sbox[i]; - prng->sbox[i] = prng->sbox[j]; - prng->sbox[j] = t; - t = (t + prng->sbox[i]) & 0xff; - *p++ = prng->sbox[t]; - remain--; - } - if (prng->count < MAX - dstlen) - prng->count += dstlen; - else - prng->count = MAX; -} - -/* - - prnt_count - how many bytes have been extracted from PRNG so far? - */ -unsigned long -prng_count(prng) -struct prng *prng; -{ - return prng->count; -} - -/* - - prng_final - clear out PRNG to ensure nothing left in memory - */ -void -prng_final(prng) -struct prng *prng; -{ - int i; - - for (i = 0; i <= 255; i++) - prng->sbox[i] = 0; - prng->i = 0; - prng->j = 0; - prng->count = 0; /* just for good measure */ -} - - - -#ifdef PRNG_MAIN - -#include - -void regress(); - -int -main(argc, argv) -int argc; -char *argv[]; -{ - struct prng pr; - unsigned char buf[100]; - unsigned char *p; - size_t n; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {key|-r}\n", argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - prng_init(&pr, argv[1], strlen(argv[1])); - prng_bytes(&pr, buf, 32); - printf("0x"); - for (p = buf, n = 32; n > 0; p++, n--) - printf("%02x", *p); - printf("\n%lu bytes\n", prng_count(&pr)); - prng_final(&pr); - exit(0); -} - -void -regress() -{ - struct prng pr; - unsigned char buf[100]; - unsigned char *p; - size_t n; - /* somewhat non-random sample key */ - unsigned char key[] = "here we go gathering nuts in May"; - /* first thirty bytes of output from that key */ - unsigned char good[] = "\x3f\x02\x8e\x4a\x2a\xea\x23\x18\x92\x7c" - "\x09\x52\x83\x61\xaa\x26\xce\xbb\x9d\x71" - "\x71\xe5\x10\x22\xaf\x60\x54\x8d\x5b\x28"; - int nzero, none; - int show = 0; - - prng_init(&pr, key, strlen(key)); - prng_bytes(&pr, buf, sizeof(buf)); - for (p = buf, n = sizeof(buf); n > 0; p++, n--) { - if (*p == 0) - nzero++; - if (*p == 255) - none++; - } - if (nzero > 3 || none > 3) { - fprintf(stderr, "suspiciously non-random output!\n"); - show = 1; - } - if (memcmp(buf, good, strlen(good)) != 0) { - fprintf(stderr, "incorrect output!\n"); - show = 1; - } - if (show) { - fprintf(stderr, "0x"); - for (p = buf, n = sizeof(buf); n > 0; p++, n--) - fprintf(stderr, "%02x", *p); - fprintf(stderr, "\n"); - exit(1); - } - if (prng_count(&pr) != sizeof(buf)) { - fprintf(stderr, "got %u bytes, but count is %lu\n", - sizeof(buf), prng_count(&pr)); - exit(1); - } - prng_final(&pr); - exit(0); -} - -#endif /* PRNG_MAIN */ diff --git a/linux/lib/libfreeswan/rangetoa.c b/linux/lib/libfreeswan/rangetoa.c deleted file mode 100644 index e63b432f8..000000000 --- a/linux/lib/libfreeswan/rangetoa.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * convert binary form of address range to ASCII - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: rangetoa.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - rangetoa - convert address range to ASCII - */ -size_t /* space needed for full conversion */ -rangetoa(addrs, format, dst, dstlen) -struct in_addr addrs[2]; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t len; - size_t rest; - int n; - char *p; - - switch (format) { - case 0: - break; - default: - return 0; - break; - } - - len = addrtoa(addrs[0], 0, dst, dstlen); - if (len < dstlen) - for (p = dst + len - 1, n = 3; len < dstlen && n > 0; - p++, len++, n--) - *p = '.'; - else - p = NULL; - if (len < dstlen) - rest = dstlen - len; - else { - if (dstlen > 0) - *(dst + dstlen - 1) = '\0'; - rest = 0; - } - - len += addrtoa(addrs[1], 0, p, rest); - - return len; -} diff --git a/linux/lib/libfreeswan/rangetosubnet.3 b/linux/lib/libfreeswan/rangetosubnet.3 deleted file mode 100644 index 7d707545e..000000000 --- a/linux/lib/libfreeswan/rangetosubnet.3 +++ /dev/null @@ -1,59 +0,0 @@ -.TH IPSEC_RANGETOSUBNET 3 "8 Sept 2000" -.\" RCSID $Id: rangetosubnet.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec rangetosubnet \- convert address range to subnet -.SH SYNOPSIS -.B "#include " -.sp -.B "const char *rangetosubnet(const ip_address *start," -.ti +1c -.B "const ip_address *stop, ip_subnet *dst);" -.SH DESCRIPTION -.I Rangetosubnet -accepts two IP addresses which define an address range, -from -.I start -to -.I stop -inclusive, -and converts this to a subnet if possible. -The addresses must both be IPv4 or both be IPv6, -and the address family of the resulting subnet is the same. -.PP -.I Rangetosubnet -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.SH SEE ALSO -ipsec_initsubnet(3), ipsec_ttosubnet(3) -.SH DIAGNOSTICS -Fatal errors in -.I rangetosubnet -are: -mixed address families; -unknown address family; -.I start -and -.I stop -do not define a subnet. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = rangetosubnet( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/linux/lib/libfreeswan/rangetosubnet.c b/linux/lib/libfreeswan/rangetosubnet.c deleted file mode 100644 index 048b10556..000000000 --- a/linux/lib/libfreeswan/rangetosubnet.c +++ /dev/null @@ -1,226 +0,0 @@ -/* - * express an address range as a subnet (if possible) - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: rangetosubnet.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - rangetosubnet - turn an address range into a subnet, if possible - * - * A range which is a valid subnet will have a network part which is the - * same in the from value and the to value, followed by a host part which - * is all 0 in the from value and all 1 in the to value. - */ -err_t -rangetosubnet(from, to, dst) -const ip_address *from; -const ip_address *to; -ip_subnet *dst; -{ - unsigned const char *fp; - unsigned const char *tp; - unsigned fb; - unsigned tb; - unsigned const char *f; - unsigned const char *t; - size_t n; - size_t n2; - int i; - int nnet; - unsigned m; - - if (addrtypeof(from) != addrtypeof(to)) - return "mismatched address types"; - n = addrbytesptr(from, &fp); - if (n == 0) - return "unknown address type"; - n2 = addrbytesptr(to, &tp); - if (n != n2) - return "internal size mismatch in rangetosubnet"; - - f = fp; - t = tp; - nnet = 0; - for (i = n; i > 0 && *f == *t; i--, f++, t++) - nnet += 8; - if (i > 0 && !(*f == 0x00 && *t == 0xff)) { /* mid-byte bdry. */ - fb = *f++; - tb = *t++; - i--; - m = 0x80; - while ((fb&m) == (tb&m)) { - fb &= ~m; - tb |= m; - m >>= 1; - nnet++; - } - if (fb != 0x00 || tb != 0xff) - return "not a valid subnet"; - } - for (; i > 0 && *f == 0x00 && *t == 0xff; i--, f++, t++) - continue; - - if (i != 0) - return "invalid subnet"; - - return initsubnet(from, nnet, 'x', dst); -} - - - -#ifdef RANGETOSUBNET_MAIN - -#include - -void regress(void); - -int -main(int argc, char *argv[]) -{ - ip_address start; - ip_address stop; - ip_subnet sub; - char buf[100]; - const char *oops; - size_t n; - int af; - int i; - - if (argc == 2 && strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - if (argc < 3) { - fprintf(stderr, "Usage: %s [-6] start stop\n", argv[0]); - fprintf(stderr, " or: %s -r\n", argv[0]); - exit(2); - } - - af = AF_INET; - i = 1; - if (strcmp(argv[i], "-6") == 0) { - af = AF_INET6; - i++; - } - - oops = ttoaddr(argv[i], 0, af, &start); - if (oops != NULL) { - fprintf(stderr, "%s: start conversion failed: %s\n", argv[0], oops); - exit(1); - } - oops = ttoaddr(argv[i+1], 0, af, &stop); - if (oops != NULL) { - fprintf(stderr, "%s: stop conversion failed: %s\n", argv[0], oops); - exit(1); - } - oops = rangetosubnet(&start, &stop, &sub); - if (oops != NULL) { - fprintf(stderr, "%s: rangetosubnet failed: %s\n", argv[0], oops); - exit(1); - } - n = subnettot(&sub, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conversion", argv[0]); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - int family; - char *start; - char *stop; - char *output; /* NULL means error expected */ -} rtab[] = { - {4, "1.2.3.0", "1.2.3.255", "1.2.3.0/24"}, - {4, "1.2.3.0", "1.2.3.7", "1.2.3.0/29"}, - {4, "1.2.3.240", "1.2.3.255", "1.2.3.240/28"}, - {4, "0.0.0.0", "255.255.255.255", "0.0.0.0/0"}, - {4, "1.2.3.4", "1.2.3.4", "1.2.3.4/32"}, - {4, "1.2.3.0", "1.2.3.254", NULL}, - {4, "1.2.3.0", "1.2.3.126", NULL}, - {4, "1.2.3.0", "1.2.3.125", NULL}, - {4, "1.2.0.0", "1.2.255.255", "1.2.0.0/16"}, - {4, "1.2.0.0", "1.2.0.255", "1.2.0.0/24"}, - {4, "1.2.255.0", "1.2.255.255", "1.2.255.0/24"}, - {4, "1.2.255.0", "1.2.254.255", NULL}, - {4, "1.2.255.1", "1.2.255.255", NULL}, - {4, "1.2.0.1", "1.2.255.255", NULL}, - {6, "1:2:3:4:5:6:7:0", "1:2:3:4:5:6:7:ffff", "1:2:3:4:5:6:7:0/112"}, - {6, "1:2:3:4:5:6:7:0", "1:2:3:4:5:6:7:fff", "1:2:3:4:5:6:7:0/116"}, - {6, "1:2:3:4:5:6:7:f0", "1:2:3:4:5:6:7:ff", "1:2:3:4:5:6:7:f0/124"}, - {4, NULL, NULL, NULL}, -}; - -void -regress() -{ - struct rtab *r; - int status = 0; - ip_address start; - ip_address stop; - ip_subnet sub; - char buf[100]; - const char *oops; - size_t n; - int af; - - for (r = rtab; r->start != NULL; r++) { - af = (r->family == 4) ? AF_INET : AF_INET6; - oops = ttoaddr(r->start, 0, af, &start); - if (oops != NULL) { - printf("surprise failure converting `%s'\n", r->start); - exit(1); - } - oops = ttoaddr(r->stop, 0, af, &stop); - if (oops != NULL) { - printf("surprise failure converting `%s'\n", r->stop); - exit(1); - } - oops = rangetosubnet(&start, &stop, &sub); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s'-`%s' rangetosubnet failed: %s\n", - r->start, r->stop, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s'-`%s' rangetosubnet succeeded unexpectedly\n", - r->start, r->stop); - status = 1; - } else { - n = subnettot(&sub, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - printf("`%s'-`%s' subnettot failed: need %ld\n", - r->start, r->stop, (long)n); - status = 1; - } else if (strcmp(r->output, buf) != 0) { - printf("`%s'-`%s' gave `%s', expected `%s'\n", - r->start, r->stop, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* RANGETOSUBNET_MAIN */ diff --git a/linux/lib/libfreeswan/sameaddr.3 b/linux/lib/libfreeswan/sameaddr.3 deleted file mode 100644 index 71be10761..000000000 --- a/linux/lib/libfreeswan/sameaddr.3 +++ /dev/null @@ -1,165 +0,0 @@ -.TH IPSEC_ANYADDR 3 "28 Nov 2000" -.\" RCSID $Id: sameaddr.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec sameaddr \- are two addresses the same? -.br -ipsec addrcmp \- ordered comparison of addresses -.br -ipsec samesubnet \- are two subnets the same? -.br -ipsec addrinsubnet \- is an address within a subnet? -.br -ipsec subnetinsubnet \- is a subnet within another subnet? -.br -ipsec subnetishost \- is a subnet a single host? -.br -ipsec samesaid \- are two SA IDs the same? -.br -ipsec sameaddrtype \- are two addresses of the same address family? -.br -ipsec samesubnettype \- are two subnets of the same address family? -.SH SYNOPSIS -.B "#include -.sp -.B "int sameaddr(const ip_address *a, const ip_address *b);" -.br -.B "int addrcmp(const ip_address *a, const ip_address *b);" -.br -.B "int samesubnet(const ip_subnet *a, const ip_subnet *b);" -.br -.B "int addrinsubnet(const ip_address *a, const ip_subnet *s);" -.br -.B "int subnetinsubnet(const ip_subnet *a, const ip_subnet *b);" -.br -.B "int subnetishost(const ip_subnet *s);" -.br -.B "int samesaid(const ip_said *a, const ip_said *b);" -.br -.B "int sameaddrtype(const ip_address *a, const ip_address *b);" -.br -.B "int samesubnettype(const ip_subnet *a, const ip_subnet *b);" -.SH DESCRIPTION -These functions do various comparisons and tests on the -.I ip_address -type and -.I ip_subnet -types. -.PP -.I Sameaddr -returns -non-zero -if addresses -.I a -and -.IR b -are identical, -and -.B 0 -otherwise. -Addresses of different families are never identical. -.PP -.I Addrcmp -returns -.BR \-1 , -.BR 0 , -or -.BR 1 -respectively -if address -.I a -is less than, equal to, or greater than -.IR b . -If they are not of the same address family, -they are never equal; -the ordering reported in this case is arbitrary -(and probably not useful) but consistent. -.PP -.I Samesubnet -returns -non-zero -if subnets -.I a -and -.IR b -are identical, -and -.B 0 -otherwise. -Subnets of different address families are never identical. -.PP -.I Addrinsubnet -returns -non-zero -if address -.I a -is within subnet -.IR s -and -.B 0 -otherwise. -An address is never within a -subnet of a different address family. -.PP -.I Subnetinsubnet -returns -non-zero -if subnet -.I a -is a subset of subnet -.IR b -and -.B 0 -otherwise. -A subnet is deemed to be a subset of itself. -A subnet is never a subset of another -subnet if their address families differ. -.PP -.I Subnetishost -returns -non-zero -if subnet -.I s -is in fact only a single host, -and -.B 0 -otherwise. -.PP -.I Samesaid -returns -non-zero -if SA IDs -.I a -and -.IR b -are identical, -and -.B 0 -otherwise. -.PP -.I Sameaddrtype -returns -non-zero -if addresses -.I a -and -.IR b -are of the same address family, -and -.B 0 -otherwise. -.PP -.I Samesubnettype -returns -non-zero -if subnets -.I a -and -.IR b -are of the same address family, -and -.B 0 -otherwise. -.SH SEE ALSO -inet(3), ipsec_initaddr(3) -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. diff --git a/linux/lib/libfreeswan/sameaddr.c b/linux/lib/libfreeswan/sameaddr.c deleted file mode 100644 index efc40796e..000000000 --- a/linux/lib/libfreeswan/sameaddr.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - * comparisons - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: sameaddr.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -static int samenbits(const ip_address *a, const ip_address *b, int n); - -/* - - addrcmp - compare two addresses - * Caution, the order of the tests is subtle: doing type test before - * size test can yield cases where ac. - */ -int /* like memcmp */ -addrcmp(a, b) -const ip_address *a; -const ip_address *b; -{ - int at = addrtypeof(a); - int bt = addrtypeof(b); - const unsigned char *ap; - const unsigned char *bp; - size_t as = addrbytesptr(a, &ap); - size_t bs = addrbytesptr(b, &bp); - size_t n = (as < bs) ? as : bs; /* min(as, bs) */ - int c = memcmp(ap, bp, n); - - if (c != 0) /* bytes differ */ - return (c < 0) ? -1 : 1; - if (as != bs) /* comparison incomplete: lexical order */ - return (as < bs) ? -1 : 1; - if (at != bt) /* bytes same but not same type: break tie */ - return (at < bt) ? -1 : 1; - return 0; -} - -/* - - sameaddr - are two addresses the same? - */ -int -sameaddr(a, b) -const ip_address *a; -const ip_address *b; -{ - return (addrcmp(a, b) == 0) ? 1 : 0; -} - -/* - - samesubnet - are two subnets the same? - */ -int -samesubnet(a, b) -const ip_subnet *a; -const ip_subnet *b; -{ - if (!sameaddr(&a->addr, &b->addr)) /* also does type check */ - return 0; - if (a->maskbits != b->maskbits) - return 0; - return 1; -} - -/* - - subnetishost - is a subnet in fact a single host? - */ -int -subnetishost(a) -const ip_subnet *a; -{ - return (a->maskbits == addrlenof(&a->addr)*8) ? 1 : 0; -} - -/* - - samesaid - are two SA IDs the same? - */ -int -samesaid(a, b) -const ip_said *a; -const ip_said *b; -{ - if (a->spi != b->spi) /* test first, most likely to be different */ - return 0; - if (!sameaddr(&a->dst, &b->dst)) - return 0; - if (a->proto != b->proto) - return 0; - return 1; -} - -/* - - sameaddrtype - do two addresses have the same type? - */ -int -sameaddrtype(a, b) -const ip_address *a; -const ip_address *b; -{ - return (addrtypeof(a) == addrtypeof(b)) ? 1 : 0; -} - -/* - - samesubnettype - do two subnets have the same type? - */ -int -samesubnettype(a, b) -const ip_subnet *a; -const ip_subnet *b; -{ - return (subnettypeof(a) == subnettypeof(b)) ? 1 : 0; -} - -/* - - addrinsubnet - is this address in this subnet? - */ -int -addrinsubnet(a, s) -const ip_address *a; -const ip_subnet *s; -{ - if (addrtypeof(a) != subnettypeof(s)) - return 0; - if (!samenbits(a, &s->addr, s->maskbits)) - return 0; - return 1; -} - -/* - - subnetinsubnet - is one subnet within another? - */ -int -subnetinsubnet(a, b) -const ip_subnet *a; -const ip_subnet *b; -{ - if (subnettypeof(a) != subnettypeof(b)) - return 0; - if (a->maskbits < b->maskbits) /* a is bigger than b */ - return 0; - if (!samenbits(&a->addr, &b->addr, b->maskbits)) - return 0; - return 1; -} - -/* - - samenbits - do two addresses have the same first n bits? - */ -static int -samenbits(a, b, nbits) -const ip_address *a; -const ip_address *b; -int nbits; -{ - const unsigned char *ap; - const unsigned char *bp; - size_t n; - int m; - - if (addrtypeof(a) != addrtypeof(b)) - return 0; /* arbitrary */ - n = addrbytesptr(a, &ap); - if (n == 0) - return 0; /* arbitrary */ - (void) addrbytesptr(b, &bp); - if (nbits > n*8) - return 0; /* "can't happen" */ - - for (; nbits >= 8 && *ap == *bp; nbits -= 8, ap++, bp++) - continue; - if (nbits >= 8) - return 0; - if (nbits > 0) { /* partial byte */ - m = ~(0xff >> nbits); - if ((*ap & m) != (*bp & m)) - return 0; - } - return 1; -} diff --git a/linux/lib/libfreeswan/satoa.c b/linux/lib/libfreeswan/satoa.c deleted file mode 100644 index 410fb8437..000000000 --- a/linux/lib/libfreeswan/satoa.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * convert from binary form of SA ID to ASCII - * Copyright (C) 1998, 1999, 2001 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: satoa.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -static struct typename { - char type; - char *name; -} typenames[] = { - { SA_AH, "ah" }, - { SA_ESP, "esp" }, - { SA_IPIP, "tun" }, - { SA_COMP, "comp" }, - { SA_INT, "int" }, - { 0, NULL } -}; - -/* - - satoa - convert SA to ASCII "ah507@1.2.3.4" - */ -size_t /* space needed for full conversion */ -satoa(sa, format, dst, dstlen) -struct sa_id sa; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t len = 0; /* 0 means not handled yet */ - int base; - struct typename *tn; - char buf[30+ADDRTOA_BUF]; - - switch (format) { - case 0: - base = 16; /* temporarily at least */ - break; - case 'd': - base = 10; - break; - default: - return 0; - break; - } - - for (tn = typenames; tn->name != NULL; tn++) - if (sa.proto == tn->type) - break; - if (tn->name == NULL) - return 0; - - if (strcmp(tn->name, PASSTHROUGHTYPE) == 0 && - sa.spi == PASSTHROUGHSPI && - sa.dst.s_addr == PASSTHROUGHDST) { - strcpy(buf, PASSTHROUGHNAME); - len = strlen(buf); - } else if (sa.proto == SA_INT && sa.dst.s_addr == 0) { - char *p; - - switch (ntohl(sa.spi)) { - case SPI_PASS: p = "%pass"; break; - case SPI_DROP: p = "%drop"; break; - case SPI_REJECT: p = "%reject"; break; - case SPI_HOLD: p = "%hold"; break; - case SPI_TRAP: p = "%trap"; break; - case SPI_TRAPSUBNET: p = "%trapsubnet"; break; - default: p = NULL; break; - } - if (p != NULL) { - strcpy(buf, p); - len = strlen(buf); - } - } - - if (len == 0) { - strcpy(buf, tn->name); - len = strlen(buf); - len += ultoa(ntohl(sa.spi), base, buf+len, sizeof(buf)-len); - *(buf+len-1) = '@'; - len += addrtoa(sa.dst, 0, buf+len, sizeof(buf)-len); - } - - if (dst != NULL) { - if (len > dstlen) - *(buf+dstlen-1) = '\0'; - strcpy(dst, buf); - } - return len; -} diff --git a/linux/lib/libfreeswan/satot.c b/linux/lib/libfreeswan/satot.c deleted file mode 100644 index 927f4ca1f..000000000 --- a/linux/lib/libfreeswan/satot.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * convert from binary form of SA ID to text - * Copyright (C) 2000, 2001 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: satot.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -static struct typename { - char type; - char *name; -} typenames[] = { - { SA_AH, "ah" }, - { SA_ESP, "esp" }, - { SA_IPIP, "tun" }, - { SA_COMP, "comp" }, - { SA_INT, "int" }, - { 0, NULL } -}; - -/* - - satot - convert SA to text "ah507@1.2.3.4" - */ -size_t /* space needed for full conversion */ -satot(sa, format, dst, dstlen) -const ip_said *sa; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t len = 0; /* 0 means "not recognized yet" */ - int base; - int showversion; /* use delimiter to show IP version? */ - struct typename *tn; - char *p; - char *pre; - char buf[10+1+ULTOT_BUF+ADDRTOT_BUF]; - char unk[10]; - - switch (format) { - case 0: - base = 16; - showversion = 1; - break; - case 'f': - base = 17; - showversion = 1; - break; - case 'x': - base = 'x'; - showversion = 0; - break; - case 'd': - base = 10; - showversion = 0; - break; - default: - return 0; - break; - } - - pre = NULL; - for (tn = typenames; tn->name != NULL; tn++) - if (sa->proto == tn->type) { - pre = tn->name; - break; /* NOTE BREAK OUT */ - } - if (pre == NULL) { /* unknown protocol */ - strcpy(unk, "unk"); - (void) ultot((unsigned char)sa->proto, 10, unk+strlen(unk), - sizeof(unk)-strlen(unk)); - pre = unk; - } - - if (strcmp(pre, PASSTHROUGHTYPE) == 0 && - sa->spi == PASSTHROUGHSPI && - isunspecaddr(&sa->dst)) { - strcpy(buf, (addrtypeof(&sa->dst) == AF_INET) ? - PASSTHROUGH4NAME : - PASSTHROUGH6NAME); - len = strlen(buf); - } - - if (sa->proto == SA_INT && addrtypeof(&sa->dst) == AF_INET && - isunspecaddr(&sa->dst)) { - switch (ntohl(sa->spi)) { - case SPI_PASS: p = "%pass"; break; - case SPI_DROP: p = "%drop"; break; - case SPI_REJECT: p = "%reject"; break; - case SPI_HOLD: p = "%hold"; break; - case SPI_TRAP: p = "%trap"; break; - case SPI_TRAPSUBNET: p = "%trapsubnet"; break; - default: p = NULL; break; - } - if (p != NULL) { - strcpy(buf, p); - len = strlen(buf); - } - } - - if (len == 0) { /* general case needed */ - strcpy(buf, pre); - len = strlen(buf); - if (showversion) { - *(buf+len) = (addrtypeof(&sa->dst) == AF_INET) ? '.' : - ':'; - len++; - *(buf+len) = '\0'; - } - len += ultot(ntohl(sa->spi), base, buf+len, sizeof(buf)-len); - *(buf+len-1) = '@'; - len += addrtot(&sa->dst, 0, buf+len, sizeof(buf)-len); - } - - if (dst != NULL) { - if (len > dstlen) - *(buf+dstlen-1) = '\0'; - strcpy(dst, buf); - } - return len; -} diff --git a/linux/lib/libfreeswan/subnetof.3 b/linux/lib/libfreeswan/subnetof.3 deleted file mode 100644 index 1911e499f..000000000 --- a/linux/lib/libfreeswan/subnetof.3 +++ /dev/null @@ -1,47 +0,0 @@ -.TH IPSEC_SUBNETOF 3 "11 June 2001" -.\" RCSID $Id: subnetof.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec subnetof \- given Internet address and subnet mask, return subnet number -.br -ipsec hostof \- given Internet address and subnet mask, return host part -.br -ipsec broadcastof \- given Internet address and subnet mask, return broadcast address -.SH SYNOPSIS -.B "#include -.sp -.B "struct in_addr subnetof(struct in_addr addr," -.ti +1c -.B "struct in_addr mask);" -.br -.B "struct in_addr hostof(struct in_addr addr," -.ti +1c -.B "struct in_addr mask);" -.br -.B "struct in_addr broadcastof(struct in_addr addr," -.ti +1c -.B "struct in_addr mask);" -.SH DESCRIPTION -These functions are obsolete; see -.IR ipsec_networkof (3) -for their replacements. -.PP -.I Subnetof -takes an Internet -.I address -and a subnet -.I mask -and returns the network part of the address -(all in network byte order). -.I Hostof -similarly returns the host part, and -.I broadcastof -returns the broadcast address (all-1s convention) for the network. -.PP -These functions are provided to hide the Internet bit-munging inside -an API, in hopes of easing the eventual transition to IPv6. -.SH SEE ALSO -inet(3), ipsec_atosubnet(3) -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -Calling functions for this is more costly than doing it yourself. diff --git a/linux/lib/libfreeswan/subnetof.c b/linux/lib/libfreeswan/subnetof.c deleted file mode 100644 index 1b288c591..000000000 --- a/linux/lib/libfreeswan/subnetof.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * minor network-address manipulation utilities - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: subnetof.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - subnetof - given address and mask, return subnet part - */ -struct in_addr -subnetof(addr, mask) -struct in_addr addr; -struct in_addr mask; -{ - struct in_addr result; - - result.s_addr = addr.s_addr & mask.s_addr; - return result; -} - -/* - - hostof - given address and mask, return host part - */ -struct in_addr -hostof(addr, mask) -struct in_addr addr; -struct in_addr mask; -{ - struct in_addr result; - - result.s_addr = addr.s_addr & ~mask.s_addr; - return result; -} - -/* - - broadcastof - given (network) address and mask, return broadcast address - */ -struct in_addr -broadcastof(addr, mask) -struct in_addr addr; -struct in_addr mask; -{ - struct in_addr result; - - result.s_addr = addr.s_addr | ~mask.s_addr; - return result; -} diff --git a/linux/lib/libfreeswan/subnettoa.c b/linux/lib/libfreeswan/subnettoa.c deleted file mode 100644 index 36cad8b88..000000000 --- a/linux/lib/libfreeswan/subnettoa.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * convert binary form of subnet description to ASCII - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: subnettoa.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - subnettoa - convert address and mask to ASCII "addr/mask" - * Output expresses the mask as a bit count if possible, else dotted decimal. - */ -size_t /* space needed for full conversion */ -subnettoa(addr, mask, format, dst, dstlen) -struct in_addr addr; -struct in_addr mask; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t len; - size_t rest; - int n; - char *p; - - switch (format) { - case 0: - break; - default: - return 0; - break; - } - - len = addrtoa(addr, 0, dst, dstlen); - if (len < dstlen) { - dst[len - 1] = '/'; - p = dst + len; - rest = dstlen - len; - } else { - p = NULL; - rest = 0; - } - - n = masktobits(mask); - if (n >= 0) - len += ultoa((unsigned long)n, 10, p, rest); - else - len += addrtoa(mask, 0, p, rest); - - return len; -} diff --git a/linux/lib/libfreeswan/subnettot.c b/linux/lib/libfreeswan/subnettot.c deleted file mode 100644 index 0385d25e5..000000000 --- a/linux/lib/libfreeswan/subnettot.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * convert binary form of subnet description to text - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: subnettot.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - subnettot - convert subnet to text "addr/bitcount" - */ -size_t /* space needed for full conversion */ -subnettot(sub, format, dst, dstlen) -const ip_subnet *sub; -int format; /* character */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - size_t len; - size_t rest; - char *p; - - switch (format) { - case 0: - break; - default: - return 0; - break; - } - - len = addrtot(&sub->addr, format, dst, dstlen); - if (len < dstlen) { - dst[len - 1] = '/'; - p = dst + len; - rest = dstlen - len; - } else { - p = NULL; - rest = 0; - } - - - len += ultoa((unsigned long)sub->maskbits, 10, p, rest); - - return len; -} diff --git a/linux/lib/libfreeswan/subnettypeof.c b/linux/lib/libfreeswan/subnettypeof.c deleted file mode 100644 index 6f44b2e4b..000000000 --- a/linux/lib/libfreeswan/subnettypeof.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * extract parts of an ip_subnet, and related - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: subnettypeof.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - subnettypeof - get the address type of an ip_subnet - */ -int -subnettypeof(src) -const ip_subnet *src; -{ - return src->addr.u.v4.sin_family; -} - -/* - - networkof - get the network address of a subnet - */ -void -networkof(src, dst) -const ip_subnet *src; -ip_address *dst; -{ - *dst = src->addr; -} - -/* - - maskof - get the mask of a subnet, as an address - */ -void -maskof(src, dst) -const ip_subnet *src; -ip_address *dst; -{ - int b; - unsigned char buf[16]; - size_t n = addrlenof(&src->addr); - unsigned char *p; - - if (src->maskbits > n*8 || n > sizeof(buf)) - return; /* "can't happen" */ - - p = buf; - for (b = src->maskbits; b >= 8; b -= 8) - *p++ = 0xff; - if (b != 0) - *p++ = (0xff << (8 - b)) & 0xff; - while (p - buf < n) - *p++ = 0; - - (void) initaddr(buf, n, addrtypeof(&src->addr), dst); -} - -/* - - masktocount - convert a mask, expressed as an address, to a bit count - */ -int /* -1 if not valid mask */ -masktocount(src) -const ip_address *src; -{ - int b; - unsigned const char *bp; - size_t n; - unsigned const char *p; - unsigned const char *stop; - - n = addrbytesptr(src, &bp); - if (n == 0) - return -1; - - p = bp; - stop = bp + n; - - n = 0; - while (p < stop && *p == 0xff) { - p++; - n += 8; - } - if (p < stop && *p != 0) { /* boundary in mid-byte */ - b = *p++; - while (b&0x80) { - b <<= 1; - n++; - } - if ((b&0xff) != 0) - return -1; /* bits not contiguous */ - } - while (p < stop && *p == 0) - p++; - - if (p != stop) - return -1; - - return n; -} diff --git a/linux/lib/libfreeswan/ttoaddr.3 b/linux/lib/libfreeswan/ttoaddr.3 deleted file mode 100644 index 5bf48d4b2..000000000 --- a/linux/lib/libfreeswan/ttoaddr.3 +++ /dev/null @@ -1,377 +0,0 @@ -.TH IPSEC_TTOADDR 3 "28 Sept 2001" -.\" RCSID $Id: ttoaddr.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec ttoaddr, tnatoaddr, addrtot \- convert Internet addresses to and from text -.br -ipsec ttosubnet, subnettot \- convert subnet/mask text form to and from addresses -.SH SYNOPSIS -.B "#include -.sp -.B "const char *ttoaddr(const char *src, size_t srclen," -.ti +1c -.B "int af, ip_address *addr);" -.br -.B "const char *tnatoaddr(const char *src, size_t srclen," -.ti +1c -.B "int af, ip_address *addr);" -.br -.B "size_t addrtot(const ip_address *addr, int format," -.ti +1c -.B "char *dst, size_t dstlen);" -.sp -.B "const char *ttosubnet(const char *src, size_t srclen," -.ti +1c -.B "int af, ip_subnet *dst);" -.br -.B "size_t subnettot(const ip_subnet *sub, int format," -.ti +1c -.B "char *dst, size_t dstlen);" -.SH DESCRIPTION -.I Ttoaddr -converts a text-string name or numeric address into a binary address -(in network byte order). -.I Tnatoaddr -does the same conversion, -but the only text forms it accepts are -the ``official'' forms of -numeric address (dotted-decimal for IPv4, colon-hex for IPv6). -.I Addrtot -does the reverse conversion, from binary address back to a text form. -.I Ttosubnet -and -.I subnettot -do likewise for the ``address/mask'' form used to write a -specification of a subnet. -.PP -An IPv4 address is specified in text as a -dotted-decimal address (e.g. -.BR 1.2.3.4 ), -an eight-digit network-order hexadecimal number with the usual C prefix (e.g. -.BR 0x01020304 , -which is synonymous with -.BR 1.2.3.4 ), -an eight-digit host-order hexadecimal number with a -.B 0h -prefix (e.g. -.BR 0h01020304 , -which is synonymous with -.B 1.2.3.4 -on a big-endian host and -.B 4.3.2.1 -on a little-endian host), -a DNS name to be looked up via -.IR gethostbyname (3), -or an old-style network name to be looked up via -.IR getnetbyname (3). -.PP -A dotted-decimal address may be incomplete, in which case -text-to-binary conversion implicitly appends -as many instances of -.B .0 -as necessary to bring it up to four components. -The components of a dotted-decimal address are always taken as -decimal, and leading zeros are ignored. -For example, -.B 10 -is synonymous with -.BR 10.0.0.0 , -and -.B 128.009.000.032 -is synonymous with -.BR 128.9.0.32 -(the latter example is verbatim from RFC 1166). -The result of applying -.I addrtot -to an IPv4 address is always complete and does not contain leading zeros. -.PP -Use of hexadecimal addresses is -.B strongly -.BR discouraged ; -they are included only to save hassles when dealing with -the handful of perverted programs which already print -network addresses in hexadecimal. -.PP -An IPv6 address is specified in text with -colon-hex notation (e.g. -.BR 0:56:78ab:22:33:44:55:66 ), -colon-hex with -.B :: -abbreviating at most one subsequence of multiple zeros (e.g. -.BR 99:ab::54:068 , -which is synonymous with -.BR 99:ab:0:0:0:0:54:68 ), -or a DNS name to be looked up via -.IR gethostbyname (3). -The result of applying -.I addrtot -to an IPv6 address will use -.B :: -abbreviation if possible, -and will not contain leading zeros. -.PP -The letters in hexadecimal -may be uppercase or lowercase or any mixture thereof. -.PP -DNS names may be complete (optionally terminated with a ``.'') -or incomplete, and are looked up as specified by local system configuration -(see -.IR resolver (5)). -The -.I h_addr -value returned by -.IR gethostbyname2 (3) -is used, -so with current DNS implementations, -the result when the name corresponds to more than one address is -difficult to predict. -IPv4 name lookup resorts to -.IR getnetbyname (3) -only if -.IR gethostbyname2 (3) -fails. -.PP -A subnet specification is of the form \fInetwork\fB/\fImask\fR. -The -.I network -and -.I mask -can be any form acceptable to -.IR ttoaddr . -In addition, and preferably, the -.I mask -can be a decimal integer (leading zeros ignored) giving a bit count, -in which case -it stands for a mask with that number of high bits on and all others off -(e.g., -.B 24 -in IPv4 means -.BR 255.255.255.0 ). -In any case, the mask must be contiguous -(a sequence of high bits on and all remaining low bits off). -As a special case, the subnet specification -.B %default -is a synonym for -.B 0.0.0.0/0 -or -.B ::/0 -in IPv4 or IPv6 respectively. -.PP -.I Ttosubnet -ANDs the mask with the address before returning, -so that any non-network bits in the address are turned off -(e.g., -.B 10.1.2.3/24 -is synonymous with -.BR 10.1.2.0/24 ). -.I Subnettot -always generates the decimal-integer-bit-count -form of the mask, -with no leading zeros. -.PP -The -.I srclen -parameter of -.I ttoaddr -and -.I ttosubnet -specifies the length of the text string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I af -parameter of -.I ttoaddr -and -.I ttosubnet -specifies the address family of interest. -It should be either -.B AF_INET -or -.BR AF_INET6 . -.PP -The -.I dstlen -parameter of -.I addrtot -and -.I subnettot -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines constants, -.B ADDRTOT_BUF -and -.BR SUBNETTOT_BUF , -which are the sizes of buffers just large enough for worst-case results. -.PP -The -.I format -parameter of -.I addrtot -and -.I subnettot -specifies what format is to be used for the conversion. -The value -.B 0 -(not the character -.BR '0' , -but a zero value) -specifies a reasonable default, -and is in fact the only format currently available in -.IR subnettot . -.I Addrtot -also accepts format values -.B 'r' -(signifying a text form suitable for DNS reverse lookups, -e.g. -.B 4.3.2.1.IN-ADDR.ARPA. -for IPv4 and -RFC 2874 format for IPv6), -and -.B 'R' -(signifying an alternate reverse-lookup form, -an error for IPv4 and RFC 1886 format for IPv6). -Reverse-lookup names always end with a ``.''. -.PP -The text-to-binary functions return NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -The binary-to-text functions return -.B 0 -for a failure, and otherwise -always return the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.SH SEE ALSO -inet(3) -.SH DIAGNOSTICS -Fatal errors in -.I ttoaddr -are: -empty input; -unknown address family; -attempt to allocate temporary storage for a very long name failed; -name lookup failed; -syntax error in dotted-decimal or colon-hex form; -dotted-decimal or colon-hex component too large. -.PP -Fatal errors in -.I ttosubnet -are: -no -.B / -in -.IR src ; -.I ttoaddr -error in conversion of -.I network -or -.IR mask ; -bit-count mask too big; -mask non-contiguous. -.PP -Fatal errors in -.I addrtot -and -.I subnettot -are: -unknown format. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The interpretation of incomplete dotted-decimal addresses -(e.g. -.B 10/24 -means -.BR 10.0.0.0/24 ) -differs from that of some older conversion -functions, e.g. those of -.IR inet (3). -The behavior of the older functions has never been -particularly consistent or particularly useful. -.PP -Ignoring leading zeros in dotted-decimal components and bit counts -is arguably the most useful behavior in this application, -but it might occasionally cause confusion with the historical use of leading -zeros to denote octal numbers. -.PP -.I Ttoaddr -does not support the mixed colon-hex-dotted-decimal -convention used to embed an IPv4 address in an IPv6 address. -.PP -.I Addrtot -always uses the -.B :: -abbreviation (which can appear only once in an address) for the -.I first -sequence of multiple zeros in an IPv6 address. -One can construct addresses (unlikely ones) in which this is suboptimal. -.PP -.I Addrtot -.B 'r' -conversion of an IPv6 address uses lowercase hexadecimal, -not the uppercase used in RFC 2874's examples. -It takes careful reading of RFCs 2874, 2673, and 2234 to realize -that lowercase is technically legitimate here, -and there may be software which botches this -and hence would have trouble with lowercase hex. -.PP -Possibly -.I subnettot -ought to recognize the -.B %default -case and generate that string as its output. -Currently it doesn't. -.PP -It is barely possible that somebody, somewhere, -might have a legitimate use for non-contiguous subnet masks. -.PP -.IR Getnetbyname (3) -is a historical dreg. -.PP -.I Tnatoaddr -probably should enforce completeness of dotted-decimal addresses. -.PP -The restriction of text-to-binary error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The text-to-binary error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = ttoaddr( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/linux/lib/libfreeswan/ttoaddr.c b/linux/lib/libfreeswan/ttoaddr.c deleted file mode 100644 index efcb33e9f..000000000 --- a/linux/lib/libfreeswan/ttoaddr.c +++ /dev/null @@ -1,426 +0,0 @@ -/* - * conversion from text forms of addresses to internal ones - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ttoaddr.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - * Legal ASCII characters in a domain name. Underscore technically is not, - * but is a common misunderstanding. Non-ASCII characters are simply - * exempted from checking at the moment, to allow for UTF-8 encoded stuff; - * the purpose of this check is merely to catch blatant errors. - */ -static const char namechars[] = "abcdefghijklmnopqrstuvwxyz0123456789" - "ABCDEFGHIJKLMNOPQRSTUVWXYZ-_."; -#define ISASCII(c) (((c) & 0x80) == 0) - -static err_t tryname(const char *, size_t, int, int, ip_address *); -static err_t tryhex(const char *, size_t, int, ip_address *); -static err_t trydotted(const char *, size_t, ip_address *); -static err_t getbyte(const char **, const char *, int *); -static err_t colon(const char *, size_t, ip_address *); -static err_t getpiece(const char **, const char *, unsigned *); - -/* - - ttoaddr - convert text name or dotted-decimal address to binary address - */ -err_t /* NULL for success, else string literal */ -ttoaddr(src, srclen, af, dst) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -int af; /* address family */ -ip_address *dst; -{ - err_t oops; -# define HEXLEN 10 /* strlen("0x11223344") */ - int nultermd; - - if (srclen == 0) { - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - nultermd = 1; - } else - nultermd = 0; /* at least, not *known* to be terminated */ - - switch (af) { - case AF_INET: - case AF_INET6: - case 0: /* guess */ - break; - - default: - return "invalid address family"; - } - - if (af == AF_INET && srclen == HEXLEN && *src == '0') { - if (*(src+1) == 'x' || *(src+1) == 'X') - return tryhex(src+2, srclen-2, 'x', dst); - if (*(src+1) == 'h' || *(src+1) == 'H') - return tryhex(src+2, srclen-2, 'h', dst); - } - - if (memchr(src, ':', srclen) != NULL) { - if(af == 0) - { - af = AF_INET6; - } - - if (af != AF_INET6) - return "non-ipv6 address may not contain `:'"; - return colon(src, srclen, dst); - } - - if (af == 0 || af == AF_INET) { - oops = trydotted(src, srclen, dst); - if (oops == NULL) - return NULL; /* it worked */ - if (*oops != '?') - return oops; /* probably meant as d-d */ - } - - return tryname(src, srclen, nultermd, af, dst); -} - -/* - - tnatoaddr - convert text numeric address (only) to binary address - */ -err_t /* NULL for success, else string literal */ -tnatoaddr(src, srclen, af, dst) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -int af; /* address family */ -ip_address *dst; -{ - err_t oops; - - if (srclen == 0) { - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - } - - switch (af) { - case 0: /* guess */ - oops = colon(src, srclen, dst); - if(oops == NULL) - { - return NULL; - } - oops = trydotted(src, srclen, dst); - if(oops == NULL) - { - return NULL; - } - return "does not appear to be either IPv4 or IPv6 numeric address"; - break; - - case AF_INET6: - return colon(src, srclen, dst); - break; - case AF_INET: - oops = trydotted(src, srclen, dst); - if (oops == NULL) - return NULL; /* it worked */ - if (*oops != '?') - return oops; /* probably meant as d-d */ - return "does not appear to be numeric address"; - break; - default: - return "unknown address family in tnatoaddr"; - break; - } -} - -/* - - tryname - try it as a name - * Slightly complicated by lack of reliable NUL termination in source. - */ -static err_t -tryname(src, srclen, nultermd, af, dst) -const char *src; -size_t srclen; -int nultermd; /* is it known to be NUL-terminated? */ -int af; -ip_address *dst; -{ - struct hostent *h; - struct netent *ne = NULL; - char namebuf[100]; /* enough for most DNS names */ - const char *cp; - char *p = namebuf; - size_t n; - - for (cp = src, n = srclen; n > 0; cp++, n--) - if (ISASCII(*cp) && strchr(namechars, *cp) == NULL) - return "illegal (non-DNS-name) character in name"; - - if (nultermd) - cp = src; - else { - if (srclen+1 > sizeof(namebuf)) { - p = (char *) MALLOC(srclen+1); - if (p == NULL) - return "unable to get temporary space for name"; - } - p[0] = '\0'; /* strncpy semantics are wrong */ - strncat(p, src, srclen); - cp = (const char *)p; - } - - h = gethostbyname2(cp, af); - if (h == NULL && af == AF_INET) - ne = getnetbyname(cp); - if (p != namebuf) - FREE(p); - if (h == NULL && ne == NULL) - return "does not look numeric and name lookup failed"; - - if (h != NULL) { - if (h->h_addrtype != af) - return "address-type mismatch from gethostbyname2!!!"; - return initaddr((unsigned char *)h->h_addr, h->h_length, af, dst); - } else { - if (ne->n_addrtype != af) - return "address-type mismatch from getnetbyname!!!"; - ne->n_net = htonl(ne->n_net); - return initaddr((unsigned char *)&ne->n_net, sizeof(ne->n_net), - af, dst); - } -} - -/* - - tryhex - try conversion as an eight-digit hex number (AF_INET only) - */ -static err_t -tryhex(src, srclen, flavor, dst) -const char *src; -size_t srclen; /* should be 8 */ -int flavor; /* 'x' for network order, 'h' for host order */ -ip_address *dst; -{ - err_t oops; - unsigned long ul; - union { - uint32_t addr; - unsigned char buf[4]; - } u; - - if (srclen != 8) - return "internal error, tryhex called with bad length"; - - oops = ttoul(src, srclen, 16, &ul); - if (oops != NULL) - return oops; - - u.addr = (flavor == 'h') ? ul : htonl(ul); - return initaddr(u.buf, sizeof(u.buf), AF_INET, dst); -} - -/* - - trydotted - try conversion as dotted decimal (AF_INET only) - * - * If the first char of a complaint is '?', that means "didn't look like - * dotted decimal at all". - */ -static err_t -trydotted(src, srclen, dst) -const char *src; -size_t srclen; -ip_address *dst; -{ - const char *stop = src + srclen; /* just past end */ - int byte; - err_t oops; -# define NBYTES 4 - unsigned char buf[NBYTES]; - int i; - - memset(buf, 0, sizeof(buf)); - for (i = 0; i < NBYTES && src < stop; i++) { - oops = getbyte(&src, stop, &byte); - if (oops != NULL) { - if (*oops != '?') - return oops; /* bad number */ - if (i > 1) - return oops+1; /* failed number */ - return oops; /* with leading '?' */ - } - buf[i] = byte; - if (i < 3 && src < stop && *src++ != '.') { - if (i == 0) - return "?syntax error in dotted-decimal address"; - else - return "syntax error in dotted-decimal address"; - } - } - if (src != stop) - return "extra garbage on end of dotted-decimal address"; - - return initaddr(buf, sizeof(buf), AF_INET, dst); -} - -/* - - getbyte - try to scan a byte in dotted decimal - * A subtlety here is that all this arithmetic on ASCII digits really is - * highly portable -- ANSI C guarantees that digits 0-9 are contiguous. - * It's easier to just do it ourselves than set up for a call to ttoul(). - * - * If the first char of a complaint is '?', that means "didn't look like a - * number at all". - */ -err_t -getbyte(srcp, stop, retp) -const char **srcp; /* *srcp is updated */ -const char *stop; /* first untouchable char */ -int *retp; /* return-value pointer */ -{ - char c; - const char *p; - int no; - - if (*srcp >= stop) - return "?empty number in dotted-decimal address"; - - no = 0; - p = *srcp; - while (p < stop && no <= 255 && (c = *p) >= '0' && c <= '9') { - no = no*10 + (c - '0'); - p++; - } - if (p == *srcp) - return "?non-numeric component in dotted-decimal address"; - *srcp = p; - if (no > 255) - return "byte overflow in dotted-decimal address"; - *retp = no; - return NULL; -} - -/* - - colon - convert IPv6 "numeric" address - */ -static err_t -colon(src, srclen, dst) -const char *src; -size_t srclen; /* known to be >0 */ -ip_address *dst; -{ - const char *stop = src + srclen; /* just past end */ - unsigned piece; - int gapat; /* where was empty piece seen */ - err_t oops; -# define NPIECES 8 - unsigned char buf[NPIECES*2]; /* short may have wrong byte order */ - int i; - int j; -# define IT "IPv6 numeric address" - int naftergap; - - /* leading or trailing :: becomes single empty field */ - if (*src == ':') { /* legal only if leading :: */ - if (srclen == 1 || *(src+1) != ':') - return "illegal leading `:' in " IT; - if (srclen == 2) { - unspecaddr(AF_INET6, dst); - return NULL; - } - src++; /* past first but not second */ - srclen--; - } - if (*(stop-1) == ':') { /* legal only if trailing :: */ - if (srclen == 1 || *(stop-2) != ':') - return "illegal trailing `:' in " IT; - srclen--; /* leave one */ - } - - gapat = -1; - for (i = 0; i < NPIECES && src < stop; i++) { - oops = getpiece(&src, stop, &piece); - if (oops != NULL && *oops == ':') { /* empty field */ - if (gapat >= 0) - return "more than one :: in " IT; - gapat = i; - } else if (oops != NULL) - return oops; - buf[2*i] = piece >> 8; - buf[2*i + 1] = piece & 0xff; - if (i < NPIECES-1) { /* there should be more input */ - if (src == stop && gapat < 0) - return IT " ends prematurely"; - if (src != stop && *src++ != ':') - return "syntax error in " IT; - } - } - if (src != stop) - return "extra garbage on end of " IT; - - if (gapat < 0 && i < NPIECES) /* should have been caught earlier */ - return "incomplete " IT " (internal error)"; - if (gapat >= 0 && i == NPIECES) - return "non-abbreviating empty field in " IT; - if (gapat >= 0) { - naftergap = i - (gapat + 1); - for (i--, j = NPIECES-1; naftergap > 0; i--, j--, naftergap--) { - buf[2*j] = buf[2*i]; - buf[2*j + 1] = buf[2*i + 1]; - } - for (; j >= gapat; j--) - buf[2*j] = buf[2*j + 1] = 0; - } - - return initaddr(buf, sizeof(buf), AF_INET6, dst); -} - -/* - - getpiece - try to scan one 16-bit piece of an IPv6 address - */ -err_t /* ":" means "empty field seen" */ -getpiece(srcp, stop, retp) -const char **srcp; /* *srcp is updated */ -const char *stop; /* first untouchable char */ -unsigned *retp; /* return-value pointer */ -{ - const char *p; -# define NDIG 4 - int d; - unsigned long ret; - err_t oops; - - if (*srcp >= stop || **srcp == ':') { /* empty field */ - *retp = 0; - return ":"; - } - - p = *srcp; - d = 0; - while (p < stop && d < NDIG && isxdigit(*p)) { - p++; - d++; - } - if (d == 0) - return "non-hex field in IPv6 numeric address"; - if (p < stop && d == NDIG && isxdigit(*p)) - return "field in IPv6 numeric address longer than 4 hex digits"; - - oops = ttoul(*srcp, d, 16, &ret); - if (oops != NULL) /* shouldn't happen, really... */ - return oops; - - *srcp = p; - *retp = ret; - return NULL; -} diff --git a/linux/lib/libfreeswan/ttodata.3 b/linux/lib/libfreeswan/ttodata.3 deleted file mode 100644 index 98bbe4ab3..000000000 --- a/linux/lib/libfreeswan/ttodata.3 +++ /dev/null @@ -1,281 +0,0 @@ -.TH IPSEC_TTODATA 3 "16 August 2003" -.\" RCSID $Id: ttodata.3,v 1.2 2005/07/18 20:13:42 as Exp $ -.SH NAME -ipsec ttodata, datatot \- convert binary data bytes from and to text formats -.SH SYNOPSIS -.B "#include " -.sp -.B "const char *ttodata(const char *src, size_t srclen," -.ti +1c -.B "int base, char *dst, size_t dstlen, size_t *lenp);" -.br -.B "const char *ttodatav(const char *src, size_t srclen," -.ti +1c -.B "int base, char *dst, size_t dstlen, size_t *lenp," -.ti +1c -.B "char *errp, size_t errlen, int flags);" -.br -.B "size_t datatot(const char *src, size_t srclen," -.ti +1c -.B "int format, char *dst, size_t dstlen);" -.SH DESCRIPTION -.IR Ttodata , -.IR ttodatav , -and -.I datatot -convert arbitrary binary data (e.g. encryption or authentication keys) -from and to more-or-less human-readable text formats. -.PP -Currently supported formats are hexadecimal, base64, and characters. -.PP -A hexadecimal text value begins with a -.B 0x -(or -.BR 0X ) -prefix and continues with two-digit groups -of hexadecimal digits (0-9, and a-f or A-F), -each group encoding the value of one binary byte, high-order digit first. -A single -.B _ -(underscore) -between consecutive groups is ignored, permitting punctuation to improve -readability; doing this every eight digits seems about right. -.PP -A base64 text value begins with a -.B 0s -(or -.BR 0S ) -prefix -and continues with four-digit groups of base64 digits (A-Z, a-z, 0-9, +, and /), -each group encoding the value of three binary bytes as described in -section 6.8 of RFC 2045. -If -.B flags -has the -.B TTODATAV_IGNORESPACE -bit on, blanks are ignore (after the prefix). -Note that the last one or two digits of a base64 group can be -.B = -to indicate that fewer than three binary bytes are encoded. -.PP -A character text value begins with a -.B 0t -(or -.BR 0T ) -prefix -and continues with text characters, each being the value of one binary byte. -.PP -All these functions basically copy data from -.I src -(whose size is specified by -.IR srclen ) -to -.I dst -(whose size is specified by -.IR dstlen ), -doing the conversion en route. -If the result will not fit in -.IR dst , -it is truncated; -under no circumstances are more than -.I dstlen -bytes of result written to -.IR dst . -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result bytes are written at all. -.PP -The -.I base -parameter of -.I ttodata -and -.I ttodatav -specifies what format the input is in; -normally it should be -.B 0 -to signify that this gets figured out from the prefix. -Values of -.BR 16 , -.BR 64 , -and -.BR 256 -respectively signify hexadecimal, base64, and character-text formats -without prefixes. -.PP -The -.I format -parameter of -.IR datatot , -a single character used as a type code, -specifies which text format is wanted. -The value -.B 0 -(not ASCII -.BR '0' , -but a zero value) specifies a reasonable default. -Other currently-supported values are: -.RS 2 -.TP 4 -.B 'x' -continuous lower-case hexadecimal with a -.B 0x -prefix -.TP -.B 'h' -lower-case hexadecimal with a -.B 0x -prefix and a -.B _ -every eight digits -.TP -.B ':' -lower-case hexadecimal with no prefix and a -.B : -(colon) every two digits -.TP -.B 16 -lower-case hexadecimal with no prefix or -.B _ -.TP -.B 's' -continuous base64 with a -.B 0s -prefix -.TP -.B 64 -continuous base64 with no prefix -.RE -.PP -The default format is currently -.BR 'h' . -.PP -.I Ttodata -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -On success, -if and only if -.I lenp -is non-NULL, -.B *lenp -is set to the number of bytes required to contain the full untruncated result. -It is the caller's responsibility to check this against -.I dstlen -to determine whether he has obtained a complete result. -The -.B *lenp -value is correct even if -.I dstlen -is zero, which offers a way to determine how much space would be needed -before having to allocate any. -.PP -.I Ttodatav -is just like -.I ttodata -except that in certain cases, -if -.I errp -is non-NULL, -the buffer pointed to by -.I errp -(whose length is given by -.IR errlen ) -is used to hold a more detailed error message. -The return value is NULL for success, -and is either -.I errp -or a pointer to a string literal for failure. -If the size of the error-message buffer is -inadequate for the desired message, -.I ttodatav -will fall back on returning a pointer to a literal string instead. -The -.I freeswan.h -header file defines a constant -.B TTODATAV_BUF -which is the size of a buffer large enough for worst-case results. -.PP -The normal return value of -.IR datatot -is the number of bytes required -to contain the full untruncated result. -It is the caller's responsibility to check this against -.I dstlen -to determine whether he has obtained a complete result. -The return value is correct even if -.I dstlen -is zero, which offers a way to determine how much space would be needed -before having to allocate any. -A return value of -.B 0 -signals a fatal error of some kind -(see DIAGNOSTICS). -.PP -A zero value for -.I srclen -in -.I ttodata -(but not -.IR datatot !) -is synonymous with -.BR strlen(src) . -A non-zero -.I srclen -in -.I ttodata -must not include the terminating NUL. -.PP -Unless -.I dstlen -is zero, -the result supplied by -.I datatot -is always NUL-terminated, -and its needed-size return value includes space for the terminating NUL. -.PP -Several obsolete variants of these functions -.RI ( atodata , -.IR datatoa , -.IR atobytes , -and -.IR bytestoa ) -are temporarily also supported. -.SH SEE ALSO -sprintf(3), ipsec_atoaddr(3) -.SH DIAGNOSTICS -Fatal errors in -.I ttodata -and -.I ttodatav -are: -unknown characters in the input; -unknown or missing prefix; -unknown base; -incomplete digit group; -non-zero padding in a base64 less-than-three-bytes digit group; -zero-length input. -.PP -Fatal errors in -.I datatot -are: -unknown format code; -zero-length input. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -.I Datatot -should have a format code to produce character-text output. -.PP -The -.B 0s -and -.B 0t -prefixes are the author's inventions and are not a standard -of any kind. -They have been chosen to avoid collisions with existing practice -(some C implementations use -.B 0b -for binary) -and possible confusion with unprefixed hexadecimal. diff --git a/linux/lib/libfreeswan/ttodata.c b/linux/lib/libfreeswan/ttodata.c deleted file mode 100644 index e1bf7606a..000000000 --- a/linux/lib/libfreeswan/ttodata.c +++ /dev/null @@ -1,722 +0,0 @@ -/* - * convert from text form of arbitrary data (e.g., keys) to binary - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ttodata.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* converters and misc */ -static int unhex(const char *, char *, size_t); -static int unb64(const char *, char *, size_t); -static int untext(const char *, char *, size_t); -static const char *badch(const char *, int, char *, size_t); - -/* internal error codes for converters */ -#define SHORT (-2) /* internal buffer too short */ -#define BADPAD (-3) /* bad base64 padding */ -#define BADCH0 (-4) /* invalid character 0 */ -#define BADCH1 (-5) /* invalid character 1 */ -#define BADCH2 (-6) /* invalid character 2 */ -#define BADCH3 (-7) /* invalid character 3 */ -#define BADOFF(code) (BADCH0-(code)) - -/* - - ttodatav - convert text to data, with verbose error reports - * If some of this looks slightly odd, it's because it has changed - * repeatedly (from the original atodata()) without a major rewrite. - */ -const char * /* NULL on success, else literal or errp */ -ttodatav(src, srclen, base, dst, dstlen, lenp, errp, errlen, flags) -const char *src; -size_t srclen; /* 0 means apply strlen() */ -int base; /* 0 means figure it out */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -size_t *lenp; /* where to record length (NULL is nowhere) */ -char *errp; /* error buffer */ -size_t errlen; -unsigned int flags; -{ - size_t ingroup; /* number of input bytes converted at once */ - char buf[4]; /* output from conversion */ - int nbytes; /* size of output */ - int (*decode)(const char *, char *, size_t); - char *stop; - int ndone; - int i; - int underscoreok; - int skipSpace = 0; - - if (srclen == 0) - srclen = strlen(src); - if (dstlen == 0) - dst = buf; /* point it somewhere valid */ - stop = dst + dstlen; - - if (base == 0) { - if (srclen < 2) - return "input too short to be valid"; - if (*src++ != '0') - return "input does not begin with format prefix"; - switch (*src++) { - case 'x': - case 'X': - base = 16; - break; - case 's': - case 'S': - base = 64; - break; - case 't': - case 'T': - base = 256; - break; - default: - return "unknown format prefix"; - } - srclen -= 2; - } - switch (base) { - case 16: - decode = unhex; - underscoreok = 1; - ingroup = 2; - break; - case 64: - decode = unb64; - underscoreok = 0; - ingroup = 4; - if(flags & TTODATAV_IGNORESPACE) { - skipSpace = 1; - } - break; - - case 256: - decode = untext; - ingroup = 1; - underscoreok = 0; - break; - default: - return "unknown base"; - } - - /* proceed */ - ndone = 0; - while (srclen > 0) { - char stage[4]; /* staging area for group */ - size_t sl = 0; - - /* Grab ingroup characters into stage, - * squeezing out blanks if we are supposed to ignore them. - */ - for (sl = 0; sl < ingroup; src++, srclen--) { - if (srclen == 0) - return "input ends in mid-byte, perhaps truncated"; - else if (!(skipSpace && (*src == ' ' || *src == '\t'))) - stage[sl++] = *src; - } - - nbytes = (*decode)(stage, buf, sizeof(buf)); - switch (nbytes) { - case BADCH0: - case BADCH1: - case BADCH2: - case BADCH3: - return badch(stage, nbytes, errp, errlen); - case SHORT: - return "internal buffer too short (\"can't happen\")"; - case BADPAD: - return "bad (non-zero) padding at end of base64 input"; - } - if (nbytes <= 0) - return "unknown internal error"; - for (i = 0; i < nbytes; i++) { - if (dst < stop) - *dst++ = buf[i]; - ndone++; - } - while (srclen >= 1 && skipSpace && (*src == ' ' || *src == '\t')){ - src++; - srclen--; - } - if (underscoreok && srclen > 1 && *src == '_') { - /* srclen > 1 means not last character */ - src++; - srclen--; - } - } - - if (ndone == 0) - return "no data bytes specified by input"; - if (lenp != NULL) - *lenp = ndone; - return NULL; -} - -/* - - ttodata - convert text to data - */ -const char * /* NULL on success, else literal */ -ttodata(src, srclen, base, dst, dstlen, lenp) -const char *src; -size_t srclen; /* 0 means apply strlen() */ -int base; /* 0 means figure it out */ -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -size_t *lenp; /* where to record length (NULL is nowhere) */ -{ - return ttodatav(src, srclen, base, dst, dstlen, lenp, (char *)NULL, - (size_t)0, TTODATAV_SPACECOUNTS); -} - -/* - - atodata - convert ASCII to data - * backward-compatibility interface - */ -size_t /* 0 for failure, true length for success */ -atodata(src, srclen, dst, dstlen) -const char *src; -size_t srclen; -char *dst; -size_t dstlen; -{ - size_t len; - const char *err; - - err = ttodata(src, srclen, 0, dst, dstlen, &len); - if (err != NULL) - return 0; - return len; -} - -/* - - atobytes - convert ASCII to data bytes - * another backward-compatibility interface - */ -const char * -atobytes(src, srclen, dst, dstlen, lenp) -const char *src; -size_t srclen; -char *dst; -size_t dstlen; -size_t *lenp; -{ - return ttodata(src, srclen, 0, dst, dstlen, lenp); -} - -/* - - unhex - convert two ASCII hex digits to byte - */ -static int /* number of result bytes, or error code */ -unhex(src, dst, dstlen) -const char *src; /* known to be full length */ -char *dst; -size_t dstlen; /* not large enough is a failure */ -{ - char *p; - unsigned byte; - static char hex[] = "0123456789abcdef"; - - if (dstlen < 1) - return SHORT; - - p = strchr(hex, *src); - if (p == NULL) - p = strchr(hex, tolower(*src)); - if (p == NULL) - return BADCH0; - byte = (p - hex) << 4; - src++; - - p = strchr(hex, *src); - if (p == NULL) - p = strchr(hex, tolower(*src)); - if (p == NULL) - return BADCH1; - byte |= (p - hex); - - *dst = byte; - return 1; -} - -/* - - unb64 - convert four ASCII base64 digits to three bytes - * Note that a base64 digit group is padded out with '=' if it represents - * less than three bytes: one byte is dd==, two is ddd=, three is dddd. - */ -static int /* number of result bytes, or error code */ -unb64(src, dst, dstlen) -const char *src; /* known to be full length */ -char *dst; -size_t dstlen; -{ - char *p; - unsigned byte1; - unsigned byte2; - static char base64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - - if (dstlen < 3) - return SHORT; - - p = strchr(base64, *src++); - - if (p == NULL) - return BADCH0; - byte1 = (p - base64) << 2; /* first six bits */ - - p = strchr(base64, *src++); - if (p == NULL) { - return BADCH1; - } - - byte2 = p - base64; /* next six: two plus four */ - *dst++ = byte1 | (byte2 >> 4); - byte1 = (byte2 & 0xf) << 4; - - p = strchr(base64, *src++); - if (p == NULL) { - if (*(src-1) == '=' && *src == '=') { - if (byte1 != 0) /* bad padding */ - return BADPAD; - return 1; - } - return BADCH2; - } - - byte2 = p - base64; /* next six: four plus two */ - *dst++ = byte1 | (byte2 >> 2); - byte1 = (byte2 & 0x3) << 6; - - p = strchr(base64, *src++); - if (p == NULL) { - if (*(src-1) == '=') { - if (byte1 != 0) /* bad padding */ - return BADPAD; - return 2; - } - return BADCH3; - } - byte2 = p - base64; /* last six */ - *dst++ = byte1 | byte2; - - return 3; -} - -/* - - untext - convert one ASCII character to byte - */ -static int /* number of result bytes, or error code */ -untext(src, dst, dstlen) -const char *src; /* known to be full length */ -char *dst; -size_t dstlen; /* not large enough is a failure */ -{ - if (dstlen < 1) - return SHORT; - - *dst = *src; - return 1; -} - -/* - - badch - produce a nice complaint about an unknown character - * - * If the compiler complains that the array bigenough[] has a negative - * size, that means the TTODATAV_BUF constant has been set too small. - */ -static const char * /* literal or errp */ -badch(src, errcode, errp, errlen) -const char *src; -int errcode; -char *errp; /* might be NULL */ -size_t errlen; -{ - static const char pre[] = "unknown character (`"; - static const char suf[] = "') in input"; - char buf[5]; -# define REQD (sizeof(pre) - 1 + sizeof(buf) - 1 + sizeof(suf)) - struct sizecheck { - char bigenough[TTODATAV_BUF - REQD]; /* see above */ - }; - char ch; - - if (errp == NULL || errlen < REQD) - return "unknown character in input"; - strcpy(errp, pre); - ch = *(src + BADOFF(errcode)); - if (isprint(ch)) { - buf[0] = ch; - buf[1] = '\0'; - } else { - buf[0] = '\\'; - buf[1] = ((ch & 0700) >> 6) + '0'; - buf[2] = ((ch & 0070) >> 3) + '0'; - buf[3] = ((ch & 0007) >> 0) + '0'; - buf[4] = '\0'; - } - strcat(errp, buf); - strcat(errp, suf); - return (const char *)errp; -} - - - -#ifdef TTODATA_MAIN - -#include - -struct artab; -static void check(struct artab *r, char *buf, size_t n, err_t oops, int *status); -static void regress(char *pgm); -static void hexout(const char *s, size_t len, FILE *f); - -/* - - main - convert first argument to hex, or run regression - */ -int -main(int argc, char *argv[]) -{ - char buf[1024]; - char buf2[1024]; - char err[512]; - size_t n; - size_t i; - char *p = buf; - char *p2 = buf2; - char *pgm = argv[0]; - const char *oops; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {0x|0s|-r}\n", pgm); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(pgm); /* should not return */ - fprintf(stderr, "%s: regress() returned?!?\n", pgm); - exit(1); - } - - oops = ttodatav(argv[1], 0, 0, buf, sizeof(buf), &n, - err, sizeof(err), TTODATAV_IGNORESPACE); - if (oops != NULL) { - fprintf(stderr, "%s: ttodata error `%s' in `%s'\n", pgm, - oops, argv[1]); - exit(1); - } - - if (n > sizeof(buf)) { - p = (char *)malloc((size_t)n); - if (p == NULL) { - fprintf(stderr, - "%s: unable to malloc %d bytes for result\n", - pgm, n); - exit(1); - } - oops = ttodata(argv[1], 0, 0, p, n, &n); - if (oops != NULL) { - fprintf(stderr, "%s: error `%s' in ttodata retry?!?\n", - pgm, oops); - exit(1); - } - } - - hexout(p, n, stdout); - printf("\n"); - - i = datatot(buf, n, 'h', buf2, sizeof(buf2)); - if (i == 0) { - fprintf(stderr, "%s: datatot reports error in `%s'\n", pgm, - argv[1]); - exit(1); - } - - if (i > sizeof(buf2)) { - p2 = (char *)malloc((size_t)i); - if (p == NULL) { - fprintf(stderr, - "%s: unable to malloc %d bytes for result\n", - pgm, i); - exit(1); - } - i = datatot(buf, n, 'h', p2, i); - if (i == 0) { - fprintf(stderr, "%s: error in datatoa retry?!?\n", pgm); - exit(1); - } - } - - printf("%s\n", p2); - - exit(0); -} - -/* - - hexout - output an arbitrary-length string in hex - */ -static void -hexout(s, len, f) -const char *s; -size_t len; -FILE *f; -{ - size_t i; - - fprintf(f, "0x"); - for (i = 0; i < len; i++) - fprintf(f, "%02x", (unsigned char)s[i]); -} - -struct artab { - int base; -# define IGNORESPACE_BIAS 1000 - char *ascii; /* NULL for end */ - char *data; /* NULL for error expected */ -} atodatatab[] = { - { 0, "", NULL, }, - { 0, "0", NULL, }, - { 0, "0x", NULL, }, - { 0, "0xa", NULL, }, - { 0, "0xab", "\xab", }, - { 0, "0xabc", NULL, }, - { 0, "0xabcd", "\xab\xcd", }, - { 0, "0x0123456789", "\x01\x23\x45\x67\x89", }, - { 0, "0x01x", NULL, }, - { 0, "0xabcdef", "\xab\xcd\xef", }, - { 0, "0xABCDEF", "\xab\xcd\xef", }, - { 0, "0XaBc0eEd81f", "\xab\xc0\xee\xd8\x1f", }, - { 0, "0XaBc0_eEd8", "\xab\xc0\xee\xd8", }, - { 0, "0XaBc0_", NULL, }, - { 0, "0X_aBc0", NULL, }, - { 0, "0Xa_Bc0", NULL, }, - { 16, "aBc0eEd8", "\xab\xc0\xee\xd8", }, - { 0, "0s", NULL, }, - { 0, "0sA", NULL, }, - { 0, "0sBA", NULL, }, - { 0, "0sCBA", NULL, }, - { 0, "0sDCBA", "\x0c\x20\x40", }, - { 0, "0SDCBA", "\x0c\x20\x40", }, - { 0, "0sDA==", "\x0c", }, - { 0, "0sDC==", NULL, }, - { 0, "0sDCA=", "\x0c\x20", }, - { 0, "0sDCB=", NULL, }, - { 0, "0sDCAZ", "\x0c\x20\x19", }, - { 0, "0sDCAa", "\x0c\x20\x1a", }, - { 0, "0sDCAz", "\x0c\x20\x33", }, - { 0, "0sDCA0", "\x0c\x20\x34", }, - { 0, "0sDCA9", "\x0c\x20\x3d", }, - { 0, "0sDCA+", "\x0c\x20\x3e", }, - { 0, "0sDCA/", "\x0c\x20\x3f", }, - { 0, "0sAbraCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0s AbraCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sA braCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAb raCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbr aCadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbra Cadabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraC adabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCa dabra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCad abra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCada bra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCadab ra+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCadabr a+", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCadabra +", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { IGNORESPACE_BIAS + 0, "0sAbraCadabra+ ", "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", }, - { 0, "0t", NULL, }, - { 0, "0tabc_xyz", "abc_xyz", }, - { 256, "abc_xyz", "abc_xyz", }, - { 0, NULL, NULL, }, -}; - -struct drtab { - char *data; /* input; NULL for end */ - char format; - int buflen; /* -1 means big buffer */ - int outlen; /* -1 means strlen(ascii)+1 */ - char *ascii; /* NULL for error expected */ -} datatoatab[] = { - { "", 'x', -1, -1, NULL, }, - { "", 'X', -1, -1, NULL, }, - { "", 'n', -1, -1, NULL, }, - { "0", 'x', -1, -1, "0x30", }, - { "0", 'x', 0, 5, "---", }, - { "0", 'x', 1, 5, "", }, - { "0", 'x', 2, 5, "0", }, - { "0", 'x', 3, 5, "0x", }, - { "0", 'x', 4, 5, "0x3", }, - { "0", 'x', 5, 5, "0x30", }, - { "0", 'x', 6, 5, "0x30", }, - { "\xab\xcd", 'x', -1, -1, "0xabcd", }, - { "\x01\x23\x45\x67\x89", 'x', -1, -1, "0x0123456789", }, - { "\xab\xcd\xef", 'x', -1, -1, "0xabcdef", }, - { "\xab\xc0\xee\xd8\x1f", 'x', -1, -1, "0xabc0eed81f", }, - { "\x01\x02", 'h', -1, -1, "0x0102", }, - { "\x01\x02\x03\x04\x05\x06", 'h', -1, -1, "0x01020304_0506", }, - { "\xab\xc0\xee\xd8\x1f", 16, -1, -1, "abc0eed81f", }, - { "\x0c\x20\x40", 's', -1, -1, "0sDCBA", }, - { "\x0c\x20\x40", 's', 0, 7, "---", }, - { "\x0c\x20\x40", 's', 1, 7, "", }, - { "\x0c\x20\x40", 's', 2, 7, "0", }, - { "\x0c\x20\x40", 's', 3, 7, "0s", }, - { "\x0c\x20\x40", 's', 4, 7, "0sD", }, - { "\x0c\x20\x40", 's', 5, 7, "0sDC", }, - { "\x0c\x20\x40", 's', 6, 7, "0sDCB", }, - { "\x0c\x20\x40", 's', 7, 7, "0sDCBA", }, - { "\x0c\x20\x40", 's', 8, 7, "0sDCBA", }, - { "\x0c", 's', -1, -1, "0sDA==", }, - { "\x0c\x20", 's', -1, -1, "0sDCA=", }, - { "\x0c\x20\x19", 's', -1, -1, "0sDCAZ", }, - { "\x0c\x20\x1a", 's', -1, -1, "0sDCAa", }, - { "\x0c\x20\x33", 's', -1, -1, "0sDCAz", }, - { "\x0c\x20\x34", 's', -1, -1, "0sDCA0", }, - { "\x0c\x20\x3d", 's', -1, -1, "0sDCA9", }, - { "\x0c\x20\x3e", 's', -1, -1, "0sDCA+", }, - { "\x0c\x20\x3f", 's', -1, -1, "0sDCA/", }, - { "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", 's', -1, -1, "0sAbraCadabra+", }, - { "\x01\xba\xda\x09\xa7\x5a\x6e\xb6\xbe", 64, -1, -1, "AbraCadabra+", }, - { NULL, 'x', -1, -1, NULL, }, -}; - -/* - - regress - regression-test ttodata() and datatot() - */ -static void -check(r, buf, n, oops, status) -struct artab *r; -char *buf; -size_t n; -err_t oops; -int *status; -{ - if (oops != NULL && r->data == NULL) - {} /* error expected */ - else if (oops != NULL) { - printf("`%s' gave error `%s', expecting %d `", r->ascii, - oops, strlen(r->data)); - hexout(r->data, strlen(r->data), stdout); - printf("'\n"); - *status = 1; - } else if (r->data == NULL) { - printf("`%s' gave %d `", r->ascii, n); - hexout(buf, n, stdout); - printf("', expecting error\n"); - *status = 1; - } else if (n != strlen(r->data)) { - printf("length wrong in `%s': got %d `", r->ascii, n); - hexout(buf, n, stdout); - printf("', expecting %d `", strlen(r->data)); - hexout(r->data, strlen(r->data), stdout); - printf("'\n"); - *status = 1; - } else if (memcmp(buf, r->data, n) != 0) { - printf("`%s' gave %d `", r->ascii, n); - hexout(buf, n, stdout); - printf("', expecting %d `", strlen(r->data)); - hexout(r->data, strlen(r->data), stdout); - printf("'\n"); - *status = 1; - } - fflush(stdout); -} - -static void /* should not return at all, in fact */ -regress(pgm) -char *pgm; -{ - struct artab *r; - struct drtab *dr; - char buf[100]; - size_t n; - int status = 0; - - for (r = atodatatab; r->ascii != NULL; r++) { - int base = r->base; - int xbase = 0; - - if ((base == 0 || base == IGNORESPACE_BIAS + 0) && r->ascii[0] == '0') { - switch (r->ascii[1]) { - case 'x': - case 'X': - xbase = 16; - break; - case 's': - case 'S': - xbase = 64; - break; - case 't': - case 'T': - xbase = 256; - break; - } - } - - if (base >= IGNORESPACE_BIAS) { - base = base - IGNORESPACE_BIAS; - check(r, buf, n, ttodatav(r->ascii, 0, base, buf, sizeof(buf), &n, NULL, 0, TTODATAV_IGNORESPACE), &status); - if (xbase != 0) - check(r, buf, n, ttodatav(r->ascii+2, 0, xbase, buf, sizeof(buf), &n, NULL, 0, TTODATAV_IGNORESPACE), &status); - } else { - check(r, buf, n, ttodata(r->ascii, 0, base, buf, sizeof(buf), &n), &status); - if (base == 64 || xbase == 64) - check(r, buf, n, ttodatav(r->ascii, 0, base, buf, sizeof(buf), &n, NULL, 0, TTODATAV_IGNORESPACE), &status); - if (xbase != 0) { - check(r, buf, n, ttodata(r->ascii+2, 0, xbase, buf, sizeof(buf), &n), &status); - if (base == 64 || xbase == 64) - check(r, buf, n, ttodatav(r->ascii+2, 0, xbase, buf, sizeof(buf), &n, NULL, 0, TTODATAV_IGNORESPACE), &status); - } - } - } - for (dr = datatoatab; dr->data != NULL; dr++) { - size_t should; - - strcpy(buf, "---"); - n = datatot(dr->data, strlen(dr->data), dr->format, buf, - (dr->buflen == -1) ? sizeof(buf) : dr->buflen); - should = (dr->ascii == NULL) ? 0 : strlen(dr->ascii) + 1; - if (dr->outlen != -1) - should = dr->outlen; - if (n == 0 && dr->ascii == NULL) - {} /* error expected */ - else if (n == 0) { - printf("`"); - hexout(dr->data, strlen(dr->data), stdout); - printf("' %c gave error, expecting %d `%s'\n", - dr->format, should, dr->ascii); - status = 1; - } else if (dr->ascii == NULL) { - printf("`"); - hexout(dr->data, strlen(dr->data), stdout); - printf("' %c gave %d `%.*s', expecting error\n", - dr->format, n, (int)n, buf); - status = 1; - } else if (n != should) { - printf("length wrong in `"); - hexout(dr->data, strlen(dr->data), stdout); - printf("': got %d `%s'", n, buf); - printf(", expecting %d `%s'\n", should, dr->ascii); - status = 1; - } else if (strcmp(buf, dr->ascii) != 0) { - printf("`"); - hexout(dr->data, strlen(dr->data), stdout); - printf("' gave %d `%s'", n, buf); - printf(", expecting %d `%s'\n", should, dr->ascii); - status = 1; - } - fflush(stdout); - } - exit(status); -} - -#endif /* TTODATA_MAIN */ diff --git a/linux/lib/libfreeswan/ttoprotoport.c b/linux/lib/libfreeswan/ttoprotoport.c deleted file mode 100644 index 46321838c..000000000 --- a/linux/lib/libfreeswan/ttoprotoport.c +++ /dev/null @@ -1,103 +0,0 @@ -/* - * conversion from protocol/port string to protocol and port - * Copyright (C) 2002 Mario Strasser , - * Zuercher Hochschule Winterthur, - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ttoprotoport.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ - -#include "internal.h" -#include "freeswan.h" - -/* - * ttoprotoport - converts from protocol/port string to protocol and port - */ -err_t -ttoprotoport(src, src_len, proto, port, has_port_wildcard) -char *src; /* input string */ -size_t src_len; /* length of input string, use strlen() if 0 */ -u_int8_t *proto; /* extracted protocol number */ -u_int16_t *port; /* extracted port number if it exists */ -int *has_port_wildcard; /* set if port is %any */ -{ - char *end, *service_name; - char proto_name[16]; - int proto_len; - long int l; - struct protoent *protocol; - struct servent *service; - - /* get the length of the string */ - if (!src_len) src_len = strlen(src); - - /* locate delimiter '/' between protocol and port */ - end = strchr(src, '/'); - if (end != NULL) { - proto_len = end - src; - service_name = end + 1; - } else { - proto_len = src_len; - service_name = src + src_len; - } - - /* copy protocol name*/ - memset(proto_name, '\0', sizeof(proto_name)); - memcpy(proto_name, src, proto_len); - - /* extract protocol by trying to resolve it by name */ - protocol = getprotobyname(proto_name); - if (protocol != NULL) { - *proto = protocol->p_proto; - } - else /* failed, now try it by number */ - { - l = strtol(proto_name, &end, 0); - - if (*proto_name && *end) - return " is neither a number nor a valid name"; - - if (l < 0 || l > 0xff) - return " must be between 0 and 255"; - - *proto = (u_int8_t)l; - } - - /* is there a port wildcard? */ - *has_port_wildcard = (strcmp(service_name, "%any") == 0); - - if (*has_port_wildcard) - { - *port = 0; - return NULL; - } - - /* extract port by trying to resolve it by name */ - service = getservbyname(service_name, NULL); - if (service != NULL) { - *port = ntohs(service->s_port); - } - else /* failed, now try it by number */ - { - l = strtol(service_name, &end, 0); - - if (*service_name && *end) - return " is neither a number nor a valid name"; - - if (l < 0 || l > 0xffff) - return " must be between 0 and 65535"; - - *port = (u_int16_t)l; - } - return NULL; -} - diff --git a/linux/lib/libfreeswan/ttosa.3 b/linux/lib/libfreeswan/ttosa.3 deleted file mode 100644 index bf918e108..000000000 --- a/linux/lib/libfreeswan/ttosa.3 +++ /dev/null @@ -1,288 +0,0 @@ -.TH IPSEC_TTOSA 3 "26 Nov 2001" -.\" RCSID $Id: ttosa.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec ttosa, satot \- convert IPsec Security Association IDs to and from text -.br -ipsec initsaid \- initialize an SA ID -.SH SYNOPSIS -.B "#include -.sp -.B "typedef struct {" -.ti +1c -.B "ip_address dst;" -.ti +1c -.B "ipsec_spi_t spi;" -.ti +1c -.B "int proto;" -.br -.B "} ip_said;" -.sp -.B "const char *ttosa(const char *src, size_t srclen," -.ti +1c -.B "ip_said *sa); -.br -.B "size_t satot(const ip_said *sa, int format," -.ti +1c -.B "char *dst, size_t dstlen);" -.br -.B "void initsaid(const ip_address *addr, ipsec_spi_t spi," -.ti +1c -.B "int proto, ip_said *dst);" -.SH DESCRIPTION -.I Ttosa -converts an ASCII Security Association (SA) specifier into an -.B ip_said -structure (containing -a destination-host address -in network byte order, -an SPI number in network byte order, and -a protocol code). -.I Satot -does the reverse conversion, back to a text SA specifier. -.I Initsaid -initializes an -.B ip_said -from separate items of information. -.PP -An SA is specified in text with a mail-like syntax, e.g. -.BR esp.5a7@1.2.3.4 . -An SA specifier contains -a protocol prefix (currently -.BR ah , -.BR esp , -.BR tun , -.BR comp , -or -.BR int ), -a single character indicating the address family -.RB ( . -for IPv4, -.B : -for IPv6), -an unsigned integer SPI number in hexadecimal (with no -.B 0x -prefix), -and an IP address. -The IP address can be any form accepted by -.IR ipsec_ttoaddr (3), -e.g. dotted-decimal IPv4 address, -colon-hex IPv6 address, -or DNS name. -.PP -As a special case, the SA specifier -.B %passthrough4 -or -.B %passthrough6 -signifies the special SA used to indicate that packets should be -passed through unaltered. -(At present, these are synonyms for -.B tun.0@0.0.0.0 -and -.B tun:0@:: -respectively, -but that is subject to change without notice.) -.B %passthrough -is a historical synonym for -.BR %passthrough4 . -These forms are known to both -.I ttosa -and -.IR satot , -so the internal representation is never visible. -.PP -Similarly, the SA specifiers -.BR %pass , -.BR %drop , -.BR %reject , -.BR %hold , -.BR %trap , -and -.BR %trapsubnet -signify special ``magic'' SAs used to indicate that packets should be -passed, dropped, rejected (dropped with ICMP notification), -held, -and trapped (sent up to -.IR ipsec_pluto (8), -with either of two forms of -.B %hold -automatically installed) -respectively. -These forms too are known to both routines, -so the internal representation of the magic SAs should never be visible. -.PP -The -.B -header file supplies the -.B ip_said -structure, as well as a data type -.B ipsec_spi_t -which is an unsigned 32-bit integer. -(There is no consistency between kernel and user on what such a type -is called, hence the header hides the differences.) -.PP -The protocol code uses the same numbers that IP does. -For user convenience, given the difficulty in acquiring the exact set of -protocol names used by the kernel, -.B -defines the names -.BR SA_ESP , -.BR SA_AH , -.BR SA_IPIP , -and -.BR SA_COMP -to have the same values as the kernel names -.BR IPPROTO_ESP , -.BR IPPROTO_AH , -.BR IPPROTO_IPIP , -and -.BR IPPROTO_COMP . -.PP -.B -also defines -.BR SA_INT -to have the value -.BR 61 -(reserved by IANA for ``any host internal protocol'') -and -.BR SPI_PASS , -.BR SPI_DROP , -.BR SPI_REJECT , -.BR SPI_HOLD , -and -.B SPI_TRAP -to have the values 256-260 (in \fIhost\fR byte order) respectively. -These are used in constructing the magic SAs -(which always have address -.BR 0.0.0.0 ). -.PP -If -.I satot -encounters an unknown protocol code, e.g. 77, -it yields output using a prefix -showing the code numerically, e.g. ``unk77''. -This form is -.I not -recognized by -.IR ttosa . -.PP -The -.I srclen -parameter of -.I ttosa -specifies the length of the string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I dstlen -parameter of -.I satot -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.B -header file defines a constant, -.BR SATOT_BUF , -which is the size of a buffer just large enough for worst-case results. -.PP -The -.I format -parameter of -.I satot -specifies what format is to be used for the conversion. -The value -.B 0 -(not the ASCII character -.BR '0' , -but a zero value) -specifies a reasonable default -(currently -lowercase protocol prefix, lowercase hexadecimal SPI, -dotted-decimal or colon-hex address). -The value -.B 'f' -is similar except that the SPI is padded with -.BR 0 s -to a fixed 32-bit width, to ease aligning displayed tables. -.PP -.I Ttosa -returns -.B NULL -for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.I Satot -returns -.B 0 -for a failure, and otherwise -always returns the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL; -it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred. -.PP -There is also, temporarily, support for some obsolete -forms of SA specifier which lack the address-family indicator. -.SH SEE ALSO -ipsec_ttoul(3), ipsec_ttoaddr(3), ipsec_samesaid(3), inet(3) -.SH DIAGNOSTICS -Fatal errors in -.I ttosa -are: -empty input; -input too small to be a legal SA specifier; -no -.B @ -in input; -unknown protocol prefix; -conversion error in -.I ttoul -or -.IR ttoaddr . -.PP -Fatal errors in -.I satot -are: -unknown format. -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -The restriction of text-to-binary error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The text-to-binary error-reporting convention lends itself -to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = ttosa( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/linux/lib/libfreeswan/ttosa.c b/linux/lib/libfreeswan/ttosa.c deleted file mode 100644 index aa2283694..000000000 --- a/linux/lib/libfreeswan/ttosa.c +++ /dev/null @@ -1,280 +0,0 @@ -/* - * convert from text form of SA ID to binary - * Copyright (C) 2000, 2001 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ttosa.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -static struct satype { - char *prefix; - size_t prelen; /* strlen(prefix) */ - int proto; -} satypes[] = { - { "ah", 2, SA_AH }, - { "esp", 3, SA_ESP }, - { "tun", 3, SA_IPIP }, - { "comp", 4, SA_COMP }, - { "int", 3, SA_INT }, - { NULL, 0, 0, } -}; - -static struct magic { - char *name; - char *really; -} magic[] = { - { PASSTHROUGHNAME, PASSTHROUGH4IS }, - { PASSTHROUGH4NAME, PASSTHROUGH4IS }, - { PASSTHROUGH6NAME, PASSTHROUGH6IS }, - { "%pass", "int256@0.0.0.0" }, - { "%drop", "int257@0.0.0.0" }, - { "%reject", "int258@0.0.0.0" }, - { "%hold", "int259@0.0.0.0" }, - { "%trap", "int260@0.0.0.0" }, - { "%trapsubnet", "int261@0.0.0.0" }, - { NULL, NULL } -}; - -/* - - ttosa - convert text "ah507@10.0.0.1" to SA identifier - */ -err_t /* NULL for success, else string literal */ -ttosa(src, srclen, sa) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -ip_said *sa; -{ - const char *at; - const char *addr; - size_t alen; - const char *spi = NULL; - struct satype *sat; - unsigned long ul; - const char *oops; - struct magic *mp; - size_t nlen; -# define MINLEN 5 /* ah0@0 is as short as it can get */ - int af; - int base; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - if (srclen < MINLEN) - return "string too short to be SA identifier"; - if (*src == '%') { - for (mp = magic; mp->name != NULL; mp++) { - nlen = strlen(mp->name); - if (srclen == nlen && memcmp(src, mp->name, nlen) == 0) - break; - } - if (mp->name == NULL) - return "unknown % keyword"; - src = mp->really; - srclen = strlen(src); - } - - at = memchr(src, '@', srclen); - if (at == NULL) - return "no @ in SA specifier"; - - for (sat = satypes; sat->prefix != NULL; sat++) - if (sat->prelen < srclen && - strncmp(src, sat->prefix, sat->prelen) == 0) { - sa->proto = sat->proto; - spi = src + sat->prelen; - break; /* NOTE BREAK OUT */ - } - if (sat->prefix == NULL) - return "SA specifier lacks valid protocol prefix"; - - if (spi >= at) - return "no SPI in SA specifier"; - switch (*spi) { - case '.': - af = AF_INET; - spi++; - base = 16; - break; - case ':': - af = AF_INET6; - spi++; - base = 16; - break; - default: - af = AF_UNSPEC; /* not known yet */ - base = 0; - break; - } - if (spi >= at) - return "no SPI found in SA specifier"; - oops = ttoul(spi, at - spi, base, &ul); - if (oops != NULL) - return oops; - sa->spi = htonl(ul); - - addr = at + 1; - alen = srclen - (addr - src); - if (af == AF_UNSPEC) - af = (memchr(addr, ':', alen) != NULL) ? AF_INET6 : AF_INET; - oops = ttoaddr(addr, alen, af, &sa->dst); - if (oops != NULL) - return oops; - - return NULL; -} - - - -#ifdef TTOSA_MAIN - -#include - -void regress(void); - -int -main(int argc, char *argv[]) -{ - ip_said sa; - char buf[100]; - char buf2[100]; - const char *oops; - size_t n; - - if (argc < 2) { - fprintf(stderr, "Usage: %s {ahnnn@aaa|-r}\n", argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - oops = ttosa(argv[1], 0, &sa); - if (oops != NULL) { - fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); - exit(1); - } - n = satot(&sa, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conv of `%d'", argv[0], sa.proto); - fprintf(stderr, "%lx@", (long unsigned int)sa.spi); - (void) addrtot(&sa.dst, 0, buf2, sizeof(buf2)); - fprintf(stderr, "%s", buf2); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - int format; -# define FUDGE 0x1000 - char *input; - char *output; /* NULL means error expected */ -} rtab[] = { - {0, "esp257@1.2.3.0", "esp.101@1.2.3.0"}, - {0, "ah0x20@1.2.3.4", "ah.20@1.2.3.4"}, - {0, "tun20@1.2.3.4", "tun.14@1.2.3.4"}, - {0, "comp20@1.2.3.4", "comp.14@1.2.3.4"}, - {0, "esp257@::1", "esp:101@::1"}, - {0, "esp257@0bc:12de::1", "esp:101@bc:12de::1"}, - {0, "esp78@1049:1::8007:2040", "esp:4e@1049:1::8007:2040"}, - {0, "esp0x78@1049:1::8007:2040", "esp:78@1049:1::8007:2040"}, - {0, "ah78@1049:1::8007:2040", "ah:4e@1049:1::8007:2040"}, - {0, "ah0x78@1049:1::8007:2040", "ah:78@1049:1::8007:2040"}, - {0, "tun78@1049:1::8007:2040", "tun:4e@1049:1::8007:2040"}, - {0, "tun0x78@1049:1::8007:2040", "tun:78@1049:1::8007:2040"}, - {0, "duk99@3ffe:370:400:ff::9001:3001", NULL}, - {0, "esp78x@1049:1::8007:2040", NULL}, - {0, "esp0x78@1049:1:0xfff::8007:2040", NULL}, - {0, "es78@1049:1::8007:2040", NULL}, - {0, "", NULL}, - {0, "_", NULL}, - {0, "ah2.2", NULL}, - {0, "goo2@1.2.3.4", NULL}, - {0, "esp9@1.2.3.4", "esp.9@1.2.3.4"}, - {'f', "esp0xa9@1.2.3.4", "esp.000000a9@1.2.3.4"}, - {0, "espp9@1.2.3.4", NULL}, - {0, "es9@1.2.3.4", NULL}, - {0, "ah@1.2.3.4", NULL}, - {0, "esp7x7@1.2.3.4", NULL}, - {0, "esp77@1.0x2.3.4", NULL}, - {0, PASSTHROUGHNAME, PASSTHROUGH4NAME}, - {0, PASSTHROUGH6NAME, PASSTHROUGH6NAME}, - {0, "%pass", "%pass"}, - {0, "int256@0.0.0.0", "%pass"}, - {0, "%drop", "%drop"}, - {0, "int257@0.0.0.0", "%drop"}, - {0, "%reject", "%reject"}, - {0, "int258@0.0.0.0", "%reject"}, - {0, "%hold", "%hold"}, - {0, "int259@0.0.0.0", "%hold"}, - {0, "%trap", "%trap"}, - {0, "int260@0.0.0.0", "%trap"}, - {0, "%trapsubnet", "%trapsubnet"}, - {0, "int261@0.0.0.0", "%trapsubnet"}, - {0, "int262@0.0.0.0", "int.106@0.0.0.0"}, - {FUDGE, "esp9@1.2.3.4", "unk77.9@1.2.3.4"}, - {0, NULL, NULL} -}; - -void -regress(void) -{ - struct rtab *r; - int status = 0; - ip_said sa; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - - for (r = rtab; r->input != NULL; r++) { - strcpy(in, r->input); - oops = ttosa(in, 0, &sa); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s' ttosa failed: %s\n", r->input, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s' ttosa succeeded unexpectedly\n", - r->input); - status = 1; - } else { - if (r->format&FUDGE) - sa.proto = 77; - n = satot(&sa, (char)r->format, buf, sizeof(buf)); - if (n > sizeof(buf)) { - printf("`%s' satot failed: need %ld\n", - r->input, (long)n); - status = 1; - } else if (strcmp(r->output, buf) != 0) { - printf("`%s' gave `%s', expected `%s'\n", - r->input, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* TTOSA_MAIN */ diff --git a/linux/lib/libfreeswan/ttosubnet.c b/linux/lib/libfreeswan/ttosubnet.c deleted file mode 100644 index 7f5cddb82..000000000 --- a/linux/lib/libfreeswan/ttosubnet.c +++ /dev/null @@ -1,296 +0,0 @@ -/* - * convert from text form of subnet specification to binary - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ttosubnet.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -#ifndef DEFAULTSUBNET -#define DEFAULTSUBNET "%default" -#endif - -/* - - ttosubnet - convert text "addr/mask" to address and mask - * Mask can be integer bit count. - */ -err_t -ttosubnet(src, srclen, af, dst) -const char *src; -size_t srclen; /* 0 means "apply strlen" */ -int af; /* AF_INET or AF_INET6 */ -ip_subnet *dst; -{ - const char *slash; - const char *colon; - const char *mask; - size_t mlen; - const char *oops; - unsigned long bc; - static char def[] = DEFAULTSUBNET; -# define DEFLEN (sizeof(def) - 1) /* -1 for NUL */ - static char defis4[] = "0/0"; -# define DEFIS4LEN (sizeof(defis4) - 1) - static char defis6[] = "::/0"; -# define DEFIS6LEN (sizeof(defis6) - 1) - ip_address addrtmp; - ip_address masktmp; - int nbits; - int i; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - switch (af) { - case AF_INET: - nbits = 32; - break; - case AF_INET6: - nbits = 128; - break; - default: - return "unknown address family in ttosubnet"; - break; - } - - if (srclen == DEFLEN && strncmp(src, def, srclen) == 0) { - src = (af == AF_INET) ? defis4 : defis6; - srclen = (af == AF_INET) ? DEFIS4LEN : DEFIS6LEN; - } - - slash = memchr(src, '/', srclen); - if (slash == NULL) - return "no / in subnet specification"; - mask = slash + 1; - mlen = srclen - (mask - src); - - oops = ttoaddr(src, slash-src, af, &addrtmp); - if (oops != NULL) - return oops; - - /* extract port */ - colon = memchr(mask, ':', mlen); - if (colon == 0) - { - setportof(0, &addrtmp); - } - else - { - long port; - - oops = ttoul(colon+1, mlen-(colon-mask+1), 10, &port); - if (oops != NULL) - return oops; - setportof(htons(port), &addrtmp); - mlen = colon - mask; - } - - /*extract mask */ - oops = ttoul(mask, mlen, 10, &bc); - if (oops == NULL) { - /* ttoul succeeded, it's a bit-count mask */ - if (bc > nbits) - return "subnet mask bit count too large"; - i = bc; - } else { - oops = ttoaddr(mask, mlen, af, &masktmp); - if (oops != NULL) - return oops; - i = masktocount(&masktmp); - if (i < 0) - return "non-contiguous or otherwise erroneous mask"; - } - - return initsubnet(&addrtmp, i, '0', dst); -} - - - -#ifdef TTOSUBNET_MAIN - -#include - -void regress(void); - -int main(int argc, char *argv[]) -{ - ip_subnet s; - char buf[100]; - char buf2[100]; - const char *oops; - size_t n; - int af; - char *p; - - if (argc < 2) { - fprintf(stderr, "Usage: %s [-6] addr/mask\n", argv[0]); - fprintf(stderr, " or: %s -r\n", argv[0]); - exit(2); - } - - if (strcmp(argv[1], "-r") == 0) { - regress(); - fprintf(stderr, "regress() returned?!?\n"); - exit(1); - } - - af = AF_INET; - p = argv[1]; - if (strcmp(argv[1], "-6") == 0) { - af = AF_INET6; - p = argv[2]; - } else if (strchr(argv[1], ':') != NULL) - af = AF_INET6; - - oops = ttosubnet(p, 0, af, &s); - if (oops != NULL) { - fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops); - exit(1); - } - n = subnettot(&s, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - fprintf(stderr, "%s: reverse conversion of ", argv[0]); - (void) addrtot(&s.addr, 0, buf2, sizeof(buf2)); - fprintf(stderr, "%s/", buf2); - fprintf(stderr, "%d", s.maskbits); - fprintf(stderr, " failed: need %ld bytes, have only %ld\n", - (long)n, (long)sizeof(buf)); - exit(1); - } - printf("%s\n", buf); - - exit(0); -} - -struct rtab { - int family; - char *input; - char *output; /* NULL means error expected */ -} rtab[] = { - {4, "1.2.3.0/255.255.255.0", "1.2.3.0/24"}, - {4, "1.2.3.0/24", "1.2.3.0/24"}, - {4, "1.2.3.0/24:10", "1.2.3.0/24:10"}, - {4, "1.2.3.0/24:-1", NULL}, - {4, "1.2.3.0/24:none", NULL}, - {4, "1.2.3.0/24:", NULL}, - {4, "1.2.3.0/24:0x10", "1.2.3.0/24:16"}, - {4, "1.2.3.0/24:0X10", "1.2.3.0/24:16"}, - {4, "1.2.3.0/24:010", "1.2.3.0/24:8"}, - {4, "1.2.3.1/255.255.255.240", "1.2.3.0/28"}, - {4, "1.2.3.1/32", "1.2.3.1/32"}, - {4, "1.2.3.1/0", "0.0.0.0/0"}, -/* {4, "1.2.3.1/255.255.127.0", "1.2.3.0/255.255.127.0"}, */ - {4, "1.2.3.1/255.255.127.0", NULL}, - {4, "128.009.000.032/32", "128.9.0.32/32"}, - {4, "128.0x9.0.32/32", NULL}, - {4, "0x80090020/32", "128.9.0.32/32"}, - {4, "0x800x0020/32", NULL}, - {4, "128.9.0.32/0xffFF0000", "128.9.0.0/16"}, - {4, "128.9.0.32/0xff0000FF", NULL}, - {4, "128.9.0.32/0x0000ffFF", NULL}, - {4, "128.9.0.32/0x00ffFF0000", NULL}, - {4, "128.9.0.32/0xffFF", NULL}, - {4, "128.9.0.32.27/32", NULL}, - {4, "128.9.0k32/32", NULL}, - {4, "328.9.0.32/32", NULL}, - {4, "128.9..32/32", NULL}, - {4, "10/8", "10.0.0.0/8"}, - {4, "10.0/8", "10.0.0.0/8"}, - {4, "10.0.0/8", "10.0.0.0/8"}, - {4, "10.0.1/24", "10.0.1.0/24"}, - {4, "_", NULL}, - {4, "_/_", NULL}, - {4, "1.2.3.1", NULL}, - {4, "1.2.3.1/_", NULL}, - {4, "1.2.3.1/24._", NULL}, - {4, "1.2.3.1/99", NULL}, - {4, "localhost/32", "127.0.0.1/32"}, - {4, "%default", "0.0.0.0/0"}, - {6, "3049:1::8007:2040/0", "::/0"}, - {6, "3049:1::8007:2040/128", "3049:1::8007:2040/128"}, - {6, "3049:1::192.168.0.1/128", NULL}, /*"3049:1::c0a8:1/128",*/ - {6, "3049:1::8007::2040/128", NULL}, - {6, "3049:1::8007:2040/ffff::0", "3049::/16"}, - {6, "3049:1::8007:2040/64", "3049:1::/64"}, - {6, "3049:1::8007:2040/ffff::", "3049::/16"}, - {6, "3049:1::8007:2040/0000:ffff::0", NULL}, - {6, "3049:1::8007:2040/ff1f::0", NULL}, - {6, "3049:1::8007:x:2040/128", NULL}, - {6, "3049:1t::8007:2040/128", NULL}, - {6, "3049:1::80071:2040/128", NULL}, - {6, "::/21", "::/21"}, - {6, "::1/128", "::1/128"}, - {6, "1::/21", "1::/21"}, - {6, "1::2/128", "1::2/128"}, - {6, "1:0:0:0:0:0:0:2/128", "1::2/128"}, - {6, "1:0:0:0:3:0:0:2/128", "1::3:0:0:2/128"}, - {6, "1:0:0:3:0:0:0:2/128", "1::3:0:0:0:2/128"}, - {6, "1:0:3:0:0:0:0:2/128", "1:0:3::2/128"}, - {6, "abcd:ef01:2345:6789:0:00a:000:20/128", "abcd:ef01:2345:6789:0:a:0:20/128"}, - {6, "3049:1::8007:2040/ffff:ffff:", NULL}, - {6, "3049:1::8007:2040/ffff:88::", NULL}, - {6, "3049:12::9000:3200/ffff:fff0::", "3049:10::/28"}, - {6, "3049:12::9000:3200/28", "3049:10::/28"}, - {6, "3049:12::9000:3200/ff00:::", NULL}, - {6, "3049:12::9000:3200/ffff:::", NULL}, - {6, "3049:12::9000:3200/128_", NULL}, - {6, "3049:12::9000:3200/", NULL}, - {6, "%default", "::/0"}, - {4, NULL, NULL} -}; - -void -regress(void) -{ - struct rtab *r; - int status = 0; - ip_subnet s; - char in[100]; - char buf[100]; - const char *oops; - size_t n; - int af; - - for (r = rtab; r->input != NULL; r++) { - af = (r->family == 4) ? AF_INET : AF_INET6; - strcpy(in, r->input); - oops = ttosubnet(in, 0, af, &s); - if (oops != NULL && r->output == NULL) - {} /* okay, error expected */ - else if (oops != NULL) { - printf("`%s' ttosubnet failed: %s\n", r->input, oops); - status = 1; - } else if (r->output == NULL) { - printf("`%s' ttosubnet succeeded unexpectedly\n", - r->input); - status = 1; - } else { - n = subnettot(&s, 0, buf, sizeof(buf)); - if (n > sizeof(buf)) { - printf("`%s' subnettot failed: need %ld\n", - r->input, (long)n); - status = 1; - } else if (strcmp(r->output, buf) != 0) { - printf("`%s' gave `%s', expected `%s'\n", - r->input, buf, r->output); - status = 1; - } - } - } - exit(status); -} - -#endif /* TTOSUBNET_MAIN */ diff --git a/linux/lib/libfreeswan/ttoul.3 b/linux/lib/libfreeswan/ttoul.3 deleted file mode 100644 index 67d4bd34f..000000000 --- a/linux/lib/libfreeswan/ttoul.3 +++ /dev/null @@ -1,192 +0,0 @@ -.TH IPSEC_TTOUL 3 "16 Aug 2000" -.\" RCSID $Id: ttoul.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec ttoul, ultot \- convert unsigned-long numbers to and from text -.SH SYNOPSIS -.B "#include -.sp -.B "const char *ttoul(const char *src, size_t srclen," -.ti +1c -.B "int base, unsigned long *n);" -.br -.B "size_t ultot(unsigned long n, int format, char *dst," -.ti +1c -.B "size_t dstlen);" -.SH DESCRIPTION -.I Ttoul -converts a text-string number into a binary -.B "unsigned long" -value. -.I Ultot -does the reverse conversion, back to a text version. -.PP -Numbers are specified in text as -decimal (e.g. -.BR 123 ), -octal with a leading zero (e.g. -.BR 012 , -which has value 10), -or hexadecimal with a leading -.B 0x -(e.g. -.BR 0x1f , -which has value 31) -in either upper or lower case. -.PP -The -.I srclen -parameter of -.I ttoul -specifies the length of the string pointed to by -.IR src ; -it is an error for there to be anything else -(e.g., a terminating NUL) within that length. -As a convenience for cases where an entire NUL-terminated string is -to be converted, -a -.I srclen -value of -.B 0 -is taken to mean -.BR strlen(src) . -.PP -The -.I base -parameter of -.I ttoul -can be -.BR 8 , -.BR 10 , -or -.BR 16 , -in which case the number supplied is assumed to be of that form -(and in the case of -.BR 16 , -to lack any -.B 0x -prefix). -It can also be -.BR 0 , -in which case the number is examined for a leading zero -or a leading -.B 0x -to determine its base. -.PP -The -.I dstlen -parameter of -.I ultot -specifies the size of the -.I dst -parameter; -under no circumstances are more than -.I dstlen -bytes written to -.IR dst . -A result which will not fit is truncated. -.I Dstlen -can be zero, in which case -.I dst -need not be valid and no result is written, -but the return value is unaffected; -in all other cases, the (possibly truncated) result is NUL-terminated. -The -.I freeswan.h -header file defines a constant, -.BR ULTOT_BUF , -which is the size of a buffer just large enough for worst-case results. -.PP -The -.I format -parameter of -.I ultot -must be one of: -.RS -.IP \fB'o'\fR 4 -octal conversion with leading -.B 0 -.IP \fB\ 8\fR -octal conversion with no leading -.B 0 -.IP \fB'd'\fR -decimal conversion -.IP \fB10\fR -same as -.B d -.IP \fB'x'\fR -hexadecimal conversion, including leading -.B 0x -.IP \fB16\fR -hexadecimal conversion with no leading -.B 0x -.IP \fB17\fR -like -.B 16 -except padded on left with -.BR 0 s -to eight digits (full width of a 32-bit number) -.RE -.PP -.I Ttoul -returns NULL for success and -a pointer to a string-literal error message for failure; -see DIAGNOSTICS. -.I Ultot -returns -.B 0 -for a failure, and otherwise -returns the size of buffer which would -be needed to -accommodate the full conversion result, including terminating NUL -(it is the caller's responsibility to check this against the size of -the provided buffer to determine whether truncation has occurred). -.SH SEE ALSO -atol(3), strtoul(3) -.SH DIAGNOSTICS -Fatal errors in -.I ttoul -are: -empty input; -unknown -.IR base ; -non-digit character found; -number too large for an -.BR "unsigned long" . -.PP -Fatal errors in -.I ultot -are: -unknown -.IR format . -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. -.SH BUGS -Conversion of -.B 0 -with format -.B o -yields -.BR 00 . -.PP -.I Ultot -format -.B 17 -is a bit of a kludge. -.PP -The restriction of error reports to literal strings -(so that callers don't need to worry about freeing them or copying them) -does limit the precision of error reporting. -.PP -The error-reporting convention lends itself to slightly obscure code, -because many readers will not think of NULL as signifying success. -A good way to make it clearer is to write something like: -.PP -.RS -.nf -.B "const char *error;" -.sp -.B "error = ttoul( /* ... */ );" -.B "if (error != NULL) {" -.B " /* something went wrong */" -.fi -.RE diff --git a/linux/lib/libfreeswan/ttoul.c b/linux/lib/libfreeswan/ttoul.c deleted file mode 100644 index 9c6193c68..000000000 --- a/linux/lib/libfreeswan/ttoul.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * convert from text form of unsigned long to binary - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ttoul.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - ttoul - convert text substring to unsigned long number - */ -const char * /* NULL for success, else string literal */ -ttoul(src, srclen, base, resultp) -const char *src; -size_t srclen; /* 0 means strlen(src) */ -int base; /* 0 means figure it out */ -unsigned long *resultp; -{ - const char *stop; - static char hex[] = "0123456789abcdef"; - static char uchex[] = "0123456789ABCDEF"; - int d; - char c; - char *p; - unsigned long r; - unsigned long rlimit; - int dlimit; - - if (srclen == 0) - srclen = strlen(src); - if (srclen == 0) - return "empty string"; - - if (base == 0) { - if (srclen > 2 && *src == '0' && - (*(src+1) == 'x' || *(src+1) == 'X')) - return ttoul(src+2, srclen-2, 16, resultp); - if (srclen > 1 && *src == '0') - return ttoul(src+1, srclen-1, 8, resultp); - return ttoul(src, srclen, 10, resultp); - } - if (base != 8 && base != 10 && base != 16) - return "unsupported number base"; - - r = 0; - stop = src + srclen; - if (base == 16) { - while (src < stop) { - c = *src++; - p = strchr(hex, c); - if (p != NULL) - d = p - hex; - else { - p = strchr(uchex, c); - if (p == NULL) - return "non-hex digit in hex number"; - d = p - uchex; - } - r = (r << 4) | d; - } - /* defer length check to catch invalid digits first */ - if (srclen > sizeof(unsigned long) * 2) - return "hex number too long"; - } else { - rlimit = ULONG_MAX / base; - dlimit = (int)(ULONG_MAX - rlimit*base); - while (src < stop) { - c = *src++; - d = c - '0'; - if (d < 0 || d >= base) - return "non-digit in number"; - if (r > rlimit || (r == rlimit && d > dlimit)) - return "unsigned-long overflow"; - r = r*base + d; - } - } - - *resultp = r; - return NULL; -} diff --git a/linux/lib/libfreeswan/ultoa.c b/linux/lib/libfreeswan/ultoa.c deleted file mode 100644 index 2c2644826..000000000 --- a/linux/lib/libfreeswan/ultoa.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * convert unsigned long to ASCII - * Copyright (C) 1998, 1999 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ultoa.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - ultoa - convert unsigned long to decimal ASCII - */ -size_t /* length required for full conversion */ -ultoa(n, base, dst, dstlen) -unsigned long n; -int base; -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - char buf[3*sizeof(unsigned long) + 1]; - char *bufend = buf + sizeof(buf); - size_t len; - char *p; - static char hex[] = "0123456789abcdef"; - - p = bufend; - *--p = '\0'; - if (base == 10) { - do { - *--p = n%10 + '0'; - n /= 10; - } while (n != 0); - } else if (base == 16) { - do { - *--p = hex[n&0xf]; - n >>= 4; - } while (n != 0); - *--p = 'x'; - *--p = '0'; - } else if (base == 8) { - do { - *--p = (n&07) + '0'; - n >>= 3; - } while (n != 0); - *--p = '0'; - } else - *--p = '?'; - - len = bufend - p; - - if (dstlen > 0) { - if (len > dstlen) - *(p + dstlen - 1) = '\0'; - strcpy(dst, p); - } - return len; -} diff --git a/linux/lib/libfreeswan/ultot.c b/linux/lib/libfreeswan/ultot.c deleted file mode 100644 index edffa4a2d..000000000 --- a/linux/lib/libfreeswan/ultot.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * convert unsigned long to text - * Copyright (C) 2000 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: ultot.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ -#include "internal.h" -#include "freeswan.h" - -/* - - ultot - convert unsigned long to text - */ -size_t /* length required for full conversion */ -ultot(n, base, dst, dstlen) -unsigned long n; -int base; -char *dst; /* need not be valid if dstlen is 0 */ -size_t dstlen; -{ - char buf[3*sizeof(unsigned long) + 1]; - char *bufend = buf + sizeof(buf); - size_t len; - char *p; - static char hex[] = "0123456789abcdef"; -# define HEX32 (32/4) - - p = bufend; - *--p = '\0'; - switch (base) { - case 10: - case 'd': - do { - *--p = n%10 + '0'; - n /= 10; - } while (n != 0); - break; - case 16: - case 17: - case 'x': - do { - *--p = hex[n&0xf]; - n >>= 4; - } while (n != 0); - if (base == 17) - while (bufend - p < HEX32 + 1) - *--p = '0'; - if (base == 'x') { - *--p = 'x'; - *--p = '0'; - } - break; - case 8: - case 'o': - do { - *--p = (n&07) + '0'; - n >>= 3; - } while (n != 0); - if (base == 'o') - *--p = '0'; - break; - default: - return 0; - break; - } - - len = bufend - p; - if (dstlen > 0) { - if (len > dstlen) - *(p + dstlen - 1) = '\0'; - strcpy(dst, p); - } - return len; -} diff --git a/linux/lib/libfreeswan/version.3 b/linux/lib/libfreeswan/version.3 deleted file mode 100644 index 06c5f01e3..000000000 --- a/linux/lib/libfreeswan/version.3 +++ /dev/null @@ -1,44 +0,0 @@ -.TH IPSEC_VERSION 3 "21 Nov 2001" -.\" RCSID $Id: version.3,v 1.1 2004/03/15 20:35:26 as Exp $ -.SH NAME -ipsec ipsec_version_code \- get IPsec version code -.br -ipsec ipsec_version_string \- get full IPsec version string -.br -ipsec ipsec_copyright_notice \- get IPsec copyright notice -.SH SYNOPSIS -.B "#include -.sp -.B "const char *ipsec_version_code(void);" -.br -.B "const char *ipsec_version_string(void);" -.br -.B "const char **ipsec_copyright_notice(void);" -.SH DESCRIPTION -These functions provide information on version numbering and copyright -of the Linux FreeS/WAN IPsec implementation. -.PP -.I Ipsec_version_code -returns a pointer to a string constant -containing the current IPsec version code, -such as ``1.92'' or ``snap2001Nov19b''. -.PP -.I Ipsec_version_string -returns a pointer to a string constant giving a full version identification, -consisting of the version code preceded by a prefix identifying the software, -e.g. ``Linux FreeS/WAN 1.92''. -.PP -.I Ipsec_copyright_notice -returns a pointer to a vector of pointers, -terminated by a -.BR NULL , -which is the text of a suitable copyright notice. -Each pointer points to a string constant (possibly empty) which is one line -of the somewhat-verbose copyright notice. -The strings are NUL-terminated and do not contain a newline; -supplying suitable line termination for the output device is -the caller's responsibility. -.SH SEE ALSO -ipsec(8) -.SH HISTORY -Written for the FreeS/WAN project by Henry Spencer. diff --git a/linux/lib/libfreeswan/version.in.c b/linux/lib/libfreeswan/version.in.c deleted file mode 100644 index b3556f721..000000000 --- a/linux/lib/libfreeswan/version.in.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * return IPsec version information - * Copyright (C) 2001 Henry Spencer. - * - * This library is free software; you can redistribute it and/or modify it - * under the terms of the GNU Library General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public - * License for more details. - * - * RCSID $Id: version.in.c,v 1.2 2004/03/16 12:26:32 as Exp $ - */ - -#ifdef __KERNEL__ -#include -#endif - -#include "freeswan.h" - -#define V "xxx" /* substituted in by Makefile */ -static const char strongswan_number[] = V; -static const char strongswan_string[] = "Linux strongSwan " V; - -/* - - ipsec_version_code - return IPsec version number/code, as string - */ -const char * -ipsec_version_code() -{ - return strongswan_number; -} - -/* - - ipsec_version_string - return full version string - */ -const char * -ipsec_version_string() -{ - return strongswan_string; -} diff --git a/linux/lib/zlib/Makefile b/linux/lib/zlib/Makefile deleted file mode 100644 index 36cbea81f..000000000 --- a/linux/lib/zlib/Makefile +++ /dev/null @@ -1,121 +0,0 @@ -# (kernel) Makefile for IPCOMP zlib deflate code -# Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. -# Copyright (C) 2000 Svenning Soerensen -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:26 as Exp $ -# - - - -include ../Makefile.inc - - - -ifndef TOPDIR -TOPDIR := /usr/src/linux -endif - - -L_TARGET := zlib.a - -obj-y := - -include Makefile.objs - -EXTRA_CFLAGS += $(KLIPSCOMPILE) - -EXTRA_CFLAGS += -Wall -#EXTRA_CFLAGS += -Wconversion -#EXTRA_CFLAGS += -Wmissing-prototypes -EXTRA_CFLAGS += -Wpointer-arith -#EXTRA_CFLAGS += -Wcast-qual -#EXTRA_CFLAGS += -Wmissing-declarations -EXTRA_CFLAGS += -Wstrict-prototypes -#EXTRA_CFLAGS += -pedantic -#EXTRA_CFLAGS += -W -#EXTRA_CFLAGS += -Wwrite-strings -EXTRA_CFLAGS += -Wbad-function-cast -EXTRA_CFLAGS += -DIPCOMP_PREFIX - -.S.o: - $(CC) -D__ASSEMBLY__ -DNO_UNDERLINE -traditional -c $< -o $*.o - -asm-obj-$(CONFIG_M586) += match586.o -asm-obj-$(CONFIG_M586TSC) += match586.o -asm-obj-$(CONFIG_M586MMX) += match586.o -asm-obj-$(CONFIG_M686) += match686.o -asm-obj-$(CONFIG_MPENTIUMIII) += match686.o -asm-obj-$(CONFIG_MPENTIUM4) += match686.o -asm-obj-$(CONFIG_MK6) += match586.o -asm-obj-$(CONFIG_MK7) += match686.o -asm-obj-$(CONFIG_MCRUSOE) += match586.o -asm-obj-$(CONFIG_MWINCHIPC6) += match586.o -asm-obj-$(CONFIG_MWINCHIP2) += match686.o -asm-obj-$(CONFIG_MWINCHIP3D) += match686.o - -obj-y += $(asm-obj-y) -ifneq ($(strip $(asm-obj-y)),) - EXTRA_CFLAGS += -DASMV -endif - -active-objs := $(sort $(obj-y) $(obj-m)) -L_OBJS := $(obj-y) -M_OBJS := $(obj-m) -MIX_OBJS := $(filter $(export-objs), $(active-objs)) - -include $(TOPDIR)/Rules.make - -$(obj-y) : $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h - - -clean: - -rm -f *.o *.a - -checkprograms: -programs: $(L_TARGET) - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:26 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.9 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# Revision 1.8 2002/04/24 07:36:44 mcr -# Moved from ./zlib/Makefile,v -# -# Revision 1.7 2002/03/27 23:34:35 mcr -# added programs: target -# -# Revision 1.6 2001/12/05 20:19:08 henry -# use new compile-control variable -# -# Revision 1.5 2001/11/27 16:38:08 mcr -# added new "checkprograms" target to deal with programs that -# are required for "make check", but that may not be ready to -# build for every user due to external dependancies. -# -# Revision 1.4 2001/10/24 14:46:24 henry -# Makefile.inc -# -# Revision 1.3 2001/04/21 23:05:24 rgb -# Update asm directives for 2.4 style makefiles. -# -# Revision 1.2 2001/01/29 22:22:00 rgb -# Convert to 2.4 new style with back compat. -# -# Revision 1.1.1.1 2000/09/29 18:51:33 rgb -# zlib_beginnings -# -# diff --git a/linux/lib/zlib/Makefile.objs b/linux/lib/zlib/Makefile.objs deleted file mode 100644 index 94ed12fc9..000000000 --- a/linux/lib/zlib/Makefile.objs +++ /dev/null @@ -1,27 +0,0 @@ -obj-$(CONFIG_IPSEC_IPCOMP) += adler32.o -obj-$(CONFIG_IPSEC_IPCOMP) += deflate.o -obj-$(CONFIG_IPSEC_IPCOMP) += infblock.o -obj-$(CONFIG_IPSEC_IPCOMP) += infcodes.o -obj-$(CONFIG_IPSEC_IPCOMP) += inffast.o -obj-$(CONFIG_IPSEC_IPCOMP) += inflate.o -obj-$(CONFIG_IPSEC_IPCOMP) += inftrees.o -obj-$(CONFIG_IPSEC_IPCOMP) += infutil.o -obj-$(CONFIG_IPSEC_IPCOMP) += trees.o -obj-$(CONFIG_IPSEC_IPCOMP) += zutil.o - -asm-obj-$(CONFIG_M586) += ${LIBZLIBSRCDIR}/match586.o -asm-obj-$(CONFIG_M586TSC) += ${LIBZLIBSRCDIR}/match586.o -asm-obj-$(CONFIG_M586MMX) += ${LIBZLIBSRCDIR}/match586.o -asm-obj-$(CONFIG_M686) += ${LIBZLIBSRCDIR}/match686.o -asm-obj-$(CONFIG_MPENTIUMIII) += ${LIBZLIBSRCDIR}/match686.o -asm-obj-$(CONFIG_MPENTIUM4) += ${LIBZLIBSRCDIR}/match686.o -asm-obj-$(CONFIG_MK6) += ${LIBZLIBSRCDIR}/match586.o -asm-obj-$(CONFIG_MK7) += ${LIBZLIBSRCDIR}/match686.o -asm-obj-$(CONFIG_MCRUSOE) += ${LIBZLIBSRCDIR}/match586.o -asm-obj-$(CONFIG_MWINCHIPC6) += ${LIBZLIBSRCDIR}/match586.o -asm-obj-$(CONFIG_MWINCHIP2) += ${LIBZLIBSRCDIR}/match686.o -asm-obj-$(CONFIG_MWINCHIP3D) += ${LIBZLIBSRCDIR}/match686.o - -EXTRA_CFLAGS += -DIPCOMP_PREFIX - - diff --git a/linux/lib/zlib/README b/linux/lib/zlib/README deleted file mode 100644 index 29d67146a..000000000 --- a/linux/lib/zlib/README +++ /dev/null @@ -1,147 +0,0 @@ -zlib 1.1.4 is a general purpose data compression library. All the code -is thread safe. The data format used by the zlib library -is described by RFCs (Request for Comments) 1950 to 1952 in the files -http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate -format) and rfc1952.txt (gzip format). These documents are also available in -other formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html - -All functions of the compression library are documented in the file zlib.h -(volunteer to write man pages welcome, contact jloup@gzip.org). A usage -example of the library is given in the file example.c which also tests that -the library is working correctly. Another example is given in the file -minigzip.c. The compression library itself is composed of all source files -except example.c and minigzip.c. - -To compile all files and run the test program, follow the instructions -given at the top of Makefile. In short "make test; make install" -should work for most machines. For Unix: "./configure; make test; make install" -For MSDOS, use one of the special makefiles such as Makefile.msc. -For VMS, use Make_vms.com or descrip.mms. - -Questions about zlib should be sent to , or to -Gilles Vollant for the Windows DLL version. -The zlib home page is http://www.zlib.org or http://www.gzip.org/zlib/ -Before reporting a problem, please check this site to verify that -you have the latest version of zlib; otherwise get the latest version and -check whether the problem still exists or not. - -PLEASE read the zlib FAQ http://www.gzip.org/zlib/zlib_faq.html -before asking for help. - -Mark Nelson wrote an article about zlib for the Jan. 1997 -issue of Dr. Dobb's Journal; a copy of the article is available in -http://dogma.net/markn/articles/zlibtool/zlibtool.htm - -The changes made in version 1.1.4 are documented in the file ChangeLog. -The only changes made since 1.1.3 are bug corrections: - -- ZFREE was repeated on same allocation on some error conditions. - This creates a security problem described in - http://www.zlib.org/advisory-2002-03-11.txt -- Returned incorrect error (Z_MEM_ERROR) on some invalid data -- Avoid accesses before window for invalid distances with inflate window - less than 32K. -- force windowBits > 8 to avoid a bug in the encoder for a window size - of 256 bytes. (A complete fix will be available in 1.1.5). - -The beta version 1.1.5beta includes many more changes. A new official -version 1.1.5 will be released as soon as extensive testing has been -completed on it. - - -Unsupported third party contributions are provided in directory "contrib". - -A Java implementation of zlib is available in the Java Development Kit -http://www.javasoft.com/products/JDK/1.1/docs/api/Package-java.util.zip.html -See the zlib home page http://www.zlib.org for details. - -A Perl interface to zlib written by Paul Marquess -is in the CPAN (Comprehensive Perl Archive Network) sites -http://www.cpan.org/modules/by-module/Compress/ - -A Python interface to zlib written by A.M. Kuchling -is available in Python 1.5 and later versions, see -http://www.python.org/doc/lib/module-zlib.html - -A zlib binding for TCL written by Andreas Kupries -is availlable at http://www.westend.com/~kupries/doc/trf/man/man.html - -An experimental package to read and write files in .zip format, -written on top of zlib by Gilles Vollant , is -available at http://www.winimage.com/zLibDll/unzip.html -and also in the contrib/minizip directory of zlib. - - -Notes for some targets: - -- To build a Windows DLL version, include in a DLL project zlib.def, zlib.rc - and all .c files except example.c and minigzip.c; compile with -DZLIB_DLL - The zlib DLL support was initially done by Alessandro Iacopetti and is - now maintained by Gilles Vollant . Check the zlib DLL - home page at http://www.winimage.com/zLibDll - - From Visual Basic, you can call the DLL functions which do not take - a structure as argument: compress, uncompress and all gz* functions. - See contrib/visual-basic.txt for more information, or get - http://www.tcfb.com/dowseware/cmp-z-it.zip - -- For 64-bit Irix, deflate.c must be compiled without any optimization. - With -O, one libpng test fails. The test works in 32 bit mode (with - the -n32 compiler flag). The compiler bug has been reported to SGI. - -- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 - it works when compiled with cc. - -- on Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1 - is necessary to get gzprintf working correctly. This is done by configure. - -- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works - with other compilers. Use "make test" to check your compiler. - -- gzdopen is not supported on RISCOS, BEOS and by some Mac compilers. - -- For Turbo C the small model is supported only with reduced performance to - avoid any far allocation; it was tested with -DMAX_WBITS=11 -DMAX_MEM_LEVEL=3 - -- For PalmOs, see http://www.cs.uit.no/~perm/PASTA/pilot/software.html - Per Harald Myrvang - - -Acknowledgments: - - The deflate format used by zlib was defined by Phil Katz. The deflate - and zlib specifications were written by L. Peter Deutsch. Thanks to all the - people who reported problems and suggested various improvements in zlib; - they are too numerous to cite here. - -Copyright notice: - - (C) 1995-2002 Jean-loup Gailly and Mark Adler - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any damages - arising from the use of this software. - - Permission is granted to anyone to use this software for any purpose, - including commercial applications, and to alter it and redistribute it - freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must not - claim that you wrote the original software. If you use this software - in a product, an acknowledgment in the product documentation would be - appreciated but is not required. - 2. Altered source versions must be plainly marked as such, and must not be - misrepresented as being the original software. - 3. This notice may not be removed or altered from any source distribution. - - Jean-loup Gailly Mark Adler - jloup@gzip.org madler@alumni.caltech.edu - -If you use the zlib library in a product, we would appreciate *not* -receiving lengthy legal documents to sign. The sources are provided -for free but without warranty of any kind. The library has been -entirely written by Jean-loup Gailly and Mark Adler; it does not -include third-party code. - -If you redistribute modified sources, we would appreciate that you include -in the file ChangeLog history information documenting your changes. diff --git a/linux/lib/zlib/README.freeswan b/linux/lib/zlib/README.freeswan deleted file mode 100644 index f34b5cfff..000000000 --- a/linux/lib/zlib/README.freeswan +++ /dev/null @@ -1,13 +0,0 @@ -The only changes made to these files for use in FreeS/WAN are: - - - In zconf.h, macros are defined to prefix global symbols with "ipcomp_" - (or "_ipcomp"), when compiled with -DIPCOMP_PREFIX. - - The copyright strings are defined local (static) - - The above changes are made to avoid name collisions with ppp_deflate - and ext2compr. - - - Files not needed for FreeS/WAN have been removed - - See the "README" file for information about where to obtain the complete - zlib package. diff --git a/linux/lib/zlib/adler32.c b/linux/lib/zlib/adler32.c deleted file mode 100644 index a383ec643..000000000 --- a/linux/lib/zlib/adler32.c +++ /dev/null @@ -1,49 +0,0 @@ -/* adler32.c -- compute the Adler-32 checksum of a data stream - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* @(#) $Id: adler32.c,v 1.1 2004/03/15 20:35:26 as Exp $ */ - -#include -#include "zconf.h" - -#define BASE 65521L /* largest prime smaller than 65536 */ -#define NMAX 5552 -/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */ - -#define DO1(buf,i) {s1 += buf[i]; s2 += s1;} -#define DO2(buf,i) DO1(buf,i); DO1(buf,i+1); -#define DO4(buf,i) DO2(buf,i); DO2(buf,i+2); -#define DO8(buf,i) DO4(buf,i); DO4(buf,i+4); -#define DO16(buf) DO8(buf,0); DO8(buf,8); - -/* ========================================================================= */ -uLong ZEXPORT adler32(adler, buf, len) - uLong adler; - const Bytef *buf; - uInt len; -{ - unsigned long s1 = adler & 0xffff; - unsigned long s2 = (adler >> 16) & 0xffff; - int k; - - if (buf == Z_NULL) return 1L; - - while (len > 0) { - k = len < NMAX ? len : NMAX; - len -= k; - while (k >= 16) { - DO16(buf); - buf += 16; - k -= 16; - } - if (k != 0) do { - s1 += *buf++; - s2 += s1; - } while (--k); - s1 %= BASE; - s2 %= BASE; - } - return (s2 << 16) | s1; -} diff --git a/linux/lib/zlib/deflate.c b/linux/lib/zlib/deflate.c deleted file mode 100644 index 7eb133a1a..000000000 --- a/linux/lib/zlib/deflate.c +++ /dev/null @@ -1,1351 +0,0 @@ -/* deflate.c -- compress data using the deflation algorithm - * Copyright (C) 1995-2002 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* - * ALGORITHM - * - * The "deflation" process depends on being able to identify portions - * of the input text which are identical to earlier input (within a - * sliding window trailing behind the input currently being processed). - * - * The most straightforward technique turns out to be the fastest for - * most input files: try all possible matches and select the longest. - * The key feature of this algorithm is that insertions into the string - * dictionary are very simple and thus fast, and deletions are avoided - * completely. Insertions are performed at each input character, whereas - * string matches are performed only when the previous match ends. So it - * is preferable to spend more time in matches to allow very fast string - * insertions and avoid deletions. The matching algorithm for small - * strings is inspired from that of Rabin & Karp. A brute force approach - * is used to find longer strings when a small match has been found. - * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze - * (by Leonid Broukhis). - * A previous version of this file used a more sophisticated algorithm - * (by Fiala and Greene) which is guaranteed to run in linear amortized - * time, but has a larger average cost, uses more memory and is patented. - * However the F&G algorithm may be faster for some highly redundant - * files if the parameter max_chain_length (described below) is too large. - * - * ACKNOWLEDGEMENTS - * - * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and - * I found it in 'freeze' written by Leonid Broukhis. - * Thanks to many people for bug reports and testing. - * - * REFERENCES - * - * Deutsch, L.P.,"DEFLATE Compressed Data Format Specification". - * Available in ftp://ds.internic.net/rfc/rfc1951.txt - * - * A description of the Rabin and Karp algorithm is given in the book - * "Algorithms" by R. Sedgewick, Addison-Wesley, p252. - * - * Fiala,E.R., and Greene,D.H. - * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595 - * - */ - -/* @(#) $Id: deflate.c,v 1.1 2004/03/15 20:35:26 as Exp $ */ - -#include "deflate.h" - -local const char deflate_copyright[] = - " deflate 1.1.4 Copyright 1995-2002 Jean-loup Gailly "; -/* - If you use the zlib library in a product, an acknowledgment is welcome - in the documentation of your product. If for some reason you cannot - include such an acknowledgment, I would appreciate that you keep this - copyright string in the executable of your product. - */ - -/* =========================================================================== - * Function prototypes. - */ -typedef enum { - need_more, /* block not completed, need more input or more output */ - block_done, /* block flush performed */ - finish_started, /* finish started, need only more output at next deflate */ - finish_done /* finish done, accept no more input or output */ -} block_state; - -typedef block_state (*compress_func) OF((deflate_state *s, int flush)); -/* Compression function. Returns the block state after the call. */ - -local void fill_window OF((deflate_state *s)); -local block_state deflate_stored OF((deflate_state *s, int flush)); -local block_state deflate_fast OF((deflate_state *s, int flush)); -local block_state deflate_slow OF((deflate_state *s, int flush)); -local void lm_init OF((deflate_state *s)); -local void putShortMSB OF((deflate_state *s, uInt b)); -local void flush_pending OF((z_streamp strm)); -local int read_buf OF((z_streamp strm, Bytef *buf, unsigned size)); -#ifdef ASMV - void match_init OF((void)); /* asm code initialization */ - uInt longest_match OF((deflate_state *s, IPos cur_match)); -#else -local uInt longest_match OF((deflate_state *s, IPos cur_match)); -#endif - -#ifdef DEBUG -local void check_match OF((deflate_state *s, IPos start, IPos match, - int length)); -#endif - -/* =========================================================================== - * Local data - */ - -#define NIL 0 -/* Tail of hash chains */ - -#ifndef TOO_FAR -# define TOO_FAR 4096 -#endif -/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */ - -#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) -/* Minimum amount of lookahead, except at the end of the input file. - * See deflate.c for comments about the MIN_MATCH+1. - */ - -/* Values for max_lazy_match, good_match and max_chain_length, depending on - * the desired pack level (0..9). The values given below have been tuned to - * exclude worst case performance for pathological files. Better values may be - * found for specific files. - */ -typedef struct config_s { - ush good_length; /* reduce lazy search above this match length */ - ush max_lazy; /* do not perform lazy search above this match length */ - ush nice_length; /* quit search above this match length */ - ush max_chain; - compress_func func; -} config; - -local const config configuration_table[10] = { -/* good lazy nice chain */ -/* 0 */ {0, 0, 0, 0, deflate_stored}, /* store only */ -/* 1 */ {4, 4, 8, 4, deflate_fast}, /* maximum speed, no lazy matches */ -/* 2 */ {4, 5, 16, 8, deflate_fast}, -/* 3 */ {4, 6, 32, 32, deflate_fast}, - -/* 4 */ {4, 4, 16, 16, deflate_slow}, /* lazy matches */ -/* 5 */ {8, 16, 32, 32, deflate_slow}, -/* 6 */ {8, 16, 128, 128, deflate_slow}, -/* 7 */ {8, 32, 128, 256, deflate_slow}, -/* 8 */ {32, 128, 258, 1024, deflate_slow}, -/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* maximum compression */ - -/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4 - * For deflate_fast() (levels <= 3) good is ignored and lazy has a different - * meaning. - */ - -#define EQUAL 0 -/* result of memcmp for equal strings */ - -struct static_tree_desc_s {int dummy;}; /* for buggy compilers */ - -/* =========================================================================== - * Update a hash value with the given input byte - * IN assertion: all calls to to UPDATE_HASH are made with consecutive - * input characters, so that a running hash key can be computed from the - * previous key instead of complete recalculation each time. - */ -#define UPDATE_HASH(s,h,c) (h = (((h)<hash_shift) ^ (c)) & s->hash_mask) - - -/* =========================================================================== - * Insert string str in the dictionary and set match_head to the previous head - * of the hash chain (the most recent string with same hash key). Return - * the previous length of the hash chain. - * If this file is compiled with -DFASTEST, the compression level is forced - * to 1, and no hash chains are maintained. - * IN assertion: all calls to to INSERT_STRING are made with consecutive - * input characters and the first MIN_MATCH bytes of str are valid - * (except for the last MIN_MATCH-1 bytes of the input file). - */ -#ifdef FASTEST -#define INSERT_STRING(s, str, match_head) \ - (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ - match_head = s->head[s->ins_h], \ - s->head[s->ins_h] = (Pos)(str)) -#else -#define INSERT_STRING(s, str, match_head) \ - (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ - s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \ - s->head[s->ins_h] = (Pos)(str)) -#endif - -/* =========================================================================== - * Initialize the hash table (avoiding 64K overflow for 16 bit systems). - * prev[] will be initialized on the fly. - */ -#define CLEAR_HASH(s) \ - s->head[s->hash_size-1] = NIL; \ - zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); - -/* ========================================================================= */ -int ZEXPORT deflateInit_(strm, level, version, stream_size) - z_streamp strm; - int level; - const char *version; - int stream_size; -{ - return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, - Z_DEFAULT_STRATEGY, version, stream_size); - /* To do: ignore strm->next_in if we use it as window */ -} - -/* ========================================================================= */ -int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - version, stream_size) - z_streamp strm; - int level; - int method; - int windowBits; - int memLevel; - int strategy; - const char *version; - int stream_size; -{ - deflate_state *s; - int noheader = 0; - static const char* my_version = ZLIB_VERSION; - - ushf *overlay; - /* We overlay pending_buf and d_buf+l_buf. This works since the average - * output size for (length,distance) codes is <= 24 bits. - */ - - if (version == Z_NULL || version[0] != my_version[0] || - stream_size != sizeof(z_stream)) { - return Z_VERSION_ERROR; - } - if (strm == Z_NULL) return Z_STREAM_ERROR; - - strm->msg = Z_NULL; - if (strm->zalloc == Z_NULL) { - return Z_STREAM_ERROR; -/* strm->zalloc = zcalloc; - strm->opaque = (voidpf)0;*/ - } - if (strm->zfree == Z_NULL) return Z_STREAM_ERROR; /* strm->zfree = zcfree; */ - - if (level == Z_DEFAULT_COMPRESSION) level = 6; -#ifdef FASTEST - level = 1; -#endif - - if (windowBits < 0) { /* undocumented feature: suppress zlib header */ - noheader = 1; - windowBits = -windowBits; - } - if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED || - windowBits < 9 || windowBits > 15 || level < 0 || level > 9 || - strategy < 0 || strategy > Z_HUFFMAN_ONLY) { - return Z_STREAM_ERROR; - } - s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state)); - if (s == Z_NULL) return Z_MEM_ERROR; - strm->state = (struct internal_state FAR *)s; - s->strm = strm; - - s->noheader = noheader; - s->w_bits = windowBits; - s->w_size = 1 << s->w_bits; - s->w_mask = s->w_size - 1; - - s->hash_bits = memLevel + 7; - s->hash_size = 1 << s->hash_bits; - s->hash_mask = s->hash_size - 1; - s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH); - - s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte)); - s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos)); - s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos)); - - s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - - overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); - s->pending_buf = (uchf *) overlay; - s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); - - if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || - s->pending_buf == Z_NULL) { - strm->msg = ERR_MSG(Z_MEM_ERROR); - deflateEnd (strm); - return Z_MEM_ERROR; - } - s->d_buf = overlay + s->lit_bufsize/sizeof(ush); - s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; - - s->level = level; - s->strategy = strategy; - s->method = (Byte)method; - - return deflateReset(strm); -} - -/* ========================================================================= */ -int ZEXPORT deflateSetDictionary (strm, dictionary, dictLength) - z_streamp strm; - const Bytef *dictionary; - uInt dictLength; -{ - deflate_state *s; - uInt length = dictLength; - uInt n; - IPos hash_head = 0; - - if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL || - strm->state->status != INIT_STATE) return Z_STREAM_ERROR; - - s = strm->state; - strm->adler = adler32(strm->adler, dictionary, dictLength); - - if (length < MIN_MATCH) return Z_OK; - if (length > MAX_DIST(s)) { - length = MAX_DIST(s); -#ifndef USE_DICT_HEAD - dictionary += dictLength - length; /* use the tail of the dictionary */ -#endif - } - zmemcpy(s->window, dictionary, length); - s->strstart = length; - s->block_start = (long)length; - - /* Insert all strings in the hash table (except for the last two bytes). - * s->lookahead stays null, so s->ins_h will be recomputed at the next - * call of fill_window. - */ - s->ins_h = s->window[0]; - UPDATE_HASH(s, s->ins_h, s->window[1]); - for (n = 0; n <= length - MIN_MATCH; n++) { - INSERT_STRING(s, n, hash_head); - } - if (hash_head) hash_head = 0; /* to make compiler happy */ - return Z_OK; -} - -/* ========================================================================= */ -int ZEXPORT deflateReset (strm) - z_streamp strm; -{ - deflate_state *s; - - if (strm == Z_NULL || strm->state == Z_NULL || - strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR; - - strm->total_in = strm->total_out = 0; - strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */ - strm->data_type = Z_UNKNOWN; - - s = (deflate_state *)strm->state; - s->pending = 0; - s->pending_out = s->pending_buf; - - if (s->noheader < 0) { - s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */ - } - s->status = s->noheader ? BUSY_STATE : INIT_STATE; - strm->adler = 1; - s->last_flush = Z_NO_FLUSH; - - _tr_init(s); - lm_init(s); - - return Z_OK; -} - -/* ========================================================================= */ -int ZEXPORT deflateParams(strm, level, strategy) - z_streamp strm; - int level; - int strategy; -{ - deflate_state *s; - compress_func func; - int err = Z_OK; - - if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; - s = strm->state; - - if (level == Z_DEFAULT_COMPRESSION) { - level = 6; - } - if (level < 0 || level > 9 || strategy < 0 || strategy > Z_HUFFMAN_ONLY) { - return Z_STREAM_ERROR; - } - func = configuration_table[s->level].func; - - if (func != configuration_table[level].func && strm->total_in != 0) { - /* Flush the last buffer: */ - err = deflate(strm, Z_PARTIAL_FLUSH); - } - if (s->level != level) { - s->level = level; - s->max_lazy_match = configuration_table[level].max_lazy; - s->good_match = configuration_table[level].good_length; - s->nice_match = configuration_table[level].nice_length; - s->max_chain_length = configuration_table[level].max_chain; - } - s->strategy = strategy; - return err; -} - -/* ========================================================================= - * Put a short in the pending buffer. The 16-bit value is put in MSB order. - * IN assertion: the stream state is correct and there is enough room in - * pending_buf. - */ -local void putShortMSB (s, b) - deflate_state *s; - uInt b; -{ - put_byte(s, (Byte)(b >> 8)); - put_byte(s, (Byte)(b & 0xff)); -} - -/* ========================================================================= - * Flush as much pending output as possible. All deflate() output goes - * through this function so some applications may wish to modify it - * to avoid allocating a large strm->next_out buffer and copying into it. - * (See also read_buf()). - */ -local void flush_pending(strm) - z_streamp strm; -{ - unsigned len = strm->state->pending; - - if (len > strm->avail_out) len = strm->avail_out; - if (len == 0) return; - - zmemcpy(strm->next_out, strm->state->pending_out, len); - strm->next_out += len; - strm->state->pending_out += len; - strm->total_out += len; - strm->avail_out -= len; - strm->state->pending -= len; - if (strm->state->pending == 0) { - strm->state->pending_out = strm->state->pending_buf; - } -} - -/* ========================================================================= */ -int ZEXPORT deflate (strm, flush) - z_streamp strm; - int flush; -{ - int old_flush; /* value of flush param for previous deflate call */ - deflate_state *s; - - if (strm == Z_NULL || strm->state == Z_NULL || - flush > Z_FINISH || flush < 0) { - return Z_STREAM_ERROR; - } - s = strm->state; - - if (strm->next_out == Z_NULL || - (strm->next_in == Z_NULL && strm->avail_in != 0) || - (s->status == FINISH_STATE && flush != Z_FINISH)) { - ERR_RETURN(strm, Z_STREAM_ERROR); - } - if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR); - - s->strm = strm; /* just in case */ - old_flush = s->last_flush; - s->last_flush = flush; - - /* Write the zlib header */ - if (s->status == INIT_STATE) { - - uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8; - uInt level_flags = (s->level-1) >> 1; - - if (level_flags > 3) level_flags = 3; - header |= (level_flags << 6); - if (s->strstart != 0) header |= PRESET_DICT; - header += 31 - (header % 31); - - s->status = BUSY_STATE; - putShortMSB(s, header); - - /* Save the adler32 of the preset dictionary: */ - if (s->strstart != 0) { - putShortMSB(s, (uInt)(strm->adler >> 16)); - putShortMSB(s, (uInt)(strm->adler & 0xffff)); - } - strm->adler = 1L; - } - - /* Flush as much pending output as possible */ - if (s->pending != 0) { - flush_pending(strm); - if (strm->avail_out == 0) { - /* Since avail_out is 0, deflate will be called again with - * more output space, but possibly with both pending and - * avail_in equal to zero. There won't be anything to do, - * but this is not an error situation so make sure we - * return OK instead of BUF_ERROR at next call of deflate: - */ - s->last_flush = -1; - return Z_OK; - } - - /* Make sure there is something to do and avoid duplicate consecutive - * flushes. For repeated and useless calls with Z_FINISH, we keep - * returning Z_STREAM_END instead of Z_BUFF_ERROR. - */ - } else if (strm->avail_in == 0 && flush <= old_flush && - flush != Z_FINISH) { - ERR_RETURN(strm, Z_BUF_ERROR); - } - - /* User must not provide more input after the first FINISH: */ - if (s->status == FINISH_STATE && strm->avail_in != 0) { - ERR_RETURN(strm, Z_BUF_ERROR); - } - - /* Start a new block or continue the current one. - */ - if (strm->avail_in != 0 || s->lookahead != 0 || - (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) { - block_state bstate; - - bstate = (*(configuration_table[s->level].func))(s, flush); - - if (bstate == finish_started || bstate == finish_done) { - s->status = FINISH_STATE; - } - if (bstate == need_more || bstate == finish_started) { - if (strm->avail_out == 0) { - s->last_flush = -1; /* avoid BUF_ERROR next call, see above */ - } - return Z_OK; - /* If flush != Z_NO_FLUSH && avail_out == 0, the next call - * of deflate should use the same flush parameter to make sure - * that the flush is complete. So we don't have to output an - * empty block here, this will be done at next call. This also - * ensures that for a very small output buffer, we emit at most - * one empty block. - */ - } - if (bstate == block_done) { - if (flush == Z_PARTIAL_FLUSH) { - _tr_align(s); - } else { /* FULL_FLUSH or SYNC_FLUSH */ - _tr_stored_block(s, (char*)0, 0L, 0); - /* For a full flush, this empty block will be recognized - * as a special marker by inflate_sync(). - */ - if (flush == Z_FULL_FLUSH) { - CLEAR_HASH(s); /* forget history */ - } - } - flush_pending(strm); - if (strm->avail_out == 0) { - s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */ - return Z_OK; - } - } - } - Assert(strm->avail_out > 0, "bug2"); - - if (flush != Z_FINISH) return Z_OK; - if (s->noheader) return Z_STREAM_END; - - /* Write the zlib trailer (adler32) */ - putShortMSB(s, (uInt)(strm->adler >> 16)); - putShortMSB(s, (uInt)(strm->adler & 0xffff)); - flush_pending(strm); - /* If avail_out is zero, the application will call deflate again - * to flush the rest. - */ - s->noheader = -1; /* write the trailer only once! */ - return s->pending != 0 ? Z_OK : Z_STREAM_END; -} - -/* ========================================================================= */ -int ZEXPORT deflateEnd (strm) - z_streamp strm; -{ - int status; - - if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; - - status = strm->state->status; - if (status != INIT_STATE && status != BUSY_STATE && - status != FINISH_STATE) { - return Z_STREAM_ERROR; - } - - /* Deallocate in reverse order of allocations: */ - TRY_FREE(strm, strm->state->pending_buf); - TRY_FREE(strm, strm->state->head); - TRY_FREE(strm, strm->state->prev); - TRY_FREE(strm, strm->state->window); - - ZFREE(strm, strm->state); - strm->state = Z_NULL; - - return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK; -} - -/* ========================================================================= - * Copy the source state to the destination state. - * To simplify the source, this is not supported for 16-bit MSDOS (which - * doesn't have enough memory anyway to duplicate compression states). - */ -int ZEXPORT deflateCopy (dest, source) - z_streamp dest; - z_streamp source; -{ -#ifdef MAXSEG_64K - return Z_STREAM_ERROR; -#else - deflate_state *ds; - deflate_state *ss; - ushf *overlay; - - - if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) { - return Z_STREAM_ERROR; - } - - ss = source->state; - - *dest = *source; - - ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state)); - if (ds == Z_NULL) return Z_MEM_ERROR; - dest->state = (struct internal_state FAR *) ds; - *ds = *ss; - ds->strm = dest; - - ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); - ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); - ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); - overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); - ds->pending_buf = (uchf *) overlay; - - if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || - ds->pending_buf == Z_NULL) { - deflateEnd (dest); - return Z_MEM_ERROR; - } - /* following zmemcpy do not work for 16-bit MSDOS */ - zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte)); - zmemcpy(ds->prev, ss->prev, ds->w_size * sizeof(Pos)); - zmemcpy(ds->head, ss->head, ds->hash_size * sizeof(Pos)); - zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); - - ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); - ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); - ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; - - ds->l_desc.dyn_tree = ds->dyn_ltree; - ds->d_desc.dyn_tree = ds->dyn_dtree; - ds->bl_desc.dyn_tree = ds->bl_tree; - - return Z_OK; -#endif -} - -/* =========================================================================== - * Read a new buffer from the current input stream, update the adler32 - * and total number of bytes read. All deflate() input goes through - * this function so some applications may wish to modify it to avoid - * allocating a large strm->next_in buffer and copying from it. - * (See also flush_pending()). - */ -local int read_buf(strm, buf, size) - z_streamp strm; - Bytef *buf; - unsigned size; -{ - unsigned len = strm->avail_in; - - if (len > size) len = size; - if (len == 0) return 0; - - strm->avail_in -= len; - - if (!strm->state->noheader) { - strm->adler = adler32(strm->adler, strm->next_in, len); - } - zmemcpy(buf, strm->next_in, len); - strm->next_in += len; - strm->total_in += len; - - return (int)len; -} - -/* =========================================================================== - * Initialize the "longest match" routines for a new zlib stream - */ -local void lm_init (s) - deflate_state *s; -{ - s->window_size = (ulg)2L*s->w_size; - - CLEAR_HASH(s); - - /* Set the default configuration parameters: - */ - s->max_lazy_match = configuration_table[s->level].max_lazy; - s->good_match = configuration_table[s->level].good_length; - s->nice_match = configuration_table[s->level].nice_length; - s->max_chain_length = configuration_table[s->level].max_chain; - - s->strstart = 0; - s->block_start = 0L; - s->lookahead = 0; - s->match_length = s->prev_length = MIN_MATCH-1; - s->match_available = 0; - s->ins_h = 0; -#ifdef ASMV - match_init(); /* initialize the asm code */ -#endif -} - -/* =========================================================================== - * Set match_start to the longest match starting at the given string and - * return its length. Matches shorter or equal to prev_length are discarded, - * in which case the result is equal to prev_length and match_start is - * garbage. - * IN assertions: cur_match is the head of the hash chain for the current - * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 - * OUT assertion: the match length is not greater than s->lookahead. - */ -#ifndef ASMV -/* For 80x86 and 680x0, an optimized version will be provided in match.asm or - * match.S. The code will be functionally equivalent. - */ -#ifndef FASTEST -local uInt longest_match(s, cur_match) - deflate_state *s; - IPos cur_match; /* current match */ -{ - unsigned chain_length = s->max_chain_length;/* max hash chain length */ - register Bytef *scan = s->window + s->strstart; /* current string */ - register Bytef *match; /* matched string */ - register int len; /* length of current match */ - int best_len = s->prev_length; /* best match length so far */ - int nice_match = s->nice_match; /* stop if match long enough */ - IPos limit = s->strstart > (IPos)MAX_DIST(s) ? - s->strstart - (IPos)MAX_DIST(s) : NIL; - /* Stop when cur_match becomes <= limit. To simplify the code, - * we prevent matches with the string of window index 0. - */ - Posf *prev = s->prev; - uInt wmask = s->w_mask; - -#ifdef UNALIGNED_OK - /* Compare two bytes at a time. Note: this is not always beneficial. - * Try with and without -DUNALIGNED_OK to check. - */ - register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1; - register ush scan_start = *(ushf*)scan; - register ush scan_end = *(ushf*)(scan+best_len-1); -#else - register Bytef *strend = s->window + s->strstart + MAX_MATCH; - register Byte scan_end1 = scan[best_len-1]; - register Byte scan_end = scan[best_len]; -#endif - - /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. - * It is easy to get rid of this optimization if necessary. - */ - Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); - - /* Do not waste too much time if we already have a good match: */ - if (s->prev_length >= s->good_match) { - chain_length >>= 2; - } - /* Do not look for matches beyond the end of the input. This is necessary - * to make deflate deterministic. - */ - if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; - - Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); - - do { - Assert(cur_match < s->strstart, "no future"); - match = s->window + cur_match; - - /* Skip to next match if the match length cannot increase - * or if the match length is less than 2: - */ -#if (defined(UNALIGNED_OK) && MAX_MATCH == 258) - /* This code assumes sizeof(unsigned short) == 2. Do not use - * UNALIGNED_OK if your compiler uses a different size. - */ - if (*(ushf*)(match+best_len-1) != scan_end || - *(ushf*)match != scan_start) continue; - - /* It is not necessary to compare scan[2] and match[2] since they are - * always equal when the other bytes match, given that the hash keys - * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at - * strstart+3, +5, ... up to strstart+257. We check for insufficient - * lookahead only every 4th comparison; the 128th check will be made - * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is - * necessary to put more guard bytes at the end of the window, or - * to check more often for insufficient lookahead. - */ - Assert(scan[2] == match[2], "scan[2]?"); - scan++, match++; - do { - } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) && - *(ushf*)(scan+=2) == *(ushf*)(match+=2) && - *(ushf*)(scan+=2) == *(ushf*)(match+=2) && - *(ushf*)(scan+=2) == *(ushf*)(match+=2) && - scan < strend); - /* The funny "do {}" generates better code on most compilers */ - - /* Here, scan <= window+strstart+257 */ - Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - if (*scan == *match) scan++; - - len = (MAX_MATCH - 1) - (int)(strend-scan); - scan = strend - (MAX_MATCH-1); - -#else /* UNALIGNED_OK */ - - if (match[best_len] != scan_end || - match[best_len-1] != scan_end1 || - *match != *scan || - *++match != scan[1]) continue; - - /* The check at best_len-1 can be removed because it will be made - * again later. (This heuristic is not always a win.) - * It is not necessary to compare scan[2] and match[2] since they - * are always equal when the other bytes match, given that - * the hash keys are equal and that HASH_BITS >= 8. - */ - scan += 2, match++; - Assert(*scan == *match, "match[2]?"); - - /* We check for insufficient lookahead only every 8th comparison; - * the 256th check will be made at strstart+258. - */ - do { - } while (*++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - scan < strend); - - Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - - len = MAX_MATCH - (int)(strend - scan); - scan = strend - MAX_MATCH; - -#endif /* UNALIGNED_OK */ - - if (len > best_len) { - s->match_start = cur_match; - best_len = len; - if (len >= nice_match) break; -#ifdef UNALIGNED_OK - scan_end = *(ushf*)(scan+best_len-1); -#else - scan_end1 = scan[best_len-1]; - scan_end = scan[best_len]; -#endif - } - } while ((cur_match = prev[cur_match & wmask]) > limit - && --chain_length != 0); - - if ((uInt)best_len <= s->lookahead) return (uInt)best_len; - return s->lookahead; -} - -#else /* FASTEST */ -/* --------------------------------------------------------------------------- - * Optimized version for level == 1 only - */ -local uInt longest_match(s, cur_match) - deflate_state *s; - IPos cur_match; /* current match */ -{ - register Bytef *scan = s->window + s->strstart; /* current string */ - register Bytef *match; /* matched string */ - register int len; /* length of current match */ - register Bytef *strend = s->window + s->strstart + MAX_MATCH; - - /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. - * It is easy to get rid of this optimization if necessary. - */ - Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); - - Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); - - Assert(cur_match < s->strstart, "no future"); - - match = s->window + cur_match; - - /* Return failure if the match length is less than 2: - */ - if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1; - - /* The check at best_len-1 can be removed because it will be made - * again later. (This heuristic is not always a win.) - * It is not necessary to compare scan[2] and match[2] since they - * are always equal when the other bytes match, given that - * the hash keys are equal and that HASH_BITS >= 8. - */ - scan += 2, match += 2; - Assert(*scan == *match, "match[2]?"); - - /* We check for insufficient lookahead only every 8th comparison; - * the 256th check will be made at strstart+258. - */ - do { - } while (*++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - scan < strend); - - Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - - len = MAX_MATCH - (int)(strend - scan); - - if (len < MIN_MATCH) return MIN_MATCH - 1; - - s->match_start = cur_match; - return len <= s->lookahead ? len : s->lookahead; -} -#endif /* FASTEST */ -#endif /* ASMV */ - -#ifdef DEBUG -/* =========================================================================== - * Check that the match at match_start is indeed a match. - */ -local void check_match(s, start, match, length) - deflate_state *s; - IPos start, match; - int length; -{ - /* check that the match is indeed a match */ - if (zmemcmp(s->window + match, - s->window + start, length) != EQUAL) { - fprintf(stderr, " start %u, match %u, length %d\n", - start, match, length); - do { - fprintf(stderr, "%c%c", s->window[match++], s->window[start++]); - } while (--length != 0); - z_error("invalid match"); - } - if (z_verbose > 1) { - fprintf(stderr,"\\[%d,%d]", start-match, length); - do { putc(s->window[start++], stderr); } while (--length != 0); - } -} -#else -# define check_match(s, start, match, length) -#endif - -/* =========================================================================== - * Fill the window when the lookahead becomes insufficient. - * Updates strstart and lookahead. - * - * IN assertion: lookahead < MIN_LOOKAHEAD - * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD - * At least one byte has been read, or avail_in == 0; reads are - * performed for at least two bytes (required for the zip translate_eol - * option -- not supported here). - */ -local void fill_window(s) - deflate_state *s; -{ - register unsigned n, m; - register Posf *p; - unsigned more; /* Amount of free space at the end of the window. */ - uInt wsize = s->w_size; - - do { - more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart); - - /* Deal with !@#$% 64K limit: */ - if (more == 0 && s->strstart == 0 && s->lookahead == 0) { - more = wsize; - - } else if (more == (unsigned)(-1)) { - /* Very unlikely, but possible on 16 bit machine if strstart == 0 - * and lookahead == 1 (input done one byte at time) - */ - more--; - - /* If the window is almost full and there is insufficient lookahead, - * move the upper half to the lower one to make room in the upper half. - */ - } else if (s->strstart >= wsize+MAX_DIST(s)) { - - zmemcpy(s->window, s->window+wsize, (unsigned)wsize); - s->match_start -= wsize; - s->strstart -= wsize; /* we now have strstart >= MAX_DIST */ - s->block_start -= (long) wsize; - - /* Slide the hash table (could be avoided with 32 bit values - at the expense of memory usage). We slide even when level == 0 - to keep the hash table consistent if we switch back to level > 0 - later. (Using level 0 permanently is not an optimal usage of - zlib, so we don't care about this pathological case.) - */ - n = s->hash_size; - p = &s->head[n]; - do { - m = *--p; - *p = (Pos)(m >= wsize ? m-wsize : NIL); - } while (--n); - - n = wsize; -#ifndef FASTEST - p = &s->prev[n]; - do { - m = *--p; - *p = (Pos)(m >= wsize ? m-wsize : NIL); - /* If n is not on any hash chain, prev[n] is garbage but - * its value will never be used. - */ - } while (--n); -#endif - more += wsize; - } - if (s->strm->avail_in == 0) return; - - /* If there was no sliding: - * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && - * more == window_size - lookahead - strstart - * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) - * => more >= window_size - 2*WSIZE + 2 - * In the BIG_MEM or MMAP case (not yet supported), - * window_size == input_size + MIN_LOOKAHEAD && - * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. - * Otherwise, window_size == 2*WSIZE so more >= 2. - * If there was sliding, more >= WSIZE. So in all cases, more >= 2. - */ - Assert(more >= 2, "more < 2"); - - n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more); - s->lookahead += n; - - /* Initialize the hash value now that we have some input: */ - if (s->lookahead >= MIN_MATCH) { - s->ins_h = s->window[s->strstart]; - UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); -#if MIN_MATCH != 3 - Call UPDATE_HASH() MIN_MATCH-3 more times -#endif - } - /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, - * but this is not important since only literal bytes will be emitted. - */ - - } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0); -} - -/* =========================================================================== - * Flush the current block, with given end-of-file flag. - * IN assertion: strstart is set to the end of the current match. - */ -#define FLUSH_BLOCK_ONLY(s, eof) { \ - _tr_flush_block(s, (s->block_start >= 0L ? \ - (charf *)&s->window[(unsigned)s->block_start] : \ - (charf *)Z_NULL), \ - (ulg)((long)s->strstart - s->block_start), \ - (eof)); \ - s->block_start = s->strstart; \ - flush_pending(s->strm); \ - Tracev((stderr,"[FLUSH]")); \ -} - -/* Same but force premature exit if necessary. */ -#define FLUSH_BLOCK(s, eof) { \ - FLUSH_BLOCK_ONLY(s, eof); \ - if (s->strm->avail_out == 0) return (eof) ? finish_started : need_more; \ -} - -/* =========================================================================== - * Copy without compression as much as possible from the input stream, return - * the current block state. - * This function does not insert new strings in the dictionary since - * uncompressible data is probably not useful. This function is used - * only for the level=0 compression option. - * NOTE: this function should be optimized to avoid extra copying from - * window to pending_buf. - */ -local block_state deflate_stored(s, flush) - deflate_state *s; - int flush; -{ - /* Stored blocks are limited to 0xffff bytes, pending_buf is limited - * to pending_buf_size, and each stored block has a 5 byte header: - */ - ulg max_block_size = 0xffff; - ulg max_start; - - if (max_block_size > s->pending_buf_size - 5) { - max_block_size = s->pending_buf_size - 5; - } - - /* Copy as much as possible from input to output: */ - for (;;) { - /* Fill the window as much as possible: */ - if (s->lookahead <= 1) { - - Assert(s->strstart < s->w_size+MAX_DIST(s) || - s->block_start >= (long)s->w_size, "slide too late"); - - fill_window(s); - if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more; - - if (s->lookahead == 0) break; /* flush the current block */ - } - Assert(s->block_start >= 0L, "block gone"); - - s->strstart += s->lookahead; - s->lookahead = 0; - - /* Emit a stored block if pending_buf will be full: */ - max_start = s->block_start + max_block_size; - if (s->strstart == 0 || (ulg)s->strstart >= max_start) { - /* strstart == 0 is possible when wraparound on 16-bit machine */ - s->lookahead = (uInt)(s->strstart - max_start); - s->strstart = (uInt)max_start; - FLUSH_BLOCK(s, 0); - } - /* Flush if we may have to slide, otherwise block_start may become - * negative and the data will be gone: - */ - if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) { - FLUSH_BLOCK(s, 0); - } - } - FLUSH_BLOCK(s, flush == Z_FINISH); - return flush == Z_FINISH ? finish_done : block_done; -} - -/* =========================================================================== - * Compress as much as possible from the input stream, return the current - * block state. - * This function does not perform lazy evaluation of matches and inserts - * new strings in the dictionary only for unmatched strings or for short - * matches. It is used only for the fast compression options. - */ -local block_state deflate_fast(s, flush) - deflate_state *s; - int flush; -{ - IPos hash_head = NIL; /* head of the hash chain */ - int bflush; /* set if current block must be flushed */ - - for (;;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s->lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { - return need_more; - } - if (s->lookahead == 0) break; /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - if (s->lookahead >= MIN_MATCH) { - INSERT_STRING(s, s->strstart, hash_head); - } - - /* Find the longest match, discarding those <= prev_length. - * At this point we have always match_length < MIN_MATCH - */ - if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - if (s->strategy != Z_HUFFMAN_ONLY) { - s->match_length = longest_match (s, hash_head); - } - /* longest_match() sets match_start */ - } - if (s->match_length >= MIN_MATCH) { - check_match(s, s->strstart, s->match_start, s->match_length); - - _tr_tally_dist(s, s->strstart - s->match_start, - s->match_length - MIN_MATCH, bflush); - - s->lookahead -= s->match_length; - - /* Insert new strings in the hash table only if the match length - * is not too large. This saves time but degrades compression. - */ -#ifndef FASTEST - if (s->match_length <= s->max_insert_length && - s->lookahead >= MIN_MATCH) { - s->match_length--; /* string at strstart already in hash table */ - do { - s->strstart++; - INSERT_STRING(s, s->strstart, hash_head); - /* strstart never exceeds WSIZE-MAX_MATCH, so there are - * always MIN_MATCH bytes ahead. - */ - } while (--s->match_length != 0); - s->strstart++; - } else -#endif - { - s->strstart += s->match_length; - s->match_length = 0; - s->ins_h = s->window[s->strstart]; - UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); -#if MIN_MATCH != 3 - Call UPDATE_HASH() MIN_MATCH-3 more times -#endif - /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not - * matter since it will be recomputed at next deflate call. - */ - } - } else { - /* No match, output a literal byte */ - Tracevv((stderr,"%c", s->window[s->strstart])); - _tr_tally_lit (s, s->window[s->strstart], bflush); - s->lookahead--; - s->strstart++; - } - if (bflush) FLUSH_BLOCK(s, 0); - } - FLUSH_BLOCK(s, flush == Z_FINISH); - return flush == Z_FINISH ? finish_done : block_done; -} - -/* =========================================================================== - * Same as above, but achieves better compression. We use a lazy - * evaluation for matches: a match is finally adopted only if there is - * no better match at the next window position. - */ -local block_state deflate_slow(s, flush) - deflate_state *s; - int flush; -{ - IPos hash_head = NIL; /* head of hash chain */ - int bflush; /* set if current block must be flushed */ - - /* Process the input block. */ - for (;;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s->lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) { - return need_more; - } - if (s->lookahead == 0) break; /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - if (s->lookahead >= MIN_MATCH) { - INSERT_STRING(s, s->strstart, hash_head); - } - - /* Find the longest match, discarding those <= prev_length. - */ - s->prev_length = s->match_length, s->prev_match = s->match_start; - s->match_length = MIN_MATCH-1; - - if (hash_head != NIL && s->prev_length < s->max_lazy_match && - s->strstart - hash_head <= MAX_DIST(s)) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - if (s->strategy != Z_HUFFMAN_ONLY) { - s->match_length = longest_match (s, hash_head); - } - /* longest_match() sets match_start */ - - if (s->match_length <= 5 && (s->strategy == Z_FILTERED || - (s->match_length == MIN_MATCH && - s->strstart - s->match_start > TOO_FAR))) { - - /* If prev_match is also MIN_MATCH, match_start is garbage - * but we will ignore the current match anyway. - */ - s->match_length = MIN_MATCH-1; - } - } - /* If there was a match at the previous step and the current - * match is not better, output the previous match: - */ - if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) { - uInt max_insert = s->strstart + s->lookahead - MIN_MATCH; - /* Do not insert strings in hash table beyond this. */ - - check_match(s, s->strstart-1, s->prev_match, s->prev_length); - - _tr_tally_dist(s, s->strstart -1 - s->prev_match, - s->prev_length - MIN_MATCH, bflush); - - /* Insert in hash table all strings up to the end of the match. - * strstart-1 and strstart are already inserted. If there is not - * enough lookahead, the last two strings are not inserted in - * the hash table. - */ - s->lookahead -= s->prev_length-1; - s->prev_length -= 2; - do { - if (++s->strstart <= max_insert) { - INSERT_STRING(s, s->strstart, hash_head); - } - } while (--s->prev_length != 0); - s->match_available = 0; - s->match_length = MIN_MATCH-1; - s->strstart++; - - if (bflush) FLUSH_BLOCK(s, 0); - - } else if (s->match_available) { - /* If there was no match at the previous position, output a - * single literal. If there was a match but the current match - * is longer, truncate the previous match to a single literal. - */ - Tracevv((stderr,"%c", s->window[s->strstart-1])); - _tr_tally_lit(s, s->window[s->strstart-1], bflush); - if (bflush) { - FLUSH_BLOCK_ONLY(s, 0); - } - s->strstart++; - s->lookahead--; - if (s->strm->avail_out == 0) return need_more; - } else { - /* There is no previous match to compare with, wait for - * the next step to decide. - */ - s->match_available = 1; - s->strstart++; - s->lookahead--; - } - } - Assert (flush != Z_NO_FLUSH, "no flush?"); - if (s->match_available) { - Tracevv((stderr,"%c", s->window[s->strstart-1])); - _tr_tally_lit(s, s->window[s->strstart-1], bflush); - s->match_available = 0; - } - FLUSH_BLOCK(s, flush == Z_FINISH); - return flush == Z_FINISH ? finish_done : block_done; -} diff --git a/linux/lib/zlib/deflate.h b/linux/lib/zlib/deflate.h deleted file mode 100644 index 2e39b413b..000000000 --- a/linux/lib/zlib/deflate.h +++ /dev/null @@ -1,318 +0,0 @@ -/* deflate.h -- internal compression state - * Copyright (C) 1995-2002 Jean-loup Gailly - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -/* @(#) $Id: deflate.h,v 1.1 2004/03/15 20:35:26 as Exp $ */ - -#ifndef _DEFLATE_H -#define _DEFLATE_H - -#include "zlib/zutil.h" - -/* =========================================================================== - * Internal compression state. - */ - -#define LENGTH_CODES 29 -/* number of length codes, not counting the special END_BLOCK code */ - -#define LITERALS 256 -/* number of literal bytes 0..255 */ - -#define L_CODES (LITERALS+1+LENGTH_CODES) -/* number of Literal or Length codes, including the END_BLOCK code */ - -#define D_CODES 30 -/* number of distance codes */ - -#define BL_CODES 19 -/* number of codes used to transfer the bit lengths */ - -#define HEAP_SIZE (2*L_CODES+1) -/* maximum heap size */ - -#define MAX_BITS 15 -/* All codes must not exceed MAX_BITS bits */ - -#define INIT_STATE 42 -#define BUSY_STATE 113 -#define FINISH_STATE 666 -/* Stream status */ - - -/* Data structure describing a single value and its code string. */ -typedef struct ct_data_s { - union { - ush freq; /* frequency count */ - ush code; /* bit string */ - } fc; - union { - ush dad; /* father node in Huffman tree */ - ush len; /* length of bit string */ - } dl; -} FAR ct_data; - -#define Freq fc.freq -#define Code fc.code -#define Dad dl.dad -#define Len dl.len - -typedef struct static_tree_desc_s static_tree_desc; - -typedef struct tree_desc_s { - ct_data *dyn_tree; /* the dynamic tree */ - int max_code; /* largest code with non zero frequency */ - static_tree_desc *stat_desc; /* the corresponding static tree */ -} FAR tree_desc; - -typedef ush Pos; -typedef Pos FAR Posf; -typedef unsigned IPos; - -/* A Pos is an index in the character window. We use short instead of int to - * save space in the various tables. IPos is used only for parameter passing. - */ - -typedef struct internal_state { - z_streamp strm; /* pointer back to this zlib stream */ - int status; /* as the name implies */ - Bytef *pending_buf; /* output still pending */ - ulg pending_buf_size; /* size of pending_buf */ - Bytef *pending_out; /* next pending byte to output to the stream */ - int pending; /* nb of bytes in the pending buffer */ - int noheader; /* suppress zlib header and adler32 */ - Byte data_type; /* UNKNOWN, BINARY or ASCII */ - Byte method; /* STORED (for zip only) or DEFLATED */ - int last_flush; /* value of flush param for previous deflate call */ - - /* used by deflate.c: */ - - uInt w_size; /* LZ77 window size (32K by default) */ - uInt w_bits; /* log2(w_size) (8..16) */ - uInt w_mask; /* w_size - 1 */ - - Bytef *window; - /* Sliding window. Input bytes are read into the second half of the window, - * and move to the first half later to keep a dictionary of at least wSize - * bytes. With this organization, matches are limited to a distance of - * wSize-MAX_MATCH bytes, but this ensures that IO is always - * performed with a length multiple of the block size. Also, it limits - * the window size to 64K, which is quite useful on MSDOS. - * To do: use the user input buffer as sliding window. - */ - - ulg window_size; - /* Actual size of window: 2*wSize, except when the user input buffer - * is directly used as sliding window. - */ - - Posf *prev; - /* Link to older string with same hash index. To limit the size of this - * array to 64K, this link is maintained only for the last 32K strings. - * An index in this array is thus a window index modulo 32K. - */ - - Posf *head; /* Heads of the hash chains or NIL. */ - - uInt ins_h; /* hash index of string to be inserted */ - uInt hash_size; /* number of elements in hash table */ - uInt hash_bits; /* log2(hash_size) */ - uInt hash_mask; /* hash_size-1 */ - - uInt hash_shift; - /* Number of bits by which ins_h must be shifted at each input - * step. It must be such that after MIN_MATCH steps, the oldest - * byte no longer takes part in the hash key, that is: - * hash_shift * MIN_MATCH >= hash_bits - */ - - long block_start; - /* Window position at the beginning of the current output block. Gets - * negative when the window is moved backwards. - */ - - uInt match_length; /* length of best match */ - IPos prev_match; /* previous match */ - int match_available; /* set if previous match exists */ - uInt strstart; /* start of string to insert */ - uInt match_start; /* start of matching string */ - uInt lookahead; /* number of valid bytes ahead in window */ - - uInt prev_length; - /* Length of the best match at previous step. Matches not greater than this - * are discarded. This is used in the lazy match evaluation. - */ - - uInt max_chain_length; - /* To speed up deflation, hash chains are never searched beyond this - * length. A higher limit improves compression ratio but degrades the - * speed. - */ - - uInt max_lazy_match; - /* Attempt to find a better match only when the current match is strictly - * smaller than this value. This mechanism is used only for compression - * levels >= 4. - */ -# define max_insert_length max_lazy_match - /* Insert new strings in the hash table only if the match length is not - * greater than this length. This saves time but degrades compression. - * max_insert_length is used only for compression levels <= 3. - */ - - int level; /* compression level (1..9) */ - int strategy; /* favor or force Huffman coding*/ - - uInt good_match; - /* Use a faster search when the previous match is longer than this */ - - int nice_match; /* Stop searching when current match exceeds this */ - - /* used by trees.c: */ - /* Didn't use ct_data typedef below to supress compiler warning */ - struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ - struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ - struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ - - struct tree_desc_s l_desc; /* desc. for literal tree */ - struct tree_desc_s d_desc; /* desc. for distance tree */ - struct tree_desc_s bl_desc; /* desc. for bit length tree */ - - ush bl_count[MAX_BITS+1]; - /* number of codes at each bit length for an optimal tree */ - - int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ - int heap_len; /* number of elements in the heap */ - int heap_max; /* element of largest frequency */ - /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. - * The same heap array is used to build all trees. - */ - - uch depth[2*L_CODES+1]; - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - - uchf *l_buf; /* buffer for literals or lengths */ - - uInt lit_bufsize; - /* Size of match buffer for literals/lengths. There are 4 reasons for - * limiting lit_bufsize to 64K: - * - frequencies can be kept in 16 bit counters - * - if compression is not successful for the first block, all input - * data is still in the window so we can still emit a stored block even - * when input comes from standard input. (This can also be done for - * all blocks if lit_bufsize is not greater than 32K.) - * - if compression is not successful for a file smaller than 64K, we can - * even emit a stored file instead of a stored block (saving 5 bytes). - * This is applicable only for zip (not gzip or zlib). - * - creating new Huffman trees less frequently may not provide fast - * adaptation to changes in the input data statistics. (Take for - * example a binary file with poorly compressible code followed by - * a highly compressible string table.) Smaller buffer sizes give - * fast adaptation but have of course the overhead of transmitting - * trees more frequently. - * - I can't count above 4 - */ - - uInt last_lit; /* running index in l_buf */ - - ushf *d_buf; - /* Buffer for distances. To simplify the code, d_buf and l_buf have - * the same number of elements. To use different lengths, an extra flag - * array would be necessary. - */ - - ulg opt_len; /* bit length of current block with optimal trees */ - ulg static_len; /* bit length of current block with static trees */ - uInt matches; /* number of string matches in current block */ - int last_eob_len; /* bit length of EOB code for last block */ - -#ifdef DEBUG - ulg compressed_len; /* total bit length of compressed file mod 2^32 */ - ulg bits_sent; /* bit length of compressed data sent mod 2^32 */ -#endif - - ush bi_buf; - /* Output buffer. bits are inserted starting at the bottom (least - * significant bits). - */ - int bi_valid; - /* Number of valid bits in bi_buf. All bits above the last valid bit - * are always zero. - */ - -} FAR deflate_state; - -/* Output a byte on the stream. - * IN assertion: there is enough room in pending_buf. - */ -#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);} - - -#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) -/* Minimum amount of lookahead, except at the end of the input file. - * See deflate.c for comments about the MIN_MATCH+1. - */ - -#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD) -/* In order to simplify the code, particularly on 16 bit machines, match - * distances are limited to MAX_DIST instead of WSIZE. - */ - - /* in trees.c */ -void _tr_init OF((deflate_state *s)); -int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc)); -void _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len, - int eof)); -void _tr_align OF((deflate_state *s)); -void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len, - int eof)); - -#define d_code(dist) \ - ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)]) -/* Mapping from a distance to a distance code. dist is the distance - 1 and - * must not have side effects. _dist_code[256] and _dist_code[257] are never - * used. - */ - -#ifndef DEBUG -/* Inline versions of _tr_tally for speed: */ - -#if defined(GEN_TREES_H) || !defined(STDC) - extern uch _length_code[]; - extern uch _dist_code[]; -#else - extern const uch _length_code[]; - extern const uch _dist_code[]; -#endif - -# define _tr_tally_lit(s, c, flush) \ - { uch cc = (c); \ - s->d_buf[s->last_lit] = 0; \ - s->l_buf[s->last_lit++] = cc; \ - s->dyn_ltree[cc].Freq++; \ - flush = (s->last_lit == s->lit_bufsize-1); \ - } -# define _tr_tally_dist(s, distance, length, flush) \ - { uch len = (length); \ - ush dist = (distance); \ - s->d_buf[s->last_lit] = dist; \ - s->l_buf[s->last_lit++] = len; \ - dist--; \ - s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ - s->dyn_dtree[d_code(dist)].Freq++; \ - flush = (s->last_lit == s->lit_bufsize-1); \ - } -#else -# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) -# define _tr_tally_dist(s, distance, length, flush) \ - flush = _tr_tally(s, distance, length) -#endif - -#endif /* _DEFLATE_H */ diff --git a/linux/lib/zlib/infblock.c b/linux/lib/zlib/infblock.c deleted file mode 100644 index c316ce0c9..000000000 --- a/linux/lib/zlib/infblock.c +++ /dev/null @@ -1,403 +0,0 @@ -/* infblock.c -- interpret and process block types to last block - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -#include -#include "infblock.h" -#include "inftrees.h" -#include "infcodes.h" -#include "infutil.h" - -struct inflate_codes_state {int dummy;}; /* for buggy compilers */ - -/* simplify the use of the inflate_huft type with some defines */ -#define exop word.what.Exop -#define bits word.what.Bits - -/* Table for deflate from PKZIP's appnote.txt. */ -local const uInt border[] = { /* Order of the bit length code lengths */ - 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15}; - -/* - Notes beyond the 1.93a appnote.txt: - - 1. Distance pointers never point before the beginning of the output - stream. - 2. Distance pointers can point back across blocks, up to 32k away. - 3. There is an implied maximum of 7 bits for the bit length table and - 15 bits for the actual data. - 4. If only one code exists, then it is encoded using one bit. (Zero - would be more efficient, but perhaps a little confusing.) If two - codes exist, they are coded using one bit each (0 and 1). - 5. There is no way of sending zero distance codes--a dummy must be - sent if there are none. (History: a pre 2.0 version of PKZIP would - store blocks with no distance codes, but this was discovered to be - too harsh a criterion.) Valid only for 1.93a. 2.04c does allow - zero distance codes, which is sent as one code of zero bits in - length. - 6. There are up to 286 literal/length codes. Code 256 represents the - end-of-block. Note however that the static length tree defines - 288 codes just to fill out the Huffman codes. Codes 286 and 287 - cannot be used though, since there is no length base or extra bits - defined for them. Similarily, there are up to 30 distance codes. - However, static trees define 32 codes (all 5 bits) to fill out the - Huffman codes, but the last two had better not show up in the data. - 7. Unzip can check dynamic Huffman blocks for complete code sets. - The exception is that a single code would not be complete (see #4). - 8. The five bits following the block type is really the number of - literal codes sent minus 257. - 9. Length codes 8,16,16 are interpreted as 13 length codes of 8 bits - (1+6+6). Therefore, to output three times the length, you output - three codes (1+1+1), whereas to output four times the same length, - you only need two codes (1+3). Hmm. - 10. In the tree reconstruction algorithm, Code = Code + Increment - only if BitLength(i) is not zero. (Pretty obvious.) - 11. Correction: 4 Bits: # of Bit Length codes - 4 (4 - 19) - 12. Note: length code 284 can represent 227-258, but length code 285 - really is 258. The last length deserves its own, short code - since it gets used a lot in very redundant files. The length - 258 is special since 258 - 3 (the min match length) is 255. - 13. The literal/length and distance code bit lengths are read as a - single stream of lengths. It is possible (and advantageous) for - a repeat code (16, 17, or 18) to go across the boundary between - the two sets of lengths. - */ - - -void inflate_blocks_reset(s, z, c) -inflate_blocks_statef *s; -z_streamp z; -uLongf *c; -{ - if (c != Z_NULL) - *c = s->check; - if (s->mode == BTREE || s->mode == DTREE) - ZFREE(z, s->sub.trees.blens); - if (s->mode == CODES) - inflate_codes_free(s->sub.decode.codes, z); - s->mode = TYPE; - s->bitk = 0; - s->bitb = 0; - s->read = s->write = s->window; - if (s->checkfn != Z_NULL) - z->adler = s->check = (*s->checkfn)(0L, (const Bytef *)Z_NULL, 0); - Tracev((stderr, "inflate: blocks reset\n")); -} - - -inflate_blocks_statef *inflate_blocks_new(z, c, w) -z_streamp z; -check_func c; -uInt w; -{ - inflate_blocks_statef *s; - - if ((s = (inflate_blocks_statef *)ZALLOC - (z,1,sizeof(struct inflate_blocks_state))) == Z_NULL) - return s; - if ((s->hufts = - (inflate_huft *)ZALLOC(z, sizeof(inflate_huft), MANY)) == Z_NULL) - { - ZFREE(z, s); - return Z_NULL; - } - if ((s->window = (Bytef *)ZALLOC(z, 1, w)) == Z_NULL) - { - ZFREE(z, s->hufts); - ZFREE(z, s); - return Z_NULL; - } - s->end = s->window + w; - s->checkfn = c; - s->mode = TYPE; - Tracev((stderr, "inflate: blocks allocated\n")); - inflate_blocks_reset(s, z, Z_NULL); - return s; -} - - -int inflate_blocks(s, z, r) -inflate_blocks_statef *s; -z_streamp z; -int r; -{ - uInt t; /* temporary storage */ - uLong b; /* bit buffer */ - uInt k; /* bits in bit buffer */ - Bytef *p; /* input data pointer */ - uInt n; /* bytes available there */ - Bytef *q; /* output window write pointer */ - uInt m; /* bytes to end of window or read pointer */ - - /* copy input/output information to locals (UPDATE macro restores) */ - LOAD - - /* process input based on current state */ - while (1) switch (s->mode) - { - case TYPE: - NEEDBITS(3) - t = (uInt)b & 7; - s->last = t & 1; - switch (t >> 1) - { - case 0: /* stored */ - Tracev((stderr, "inflate: stored block%s\n", - s->last ? " (last)" : "")); - DUMPBITS(3) - t = k & 7; /* go to byte boundary */ - DUMPBITS(t) - s->mode = LENS; /* get length of stored block */ - break; - case 1: /* fixed */ - Tracev((stderr, "inflate: fixed codes block%s\n", - s->last ? " (last)" : "")); - { - uInt bl, bd; - inflate_huft *tl, *td; - - inflate_trees_fixed(&bl, &bd, &tl, &td, z); - s->sub.decode.codes = inflate_codes_new(bl, bd, tl, td, z); - if (s->sub.decode.codes == Z_NULL) - { - r = Z_MEM_ERROR; - LEAVE - } - } - DUMPBITS(3) - s->mode = CODES; - break; - case 2: /* dynamic */ - Tracev((stderr, "inflate: dynamic codes block%s\n", - s->last ? " (last)" : "")); - DUMPBITS(3) - s->mode = TABLE; - break; - case 3: /* illegal */ - DUMPBITS(3) - s->mode = BAD; - z->msg = (char*)"invalid block type"; - r = Z_DATA_ERROR; - LEAVE - } - break; - case LENS: - NEEDBITS(32) - if ((((~b) >> 16) & 0xffff) != (b & 0xffff)) - { - s->mode = BAD; - z->msg = (char*)"invalid stored block lengths"; - r = Z_DATA_ERROR; - LEAVE - } - s->sub.left = (uInt)b & 0xffff; - b = k = 0; /* dump bits */ - Tracev((stderr, "inflate: stored length %u\n", s->sub.left)); - s->mode = s->sub.left ? STORED : (s->last ? DRY : TYPE); - break; - case STORED: - if (n == 0) - LEAVE - NEEDOUT - t = s->sub.left; - if (t > n) t = n; - if (t > m) t = m; - zmemcpy(q, p, t); - p += t; n -= t; - q += t; m -= t; - if ((s->sub.left -= t) != 0) - break; - Tracev((stderr, "inflate: stored end, %lu total out\n", - z->total_out + (q >= s->read ? q - s->read : - (s->end - s->read) + (q - s->window)))); - s->mode = s->last ? DRY : TYPE; - break; - case TABLE: - NEEDBITS(14) - s->sub.trees.table = t = (uInt)b & 0x3fff; -#ifndef PKZIP_BUG_WORKAROUND - if ((t & 0x1f) > 29 || ((t >> 5) & 0x1f) > 29) - { - s->mode = BAD; - z->msg = (char*)"too many length or distance symbols"; - r = Z_DATA_ERROR; - LEAVE - } -#endif - t = 258 + (t & 0x1f) + ((t >> 5) & 0x1f); - if ((s->sub.trees.blens = (uIntf*)ZALLOC(z, t, sizeof(uInt))) == Z_NULL) - { - r = Z_MEM_ERROR; - LEAVE - } - DUMPBITS(14) - s->sub.trees.index = 0; - Tracev((stderr, "inflate: table sizes ok\n")); - s->mode = BTREE; - case BTREE: - while (s->sub.trees.index < 4 + (s->sub.trees.table >> 10)) - { - NEEDBITS(3) - s->sub.trees.blens[border[s->sub.trees.index++]] = (uInt)b & 7; - DUMPBITS(3) - } - while (s->sub.trees.index < 19) - s->sub.trees.blens[border[s->sub.trees.index++]] = 0; - s->sub.trees.bb = 7; - t = inflate_trees_bits(s->sub.trees.blens, &s->sub.trees.bb, - &s->sub.trees.tb, s->hufts, z); - if (t != Z_OK) - { - r = t; - if (r == Z_DATA_ERROR) - { - ZFREE(z, s->sub.trees.blens); - s->mode = BAD; - } - LEAVE - } - s->sub.trees.index = 0; - Tracev((stderr, "inflate: bits tree ok\n")); - s->mode = DTREE; - case DTREE: - while (t = s->sub.trees.table, - s->sub.trees.index < 258 + (t & 0x1f) + ((t >> 5) & 0x1f)) - { - inflate_huft *h; - uInt i, j, c; - - t = s->sub.trees.bb; - NEEDBITS(t) - h = s->sub.trees.tb + ((uInt)b & inflate_mask[t]); - t = h->bits; - c = h->base; - if (c < 16) - { - DUMPBITS(t) - s->sub.trees.blens[s->sub.trees.index++] = c; - } - else /* c == 16..18 */ - { - i = c == 18 ? 7 : c - 14; - j = c == 18 ? 11 : 3; - NEEDBITS(t + i) - DUMPBITS(t) - j += (uInt)b & inflate_mask[i]; - DUMPBITS(i) - i = s->sub.trees.index; - t = s->sub.trees.table; - if (i + j > 258 + (t & 0x1f) + ((t >> 5) & 0x1f) || - (c == 16 && i < 1)) - { - ZFREE(z, s->sub.trees.blens); - s->mode = BAD; - z->msg = (char*)"invalid bit length repeat"; - r = Z_DATA_ERROR; - LEAVE - } - c = c == 16 ? s->sub.trees.blens[i - 1] : 0; - do { - s->sub.trees.blens[i++] = c; - } while (--j); - s->sub.trees.index = i; - } - } - s->sub.trees.tb = Z_NULL; - { - uInt bl, bd; - inflate_huft *tl, *td; - inflate_codes_statef *c; - - bl = 9; /* must be <= 9 for lookahead assumptions */ - bd = 6; /* must be <= 9 for lookahead assumptions */ - t = s->sub.trees.table; - t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f), - s->sub.trees.blens, &bl, &bd, &tl, &td, - s->hufts, z); - if (t != Z_OK) - { - if (t == (uInt)Z_DATA_ERROR) - { - ZFREE(z, s->sub.trees.blens); - s->mode = BAD; - } - r = t; - LEAVE - } - Tracev((stderr, "inflate: trees ok\n")); - if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL) - { - r = Z_MEM_ERROR; - LEAVE - } - s->sub.decode.codes = c; - } - ZFREE(z, s->sub.trees.blens); - s->mode = CODES; - case CODES: - UPDATE - if ((r = inflate_codes(s, z, r)) != Z_STREAM_END) - return inflate_flush(s, z, r); - r = Z_OK; - inflate_codes_free(s->sub.decode.codes, z); - LOAD - Tracev((stderr, "inflate: codes end, %lu total out\n", - z->total_out + (q >= s->read ? q - s->read : - (s->end - s->read) + (q - s->window)))); - if (!s->last) - { - s->mode = TYPE; - break; - } - s->mode = DRY; - case DRY: - FLUSH - if (s->read != s->write) - LEAVE - s->mode = DONE; - case DONE: - r = Z_STREAM_END; - LEAVE - case BAD: - r = Z_DATA_ERROR; - LEAVE - default: - r = Z_STREAM_ERROR; - LEAVE - } -} - - -int inflate_blocks_free(s, z) -inflate_blocks_statef *s; -z_streamp z; -{ - inflate_blocks_reset(s, z, Z_NULL); - ZFREE(z, s->window); - ZFREE(z, s->hufts); - ZFREE(z, s); - Tracev((stderr, "inflate: blocks freed\n")); - return Z_OK; -} - - -void inflate_set_dictionary(s, d, n) -inflate_blocks_statef *s; -const Bytef *d; -uInt n; -{ - zmemcpy(s->window, d, n); - s->read = s->write = s->window + n; -} - - -/* Returns true if inflate is currently at the end of a block generated - * by Z_SYNC_FLUSH or Z_FULL_FLUSH. - * IN assertion: s != Z_NULL - */ -int inflate_blocks_sync_point(s) -inflate_blocks_statef *s; -{ - return s->mode == LENS; -} diff --git a/linux/lib/zlib/infblock.h b/linux/lib/zlib/infblock.h deleted file mode 100644 index 173b2267a..000000000 --- a/linux/lib/zlib/infblock.h +++ /dev/null @@ -1,39 +0,0 @@ -/* infblock.h -- header to use infblock.c - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -struct inflate_blocks_state; -typedef struct inflate_blocks_state FAR inflate_blocks_statef; - -extern inflate_blocks_statef * inflate_blocks_new OF(( - z_streamp z, - check_func c, /* check function */ - uInt w)); /* window size */ - -extern int inflate_blocks OF(( - inflate_blocks_statef *, - z_streamp , - int)); /* initial return code */ - -extern void inflate_blocks_reset OF(( - inflate_blocks_statef *, - z_streamp , - uLongf *)); /* check value on output */ - -extern int inflate_blocks_free OF(( - inflate_blocks_statef *, - z_streamp)); - -extern void inflate_set_dictionary OF(( - inflate_blocks_statef *s, - const Bytef *d, /* dictionary */ - uInt n)); /* dictionary length */ - -extern int inflate_blocks_sync_point OF(( - inflate_blocks_statef *s)); diff --git a/linux/lib/zlib/infcodes.c b/linux/lib/zlib/infcodes.c deleted file mode 100644 index f56eae4d7..000000000 --- a/linux/lib/zlib/infcodes.c +++ /dev/null @@ -1,251 +0,0 @@ -/* infcodes.c -- process literals and length/distance pairs - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -#include -#include "inftrees.h" -#include "infblock.h" -#include "infcodes.h" -#include "infutil.h" -#include "inffast.h" - -/* simplify the use of the inflate_huft type with some defines */ -#define exop word.what.Exop -#define bits word.what.Bits - -typedef enum { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */ - START, /* x: set up for LEN */ - LEN, /* i: get length/literal/eob next */ - LENEXT, /* i: getting length extra (have base) */ - DIST, /* i: get distance next */ - DISTEXT, /* i: getting distance extra */ - COPY, /* o: copying bytes in window, waiting for space */ - LIT, /* o: got literal, waiting for output space */ - WASH, /* o: got eob, possibly still output waiting */ - END, /* x: got eob and all data flushed */ - BADCODE} /* x: got error */ -inflate_codes_mode; - -/* inflate codes private state */ -struct inflate_codes_state { - - /* mode */ - inflate_codes_mode mode; /* current inflate_codes mode */ - - /* mode dependent information */ - uInt len; - union { - struct { - inflate_huft *tree; /* pointer into tree */ - uInt need; /* bits needed */ - } code; /* if LEN or DIST, where in tree */ - uInt lit; /* if LIT, literal */ - struct { - uInt get; /* bits to get for extra */ - uInt dist; /* distance back to copy from */ - } copy; /* if EXT or COPY, where and how much */ - } sub; /* submode */ - - /* mode independent information */ - Byte lbits; /* ltree bits decoded per branch */ - Byte dbits; /* dtree bits decoder per branch */ - inflate_huft *ltree; /* literal/length/eob tree */ - inflate_huft *dtree; /* distance tree */ - -}; - - -inflate_codes_statef *inflate_codes_new(bl, bd, tl, td, z) -uInt bl, bd; -inflate_huft *tl; -inflate_huft *td; /* need separate declaration for Borland C++ */ -z_streamp z; -{ - inflate_codes_statef *c; - - if ((c = (inflate_codes_statef *) - ZALLOC(z,1,sizeof(struct inflate_codes_state))) != Z_NULL) - { - c->mode = START; - c->lbits = (Byte)bl; - c->dbits = (Byte)bd; - c->ltree = tl; - c->dtree = td; - Tracev((stderr, "inflate: codes new\n")); - } - return c; -} - - -int inflate_codes(s, z, r) -inflate_blocks_statef *s; -z_streamp z; -int r; -{ - uInt j; /* temporary storage */ - inflate_huft *t; /* temporary pointer */ - uInt e; /* extra bits or operation */ - uLong b; /* bit buffer */ - uInt k; /* bits in bit buffer */ - Bytef *p; /* input data pointer */ - uInt n; /* bytes available there */ - Bytef *q; /* output window write pointer */ - uInt m; /* bytes to end of window or read pointer */ - Bytef *f; /* pointer to copy strings from */ - inflate_codes_statef *c = s->sub.decode.codes; /* codes state */ - - /* copy input/output information to locals (UPDATE macro restores) */ - LOAD - - /* process input and output based on current state */ - while (1) switch (c->mode) - { /* waiting for "i:"=input, "o:"=output, "x:"=nothing */ - case START: /* x: set up for LEN */ -#ifndef SLOW - if (m >= 258 && n >= 10) - { - UPDATE - r = inflate_fast(c->lbits, c->dbits, c->ltree, c->dtree, s, z); - LOAD - if (r != Z_OK) - { - c->mode = r == Z_STREAM_END ? WASH : BADCODE; - break; - } - } -#endif /* !SLOW */ - c->sub.code.need = c->lbits; - c->sub.code.tree = c->ltree; - c->mode = LEN; - case LEN: /* i: get length/literal/eob next */ - j = c->sub.code.need; - NEEDBITS(j) - t = c->sub.code.tree + ((uInt)b & inflate_mask[j]); - DUMPBITS(t->bits) - e = (uInt)(t->exop); - if (e == 0) /* literal */ - { - c->sub.lit = t->base; - Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? - "inflate: literal '%c'\n" : - "inflate: literal 0x%02x\n", t->base)); - c->mode = LIT; - break; - } - if (e & 16) /* length */ - { - c->sub.copy.get = e & 15; - c->len = t->base; - c->mode = LENEXT; - break; - } - if ((e & 64) == 0) /* next table */ - { - c->sub.code.need = e; - c->sub.code.tree = t + t->base; - break; - } - if (e & 32) /* end of block */ - { - Tracevv((stderr, "inflate: end of block\n")); - c->mode = WASH; - break; - } - c->mode = BADCODE; /* invalid code */ - z->msg = (char*)"invalid literal/length code"; - r = Z_DATA_ERROR; - LEAVE - case LENEXT: /* i: getting length extra (have base) */ - j = c->sub.copy.get; - NEEDBITS(j) - c->len += (uInt)b & inflate_mask[j]; - DUMPBITS(j) - c->sub.code.need = c->dbits; - c->sub.code.tree = c->dtree; - Tracevv((stderr, "inflate: length %u\n", c->len)); - c->mode = DIST; - case DIST: /* i: get distance next */ - j = c->sub.code.need; - NEEDBITS(j) - t = c->sub.code.tree + ((uInt)b & inflate_mask[j]); - DUMPBITS(t->bits) - e = (uInt)(t->exop); - if (e & 16) /* distance */ - { - c->sub.copy.get = e & 15; - c->sub.copy.dist = t->base; - c->mode = DISTEXT; - break; - } - if ((e & 64) == 0) /* next table */ - { - c->sub.code.need = e; - c->sub.code.tree = t + t->base; - break; - } - c->mode = BADCODE; /* invalid code */ - z->msg = (char*)"invalid distance code"; - r = Z_DATA_ERROR; - LEAVE - case DISTEXT: /* i: getting distance extra */ - j = c->sub.copy.get; - NEEDBITS(j) - c->sub.copy.dist += (uInt)b & inflate_mask[j]; - DUMPBITS(j) - Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist)); - c->mode = COPY; - case COPY: /* o: copying bytes in window, waiting for space */ - f = q - c->sub.copy.dist; - while (f < s->window) /* modulo window size-"while" instead */ - f += s->end - s->window; /* of "if" handles invalid distances */ - while (c->len) - { - NEEDOUT - OUTBYTE(*f++) - if (f == s->end) - f = s->window; - c->len--; - } - c->mode = START; - break; - case LIT: /* o: got literal, waiting for output space */ - NEEDOUT - OUTBYTE(c->sub.lit) - c->mode = START; - break; - case WASH: /* o: got eob, possibly more output */ - if (k > 7) /* return unused byte, if any */ - { - Assert(k < 16, "inflate_codes grabbed too many bytes") - k -= 8; - n++; - p--; /* can always return one */ - } - FLUSH - if (s->read != s->write) - LEAVE - c->mode = END; - case END: - r = Z_STREAM_END; - LEAVE - case BADCODE: /* x: got error */ - r = Z_DATA_ERROR; - LEAVE - default: - r = Z_STREAM_ERROR; - LEAVE - } -#ifdef NEED_DUMMY_RETURN - return Z_STREAM_ERROR; /* Some dumb compilers complain without this */ -#endif -} - - -void inflate_codes_free(c, z) -inflate_codes_statef *c; -z_streamp z; -{ - ZFREE(z, c); - Tracev((stderr, "inflate: codes free\n")); -} diff --git a/linux/lib/zlib/infcodes.h b/linux/lib/zlib/infcodes.h deleted file mode 100644 index 27e4a40db..000000000 --- a/linux/lib/zlib/infcodes.h +++ /dev/null @@ -1,31 +0,0 @@ -/* infcodes.h -- header to use infcodes.c - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -#ifndef _INFCODES_H -#define _INFCODES_H - -struct inflate_codes_state; -typedef struct inflate_codes_state FAR inflate_codes_statef; - -extern inflate_codes_statef *inflate_codes_new OF(( - uInt, uInt, - inflate_huft *, inflate_huft *, - z_streamp )); - -extern int inflate_codes OF(( - inflate_blocks_statef *, - z_streamp , - int)); - -extern void inflate_codes_free OF(( - inflate_codes_statef *, - z_streamp )); - -#endif /* _INFCODES_H */ diff --git a/linux/lib/zlib/inffast.c b/linux/lib/zlib/inffast.c deleted file mode 100644 index 2a363c5ae..000000000 --- a/linux/lib/zlib/inffast.c +++ /dev/null @@ -1,183 +0,0 @@ -/* inffast.c -- process literals and length/distance pairs fast - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -#include -#include "inftrees.h" -#include "infblock.h" -#include "infcodes.h" -#include "infutil.h" -#include "inffast.h" - -struct inflate_codes_state {int dummy;}; /* for buggy compilers */ - -/* simplify the use of the inflate_huft type with some defines */ -#define exop word.what.Exop -#define bits word.what.Bits - -/* macros for bit input with no checking and for returning unused bytes */ -#define GRABBITS(j) {while(k<(j)){b|=((uLong)NEXTBYTE)<avail_in-n;c=(k>>3)>3:c;n+=c;p-=c;k-=c<<3;} - -/* Called with number of bytes left to write in window at least 258 - (the maximum string length) and number of input bytes available - at least ten. The ten bytes are six bytes for the longest length/ - distance pair plus four bytes for overloading the bit buffer. */ - -int inflate_fast(bl, bd, tl, td, s, z) -uInt bl, bd; -inflate_huft *tl; -inflate_huft *td; /* need separate declaration for Borland C++ */ -inflate_blocks_statef *s; -z_streamp z; -{ - inflate_huft *t; /* temporary pointer */ - uInt e; /* extra bits or operation */ - uLong b; /* bit buffer */ - uInt k; /* bits in bit buffer */ - Bytef *p; /* input data pointer */ - uInt n; /* bytes available there */ - Bytef *q; /* output window write pointer */ - uInt m; /* bytes to end of window or read pointer */ - uInt ml; /* mask for literal/length tree */ - uInt md; /* mask for distance tree */ - uInt c; /* bytes to copy */ - uInt d; /* distance back to copy from */ - Bytef *r; /* copy source pointer */ - - /* load input, output, bit values */ - LOAD - - /* initialize masks */ - ml = inflate_mask[bl]; - md = inflate_mask[bd]; - - /* do until not enough input or output space for fast loop */ - do { /* assume called with m >= 258 && n >= 10 */ - /* get literal/length code */ - GRABBITS(20) /* max bits for literal/length code */ - if ((e = (t = tl + ((uInt)b & ml))->exop) == 0) - { - DUMPBITS(t->bits) - Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? - "inflate: * literal '%c'\n" : - "inflate: * literal 0x%02x\n", t->base)); - *q++ = (Byte)t->base; - m--; - continue; - } - do { - DUMPBITS(t->bits) - if (e & 16) - { - /* get extra bits for length */ - e &= 15; - c = t->base + ((uInt)b & inflate_mask[e]); - DUMPBITS(e) - Tracevv((stderr, "inflate: * length %u\n", c)); - - /* decode distance base of block to copy */ - GRABBITS(15); /* max bits for distance code */ - e = (t = td + ((uInt)b & md))->exop; - do { - DUMPBITS(t->bits) - if (e & 16) - { - /* get extra bits to add to distance base */ - e &= 15; - GRABBITS(e) /* get extra bits (up to 13) */ - d = t->base + ((uInt)b & inflate_mask[e]); - DUMPBITS(e) - Tracevv((stderr, "inflate: * distance %u\n", d)); - - /* do the copy */ - m -= c; - r = q - d; - if (r < s->window) /* wrap if needed */ - { - do { - r += s->end - s->window; /* force pointer in window */ - } while (r < s->window); /* covers invalid distances */ - e = s->end - r; - if (c > e) - { - c -= e; /* wrapped copy */ - do { - *q++ = *r++; - } while (--e); - r = s->window; - do { - *q++ = *r++; - } while (--c); - } - else /* normal copy */ - { - *q++ = *r++; c--; - *q++ = *r++; c--; - do { - *q++ = *r++; - } while (--c); - } - } - else /* normal copy */ - { - *q++ = *r++; c--; - *q++ = *r++; c--; - do { - *q++ = *r++; - } while (--c); - } - break; - } - else if ((e & 64) == 0) - { - t += t->base; - e = (t += ((uInt)b & inflate_mask[e]))->exop; - } - else - { - z->msg = (char*)"invalid distance code"; - UNGRAB - UPDATE - return Z_DATA_ERROR; - } - } while (1); - break; - } - if ((e & 64) == 0) - { - t += t->base; - if ((e = (t += ((uInt)b & inflate_mask[e]))->exop) == 0) - { - DUMPBITS(t->bits) - Tracevv((stderr, t->base >= 0x20 && t->base < 0x7f ? - "inflate: * literal '%c'\n" : - "inflate: * literal 0x%02x\n", t->base)); - *q++ = (Byte)t->base; - m--; - break; - } - } - else if (e & 32) - { - Tracevv((stderr, "inflate: * end of block\n")); - UNGRAB - UPDATE - return Z_STREAM_END; - } - else - { - z->msg = (char*)"invalid literal/length code"; - UNGRAB - UPDATE - return Z_DATA_ERROR; - } - } while (1); - } while (m >= 258 && n >= 10); - - /* not enough input or output--restore pointers and return */ - UNGRAB - UPDATE - return Z_OK; -} diff --git a/linux/lib/zlib/inffast.h b/linux/lib/zlib/inffast.h deleted file mode 100644 index 652a0e849..000000000 --- a/linux/lib/zlib/inffast.h +++ /dev/null @@ -1,22 +0,0 @@ -/* inffast.h -- header to use inffast.c - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -#ifndef _INFFAST_H -#define _INFFAST_H - -extern int inflate_fast OF(( - uInt, - uInt, - inflate_huft *, - inflate_huft *, - inflate_blocks_statef *, - z_streamp )); - -#endif /* _INFFAST_H */ diff --git a/linux/lib/zlib/inffixed.h b/linux/lib/zlib/inffixed.h deleted file mode 100644 index 77f7e7631..000000000 --- a/linux/lib/zlib/inffixed.h +++ /dev/null @@ -1,151 +0,0 @@ -/* inffixed.h -- table for decoding fixed codes - * Generated automatically by the maketree.c program - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -local uInt fixed_bl = 9; -local uInt fixed_bd = 5; -local inflate_huft fixed_tl[] = { - {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115}, - {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},192}, - {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},160}, - {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},224}, - {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},144}, - {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},208}, - {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},176}, - {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},240}, - {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227}, - {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},200}, - {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},168}, - {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},232}, - {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},152}, - {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},216}, - {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},184}, - {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},248}, - {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163}, - {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},196}, - {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},164}, - {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},228}, - {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},148}, - {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},212}, - {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},180}, - {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},244}, - {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0}, - {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},204}, - {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},172}, - {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},236}, - {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},156}, - {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},220}, - {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},188}, - {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},252}, - {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131}, - {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},194}, - {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},162}, - {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},226}, - {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},146}, - {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},210}, - {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},178}, - {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},242}, - {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258}, - {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},202}, - {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},170}, - {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},234}, - {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},154}, - {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},218}, - {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},186}, - {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},250}, - {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195}, - {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},198}, - {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},166}, - {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},230}, - {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},150}, - {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},214}, - {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},182}, - {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},246}, - {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0}, - {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},206}, - {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},174}, - {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},238}, - {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},158}, - {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},222}, - {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},190}, - {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},254}, - {{{96,7}},256}, {{{0,8}},80}, {{{0,8}},16}, {{{84,8}},115}, - {{{82,7}},31}, {{{0,8}},112}, {{{0,8}},48}, {{{0,9}},193}, - {{{80,7}},10}, {{{0,8}},96}, {{{0,8}},32}, {{{0,9}},161}, - {{{0,8}},0}, {{{0,8}},128}, {{{0,8}},64}, {{{0,9}},225}, - {{{80,7}},6}, {{{0,8}},88}, {{{0,8}},24}, {{{0,9}},145}, - {{{83,7}},59}, {{{0,8}},120}, {{{0,8}},56}, {{{0,9}},209}, - {{{81,7}},17}, {{{0,8}},104}, {{{0,8}},40}, {{{0,9}},177}, - {{{0,8}},8}, {{{0,8}},136}, {{{0,8}},72}, {{{0,9}},241}, - {{{80,7}},4}, {{{0,8}},84}, {{{0,8}},20}, {{{85,8}},227}, - {{{83,7}},43}, {{{0,8}},116}, {{{0,8}},52}, {{{0,9}},201}, - {{{81,7}},13}, {{{0,8}},100}, {{{0,8}},36}, {{{0,9}},169}, - {{{0,8}},4}, {{{0,8}},132}, {{{0,8}},68}, {{{0,9}},233}, - {{{80,7}},8}, {{{0,8}},92}, {{{0,8}},28}, {{{0,9}},153}, - {{{84,7}},83}, {{{0,8}},124}, {{{0,8}},60}, {{{0,9}},217}, - {{{82,7}},23}, {{{0,8}},108}, {{{0,8}},44}, {{{0,9}},185}, - {{{0,8}},12}, {{{0,8}},140}, {{{0,8}},76}, {{{0,9}},249}, - {{{80,7}},3}, {{{0,8}},82}, {{{0,8}},18}, {{{85,8}},163}, - {{{83,7}},35}, {{{0,8}},114}, {{{0,8}},50}, {{{0,9}},197}, - {{{81,7}},11}, {{{0,8}},98}, {{{0,8}},34}, {{{0,9}},165}, - {{{0,8}},2}, {{{0,8}},130}, {{{0,8}},66}, {{{0,9}},229}, - {{{80,7}},7}, {{{0,8}},90}, {{{0,8}},26}, {{{0,9}},149}, - {{{84,7}},67}, {{{0,8}},122}, {{{0,8}},58}, {{{0,9}},213}, - {{{82,7}},19}, {{{0,8}},106}, {{{0,8}},42}, {{{0,9}},181}, - {{{0,8}},10}, {{{0,8}},138}, {{{0,8}},74}, {{{0,9}},245}, - {{{80,7}},5}, {{{0,8}},86}, {{{0,8}},22}, {{{192,8}},0}, - {{{83,7}},51}, {{{0,8}},118}, {{{0,8}},54}, {{{0,9}},205}, - {{{81,7}},15}, {{{0,8}},102}, {{{0,8}},38}, {{{0,9}},173}, - {{{0,8}},6}, {{{0,8}},134}, {{{0,8}},70}, {{{0,9}},237}, - {{{80,7}},9}, {{{0,8}},94}, {{{0,8}},30}, {{{0,9}},157}, - {{{84,7}},99}, {{{0,8}},126}, {{{0,8}},62}, {{{0,9}},221}, - {{{82,7}},27}, {{{0,8}},110}, {{{0,8}},46}, {{{0,9}},189}, - {{{0,8}},14}, {{{0,8}},142}, {{{0,8}},78}, {{{0,9}},253}, - {{{96,7}},256}, {{{0,8}},81}, {{{0,8}},17}, {{{85,8}},131}, - {{{82,7}},31}, {{{0,8}},113}, {{{0,8}},49}, {{{0,9}},195}, - {{{80,7}},10}, {{{0,8}},97}, {{{0,8}},33}, {{{0,9}},163}, - {{{0,8}},1}, {{{0,8}},129}, {{{0,8}},65}, {{{0,9}},227}, - {{{80,7}},6}, {{{0,8}},89}, {{{0,8}},25}, {{{0,9}},147}, - {{{83,7}},59}, {{{0,8}},121}, {{{0,8}},57}, {{{0,9}},211}, - {{{81,7}},17}, {{{0,8}},105}, {{{0,8}},41}, {{{0,9}},179}, - {{{0,8}},9}, {{{0,8}},137}, {{{0,8}},73}, {{{0,9}},243}, - {{{80,7}},4}, {{{0,8}},85}, {{{0,8}},21}, {{{80,8}},258}, - {{{83,7}},43}, {{{0,8}},117}, {{{0,8}},53}, {{{0,9}},203}, - {{{81,7}},13}, {{{0,8}},101}, {{{0,8}},37}, {{{0,9}},171}, - {{{0,8}},5}, {{{0,8}},133}, {{{0,8}},69}, {{{0,9}},235}, - {{{80,7}},8}, {{{0,8}},93}, {{{0,8}},29}, {{{0,9}},155}, - {{{84,7}},83}, {{{0,8}},125}, {{{0,8}},61}, {{{0,9}},219}, - {{{82,7}},23}, {{{0,8}},109}, {{{0,8}},45}, {{{0,9}},187}, - {{{0,8}},13}, {{{0,8}},141}, {{{0,8}},77}, {{{0,9}},251}, - {{{80,7}},3}, {{{0,8}},83}, {{{0,8}},19}, {{{85,8}},195}, - {{{83,7}},35}, {{{0,8}},115}, {{{0,8}},51}, {{{0,9}},199}, - {{{81,7}},11}, {{{0,8}},99}, {{{0,8}},35}, {{{0,9}},167}, - {{{0,8}},3}, {{{0,8}},131}, {{{0,8}},67}, {{{0,9}},231}, - {{{80,7}},7}, {{{0,8}},91}, {{{0,8}},27}, {{{0,9}},151}, - {{{84,7}},67}, {{{0,8}},123}, {{{0,8}},59}, {{{0,9}},215}, - {{{82,7}},19}, {{{0,8}},107}, {{{0,8}},43}, {{{0,9}},183}, - {{{0,8}},11}, {{{0,8}},139}, {{{0,8}},75}, {{{0,9}},247}, - {{{80,7}},5}, {{{0,8}},87}, {{{0,8}},23}, {{{192,8}},0}, - {{{83,7}},51}, {{{0,8}},119}, {{{0,8}},55}, {{{0,9}},207}, - {{{81,7}},15}, {{{0,8}},103}, {{{0,8}},39}, {{{0,9}},175}, - {{{0,8}},7}, {{{0,8}},135}, {{{0,8}},71}, {{{0,9}},239}, - {{{80,7}},9}, {{{0,8}},95}, {{{0,8}},31}, {{{0,9}},159}, - {{{84,7}},99}, {{{0,8}},127}, {{{0,8}},63}, {{{0,9}},223}, - {{{82,7}},27}, {{{0,8}},111}, {{{0,8}},47}, {{{0,9}},191}, - {{{0,8}},15}, {{{0,8}},143}, {{{0,8}},79}, {{{0,9}},255} - }; -local inflate_huft fixed_td[] = { - {{{80,5}},1}, {{{87,5}},257}, {{{83,5}},17}, {{{91,5}},4097}, - {{{81,5}},5}, {{{89,5}},1025}, {{{85,5}},65}, {{{93,5}},16385}, - {{{80,5}},3}, {{{88,5}},513}, {{{84,5}},33}, {{{92,5}},8193}, - {{{82,5}},9}, {{{90,5}},2049}, {{{86,5}},129}, {{{192,5}},24577}, - {{{80,5}},2}, {{{87,5}},385}, {{{83,5}},25}, {{{91,5}},6145}, - {{{81,5}},7}, {{{89,5}},1537}, {{{85,5}},97}, {{{93,5}},24577}, - {{{80,5}},4}, {{{88,5}},769}, {{{84,5}},49}, {{{92,5}},12289}, - {{{82,5}},13}, {{{90,5}},3073}, {{{86,5}},193}, {{{192,5}},24577} - }; diff --git a/linux/lib/zlib/inflate.c b/linux/lib/zlib/inflate.c deleted file mode 100644 index 3266babb4..000000000 --- a/linux/lib/zlib/inflate.c +++ /dev/null @@ -1,368 +0,0 @@ -/* inflate.c -- zlib interface to inflate modules - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -#include -#include "infblock.h" - -struct inflate_blocks_state {int dummy;}; /* for buggy compilers */ - -typedef enum { - METHOD, /* waiting for method byte */ - FLAG, /* waiting for flag byte */ - DICT4, /* four dictionary check bytes to go */ - DICT3, /* three dictionary check bytes to go */ - DICT2, /* two dictionary check bytes to go */ - DICT1, /* one dictionary check byte to go */ - DICT0, /* waiting for inflateSetDictionary */ - BLOCKS, /* decompressing blocks */ - CHECK4, /* four check bytes to go */ - CHECK3, /* three check bytes to go */ - CHECK2, /* two check bytes to go */ - CHECK1, /* one check byte to go */ - DONE, /* finished check, done */ - BAD} /* got an error--stay here */ -inflate_mode; - -/* inflate private state */ -struct internal_state { - - /* mode */ - inflate_mode mode; /* current inflate mode */ - - /* mode dependent information */ - union { - uInt method; /* if FLAGS, method byte */ - struct { - uLong was; /* computed check value */ - uLong need; /* stream check value */ - } check; /* if CHECK, check values to compare */ - uInt marker; /* if BAD, inflateSync's marker bytes count */ - } sub; /* submode */ - - /* mode independent information */ - int nowrap; /* flag for no wrapper */ - uInt wbits; /* log2(window size) (8..15, defaults to 15) */ - inflate_blocks_statef - *blocks; /* current inflate_blocks state */ - -}; - - -int ZEXPORT inflateReset(z) -z_streamp z; -{ - if (z == Z_NULL || z->state == Z_NULL) - return Z_STREAM_ERROR; - z->total_in = z->total_out = 0; - z->msg = Z_NULL; - z->state->mode = z->state->nowrap ? BLOCKS : METHOD; - inflate_blocks_reset(z->state->blocks, z, Z_NULL); - Tracev((stderr, "inflate: reset\n")); - return Z_OK; -} - - -int ZEXPORT inflateEnd(z) -z_streamp z; -{ - if (z == Z_NULL || z->state == Z_NULL || z->zfree == Z_NULL) - return Z_STREAM_ERROR; - if (z->state->blocks != Z_NULL) - inflate_blocks_free(z->state->blocks, z); - ZFREE(z, z->state); - z->state = Z_NULL; - Tracev((stderr, "inflate: end\n")); - return Z_OK; -} - - -int ZEXPORT inflateInit2_(z, w, version, stream_size) -z_streamp z; -int w; -const char *version; -int stream_size; -{ - if (version == Z_NULL || version[0] != ZLIB_VERSION[0] || - stream_size != sizeof(z_stream)) - return Z_VERSION_ERROR; - - /* initialize state */ - if (z == Z_NULL) - return Z_STREAM_ERROR; - z->msg = Z_NULL; - if (z->zalloc == Z_NULL) - { - return Z_STREAM_ERROR; -/* z->zalloc = zcalloc; - z->opaque = (voidpf)0; -*/ - } - if (z->zfree == Z_NULL) return Z_STREAM_ERROR; /* z->zfree = zcfree; */ - if ((z->state = (struct internal_state FAR *) - ZALLOC(z,1,sizeof(struct internal_state))) == Z_NULL) - return Z_MEM_ERROR; - z->state->blocks = Z_NULL; - - /* handle undocumented nowrap option (no zlib header or check) */ - z->state->nowrap = 0; - if (w < 0) - { - w = - w; - z->state->nowrap = 1; - } - - /* set window size */ - if (w < 8 || w > 15) - { - inflateEnd(z); - return Z_STREAM_ERROR; - } - z->state->wbits = (uInt)w; - - /* create inflate_blocks state */ - if ((z->state->blocks = - inflate_blocks_new(z, z->state->nowrap ? Z_NULL : adler32, (uInt)1 << w)) - == Z_NULL) - { - inflateEnd(z); - return Z_MEM_ERROR; - } - Tracev((stderr, "inflate: allocated\n")); - - /* reset state */ - inflateReset(z); - return Z_OK; -} - - -int ZEXPORT inflateInit_(z, version, stream_size) -z_streamp z; -const char *version; -int stream_size; -{ - return inflateInit2_(z, DEF_WBITS, version, stream_size); -} - - -#define NEEDBYTE {if(z->avail_in==0)return r;r=f;} -#define NEXTBYTE (z->avail_in--,z->total_in++,*z->next_in++) - -int ZEXPORT inflate(z, f) -z_streamp z; -int f; -{ - int r; - uInt b; - - if (z == Z_NULL || z->state == Z_NULL || z->next_in == Z_NULL) - return Z_STREAM_ERROR; - f = f == Z_FINISH ? Z_BUF_ERROR : Z_OK; - r = Z_BUF_ERROR; - while (1) switch (z->state->mode) - { - case METHOD: - NEEDBYTE - if (((z->state->sub.method = NEXTBYTE) & 0xf) != Z_DEFLATED) - { - z->state->mode = BAD; - z->msg = (char*)"unknown compression method"; - z->state->sub.marker = 5; /* can't try inflateSync */ - break; - } - if ((z->state->sub.method >> 4) + 8 > z->state->wbits) - { - z->state->mode = BAD; - z->msg = (char*)"invalid window size"; - z->state->sub.marker = 5; /* can't try inflateSync */ - break; - } - z->state->mode = FLAG; - case FLAG: - NEEDBYTE - b = NEXTBYTE; - if (((z->state->sub.method << 8) + b) % 31) - { - z->state->mode = BAD; - z->msg = (char*)"incorrect header check"; - z->state->sub.marker = 5; /* can't try inflateSync */ - break; - } - Tracev((stderr, "inflate: zlib header ok\n")); - if (!(b & PRESET_DICT)) - { - z->state->mode = BLOCKS; - break; - } - z->state->mode = DICT4; - case DICT4: - NEEDBYTE - z->state->sub.check.need = (uLong)NEXTBYTE << 24; - z->state->mode = DICT3; - case DICT3: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE << 16; - z->state->mode = DICT2; - case DICT2: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE << 8; - z->state->mode = DICT1; - case DICT1: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE; - z->adler = z->state->sub.check.need; - z->state->mode = DICT0; - return Z_NEED_DICT; - case DICT0: - z->state->mode = BAD; - z->msg = (char*)"need dictionary"; - z->state->sub.marker = 0; /* can try inflateSync */ - return Z_STREAM_ERROR; - case BLOCKS: - r = inflate_blocks(z->state->blocks, z, r); - if (r == Z_DATA_ERROR) - { - z->state->mode = BAD; - z->state->sub.marker = 0; /* can try inflateSync */ - break; - } - if (r == Z_OK) - r = f; - if (r != Z_STREAM_END) - return r; - r = f; - inflate_blocks_reset(z->state->blocks, z, &z->state->sub.check.was); - if (z->state->nowrap) - { - z->state->mode = DONE; - break; - } - z->state->mode = CHECK4; - case CHECK4: - NEEDBYTE - z->state->sub.check.need = (uLong)NEXTBYTE << 24; - z->state->mode = CHECK3; - case CHECK3: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE << 16; - z->state->mode = CHECK2; - case CHECK2: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE << 8; - z->state->mode = CHECK1; - case CHECK1: - NEEDBYTE - z->state->sub.check.need += (uLong)NEXTBYTE; - - if (z->state->sub.check.was != z->state->sub.check.need) - { - z->state->mode = BAD; - z->msg = (char*)"incorrect data check"; - z->state->sub.marker = 5; /* can't try inflateSync */ - break; - } - Tracev((stderr, "inflate: zlib check ok\n")); - z->state->mode = DONE; - case DONE: - return Z_STREAM_END; - case BAD: - return Z_DATA_ERROR; - default: - return Z_STREAM_ERROR; - } -#ifdef NEED_DUMMY_RETURN - return Z_STREAM_ERROR; /* Some dumb compilers complain without this */ -#endif -} - - -int ZEXPORT inflateSetDictionary(z, dictionary, dictLength) -z_streamp z; -const Bytef *dictionary; -uInt dictLength; -{ - uInt length = dictLength; - - if (z == Z_NULL || z->state == Z_NULL || z->state->mode != DICT0) - return Z_STREAM_ERROR; - - if (adler32(1L, dictionary, dictLength) != z->adler) return Z_DATA_ERROR; - z->adler = 1L; - - if (length >= ((uInt)1<state->wbits)) - { - length = (1<state->wbits)-1; - dictionary += dictLength - length; - } - inflate_set_dictionary(z->state->blocks, dictionary, length); - z->state->mode = BLOCKS; - return Z_OK; -} - - -int ZEXPORT inflateSync(z) -z_streamp z; -{ - uInt n; /* number of bytes to look at */ - Bytef *p; /* pointer to bytes */ - uInt m; /* number of marker bytes found in a row */ - uLong r, w; /* temporaries to save total_in and total_out */ - - /* set up */ - if (z == Z_NULL || z->state == Z_NULL) - return Z_STREAM_ERROR; - if (z->state->mode != BAD) - { - z->state->mode = BAD; - z->state->sub.marker = 0; - } - if ((n = z->avail_in) == 0) - return Z_BUF_ERROR; - p = z->next_in; - m = z->state->sub.marker; - - /* search */ - while (n && m < 4) - { - static const Byte mark[4] = {0, 0, 0xff, 0xff}; - if (*p == mark[m]) - m++; - else if (*p) - m = 0; - else - m = 4 - m; - p++, n--; - } - - /* restore */ - z->total_in += p - z->next_in; - z->next_in = p; - z->avail_in = n; - z->state->sub.marker = m; - - /* return no joy or set up to restart on a new block */ - if (m != 4) - return Z_DATA_ERROR; - r = z->total_in; w = z->total_out; - inflateReset(z); - z->total_in = r; z->total_out = w; - z->state->mode = BLOCKS; - return Z_OK; -} - - -/* Returns true if inflate is currently at the end of a block generated - * by Z_SYNC_FLUSH or Z_FULL_FLUSH. This function is used by one PPP - * implementation to provide an additional safety check. PPP uses Z_SYNC_FLUSH - * but removes the length bytes of the resulting empty stored block. When - * decompressing, PPP checks that at the end of input packet, inflate is - * waiting for these length bytes. - */ -int ZEXPORT inflateSyncPoint(z) -z_streamp z; -{ - if (z == Z_NULL || z->state == Z_NULL || z->state->blocks == Z_NULL) - return Z_STREAM_ERROR; - return inflate_blocks_sync_point(z->state->blocks); -} diff --git a/linux/lib/zlib/inftrees.c b/linux/lib/zlib/inftrees.c deleted file mode 100644 index 59ffb020c..000000000 --- a/linux/lib/zlib/inftrees.c +++ /dev/null @@ -1,454 +0,0 @@ -/* inftrees.c -- generate Huffman trees for efficient decoding - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -#include -#include "inftrees.h" - -#if !defined(BUILDFIXED) && !defined(STDC) -# define BUILDFIXED /* non ANSI compilers may not accept inffixed.h */ -#endif - -local const char inflate_copyright[] = - " inflate 1.1.4 Copyright 1995-2002 Mark Adler "; -/* - If you use the zlib library in a product, an acknowledgment is welcome - in the documentation of your product. If for some reason you cannot - include such an acknowledgment, I would appreciate that you keep this - copyright string in the executable of your product. - */ -struct internal_state {int dummy;}; /* for buggy compilers */ - -/* simplify the use of the inflate_huft type with some defines */ -#define exop word.what.Exop -#define bits word.what.Bits - - -local int huft_build OF(( - uIntf *, /* code lengths in bits */ - uInt, /* number of codes */ - uInt, /* number of "simple" codes */ - const uIntf *, /* list of base values for non-simple codes */ - const uIntf *, /* list of extra bits for non-simple codes */ - inflate_huft * FAR*,/* result: starting table */ - uIntf *, /* maximum lookup bits (returns actual) */ - inflate_huft *, /* space for trees */ - uInt *, /* hufts used in space */ - uIntf * )); /* space for values */ - -/* Tables for deflate from PKZIP's appnote.txt. */ -local const uInt cplens[31] = { /* Copy lengths for literal codes 257..285 */ - 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, - 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; - /* see note #13 above about 258 */ -local const uInt cplext[31] = { /* Extra bits for literal codes 257..285 */ - 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, - 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 112, 112}; /* 112==invalid */ -local const uInt cpdist[30] = { /* Copy offsets for distance codes 0..29 */ - 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, - 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, - 8193, 12289, 16385, 24577}; -local const uInt cpdext[30] = { /* Extra bits for distance codes */ - 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, - 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, - 12, 12, 13, 13}; - -/* - Huffman code decoding is performed using a multi-level table lookup. - The fastest way to decode is to simply build a lookup table whose - size is determined by the longest code. However, the time it takes - to build this table can also be a factor if the data being decoded - is not very long. The most common codes are necessarily the - shortest codes, so those codes dominate the decoding time, and hence - the speed. The idea is you can have a shorter table that decodes the - shorter, more probable codes, and then point to subsidiary tables for - the longer codes. The time it costs to decode the longer codes is - then traded against the time it takes to make longer tables. - - This results of this trade are in the variables lbits and dbits - below. lbits is the number of bits the first level table for literal/ - length codes can decode in one step, and dbits is the same thing for - the distance codes. Subsequent tables are also less than or equal to - those sizes. These values may be adjusted either when all of the - codes are shorter than that, in which case the longest code length in - bits is used, or when the shortest code is *longer* than the requested - table size, in which case the length of the shortest code in bits is - used. - - There are two different values for the two tables, since they code a - different number of possibilities each. The literal/length table - codes 286 possible values, or in a flat code, a little over eight - bits. The distance table codes 30 possible values, or a little less - than five bits, flat. The optimum values for speed end up being - about one bit more than those, so lbits is 8+1 and dbits is 5+1. - The optimum values may differ though from machine to machine, and - possibly even between compilers. Your mileage may vary. - */ - - -/* If BMAX needs to be larger than 16, then h and x[] should be uLong. */ -#define BMAX 15 /* maximum bit length of any code */ - -local int huft_build(b, n, s, d, e, t, m, hp, hn, v) -uIntf *b; /* code lengths in bits (all assumed <= BMAX) */ -uInt n; /* number of codes (assumed <= 288) */ -uInt s; /* number of simple-valued codes (0..s-1) */ -const uIntf *d; /* list of base values for non-simple codes */ -const uIntf *e; /* list of extra bits for non-simple codes */ -inflate_huft * FAR *t; /* result: starting table */ -uIntf *m; /* maximum lookup bits, returns actual */ -inflate_huft *hp; /* space for trees */ -uInt *hn; /* hufts used in space */ -uIntf *v; /* working area: values in order of bit length */ -/* Given a list of code lengths and a maximum table size, make a set of - tables to decode that set of codes. Return Z_OK on success, Z_BUF_ERROR - if the given code set is incomplete (the tables are still built in this - case), or Z_DATA_ERROR if the input is invalid. */ -{ - - uInt a; /* counter for codes of length k */ - uInt c[BMAX+1]; /* bit length count table */ - uInt f; /* i repeats in table every f entries */ - int g; /* maximum code length */ - int h; /* table level */ - register uInt i; /* counter, current code */ - register uInt j; /* counter */ - register int k; /* number of bits in current code */ - int l; /* bits per table (returned in m) */ - uInt mask; /* (1 << w) - 1, to avoid cc -O bug on HP */ - register uIntf *p; /* pointer into c[], b[], or v[] */ - inflate_huft *q; /* points to current table */ - struct inflate_huft_s r; /* table entry for structure assignment */ - inflate_huft *u[BMAX]; /* table stack */ - register int w; /* bits before this table == (l * h) */ - uInt x[BMAX+1]; /* bit offsets, then code stack */ - uIntf *xp; /* pointer into x */ - int y; /* number of dummy codes added */ - uInt z; /* number of entries in current table */ - - - /* Generate counts for each bit length */ - p = c; -#define C0 *p++ = 0; -#define C2 C0 C0 C0 C0 -#define C4 C2 C2 C2 C2 - C4 /* clear c[]--assume BMAX+1 is 16 */ - p = b; i = n; - do { - c[*p++]++; /* assume all entries <= BMAX */ - } while (--i); - if (c[0] == n) /* null input--all zero length codes */ - { - *t = (inflate_huft *)Z_NULL; - *m = 0; - return Z_OK; - } - - - /* Find minimum and maximum length, bound *m by those */ - l = *m; - for (j = 1; j <= BMAX; j++) - if (c[j]) - break; - k = j; /* minimum code length */ - if ((uInt)l < j) - l = j; - for (i = BMAX; i; i--) - if (c[i]) - break; - g = i; /* maximum code length */ - if ((uInt)l > i) - l = i; - *m = l; - - - /* Adjust last length count to fill out codes, if needed */ - for (y = 1 << j; j < i; j++, y <<= 1) - if ((y -= c[j]) < 0) - return Z_DATA_ERROR; - if ((y -= c[i]) < 0) - return Z_DATA_ERROR; - c[i] += y; - - - /* Generate starting offsets into the value table for each length */ - x[1] = j = 0; - p = c + 1; xp = x + 2; - while (--i) { /* note that i == g from above */ - *xp++ = (j += *p++); - } - - - /* Make a table of values in order of bit lengths */ - p = b; i = 0; - do { - if ((j = *p++) != 0) - v[x[j]++] = i; - } while (++i < n); - n = x[g]; /* set n to length of v */ - - - /* Generate the Huffman codes and for each, make the table entries */ - x[0] = i = 0; /* first Huffman code is zero */ - p = v; /* grab values in bit order */ - h = -1; /* no tables yet--level -1 */ - w = -l; /* bits decoded == (l * h) */ - u[0] = (inflate_huft *)Z_NULL; /* just to keep compilers happy */ - q = (inflate_huft *)Z_NULL; /* ditto */ - z = 0; /* ditto */ - - /* go through the bit lengths (k already is bits in shortest code) */ - for (; k <= g; k++) - { - a = c[k]; - while (a--) - { - /* here i is the Huffman code of length k bits for value *p */ - /* make tables up to required level */ - while (k > w + l) - { - h++; - w += l; /* previous table always l bits */ - - /* compute minimum size table less than or equal to l bits */ - z = g - w; - z = z > (uInt)l ? l : z; /* table size upper limit */ - if ((f = 1 << (j = k - w)) > a + 1) /* try a k-w bit table */ - { /* too few codes for k-w bit table */ - f -= a + 1; /* deduct codes from patterns left */ - xp = c + k; - if (j < z) - while (++j < z) /* try smaller tables up to z bits */ - { - if ((f <<= 1) <= *++xp) - break; /* enough codes to use up j bits */ - f -= *xp; /* else deduct codes from patterns */ - } - } - z = 1 << j; /* table entries for j-bit table */ - - /* allocate new table */ - if (*hn + z > MANY) /* (note: doesn't matter for fixed) */ - return Z_DATA_ERROR; /* overflow of MANY */ - u[h] = q = hp + *hn; - *hn += z; - - /* connect to last table, if there is one */ - if (h) - { - x[h] = i; /* save pattern for backing up */ - r.bits = (Byte)l; /* bits to dump before this table */ - r.exop = (Byte)j; /* bits in this table */ - j = i >> (w - l); - r.base = (uInt)(q - u[h-1] - j); /* offset to this table */ - u[h-1][j] = r; /* connect to last table */ - } - else - *t = q; /* first table is returned result */ - } - - /* set up table entry in r */ - r.bits = (Byte)(k - w); - if (p >= v + n) - r.exop = 128 + 64; /* out of values--invalid code */ - else if (*p < s) - { - r.exop = (Byte)(*p < 256 ? 0 : 32 + 64); /* 256 is end-of-block */ - r.base = *p++; /* simple code is just the value */ - } - else - { - r.exop = (Byte)(e[*p - s] + 16 + 64);/* non-simple--look up in lists */ - r.base = d[*p++ - s]; - } - - /* fill code-like entries with r */ - f = 1 << (k - w); - for (j = i >> w; j < z; j += f) - q[j] = r; - - /* backwards increment the k-bit code i */ - for (j = 1 << (k - 1); i & j; j >>= 1) - i ^= j; - i ^= j; - - /* backup over finished tables */ - mask = (1 << w) - 1; /* needed on HP, cc -O bug */ - while ((i & mask) != x[h]) - { - h--; /* don't need to update q */ - w -= l; - mask = (1 << w) - 1; - } - } - } - - - /* Return Z_BUF_ERROR if we were given an incomplete table */ - return y != 0 && g != 1 ? Z_BUF_ERROR : Z_OK; -} - - -int inflate_trees_bits(c, bb, tb, hp, z) -uIntf *c; /* 19 code lengths */ -uIntf *bb; /* bits tree desired/actual depth */ -inflate_huft * FAR *tb; /* bits tree result */ -inflate_huft *hp; /* space for trees */ -z_streamp z; /* for messages */ -{ - int r; - uInt hn = 0; /* hufts used in space */ - uIntf *v; /* work area for huft_build */ - - if ((v = (uIntf*)ZALLOC(z, 19, sizeof(uInt))) == Z_NULL) - return Z_MEM_ERROR; - r = huft_build(c, 19, 19, (uIntf*)Z_NULL, (uIntf*)Z_NULL, - tb, bb, hp, &hn, v); - if (r == Z_DATA_ERROR) - z->msg = (char*)"oversubscribed dynamic bit lengths tree"; - else if (r == Z_BUF_ERROR || *bb == 0) - { - z->msg = (char*)"incomplete dynamic bit lengths tree"; - r = Z_DATA_ERROR; - } - ZFREE(z, v); - return r; -} - - -int inflate_trees_dynamic(nl, nd, c, bl, bd, tl, td, hp, z) -uInt nl; /* number of literal/length codes */ -uInt nd; /* number of distance codes */ -uIntf *c; /* that many (total) code lengths */ -uIntf *bl; /* literal desired/actual bit depth */ -uIntf *bd; /* distance desired/actual bit depth */ -inflate_huft * FAR *tl; /* literal/length tree result */ -inflate_huft * FAR *td; /* distance tree result */ -inflate_huft *hp; /* space for trees */ -z_streamp z; /* for messages */ -{ - int r; - uInt hn = 0; /* hufts used in space */ - uIntf *v; /* work area for huft_build */ - - /* allocate work area */ - if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL) - return Z_MEM_ERROR; - - /* build literal/length tree */ - r = huft_build(c, nl, 257, cplens, cplext, tl, bl, hp, &hn, v); - if (r != Z_OK || *bl == 0) - { - if (r == Z_DATA_ERROR) - z->msg = (char*)"oversubscribed literal/length tree"; - else if (r != Z_MEM_ERROR) - { - z->msg = (char*)"incomplete literal/length tree"; - r = Z_DATA_ERROR; - } - ZFREE(z, v); - return r; - } - - /* build distance tree */ - r = huft_build(c + nl, nd, 0, cpdist, cpdext, td, bd, hp, &hn, v); - if (r != Z_OK || (*bd == 0 && nl > 257)) - { - if (r == Z_DATA_ERROR) - z->msg = (char*)"oversubscribed distance tree"; - else if (r == Z_BUF_ERROR) { -#ifdef PKZIP_BUG_WORKAROUND - r = Z_OK; - } -#else - z->msg = (char*)"incomplete distance tree"; - r = Z_DATA_ERROR; - } - else if (r != Z_MEM_ERROR) - { - z->msg = (char*)"empty distance tree with lengths"; - r = Z_DATA_ERROR; - } - ZFREE(z, v); - return r; -#endif - } - - /* done */ - ZFREE(z, v); - return Z_OK; -} - - -/* build fixed tables only once--keep them here */ -#ifdef BUILDFIXED -local int fixed_built = 0; -#define FIXEDH 544 /* number of hufts used by fixed tables */ -local inflate_huft fixed_mem[FIXEDH]; -local uInt fixed_bl; -local uInt fixed_bd; -local inflate_huft *fixed_tl; -local inflate_huft *fixed_td; -#else -#include "inffixed.h" -#endif - - -int inflate_trees_fixed(bl, bd, tl, td, z) -uIntf *bl; /* literal desired/actual bit depth */ -uIntf *bd; /* distance desired/actual bit depth */ -inflate_huft * FAR *tl; /* literal/length tree result */ -inflate_huft * FAR *td; /* distance tree result */ -z_streamp z; /* for memory allocation */ -{ -#ifdef BUILDFIXED - /* build fixed tables if not already */ - if (!fixed_built) - { - int k; /* temporary variable */ - uInt f = 0; /* number of hufts used in fixed_mem */ - uIntf *c; /* length list for huft_build */ - uIntf *v; /* work area for huft_build */ - - /* allocate memory */ - if ((c = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL) - return Z_MEM_ERROR; - if ((v = (uIntf*)ZALLOC(z, 288, sizeof(uInt))) == Z_NULL) - { - ZFREE(z, c); - return Z_MEM_ERROR; - } - - /* literal table */ - for (k = 0; k < 144; k++) - c[k] = 8; - for (; k < 256; k++) - c[k] = 9; - for (; k < 280; k++) - c[k] = 7; - for (; k < 288; k++) - c[k] = 8; - fixed_bl = 9; - huft_build(c, 288, 257, cplens, cplext, &fixed_tl, &fixed_bl, - fixed_mem, &f, v); - - /* distance table */ - for (k = 0; k < 30; k++) - c[k] = 5; - fixed_bd = 5; - huft_build(c, 30, 0, cpdist, cpdext, &fixed_td, &fixed_bd, - fixed_mem, &f, v); - - /* done */ - ZFREE(z, v); - ZFREE(z, c); - fixed_built = 1; - } -#endif - *bl = fixed_bl; - *bd = fixed_bd; - *tl = fixed_tl; - *td = fixed_td; - return Z_OK; -} diff --git a/linux/lib/zlib/inftrees.h b/linux/lib/zlib/inftrees.h deleted file mode 100644 index ef15b1b82..000000000 --- a/linux/lib/zlib/inftrees.h +++ /dev/null @@ -1,63 +0,0 @@ -/* inftrees.h -- header to use inftrees.c - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -/* Huffman code lookup table entry--this entry is four bytes for machines - that have 16-bit pointers (e.g. PC's in the small or medium model). */ - -#ifndef _INFTREES_H -#define _INFTREES_H - -typedef struct inflate_huft_s FAR inflate_huft; - -struct inflate_huft_s { - union { - struct { - Byte Exop; /* number of extra bits or operation */ - Byte Bits; /* number of bits in this code or subcode */ - } what; - uInt pad; /* pad structure to a power of 2 (4 bytes for */ - } word; /* 16-bit, 8 bytes for 32-bit int's) */ - uInt base; /* literal, length base, distance base, - or table offset */ -}; - -/* Maximum size of dynamic tree. The maximum found in a long but non- - exhaustive search was 1004 huft structures (850 for length/literals - and 154 for distances, the latter actually the result of an - exhaustive search). The actual maximum is not known, but the - value below is more than safe. */ -#define MANY 1440 - -extern int inflate_trees_bits OF(( - uIntf *, /* 19 code lengths */ - uIntf *, /* bits tree desired/actual depth */ - inflate_huft * FAR *, /* bits tree result */ - inflate_huft *, /* space for trees */ - z_streamp)); /* for messages */ - -extern int inflate_trees_dynamic OF(( - uInt, /* number of literal/length codes */ - uInt, /* number of distance codes */ - uIntf *, /* that many (total) code lengths */ - uIntf *, /* literal desired/actual bit depth */ - uIntf *, /* distance desired/actual bit depth */ - inflate_huft * FAR *, /* literal/length tree result */ - inflate_huft * FAR *, /* distance tree result */ - inflate_huft *, /* space for trees */ - z_streamp)); /* for messages */ - -extern int inflate_trees_fixed OF(( - uIntf *, /* literal desired/actual bit depth */ - uIntf *, /* distance desired/actual bit depth */ - inflate_huft * FAR *, /* literal/length tree result */ - inflate_huft * FAR *, /* distance tree result */ - z_streamp)); /* for memory allocation */ - -#endif /* _INFTREES_H */ diff --git a/linux/lib/zlib/infutil.c b/linux/lib/zlib/infutil.c deleted file mode 100644 index b50358ffa..000000000 --- a/linux/lib/zlib/infutil.c +++ /dev/null @@ -1,87 +0,0 @@ -/* inflate_util.c -- data and routines common to blocks and codes - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -#include -#include "infblock.h" -#include "inftrees.h" -#include "infcodes.h" -#include "infutil.h" - -struct inflate_codes_state {int dummy;}; /* for buggy compilers */ - -/* And'ing with mask[n] masks the lower n bits */ -uInt inflate_mask[17] = { - 0x0000, - 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff, - 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff -}; - - -/* copy as much as possible from the sliding window to the output area */ -int inflate_flush(s, z, r) -inflate_blocks_statef *s; -z_streamp z; -int r; -{ - uInt n; - Bytef *p; - Bytef *q; - - /* local copies of source and destination pointers */ - p = z->next_out; - q = s->read; - - /* compute number of bytes to copy as far as end of window */ - n = (uInt)((q <= s->write ? s->write : s->end) - q); - if (n > z->avail_out) n = z->avail_out; - if (n && r == Z_BUF_ERROR) r = Z_OK; - - /* update counters */ - z->avail_out -= n; - z->total_out += n; - - /* update check information */ - if (s->checkfn != Z_NULL) - z->adler = s->check = (*s->checkfn)(s->check, q, n); - - /* copy as far as end of window */ - zmemcpy(p, q, n); - p += n; - q += n; - - /* see if more to copy at beginning of window */ - if (q == s->end) - { - /* wrap pointers */ - q = s->window; - if (s->write == s->end) - s->write = s->window; - - /* compute bytes to copy */ - n = (uInt)(s->write - q); - if (n > z->avail_out) n = z->avail_out; - if (n && r == Z_BUF_ERROR) r = Z_OK; - - /* update counters */ - z->avail_out -= n; - z->total_out += n; - - /* update check information */ - if (s->checkfn != Z_NULL) - z->adler = s->check = (*s->checkfn)(s->check, q, n); - - /* copy */ - zmemcpy(p, q, n); - p += n; - q += n; - } - - /* update pointers */ - z->next_out = p; - s->read = q; - - /* done */ - return r; -} diff --git a/linux/lib/zlib/infutil.h b/linux/lib/zlib/infutil.h deleted file mode 100644 index 959e12e8c..000000000 --- a/linux/lib/zlib/infutil.h +++ /dev/null @@ -1,98 +0,0 @@ -/* infutil.h -- types and macros common to blocks and codes - * Copyright (C) 1995-2002 Mark Adler - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - -#ifndef _INFUTIL_H -#define _INFUTIL_H - -typedef enum { - TYPE, /* get type bits (3, including end bit) */ - LENS, /* get lengths for stored */ - STORED, /* processing stored block */ - TABLE, /* get table lengths */ - BTREE, /* get bit lengths tree for a dynamic block */ - DTREE, /* get length, distance trees for a dynamic block */ - CODES, /* processing fixed or dynamic block */ - DRY, /* output remaining window bytes */ - DONE, /* finished last block, done */ - BAD} /* got a data error--stuck here */ -inflate_block_mode; - -/* inflate blocks semi-private state */ -struct inflate_blocks_state { - - /* mode */ - inflate_block_mode mode; /* current inflate_block mode */ - - /* mode dependent information */ - union { - uInt left; /* if STORED, bytes left to copy */ - struct { - uInt table; /* table lengths (14 bits) */ - uInt index; /* index into blens (or border) */ - uIntf *blens; /* bit lengths of codes */ - uInt bb; /* bit length tree depth */ - inflate_huft *tb; /* bit length decoding tree */ - } trees; /* if DTREE, decoding info for trees */ - struct { - inflate_codes_statef - *codes; - } decode; /* if CODES, current state */ - } sub; /* submode */ - uInt last; /* true if this block is the last block */ - - /* mode independent information */ - uInt bitk; /* bits in bit buffer */ - uLong bitb; /* bit buffer */ - inflate_huft *hufts; /* single malloc for tree space */ - Bytef *window; /* sliding window */ - Bytef *end; /* one byte after sliding window */ - Bytef *read; /* window read pointer */ - Bytef *write; /* window write pointer */ - check_func checkfn; /* check function */ - uLong check; /* check on output */ - -}; - - -/* defines for inflate input/output */ -/* update pointers and return */ -#define UPDBITS {s->bitb=b;s->bitk=k;} -#define UPDIN {z->avail_in=n;z->total_in+=p-z->next_in;z->next_in=p;} -#define UPDOUT {s->write=q;} -#define UPDATE {UPDBITS UPDIN UPDOUT} -#define LEAVE {UPDATE return inflate_flush(s,z,r);} -/* get bytes and bits */ -#define LOADIN {p=z->next_in;n=z->avail_in;b=s->bitb;k=s->bitk;} -#define NEEDBYTE {if(n)r=Z_OK;else LEAVE} -#define NEXTBYTE (n--,*p++) -#define NEEDBITS(j) {while(k<(j)){NEEDBYTE;b|=((uLong)NEXTBYTE)<>=(j);k-=(j);} -/* output bytes */ -#define WAVAIL (uInt)(qread?s->read-q-1:s->end-q) -#define LOADOUT {q=s->write;m=(uInt)WAVAIL;} -#define WRAP {if(q==s->end&&s->read!=s->window){q=s->window;m=(uInt)WAVAIL;}} -#define FLUSH {UPDOUT r=inflate_flush(s,z,r); LOADOUT} -#define NEEDOUT {if(m==0){WRAP if(m==0){FLUSH WRAP if(m==0) LEAVE}}r=Z_OK;} -#define OUTBYTE(a) {*q++=(Byte)(a);m--;} -/* load local pointers */ -#define LOAD {LOADIN LOADOUT} - -/* masks for lower bits (size given to avoid silly warnings with Visual C++) */ -extern uInt inflate_mask[17]; - -/* copy as much as possible from the sliding window to the output area */ -extern int inflate_flush OF(( - inflate_blocks_statef *, - z_streamp , - int)); - -struct internal_state {int dummy;}; /* for buggy compilers */ - -#endif /* _INFUTIL_H */ diff --git a/linux/lib/zlib/match586.S b/linux/lib/zlib/match586.S deleted file mode 100644 index 9ca33b03a..000000000 --- a/linux/lib/zlib/match586.S +++ /dev/null @@ -1,357 +0,0 @@ -/* match.s -- Pentium-optimized version of longest_match() - * Written for zlib 1.1.2 - * Copyright (C) 1998 Brian Raiter - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License. - */ - -#ifndef NO_UNDERLINE -#define match_init _ipcomp_match_init -#define longest_match _ipcomp_longest_match -#else -#define match_init ipcomp_match_init -#define longest_match ipcomp_longest_match -#endif - -#define MAX_MATCH (258) -#define MIN_MATCH (3) -#define MIN_LOOKAHEAD (MAX_MATCH + MIN_MATCH + 1) -#define MAX_MATCH_8 ((MAX_MATCH + 7) & ~7) - -/* stack frame offsets */ - -#define wmask 0 /* local copy of s->wmask */ -#define window 4 /* local copy of s->window */ -#define windowbestlen 8 /* s->window + bestlen */ -#define chainlenscanend 12 /* high word: current chain len */ - /* low word: last bytes sought */ -#define scanstart 16 /* first two bytes of string */ -#define scanalign 20 /* dword-misalignment of string */ -#define nicematch 24 /* a good enough match size */ -#define bestlen 28 /* size of best match so far */ -#define scan 32 /* ptr to string wanting match */ - -#define LocalVarsSize (36) -/* saved ebx 36 */ -/* saved edi 40 */ -/* saved esi 44 */ -/* saved ebp 48 */ -/* return address 52 */ -#define deflatestate 56 /* the function arguments */ -#define curmatch 60 - -/* Offsets for fields in the deflate_state structure. These numbers - * are calculated from the definition of deflate_state, with the - * assumption that the compiler will dword-align the fields. (Thus, - * changing the definition of deflate_state could easily cause this - * program to crash horribly, without so much as a warning at - * compile time. Sigh.) - */ -#define dsWSize 36 -#define dsWMask 44 -#define dsWindow 48 -#define dsPrev 56 -#define dsMatchLen 88 -#define dsPrevMatch 92 -#define dsStrStart 100 -#define dsMatchStart 104 -#define dsLookahead 108 -#define dsPrevLen 112 -#define dsMaxChainLen 116 -#define dsGoodMatch 132 -#define dsNiceMatch 136 - - -.file "match.S" - -.globl match_init, longest_match - -.text - -/* uInt longest_match(deflate_state *deflatestate, IPos curmatch) */ - -longest_match: - -/* Save registers that the compiler may be using, and adjust %esp to */ -/* make room for our stack frame. */ - - pushl %ebp - pushl %edi - pushl %esi - pushl %ebx - subl $LocalVarsSize, %esp - -/* Retrieve the function arguments. %ecx will hold cur_match */ -/* throughout the entire function. %edx will hold the pointer to the */ -/* deflate_state structure during the function's setup (before */ -/* entering the main loop). */ - - movl deflatestate(%esp), %edx - movl curmatch(%esp), %ecx - -/* if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; */ - - movl dsNiceMatch(%edx), %eax - movl dsLookahead(%edx), %ebx - cmpl %eax, %ebx - jl LookaheadLess - movl %eax, %ebx -LookaheadLess: movl %ebx, nicematch(%esp) - -/* register Bytef *scan = s->window + s->strstart; */ - - movl dsWindow(%edx), %esi - movl %esi, window(%esp) - movl dsStrStart(%edx), %ebp - lea (%esi,%ebp), %edi - movl %edi, scan(%esp) - -/* Determine how many bytes the scan ptr is off from being */ -/* dword-aligned. */ - - movl %edi, %eax - negl %eax - andl $3, %eax - movl %eax, scanalign(%esp) - -/* IPos limit = s->strstart > (IPos)MAX_DIST(s) ? */ -/* s->strstart - (IPos)MAX_DIST(s) : NIL; */ - - movl dsWSize(%edx), %eax - subl $MIN_LOOKAHEAD, %eax - subl %eax, %ebp - jg LimitPositive - xorl %ebp, %ebp -LimitPositive: - -/* unsigned chain_length = s->max_chain_length; */ -/* if (s->prev_length >= s->good_match) { */ -/* chain_length >>= 2; */ -/* } */ - - movl dsPrevLen(%edx), %eax - movl dsGoodMatch(%edx), %ebx - cmpl %ebx, %eax - movl dsMaxChainLen(%edx), %ebx - jl LastMatchGood - shrl $2, %ebx -LastMatchGood: - -/* chainlen is decremented once beforehand so that the function can */ -/* use the sign flag instead of the zero flag for the exit test. */ -/* It is then shifted into the high word, to make room for the scanend */ -/* scanend value, which it will always accompany. */ - - decl %ebx - shll $16, %ebx - -/* int best_len = s->prev_length; */ - - movl dsPrevLen(%edx), %eax - movl %eax, bestlen(%esp) - -/* Store the sum of s->window + best_len in %esi locally, and in %esi. */ - - addl %eax, %esi - movl %esi, windowbestlen(%esp) - -/* register ush scan_start = *(ushf*)scan; */ -/* register ush scan_end = *(ushf*)(scan+best_len-1); */ - - movw (%edi), %bx - movw %bx, scanstart(%esp) - movw -1(%edi,%eax), %bx - movl %ebx, chainlenscanend(%esp) - -/* Posf *prev = s->prev; */ -/* uInt wmask = s->w_mask; */ - - movl dsPrev(%edx), %edi - movl dsWMask(%edx), %edx - mov %edx, wmask(%esp) - -/* Jump into the main loop. */ - - jmp LoopEntry - -.balign 16 - -/* do { - * match = s->window + cur_match; - * if (*(ushf*)(match+best_len-1) != scan_end || - * *(ushf*)match != scan_start) continue; - * [...] - * } while ((cur_match = prev[cur_match & wmask]) > limit - * && --chain_length != 0); - * - * Here is the inner loop of the function. The function will spend the - * majority of its time in this loop, and majority of that time will - * be spent in the first ten instructions. - * - * Within this loop: - * %ebx = chainlenscanend - i.e., ((chainlen << 16) | scanend) - * %ecx = curmatch - * %edx = curmatch & wmask - * %esi = windowbestlen - i.e., (window + bestlen) - * %edi = prev - * %ebp = limit - * - * Two optimization notes on the choice of instructions: - * - * The first instruction uses a 16-bit address, which costs an extra, - * unpairable cycle. This is cheaper than doing a 32-bit access and - * zeroing the high word, due to the 3-cycle misalignment penalty which - * would occur half the time. This also turns out to be cheaper than - * doing two separate 8-bit accesses, as the memory is so rarely in the - * L1 cache. - * - * The window buffer, however, apparently spends a lot of time in the - * cache, and so it is faster to retrieve the word at the end of the - * match string with two 8-bit loads. The instructions that test the - * word at the beginning of the match string, however, are executed - * much less frequently, and there it was cheaper to use 16-bit - * instructions, which avoided the necessity of saving off and - * subsequently reloading one of the other registers. - */ -LookupLoop: - /* 1 U & V */ - movw (%edi,%edx,2), %cx /* 2 U pipe */ - movl wmask(%esp), %edx /* 2 V pipe */ - cmpl %ebp, %ecx /* 3 U pipe */ - jbe LeaveNow /* 3 V pipe */ - subl $0x00010000, %ebx /* 4 U pipe */ - js LeaveNow /* 4 V pipe */ -LoopEntry: movb -1(%esi,%ecx), %al /* 5 U pipe */ - andl %ecx, %edx /* 5 V pipe */ - cmpb %bl, %al /* 6 U pipe */ - jnz LookupLoop /* 6 V pipe */ - movb (%esi,%ecx), %ah - cmpb %bh, %ah - jnz LookupLoop - movl window(%esp), %eax - movw (%eax,%ecx), %ax - cmpw scanstart(%esp), %ax - jnz LookupLoop - -/* Store the current value of chainlen. */ - - movl %ebx, chainlenscanend(%esp) - -/* Point %edi to the string under scrutiny, and %esi to the string we */ -/* are hoping to match it up with. In actuality, %esi and %edi are */ -/* both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and %edx is */ -/* initialized to -(MAX_MATCH_8 - scanalign). */ - - movl window(%esp), %esi - movl scan(%esp), %edi - addl %ecx, %esi - movl scanalign(%esp), %eax - movl $(-MAX_MATCH_8), %edx - lea MAX_MATCH_8(%edi,%eax), %edi - lea MAX_MATCH_8(%esi,%eax), %esi - -/* Test the strings for equality, 8 bytes at a time. At the end, - * adjust %edx so that it is offset to the exact byte that mismatched. - * - * We already know at this point that the first three bytes of the - * strings match each other, and they can be safely passed over before - * starting the compare loop. So what this code does is skip over 0-3 - * bytes, as much as necessary in order to dword-align the %edi - * pointer. (%esi will still be misaligned three times out of four.) - * - * It should be confessed that this loop usually does not represent - * much of the total running time. Replacing it with a more - * straightforward "rep cmpsb" would not drastically degrade - * performance. - */ -LoopCmps: - movl (%esi,%edx), %eax - movl (%edi,%edx), %ebx - xorl %ebx, %eax - jnz LeaveLoopCmps - movl 4(%esi,%edx), %eax - movl 4(%edi,%edx), %ebx - xorl %ebx, %eax - jnz LeaveLoopCmps4 - addl $8, %edx - jnz LoopCmps - jmp LenMaximum -LeaveLoopCmps4: addl $4, %edx -LeaveLoopCmps: testl $0x0000FFFF, %eax - jnz LenLower - addl $2, %edx - shrl $16, %eax -LenLower: subb $1, %al - adcl $0, %edx - -/* Calculate the length of the match. If it is longer than MAX_MATCH, */ -/* then automatically accept it as the best possible match and leave. */ - - lea (%edi,%edx), %eax - movl scan(%esp), %edi - subl %edi, %eax - cmpl $MAX_MATCH, %eax - jge LenMaximum - -/* If the length of the match is not longer than the best match we */ -/* have so far, then forget it and return to the lookup loop. */ - - movl deflatestate(%esp), %edx - movl bestlen(%esp), %ebx - cmpl %ebx, %eax - jg LongerMatch - movl chainlenscanend(%esp), %ebx - movl windowbestlen(%esp), %esi - movl dsPrev(%edx), %edi - movl wmask(%esp), %edx - andl %ecx, %edx - jmp LookupLoop - -/* s->match_start = cur_match; */ -/* best_len = len; */ -/* if (len >= nice_match) break; */ -/* scan_end = *(ushf*)(scan+best_len-1); */ - -LongerMatch: movl nicematch(%esp), %ebx - movl %eax, bestlen(%esp) - movl %ecx, dsMatchStart(%edx) - cmpl %ebx, %eax - jge LeaveNow - movl window(%esp), %esi - addl %eax, %esi - movl %esi, windowbestlen(%esp) - movl chainlenscanend(%esp), %ebx - movw -1(%edi,%eax), %bx - movl dsPrev(%edx), %edi - movl %ebx, chainlenscanend(%esp) - movl wmask(%esp), %edx - andl %ecx, %edx - jmp LookupLoop - -/* Accept the current string, with the maximum possible length. */ - -LenMaximum: movl deflatestate(%esp), %edx - movl $MAX_MATCH, bestlen(%esp) - movl %ecx, dsMatchStart(%edx) - -/* if ((uInt)best_len <= s->lookahead) return (uInt)best_len; */ -/* return s->lookahead; */ - -LeaveNow: - movl deflatestate(%esp), %edx - movl bestlen(%esp), %ebx - movl dsLookahead(%edx), %eax - cmpl %eax, %ebx - jg LookaheadRet - movl %ebx, %eax -LookaheadRet: - -/* Restore the stack and return from whence we came. */ - - addl $LocalVarsSize, %esp - popl %ebx - popl %esi - popl %edi - popl %ebp -match_init: ret diff --git a/linux/lib/zlib/match686.S b/linux/lib/zlib/match686.S deleted file mode 100644 index 63fce28d4..000000000 --- a/linux/lib/zlib/match686.S +++ /dev/null @@ -1,330 +0,0 @@ -/* match.s -- Pentium-Pro-optimized version of longest_match() - * Written for zlib 1.1.2 - * Copyright (C) 1998 Brian Raiter - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License. - */ - -#ifndef NO_UNDERLINE -#define match_init _ipcomp_match_init -#define longest_match _ipcomp_longest_match -#else -#define match_init ipcomp_match_init -#define longest_match ipcomp_longest_match -#endif - -#define MAX_MATCH (258) -#define MIN_MATCH (3) -#define MIN_LOOKAHEAD (MAX_MATCH + MIN_MATCH + 1) -#define MAX_MATCH_8 ((MAX_MATCH + 7) & ~7) - -/* stack frame offsets */ - -#define chainlenwmask 0 /* high word: current chain len */ - /* low word: s->wmask */ -#define window 4 /* local copy of s->window */ -#define windowbestlen 8 /* s->window + bestlen */ -#define scanstart 16 /* first two bytes of string */ -#define scanend 12 /* last two bytes of string */ -#define scanalign 20 /* dword-misalignment of string */ -#define nicematch 24 /* a good enough match size */ -#define bestlen 28 /* size of best match so far */ -#define scan 32 /* ptr to string wanting match */ - -#define LocalVarsSize (36) -/* saved ebx 36 */ -/* saved edi 40 */ -/* saved esi 44 */ -/* saved ebp 48 */ -/* return address 52 */ -#define deflatestate 56 /* the function arguments */ -#define curmatch 60 - -/* Offsets for fields in the deflate_state structure. These numbers - * are calculated from the definition of deflate_state, with the - * assumption that the compiler will dword-align the fields. (Thus, - * changing the definition of deflate_state could easily cause this - * program to crash horribly, without so much as a warning at - * compile time. Sigh.) - */ -#define dsWSize 36 -#define dsWMask 44 -#define dsWindow 48 -#define dsPrev 56 -#define dsMatchLen 88 -#define dsPrevMatch 92 -#define dsStrStart 100 -#define dsMatchStart 104 -#define dsLookahead 108 -#define dsPrevLen 112 -#define dsMaxChainLen 116 -#define dsGoodMatch 132 -#define dsNiceMatch 136 - - -.file "match.S" - -.globl match_init, longest_match - -.text - -/* uInt longest_match(deflate_state *deflatestate, IPos curmatch) */ - -longest_match: - -/* Save registers that the compiler may be using, and adjust %esp to */ -/* make room for our stack frame. */ - - pushl %ebp - pushl %edi - pushl %esi - pushl %ebx - subl $LocalVarsSize, %esp - -/* Retrieve the function arguments. %ecx will hold cur_match */ -/* throughout the entire function. %edx will hold the pointer to the */ -/* deflate_state structure during the function's setup (before */ -/* entering the main loop). */ - - movl deflatestate(%esp), %edx - movl curmatch(%esp), %ecx - -/* uInt wmask = s->w_mask; */ -/* unsigned chain_length = s->max_chain_length; */ -/* if (s->prev_length >= s->good_match) { */ -/* chain_length >>= 2; */ -/* } */ - - movl dsPrevLen(%edx), %eax - movl dsGoodMatch(%edx), %ebx - cmpl %ebx, %eax - movl dsWMask(%edx), %eax - movl dsMaxChainLen(%edx), %ebx - jl LastMatchGood - shrl $2, %ebx -LastMatchGood: - -/* chainlen is decremented once beforehand so that the function can */ -/* use the sign flag instead of the zero flag for the exit test. */ -/* It is then shifted into the high word, to make room for the wmask */ -/* value, which it will always accompany. */ - - decl %ebx - shll $16, %ebx - orl %eax, %ebx - movl %ebx, chainlenwmask(%esp) - -/* if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; */ - - movl dsNiceMatch(%edx), %eax - movl dsLookahead(%edx), %ebx - cmpl %eax, %ebx - jl LookaheadLess - movl %eax, %ebx -LookaheadLess: movl %ebx, nicematch(%esp) - -/* register Bytef *scan = s->window + s->strstart; */ - - movl dsWindow(%edx), %esi - movl %esi, window(%esp) - movl dsStrStart(%edx), %ebp - lea (%esi,%ebp), %edi - movl %edi, scan(%esp) - -/* Determine how many bytes the scan ptr is off from being */ -/* dword-aligned. */ - - movl %edi, %eax - negl %eax - andl $3, %eax - movl %eax, scanalign(%esp) - -/* IPos limit = s->strstart > (IPos)MAX_DIST(s) ? */ -/* s->strstart - (IPos)MAX_DIST(s) : NIL; */ - - movl dsWSize(%edx), %eax - subl $MIN_LOOKAHEAD, %eax - subl %eax, %ebp - jg LimitPositive - xorl %ebp, %ebp -LimitPositive: - -/* int best_len = s->prev_length; */ - - movl dsPrevLen(%edx), %eax - movl %eax, bestlen(%esp) - -/* Store the sum of s->window + best_len in %esi locally, and in %esi. */ - - addl %eax, %esi - movl %esi, windowbestlen(%esp) - -/* register ush scan_start = *(ushf*)scan; */ -/* register ush scan_end = *(ushf*)(scan+best_len-1); */ -/* Posf *prev = s->prev; */ - - movzwl (%edi), %ebx - movl %ebx, scanstart(%esp) - movzwl -1(%edi,%eax), %ebx - movl %ebx, scanend(%esp) - movl dsPrev(%edx), %edi - -/* Jump into the main loop. */ - - movl chainlenwmask(%esp), %edx - jmp LoopEntry - -.balign 16 - -/* do { - * match = s->window + cur_match; - * if (*(ushf*)(match+best_len-1) != scan_end || - * *(ushf*)match != scan_start) continue; - * [...] - * } while ((cur_match = prev[cur_match & wmask]) > limit - * && --chain_length != 0); - * - * Here is the inner loop of the function. The function will spend the - * majority of its time in this loop, and majority of that time will - * be spent in the first ten instructions. - * - * Within this loop: - * %ebx = scanend - * %ecx = curmatch - * %edx = chainlenwmask - i.e., ((chainlen << 16) | wmask) - * %esi = windowbestlen - i.e., (window + bestlen) - * %edi = prev - * %ebp = limit - */ -LookupLoop: - andl %edx, %ecx - movzwl (%edi,%ecx,2), %ecx - cmpl %ebp, %ecx - jbe LeaveNow - subl $0x00010000, %edx - js LeaveNow -LoopEntry: movzwl -1(%esi,%ecx), %eax - cmpl %ebx, %eax - jnz LookupLoop - movl window(%esp), %eax - movzwl (%eax,%ecx), %eax - cmpl scanstart(%esp), %eax - jnz LookupLoop - -/* Store the current value of chainlen. */ - - movl %edx, chainlenwmask(%esp) - -/* Point %edi to the string under scrutiny, and %esi to the string we */ -/* are hoping to match it up with. In actuality, %esi and %edi are */ -/* both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and %edx is */ -/* initialized to -(MAX_MATCH_8 - scanalign). */ - - movl window(%esp), %esi - movl scan(%esp), %edi - addl %ecx, %esi - movl scanalign(%esp), %eax - movl $(-MAX_MATCH_8), %edx - lea MAX_MATCH_8(%edi,%eax), %edi - lea MAX_MATCH_8(%esi,%eax), %esi - -/* Test the strings for equality, 8 bytes at a time. At the end, - * adjust %edx so that it is offset to the exact byte that mismatched. - * - * We already know at this point that the first three bytes of the - * strings match each other, and they can be safely passed over before - * starting the compare loop. So what this code does is skip over 0-3 - * bytes, as much as necessary in order to dword-align the %edi - * pointer. (%esi will still be misaligned three times out of four.) - * - * It should be confessed that this loop usually does not represent - * much of the total running time. Replacing it with a more - * straightforward "rep cmpsb" would not drastically degrade - * performance. - */ -LoopCmps: - movl (%esi,%edx), %eax - xorl (%edi,%edx), %eax - jnz LeaveLoopCmps - movl 4(%esi,%edx), %eax - xorl 4(%edi,%edx), %eax - jnz LeaveLoopCmps4 - addl $8, %edx - jnz LoopCmps - jmp LenMaximum -LeaveLoopCmps4: addl $4, %edx -LeaveLoopCmps: testl $0x0000FFFF, %eax - jnz LenLower - addl $2, %edx - shrl $16, %eax -LenLower: subb $1, %al - adcl $0, %edx - -/* Calculate the length of the match. If it is longer than MAX_MATCH, */ -/* then automatically accept it as the best possible match and leave. */ - - lea (%edi,%edx), %eax - movl scan(%esp), %edi - subl %edi, %eax - cmpl $MAX_MATCH, %eax - jge LenMaximum - -/* If the length of the match is not longer than the best match we */ -/* have so far, then forget it and return to the lookup loop. */ - - movl deflatestate(%esp), %edx - movl bestlen(%esp), %ebx - cmpl %ebx, %eax - jg LongerMatch - movl windowbestlen(%esp), %esi - movl dsPrev(%edx), %edi - movl scanend(%esp), %ebx - movl chainlenwmask(%esp), %edx - jmp LookupLoop - -/* s->match_start = cur_match; */ -/* best_len = len; */ -/* if (len >= nice_match) break; */ -/* scan_end = *(ushf*)(scan+best_len-1); */ - -LongerMatch: movl nicematch(%esp), %ebx - movl %eax, bestlen(%esp) - movl %ecx, dsMatchStart(%edx) - cmpl %ebx, %eax - jge LeaveNow - movl window(%esp), %esi - addl %eax, %esi - movl %esi, windowbestlen(%esp) - movzwl -1(%edi,%eax), %ebx - movl dsPrev(%edx), %edi - movl %ebx, scanend(%esp) - movl chainlenwmask(%esp), %edx - jmp LookupLoop - -/* Accept the current string, with the maximum possible length. */ - -LenMaximum: movl deflatestate(%esp), %edx - movl $MAX_MATCH, bestlen(%esp) - movl %ecx, dsMatchStart(%edx) - -/* if ((uInt)best_len <= s->lookahead) return (uInt)best_len; */ -/* return s->lookahead; */ - -LeaveNow: - movl deflatestate(%esp), %edx - movl bestlen(%esp), %ebx - movl dsLookahead(%edx), %eax - cmpl %eax, %ebx - jg LookaheadRet - movl %ebx, %eax -LookaheadRet: - -/* Restore the stack and return from whence we came. */ - - addl $LocalVarsSize, %esp - popl %ebx - popl %esi - popl %edi - popl %ebp -match_init: ret diff --git a/linux/lib/zlib/trees.c b/linux/lib/zlib/trees.c deleted file mode 100644 index b268ea305..000000000 --- a/linux/lib/zlib/trees.c +++ /dev/null @@ -1,1214 +0,0 @@ -/* trees.c -- output deflated data using Huffman coding - * Copyright (C) 1995-2002 Jean-loup Gailly - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* - * ALGORITHM - * - * The "deflation" process uses several Huffman trees. The more - * common source values are represented by shorter bit sequences. - * - * Each code tree is stored in a compressed form which is itself - * a Huffman encoding of the lengths of all the code strings (in - * ascending order by source values). The actual code strings are - * reconstructed from the lengths in the inflate process, as described - * in the deflate specification. - * - * REFERENCES - * - * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification". - * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc - * - * Storer, James A. - * Data Compression: Methods and Theory, pp. 49-50. - * Computer Science Press, 1988. ISBN 0-7167-8156-5. - * - * Sedgewick, R. - * Algorithms, p290. - * Addison-Wesley, 1983. ISBN 0-201-06672-6. - */ - -/* @(#) $Id: trees.c,v 1.1 2004/03/15 20:35:26 as Exp $ */ - -/* #define GEN_TREES_H */ - -#include "deflate.h" - -#ifdef DEBUG -# include -#endif - -/* =========================================================================== - * Constants - */ - -#define MAX_BL_BITS 7 -/* Bit length codes must not exceed MAX_BL_BITS bits */ - -#define END_BLOCK 256 -/* end of block literal code */ - -#define REP_3_6 16 -/* repeat previous bit length 3-6 times (2 bits of repeat count) */ - -#define REPZ_3_10 17 -/* repeat a zero length 3-10 times (3 bits of repeat count) */ - -#define REPZ_11_138 18 -/* repeat a zero length 11-138 times (7 bits of repeat count) */ - -local const int extra_lbits[LENGTH_CODES] /* extra bits for each length code */ - = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0}; - -local const int extra_dbits[D_CODES] /* extra bits for each distance code */ - = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13}; - -local const int extra_blbits[BL_CODES]/* extra bits for each bit length code */ - = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7}; - -local const uch bl_order[BL_CODES] - = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15}; -/* The lengths of the bit length codes are sent in order of decreasing - * probability, to avoid transmitting the lengths for unused bit length codes. - */ - -#define Buf_size (8 * 2*sizeof(char)) -/* Number of bits used within bi_buf. (bi_buf might be implemented on - * more than 16 bits on some systems.) - */ - -/* =========================================================================== - * Local data. These are initialized only once. - */ - -#define DIST_CODE_LEN 512 /* see definition of array dist_code below */ - -#if defined(GEN_TREES_H) || !defined(STDC) -/* non ANSI compilers may not accept trees.h */ - -local ct_data static_ltree[L_CODES+2]; -/* The static literal tree. Since the bit lengths are imposed, there is no - * need for the L_CODES extra codes used during heap construction. However - * The codes 286 and 287 are needed to build a canonical tree (see _tr_init - * below). - */ - -local ct_data static_dtree[D_CODES]; -/* The static distance tree. (Actually a trivial tree since all codes use - * 5 bits.) - */ - -uch _dist_code[DIST_CODE_LEN]; -/* Distance codes. The first 256 values correspond to the distances - * 3 .. 258, the last 256 values correspond to the top 8 bits of - * the 15 bit distances. - */ - -uch _length_code[MAX_MATCH-MIN_MATCH+1]; -/* length code for each normalized match length (0 == MIN_MATCH) */ - -local int base_length[LENGTH_CODES]; -/* First normalized length for each code (0 = MIN_MATCH) */ - -local int base_dist[D_CODES]; -/* First normalized distance for each code (0 = distance of 1) */ - -#else -# include "trees.h" -#endif /* GEN_TREES_H */ - -struct static_tree_desc_s { - const ct_data *static_tree; /* static tree or NULL */ - const intf *extra_bits; /* extra bits for each code or NULL */ - int extra_base; /* base index for extra_bits */ - int elems; /* max number of elements in the tree */ - int max_length; /* max bit length for the codes */ -}; - -local static_tree_desc static_l_desc = -{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS}; - -local static_tree_desc static_d_desc = -{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS}; - -local static_tree_desc static_bl_desc = -{(const ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS}; - -/* =========================================================================== - * Local (static) routines in this file. - */ - -local void tr_static_init OF((void)); -local void init_block OF((deflate_state *s)); -local void pqdownheap OF((deflate_state *s, ct_data *tree, int k)); -local void gen_bitlen OF((deflate_state *s, tree_desc *desc)); -local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count)); -local void build_tree OF((deflate_state *s, tree_desc *desc)); -local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code)); -local void send_tree OF((deflate_state *s, ct_data *tree, int max_code)); -local int build_bl_tree OF((deflate_state *s)); -local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes, - int blcodes)); -local void compress_block OF((deflate_state *s, const ct_data *ltree, - const ct_data *dtree)); -local void set_data_type OF((deflate_state *s)); -local unsigned bi_reverse OF((unsigned value, int length)); -local void bi_windup OF((deflate_state *s)); -local void bi_flush OF((deflate_state *s)); -local void copy_block OF((deflate_state *s, charf *buf, unsigned len, - int header)); - -#ifdef GEN_TREES_H -local void gen_trees_header OF((void)); -#endif - -#ifndef DEBUG -# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len) - /* Send a code of the given tree. c and tree must not have side effects */ - -#else /* DEBUG */ -# define send_code(s, c, tree) \ - { if (z_verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \ - send_bits(s, tree[c].Code, tree[c].Len); } -#endif - -/* =========================================================================== - * Output a short LSB first on the stream. - * IN assertion: there is enough room in pendingBuf. - */ -#define put_short(s, w) { \ - put_byte(s, (uch)((w) & 0xff)); \ - put_byte(s, (uch)((ush)(w) >> 8)); \ -} - -/* =========================================================================== - * Send a value on a given number of bits. - * IN assertion: length <= 16 and value fits in length bits. - */ -#ifdef DEBUG -local void send_bits OF((deflate_state *s, int value, int length)); - -local void send_bits(s, value, length) - deflate_state *s; - int value; /* value to send */ - int length; /* number of bits */ -{ - Tracevv((stderr," l %2d v %4x ", length, value)); - Assert(length > 0 && length <= 15, "invalid length"); - s->bits_sent += (ulg)length; - - /* If not enough room in bi_buf, use (valid) bits from bi_buf and - * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid)) - * unused bits in value. - */ - if (s->bi_valid > (int)Buf_size - length) { - s->bi_buf |= (value << s->bi_valid); - put_short(s, s->bi_buf); - s->bi_buf = (ush)value >> (Buf_size - s->bi_valid); - s->bi_valid += length - Buf_size; - } else { - s->bi_buf |= value << s->bi_valid; - s->bi_valid += length; - } -} -#else /* !DEBUG */ - -#define send_bits(s, value, length) \ -{ int len = length;\ - if (s->bi_valid > (int)Buf_size - len) {\ - int val = value;\ - s->bi_buf |= (val << s->bi_valid);\ - put_short(s, s->bi_buf);\ - s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\ - s->bi_valid += len - Buf_size;\ - } else {\ - s->bi_buf |= (value) << s->bi_valid;\ - s->bi_valid += len;\ - }\ -} -#endif /* DEBUG */ - - -#define MAX(a,b) (a >= b ? a : b) -/* the arguments must not have side effects */ - -/* =========================================================================== - * Initialize the various 'constant' tables. - */ -local void tr_static_init() -{ -#if defined(GEN_TREES_H) || !defined(STDC) - static int static_init_done = 0; - int n; /* iterates over tree elements */ - int bits; /* bit counter */ - int length; /* length value */ - int code; /* code value */ - int dist; /* distance index */ - ush bl_count[MAX_BITS+1]; - /* number of codes at each bit length for an optimal tree */ - - if (static_init_done) return; - - /* For some embedded targets, global variables are not initialized: */ - static_l_desc.static_tree = static_ltree; - static_l_desc.extra_bits = extra_lbits; - static_d_desc.static_tree = static_dtree; - static_d_desc.extra_bits = extra_dbits; - static_bl_desc.extra_bits = extra_blbits; - - /* Initialize the mapping length (0..255) -> length code (0..28) */ - length = 0; - for (code = 0; code < LENGTH_CODES-1; code++) { - base_length[code] = length; - for (n = 0; n < (1< dist code (0..29) */ - dist = 0; - for (code = 0 ; code < 16; code++) { - base_dist[code] = dist; - for (n = 0; n < (1<>= 7; /* from now on, all distances are divided by 128 */ - for ( ; code < D_CODES; code++) { - base_dist[code] = dist << 7; - for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) { - _dist_code[256 + dist++] = (uch)code; - } - } - Assert (dist == 256, "tr_static_init: 256+dist != 512"); - - /* Construct the codes of the static literal tree */ - for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0; - n = 0; - while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++; - while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++; - while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++; - while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++; - /* Codes 286 and 287 do not exist, but we must include them in the - * tree construction to get a canonical Huffman tree (longest code - * all ones) - */ - gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count); - - /* The static distance tree is trivial: */ - for (n = 0; n < D_CODES; n++) { - static_dtree[n].Len = 5; - static_dtree[n].Code = bi_reverse((unsigned)n, 5); - } - static_init_done = 1; - -# ifdef GEN_TREES_H - gen_trees_header(); -# endif -#endif /* defined(GEN_TREES_H) || !defined(STDC) */ -} - -/* =========================================================================== - * Genererate the file trees.h describing the static trees. - */ -#ifdef GEN_TREES_H -# ifndef DEBUG -# include -# endif - -# define SEPARATOR(i, last, width) \ - ((i) == (last)? "\n};\n\n" : \ - ((i) % (width) == (width)-1 ? ",\n" : ", ")) - -void gen_trees_header() -{ - FILE *header = fopen("trees.h", "w"); - int i; - - Assert (header != NULL, "Can't open trees.h"); - fprintf(header, - "/* header created automatically with -DGEN_TREES_H */\n\n"); - - fprintf(header, "local const ct_data static_ltree[L_CODES+2] = {\n"); - for (i = 0; i < L_CODES+2; i++) { - fprintf(header, "{{%3u},{%3u}}%s", static_ltree[i].Code, - static_ltree[i].Len, SEPARATOR(i, L_CODES+1, 5)); - } - - fprintf(header, "local const ct_data static_dtree[D_CODES] = {\n"); - for (i = 0; i < D_CODES; i++) { - fprintf(header, "{{%2u},{%2u}}%s", static_dtree[i].Code, - static_dtree[i].Len, SEPARATOR(i, D_CODES-1, 5)); - } - - fprintf(header, "const uch _dist_code[DIST_CODE_LEN] = {\n"); - for (i = 0; i < DIST_CODE_LEN; i++) { - fprintf(header, "%2u%s", _dist_code[i], - SEPARATOR(i, DIST_CODE_LEN-1, 20)); - } - - fprintf(header, "const uch _length_code[MAX_MATCH-MIN_MATCH+1]= {\n"); - for (i = 0; i < MAX_MATCH-MIN_MATCH+1; i++) { - fprintf(header, "%2u%s", _length_code[i], - SEPARATOR(i, MAX_MATCH-MIN_MATCH, 20)); - } - - fprintf(header, "local const int base_length[LENGTH_CODES] = {\n"); - for (i = 0; i < LENGTH_CODES; i++) { - fprintf(header, "%1u%s", base_length[i], - SEPARATOR(i, LENGTH_CODES-1, 20)); - } - - fprintf(header, "local const int base_dist[D_CODES] = {\n"); - for (i = 0; i < D_CODES; i++) { - fprintf(header, "%5u%s", base_dist[i], - SEPARATOR(i, D_CODES-1, 10)); - } - - fclose(header); -} -#endif /* GEN_TREES_H */ - -/* =========================================================================== - * Initialize the tree data structures for a new zlib stream. - */ -void _tr_init(s) - deflate_state *s; -{ - tr_static_init(); - - s->l_desc.dyn_tree = s->dyn_ltree; - s->l_desc.stat_desc = &static_l_desc; - - s->d_desc.dyn_tree = s->dyn_dtree; - s->d_desc.stat_desc = &static_d_desc; - - s->bl_desc.dyn_tree = s->bl_tree; - s->bl_desc.stat_desc = &static_bl_desc; - - s->bi_buf = 0; - s->bi_valid = 0; - s->last_eob_len = 8; /* enough lookahead for inflate */ -#ifdef DEBUG - s->compressed_len = 0L; - s->bits_sent = 0L; -#endif - - /* Initialize the first block of the first file: */ - init_block(s); -} - -/* =========================================================================== - * Initialize a new block. - */ -local void init_block(s) - deflate_state *s; -{ - int n; /* iterates over tree elements */ - - /* Initialize the trees. */ - for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0; - for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0; - for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0; - - s->dyn_ltree[END_BLOCK].Freq = 1; - s->opt_len = s->static_len = 0L; - s->last_lit = s->matches = 0; -} - -#define SMALLEST 1 -/* Index within the heap array of least frequent node in the Huffman tree */ - - -/* =========================================================================== - * Remove the smallest element from the heap and recreate the heap with - * one less element. Updates heap and heap_len. - */ -#define pqremove(s, tree, top) \ -{\ - top = s->heap[SMALLEST]; \ - s->heap[SMALLEST] = s->heap[s->heap_len--]; \ - pqdownheap(s, tree, SMALLEST); \ -} - -/* =========================================================================== - * Compares to subtrees, using the tree depth as tie breaker when - * the subtrees have equal frequency. This minimizes the worst case length. - */ -#define smaller(tree, n, m, depth) \ - (tree[n].Freq < tree[m].Freq || \ - (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m])) - -/* =========================================================================== - * Restore the heap property by moving down the tree starting at node k, - * exchanging a node with the smallest of its two sons if necessary, stopping - * when the heap property is re-established (each father smaller than its - * two sons). - */ -local void pqdownheap(s, tree, k) - deflate_state *s; - ct_data *tree; /* the tree to restore */ - int k; /* node to move down */ -{ - int v = s->heap[k]; - int j = k << 1; /* left son of k */ - while (j <= s->heap_len) { - /* Set j to the smallest of the two sons: */ - if (j < s->heap_len && - smaller(tree, s->heap[j+1], s->heap[j], s->depth)) { - j++; - } - /* Exit if v is smaller than both sons */ - if (smaller(tree, v, s->heap[j], s->depth)) break; - - /* Exchange v with the smallest son */ - s->heap[k] = s->heap[j]; k = j; - - /* And continue down the tree, setting j to the left son of k */ - j <<= 1; - } - s->heap[k] = v; -} - -/* =========================================================================== - * Compute the optimal bit lengths for a tree and update the total bit length - * for the current block. - * IN assertion: the fields freq and dad are set, heap[heap_max] and - * above are the tree nodes sorted by increasing frequency. - * OUT assertions: the field len is set to the optimal bit length, the - * array bl_count contains the frequencies for each bit length. - * The length opt_len is updated; static_len is also updated if stree is - * not null. - */ -local void gen_bitlen(s, desc) - deflate_state *s; - tree_desc *desc; /* the tree descriptor */ -{ - ct_data *tree = desc->dyn_tree; - int max_code = desc->max_code; - const ct_data *stree = desc->stat_desc->static_tree; - const intf *extra = desc->stat_desc->extra_bits; - int base = desc->stat_desc->extra_base; - int max_length = desc->stat_desc->max_length; - int h; /* heap index */ - int n, m; /* iterate over the tree elements */ - int bits; /* bit length */ - int xbits; /* extra bits */ - ush f; /* frequency */ - int overflow = 0; /* number of elements with bit length too large */ - - for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0; - - /* In a first pass, compute the optimal bit lengths (which may - * overflow in the case of the bit length tree). - */ - tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */ - - for (h = s->heap_max+1; h < HEAP_SIZE; h++) { - n = s->heap[h]; - bits = tree[tree[n].Dad].Len + 1; - if (bits > max_length) bits = max_length, overflow++; - tree[n].Len = (ush)bits; - /* We overwrite tree[n].Dad which is no longer needed */ - - if (n > max_code) continue; /* not a leaf node */ - - s->bl_count[bits]++; - xbits = 0; - if (n >= base) xbits = extra[n-base]; - f = tree[n].Freq; - s->opt_len += (ulg)f * (bits + xbits); - if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits); - } - if (overflow == 0) return; - - Trace((stderr,"\nbit length overflow\n")); - /* This happens for example on obj2 and pic of the Calgary corpus */ - - /* Find the first bit length which could increase: */ - do { - bits = max_length-1; - while (s->bl_count[bits] == 0) bits--; - s->bl_count[bits]--; /* move one leaf down the tree */ - s->bl_count[bits+1] += 2; /* move one overflow item as its brother */ - s->bl_count[max_length]--; - /* The brother of the overflow item also moves one step up, - * but this does not affect bl_count[max_length] - */ - overflow -= 2; - } while (overflow > 0); - - /* Now recompute all bit lengths, scanning in increasing frequency. - * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all - * lengths instead of fixing only the wrong ones. This idea is taken - * from 'ar' written by Haruhiko Okumura.) - */ - for (bits = max_length; bits != 0; bits--) { - n = s->bl_count[bits]; - while (n != 0) { - m = s->heap[--h]; - if (m > max_code) continue; - if (tree[m].Len != (unsigned) bits) { - Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); - s->opt_len += ((long)bits - (long)tree[m].Len) - *(long)tree[m].Freq; - tree[m].Len = (ush)bits; - } - n--; - } - } -} - -/* =========================================================================== - * Generate the codes for a given tree and bit counts (which need not be - * optimal). - * IN assertion: the array bl_count contains the bit length statistics for - * the given tree and the field len is set for all tree elements. - * OUT assertion: the field code is set for all tree elements of non - * zero code length. - */ -local void gen_codes (tree, max_code, bl_count) - ct_data *tree; /* the tree to decorate */ - int max_code; /* largest code with non zero frequency */ - ushf *bl_count; /* number of codes at each bit length */ -{ - ush next_code[MAX_BITS+1]; /* next code value for each bit length */ - ush code = 0; /* running code value */ - int bits; /* bit index */ - int n; /* code index */ - - /* The distribution counts are first used to generate the code values - * without bit reversal. - */ - for (bits = 1; bits <= MAX_BITS; bits++) { - next_code[bits] = code = (code + bl_count[bits-1]) << 1; - } - /* Check that the bit counts in bl_count are consistent. The last code - * must be all ones. - */ - Assert (code + bl_count[MAX_BITS]-1 == (1<dyn_tree; - const ct_data *stree = desc->stat_desc->static_tree; - int elems = desc->stat_desc->elems; - int n, m; /* iterate over heap elements */ - int max_code = -1; /* largest code with non zero frequency */ - int node; /* new node being created */ - - /* Construct the initial heap, with least frequent element in - * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. - * heap[0] is not used. - */ - s->heap_len = 0, s->heap_max = HEAP_SIZE; - - for (n = 0; n < elems; n++) { - if (tree[n].Freq != 0) { - s->heap[++(s->heap_len)] = max_code = n; - s->depth[n] = 0; - } else { - tree[n].Len = 0; - } - } - - /* The pkzip format requires that at least one distance code exists, - * and that at least one bit should be sent even if there is only one - * possible code. So to avoid special checks later on we force at least - * two codes of non zero frequency. - */ - while (s->heap_len < 2) { - node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0); - tree[node].Freq = 1; - s->depth[node] = 0; - s->opt_len--; if (stree) s->static_len -= stree[node].Len; - /* node is 0 or 1 so it does not have extra bits */ - } - desc->max_code = max_code; - - /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, - * establish sub-heaps of increasing lengths: - */ - for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n); - - /* Construct the Huffman tree by repeatedly combining the least two - * frequent nodes. - */ - node = elems; /* next internal node of the tree */ - do { - pqremove(s, tree, n); /* n = node of least frequency */ - m = s->heap[SMALLEST]; /* m = node of next least frequency */ - - s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */ - s->heap[--(s->heap_max)] = m; - - /* Create a new node father of n and m */ - tree[node].Freq = tree[n].Freq + tree[m].Freq; - s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1); - tree[n].Dad = tree[m].Dad = (ush)node; -#ifdef DUMP_BL_TREE - if (tree == s->bl_tree) { - fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)", - node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq); - } -#endif - /* and insert the new node in the heap */ - s->heap[SMALLEST] = node++; - pqdownheap(s, tree, SMALLEST); - - } while (s->heap_len >= 2); - - s->heap[--(s->heap_max)] = s->heap[SMALLEST]; - - /* At this point, the fields freq and dad are set. We can now - * generate the bit lengths. - */ - gen_bitlen(s, (tree_desc *)desc); - - /* The field len is now set, we can generate the bit codes */ - gen_codes ((ct_data *)tree, max_code, s->bl_count); -} - -/* =========================================================================== - * Scan a literal or distance tree to determine the frequencies of the codes - * in the bit length tree. - */ -local void scan_tree (s, tree, max_code) - deflate_state *s; - ct_data *tree; /* the tree to be scanned */ - int max_code; /* and its largest code of non zero frequency */ -{ - int n; /* iterates over all tree elements */ - int prevlen = -1; /* last emitted length */ - int curlen; /* length of current code */ - int nextlen = tree[0].Len; /* length of next code */ - int count = 0; /* repeat count of the current code */ - int max_count = 7; /* max repeat count */ - int min_count = 4; /* min repeat count */ - - if (nextlen == 0) max_count = 138, min_count = 3; - tree[max_code+1].Len = (ush)0xffff; /* guard */ - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; nextlen = tree[n+1].Len; - if (++count < max_count && curlen == nextlen) { - continue; - } else if (count < min_count) { - s->bl_tree[curlen].Freq += count; - } else if (curlen != 0) { - if (curlen != prevlen) s->bl_tree[curlen].Freq++; - s->bl_tree[REP_3_6].Freq++; - } else if (count <= 10) { - s->bl_tree[REPZ_3_10].Freq++; - } else { - s->bl_tree[REPZ_11_138].Freq++; - } - count = 0; prevlen = curlen; - if (nextlen == 0) { - max_count = 138, min_count = 3; - } else if (curlen == nextlen) { - max_count = 6, min_count = 3; - } else { - max_count = 7, min_count = 4; - } - } -} - -/* =========================================================================== - * Send a literal or distance tree in compressed form, using the codes in - * bl_tree. - */ -local void send_tree (s, tree, max_code) - deflate_state *s; - ct_data *tree; /* the tree to be scanned */ - int max_code; /* and its largest code of non zero frequency */ -{ - int n; /* iterates over all tree elements */ - int prevlen = -1; /* last emitted length */ - int curlen; /* length of current code */ - int nextlen = tree[0].Len; /* length of next code */ - int count = 0; /* repeat count of the current code */ - int max_count = 7; /* max repeat count */ - int min_count = 4; /* min repeat count */ - - /* tree[max_code+1].Len = -1; */ /* guard already set */ - if (nextlen == 0) max_count = 138, min_count = 3; - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; nextlen = tree[n+1].Len; - if (++count < max_count && curlen == nextlen) { - continue; - } else if (count < min_count) { - do { send_code(s, curlen, s->bl_tree); } while (--count != 0); - - } else if (curlen != 0) { - if (curlen != prevlen) { - send_code(s, curlen, s->bl_tree); count--; - } - Assert(count >= 3 && count <= 6, " 3_6?"); - send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2); - - } else if (count <= 10) { - send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3); - - } else { - send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7); - } - count = 0; prevlen = curlen; - if (nextlen == 0) { - max_count = 138, min_count = 3; - } else if (curlen == nextlen) { - max_count = 6, min_count = 3; - } else { - max_count = 7, min_count = 4; - } - } -} - -/* =========================================================================== - * Construct the Huffman tree for the bit lengths and return the index in - * bl_order of the last bit length code to send. - */ -local int build_bl_tree(s) - deflate_state *s; -{ - int max_blindex; /* index of last bit length code of non zero freq */ - - /* Determine the bit length frequencies for literal and distance trees */ - scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code); - scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code); - - /* Build the bit length tree: */ - build_tree(s, (tree_desc *)(&(s->bl_desc))); - /* opt_len now includes the length of the tree representations, except - * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. - */ - - /* Determine the number of bit length codes to send. The pkzip format - * requires that at least 4 bit length codes be sent. (appnote.txt says - * 3 but the actual value used is 4.) - */ - for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) { - if (s->bl_tree[bl_order[max_blindex]].Len != 0) break; - } - /* Update opt_len to include the bit length tree and counts */ - s->opt_len += 3*(max_blindex+1) + 5+5+4; - Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", - s->opt_len, s->static_len)); - - return max_blindex; -} - -/* =========================================================================== - * Send the header for a block using dynamic Huffman trees: the counts, the - * lengths of the bit length codes, the literal tree and the distance tree. - * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. - */ -local void send_all_trees(s, lcodes, dcodes, blcodes) - deflate_state *s; - int lcodes, dcodes, blcodes; /* number of codes for each tree */ -{ - int rank; /* index in bl_order */ - - Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); - Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, - "too many codes"); - Tracev((stderr, "\nbl counts: ")); - send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */ - send_bits(s, dcodes-1, 5); - send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */ - for (rank = 0; rank < blcodes; rank++) { - Tracev((stderr, "\nbl code %2d ", bl_order[rank])); - send_bits(s, s->bl_tree[bl_order[rank]].Len, 3); - } - Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); - - send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */ - Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); - - send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */ - Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); -} - -/* =========================================================================== - * Send a stored block - */ -void _tr_stored_block(s, buf, stored_len, eof) - deflate_state *s; - charf *buf; /* input block */ - ulg stored_len; /* length of input block */ - int eof; /* true if this is the last block for a file */ -{ - send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */ -#ifdef DEBUG - s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L; - s->compressed_len += (stored_len + 4) << 3; -#endif - copy_block(s, buf, (unsigned)stored_len, 1); /* with header */ -} - -/* =========================================================================== - * Send one empty static block to give enough lookahead for inflate. - * This takes 10 bits, of which 7 may remain in the bit buffer. - * The current inflate code requires 9 bits of lookahead. If the - * last two codes for the previous block (real code plus EOB) were coded - * on 5 bits or less, inflate may have only 5+3 bits of lookahead to decode - * the last real code. In this case we send two empty static blocks instead - * of one. (There are no problems if the previous block is stored or fixed.) - * To simplify the code, we assume the worst case of last real code encoded - * on one bit only. - */ -void _tr_align(s) - deflate_state *s; -{ - send_bits(s, STATIC_TREES<<1, 3); - send_code(s, END_BLOCK, static_ltree); -#ifdef DEBUG - s->compressed_len += 10L; /* 3 for block type, 7 for EOB */ -#endif - bi_flush(s); - /* Of the 10 bits for the empty block, we have already sent - * (10 - bi_valid) bits. The lookahead for the last real code (before - * the EOB of the previous block) was thus at least one plus the length - * of the EOB plus what we have just sent of the empty static block. - */ - if (1 + s->last_eob_len + 10 - s->bi_valid < 9) { - send_bits(s, STATIC_TREES<<1, 3); - send_code(s, END_BLOCK, static_ltree); -#ifdef DEBUG - s->compressed_len += 10L; -#endif - bi_flush(s); - } - s->last_eob_len = 7; -} - -/* =========================================================================== - * Determine the best encoding for the current block: dynamic trees, static - * trees or store, and output the encoded block to the zip file. - */ -void _tr_flush_block(s, buf, stored_len, eof) - deflate_state *s; - charf *buf; /* input block, or NULL if too old */ - ulg stored_len; /* length of input block */ - int eof; /* true if this is the last block for a file */ -{ - ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */ - int max_blindex = 0; /* index of last bit length code of non zero freq */ - - /* Build the Huffman trees unless a stored block is forced */ - if (s->level > 0) { - - /* Check if the file is ascii or binary */ - if (s->data_type == Z_UNKNOWN) set_data_type(s); - - /* Construct the literal and distance trees */ - build_tree(s, (tree_desc *)(&(s->l_desc))); - Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, - s->static_len)); - - build_tree(s, (tree_desc *)(&(s->d_desc))); - Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, - s->static_len)); - /* At this point, opt_len and static_len are the total bit lengths of - * the compressed block data, excluding the tree representations. - */ - - /* Build the bit length tree for the above two trees, and get the index - * in bl_order of the last bit length code to send. - */ - max_blindex = build_bl_tree(s); - - /* Determine the best encoding. Compute first the block length in bytes*/ - opt_lenb = (s->opt_len+3+7)>>3; - static_lenb = (s->static_len+3+7)>>3; - - Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, - s->last_lit)); - - if (static_lenb <= opt_lenb) opt_lenb = static_lenb; - - } else { - Assert(buf != (char*)0, "lost buf"); - opt_lenb = static_lenb = stored_len + 5; /* force a stored block */ - } - -#ifdef FORCE_STORED - if (buf != (char*)0) { /* force stored block */ -#else - if (stored_len+4 <= opt_lenb && buf != (char*)0) { - /* 4: two words for the lengths */ -#endif - /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. - * Otherwise we can't have processed more than WSIZE input bytes since - * the last block flush, because compression would have been - * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to - * transform a block into a stored block. - */ - _tr_stored_block(s, buf, stored_len, eof); - -#ifdef FORCE_STATIC - } else if (static_lenb >= 0) { /* force static trees */ -#else - } else if (static_lenb == opt_lenb) { -#endif - send_bits(s, (STATIC_TREES<<1)+eof, 3); - compress_block(s, static_ltree, static_dtree); -#ifdef DEBUG - s->compressed_len += 3 + s->static_len; -#endif - } else { - send_bits(s, (DYN_TREES<<1)+eof, 3); - send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1, - max_blindex+1); - compress_block(s, s->dyn_ltree, s->dyn_dtree); -#ifdef DEBUG - s->compressed_len += 3 + s->opt_len; -#endif - } - Assert (s->compressed_len == s->bits_sent, "bad compressed size"); - /* The above check is made mod 2^32, for files larger than 512 MB - * and uLong implemented on 32 bits. - */ - init_block(s); - - if (eof) { - bi_windup(s); -#ifdef DEBUG - s->compressed_len += 7; /* align on byte boundary */ -#endif - } - Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, - s->compressed_len-7*eof)); -} - -/* =========================================================================== - * Save the match info and tally the frequency counts. Return true if - * the current block must be flushed. - */ -int _tr_tally (s, dist, lc) - deflate_state *s; - unsigned dist; /* distance of matched string */ - unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ -{ - s->d_buf[s->last_lit] = (ush)dist; - s->l_buf[s->last_lit++] = (uch)lc; - if (dist == 0) { - /* lc is the unmatched char */ - s->dyn_ltree[lc].Freq++; - } else { - s->matches++; - /* Here, lc is the match length - MIN_MATCH */ - dist--; /* dist = match distance - 1 */ - Assert((ush)dist < (ush)MAX_DIST(s) && - (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && - (ush)d_code(dist) < (ush)D_CODES, "_tr_tally: bad match"); - - s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; - s->dyn_dtree[d_code(dist)].Freq++; - } - -#ifdef TRUNCATE_BLOCK - /* Try to guess if it is profitable to stop the current block here */ - if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { - /* Compute an upper bound for the compressed length */ - ulg out_length = (ulg)s->last_lit*8L; - ulg in_length = (ulg)((long)s->strstart - s->block_start); - int dcode; - for (dcode = 0; dcode < D_CODES; dcode++) { - out_length += (ulg)s->dyn_dtree[dcode].Freq * - (5L+extra_dbits[dcode]); - } - out_length >>= 3; - Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", - s->last_lit, in_length, out_length, - 100L - out_length*100L/in_length)); - if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; - } -#endif - return (s->last_lit == s->lit_bufsize-1); - /* We avoid equality with lit_bufsize because of wraparound at 64K - * on 16 bit machines and because stored blocks are restricted to - * 64K-1 bytes. - */ -} - -/* =========================================================================== - * Send the block data compressed using the given Huffman trees - */ -local void compress_block(s, ltree, dtree) - deflate_state *s; - const ct_data *ltree; /* literal tree */ - const ct_data *dtree; /* distance tree */ -{ - unsigned dist; /* distance of matched string */ - int lc; /* match length or unmatched char (if dist == 0) */ - unsigned lx = 0; /* running index in l_buf */ - unsigned code; /* the code to send */ - int extra; /* number of extra bits to send */ - - if (s->last_lit != 0) do { - dist = s->d_buf[lx]; - lc = s->l_buf[lx++]; - if (dist == 0) { - send_code(s, lc, ltree); /* send a literal byte */ - Tracecv(isgraph(lc), (stderr," '%c' ", lc)); - } else { - /* Here, lc is the match length - MIN_MATCH */ - code = _length_code[lc]; - send_code(s, code+LITERALS+1, ltree); /* send the length code */ - extra = extra_lbits[code]; - if (extra != 0) { - lc -= base_length[code]; - send_bits(s, lc, extra); /* send the extra length bits */ - } - dist--; /* dist is now the match distance - 1 */ - code = d_code(dist); - Assert (code < D_CODES, "bad d_code"); - - send_code(s, code, dtree); /* send the distance code */ - extra = extra_dbits[code]; - if (extra != 0) { - dist -= base_dist[code]; - send_bits(s, dist, extra); /* send the extra distance bits */ - } - } /* literal or match pair ? */ - - /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ - Assert(s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow"); - - } while (lx < s->last_lit); - - send_code(s, END_BLOCK, ltree); - s->last_eob_len = ltree[END_BLOCK].Len; -} - -/* =========================================================================== - * Set the data type to ASCII or BINARY, using a crude approximation: - * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise. - * IN assertion: the fields freq of dyn_ltree are set and the total of all - * frequencies does not exceed 64K (to fit in an int on 16 bit machines). - */ -local void set_data_type(s) - deflate_state *s; -{ - int n = 0; - unsigned ascii_freq = 0; - unsigned bin_freq = 0; - while (n < 7) bin_freq += s->dyn_ltree[n++].Freq; - while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq; - while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq; - s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? Z_BINARY : Z_ASCII); -} - -/* =========================================================================== - * Reverse the first len bits of a code, using straightforward code (a faster - * method would use a table) - * IN assertion: 1 <= len <= 15 - */ -local unsigned bi_reverse(code, len) - unsigned code; /* the value to invert */ - int len; /* its bit length */ -{ - register unsigned res = 0; - do { - res |= code & 1; - code >>= 1, res <<= 1; - } while (--len > 0); - return res >> 1; -} - -/* =========================================================================== - * Flush the bit buffer, keeping at most 7 bits in it. - */ -local void bi_flush(s) - deflate_state *s; -{ - if (s->bi_valid == 16) { - put_short(s, s->bi_buf); - s->bi_buf = 0; - s->bi_valid = 0; - } else if (s->bi_valid >= 8) { - put_byte(s, (Byte)s->bi_buf); - s->bi_buf >>= 8; - s->bi_valid -= 8; - } -} - -/* =========================================================================== - * Flush the bit buffer and align the output on a byte boundary - */ -local void bi_windup(s) - deflate_state *s; -{ - if (s->bi_valid > 8) { - put_short(s, s->bi_buf); - } else if (s->bi_valid > 0) { - put_byte(s, (Byte)s->bi_buf); - } - s->bi_buf = 0; - s->bi_valid = 0; -#ifdef DEBUG - s->bits_sent = (s->bits_sent+7) & ~7; -#endif -} - -/* =========================================================================== - * Copy a stored block, storing first the length and its - * one's complement if requested. - */ -local void copy_block(s, buf, len, header) - deflate_state *s; - charf *buf; /* the input data */ - unsigned len; /* its length */ - int header; /* true if block header must be written */ -{ - bi_windup(s); /* align on byte boundary */ - s->last_eob_len = 8; /* enough lookahead for inflate */ - - if (header) { - put_short(s, (ush)len); - put_short(s, (ush)~len); -#ifdef DEBUG - s->bits_sent += 2*16; -#endif - } -#ifdef DEBUG - s->bits_sent += (ulg)len<<3; -#endif - while (len--) { - put_byte(s, *buf++); - } -} diff --git a/linux/lib/zlib/trees.h b/linux/lib/zlib/trees.h deleted file mode 100644 index 72facf900..000000000 --- a/linux/lib/zlib/trees.h +++ /dev/null @@ -1,128 +0,0 @@ -/* header created automatically with -DGEN_TREES_H */ - -local const ct_data static_ltree[L_CODES+2] = { -{{ 12},{ 8}}, {{140},{ 8}}, {{ 76},{ 8}}, {{204},{ 8}}, {{ 44},{ 8}}, -{{172},{ 8}}, {{108},{ 8}}, {{236},{ 8}}, {{ 28},{ 8}}, {{156},{ 8}}, -{{ 92},{ 8}}, {{220},{ 8}}, {{ 60},{ 8}}, {{188},{ 8}}, {{124},{ 8}}, -{{252},{ 8}}, {{ 2},{ 8}}, {{130},{ 8}}, {{ 66},{ 8}}, {{194},{ 8}}, -{{ 34},{ 8}}, {{162},{ 8}}, {{ 98},{ 8}}, {{226},{ 8}}, {{ 18},{ 8}}, -{{146},{ 8}}, {{ 82},{ 8}}, {{210},{ 8}}, {{ 50},{ 8}}, {{178},{ 8}}, -{{114},{ 8}}, {{242},{ 8}}, {{ 10},{ 8}}, {{138},{ 8}}, {{ 74},{ 8}}, -{{202},{ 8}}, {{ 42},{ 8}}, {{170},{ 8}}, {{106},{ 8}}, {{234},{ 8}}, -{{ 26},{ 8}}, {{154},{ 8}}, {{ 90},{ 8}}, {{218},{ 8}}, {{ 58},{ 8}}, -{{186},{ 8}}, {{122},{ 8}}, {{250},{ 8}}, {{ 6},{ 8}}, {{134},{ 8}}, -{{ 70},{ 8}}, {{198},{ 8}}, {{ 38},{ 8}}, {{166},{ 8}}, {{102},{ 8}}, -{{230},{ 8}}, {{ 22},{ 8}}, {{150},{ 8}}, {{ 86},{ 8}}, {{214},{ 8}}, -{{ 54},{ 8}}, {{182},{ 8}}, {{118},{ 8}}, {{246},{ 8}}, {{ 14},{ 8}}, -{{142},{ 8}}, {{ 78},{ 8}}, {{206},{ 8}}, {{ 46},{ 8}}, {{174},{ 8}}, -{{110},{ 8}}, {{238},{ 8}}, {{ 30},{ 8}}, {{158},{ 8}}, {{ 94},{ 8}}, -{{222},{ 8}}, {{ 62},{ 8}}, {{190},{ 8}}, {{126},{ 8}}, {{254},{ 8}}, -{{ 1},{ 8}}, {{129},{ 8}}, {{ 65},{ 8}}, {{193},{ 8}}, {{ 33},{ 8}}, -{{161},{ 8}}, {{ 97},{ 8}}, {{225},{ 8}}, {{ 17},{ 8}}, {{145},{ 8}}, -{{ 81},{ 8}}, {{209},{ 8}}, {{ 49},{ 8}}, {{177},{ 8}}, {{113},{ 8}}, -{{241},{ 8}}, {{ 9},{ 8}}, {{137},{ 8}}, {{ 73},{ 8}}, {{201},{ 8}}, -{{ 41},{ 8}}, {{169},{ 8}}, {{105},{ 8}}, {{233},{ 8}}, {{ 25},{ 8}}, -{{153},{ 8}}, {{ 89},{ 8}}, {{217},{ 8}}, {{ 57},{ 8}}, {{185},{ 8}}, -{{121},{ 8}}, {{249},{ 8}}, {{ 5},{ 8}}, {{133},{ 8}}, {{ 69},{ 8}}, -{{197},{ 8}}, {{ 37},{ 8}}, {{165},{ 8}}, {{101},{ 8}}, {{229},{ 8}}, -{{ 21},{ 8}}, {{149},{ 8}}, {{ 85},{ 8}}, {{213},{ 8}}, {{ 53},{ 8}}, -{{181},{ 8}}, {{117},{ 8}}, {{245},{ 8}}, {{ 13},{ 8}}, {{141},{ 8}}, -{{ 77},{ 8}}, {{205},{ 8}}, {{ 45},{ 8}}, {{173},{ 8}}, {{109},{ 8}}, -{{237},{ 8}}, {{ 29},{ 8}}, {{157},{ 8}}, {{ 93},{ 8}}, {{221},{ 8}}, -{{ 61},{ 8}}, {{189},{ 8}}, {{125},{ 8}}, {{253},{ 8}}, {{ 19},{ 9}}, -{{275},{ 9}}, {{147},{ 9}}, {{403},{ 9}}, {{ 83},{ 9}}, {{339},{ 9}}, -{{211},{ 9}}, {{467},{ 9}}, {{ 51},{ 9}}, {{307},{ 9}}, {{179},{ 9}}, -{{435},{ 9}}, {{115},{ 9}}, {{371},{ 9}}, {{243},{ 9}}, {{499},{ 9}}, -{{ 11},{ 9}}, {{267},{ 9}}, {{139},{ 9}}, {{395},{ 9}}, {{ 75},{ 9}}, -{{331},{ 9}}, {{203},{ 9}}, {{459},{ 9}}, {{ 43},{ 9}}, {{299},{ 9}}, -{{171},{ 9}}, {{427},{ 9}}, {{107},{ 9}}, {{363},{ 9}}, {{235},{ 9}}, -{{491},{ 9}}, {{ 27},{ 9}}, {{283},{ 9}}, {{155},{ 9}}, {{411},{ 9}}, -{{ 91},{ 9}}, {{347},{ 9}}, {{219},{ 9}}, {{475},{ 9}}, {{ 59},{ 9}}, -{{315},{ 9}}, {{187},{ 9}}, {{443},{ 9}}, {{123},{ 9}}, {{379},{ 9}}, -{{251},{ 9}}, {{507},{ 9}}, {{ 7},{ 9}}, {{263},{ 9}}, {{135},{ 9}}, -{{391},{ 9}}, {{ 71},{ 9}}, {{327},{ 9}}, {{199},{ 9}}, {{455},{ 9}}, -{{ 39},{ 9}}, {{295},{ 9}}, {{167},{ 9}}, {{423},{ 9}}, {{103},{ 9}}, -{{359},{ 9}}, {{231},{ 9}}, {{487},{ 9}}, {{ 23},{ 9}}, {{279},{ 9}}, -{{151},{ 9}}, {{407},{ 9}}, {{ 87},{ 9}}, {{343},{ 9}}, {{215},{ 9}}, -{{471},{ 9}}, {{ 55},{ 9}}, {{311},{ 9}}, {{183},{ 9}}, {{439},{ 9}}, -{{119},{ 9}}, {{375},{ 9}}, {{247},{ 9}}, {{503},{ 9}}, {{ 15},{ 9}}, -{{271},{ 9}}, {{143},{ 9}}, {{399},{ 9}}, {{ 79},{ 9}}, {{335},{ 9}}, -{{207},{ 9}}, {{463},{ 9}}, {{ 47},{ 9}}, {{303},{ 9}}, {{175},{ 9}}, -{{431},{ 9}}, {{111},{ 9}}, {{367},{ 9}}, {{239},{ 9}}, {{495},{ 9}}, -{{ 31},{ 9}}, {{287},{ 9}}, {{159},{ 9}}, {{415},{ 9}}, {{ 95},{ 9}}, -{{351},{ 9}}, {{223},{ 9}}, {{479},{ 9}}, {{ 63},{ 9}}, {{319},{ 9}}, -{{191},{ 9}}, {{447},{ 9}}, {{127},{ 9}}, {{383},{ 9}}, {{255},{ 9}}, -{{511},{ 9}}, {{ 0},{ 7}}, {{ 64},{ 7}}, {{ 32},{ 7}}, {{ 96},{ 7}}, -{{ 16},{ 7}}, {{ 80},{ 7}}, {{ 48},{ 7}}, {{112},{ 7}}, {{ 8},{ 7}}, -{{ 72},{ 7}}, {{ 40},{ 7}}, {{104},{ 7}}, {{ 24},{ 7}}, {{ 88},{ 7}}, -{{ 56},{ 7}}, {{120},{ 7}}, {{ 4},{ 7}}, {{ 68},{ 7}}, {{ 36},{ 7}}, -{{100},{ 7}}, {{ 20},{ 7}}, {{ 84},{ 7}}, {{ 52},{ 7}}, {{116},{ 7}}, -{{ 3},{ 8}}, {{131},{ 8}}, {{ 67},{ 8}}, {{195},{ 8}}, {{ 35},{ 8}}, -{{163},{ 8}}, {{ 99},{ 8}}, {{227},{ 8}} -}; - -local const ct_data static_dtree[D_CODES] = { -{{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}}, -{{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}}, -{{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}}, -{{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}}, -{{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}}, -{{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}} -}; - -const uch _dist_code[DIST_CODE_LEN] = { - 0, 1, 2, 3, 4, 4, 5, 5, 6, 6, 6, 6, 7, 7, 7, 7, 8, 8, 8, 8, - 8, 8, 8, 8, 9, 9, 9, 9, 9, 9, 9, 9, 10, 10, 10, 10, 10, 10, 10, 10, -10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, -11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, -12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13, -13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, -13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, -14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, -14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, -14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15, -15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, -15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, -15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 0, 0, 16, 17, -18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22, -23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, -24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, -26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, -26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, -27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, -27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, -28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, -28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, -28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, -29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, -29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, -29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29 -}; - -const uch _length_code[MAX_MATCH-MIN_MATCH+1]= { - 0, 1, 2, 3, 4, 5, 6, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 12, 12, -13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16, -17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19, -19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, -21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22, -22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23, -23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, -24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, -25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, -25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26, -26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, -26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, -27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28 -}; - -local const int base_length[LENGTH_CODES] = { -0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56, -64, 80, 96, 112, 128, 160, 192, 224, 0 -}; - -local const int base_dist[D_CODES] = { - 0, 1, 2, 3, 4, 6, 8, 12, 16, 24, - 32, 48, 64, 96, 128, 192, 256, 384, 512, 768, - 1024, 1536, 2048, 3072, 4096, 6144, 8192, 12288, 16384, 24576 -}; - diff --git a/linux/lib/zlib/zconf.h b/linux/lib/zlib/zconf.h deleted file mode 100644 index bf52dced5..000000000 --- a/linux/lib/zlib/zconf.h +++ /dev/null @@ -1,309 +0,0 @@ -/* zconf.h -- configuration of the zlib compression library - * Copyright (C) 1995-2002 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* @(#) $Id: zconf.h,v 1.1 2004/03/15 20:35:26 as Exp $ */ - -#ifndef _ZCONF_H -#define _ZCONF_H - -/* - * If you *really* need a unique prefix for all types and library functions, - * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it. - */ -#ifdef IPCOMP_PREFIX -# define deflateInit_ ipcomp_deflateInit_ -# define deflate ipcomp_deflate -# define deflateEnd ipcomp_deflateEnd -# define inflateInit_ ipcomp_inflateInit_ -# define inflate ipcomp_inflate -# define inflateEnd ipcomp_inflateEnd -# define deflateInit2_ ipcomp_deflateInit2_ -# define deflateSetDictionary ipcomp_deflateSetDictionary -# define deflateCopy ipcomp_deflateCopy -# define deflateReset ipcomp_deflateReset -# define deflateParams ipcomp_deflateParams -# define inflateInit2_ ipcomp_inflateInit2_ -# define inflateSetDictionary ipcomp_inflateSetDictionary -# define inflateSync ipcomp_inflateSync -# define inflateSyncPoint ipcomp_inflateSyncPoint -# define inflateReset ipcomp_inflateReset -# define compress ipcomp_compress -# define compress2 ipcomp_compress2 -# define uncompress ipcomp_uncompress -# define adler32 ipcomp_adler32 -# define crc32 ipcomp_crc32 -# define get_crc_table ipcomp_get_crc_table -/* SSS: these also need to be prefixed to avoid clash with ppp_deflate and ext2compression */ -# define inflate_blocks ipcomp_deflate_blocks -# define inflate_blocks_free ipcomp_deflate_blocks_free -# define inflate_blocks_new ipcomp_inflate_blocks_new -# define inflate_blocks_reset ipcomp_inflate_blocks_reset -# define inflate_blocks_sync_point ipcomp_inflate_blocks_sync_point -# define inflate_set_dictionary ipcomp_inflate_set_dictionary -# define inflate_codes ipcomp_inflate_codes -# define inflate_codes_free ipcomp_inflate_codes_free -# define inflate_codes_new ipcomp_inflate_codes_new -# define inflate_fast ipcomp_inflate_fast -# define inflate_trees_bits ipcomp_inflate_trees_bits -# define inflate_trees_dynamic ipcomp_inflate_trees_dynamic -# define inflate_trees_fixed ipcomp_inflate_trees_fixed -# define inflate_flush ipcomp_inflate_flush -# define inflate_mask ipcomp_inflate_mask -# define _dist_code _ipcomp_dist_code -# define _length_code _ipcomp_length_code -# define _tr_align _ipcomp_tr_align -# define _tr_flush_block _ipcomp_tr_flush_block -# define _tr_init _ipcomp_tr_init -# define _tr_stored_block _ipcomp_tr_stored_block -# define _tr_tally _ipcomp_tr_tally -# define zError ipcomp_zError -# define z_errmsg ipcomp_z_errmsg -# define zlibVersion ipcomp_zlibVersion -# define match_init ipcomp_match_init -# define longest_match ipcomp_longest_match -#endif - -#ifdef Z_PREFIX -# define Byte z_Byte -# define uInt z_uInt -# define uLong z_uLong -# define Bytef z_Bytef -# define charf z_charf -# define intf z_intf -# define uIntf z_uIntf -# define uLongf z_uLongf -# define voidpf z_voidpf -# define voidp z_voidp -#endif - -#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) -# define WIN32 -#endif -#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386) -# ifndef __32BIT__ -# define __32BIT__ -# endif -#endif -#if defined(__MSDOS__) && !defined(MSDOS) -# define MSDOS -#endif - -/* - * Compile with -DMAXSEG_64K if the alloc function cannot allocate more - * than 64k bytes at a time (needed on systems with 16-bit int). - */ -#if defined(MSDOS) && !defined(__32BIT__) -# define MAXSEG_64K -#endif -#ifdef MSDOS -# define UNALIGNED_OK -#endif - -#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32)) && !defined(STDC) -# define STDC -#endif -#if defined(__STDC__) || defined(__cplusplus) || defined(__OS2__) -# ifndef STDC -# define STDC -# endif -#endif - -#ifndef STDC -# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */ -# define const -# endif -#endif - -/* Some Mac compilers merge all .h files incorrectly: */ -#if defined(__MWERKS__) || defined(applec) ||defined(THINK_C) ||defined(__SC__) -# define NO_DUMMY_DECL -#endif - -/* Old Borland C incorrectly complains about missing returns: */ -#if defined(__BORLANDC__) && (__BORLANDC__ < 0x500) -# define NEED_DUMMY_RETURN -#endif - - -/* Maximum value for memLevel in deflateInit2 */ -#ifndef MAX_MEM_LEVEL -# ifdef MAXSEG_64K -# define MAX_MEM_LEVEL 8 -# else -# define MAX_MEM_LEVEL 9 -# endif -#endif - -/* Maximum value for windowBits in deflateInit2 and inflateInit2. - * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files - * created by gzip. (Files created by minigzip can still be extracted by - * gzip.) - */ -#ifndef MAX_WBITS -# define MAX_WBITS 15 /* 32K LZ77 window */ -#endif - -/* The memory requirements for deflate are (in bytes): - (1 << (windowBits+2)) + (1 << (memLevel+9)) - that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) - plus a few kilobytes for small objects. For example, if you want to reduce - the default memory requirements from 256K to 128K, compile with - make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" - Of course this will generally degrade compression (there's no free lunch). - - The memory requirements for inflate are (in bytes) 1 << windowBits - that is, 32K for windowBits=15 (default value) plus a few kilobytes - for small objects. -*/ - - /* Type declarations */ - -#ifndef OF /* function prototypes */ -# ifdef STDC -# define OF(args) args -# else -# define OF(args) () -# endif -#endif - -/* The following definitions for FAR are needed only for MSDOS mixed - * model programming (small or medium model with some far allocations). - * This was tested only with MSC; for other MSDOS compilers you may have - * to define NO_MEMCPY in zutil.h. If you don't need the mixed model, - * just define FAR to be empty. - */ -#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__) - /* MSC small or medium model */ -# define SMALL_MEDIUM -# ifdef _MSC_VER -# define FAR _far -# else -# define FAR far -# endif -#endif -#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__)) -# ifndef __32BIT__ -# define SMALL_MEDIUM -# define FAR _far -# endif -#endif - -/* Compile with -DZLIB_DLL for Windows DLL support */ -#if defined(ZLIB_DLL) -# if defined(_WINDOWS) || defined(WINDOWS) -# ifdef FAR -# undef FAR -# endif -# include -# define ZEXPORT WINAPI -# ifdef WIN32 -# define ZEXPORTVA WINAPIV -# else -# define ZEXPORTVA FAR _cdecl _export -# endif -# endif -# if defined (__BORLANDC__) -# if (__BORLANDC__ >= 0x0500) && defined (WIN32) -# include -# define ZEXPORT __declspec(dllexport) WINAPI -# define ZEXPORTRVA __declspec(dllexport) WINAPIV -# else -# if defined (_Windows) && defined (__DLL__) -# define ZEXPORT _export -# define ZEXPORTVA _export -# endif -# endif -# endif -#endif - -#if defined (__BEOS__) -# if defined (ZLIB_DLL) -# define ZEXTERN extern __declspec(dllexport) -# else -# define ZEXTERN extern __declspec(dllimport) -# endif -#endif - -#ifndef ZEXPORT -# define ZEXPORT -#endif -#ifndef ZEXPORTVA -# define ZEXPORTVA -#endif -#ifndef ZEXTERN -# define ZEXTERN extern -#endif - -#ifndef FAR -# define FAR -#endif - -#if !defined(MACOS) && !defined(TARGET_OS_MAC) -typedef unsigned char Byte; /* 8 bits */ -#endif -typedef unsigned int uInt; /* 16 bits or more */ -typedef unsigned long uLong; /* 32 bits or more */ - -#ifdef SMALL_MEDIUM - /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */ -# define Bytef Byte FAR -#else - typedef Byte FAR Bytef; -#endif -typedef char FAR charf; -typedef int FAR intf; -typedef uInt FAR uIntf; -typedef uLong FAR uLongf; - -#ifdef STDC - typedef void FAR *voidpf; - typedef void *voidp; -#else - typedef Byte FAR *voidpf; - typedef Byte *voidp; -#endif - -#ifdef HAVE_UNISTD_H -# include /* for off_t */ -# include /* for SEEK_* and off_t */ -# define z_off_t off_t -#endif -#ifndef SEEK_SET -# define SEEK_SET 0 /* Seek from beginning of file. */ -# define SEEK_CUR 1 /* Seek from current position. */ -# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ -#endif -#ifndef z_off_t -# define z_off_t long -#endif - -/* MVS linker does not support external names larger than 8 bytes */ -#if defined(__MVS__) -# pragma map(deflateInit_,"DEIN") -# pragma map(deflateInit2_,"DEIN2") -# pragma map(deflateEnd,"DEEND") -# pragma map(inflateInit_,"ININ") -# pragma map(inflateInit2_,"ININ2") -# pragma map(inflateEnd,"INEND") -# pragma map(inflateSync,"INSY") -# pragma map(inflateSetDictionary,"INSEDI") -# pragma map(inflate_blocks,"INBL") -# pragma map(inflate_blocks_new,"INBLNE") -# pragma map(inflate_blocks_free,"INBLFR") -# pragma map(inflate_blocks_reset,"INBLRE") -# pragma map(inflate_codes_free,"INCOFR") -# pragma map(inflate_codes,"INCO") -# pragma map(inflate_fast,"INFA") -# pragma map(inflate_flush,"INFLU") -# pragma map(inflate_mask,"INMA") -# pragma map(inflate_set_dictionary,"INSEDI2") -# pragma map(ipcomp_inflate_copyright,"INCOPY") -# pragma map(inflate_trees_bits,"INTRBI") -# pragma map(inflate_trees_dynamic,"INTRDY") -# pragma map(inflate_trees_fixed,"INTRFI") -# pragma map(inflate_trees_free,"INTRFR") -#endif - -#endif /* _ZCONF_H */ diff --git a/linux/lib/zlib/zutil.c b/linux/lib/zlib/zutil.c deleted file mode 100644 index 81d602d82..000000000 --- a/linux/lib/zlib/zutil.c +++ /dev/null @@ -1,227 +0,0 @@ -/* zutil.c -- target dependent utility functions for the compression library - * Copyright (C) 1995-2002 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* @(#) $Id: zutil.c,v 1.1 2004/03/15 20:35:26 as Exp $ */ - -#include - -#define MY_ZCALLOC - -struct internal_state {int dummy;}; /* for buggy compilers */ - -#ifndef STDC -extern void exit OF((int)); -#endif - -const char *z_errmsg[10] = { -"need dictionary", /* Z_NEED_DICT 2 */ -"stream end", /* Z_STREAM_END 1 */ -"", /* Z_OK 0 */ -"file error", /* Z_ERRNO (-1) */ -"stream error", /* Z_STREAM_ERROR (-2) */ -"data error", /* Z_DATA_ERROR (-3) */ -"insufficient memory", /* Z_MEM_ERROR (-4) */ -"buffer error", /* Z_BUF_ERROR (-5) */ -"incompatible version",/* Z_VERSION_ERROR (-6) */ -""}; - - -const char * ZEXPORT zlibVersion() -{ - return ZLIB_VERSION; -} - -#ifdef DEBUG - -# ifndef verbose -# define verbose 0 -# endif -int z_verbose = verbose; - -void z_error (m) - char *m; -{ - fprintf(stderr, "%s\n", m); - exit(1); -} -#endif - -/* exported to allow conversion of error code to string for compress() and - * uncompress() - */ -const char * ZEXPORT zError(err) - int err; -{ - return ERR_MSG(err); -} - - -#ifndef HAVE_MEMCPY - -void zmemcpy(dest, source, len) - Bytef* dest; - const Bytef* source; - uInt len; -{ - if (len == 0) return; - do { - *dest++ = *source++; /* ??? to be unrolled */ - } while (--len != 0); -} - -int zmemcmp(s1, s2, len) - const Bytef* s1; - const Bytef* s2; - uInt len; -{ - uInt j; - - for (j = 0; j < len; j++) { - if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1; - } - return 0; -} - -void zmemzero(dest, len) - Bytef* dest; - uInt len; -{ - if (len == 0) return; - do { - *dest++ = 0; /* ??? to be unrolled */ - } while (--len != 0); -} -#endif - -#ifdef __TURBOC__ -#if (defined( __BORLANDC__) || !defined(SMALL_MEDIUM)) && !defined(__32BIT__) -/* Small and medium model in Turbo C are for now limited to near allocation - * with reduced MAX_WBITS and MAX_MEM_LEVEL - */ -# define MY_ZCALLOC - -/* Turbo C malloc() does not allow dynamic allocation of 64K bytes - * and farmalloc(64K) returns a pointer with an offset of 8, so we - * must fix the pointer. Warning: the pointer must be put back to its - * original form in order to free it, use zcfree(). - */ - -#define MAX_PTR 10 -/* 10*64K = 640K */ - -local int next_ptr = 0; - -typedef struct ptr_table_s { - voidpf org_ptr; - voidpf new_ptr; -} ptr_table; - -local ptr_table table[MAX_PTR]; -/* This table is used to remember the original form of pointers - * to large buffers (64K). Such pointers are normalized with a zero offset. - * Since MSDOS is not a preemptive multitasking OS, this table is not - * protected from concurrent access. This hack doesn't work anyway on - * a protected system like OS/2. Use Microsoft C instead. - */ - -voidpf zcalloc (voidpf opaque, unsigned items, unsigned size) -{ - voidpf buf = opaque; /* just to make some compilers happy */ - ulg bsize = (ulg)items*size; - - /* If we allocate less than 65520 bytes, we assume that farmalloc - * will return a usable pointer which doesn't have to be normalized. - */ - if (bsize < 65520L) { - buf = farmalloc(bsize); - if (*(ush*)&buf != 0) return buf; - } else { - buf = farmalloc(bsize + 16L); - } - if (buf == NULL || next_ptr >= MAX_PTR) return NULL; - table[next_ptr].org_ptr = buf; - - /* Normalize the pointer to seg:0 */ - *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4; - *(ush*)&buf = 0; - table[next_ptr++].new_ptr = buf; - return buf; -} - -void zcfree (voidpf opaque, voidpf ptr) -{ - int n; - if (*(ush*)&ptr != 0) { /* object < 64K */ - farfree(ptr); - return; - } - /* Find the original pointer */ - for (n = 0; n < next_ptr; n++) { - if (ptr != table[n].new_ptr) continue; - - farfree(table[n].org_ptr); - while (++n < next_ptr) { - table[n-1] = table[n]; - } - next_ptr--; - return; - } - ptr = opaque; /* just to make some compilers happy */ - Assert(0, "zcfree: ptr not found"); -} -#endif -#endif /* __TURBOC__ */ - - -#if defined(M_I86) && !defined(__32BIT__) -/* Microsoft C in 16-bit mode */ - -# define MY_ZCALLOC - -#if (!defined(_MSC_VER) || (_MSC_VER <= 600)) -# define _halloc halloc -# define _hfree hfree -#endif - -voidpf zcalloc (voidpf opaque, unsigned items, unsigned size) -{ - if (opaque) opaque = 0; /* to make compiler happy */ - return _halloc((long)items, size); -} - -void zcfree (voidpf opaque, voidpf ptr) -{ - if (opaque) opaque = 0; /* to make compiler happy */ - _hfree(ptr); -} - -#endif /* MSC */ - - -#ifndef MY_ZCALLOC /* Any system without a special alloc function */ - -#ifndef STDC -extern voidp calloc OF((uInt items, uInt size)); -extern void free OF((voidpf ptr)); -#endif - -voidpf zcalloc (opaque, items, size) - voidpf opaque; - unsigned items; - unsigned size; -{ - if (opaque) items += size - size; /* make compiler happy */ - return (voidpf)calloc(items, size); -} - -void zcfree (opaque, ptr) - voidpf opaque; - voidpf ptr; -{ - free(ptr); - if (opaque) return; /* make compiler happy */ -} - -#endif /* MY_ZCALLOC */ diff --git a/linux/net/Config.in.fs2_0.patch b/linux/net/Config.in.fs2_0.patch deleted file mode 100644 index 6ff7cf06c..000000000 --- a/linux/net/Config.in.fs2_0.patch +++ /dev/null @@ -1,12 +0,0 @@ -RCSID $Id: Config.in.fs2_0.patch,v 1.2 2004/03/30 14:15:03 as Exp $ ---- linux/net/Config.in.preipsec Mon Jul 13 16:47:40 1998 -+++ linux/net/Config.in Thu Sep 16 11:26:31 1999 -@@ -24,4 +24,8 @@ - if [ "$CONFIG_NETLINK" = "y" ]; then - bool 'Routing messages' CONFIG_RTNETLINK - fi -+tristate 'IP Security Protocol (strongSwan IPsec)' CONFIG_IPSEC -+if [ "$CONFIG_IPSEC" != "n" ]; then -+ source net/ipsec/Config.in -+fi - endmenu diff --git a/linux/net/Config.in.fs2_2.patch b/linux/net/Config.in.fs2_2.patch deleted file mode 100644 index 5d7c6de53..000000000 --- a/linux/net/Config.in.fs2_2.patch +++ /dev/null @@ -1,12 +0,0 @@ -RCSID $Id: Config.in.fs2_2.patch,v 1.2 2004/03/30 14:15:03 as Exp $ ---- linux/net/Config.in.preipsec Thu Feb 25 13:46:47 1999 -+++ linux/net/Config.in Sat Aug 28 02:24:59 1999 -@@ -63,4 +63,8 @@ - endmenu - fi - fi -+tristate 'IP Security Protocol (strongSwan IPsec)' CONFIG_IPSEC -+if [ "$CONFIG_IPSEC" != "n" ]; then -+ source net/ipsec/Config.in -+fi - endmenu diff --git a/linux/net/Config.in.fs2_4.patch b/linux/net/Config.in.fs2_4.patch deleted file mode 100644 index 82ec14188..000000000 --- a/linux/net/Config.in.fs2_4.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- linux/net/Config.in.orig Fri Feb 9 14:34:13 2001 -+++ linux/net/Config.in Thu Feb 22 19:40:08 2001 -@@ -88,4 +88,10 @@ - #bool 'Network code profiler' CONFIG_NET_PROFILE - endmenu - -+tristate 'IP Security Protocol (strongSwan IPsec)' CONFIG_IPSEC -+define_tristate CONFIG_IPSEC m -+if [ "$CONFIG_IPSEC" != "n" ]; then -+ source net/ipsec/Config.in -+fi -+ - endmenu diff --git a/linux/net/Makefile.fs2_0.patch b/linux/net/Makefile.fs2_0.patch deleted file mode 100644 index 7909f1e6d..000000000 --- a/linux/net/Makefile.fs2_0.patch +++ /dev/null @@ -1,20 +0,0 @@ -RCSID $Id: Makefile.fs2_0.patch,v 1.1 2004/03/15 20:35:26 as Exp $ ---- linux/net/Makefile.preipsec Mon Jul 13 16:47:40 1998 -+++ linux/net/Makefile Thu Sep 16 11:26:31 1999 -@@ -64,6 +64,16 @@ - endif - endif - -+ifeq ($(CONFIG_IPSEC),y) -+ALL_SUB_DIRS += ipsec -+SUB_DIRS += ipsec -+else -+ ifeq ($(CONFIG_IPSEC),m) -+ ALL_SUB_DIRS += ipsec -+ MOD_SUB_DIRS += ipsec -+ endif -+endif -+ - L_TARGET := network.a - L_OBJS := socket.o protocols.o sysctl_net.o $(join $(SUB_DIRS),$(SUB_DIRS:%=/%.o)) - ifeq ($(CONFIG_NET),y) diff --git a/linux/net/Makefile.fs2_2.patch b/linux/net/Makefile.fs2_2.patch deleted file mode 100644 index 70e400de9..000000000 --- a/linux/net/Makefile.fs2_2.patch +++ /dev/null @@ -1,20 +0,0 @@ -RCSID $Id: Makefile.fs2_2.patch,v 1.1 2004/03/15 20:35:26 as Exp $ ---- linux/net/Makefile.preipsec Tue Jun 20 17:32:27 2000 -+++ linux/net/Makefile Fri Jun 30 14:44:38 2000 -@@ -195,6 +195,16 @@ - endif - endif - -+ifeq ($(CONFIG_IPSEC),y) -+ALL_SUB_DIRS += ipsec -+SUB_DIRS += ipsec -+else -+ ifeq ($(CONFIG_IPSEC),m) -+ ALL_SUB_DIRS += ipsec -+ MOD_SUB_DIRS += ipsec -+ endif -+endif -+ - # We must attach netsyms.o to socket.o, as otherwise there is nothing - # to pull the object file from the archive. - diff --git a/linux/net/Makefile.fs2_4.ipsec_alg.patch b/linux/net/Makefile.fs2_4.ipsec_alg.patch deleted file mode 100644 index 9aec86493..000000000 --- a/linux/net/Makefile.fs2_4.ipsec_alg.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- linux/net/Makefile.dist Mon Dec 17 12:18:26 2001 -+++ linux/net/Makefile Tue Jan 22 11:10:24 2002 -@@ -8,6 +8,7 @@ - O_TARGET := network.o - - mod-subdirs := ipv4/netfilter ipv6/netfilter ipx irda bluetooth atm netlink sched -+mod-subdirs += ipsec - export-objs := netsyms.o - - subdir-y := core ethernet diff --git a/linux/net/Makefile.fs2_4.patch b/linux/net/Makefile.fs2_4.patch deleted file mode 100644 index 0d2c82a59..000000000 --- a/linux/net/Makefile.fs2_4.patch +++ /dev/null @@ -1,11 +0,0 @@ -RCSID $Id: Makefile.fs2_4.patch,v 1.1 2004/03/15 20:35:26 as Exp $ ---- linux/net/Makefile.preipsec Mon Jun 11 22:15:27 2001 -+++ linux/net/Makefile Tue Nov 6 21:07:43 2001 -@@ -17,6 +17,7 @@ - subdir-$(CONFIG_NET) += 802 sched - subdir-$(CONFIG_INET) += ipv4 - subdir-$(CONFIG_NETFILTER) += ipv4/netfilter -+subdir-$(CONFIG_IPSEC) += ipsec - subdir-$(CONFIG_UNIX) += unix - subdir-$(CONFIG_IPV6) += ipv6 - diff --git a/linux/net/include.net.sock.h.fs2_2.patch b/linux/net/include.net.sock.h.fs2_2.patch deleted file mode 100644 index 9759dbb7a..000000000 --- a/linux/net/include.net.sock.h.fs2_2.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- ./include/net/sock.h Fri Nov 2 17:39:16 2001 -+++ ./include/net/sock.h Mon Jun 10 19:44:55 2002 -@@ -201,6 +201,12 @@ - __u32 end_seq; - }; - -+#if 1 -+struct udp_opt { -+ __u32 esp_in_udp; -+}; -+#endif -+ - struct tcp_opt { - int tcp_header_len; /* Bytes of tcp header to send */ - -@@ -443,6 +449,9 @@ - #if defined(CONFIG_SPX) || defined (CONFIG_SPX_MODULE) - struct spx_opt af_spx; - #endif /* CONFIG_SPX */ -+#if 1 -+ struct udp_opt af_udp; -+#endif - - } tp_pinfo; - diff --git a/linux/net/include.net.sock.h.fs2_4.patch b/linux/net/include.net.sock.h.fs2_4.patch deleted file mode 100644 index 9466cf686..000000000 --- a/linux/net/include.net.sock.h.fs2_4.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- ./include/net/sock.h 2002/02/06 15:25:10 1.1 -+++ ./include/net/sock.h 2002/05/22 12:14:56 -@@ -488,7 +488,13 @@ - } bictcp; - }; - -- -+#if 1 -+#define UDP_OPT_IN_SOCK 1 -+struct udp_opt { -+ __u32 esp_in_udp; -+}; -+#endif -+ - /* - * This structure really needs to be cleaned up. - * Most of it is for TCP, and not used by any of -@@ -655,6 +661,9 @@ - #if defined(CONFIG_SPX) || defined (CONFIG_SPX_MODULE) - struct spx_opt af_spx; - #endif /* CONFIG_SPX */ -+#if 1 -+ struct udp_opt af_udp; -+#endif - - } tp_pinfo; - diff --git a/linux/net/ipsec/.cvsignore b/linux/net/ipsec/.cvsignore deleted file mode 100644 index 63cb2042f..000000000 --- a/linux/net/ipsec/.cvsignore +++ /dev/null @@ -1,47 +0,0 @@ -.addrtoa.o.flags -.adler32.o.flags -.cbc_enc.o.flags -.datatot.o.flags -.deflate.o.flags -.des_enc.o.flags -.ecb_enc.o.flags -.goodmask.o.flags -.infblock.o.flags -.infcodes.o.flags -.inffast.o.flags -.inflate.o.flags -.inftrees.o.flags -.infutil.o.flags -.ipcomp.o.flags -.ipsec.o.flags -.ipsec_init.o.flags -.ipsec_life.o.flags -.ipsec_md5c.o.flags -.ipsec_proc.o.flags -.ipsec_radij.o.flags -.ipsec_rcv.o.flags -.ipsec_sa.o.flags -.ipsec_sha1.o.flags -.ipsec_tunnel.o.flags -.pfkey_v2.o.flags -.pfkey_v2_build.o.flags -.pfkey_v2_debug.o.flags -.pfkey_v2_ext_bits.o.flags -.pfkey_v2_ext_process.o.flags -.pfkey_v2_parse.o.flags -.pfkey_v2_parser.o.flags -.prng.o.flags -.radij.o.flags -.rangetoa.o.flags -.satoa.o.flags -.set_key.o.flags -.subnetof.o.flags -.subnettoa.o.flags -.sysctl_net_ipsec.o.flags -.trees.o.flags -.ultoa.o.flags -.version.o.flags -.zutil.o.flags -version.c -.*.o.flags -*.o diff --git a/linux/net/ipsec/Config.in b/linux/net/ipsec/Config.in deleted file mode 100644 index 379738a69..000000000 --- a/linux/net/ipsec/Config.in +++ /dev/null @@ -1,41 +0,0 @@ -# -# IPSEC configuration -# Copyright (C) 1998, 1999, 2000,2001 Richard Guy Briggs. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Config.in,v 1.3 2004/03/30 21:11:11 as Exp $ - -comment 'IPsec options (strongSwan)' - -bool ' IPSEC: IP-in-IP encapsulation (tunnel mode)' CONFIG_IPSEC_IPIP - -bool ' IPSEC: Authentication Header' CONFIG_IPSEC_AH -if [ "$CONFIG_IPSEC_AH" = "y" -o "$CONFIG_IPSEC_ESP" = "y" ]; then - bool ' HMAC-MD5 authentication algorithm' CONFIG_IPSEC_AUTH_HMAC_MD5 - bool ' HMAC-SHA1 authentication algorithm' CONFIG_IPSEC_AUTH_HMAC_SHA1 -fi - -bool ' IPSEC: Encapsulating Security Payload' CONFIG_IPSEC_ESP -if [ "$CONFIG_IPSEC_ESP" = "y" ]; then - bool ' 3DES encryption algorithm' CONFIG_IPSEC_ENC_3DES -fi - -bool ' IPSEC Modular Extensions' CONFIG_IPSEC_ALG -if [ "$CONFIG_IPSEC_ALG" != "n" ]; then - source net/ipsec/alg/Config.in -fi - -bool ' IPSEC: IP Compression' CONFIG_IPSEC_IPCOMP - -bool ' IPSEC Debugging Option' CONFIG_IPSEC_DEBUG - -bool ' IPSEC NAT-Traversal' CONFIG_IPSEC_NAT_TRAVERSAL diff --git a/linux/net/ipsec/Makefile b/linux/net/ipsec/Makefile deleted file mode 100644 index 6d834a067..000000000 --- a/linux/net/ipsec/Makefile +++ /dev/null @@ -1,529 +0,0 @@ -# Makefile for KLIPS kernel code as a module -# Copyright (C) 1998, 1999, 2000,2001 Richard Guy Briggs. -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.2 2004/03/22 21:53:19 as Exp $ -# -# Note! Dependencies are done automagically by 'make dep', which also -# removes any old dependencies. DON'T put your own dependencies here -# unless it's something special (ie not a .c file). -# - -ifeq ($(strip $(KLIPSMODULE)),) -FREESWANSRCDIR=. -else -FREESWANSRCDIR=../../.. -endif --include ${FREESWANSRCDIR}/Makefile.ver - -ifeq ($(strip $(KLIPS_TOP)),) -KLIPS_TOP=../.. -endif - -ifneq ($(strip $(KLIPSMODULE)),) - -ifndef TOPDIR -TOPDIR:=/usr/src/linux -endif -export TOPDIR - -endif - -# -# This magic from User-Mode-Linux list. It gets list of -I options, as -# UML needs some extra, that varry by revision. -# -KERNEL_CFLAGS= $(shell $(MAKE) -C $(TOPDIR) --no-print-directory -s -f Makefile ARCH=$(ARCH) MAKEFLAGS= script SCRIPT='@echo $$(CFLAGS)' ) - -MODULE_CFLAGS= $(shell $(MAKE) -C $(TOPDIR) --no-print-directory -s -f Makefile ARCH=$(ARCH) MAKEFLAGS= script SCRIPT='@echo $$(MODFLAGS)' ) - -subdir- := -subdir-n := -subdir-y := -subdir-m := - - -MOD_DESTDIR:=net/ipsec - -export TOPDIR - -all: ipsec.o - -foo: - echo KERNEL: ${KERNEL_CFLAGS} - echo MODULE: ${MODULE_CFLAGS} - -ipsec.o: foo - -O_TARGET := ipsec.o -obj-y := ipsec_init.o ipsec_sa.o ipsec_radij.o radij.o -obj-y += ipsec_life.o ipsec_proc.o -obj-y += ipsec_tunnel.o ipsec_xmit.o ipsec_rcv.o -obj-y += sysctl_net_ipsec.o -obj-y += pfkey_v2.o pfkey_v2_parser.o pfkey_v2_ext_process.o -#obj-y += version.o - -LIBDESDIR=${KLIPS_TOP}/crypto/ciphers/des -VPATH+= ${LIBDESDIR} - -include ${LIBDESDIR}/Makefile.objs - -LIBFREESWANDIR=${KLIPS_TOP}/lib/libfreeswan -VPATH+=${LIBFREESWANDIR} - -include ${LIBFREESWANDIR}/Makefile.objs - -# IPcomp stuff -obj-$(CONFIG_IPSEC_IPCOMP) += ipcomp.o - -LIBZLIBSRCDIR=${KLIPS_TOP}/lib/zlib -VPATH+=${LIBZLIBSRCDIR} - -# LIBCRYPTO Will be overriden eg. when doing "make module" -# from freeswan-2 src root -# Default value assumes already symlinked libcrypto under $TOPDIR/lib -LIBCRYPTO=$(TOPDIR)/lib/libcrypto -VPATH+=${LIBCRYPTO} - -alg/static_init_mod.o: dummy - $(MAKE) -C alg CC='$(CC)' TOPDIR='$(TOPDIR)' \ - 'EXTRA_CFLAGS=$(EXTRA_CFLAGS)' \ - static_init_mod.o - - -alg_modules: dummy - $(MAKE) $(MODULE_FLAGS) -C alg CC='$(CC)' TOPDIR='$(TOPDIR)' \ - 'LIBCRYPTO=$(LIBCRYPTO)' \ - 'EXTRA_CFLAGS=$(EXTRA_CFLAGS)' \ - modules - -# CFLAGS='$(CFLAGS)' \ -# MODULE_CFLAGS='$(MODULE_CFLAGS)' KERNEL_CFLAGS='$(KERNEL_CFLAGS)' \ -# -include ${LIBZLIBSRCDIR}/Makefile.objs - -export-objs := radij.o - -# New handling of KERNEL_CFLAGS and MODULE_CFLAGS introduced in 2.0 -# tosses export-objs logic :( -CFLAGS_ipsec_alg.o += -DEXPORT_SYMTAB -obj-$(CONFIG_IPSEC_ALG) +=ipsec_alg.o alg/static_init_mod.o -export-objs += ipsec_alg.o -subdir-m += alg - -EXTRA_CFLAGS += $(ALGO_FLAGS) - - -# include file with .h-style macros that would otherwise be created by -# config. Must occur before other includes. -ifneq ($(strip $(MODULE_DEF_INCLUDE)),) -EXTRA_CFLAGS += -include ${MODULE_DEF_INCLUDE} -endif - -# 'override CFLAGS' should really be 'EXTRA_CFLAGS' -#EXTRA_CFLAGS += -nostdinc -EXTRA_CFLAGS += -I${KLIPS_TOP}/include - -EXTRA_CFLAGS += -I${TOPDIR}/include -EXTRA_CFLAGS += -I${LIBZLIBSRCDIR} - -ifeq ($(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION),2.4.2-2) -EXTRA_CFLAGS += -DREDHAT_BOGOSITY -endif - -ifeq ($(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION),2.4.3-12) -EXTRA_CFLAGS += -DREDHAT_BOGOSITY -endif - - -#ifeq ($(CONFIG_IPSEC_DEBUG),y) -#EXTRA_CFLAGS += -g -#endif - -#ifeq ($(CONFIG_IPSEC_ALG), y) -EXTRA_CFLAGS += -DCONFIG_IPSEC_ALG -#endif -# MOST of these flags are in KERNEL_CFLAGS already! - -EXTRA_CFLAGS += $(KLIPSCOMPILE) -EXTRA_CFLAGS += -Wall -#EXTRA_CFLAGS += -Werror -#EXTRA_CFLAGS += -Wconversion -#EXTRA_CFLAGS += -Wmissing-prototypes -# cannot use both -Wpointer-arith and -Werror with CONFIG_HIGHMEM -# include/linux/highmem.h has an inline function definition that uses void* arithmentic. -ifeq ($(CONFIG_NOHIGHMEM),y) -EXTRA_CFLAGS += -Wpointer-arith -endif -#EXTRA_CFLAGS += -Wcast-qual -#EXTRA_CFLAGS += -Wmissing-declarations -#EXTRA_CFLAGS += -Wstrict-prototypes -#EXTRA_CFLAGS += -pedantic -#EXTRA_CFLAGS += -O3 -#EXTRA_CFLAGS += -W -#EXTRA_CFLAGS += -Wwrite-strings -#EXTRA_CFLAGS += -Wbad-function-cast - -ifneq ($(strip $(KLIPSMODULE)),) -# for when we aren't building in the kernel tree -EXTRA_CFLAGS += -DARCH=${ARCH} -EXTRA_CFLAGS += -DMODVERSIONS -EXTRA_CFLAGS += -include ${TOPDIR}/include/linux/modversions.h -EXTRA_CFLAGS += ${MODULE_CFLAGS} -endif - -EXTRA_CFLAGS += ${KERNEL_CFLAGS} - - -# GCC 3.2 (and we presume any other 3.x) wants -falign-functions -# in place of the traditional -malign-functions. Getting this -# wrong leads to a warning, which is fatal due to our use of -Werror. -ifeq ($(patsubst 3.%,3,$(shell $(CC) -dumpversion)),3) -override CFLAGS:=$(subst -malign-functions=,-falign-functions=,$(CFLAGS)) -endif - - -obj-$(CONFIG_IPSEC_AUTH_HMAC_MD5) += ipsec_md5c.o -obj-$(CONFIG_IPSEC_AUTH_HMAC_SHA1) += ipsec_sha1.o - -### -### Pre Rules.make -### -# undo O_TARGET, obj-y if no static -ifneq ($(CONFIG_IPSEC),y) -O_TARGET := -ipsec_obj-y := $(obj-y) -obj-y := -subdir-y := -endif - -# Define obj-m if modular ipsec -ifeq ($(CONFIG_IPSEC),m) -obj-m += ipsec.o -endif - - -# These rules translate from new to old makefile rules -# Translate to Rules.make lists. -multi-used := $(filter $(list-multi), $(obj-y) $(obj-m)) -multi-objs := $(foreach m, $(multi-used), $($(basename $(m))-objs)) -active-objs := $(sort $(multi-objs) $(obj-y) $(obj-m)) -O_OBJS := $(obj-y) -M_OBJS := $(obj-m) -MIX_OBJS := $(filter $(export-objs), $(active-objs)) -OX_OBJS := $(export-objs) -SUB_DIRS := $(subdir-y) -ALL_SUB_DIRS := $(subdir-y) $(subdir-m) -MOD_SUB_DIRS := $(subdir-m) - -# dunno why, but some 2.2 setups may need explicit -DEXPORT_SYMTAB -# uncomment next line if ipsec_alg.c compilation fails with -# "parse error before `EXPORT_SYMTAB_not_defined'" --Juanjo -# CFLAGS_ipsec_alg.o += -DEXPORT_SYMTAB -# - -include $(TOPDIR)/Rules.make - -### -### Post Rules.make -### -# for modular ipsec, no O_TARGET defined => define ipsec.o creation rules -ifeq ($(CONFIG_IPSEC),m) -ipsec.o : $(ipsec_obj-y) - rm -f $@ - $(LD) $(LD_EXTRAFLAGS) -r $(ipsec_obj-y) -o $@ -endif - -$(ipsec_obj-y) $(obj-y) $(obj-m): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h - -#$(obj-y) $(obj-m): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h - -USE_STANDARD_AS_RULE=true - -clean: - $(MAKE) -C alg clean - -rm -f *.o - -rm -f .*.o.flags - -rm version.c - -tags TAGS: *.c *.h libfreeswan/*.c libfreeswan/*.h - etags *.c ../../include/*.h ../../include/freeswan/*.h - ctags *.c ../../include/*.h ../../include/freeswan/*.h - -tar: - tar -cvf /dev/f1 . - -# -# $Log: Makefile,v $ -# Revision 1.2 2004/03/22 21:53:19 as -# merged alg-0.8.1 branch with HEAD -# -# Revision 1.1.4.1 2004/03/16 09:48:19 as -# alg-0.8.1rc12 patch merged -# -# Revision 1.1 2004/03/15 20:35:26 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.61 2003/06/22 21:07:46 mcr -# adjusted TAGS target in makefile to be useful in 2.00 source layout. -# -# Revision 1.60 2003/05/03 23:45:23 mcr -# rm .o.flags and generated version.c file. -# -# Revision 1.59 2003/02/12 19:32:47 rgb -# Added ipsec_xmit to the list of object files. -# -# Revision 1.58 2003/01/03 00:36:44 rgb -# -# Added emacs compile-command. -# -# Revision 1.57 2002/11/08 23:49:53 mcr -# use KERNEL_CFLAGS and MODULE_CFLAGS to get proper list -# of include directories. -# This also eliminates some of the guesswork in the kernel -# configuration file. -# -# Revision 1.56 2002/11/08 23:23:18 mcr -# attempt to guess kernel compilation flags (i.e. list of -I) -# by using some magic targets in the kernel makefile. -# -# Revision 1.55 2002/11/08 10:13:33 mcr -# added additional include directories for module builds for 2.4.19. -# -# Revision 1.54 2002/10/20 06:10:30 build -# CONFIG_NOHIGHMEM for -Wpointer-arith RPM building issues. -# -# Revision 1.53 2002/10/17 16:32:01 mcr -# enable standard AS rules. -# -# Revision 1.52 2002/10/06 06:13:44 sam -# Altering order of includes, so that architecture-specific header files, -# used for building RPM modules specifically, are processed first. -# -# Revision 1.51 2002/10/05 15:06:38 dhr -# -# - To allow for gcc3.2 (used in Red Hat Linux 8.0): adjust CFLAGS (set -# by kernel machinery) to use -falign-functions= in place of -# -malign-functions=. Eliminates a warning (fatal with -Werror). -# -# - When CONFIG_HIGHMEM is on, -Wpointer-arith will warn about -# include/linux/highmem.h. Since this is fatal with -Werror, we -# suppress -Wpointer-arith if CONFIG_HIGHMEM is set. -# -# Revision 1.50 2002/09/16 21:19:45 mcr -# enable -Werror for production - this helps a lot (found a bug in ipsec_rcv.c) -# -# Revision 1.49 2002/07/29 05:12:39 mcr -# get rid of some extraneous stuff, now handled by a prefix -# Makefile when building as a module. -# -# Revision 1.48 2002/07/28 23:13:49 mcr -# set KLIPS_TOP and use it instead of ../.. -# if KLIPSMODULE, then include a bunch of stuff defined in Makefile.inc -# that gets us the "typical" configuration that we want. -# -# Revision 1.47 2002/06/02 21:51:41 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.46 2002/05/14 02:35:51 rgb -# Added file pfkey_v2_ext_process.c. -# -# Revision 1.45 2002/05/13 17:21:40 mcr -# mkdep dies when given a -I to a directory that does not exist. -# arch/${ARCH}/include is for UM arch only, so include it for that -# ARCH only. -# -# Revision 1.44 2002/04/24 20:38:12 mcr -# moved more stuff behind $KLIPSMODULE=y to get static linking to work. -# -# Revision 1.43 2002/04/24 09:16:18 mcr -# include local Makefile.ver as well as FS_rootdir version. -# -# Revision 1.42 2002/04/24 08:50:08 mcr -# critical patch is to set TOPDIR with :=. -# -# Revision 1.40 2002/04/24 00:41:07 mcr -# Moved from ./klips/net/ipsec/Makefile,v -# -# Revision 1.39 2002/01/17 04:39:40 rgb -# Take compile options from top level Makefile.inc -# -# Revision 1.38 2001/11/27 05:28:07 rgb -# Shut off -Werror until we figure out a graceful way of quieting down the -# pfkey_ops defined but not used complaint in the case of SMP in -# pfkey_v2.c. -# -# Revision 1.37 2001/11/27 05:10:15 rgb -# Added -Ilibdes and removed lib/des* symlinks. -# -# Revision 1.36 2001/11/26 09:23:47 rgb -# Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. -# -# Revision 1.35.2.1 2001/09/25 02:17:50 mcr -# added ipsec_sa, ipsec_life, ipsec_proc. -# added -Werror to compile flags (see fix for zlib/zutil.h) -# -# Revision 1.3 2001/09/21 04:41:26 mcr -# actually, ipsec_proc.c and ipsec_life.c were never actually compiled. -# -# Revision 1.2 2001/09/21 04:11:33 mcr -# first compilable version. -# -# Revision 1.1.1.2 2001/09/17 01:17:52 mcr -# snapshot 2001-09-16 -# -# Revision 1.35 2001/09/07 22:09:12 rgb -# Quiet down compilation. -# -# Revision 1.34 2001/08/11 17:10:23 henry -# update bogosity stuff to cover RH7.1 update -# -# Revision 1.33 2001/06/14 19:35:07 rgb -# Update copyright date. -# -# Revision 1.32 2001/06/13 21:00:50 rgb -# Added a kludge to get around RedHat kernel version bogosity... -# -# Revision 1.31 2001/01/29 22:19:06 rgb -# Convert to 2.4 new style with back compat. -# -# Revision 1.30 2000/09/29 19:51:57 rgb -# Moved klips/net/ipsec/ipcomp_* to zlib/* (Svenning). -# -# Revision 1.29 2000/09/15 11:37:01 rgb -# Merge in heavily modified Svenning Soerensen's -# IPCOMP zlib deflate code. -# -# Revision 1.28 2000/09/15 04:55:25 rgb -# Clean up pfkey object inclusion into the default object. -# -# Revision 1.27 2000/09/12 03:20:47 rgb -# Cleared out now unused pfkeyv2 switch. -# Enabled sysctl. -# -# Revision 1.26 2000/09/08 19:12:55 rgb -# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. -# -# Revision 1.25 2000/06/16 03:09:16 rgb -# Shut up cast lost warning due to changes in 2.4.0-test1. -# -# Revision 1.24 2000/03/16 06:40:48 rgb -# Hardcode PF_KEYv2 support. -# -# Revision 1.23 2000/02/14 21:10:38 rgb -# Added gcc debug flag when KLIPS_DEBUG is swtiched on. -# -# Revision 1.22 2000/01/21 09:44:29 rgb -# Added compiler switches to be a lot more fussy. -# -# Revision 1.21 1999/11/25 23:35:20 rgb -# Removed quotes to fix Alpha compile issues. -# -# Revision 1.20 1999/11/17 15:49:34 rgb -# Changed all occurrences of ../../../lib in pathnames to libfreeswan, -# which refers to the /usr/src/linux/net/ipsec/lib directory setup by the -# klink target in the top-level Makefile; and libdeslite.o to -# libdes/libdes.a. -# Added SUB_DIRS := lib definition for the kernel libraries. -# -# Revision 1.19 1999/04/27 19:06:47 rgb -# dd libs and dependancies to tags generation. -# -# Revision 1.18 1999/04/16 16:28:12 rgb -# Minor bugfix to avoid including DES if only AH is used. -# -# Revision 1.17 1999/04/15 15:37:23 rgb -# Forward check changes from POST1_00 branch. -# -# Revision 1.14.2.1 1999/03/30 17:29:17 rgb -# Add support for pfkey. -# -# Revision 1.16 1999/04/11 00:28:56 henry -# GPL boilerplate -# -# Revision 1.15 1999/04/06 04:54:25 rgb -# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes -# patch shell fixes. -# -# Revision 1.14 1999/02/18 16:50:45 henry -# update for new DES library -# -# Revision 1.13 1999/02/12 21:11:45 rgb -# Prepare for newer LIBDES (patch from P.Onion). -# -# Revision 1.12 1999/01/26 02:05:08 rgb -# Remove references to INET_GET_PROTOCOL. -# Removed CONFIG_IPSEC_ALGO_SWITCH macro. -# Change from transform switch to algorithm switch. -# -# Revision 1.11 1999/01/22 06:16:09 rgb -# Added algorithm switch code config option. -# -# Revision 1.10 1998/11/08 05:31:21 henry -# be a little fussier -# -# Revision 1.9 1998/11/08 05:29:41 henry -# revisions for new libdes handling -# -# Revision 1.8 1998/08/12 00:05:48 rgb -# Added new xforms to Makefile (moved des-cbc to des-old). -# -# Revision 1.7 1998/07/27 21:48:47 rgb -# Add libkernel. -# -# Revision 1.6 1998/07/14 15:50:47 rgb -# Add dependancies on linux config files. -# -# Revision 1.5 1998/07/09 17:44:06 rgb -# Added 'clean' and 'tags' targets. -# Added TOPDIR macro. -# Change module back from symbol exporting to not. -# -# Revision 1.3 1998/06/25 19:25:04 rgb -# Rearrange to support static linking and objects with exported symbol -# tables. -# -# Revision 1.1 1998/06/18 21:27:42 henry -# move sources from klips/src to klips/net/ipsec, to keep stupid -# kernel-build scripts happier in the presence of symlinks -# -# Revision 1.3 1998/04/15 23:18:43 rgb -# Unfixed the ../../libdes fix to avoid messing up Henry's script. -# -# Revision 1.2 1998/04/14 17:50:47 rgb -# Fixed to find the new location of libdes. -# -# Revision 1.1 1998/04/09 03:05:22 henry -# sources moved up from linux/net/ipsec -# modifications to centralize libdes code -# -# Revision 1.1.1.1 1998/04/08 05:35:02 henry -# RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 -# -# Revision 0.5 1997/06/03 04:24:48 ji -# Added ESP-3DES-MD5-96 -# -# Revision 0.4 1997/01/15 01:32:59 ji -# Added new transforms. -# -# Revision 0.3 1996/11/20 14:22:53 ji -# *** empty log message *** -# -# -# Local Variables: -# compile-command: "(cd ../../.. && source umlsetup.sh && make -C ${POOLSPACE} module/ipsec.o)" -# End Variables: -# - diff --git a/linux/net/ipsec/Makefile.algtest b/linux/net/ipsec/Makefile.algtest deleted file mode 100644 index e68b4ac77..000000000 --- a/linux/net/ipsec/Makefile.algtest +++ /dev/null @@ -1,125 +0,0 @@ -IPSECVERSION=2.03 -# vim:aw:ai -# -# null-patch, non-root GNUmakefile addon for freeswan modules compilation -# -# It will not "affect" normal KLIPS building because this GNUmakefile -# it's not copied to /usr/src/linux -# -# Author: JuanJo Ciarlante -# $Id: Makefile.algtest,v 1.2 2004/03/22 21:53:19 as Exp $ -# -# 1) Copy me to linux/net/ipsec -# 2) -# cd klibs/net/ipsec -# make prep TOPDIR=/path/to/usr/src/linux \ -# [CONFIG=/path/to/.config | CONFIG=/dev/null] -# 3) -# make all TOPDIR=.... CONFIG=.... -#CONFIG_IPSEC_ENC_3DES=y -#CONFIG_IPSEC_AUTH_HMAC_MD5=y -#CONFIG_IPSEC_AUTH_HMAC_SHA1=y -CONFIG_IPSEC_ALG_AES=m - -ifndef TOPDIR -$(error You _must_ pass TOPDIR= and optionally CONFIG=) -endif -CONFIG=$(TOPDIR)/.config -include $(CONFIG) - -ifdef CONFIG_USERMODE - ARCH=um -endif -CONFIG_IPSEC=m -CONFIG_IPSEC_MODULE=y -CONFIG_IPSEC_IPIP=y -CONFIG_IPSEC_AH=y -CONFIG_IPSEC_ESP=y -CONFIG_IPSEC_ALG=y -CONFIG_IPSEC_IPCOMP=y - -CONFIG_M586 :=$(shell uname -m | sed -n "s/i586/y/p" ) -CONFIG_M686 :=$(shell uname -m | sed -n "s/i686/y/p" ) -export CONFIG_M586 CONFIG_M686 -cflags-arch-$(CONFIG_M586) += -march=i586 -cflags-arch-$(CONFIG_M586_TSC) += -march=i586 -cflags-arch-$(CONFIG_M686) += -march=i686 -cflags-arch-$(CONFIG_MPENTIUMIII) += -march=i686 -cflags-arch-$(CONFIG_MK7) += -march=i686 -malign-functions=4 -CFLAGS_ARCH := $(cflags-arch-y) - -ifndef $(CONFIG_SHELL) -CONFIG_SHELL=/bin/bash -endif -export CONFIG_SHELL TOPDIR - -ifdef CONFIG_SMP -EXTRA_CFLAGS += -D__SMP__ -EXTRA_AFLAGS += -D__SMP__ -endif - -CFLAGS_IPSEC:=\ - -DMODVERSIONS \ - -DCONFIG_IPSEC_MODULE=1\ - -DCONFIG_IPSEC_IPIP=1\ - -DCONFIG_IPSEC_AH=1\ - -DCONFIG_IPSEC_ESP=1\ - -DCONFIG_IPSEC_IPCOMP=1\ - -DCONFIG_IPSEC_DEBUG=1 \ - -DCONFIG_IPSEC_ALG=1 \ - -# -DCONFIG_IPSEC_DEBUG=1 \ -# -cflags-ipsec-$(CONFIG_IPSEC_ENC_3DES) += -DCONFIG_IPSEC_ENC_3DES=1 -cflags-ipsec-$(CONFIG_IPSEC_ALG_AES) += -DCONFIG_IPSEC_ALG_AES=1 -cflags-ipsec-$(CONFIG_IPSEC_AUTH_HMAC_MD5)+= -DCONFIG_IPSEC_AUTH_HMAC_MD5=1 -cflags-ipsec-$(CONFIG_IPSEC_AUTH_HMAC_SHA1)+= -DCONFIG_IPSEC_AUTH_HMAC_SHA1=1 -CFLAGS_IPSEC+=$(cflags-ipsec-y) -export CONFIG_IPSEC -export CONFIG_IPSEC_MODULE - - -# last bits over CFLAGS ... -CFLAGS+=$(KINCLUDE) $(CFLAGS_IPSEC) $(CFLAGS_ARCH) $(CFLAGS_KERNEL) -EXTRA_CFLAGS:=-I$(LOCALKLIPS) -I$(IPSEC_ROOT)/lib -# libdes options: OPTS1 -OPTS1:=$(CFLAGS) $(EXTRA_CFLAGS) -export OPTS1 CFLAGS - -#include Makefile -KERNEL_CFLAGS= $(shell $(MAKE) -C $(TOPDIR) --no-print-directory -s -f Makefile ARCH=$(ARCH) MAKEFLAGS= script SCRIPT='@echo $$(CFLAGS)' ) - -MODULE_CFLAGS= $(shell $(MAKE) -C $(TOPDIR) --no-print-directory -s -f Makefile ARCH=$(ARCH) MAKEFLAGS= script SCRIPT='@echo $$(MODFLAGS)' ) - - -ALGO_FLAGS=$(CFLAGS_IPSEC) -export ALGO_FLAGS -all: modules alg_modules -modules: - $(MAKE) -C $(TOPDIR) SUBDIRS=$(PWD) modules - -ifdef CONFIG_USERMODE -local_modversions_h: - > local_modversions.h -else -local_modversions_h: - (echo "#ifndef _LINUX_MODVERSIONS_H";\ - echo "#define _LINUX_MODVERSIONS_H"; \ - echo "#include "; \ - cd $(TOPDIR)/include/linux/modules; \ - perl -ne 'print "#define __ver_$$1\t$$2$$3\n#define $$1\t_set_ver($$1)\n" if (/ (.*)_R(smp)?([a-z0-9]{8})\W/);' /proc/ksyms ;\ - echo "#endif"; \ - ) > local_modversions.h -endif -un_local_modversions_h: - @rm -f local_modversions.h - -all_alg_modules: - (cd alg && \ - $(MAKE) CC='$(CC)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' \ - LIBCRYPTO=$(LOCALKLIPS)/../../../lib/libcrypto \ - all_alg_modules;) - -.PHONY: local_modversions_h - - diff --git a/linux/net/ipsec/alg/Config.alg_aes.in b/linux/net/ipsec/alg/Config.alg_aes.in deleted file mode 100644 index 4a2f81a0b..000000000 --- a/linux/net/ipsec/alg/Config.alg_aes.in +++ /dev/null @@ -1,3 +0,0 @@ -if [ "$CONFIG_IPSEC_ALG" = "y" ]; then - tristate ' AES encryption algorithm' CONFIG_IPSEC_ALG_AES -fi diff --git a/linux/net/ipsec/alg/Config.alg_blowfish.in b/linux/net/ipsec/alg/Config.alg_blowfish.in deleted file mode 100644 index a4e5709b0..000000000 --- a/linux/net/ipsec/alg/Config.alg_blowfish.in +++ /dev/null @@ -1,3 +0,0 @@ -if [ "$CONFIG_IPSEC_ALG" = "y" ]; then - tristate ' BLOWFISH encryption algorithm' CONFIG_IPSEC_ALG_BLOWFISH -fi diff --git a/linux/net/ipsec/alg/Config.alg_cryptoapi.in b/linux/net/ipsec/alg/Config.alg_cryptoapi.in deleted file mode 100644 index c2c66eed8..000000000 --- a/linux/net/ipsec/alg/Config.alg_cryptoapi.in +++ /dev/null @@ -1,3 +0,0 @@ -if [ "$CONFIG_IPSEC_ALG" = "y" ]; then - dep_tristate ' CRYPTOAPI ciphers support (needs cryptoapi patch)' CONFIG_IPSEC_ALG_CRYPTOAPI $CONFIG_CRYPTO -fi diff --git a/linux/net/ipsec/alg/Config.alg_serpent.in b/linux/net/ipsec/alg/Config.alg_serpent.in deleted file mode 100644 index fb1a88460..000000000 --- a/linux/net/ipsec/alg/Config.alg_serpent.in +++ /dev/null @@ -1,3 +0,0 @@ -if [ "$CONFIG_IPSEC_ALG" = "y" ]; then - tristate ' SERPENT encryption algorithm' CONFIG_IPSEC_ALG_SERPENT -fi diff --git a/linux/net/ipsec/alg/Config.alg_sha2.in b/linux/net/ipsec/alg/Config.alg_sha2.in deleted file mode 100644 index 2d26c814b..000000000 --- a/linux/net/ipsec/alg/Config.alg_sha2.in +++ /dev/null @@ -1,3 +0,0 @@ -if [ "$CONFIG_IPSEC_ALG" = "y" ]; then - tristate ' HMAC_SHA2 auth algorithm' CONFIG_IPSEC_ALG_SHA2 -fi diff --git a/linux/net/ipsec/alg/Config.alg_twofish.in b/linux/net/ipsec/alg/Config.alg_twofish.in deleted file mode 100644 index 13655649d..000000000 --- a/linux/net/ipsec/alg/Config.alg_twofish.in +++ /dev/null @@ -1,3 +0,0 @@ -if [ "$CONFIG_IPSEC_ALG" = "y" ]; then - tristate ' TWOFISH encryption algorithm' CONFIG_IPSEC_ALG_TWOFISH -fi diff --git a/linux/net/ipsec/alg/Config.in b/linux/net/ipsec/alg/Config.in deleted file mode 100644 index be5990e3a..000000000 --- a/linux/net/ipsec/alg/Config.in +++ /dev/null @@ -1,7 +0,0 @@ -#Placeholder -source net/ipsec/alg/Config.alg_aes.in -source net/ipsec/alg/Config.alg_blowfish.in -source net/ipsec/alg/Config.alg_twofish.in -source net/ipsec/alg/Config.alg_serpent.in -source net/ipsec/alg/Config.alg_cryptoapi.in -source net/ipsec/alg/Config.alg_sha2.in diff --git a/linux/net/ipsec/alg/Makefile b/linux/net/ipsec/alg/Makefile deleted file mode 100644 index 2249668f5..000000000 --- a/linux/net/ipsec/alg/Makefile +++ /dev/null @@ -1,112 +0,0 @@ -# $Id: Makefile,v 1.2 2004/03/22 21:53:19 as Exp $ -ifeq ($(strip $(KLIPSMODULE)),) -FREESWANSRCDIR=. -else -FREESWANSRCDIR=../../../.. -endif -ifeq ($(strip $(KLIPS_TOP)),) -KLIPS_TOP=../../.. -override EXTRA_CFLAGS += -I$(KLIPS_TOP)/include -endif - -ifeq ($(CONFIG_IPSEC_DEBUG),y) -override EXTRA_CFLAGS += -g -endif - -# LIBCRYPTO normally comes as an argument from "parent" Makefile -# (this applies both to FS' "make module" and eg. Linux' "make modules" -# But make dep doest follow same evaluations, so we need this default: -LIBCRYPTO=$(TOPDIR)/lib/libcrypto - -override EXTRA_CFLAGS += -I$(LIBCRYPTO)/include -override EXTRA_CFLAGS += -Wall -Wpointer-arith -Wstrict-prototypes - -MOD_LIST_NAME := NET_MISC_MODULES - -#O_TARGET := static_init.o - -subdir- := -subdir-n := -subdir-y := -subdir-m := - -obj-y := static_init.o - -ARCH_ASM-y := -ARCH_ASM-$(CONFIG_M586) := i586 -ARCH_ASM-$(CONFIG_M586TSC) := i586 -ARCH_ASM-$(CONFIG_M586MMX) := i586 -ARCH_ASM-$(CONFIG_MK6) := i586 -ARCH_ASM-$(CONFIG_M686) := i686 -ARCH_ASM-$(CONFIG_MPENTIUMIII) := i686 -ARCH_ASM-$(CONFIG_MPENTIUM4) := i686 -ARCH_ASM-$(CONFIG_MK7) := i686 -ARCH_ASM-$(CONFIG_MCRUSOE) := i586 -ARCH_ASM-$(CONFIG_MWINCHIPC6) := i586 -ARCH_ASM-$(CONFIG_MWINCHIP2) := i586 -ARCH_ASM-$(CONFIG_MWINCHIP3D) := i586 -ARCH_ASM-$(CONFIG_USERMODE) := i586 - -ARCH_ASM :=$(ARCH_ASM-y) -ifdef NO_ASM -ARCH_ASM := -endif - -# The algorithm makefiles may put dependences, short-circuit them -null: - -makefiles=$(filter-out %.preipsec, $(wildcard Makefile.alg_*)) -ifneq ($(makefiles),) -#include Makefile.alg_aes -#include Makefile.alg_aes-opt -include $(makefiles) -endif - -# These rules translate from new to old makefile rules -# Translate to Rules.make lists. -multi-used := $(filter $(list-multi), $(obj-y) $(obj-m)) -multi-objs := $(foreach m, $(multi-used), $($(basename $(m))-objs)) -active-objs := $(sort $(multi-objs) $(obj-y) $(obj-m)) -O_OBJS := $(obj-y) -M_OBJS := $(obj-m) -MIX_OBJS := $(filter $(export-objs), $(active-objs)) -#OX_OBJS := $(export-objs) -SUB_DIRS := $(subdir-y) -ALL_SUB_DIRS := $(subdir-y) $(subdir-m) -MOD_SUB_DIRS := $(subdir-m) - - -static_init_mod.o: $(obj-y) - rm -f $@ - $(LD) $(LD_EXTRAFLAGS) $(obj-y) -r -o $@ - -perlasm: $(LIBCRYPTO)/perlasm - ln -sf $? $@ - -$(obj-y) $(obj-m): $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h $(KLIPS_TOP)/include/freeswan/ipsec_alg.h -$(alg_obj-y) $(alg_obj-m): perlasm $(TOPDIR)/include/linux/config.h $(TOPDIR)/include/linux/autoconf.h $(KLIPS_TOP)/include/freeswan/ipsec_alg.h - - -all_alg_modules: perlasm $(ALG_MODULES) - @echo "ALG_MODULES=$(ALG_MODULES)" - - -# -# Construct alg. init. function: call ipsec_ALGO_init() for every static algo -# Needed when there are static algos (with static or modular ipsec.o) -# -static_init.c: $(TOPDIR)/include/linux/autoconf.h Makefile $(makefiles) scripts/mk-static_init.c.sh - @echo "Re-creating $@" - $(SHELL) scripts/mk-static_init.c.sh $(static_init-func-y) > $@ - -clean: - @for i in $(ALG_SUBDIRS);do test -d $$i && make -C $$i clean;done;exit 0 - @find . -type l -exec rm -f {} \; - -rm -f perlasm - -rm -rf $(ALG_SUBDIRS) - -rm -f *.o .*.o.flags static_init.c - -ifdef TOPDIR -include $(TOPDIR)/Rules.make -endif - diff --git a/linux/net/ipsec/alg/Makefile.alg_aes b/linux/net/ipsec/alg/Makefile.alg_aes deleted file mode 100644 index 75284c47a..000000000 --- a/linux/net/ipsec/alg/Makefile.alg_aes +++ /dev/null @@ -1,23 +0,0 @@ -MOD_AES := ipsec_aes.o - -ALG_MODULES += $(MOD_AES) -ALG_SUBDIRS += libaes - -obj-$(CONFIG_IPSEC_ALG_AES) += $(MOD_AES) -static_init-func-$(CONFIG_IPSEC_ALG_AES)+= ipsec_aes_init -alg_obj-$(CONFIG_IPSEC_ALG_AES) += ipsec_alg_aes.o - -AES_OBJS := ipsec_alg_aes.o libaes/libaes.a - -$(MOD_AES): libaes $(AES_OBJS) - $(LD) $(EXTRA_LDFLAGS) -r $(AES_OBJS) -o $@ - -libaes: $(LIBCRYPTO)/libaes - test -d $@ || mkdir $@ ;exit 0 - test -d $@/asm || mkdir $@/asm;exit 0 - cd $@ && ln -sf $?/Makefile $?/*.[chS] . - cd $@/asm && ln -sf $?/asm/*.S . - -libaes/libaes.a: libaes - ( cd libaes && \ - $(MAKE) CC='$(CC)' 'ARCH_ASM=$(ARCH_ASM)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' libaes.a ;) diff --git a/linux/net/ipsec/alg/Makefile.alg_blowfish b/linux/net/ipsec/alg/Makefile.alg_blowfish deleted file mode 100644 index 9413a9f1c..000000000 --- a/linux/net/ipsec/alg/Makefile.alg_blowfish +++ /dev/null @@ -1,23 +0,0 @@ -MOD_BLOWFISH := ipsec_blowfish.o - -ALG_MODULES += $(MOD_BLOWFISH) -ALG_SUBDIRS += libblowfish - -obj-$(CONFIG_IPSEC_ALG_BLOWFISH) += $(MOD_BLOWFISH) -static_init-func-$(CONFIG_IPSEC_ALG_BLOWFISH)+= ipsec_blowfish_init -alg_obj-$(CONFIG_IPSEC_ALG_BLOWFISH) += ipsec_alg_blowfish.o - -BLOWFISH_OBJS:= ipsec_alg_blowfish.o libblowfish/libblowfish.a - -$(MOD_BLOWFISH): libblowfish $(BLOWFISH_OBJS) - $(LD) -r $(BLOWFISH_OBJS) -o $@ - -libblowfish : $(LIBCRYPTO)/libblowfish - test -d $@ || mkdir $@ ;exit 0 - test -d $@/asm || mkdir $@/asm;exit 0 - cd $@ && ln -sf $?/Makefile $?/*.[chS] . - cd $@/asm && ln -sf $?/asm/*.pl . - -libblowfish/libblowfish.a: - ( cd libblowfish && \ - $(MAKE) CC='$(CC)' 'ARCH_ASM=$(ARCH_ASM)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' EXTRA_CFLAGS='$(EXTRA_CFLAGS)' libblowfish.a ;) diff --git a/linux/net/ipsec/alg/Makefile.alg_cryptoapi b/linux/net/ipsec/alg/Makefile.alg_cryptoapi deleted file mode 100644 index 77ee6481f..000000000 --- a/linux/net/ipsec/alg/Makefile.alg_cryptoapi +++ /dev/null @@ -1,14 +0,0 @@ -MOD_CRYPTOAPI := ipsec_cryptoapi.o - -ifneq ($(wildcard $(TOPDIR)/include/linux/crypto.h),) -ALG_MODULES += $(MOD_CRYPTOAPI) -obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += $(MOD_CRYPTOAPI) -static_init-func-$(CONFIG_IPSEC_ALG_CRYPTOAPI)+= ipsec_cryptoapi_init -alg_obj-$(CONFIG_IPSEC_ALG_CRYPTOAPI) += ipsec_alg_cryptoapi.o -else -$(warning "Linux CryptoAPI (2.4.22+ or 2.6.x) not found, not building ipsec_cryptoapi.o") -endif - -CRYPTOAPI_OBJS := ipsec_alg_cryptoapi.o -$(MOD_CRYPTOAPI): $(CRYPTOAPI_OBJS) - $(LD) -r $(CRYPTOAPI_OBJS) -o $@ diff --git a/linux/net/ipsec/alg/Makefile.alg_serpent b/linux/net/ipsec/alg/Makefile.alg_serpent deleted file mode 100644 index 1a2383a6a..000000000 --- a/linux/net/ipsec/alg/Makefile.alg_serpent +++ /dev/null @@ -1,21 +0,0 @@ -MOD_SERPENT := ipsec_serpent.o - -ALG_MODULES += $(MOD_SERPENT) -ALG_SUBDIRS += libserpent - -obj-$(CONFIG_IPSEC_ALG_SERPENT) += $(MOD_SERPENT) -static_init-func-$(CONFIG_IPSEC_ALG_SERPENT)+= ipsec_serpent_init -alg_obj-$(CONFIG_IPSEC_ALG_SERPENT) += ipsec_alg_serpent.o - -SERPENT_OBJS=ipsec_alg_serpent.o libserpent/libserpent.a -$(MOD_SERPENT) : libserpent $(SERPENT_OBJS) - $(LD) -r $(SERPENT_OBJS) -o $@ - -libserpent : $(LIBCRYPTO)/libserpent - test -d $@ || mkdir $@ ;exit 0 - test -d $@/asm || mkdir $@/asm;exit 0 - cd $@ && ln -sf $?/Makefile $?/*.[chS] . - -libserpent/libserpent.a: - ( cd libserpent && \ - $(MAKE) CC='$(CC)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' EXTRA_CFLAGS='$(EXTRA_CFLAGS)' libserpent.a ;) diff --git a/linux/net/ipsec/alg/Makefile.alg_sha2 b/linux/net/ipsec/alg/Makefile.alg_sha2 deleted file mode 100644 index 956a0f1a3..000000000 --- a/linux/net/ipsec/alg/Makefile.alg_sha2 +++ /dev/null @@ -1,22 +0,0 @@ -MOD_SHA2 := ipsec_sha2.o - -ALG_MODULES += $(MOD_SHA2) -ALG_SUBDIRS += libsha2 - -obj-$(CONFIG_IPSEC_ALG_SHA2) += $(MOD_SHA2) -static_init-func-$(CONFIG_IPSEC_ALG_SHA2)+= ipsec_sha2_init -alg_obj-$(CONFIG_IPSEC_ALG_SHA2) += ipsec_alg_sha2.o - -SHA2_OBJS := ipsec_alg_sha2.o libsha2/libsha2.a - -$(MOD_SHA2): libsha2 $(SHA2_OBJS) - $(LD) $(EXTRA_LDFLAGS) -r $(SHA2_OBJS) -o $@ - -libsha2 : $(LIBCRYPTO)/libsha2 - test -d $@ || mkdir $@ ;exit 0 - test -d $@/asm || mkdir $@/asm;exit 0 - cd $@ && ln -sf $?/Makefile $?/*.[chS] . - -libsha2/libsha2.a: - ( cd libsha2 && \ - $(MAKE) CC='$(CC)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' EXTRA_CFLAGS='$(EXTRA_CFLAGS)' libsha2.a ;) diff --git a/linux/net/ipsec/alg/Makefile.alg_twofish b/linux/net/ipsec/alg/Makefile.alg_twofish deleted file mode 100644 index 559285ddd..000000000 --- a/linux/net/ipsec/alg/Makefile.alg_twofish +++ /dev/null @@ -1,21 +0,0 @@ -MOD_TWOFISH := ipsec_twofish.o - -ALG_MODULES += $(MOD_TWOFISH) -ALG_SUBDIRS += libtwofish - -obj-$(CONFIG_IPSEC_ALG_TWOFISH) += $(MOD_TWOFISH) -static_init-func-$(CONFIG_IPSEC_ALG_TWOFISH)+= ipsec_twofish_init -alg_obj-$(CONFIG_IPSEC_ALG_TWOFISH) += ipsec_alg_twofish.o - -TWOFISH_OBJS := ipsec_alg_twofish.o libtwofish/libtwofish.a -$(MOD_TWOFISH): libtwofish $(TWOFISH_OBJS) - $(LD) -r $(TWOFISH_OBJS) -o $@ - -libtwofish : $(LIBCRYPTO)/libtwofish - test -d $@ || mkdir $@ ;exit 0 - test -d $@/asm || mkdir $@/asm;exit 0 - cd $@ && ln -sf $?/Makefile $?/*.[chS] . - -libtwofish/libtwofish.a: - ( cd libtwofish && \ - $(MAKE) CC='$(CC)' CFLAGS='$(CFLAGS) $(EXTRA_CFLAGS)' EXTRA_CFLAGS='$(EXTRA_CFLAGS)' libtwofish.a ;) diff --git a/linux/net/ipsec/alg/ipsec_alg_aes.c b/linux/net/ipsec/alg/ipsec_alg_aes.c deleted file mode 100644 index c6b390281..000000000 --- a/linux/net/ipsec/alg/ipsec_alg_aes.c +++ /dev/null @@ -1,253 +0,0 @@ -/* - * ipsec_alg AES cipher stubs - * - * Author: JuanJo Ciarlante - * - * $Id: ipsec_alg_aes.c,v 1.2 2004/03/22 21:53:19 as Exp $ - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * Fixes by: - * PK: Pawel Krawczyk - * Fixes list: - * PK: make XCBC comply with latest draft (keylength) - * - */ -#include -#include - -/* - * special case: ipsec core modular with this static algo inside: - * must avoid MODULE magic for this file - */ -#if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_AES -#undef MODULE -#endif - -#include -#include - -#include /* printk() */ -#include /* error codes */ -#include /* size_t */ -#include - -/* Check if __exit is defined, if not null it */ -#ifndef __exit -#define __exit -#endif - -/* Low freeswan header coupling */ -#include "freeswan/ipsec_alg.h" -#include "libaes/aes_cbc.h" - -#define CONFIG_IPSEC_ALG_AES_MAC 1 - -#define AES_CONTEXT_T aes_context -MODULE_AUTHOR("JuanJo Ciarlante "); -static int debug=0; -MODULE_PARM(debug, "i"); -static int test=0; -MODULE_PARM(test, "i"); -static int excl=0; -MODULE_PARM(excl, "i"); -static int keyminbits=0; -MODULE_PARM(keyminbits, "i"); -static int keymaxbits=0; -MODULE_PARM(keymaxbits, "i"); - -#if CONFIG_IPSEC_ALG_AES_MAC -#include "libaes/aes_xcbc_mac.h" - -/* - * Not IANA number yet (draft-ietf-ipsec-ciph-aes-xcbc-mac-00.txt). - * We use 9 for non-modular algorithm and none for modular, thus - * forcing user to specify one on module load. -kravietz - */ -#ifdef MODULE -static int auth_id=0; -#else -static int auth_id=9; -#endif -MODULE_PARM(auth_id, "i"); -#endif - -#define ESP_AES 12 /* truely _constant_ :) */ - -/* 128, 192 or 256 */ -#define ESP_AES_KEY_SZ_MIN 16 /* 128 bit secret key */ -#define ESP_AES_KEY_SZ_MAX 32 /* 256 bit secret key */ -#define ESP_AES_CBC_BLK_LEN 16 /* AES-CBC block size */ - -/* Values according to draft-ietf-ipsec-ciph-aes-xcbc-mac-02.txt - * -kravietz - */ -#define ESP_AES_MAC_KEY_SZ 16 /* 128 bit MAC key */ -#define ESP_AES_MAC_BLK_LEN 16 /* 128 bit block */ - -static int _aes_set_key(struct ipsec_alg_enc *alg, __u8 * key_e, const __u8 * key, size_t keysize) { - int ret; - AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e; - ret=AES_set_key(ctx, key, keysize)!=0? 0: -EINVAL; - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_aes_set_key:" - "ret=%d key_e=%p key=%p keysize=%d\n", - ret, key_e, key, keysize); - return ret; -} -static int _aes_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt) { - AES_CONTEXT_T *ctx=(AES_CONTEXT_T*)key_e; - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_aes_cbc_encrypt:" - "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n", - key_e, in, ilen, iv, encrypt); - return AES_cbc_encrypt(ctx, in, in, ilen, iv, encrypt); -} -#if CONFIG_IPSEC_ALG_AES_MAC -static int _aes_mac_set_key(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * key, int keylen) { - aes_context_mac *ctxm=(aes_context_mac *)key_a; - return AES_xcbc_mac_set_key(ctxm, key, keylen)? 0 : -EINVAL; -} -static int _aes_mac_hash(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * dat, int len, __u8 * hash, int hashlen) { - int ret; - char hash_buf[16]; - aes_context_mac *ctxm=(aes_context_mac *)key_a; - ret=AES_xcbc_mac_hash(ctxm, dat, len, hash_buf); - memcpy(hash, hash_buf, hashlen); - return ret; -} -static struct ipsec_alg_auth ipsec_alg_AES_MAC = { - ixt_version: IPSEC_ALG_VERSION, - ixt_module: THIS_MODULE, - ixt_refcnt: ATOMIC_INIT(0), - ixt_alg_type: IPSEC_ALG_TYPE_AUTH, - ixt_alg_id: 0, - ixt_name: "aes_mac", - ixt_blocksize: ESP_AES_MAC_BLK_LEN, - ixt_keyminbits: ESP_AES_MAC_KEY_SZ*8, - ixt_keymaxbits: ESP_AES_MAC_KEY_SZ*8, - ixt_a_keylen: ESP_AES_MAC_KEY_SZ, - ixt_a_ctx_size: sizeof(aes_context_mac), - ixt_a_hmac_set_key: _aes_mac_set_key, - ixt_a_hmac_hash:_aes_mac_hash, -}; -#endif /* CONFIG_IPSEC_ALG_AES_MAC */ -static struct ipsec_alg_enc ipsec_alg_AES = { - ixt_version: IPSEC_ALG_VERSION, - ixt_module: THIS_MODULE, - ixt_refcnt: ATOMIC_INIT(0), - ixt_alg_type: IPSEC_ALG_TYPE_ENCRYPT, - ixt_alg_id: ESP_AES, - ixt_name: "aes", - ixt_blocksize: ESP_AES_CBC_BLK_LEN, - ixt_keyminbits: ESP_AES_KEY_SZ_MIN*8, - ixt_keymaxbits: ESP_AES_KEY_SZ_MAX*8, - ixt_e_keylen: ESP_AES_KEY_SZ_MAX, - ixt_e_ctx_size: sizeof(AES_CONTEXT_T), - ixt_e_set_key: _aes_set_key, - ixt_e_cbc_encrypt:_aes_cbc_encrypt, -}; - -IPSEC_ALG_MODULE_INIT( ipsec_aes_init ) -{ - int ret, test_ret; - if (keyminbits) - ipsec_alg_AES.ixt_keyminbits=keyminbits; - if (keymaxbits) { - ipsec_alg_AES.ixt_keymaxbits=keymaxbits; - if (keymaxbits*8>ipsec_alg_AES.ixt_keymaxbits) - ipsec_alg_AES.ixt_e_keylen=keymaxbits*8; - } - if (excl) ipsec_alg_AES.ixt_state |= IPSEC_ALG_ST_EXCL; - ret=register_ipsec_alg_enc(&ipsec_alg_AES); - printk("ipsec_aes_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", - ipsec_alg_AES.ixt_alg_type, - ipsec_alg_AES.ixt_alg_id, - ipsec_alg_AES.ixt_name, - ret); - if (ret==0 && test) { - test_ret=ipsec_alg_test( - ipsec_alg_AES.ixt_alg_type, - ipsec_alg_AES.ixt_alg_id, - test); - printk("ipsec_aes_init(alg_type=%d alg_id=%d): test_ret=%d\n", - ipsec_alg_AES.ixt_alg_type, - ipsec_alg_AES.ixt_alg_id, - test_ret); - } -#if CONFIG_IPSEC_ALG_AES_MAC - if (auth_id!=0){ - int ret; - ipsec_alg_AES_MAC.ixt_alg_id=auth_id; - ret=register_ipsec_alg_auth(&ipsec_alg_AES_MAC); - printk("ipsec_aes_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", - ipsec_alg_AES_MAC.ixt_alg_type, - ipsec_alg_AES_MAC.ixt_alg_id, - ipsec_alg_AES_MAC.ixt_name, - ret); - if (ret==0 && test) { - test_ret=ipsec_alg_test( - ipsec_alg_AES_MAC.ixt_alg_type, - ipsec_alg_AES_MAC.ixt_alg_id, - test); - printk("ipsec_aes_init(alg_type=%d alg_id=%d): test_ret=%d\n", - ipsec_alg_AES_MAC.ixt_alg_type, - ipsec_alg_AES_MAC.ixt_alg_id, - test_ret); - } - } else { - printk(KERN_DEBUG "klips_debug: experimental ipsec_alg_AES_MAC not registered [Ok] (auth_id=%d)\n", auth_id); - } -#endif /* CONFIG_IPSEC_ALG_AES_MAC */ - return ret; -} -IPSEC_ALG_MODULE_EXIT( ipsec_aes_fini ) -{ -#if CONFIG_IPSEC_ALG_AES_MAC - if (auth_id) unregister_ipsec_alg_auth(&ipsec_alg_AES_MAC); -#endif /* CONFIG_IPSEC_ALG_AES_MAC */ - unregister_ipsec_alg_enc(&ipsec_alg_AES); - return; -} -#ifdef MODULE_LICENSE -MODULE_LICENSE("GPL"); -#endif - -#if 0+NOT_YET -#ifndef MODULE -/* - * This is intended for static module setups, currently - * doesn't work for modular ipsec.o with static algos inside - */ -static int setup_keybits(const char *str) -{ - unsigned aux; - char *end; - - aux = simple_strtoul(str,&end,0); - if (aux != 128 && aux != 192 && aux != 256) - return 0; - keyminbits = aux; - - if (*end == 0 || *end != ',') - return 1; - str=end+1; - aux = simple_strtoul(str, NULL, 0); - if (aux != 128 && aux != 192 && aux != 256) - return 0; - if (aux >= keyminbits) - keymaxbits = aux; - return 1; -} -__setup("ipsec_aes_keybits=", setup_keybits); -#endif -#endif -EXPORT_NO_SYMBOLS; diff --git a/linux/net/ipsec/alg/ipsec_alg_blowfish.c b/linux/net/ipsec/alg/ipsec_alg_blowfish.c deleted file mode 100644 index 6adc22b22..000000000 --- a/linux/net/ipsec/alg/ipsec_alg_blowfish.c +++ /dev/null @@ -1,142 +0,0 @@ -/* ipsec_alg BLOWFISH cipher stubs - * - * Author: JuanJo Ciarlante - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCS ID $Id: ipsec_alg_blowfish.c,v 1.3 2004/09/17 18:57:30 as Exp $ - */ - -#include -#include - -/* - * special case: ipsec core modular with this static algo inside: - * must avoid MODULE magic for this file - */ -#if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_BLOWFISH -#undef MODULE -#endif - -#include -#include - -#include /* printk() */ -#include /* error codes */ -#include /* size_t */ -#include - -/* Check if __exit is defined, if not null it */ -#ifndef __exit -#define __exit -#endif - -/* Low freeswan header coupling */ -#include "freeswan/ipsec_alg.h" -#include "libblowfish/blowfish.h" -#define blowfish_context BF_KEY - -#define ESP_BLOWFISH 7 /* truly _constant_ :) */ - -#define ESP_BLOWFISH_KEY_SZ_MIN 16 /* 128 bit secret key min */ -#define ESP_BLOWFISH_KEY_SZ 16 /* 128 bit secret key */ -#define ESP_BLOWFISH_KEY_SZ_MAX 56 /* 448 bit secret key max */ -#define ESP_BLOWFISH_CBC_BLK_LEN 8 /* block size */ - -MODULE_AUTHOR("JuanJo Ciarlante "); -static int debug=0; -MODULE_PARM(debug, "i"); -static int test=0; -MODULE_PARM(test, "i"); -static int excl=0; -MODULE_PARM(excl, "i"); -static int keyminbits=0; -MODULE_PARM(keyminbits, "i"); -static int keymaxbits=0; -MODULE_PARM(keymaxbits, "i"); - -static int _blowfish_set_key(struct ipsec_alg_enc *alg, __u8 * key_e, const __u8 * key, size_t keysize) { - blowfish_context *ctx=(blowfish_context*)key_e; - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_blowfish_set_key:" - "key_e=%p key=%p keysize=%d\n", - key_e, key, keysize); - BF_set_key(ctx, keysize, (unsigned char *)key); - return 0; -} -static int _blowfish_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 *iv, int encrypt) { - /* blowfish toasts passed IV */ - __u8 iv_buf[ESP_BLOWFISH_CBC_BLK_LEN]; - blowfish_context *ctx=(blowfish_context*)key_e; - *((__u32*)&(iv_buf)) = ((__u32*)(iv))[0]; - *((__u32*)&(iv_buf)+1) = ((__u32*)(iv))[1]; - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_blowfish_cbc_encrypt:" - "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n", - key_e, in, ilen, iv_buf, encrypt); - BF_cbc_encrypt(in, in, ilen, ctx, iv_buf, encrypt); - return ilen; -} -static struct ipsec_alg_enc ipsec_alg_BLOWFISH = { - ixt_version: IPSEC_ALG_VERSION, - ixt_module: THIS_MODULE, - ixt_refcnt: ATOMIC_INIT(0), - ixt_alg_type: IPSEC_ALG_TYPE_ENCRYPT, - ixt_alg_id: ESP_BLOWFISH, - ixt_name: "blowfish", - ixt_blocksize: ESP_BLOWFISH_CBC_BLK_LEN, - ixt_keyminbits: ESP_BLOWFISH_KEY_SZ_MIN*8, - ixt_keymaxbits: ESP_BLOWFISH_KEY_SZ_MAX*8, - ixt_e_keylen: ESP_BLOWFISH_KEY_SZ, - ixt_e_ctx_size: sizeof(blowfish_context), - ixt_e_set_key: _blowfish_set_key, - ixt_e_cbc_encrypt:_blowfish_cbc_encrypt, -}; - -IPSEC_ALG_MODULE_INIT(ipsec_blowfish_init) -{ - int ret, test_ret; - if (keyminbits) - ipsec_alg_BLOWFISH.ixt_keyminbits=keyminbits; - if (keymaxbits) { - ipsec_alg_BLOWFISH.ixt_keymaxbits=keymaxbits; - if (keymaxbits*8>ipsec_alg_BLOWFISH.ixt_keymaxbits) - ipsec_alg_BLOWFISH.ixt_e_keylen=keymaxbits*8; - } - if (excl) ipsec_alg_BLOWFISH.ixt_state |= IPSEC_ALG_ST_EXCL; - ret=register_ipsec_alg_enc(&ipsec_alg_BLOWFISH); - printk("ipsec_blowfish_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", - ipsec_alg_BLOWFISH.ixt_alg_type, - ipsec_alg_BLOWFISH.ixt_alg_id, - ipsec_alg_BLOWFISH.ixt_name, - ret); - if (ret==0 && test) { - test_ret=ipsec_alg_test( - ipsec_alg_BLOWFISH.ixt_alg_type, - ipsec_alg_BLOWFISH.ixt_alg_id, - test); - printk("ipsec_blowfish_init(alg_type=%d alg_id=%d): test_ret=%d\n", - ipsec_alg_BLOWFISH.ixt_alg_type, - ipsec_alg_BLOWFISH.ixt_alg_id, - test_ret); - } - return ret; -} -IPSEC_ALG_MODULE_EXIT(ipsec_blowfish_fini) -{ - unregister_ipsec_alg_enc(&ipsec_alg_BLOWFISH); - return; -} -#ifdef MODULE_LICENSE -MODULE_LICENSE("GPL"); -#endif - -EXPORT_NO_SYMBOLS; diff --git a/linux/net/ipsec/alg/ipsec_alg_cryptoapi.c b/linux/net/ipsec/alg/ipsec_alg_cryptoapi.c deleted file mode 100644 index fc68094c2..000000000 --- a/linux/net/ipsec/alg/ipsec_alg_cryptoapi.c +++ /dev/null @@ -1,421 +0,0 @@ -/* - * ipsec_alg to linux cryptoapi GLUE - * - * Authors: CODE.ar TEAM - * Harpo MAxx - * JuanJo Ciarlante - * Luciano Ruete - * - * $Id: ipsec_alg_cryptoapi.c,v 1.3 2004/09/17 18:57:30 as Exp $ - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * Example usage: - * modinfo -p ipsec_cryptoapi (quite useful info, including supported algos) - * modprobe ipsec_cryptoapi - * modprobe ipsec_cryptoapi test=1 - * modprobe ipsec_cryptoapi excl=1 (exclusive cipher/algo) - * modprobe ipsec_cryptoapi noauto=1 aes=1 twofish=1 (only these ciphers) - * modprobe ipsec_cryptoapi aes=128,128 (force these keylens) - * modprobe ipsec_cryptoapi des_ede3=0 (everything but 3DES) - */ -#include -#include - -/* - * special case: ipsec core modular with this static algo inside: - * must avoid MODULE magic for this file - */ -#if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_CRYPTOAPI -#undef MODULE -#endif - -#include -#include - -#include /* printk() */ -#include /* error codes */ -#include /* size_t */ -#include - -/* Check if __exit is defined, if not null it */ -#ifndef __exit -#define __exit -#endif - -/* warn the innocent */ -#if !defined (CONFIG_CRYPTO) && !defined (CONFIG_CRYPTO_MODULE) -#warning "No linux CryptoAPI found, install 2.4.22+ or 2.6.x" -#define NO_CRYPTOAPI_SUPPORT -#endif -/* Low freeswan header coupling */ -#include "freeswan/ipsec_alg.h" - -#include -#ifdef CRYPTO_API_VERSION_CODE -#warning "Old CryptoAPI is not supported. Only linux-2.4.22+ or linux-2.6.x are supported" -#define NO_CRYPTOAPI_SUPPORT -#endif - -#ifdef NO_CRYPTOAPI_SUPPORT -#warning "Building an unusable module :P" -/* Catch old CryptoAPI by not allowing module to load */ -IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init ) -{ - printk(KERN_WARNING "ipsec_cryptoapi.o was not built on stock Linux CryptoAPI (2.4.22+ or 2.6.x), not loading.\n"); - return -EINVAL; -} -#else -#include -#include -#include - -#define CIPHERNAME_AES "aes" -#define CIPHERNAME_3DES "des3_ede" -#define CIPHERNAME_BLOWFISH "blowfish" -#define CIPHERNAME_CAST "cast5" -#define CIPHERNAME_SERPENT "serpent" -#define CIPHERNAME_TWOFISH "twofish" - -#define ESP_3DES 3 -#define ESP_AES 12 -#define ESP_BLOWFISH 7 /* truly _constant_ :) */ -#define ESP_CAST 6 /* quite constant :) */ -#define ESP_SERPENT 252 /* from ipsec drafts */ -#define ESP_TWOFISH 253 /* from ipsec drafts */ - -#define AH_MD5 2 -#define AH_SHA 3 -#define DIGESTNAME_MD5 "md5" -#define DIGESTNAME_SHA1 "sha1" - -MODULE_AUTHOR("Juanjo Ciarlante, Harpo MAxx, Luciano Ruete"); -static int debug=0; -MODULE_PARM(debug, "i"); -static int test=0; -MODULE_PARM(test, "i"); -static int excl=0; -MODULE_PARM(excl, "i"); - -static int noauto = 0; -MODULE_PARM(noauto,"i"); -MODULE_PARM_DESC(noauto, "Dont try all known algos, just setup enabled ones"); - -static int des_ede3[] = {-1, -1}; -static int aes[] = {-1, -1}; -static int blowfish[] = {-1, -1}; -static int cast[] = {-1, -1}; -static int serpent[] = {-1, -1}; -static int twofish[] = {-1, -1}; - -MODULE_PARM(des_ede3,"1-2i"); -MODULE_PARM(aes,"1-2i"); -MODULE_PARM(blowfish,"1-2i"); -MODULE_PARM(cast,"1-2i"); -MODULE_PARM(serpent,"1-2i"); -MODULE_PARM(twofish,"1-2i"); -MODULE_PARM_DESC(des_ede3, "0: disable | 1: force_enable | min,max: dontuse"); -MODULE_PARM_DESC(aes, "0: disable | 1: force_enable | min,max: keybitlens"); -MODULE_PARM_DESC(blowfish, "0: disable | 1: force_enable | min,max: keybitlens"); -MODULE_PARM_DESC(cast, "0: disable | 1: force_enable | min,max: keybitlens"); -MODULE_PARM_DESC(serpent, "0: disable | 1: force_enable | min,max: keybitlens"); -MODULE_PARM_DESC(twofish, "0: disable | 1: force_enable | min,max: keybitlens"); - -struct ipsec_alg_capi_cipher { - const char *ciphername; /* cryptoapi's ciphername */ - unsigned blocksize; - unsigned short minbits; - unsigned short maxbits; - int *parm; /* lkm param for this cipher */ - struct ipsec_alg_enc alg; /* note it's not a pointer */ -}; -static struct ipsec_alg_capi_cipher alg_capi_carray[] = { - { CIPHERNAME_AES , 16, 128, 256, aes , { ixt_alg_id: ESP_AES, }}, - { CIPHERNAME_TWOFISH , 16, 128, 256, twofish, { ixt_alg_id: ESP_TWOFISH, }}, - { CIPHERNAME_SERPENT , 16, 128, 256, serpent, { ixt_alg_id: ESP_SERPENT, }}, - { CIPHERNAME_CAST , 8, 128, 128, cast , { ixt_alg_id: ESP_CAST, }}, - { CIPHERNAME_BLOWFISH , 8, 128, 448, blowfish,{ ixt_alg_id: ESP_BLOWFISH, }}, - { CIPHERNAME_3DES , 8, 192, 192, des_ede3,{ ixt_alg_id: ESP_3DES, }}, - { NULL, 0, 0, 0, NULL, {} } -}; -#ifdef NOT_YET -struct ipsec_alg_capi_digest { - const char *digestname; /* cryptoapi's digestname */ - struct digest_implementation *di; - struct ipsec_alg_auth alg; /* note it's not a pointer */ -}; -static struct ipsec_alg_capi_cipher alg_capi_darray[] = { - { DIGESTNAME_MD5, NULL, { ixt_alg_id: AH_MD5, }}, - { DIGESTNAME_SHA1, NULL, { ixt_alg_id: AH_SHA, }}, - { NULL, NULL, {} } -}; -#endif -/* - * "generic" linux cryptoapi setup_cipher() function - */ -int setup_cipher(const char *ciphername) -{ - return crypto_alg_available(ciphername, 0); -} - -/* - * setups ipsec_alg_capi_cipher "hyper" struct components, calling - * register_ipsec_alg for cointaned ipsec_alg object - */ -static void _capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e); -static __u8 * _capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen); -static int _capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt); - -static int -setup_ipsec_alg_capi_cipher(struct ipsec_alg_capi_cipher *cptr) -{ - int ret; - cptr->alg.ixt_version = IPSEC_ALG_VERSION; - cptr->alg.ixt_module = THIS_MODULE; - atomic_set (& cptr->alg.ixt_refcnt, 0); - strncpy (cptr->alg.ixt_name , cptr->ciphername, sizeof (cptr->alg.ixt_name)); - - cptr->alg.ixt_blocksize=cptr->blocksize; - cptr->alg.ixt_keyminbits=cptr->minbits; - cptr->alg.ixt_keymaxbits=cptr->maxbits; - cptr->alg.ixt_state = 0; - if (excl) cptr->alg.ixt_state |= IPSEC_ALG_ST_EXCL; - cptr->alg.ixt_e_keylen=cptr->alg.ixt_keymaxbits/8; - cptr->alg.ixt_e_ctx_size = 0; - cptr->alg.ixt_alg_type = IPSEC_ALG_TYPE_ENCRYPT; - cptr->alg.ixt_e_new_key = _capi_new_key; - cptr->alg.ixt_e_destroy_key = _capi_destroy_key; - cptr->alg.ixt_e_cbc_encrypt = _capi_cbc_encrypt; - cptr->alg.ixt_data = cptr; - - ret=register_ipsec_alg_enc(&cptr->alg); - printk("setup_ipsec_alg_capi_cipher(): " - "alg_type=%d alg_id=%d name=%s " - "keyminbits=%d keymaxbits=%d, ret=%d\n", - cptr->alg.ixt_alg_type, - cptr->alg.ixt_alg_id, - cptr->alg.ixt_name, - cptr->alg.ixt_keyminbits, - cptr->alg.ixt_keymaxbits, - ret); - return ret; -} -/* - * called in ipsec_sa_wipe() time, will destroy key contexts - * and do 1 unbind() - */ -static void -_capi_destroy_key (struct ipsec_alg_enc *alg, __u8 *key_e) -{ - struct crypto_tfm *tfm=(struct crypto_tfm*)key_e; - - if (debug > 0) - printk(KERN_DEBUG "klips_debug: _capi_destroy_key:" - "name=%s key_e=%p \n", - alg->ixt_name, key_e); - if (!key_e) { - printk(KERN_ERR "klips_debug: _capi_destroy_key:" - "name=%s NULL key_e!\n", - alg->ixt_name); - return; - } - crypto_free_tfm(tfm); -} - -/* - * create new key context, need alg->ixt_data to know which - * (of many) cipher inside this module is the target - */ -static __u8 * -_capi_new_key (struct ipsec_alg_enc *alg, const __u8 *key, size_t keylen) -{ - struct ipsec_alg_capi_cipher *cptr; - struct crypto_tfm *tfm=NULL; - - cptr = alg->ixt_data; - if (!cptr) { - printk(KERN_ERR "_capi_new_key(): " - "NULL ixt_data (?!) for \"%s\" algo\n" - , alg->ixt_name); - goto err; - } - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_capi_new_key:" - "name=%s cptr=%p key=%p keysize=%d\n", - alg->ixt_name, cptr, key, keylen); - - /* - * alloc tfm - */ - tfm = crypto_alloc_tfm(cptr->ciphername, CRYPTO_TFM_MODE_CBC); - if (!tfm) { - printk(KERN_ERR "_capi_new_key(): " - "NULL tfm for \"%s\" cryptoapi (\"%s\") algo\n" - , alg->ixt_name, cptr->ciphername); - goto err; - } - if (crypto_cipher_setkey(tfm, key, keylen) < 0) { - printk(KERN_ERR "_capi_new_key(): " - "failed new_key() for \"%s\" cryptoapi algo (keylen=%d)\n" - , alg->ixt_name, keylen); - crypto_free_tfm(tfm); - tfm=NULL; - } -err: - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_capi_new_key:" - "name=%s key=%p keylen=%d tfm=%p\n", - alg->ixt_name, key, keylen, tfm); - return (__u8 *) tfm; -} -/* - * core encryption function: will use cx->ci to call actual cipher's - * cbc function - */ -static int -_capi_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt) { - int error =0; - struct crypto_tfm *tfm=(struct crypto_tfm *)key_e; - struct scatterlist sg = { - .page = virt_to_page(in), - .offset = (unsigned long)(in) % PAGE_SIZE, - .length=ilen, - }; - if (debug > 1) - printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:" - "key_e=%p " - "in=%p out=%p ilen=%d iv=%p encrypt=%d\n" - , key_e - , in, in, ilen, iv, encrypt); - crypto_cipher_set_iv(tfm, iv, crypto_tfm_alg_ivsize(tfm)); - if (encrypt) - error = crypto_cipher_encrypt (tfm, &sg, &sg, ilen); - else - error = crypto_cipher_decrypt (tfm, &sg, &sg, ilen); - if (debug > 1) - printk(KERN_DEBUG "klips_debug:_capi_cbc_encrypt:" - "error=%d\n" - , error); - return (error<0)? error : ilen; -} -/* - * main initialization loop: for each cipher in list, do - * 1) setup cryptoapi cipher else continue - * 2) register ipsec_alg object - */ -static int -setup_cipher_list (struct ipsec_alg_capi_cipher* clist) -{ - struct ipsec_alg_capi_cipher *cptr; - /* foreach cipher in list ... */ - for (cptr=clist;cptr->ciphername;cptr++) { - /* - * see if cipher has been disabled (0) or - * if noauto set and not enabled (1) - */ - if (cptr->parm[0] == 0 || (noauto && cptr->parm[0] < 0)) { - if (debug>0) - printk(KERN_INFO "setup_cipher_list(): " - "ciphername=%s skipped at user request: " - "noauto=%d parm[0]=%d parm[1]=%d\n" - , cptr->ciphername - , noauto - , cptr->parm[0] - , cptr->parm[1]); - continue; - } - /* - * use a local ci to avoid touching cptr->ci, - * if register ipsec_alg success then bind cipher - */ - if( setup_cipher(cptr->ciphername) ) { - if (debug > 0) - printk(KERN_DEBUG "klips_debug:" - "setup_cipher_list():" - "ciphername=%s found\n" - , cptr->ciphername); - if (setup_ipsec_alg_capi_cipher(cptr) == 0) { - - - } else { - printk(KERN_ERR "klips_debug:" - "setup_cipher_list():" - "ciphername=%s failed ipsec_alg_register\n" - , cptr->ciphername); - } - } else { - if (debug>0) - printk(KERN_INFO "setup_cipher_list(): lookup for ciphername=%s: not found \n", - cptr->ciphername); - } - } - return 0; -} -/* - * deregister ipsec_alg objects and unbind ciphers - */ -static int -unsetup_cipher_list (struct ipsec_alg_capi_cipher* clist) -{ - struct ipsec_alg_capi_cipher *cptr; - /* foreach cipher in list ... */ - for (cptr=clist;cptr->ciphername;cptr++) { - if (cptr->alg.ixt_state & IPSEC_ALG_ST_REGISTERED) { - unregister_ipsec_alg_enc(&cptr->alg); - } - } - return 0; -} -/* - * test loop for registered algos - */ -static int -test_cipher_list (struct ipsec_alg_capi_cipher* clist) -{ - int test_ret; - struct ipsec_alg_capi_cipher *cptr; - /* foreach cipher in list ... */ - for (cptr=clist;cptr->ciphername;cptr++) { - if (cptr->alg.ixt_state & IPSEC_ALG_ST_REGISTERED) { - test_ret=ipsec_alg_test( - cptr->alg.ixt_alg_type, - cptr->alg.ixt_alg_id, - test); - printk("test_cipher_list(alg_type=%d alg_id=%d): test_ret=%d\n", - cptr->alg.ixt_alg_type, - cptr->alg.ixt_alg_id, - test_ret); - } - } - return 0; -} - -IPSEC_ALG_MODULE_INIT( ipsec_cryptoapi_init ) -{ - int ret, test_ret; - if ((ret=setup_cipher_list(alg_capi_carray)) < 0) - return -EPROTONOSUPPORT; - if (ret==0 && test) { - test_ret=test_cipher_list(alg_capi_carray); - } - return ret; -} -IPSEC_ALG_MODULE_EXIT( ipsec_cryptoapi_fini ) -{ - unsetup_cipher_list(alg_capi_carray); - return; -} -#ifdef MODULE_LICENSE -MODULE_LICENSE("GPL"); -#endif - -EXPORT_NO_SYMBOLS; -#endif /* NO_CRYPTOAPI_SUPPORT */ diff --git a/linux/net/ipsec/alg/ipsec_alg_serpent.c b/linux/net/ipsec/alg/ipsec_alg_serpent.c deleted file mode 100644 index 1f26b0b01..000000000 --- a/linux/net/ipsec/alg/ipsec_alg_serpent.c +++ /dev/null @@ -1,139 +0,0 @@ -/* - * ipsec_alg SERPENT cipher stubs - * - * Author: JuanJo Ciarlante - * - * $Id: ipsec_alg_serpent.c,v 1.2 2004/03/22 21:53:19 as Exp $ - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - */ -#include -#include - -/* - * special case: ipsec core modular with this static algo inside: - * must avoid MODULE magic for this file - */ -#if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_SERPENT -#undef MODULE -#endif - -#include -#include - -#include /* printk() */ -#include /* error codes */ -#include /* size_t */ -#include - -/* Check if __exit is defined, if not null it */ -#ifndef __exit -#define __exit -#endif - -/* Low freeswan header coupling */ -#include "freeswan/ipsec_alg.h" -#include "libserpent/serpent.h" -#include "libserpent/serpent_cbc.h" - -#define ESP_SERPENT 252 /* from ipsec drafts */ - -/* 128, 192 or 256 */ -#define ESP_SERPENT_KEY_SZ_MIN 16 /* 128 bit secret key */ -#define ESP_SERPENT_KEY_SZ_MAX 32 /* 256 bit secret key */ -#define ESP_SERPENT_CBC_BLK_LEN 16 /* SERPENT-CBC block size */ - -MODULE_AUTHOR("JuanJo Ciarlante "); -static int debug=0; -MODULE_PARM(debug, "i"); -static int test=0; -MODULE_PARM(test, "i"); -static int excl=0; -MODULE_PARM(excl, "i"); -static int keyminbits=0; -MODULE_PARM(keyminbits, "i"); -static int keymaxbits=0; -MODULE_PARM(keymaxbits, "i"); - -static int _serpent_set_key(struct ipsec_alg_enc *alg, __u8 * key_e, const __u8 * key, size_t keysize) { - serpent_context *ctx=(serpent_context *)key_e; - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_serpent_set_key:" - "key_e=%p key=%p keysize=%d\n", - key_e, key, keysize); - serpent_set_key(ctx, key, keysize); - return 0; -} -static int _serpent_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt) { - serpent_context *ctx=(serpent_context *)key_e; - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_serpent_cbc_encrypt:" - "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n", - key_e, in, ilen, iv, encrypt); - serpent_cbc_encrypt(ctx, in, in, ilen, iv, encrypt); - return ilen; -} -static struct ipsec_alg_enc ipsec_alg_SERPENT = { - ixt_version: IPSEC_ALG_VERSION, - ixt_module: THIS_MODULE, - ixt_refcnt: ATOMIC_INIT(0), - ixt_alg_type: IPSEC_ALG_TYPE_ENCRYPT, - ixt_alg_id: ESP_SERPENT, - ixt_name: "serpent", - ixt_blocksize: ESP_SERPENT_CBC_BLK_LEN, - ixt_keyminbits: ESP_SERPENT_KEY_SZ_MIN * 8, - ixt_keymaxbits: ESP_SERPENT_KEY_SZ_MAX * 8, - ixt_e_keylen: ESP_SERPENT_KEY_SZ_MAX, - ixt_e_ctx_size: sizeof(serpent_context), - ixt_e_set_key: _serpent_set_key, - ixt_e_cbc_encrypt:_serpent_cbc_encrypt, -}; - -IPSEC_ALG_MODULE_INIT(ipsec_serpent_init) -{ - int ret, test_ret; - if (keyminbits) - ipsec_alg_SERPENT.ixt_keyminbits=keyminbits; - if (keymaxbits) { - ipsec_alg_SERPENT.ixt_keymaxbits=keymaxbits; - if (keymaxbits*8>ipsec_alg_SERPENT.ixt_keymaxbits) - ipsec_alg_SERPENT.ixt_e_keylen=keymaxbits*8; - } - if (excl) ipsec_alg_SERPENT.ixt_state |= IPSEC_ALG_ST_EXCL; - ret=register_ipsec_alg_enc(&ipsec_alg_SERPENT); - printk("ipsec_serpent_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", - ipsec_alg_SERPENT.ixt_alg_type, - ipsec_alg_SERPENT.ixt_alg_id, - ipsec_alg_SERPENT.ixt_name, - ret); - if (ret==0 && test) { - test_ret=ipsec_alg_test( - ipsec_alg_SERPENT.ixt_alg_type, - ipsec_alg_SERPENT.ixt_alg_id, - test); - printk("ipsec_serpent_init(alg_type=%d alg_id=%d): test_ret=%d\n", - ipsec_alg_SERPENT.ixt_alg_type, - ipsec_alg_SERPENT.ixt_alg_id, - test_ret); - } - return ret; -} -IPSEC_ALG_MODULE_EXIT(ipsec_serpent_fini) -{ - unregister_ipsec_alg_enc(&ipsec_alg_SERPENT); - return; -} -#ifdef MODULE_LICENSE -MODULE_LICENSE("GPL"); -#endif - -EXPORT_NO_SYMBOLS; diff --git a/linux/net/ipsec/alg/ipsec_alg_sha2.c b/linux/net/ipsec/alg/ipsec_alg_sha2.c deleted file mode 100644 index 548585c16..000000000 --- a/linux/net/ipsec/alg/ipsec_alg_sha2.c +++ /dev/null @@ -1,185 +0,0 @@ -/* - * ipsec_alg SHA2 hash stubs - * - * Author: JuanJo Ciarlante - * - * $Id: ipsec_alg_sha2.c,v 1.2 2004/03/22 21:53:19 as Exp $ - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - */ -#include -#include - -/* - * special case: ipsec core modular with this static algo inside: - * must avoid MODULE magic for this file - */ -#if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_SHA2 -#undef MODULE -#endif - -#include -#include - -#include /* printk() */ -#include /* error codes */ -#include /* size_t */ -#include - -/* Check if __exit is defined, if not null it */ -#ifndef __exit -#define __exit -#endif - -/* Low freeswan header coupling */ -#include "freeswan/ipsec_alg.h" -#include "libsha2/sha2.h" -#include "libsha2/hmac_sha2.h" - -MODULE_AUTHOR("JuanJo Ciarlante "); -static int debug=0; -MODULE_PARM(debug, "i"); -static int test=0; -MODULE_PARM(test, "i"); -static int excl=0; -MODULE_PARM(excl, "i"); - -/* almost constants ...: draft-ietf-ipsec-ciph-aes-cbc-03.txt */ -#define AH_SHA2_256 5 -#define AH_SHA2_384 6 -#define AH_SHA2_512 7 - -static int _sha256_hmac_set_key(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * key, int keylen) { - sha256_hmac_context *hctx=(sha256_hmac_context*)(key_a); - sha256_hmac_set_key(hctx, key, keylen); - if (debug > 0) - printk(KERN_DEBUG "klips_debug: _sha256_hmac_set_key(): " - "key_a=%p key=%p keysize=%d\n", - key_a, key, keylen); - return 0; -} -static int _sha256_hmac_hash(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * dat, int len, __u8 * hash, int hashlen) { - sha256_hmac_context *hctx=(sha256_hmac_context*)(key_a); - if (debug > 0) - printk(KERN_DEBUG "klips_debug: _sha256_hmac_hash(): " - "key_a=%p dat=%p len=%d hash=%p hashlen=%d\n", - key_a, dat, len, hash, hashlen); - sha256_hmac_hash(hctx, dat, len, hash, hashlen); - return 0; -} -static int _sha512_hmac_set_key(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * key, int keylen) { - sha512_hmac_context *hctx=(sha512_hmac_context*)(key_a); - sha512_hmac_set_key(hctx, key, keylen); - if (debug > 0) - printk(KERN_DEBUG "klips_debug: _sha512_hmac_set_key(): " - "key_a=%p key=%p keysize=%d\n", - key_a, key, keylen); - return 0; -} -static int _sha512_hmac_hash(struct ipsec_alg_auth *alg, __u8 * key_a, const __u8 * dat, int len, __u8 * hash, int hashlen) { - sha512_hmac_context *hctx=(sha512_hmac_context*)(key_a); - if (debug > 0) - printk(KERN_DEBUG "klips_debug: _sha512_hmac_hash(): " - "key_a=%p dat=%p len=%d hash=%p hashlen=%d\n", - key_a, dat, len, hash, hashlen); - sha512_hmac_hash(hctx, dat, len, hash, hashlen); - return 0; -} -static struct ipsec_alg_auth ipsec_alg_SHA2_256 = { - ixt_version: IPSEC_ALG_VERSION, - ixt_module: THIS_MODULE, - ixt_refcnt: ATOMIC_INIT(0), - ixt_alg_type: IPSEC_ALG_TYPE_AUTH, - ixt_alg_id: AH_SHA2_256, - ixt_name: "sha2_256", - ixt_blocksize: SHA256_BLOCKSIZE, - ixt_keyminbits: 256, - ixt_keymaxbits: 256, - ixt_a_keylen: 256/8, - ixt_a_ctx_size: sizeof(sha256_hmac_context), - ixt_a_hmac_set_key: _sha256_hmac_set_key, - ixt_a_hmac_hash: _sha256_hmac_hash, -}; -static struct ipsec_alg_auth ipsec_alg_SHA2_512 = { - ixt_version: IPSEC_ALG_VERSION, - ixt_module: THIS_MODULE, - ixt_refcnt: ATOMIC_INIT(0), - ixt_alg_type: IPSEC_ALG_TYPE_AUTH, - ixt_alg_id: AH_SHA2_512, - ixt_name: "sha2_512", - ixt_blocksize: SHA512_BLOCKSIZE, - ixt_keyminbits: 512, - ixt_keymaxbits: 512, - ixt_a_keylen: 512/8, - ixt_a_ctx_size: sizeof(sha512_hmac_context), - ixt_a_hmac_set_key: _sha512_hmac_set_key, - ixt_a_hmac_hash: _sha512_hmac_hash, -}; - -IPSEC_ALG_MODULE_INIT( ipsec_sha2_init ) -{ - int ret, test_ret; - if (excl) ipsec_alg_SHA2_256.ixt_state |= IPSEC_ALG_ST_EXCL; - ret=register_ipsec_alg_auth(&ipsec_alg_SHA2_256); - printk("ipsec_sha2_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", - ipsec_alg_SHA2_256.ixt_alg_type, - ipsec_alg_SHA2_256.ixt_alg_id, - ipsec_alg_SHA2_256.ixt_name, - ret); - if (ret != 0) - goto out; - if (ret==0 && test) { - test_ret=ipsec_alg_test( - ipsec_alg_SHA2_256.ixt_alg_type, - ipsec_alg_SHA2_256.ixt_alg_id, - test); - printk("ipsec_sha2_init(alg_type=%d alg_id=%d): test_ret=%d\n", - ipsec_alg_SHA2_256.ixt_alg_type, - ipsec_alg_SHA2_256.ixt_alg_id, - test_ret); - } - if (excl) ipsec_alg_SHA2_512.ixt_state |= IPSEC_ALG_ST_EXCL; - ret=register_ipsec_alg_auth(&ipsec_alg_SHA2_512); - printk("ipsec_sha2_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", - ipsec_alg_SHA2_512.ixt_alg_type, - ipsec_alg_SHA2_512.ixt_alg_id, - ipsec_alg_SHA2_512.ixt_name, - ret); - if (ret != 0) - goto out_256; - if (ret==0 && test) { - test_ret=ipsec_alg_test( - ipsec_alg_SHA2_512.ixt_alg_type, - ipsec_alg_SHA2_512.ixt_alg_id, - test); - printk("ipsec_sha2_init(alg_type=%d alg_id=%d): test_ret=%d\n", - ipsec_alg_SHA2_512.ixt_alg_type, - ipsec_alg_SHA2_512.ixt_alg_id, - test_ret); - } - goto out; -out_256: - unregister_ipsec_alg_auth(&ipsec_alg_SHA2_256); -out: - return ret; -} -IPSEC_ALG_MODULE_EXIT( ipsec_sha2_fini ) -{ - unregister_ipsec_alg_auth(&ipsec_alg_SHA2_512); - unregister_ipsec_alg_auth(&ipsec_alg_SHA2_256); - return; -} -#ifdef MODULE_LICENSE -MODULE_LICENSE("GPL"); -#endif - -EXPORT_NO_SYMBOLS; diff --git a/linux/net/ipsec/alg/ipsec_alg_twofish.c b/linux/net/ipsec/alg/ipsec_alg_twofish.c deleted file mode 100644 index dfeba1f1b..000000000 --- a/linux/net/ipsec/alg/ipsec_alg_twofish.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * ipsec_alg TWOFISH cipher stubs - * - * Author: JuanJo Ciarlante - * - * $Id: ipsec_alg_twofish.c,v 1.2 2004/03/22 21:53:19 as Exp $ - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - */ -#include -#include - -/* - * special case: ipsec core modular with this static algo inside: - * must avoid MODULE magic for this file - */ -#if CONFIG_IPSEC_MODULE && CONFIG_IPSEC_ALG_TWOFISH -#undef MODULE -#endif - -#include -#include - -#include /* printk() */ -#include /* error codes */ -#include /* size_t */ -#include - -/* Check if __exit is defined, if not null it */ -#ifndef __exit -#define __exit -#endif - -/* Low freeswan header coupling */ -#include "freeswan/ipsec_alg.h" -#include "libtwofish/twofish.h" -#include "libtwofish/twofish_cbc.h" - -#define ESP_TWOFISH 253 /* from ipsec drafts */ - -/* 128, 192 or 256 */ -#define ESP_TWOFISH_KEY_SZ_MIN 16 /* 128 bit secret key */ -#define ESP_TWOFISH_KEY_SZ_MAX 32 /* 256 bit secret key */ -#define ESP_TWOFISH_CBC_BLK_LEN 16 /* TWOFISH-CBC block size */ - -MODULE_AUTHOR("JuanJo Ciarlante "); -static int debug=0; -MODULE_PARM(debug, "i"); -static int test=0; -MODULE_PARM(test, "i"); -static int excl=0; -MODULE_PARM(excl, "i"); -static int keyminbits=0; -MODULE_PARM(keyminbits, "i"); -static int keymaxbits=0; -MODULE_PARM(keymaxbits, "i"); - -static int _twofish_set_key(struct ipsec_alg_enc *alg, __u8 * key_e, const __u8 * key, size_t keysize) { - twofish_context *ctx=(twofish_context *)key_e; - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_twofish_set_key:" - "key_e=%p key=%p keysize=%d\n", - key_e, key, keysize); - twofish_set_key(ctx, key, keysize); - return 0; -} -static int _twofish_cbc_encrypt(struct ipsec_alg_enc *alg, __u8 * key_e, __u8 * in, int ilen, const __u8 * iv, int encrypt) { - twofish_context *ctx=(twofish_context *)key_e; - if (debug > 0) - printk(KERN_DEBUG "klips_debug:_twofish_cbc_encrypt:" - "key_e=%p in=%p ilen=%d iv=%p encrypt=%d\n", - key_e, in, ilen, iv, encrypt); - twofish_cbc_encrypt(ctx, in, in, ilen, iv, encrypt); - return ilen; -} -static struct ipsec_alg_enc ipsec_alg_TWOFISH = { - ixt_version: IPSEC_ALG_VERSION, - ixt_module: THIS_MODULE, - ixt_refcnt: ATOMIC_INIT(0), - ixt_alg_type: IPSEC_ALG_TYPE_ENCRYPT, - ixt_alg_id: ESP_TWOFISH, - ixt_name: "twofish", - ixt_blocksize: ESP_TWOFISH_CBC_BLK_LEN, - ixt_keyminbits: ESP_TWOFISH_KEY_SZ_MIN * 8, - ixt_keymaxbits: ESP_TWOFISH_KEY_SZ_MAX * 8, - ixt_e_keylen: ESP_TWOFISH_KEY_SZ_MAX, - ixt_e_ctx_size: sizeof(twofish_context), - ixt_e_set_key: _twofish_set_key, - ixt_e_cbc_encrypt:_twofish_cbc_encrypt, -}; - -IPSEC_ALG_MODULE_INIT( ipsec_twofish_init ) -{ - int ret, test_ret; - if (keyminbits) - ipsec_alg_TWOFISH.ixt_keyminbits=keyminbits; - if (keymaxbits) { - ipsec_alg_TWOFISH.ixt_keymaxbits=keymaxbits; - if (keymaxbits*8>ipsec_alg_TWOFISH.ixt_keymaxbits) - ipsec_alg_TWOFISH.ixt_e_keylen=keymaxbits*8; - } - if (excl) ipsec_alg_TWOFISH.ixt_state |= IPSEC_ALG_ST_EXCL; - ret=register_ipsec_alg_enc(&ipsec_alg_TWOFISH); - printk("ipsec_twofish_init(alg_type=%d alg_id=%d name=%s): ret=%d\n", - ipsec_alg_TWOFISH.ixt_alg_type, - ipsec_alg_TWOFISH.ixt_alg_id, - ipsec_alg_TWOFISH.ixt_name, ret); - if (ret==0 && test) { - test_ret=ipsec_alg_test( - ipsec_alg_TWOFISH.ixt_alg_type, - ipsec_alg_TWOFISH.ixt_alg_id, - test); - printk("ipsec_twofish_init(alg_type=%d alg_id=%d): test_ret=%d\n", - ipsec_alg_TWOFISH.ixt_alg_type, - ipsec_alg_TWOFISH.ixt_alg_id, - ret); - } - return ret; -} -IPSEC_ALG_MODULE_EXIT( ipsec_twofish_fini ) -{ - unregister_ipsec_alg_enc(&ipsec_alg_TWOFISH); - return; -} -#ifdef MODULE_LICENSE -MODULE_LICENSE("GPL"); - -EXPORT_NO_SYMBOLS; -#endif diff --git a/linux/net/ipsec/alg/scripts/mk-static_init.c.sh b/linux/net/ipsec/alg/scripts/mk-static_init.c.sh deleted file mode 100644 index 8a17c670e..000000000 --- a/linux/net/ipsec/alg/scripts/mk-static_init.c.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -cat << EOF -#include -#include -#include "freeswan/ipsec_alg.h" -$(for i in $*; do - test -z "$i" && continue - echo "extern int $i(void);" -done) -void ipsec_alg_static_init(void){ - int __attribute__ ((unused)) err=0; -$(for i in $*; do - test -z "$i" && continue - echo " if ((err=$i()) < 0)" - echo " printk(KERN_WARNING \"$i() returned %d\", err);" -done) -} -EOF diff --git a/linux/net/ipsec/defconfig b/linux/net/ipsec/defconfig deleted file mode 100644 index 84be04318..000000000 --- a/linux/net/ipsec/defconfig +++ /dev/null @@ -1,140 +0,0 @@ - -# -# RCSID $Id: defconfig,v 1.2 2004/03/22 21:53:19 as Exp $ -# - -# -# FreeS/WAN IPSec implementation, KLIPS kernel config defaults -# - -# -# First, lets override stuff already set or not in the kernel config. -# -# We can't even think about leaving this off... -CONFIG_INET=y - -# -# This must be on for subnet protection. -CONFIG_IP_FORWARD=y - -# Shut off IPSEC masquerading if it has been enabled, since it will -# break the compile. IPPROTO_ESP and IPPROTO_AH were included in -# net/ipv4/ip_masq.c when they should have gone into include/linux/in.h. -CONFIG_IP_MASQUERADE_IPSEC=n - -# -# Next, lets set the recommended FreeS/WAN configuration. -# - -# To config as static (preferred), 'y'. To config as module, 'm'. -CONFIG_IPSEC=y - -# To do tunnel mode IPSec, this must be enabled. -CONFIG_IPSEC_IPIP=y - -# To enable authentication, say 'y'. (Highly recommended) -CONFIG_IPSEC_AH=y - -# Authentication algorithm(s): -CONFIG_IPSEC_AUTH_HMAC_MD5=y -CONFIG_IPSEC_AUTH_HMAC_SHA1=y - -# To enable encryption, say 'y'. (Highly recommended) -CONFIG_IPSEC_ESP=y - -# Encryption algorithm(s): -CONFIG_IPSEC_ENC_3DES=y - -# modular algo extensions (and new ALGOs) -CONFIG_IPSEC_ALG=y -CONFIG_IPSEC_ALG_3DES=m -CONFIG_IPSEC_ALG_AES=m -CONFIG_IPSEC_ALG_TWOFISH=m -CONFIG_IPSEC_ALG_BLOWFISH=m -CONFIG_IPSEC_ALG_SERPENT=m -CONFIG_IPSEC_ALG_MD5=m -CONFIG_IPSEC_ALG_SHA1=m -CONFIG_IPSEC_ALG_SHA2=m -#CONFIG_IPSEC_ALG_CAST=n -#CONFIG_IPSEC_ALG_NULL=n - -# Use CryptoAPI for ALG? -CONFIG_IPSEC_ALG_CRYPTOAPI=m - - -# IP Compression: new, probably still has minor bugs. -CONFIG_IPSEC_IPCOMP=y - -# To enable userspace-switchable KLIPS debugging, say 'y'. -CONFIG_IPSEC_DEBUG=y - -# NAT Traversal -CONFIG_IPSEC_NAT_TRAVERSAL=y - -# -# -# $Log: defconfig,v $ -# Revision 1.2 2004/03/22 21:53:19 as -# merged alg-0.8.1 branch with HEAD -# -# Revision 1.1.2.1.2.1 2004/03/16 09:48:19 as -# alg-0.8.1rc12 patch merged -# -# Revision 1.1.2.1 2004/03/15 22:30:06 as -# nat-0.6c patch merged -# -# Revision 1.1 2004/03/15 20:35:26 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.22 2003/02/24 19:37:27 mcr -# changed default compilation mode to static. -# -# Revision 1.21 2002/04/24 07:36:27 mcr -# Moved from ./klips/net/ipsec/defconfig,v -# -# Revision 1.20 2002/04/02 04:07:40 mcr -# default build is now 'm'odule for KLIPS -# -# Revision 1.19 2002/03/08 18:57:17 rgb -# Added a blank line at the beginning of the file to make it easier for -# other projects to patch ./arch/i386/defconfig, for example -# LIDS+grSecurity requested by Jason Pattie. -# -# Revision 1.18 2000/11/30 17:26:56 rgb -# Cleaned out unused options and enabled ipcomp by default. -# -# Revision 1.17 2000/09/15 11:37:01 rgb -# Merge in heavily modified Svenning Soerensen's -# IPCOMP zlib deflate code. -# -# Revision 1.16 2000/09/08 19:12:55 rgb -# Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. -# -# Revision 1.15 2000/05/24 19:37:13 rgb -# *** empty log message *** -# -# Revision 1.14 2000/05/11 21:14:57 henry -# just commenting the FOOBAR=y lines out is not enough -# -# Revision 1.13 2000/05/10 20:17:58 rgb -# Comment out netlink defaults, which are no longer needed. -# -# Revision 1.12 2000/05/10 19:13:38 rgb -# Added configure option to shut off no eroute passthrough. -# -# Revision 1.11 2000/03/16 07:09:46 rgb -# Hardcode PF_KEYv2 support. -# Disable IPSEC_ICMP by default. -# Remove DES config option from defaults file. -# -# Revision 1.10 2000/01/11 03:09:42 rgb -# Added a default of 'y' to PF_KEYv2 keying I/F. -# -# Revision 1.9 1999/05/08 21:23:12 rgb -# Added support for 2.2.x kernels. -# -# Revision 1.8 1999/04/06 04:54:25 rgb -# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes -# patch shell fixes. -# -# diff --git a/linux/net/ipsec/ipcomp.c b/linux/net/ipsec/ipcomp.c deleted file mode 100644 index ff12f2cdd..000000000 --- a/linux/net/ipsec/ipcomp.c +++ /dev/null @@ -1,725 +0,0 @@ -/* - * IPCOMP zlib interface code. - * Copyright (C) 2000 Svenning Soerensen - * Copyright (C) 2000, 2001 Richard Guy Briggs - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -char ipcomp_c_version[] = "RCSID $Id: ipcomp.c,v 1.2 2004/06/13 19:57:49 as Exp $"; - -/* SSS */ - -#include -#include - -#define __NO_VERSION__ -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include -#include -#include -#include - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include - -#include - -#ifdef NET_21 -# include -# include -# include -# define proto_priv cb -#endif /* NET21 */ -#include -#include - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_sa.h" - -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_rcv.h" /* sysctl_ipsec_inbound_policy_check */ -#include "freeswan/ipcomp.h" -#include "zlib/zlib.h" -#include "zlib/zutil.h" - -#include /* SADB_X_CALG_DEFLATE */ - -#ifdef CONFIG_IPSEC_DEBUG -int sysctl_ipsec_debug_ipcomp = 0; -#endif /* CONFIG_IPSEC_DEBUG */ - -static -struct sk_buff *skb_copy_ipcomp(struct sk_buff *skb, int data_growth, int gfp_mask); - -static -voidpf my_zcalloc(voidpf opaque, uInt items, uInt size) -{ - return (voidpf) kmalloc(items*size, GFP_ATOMIC); -} - -static -void my_zfree(voidpf opaque, voidpf address) -{ - kfree(address); -} - -struct sk_buff *skb_compress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags) -{ - struct iphdr *iph; - unsigned int iphlen, pyldsz, cpyldsz; - unsigned char *buffer; - z_stream zs; - int zresult; - - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: .\n"); - - if(skb == NULL) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "passed in NULL skb, returning ERROR.\n"); - if(flags != NULL) { - *flags |= IPCOMP_PARMERROR; - } - return skb; - } - - if(ips == NULL) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "passed in NULL ipsec_sa needed for cpi, returning ERROR.\n"); - if(flags) { - *flags |= IPCOMP_PARMERROR; - } - return skb; - } - - if (flags == NULL) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "passed in NULL flags, returning ERROR.\n"); - ipsec_kfree_skb(skb); - return NULL; - } - -#ifdef NET_21 - iph = skb->nh.iph; -#else /* NET_21 */ - iph = skb->ip_hdr; -#endif /* NET_21 */ - - switch (iph->protocol) { - case IPPROTO_COMP: - case IPPROTO_AH: - case IPPROTO_ESP: - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "skipping compression of packet with ip protocol %d.\n", - iph->protocol); - *flags |= IPCOMP_UNCOMPRESSABLE; - return skb; - } - - /* Don't compress packets already fragmented */ - if (iph->frag_off & __constant_htons(IP_MF | IP_OFFSET)) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "skipping compression of fragmented packet.\n"); - *flags |= IPCOMP_UNCOMPRESSABLE; - return skb; - } - - iphlen = iph->ihl << 2; - pyldsz = ntohs(iph->tot_len) - iphlen; - - /* Don't compress less than 90 bytes (rfc 2394) */ - if (pyldsz < 90) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "skipping compression of tiny packet, len=%d.\n", - pyldsz); - *flags |= IPCOMP_UNCOMPRESSABLE; - return skb; - } - - /* Adaptive decision */ - if (ips->ips_comp_adapt_skip) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "skipping compression: ips_comp_adapt_skip=%d.\n", - ips->ips_comp_adapt_skip); - ips->ips_comp_adapt_skip--; - *flags |= IPCOMP_UNCOMPRESSABLE; - return skb; - } - - zs.zalloc = my_zcalloc; - zs.zfree = my_zfree; - zs.opaque = 0; - - /* We want to use deflateInit2 because we don't want the adler - header. */ - zresult = deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED, -11, - DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY); - if (zresult != Z_OK) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_compress: " - "deflateInit2() returned error %d (%s), " - "skipping compression.\n", - zresult, - zs.msg ? zs.msg : zError(zresult)); - *flags |= IPCOMP_COMPRESSIONERROR; - return skb; - } - - - /* Max output size. Result should be max this size. - * Implementation specific tweak: - * If it's not at least 32 bytes and 6.25% smaller than - * the original packet, it's probably not worth wasting - * the receiver's CPU cycles decompressing it. - * Your mileage may vary. - */ - cpyldsz = pyldsz - sizeof(struct ipcomphdr) - (pyldsz <= 512 ? 32 : pyldsz >> 4); - - buffer = kmalloc(cpyldsz, GFP_ATOMIC); - if (!buffer) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_compress: " - "unable to kmalloc(%d, GFP_ATOMIC), " - "skipping compression.\n", - cpyldsz); - *flags |= IPCOMP_COMPRESSIONERROR; - deflateEnd(&zs); - return skb; - } - -#ifdef CONFIG_IPSEC_DEBUG - if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { - __u8 *c; - int i; - - c = (__u8*)iph + iphlen; - for(i = 0; i < pyldsz; i++, c++) { - if(!(i % 16)) { - printk(KERN_INFO "skb_compress: before:"); - } - printk("%02x ", *c); - if(!((i + 1) % 16)) { - printk("\n"); - } - } - if(i % 16) { - printk("\n"); - } - } -#endif /* CONFIG_IPSEC_DEBUG */ - - zs.next_in = (char *) iph + iphlen; /* start of payload */ - zs.avail_in = pyldsz; - zs.next_out = buffer; /* start of compressed payload */ - zs.avail_out = cpyldsz; - - /* Finish compression in one step */ - zresult = deflate(&zs, Z_FINISH); - - /* Free all dynamically allocated buffers */ - deflateEnd(&zs); - if (zresult != Z_STREAM_END) { - *flags |= IPCOMP_UNCOMPRESSABLE; - kfree(buffer); - - /* Adjust adaptive counters */ - if (++(ips->ips_comp_adapt_tries) == IPCOMP_ADAPT_INITIAL_TRIES) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "first %d packets didn't compress, " - "skipping next %d\n", - IPCOMP_ADAPT_INITIAL_TRIES, - IPCOMP_ADAPT_INITIAL_SKIP); - ips->ips_comp_adapt_skip = IPCOMP_ADAPT_INITIAL_SKIP; - } - else if (ips->ips_comp_adapt_tries == IPCOMP_ADAPT_INITIAL_TRIES + IPCOMP_ADAPT_SUBSEQ_TRIES) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "next %d packets didn't compress, " - "skipping next %d\n", - IPCOMP_ADAPT_SUBSEQ_TRIES, - IPCOMP_ADAPT_SUBSEQ_SKIP); - ips->ips_comp_adapt_skip = IPCOMP_ADAPT_SUBSEQ_SKIP; - ips->ips_comp_adapt_tries = IPCOMP_ADAPT_INITIAL_TRIES; - } - - return skb; - } - - /* resulting compressed size */ - cpyldsz -= zs.avail_out; - - /* Insert IPCOMP header */ - ((struct ipcomphdr*) ((char*) iph + iphlen))->ipcomp_nh = iph->protocol; - ((struct ipcomphdr*) ((char*) iph + iphlen))->ipcomp_flags = 0; - /* use the bottom 16 bits of the spi for the cpi. The top 16 bits are - for internal reference only. */ - ((struct ipcomphdr*) (((char*)iph) + iphlen))->ipcomp_cpi = htons((__u16)(ntohl(ips->ips_said.spi) & 0x0000ffff)); - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_compress: " - "spi=%08x, spi&0xffff=%04x, cpi=%04x, payload size: raw=%d, comp=%d.\n", - ntohl(ips->ips_said.spi), - ntohl(ips->ips_said.spi) & 0x0000ffff, - ntohs(((struct ipcomphdr*)(((char*)iph)+iphlen))->ipcomp_cpi), - pyldsz, - cpyldsz); - - /* Update IP header */ - iph->protocol = IPPROTO_COMP; - iph->tot_len = htons(iphlen + sizeof(struct ipcomphdr) + cpyldsz); -#if 1 /* XXX checksum is done by ipsec_tunnel ? */ - iph->check = 0; - iph->check = ip_fast_csum((char *) iph, iph->ihl); -#endif - - /* Copy compressed payload */ - memcpy((char *) iph + iphlen + sizeof(struct ipcomphdr), - buffer, - cpyldsz); - kfree(buffer); - - /* Update skb length/tail by "unputting" the shrinkage */ - skb_put(skb, - cpyldsz + sizeof(struct ipcomphdr) - pyldsz); - -#ifdef CONFIG_IPSEC_DEBUG - if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { - __u8 *c; - int i; - - c = (__u8*)iph + iphlen + sizeof(struct ipcomphdr); - for(i = 0; i < cpyldsz; i++, c++) { - if(!(i % 16)) { - printk(KERN_INFO "skb_compress: result:"); - } - printk("%02x ", *c); - if(!((i + 1) % 16)) { - printk("\n"); - } - } - if(i % 16) { - printk("\n"); - } - } -#endif /* CONFIG_IPSEC_DEBUG */ - - ips->ips_comp_adapt_skip = 0; - ips->ips_comp_adapt_tries = 0; - - return skb; -} - -struct sk_buff *skb_decompress(struct sk_buff *skb, struct ipsec_sa *ips, unsigned int *flags) -{ - struct sk_buff *nskb = NULL; - - /* original ip header */ - struct iphdr *oiph, *iph; - unsigned int iphlen, pyldsz, cpyldsz; - z_stream zs; - int zresult; - - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_decompress: .\n"); - - if(!skb) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "passed in NULL skb, returning ERROR.\n"); - if (flags) *flags |= IPCOMP_PARMERROR; - return skb; - } - - if(!ips && sysctl_ipsec_inbound_policy_check) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "passed in NULL ipsec_sa needed for comp alg, returning ERROR.\n"); - if (flags) *flags |= IPCOMP_PARMERROR; - return skb; - } - - if (!flags) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "passed in NULL flags, returning ERROR.\n"); - ipsec_kfree_skb(skb); - return NULL; - } - -#ifdef NET_21 - oiph = skb->nh.iph; -#else /* NET_21 */ - oiph = skb->ip_hdr; -#endif /* NET_21 */ - - iphlen = oiph->ihl << 2; - - if (oiph->protocol != IPPROTO_COMP) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "called with non-IPCOMP packet (protocol=%d)," - "skipping decompression.\n", - oiph->protocol); - *flags |= IPCOMP_PARMERROR; - return skb; - } - - if ( (((struct ipcomphdr*)((char*) oiph + iphlen))->ipcomp_flags != 0) - || ((((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_cpi - != htons(SADB_X_CALG_DEFLATE)) - && sysctl_ipsec_inbound_policy_check - && (!ips || (ips && (ips->ips_encalg != SADB_X_CALG_DEFLATE)))) ) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "called with incompatible IPCOMP packet (flags=%d, " - "cpi=%d), ips-compalg=%d, skipping decompression.\n", - ntohs(((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_flags), - ntohs(((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_cpi), - ips ? ips->ips_encalg : 0); - *flags |= IPCOMP_PARMERROR; - - return skb; - } - - if (ntohs(oiph->frag_off) & ~0x4000) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "called with fragmented IPCOMP packet, " - "skipping decompression.\n"); - *flags |= IPCOMP_PARMERROR; - return skb; - } - - /* original compressed payload size */ - cpyldsz = ntohs(oiph->tot_len) - iphlen - sizeof(struct ipcomphdr); - - zs.zalloc = my_zcalloc; - zs.zfree = my_zfree; - zs.opaque = 0; - - zs.next_in = (char *) oiph + iphlen + sizeof(struct ipcomphdr); - zs.avail_in = cpyldsz; - - /* Maybe we should be a bit conservative about memory - requirements and use inflateInit2 */ - /* Beware, that this might make us unable to decompress packets - from other implementations - HINT: check PGPnet source code */ - /* We want to use inflateInit2 because we don't want the adler - header. */ - zresult = inflateInit2(&zs, -15); - if (zresult != Z_OK) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "inflateInit2() returned error %d (%s), " - "skipping decompression.\n", - zresult, - zs.msg ? zs.msg : zError(zresult)); - *flags |= IPCOMP_DECOMPRESSIONERROR; - - return skb; - } - - /* We have no way of knowing the exact length of the resulting - decompressed output before we have actually done the decompression. - For now, we guess that the packet will not be bigger than the - attached ipsec device's mtu or 16260, whichever is biggest. - This may be wrong, since the sender's mtu may be bigger yet. - XXX This must be dealt with later XXX - */ - - /* max payload size */ - pyldsz = skb->dev ? (skb->dev->mtu < 16260 ? 16260 : skb->dev->mtu) - : (65520 - iphlen); - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_decompress: " - "max payload size: %d\n", pyldsz); - - while (pyldsz > (cpyldsz + sizeof(struct ipcomphdr)) && - (nskb = skb_copy_ipcomp(skb, - pyldsz - cpyldsz - sizeof(struct ipcomphdr), - GFP_ATOMIC)) == NULL) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "unable to skb_copy_ipcomp(skb, %d, GFP_ATOMIC), " - "trying with less payload size.\n", - (int)(pyldsz - cpyldsz - sizeof(struct ipcomphdr))); - pyldsz >>=1; - } - - if (!nskb) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "unable to allocate memory, dropping packet.\n"); - *flags |= IPCOMP_DECOMPRESSIONERROR; - inflateEnd(&zs); - - return skb; - } - -#ifdef CONFIG_IPSEC_DEBUG - if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { - __u8 *c; - int i; - - c = (__u8*)oiph + iphlen + sizeof(struct ipcomphdr); - for(i = 0; i < cpyldsz; i++, c++) { - if(!(i % 16)) { - printk(KERN_INFO "skb_decompress: before:"); - } - printk("%02x ", *c); - if(!((i + 1) % 16)) { - printk("\n"); - } - } - if(i % 16) { - printk("\n"); - } - } -#endif /* CONFIG_IPSEC_DEBUG */ - -#ifdef NET_21 - iph = nskb->nh.iph; -#else /* NET_21 */ - iph = nskb->ip_hdr; -#endif /* NET_21 */ - zs.next_out = (char *)iph + iphlen; - zs.avail_out = pyldsz; - - zresult = inflate(&zs, Z_SYNC_FLUSH); - - /* work around a bug in zlib, which sometimes wants to taste an extra - * byte when being used in the (undocumented) raw deflate mode. - */ - if (zresult == Z_OK && !zs.avail_in && zs.avail_out) { - __u8 zerostuff = 0; - - zs.next_in = &zerostuff; - zs.avail_in = 1; - zresult = inflate(&zs, Z_FINISH); - } - - inflateEnd(&zs); - if (zresult != Z_STREAM_END) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_error:skb_decompress: " - "inflate() returned error %d (%s), " - "skipping decompression.\n", - zresult, - zs.msg ? zs.msg : zError(zresult)); - *flags |= IPCOMP_DECOMPRESSIONERROR; - ipsec_kfree_skb(nskb); - - return skb; - } - - /* Update IP header */ - /* resulting decompressed size */ - pyldsz -= zs.avail_out; - iph->tot_len = htons(iphlen + pyldsz); - iph->protocol = ((struct ipcomphdr*) ((char*) oiph + iphlen))->ipcomp_nh; - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_decompress: " - "spi=%08x, spi&0xffff=%04x, cpi=%04x, payload size: comp=%d, raw=%d, nh=%d.\n", - ips ? ntohl(ips->ips_said.spi) : 0, - ips ? ntohl(ips->ips_said.spi) & 0x0000ffff : 0, - ntohs(((struct ipcomphdr*)(((char*)oiph)+iphlen))->ipcomp_cpi), - cpyldsz, - pyldsz, - iph->protocol); - -#if 1 /* XXX checksum is done by ipsec_rcv ? */ - iph->check = 0; - iph->check = ip_fast_csum((char*) iph, iph->ihl); -#endif - - /* Update skb length/tail by "unputting" the unused data area */ - skb_put(nskb, -zs.avail_out); - - ipsec_kfree_skb(skb); - - if (iph->protocol == IPPROTO_COMP) - { -#ifdef CONFIG_IPSEC_DEBUG - if(sysctl_ipsec_debug_ipcomp) - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_decompress: " - "Eh? inner packet is also compressed, dropping.\n"); -#endif /* CONFIG_IPSEC_DEBUG */ - - ipsec_kfree_skb(nskb); - return NULL; - } - -#ifdef CONFIG_IPSEC_DEBUG - if(sysctl_ipsec_debug_ipcomp && sysctl_ipsec_debug_verbose) { - __u8 *c; - int i; - - c = (__u8*)iph + iphlen; - for(i = 0; i < pyldsz; i++, c++) { - if(!(i % 16)) { - printk(KERN_INFO "skb_decompress: result:"); - } - printk("%02x ", *c); - if(!((i + 1) % 16)) { - printk("\n"); - } - } - if(i % 16) { - printk("\n"); - } - } -#endif /* CONFIG_IPSEC_DEBUG */ - - return nskb; -} - - -/* this is derived from skb_copy() in linux 2.2.14 */ -/* May be incompatible with other kernel versions!! */ -static -struct sk_buff *skb_copy_ipcomp(struct sk_buff *skb, int data_growth, int gfp_mask) -{ - struct sk_buff *n; - struct iphdr *iph; - unsigned long offset; - unsigned int iphlen; - - if(!skb) { - KLIPS_PRINT(sysctl_ipsec_debug_ipcomp, - "klips_debug:skb_copy_ipcomp: " - "passed in NULL skb, returning NULL.\n"); - return NULL; - } - - /* - * Allocate the copy buffer - */ - -#ifdef NET_21 - iph = skb->nh.iph; -#else /* NET_21 */ - iph = skb->ip_hdr; -#endif /* NET_21 */ - if (!iph) return NULL; - iphlen = iph->ihl << 2; - - n=alloc_skb(skb->end - skb->head + data_growth, gfp_mask); - if(n==NULL) - return NULL; - - /* - * Shift between the two data areas in bytes - */ - - offset=n->head-skb->head; - - /* Set the data pointer */ - skb_reserve(n,skb->data-skb->head); - /* Set the tail pointer and length */ - skb_put(n,skb->len+data_growth); - /* Copy the bytes up to and including the ip header */ - memcpy(n->head, - skb->head, - ((char *)iph - (char *)skb->head) + iphlen); - n->list=NULL; - n->next=NULL; - n->prev=NULL; - n->sk=NULL; - n->dev=skb->dev; - if (skb->h.raw) - n->h.raw=skb->h.raw+offset; - else - n->h.raw=NULL; - n->protocol=skb->protocol; -#ifdef NET_21 - n->csum = 0; - n->priority=skb->priority; - n->dst=dst_clone(skb->dst); - n->nh.raw=skb->nh.raw+offset; -#ifndef NETDEV_23 - n->is_clone=0; -#endif /* NETDEV_23 */ - atomic_set(&n->users, 1); - n->destructor = NULL; - n->security=skb->security; - memcpy(n->cb, skb->cb, sizeof(skb->cb)); -#ifdef CONFIG_IP_FIREWALL - n->fwmark = skb->fwmark; -#endif -#else /* NET_21 */ - n->link3=NULL; - n->when=skb->when; - n->ip_hdr=(struct iphdr *)(((char *)skb->ip_hdr)+offset); - n->saddr=skb->saddr; - n->daddr=skb->daddr; - n->raddr=skb->raddr; - n->seq=skb->seq; - n->end_seq=skb->end_seq; - n->ack_seq=skb->ack_seq; - n->acked=skb->acked; - n->free=1; - n->arp=skb->arp; - n->tries=0; - n->lock=0; - n->users=0; - memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv)); -#endif /* NET_21 */ - if (skb->mac.raw) - n->mac.raw=skb->mac.raw+offset; - else - n->mac.raw=NULL; -#ifndef NETDEV_23 - n->used=skb->used; -#endif /* !NETDEV_23 */ - n->pkt_type=skb->pkt_type; -#ifndef NETDEV_23 - n->pkt_bridged=skb->pkt_bridged; -#endif /* NETDEV_23 */ - n->ip_summed=0; - n->stamp=skb->stamp; -#ifndef NETDEV_23 /* this seems to have been removed in 2.4 */ -#if defined(CONFIG_SHAPER) || defined(CONFIG_SHAPER_MODULE) - n->shapelatency=skb->shapelatency; /* Latency on frame */ - n->shapeclock=skb->shapeclock; /* Time it should go out */ - n->shapelen=skb->shapelen; /* Frame length in clocks */ - n->shapestamp=skb->shapestamp; /* Stamp for shaper */ - n->shapepend=skb->shapepend; /* Pending */ -#endif /* defined(CONFIG_SHAPER) || defined(CONFIG_SHAPER_MODULE) */ -#endif /* NETDEV_23 */ -#ifdef CONFIG_HIPPI - n->private.ifield=skb->private.ifield; -#endif /* CONFIG_HIPPI */ - - return n; -} diff --git a/linux/net/ipsec/ipsec_alg.c b/linux/net/ipsec/ipsec_alg.c deleted file mode 100644 index c402b7e5b..000000000 --- a/linux/net/ipsec/ipsec_alg.c +++ /dev/null @@ -1,927 +0,0 @@ -/* - * Modular extensions service and registration functions - * - * Author: JuanJo Ciarlante - * - * Version: 0.8.1 - * - * $Id: ipsec_alg.c,v 1.4 2004/06/13 19:57:49 as Exp $ - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - */ -#ifdef CONFIG_IPSEC_ALG -#define __NO_VERSION__ -#include -#include /* printk() */ - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include -#include -#include -#include -#include /* memcmp() */ -#include /* get_random_bytes() */ -#include /* error codes */ -#ifdef SPINLOCK -# ifdef SPINLOCK_23 -# include /* *lock* */ -# else /* SPINLOCK_23 */ -# include /* *lock* */ -# endif /* SPINLOCK_23 */ -#endif /* SPINLOCK */ -#ifdef NET_21 -# include -# include -# define proto_priv cb -#endif /* NET21 */ -#include "freeswan/ipsec_param.h" -#include -#include "freeswan/ipsec_sa.h" -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_rcv.h" -#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) -# include "freeswan/ipsec_ah.h" -#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */ -#ifdef CONFIG_IPSEC_ESP -# include "freeswan/ipsec_esp.h" -#endif /* !CONFIG_IPSEC_ESP */ -#ifdef CONFIG_IPSEC_IPCOMP -# include "freeswan/ipcomp.h" -#endif /* CONFIG_IPSEC_COMP */ - -#include -#include - -#include "freeswan/ipsec_alg.h" - -#ifndef CONFIG_IPSEC_ALG -#error This file _MUST_ be compiled with CONFIG_IPSEC_ALG enabled ! -#endif -#if SADB_EALG_MAX < 255 -#warning Compiling with limited ESP support ( SADB_EALG_MAX < 256 ) -#endif - -static rwlock_t ipsec_alg_lock = RW_LOCK_UNLOCKED; -#define IPSEC_ALG_HASHSZ 16 /* must be power of 2, even 2^0=1 */ -static struct list_head ipsec_alg_hash_table[IPSEC_ALG_HASHSZ]; - -/* Old gcc's will fail here */ -#define barf_out(fmt, args...) do { printk(KERN_ERR "%s: (%s) " fmt, __FUNCTION__, ixt->ixt_name , ## args)\ - ; goto out; } while(0) - -/* - * Must be already protected by lock - */ -static void __ipsec_alg_usage_inc(struct ipsec_alg *ixt) { - if (ixt->ixt_module) - __MOD_INC_USE_COUNT(ixt->ixt_module); - atomic_inc(&ixt->ixt_refcnt); -} -static void __ipsec_alg_usage_dec(struct ipsec_alg *ixt) { - atomic_dec(&ixt->ixt_refcnt); - if (ixt->ixt_module) - __MOD_DEC_USE_COUNT(ixt->ixt_module); -} -/* - * simple hash function, optimized for 0-hash (1 list) special - * case - */ -#if IPSEC_ALG_HASHSZ > 1 -static inline unsigned ipsec_alg_hashfn(int alg_type, int alg_id) { - return ((alg_type^alg_id)&(IPSEC_ALG_HASHSZ-1)); -} -#else -#define ipsec_alg_hashfn(x,y) (0) -#endif - -/***************************************************************** - * - * INTERNAL table handling: insert, delete, find - * - *****************************************************************/ - -/* - * hash table initialization, called from ipsec_alg_init() - */ -static void ipsec_alg_hash_init(void) { - struct list_head *head = ipsec_alg_hash_table; - int i = IPSEC_ALG_HASHSZ; - do { - INIT_LIST_HEAD(head); - head++; - i--; - } while (i); -} -/* - * hash list lookup by {alg_type, alg_id} and table head, - * must be already protected by lock - */ -static struct ipsec_alg *__ipsec_alg_find(unsigned alg_type, unsigned alg_id, struct list_head * head) { - struct list_head *p; - struct ipsec_alg *ixt=NULL; - for (p=head->next; p!=head; p=p->next) { - ixt = list_entry(p, struct ipsec_alg, ixt_list); - if (ixt->ixt_alg_type == alg_type && ixt->ixt_alg_id==alg_id) { - goto out; - } - } - ixt=NULL; -out: - return ixt; -} -/* - * inserts (in front) a new entry in hash table, - * called from ipsec_alg_register() when new algorithm is registered. - */ -static int ipsec_alg_insert(struct ipsec_alg *ixt) { - int ret=-EINVAL; - unsigned hashval=ipsec_alg_hashfn(ixt->ixt_alg_type, ixt->ixt_alg_id); - struct list_head *head= ipsec_alg_hash_table + hashval; - struct ipsec_alg *ixt_cur; - /* new element must be virgin ... */ - if (ixt->ixt_list.next != &ixt->ixt_list || - ixt->ixt_list.prev != &ixt->ixt_list) { - printk(KERN_ERR "ipsec_alg_insert: ixt object \"%s\" " - "list head not initialized\n", - ixt->ixt_name); - return ret; - } - write_lock_bh(&ipsec_alg_lock); - ixt_cur = __ipsec_alg_find(ixt->ixt_alg_type, ixt->ixt_alg_id, head); - /* if previous (current) ipsec_alg found check excl flag of _anyone_ */ - if (ixt_cur && ((ixt->ixt_state|ixt_cur->ixt_state) & IPSEC_ALG_ST_EXCL)) - barf_out("ipsec_alg for alg_type=%d, alg_id=%d already exist. " - "Not loaded (ret=%d).\n", - ixt->ixt_alg_type, - ixt->ixt_alg_id, ret=-EEXIST); - list_add(&ixt->ixt_list, head); - ixt->ixt_state |= IPSEC_ALG_ST_REGISTERED; - ret=0; -out: - write_unlock_bh(&ipsec_alg_lock); - return ret; -} -/* - * deletes an existing entry in hash table, - * called from ipsec_alg_unregister() when algorithm is unregistered. - */ -static int ipsec_alg_delete(struct ipsec_alg *ixt) { - write_lock_bh(&ipsec_alg_lock); - list_del(&ixt->ixt_list); - write_unlock_bh(&ipsec_alg_lock); - return 0; -} -/* - * here @user context (read-only when @kernel bh context) - * -> no bh disabling - * - * called from ipsec_sa_init() -> ipsec_alg_sa_init() - */ -static struct ipsec_alg *ipsec_alg_get(int alg_type, int alg_id) { - unsigned hashval=ipsec_alg_hashfn(alg_type, alg_id); - struct list_head *head= ipsec_alg_hash_table + hashval; - struct ipsec_alg *ixt; - read_lock(&ipsec_alg_lock); - ixt=__ipsec_alg_find(alg_type, alg_id, head); - if (ixt) __ipsec_alg_usage_inc(ixt); - read_unlock(&ipsec_alg_lock); - return ixt; -} - -static void ipsec_alg_put(struct ipsec_alg *ixt) { - __ipsec_alg_usage_dec((struct ipsec_alg *)ixt); -} - -/***************************************************************** - * - * INTERFACE for ENC services: key creation, encrypt function - * - *****************************************************************/ - -/* - * main encrypt service entry point - * called from ipsec_rcv() with encrypt=IPSEC_ALG_DECRYPT and - * ipsec_tunnel_start_xmit with encrypt=IPSEC_ALG_ENCRYPT - */ -int ipsec_alg_esp_encrypt(struct ipsec_sa *sa_p, __u8 * idat, int ilen, const __u8 * iv, int encrypt) { - int ret; - struct ipsec_alg_enc *ixt_e=sa_p->ips_alg_enc; - KLIPS_PRINT(debug_rcv||debug_tunnel, - "klips_debug:ipsec_alg_esp_encrypt: " - "entering with encalg=%d, ixt_e=%p\n", - sa_p->ips_encalg, ixt_e); - if (!ixt_e) { - KLIPS_PRINT(debug_rcv||debug_tunnel, - "klips_debug:ipsec_alg_esp_encrypt: " - "NULL ipsec_alg_enc object\n"); - return -1; - } - KLIPS_PRINT(debug_rcv||debug_tunnel, - "klips_debug:ipsec_alg_esp_encrypt: " - "calling cbc_encrypt encalg=%d " - "ips_key_e=%p idat=%p ilen=%d iv=%p, encrypt=%d\n", - sa_p->ips_encalg, - sa_p->ips_key_e, idat, ilen, iv, encrypt); - ret=ixt_e->ixt_e_cbc_encrypt(ixt_e, sa_p->ips_key_e, idat, ilen, iv, encrypt); - KLIPS_PRINT(debug_rcv||debug_tunnel, - "klips_debug:ipsec_alg_esp_encrypt: " - "returned ret=%d\n", - ret); - return ret; -} -/* - * encryption key context creation function - * called from pfkey_v2_parser.c:pfkey_ips_init() - */ -int ipsec_alg_enc_key_create(struct ipsec_sa *sa_p) { - int ret=-EINVAL; - int keyminbits, keymaxbits; - caddr_t ekp; - struct ipsec_alg_enc *ixt_e=sa_p->ips_alg_enc; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_alg_enc_key_create: " - "entering with encalg=%d ixt_e=%p\n", - sa_p->ips_encalg, ixt_e); - if (!ixt_e) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_alg_enc_key_create: " - "NULL ipsec_alg_enc object\n"); - return -EPROTO; - } - - /* - * grRRR... DES 7bits jurassic stuff ... f*ckk --jjo - */ - switch(ixt_e->ixt_alg_id) { - case ESP_3DES: - keyminbits=keymaxbits=192;break; - case ESP_DES: - keyminbits=keymaxbits=64;break; - default: - keyminbits=ixt_e->ixt_keyminbits; - keymaxbits=ixt_e->ixt_keymaxbits; - } - if(sa_p->ips_key_bits_eips_key_bits_e>keymaxbits) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_alg_enc_key_create: " - "incorrect encryption key size for id=%d: %d bits -- " - "must be between %d,%d bits\n" /*octets (bytes)\n"*/, - ixt_e->ixt_alg_id, - sa_p->ips_key_bits_e, keyminbits, keymaxbits); - ret=-EINVAL; - goto ixt_out; - } - /* save encryption key pointer */ - ekp = sa_p->ips_key_e; - - - if (ixt_e->ixt_e_new_key) { - sa_p->ips_key_e = ixt_e->ixt_e_new_key(ixt_e, - ekp, sa_p->ips_key_bits_e/8); - ret = (sa_p->ips_key_e)? 0 : -EINVAL; - } else { - if((sa_p->ips_key_e = (caddr_t) - kmalloc((sa_p->ips_key_e_size = ixt_e->ixt_e_ctx_size), - GFP_ATOMIC)) == NULL) { - ret=-ENOMEM; - goto ixt_out; - } - /* zero-out key_e */ - memset(sa_p->ips_key_e, 0, sa_p->ips_key_e_size); - - /* I cast here to allow more decoupling in alg module */ - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_alg_enc_key_create: about to call:" - "set_key(key_e=%p, ekp=%p, key_size=%d)\n", - (caddr_t)sa_p->ips_key_e, ekp, sa_p->ips_key_bits_e/8); - ret = ixt_e->ixt_e_set_key(ixt_e, (caddr_t)sa_p->ips_key_e, ekp, sa_p->ips_key_bits_e/8); - } - /* paranoid */ - memset(ekp, 0, sa_p->ips_key_bits_e/8); - kfree(ekp); -ixt_out: - return ret; -} - -/*************************************************************** - * - * INTERFACE for AUTH services: key creation, hash functions - * - ***************************************************************/ - -/* - * auth key context creation function - * called from pfkey_v2_parser.c:pfkey_ips_init() - */ -int ipsec_alg_auth_key_create(struct ipsec_sa *sa_p) { - int ret=-EINVAL; - struct ipsec_alg_auth *ixt_a=sa_p->ips_alg_auth; - int keyminbits, keymaxbits; - unsigned char *akp; - unsigned int aks; - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_alg_auth_key_create: " - "entering with authalg=%d ixt_a=%p\n", - sa_p->ips_authalg, ixt_a); - if (!ixt_a) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_alg_auth_key_create: " - "NULL ipsec_alg_auth object\n"); - return -EPROTO; - } - keyminbits=ixt_a->ixt_keyminbits; - keymaxbits=ixt_a->ixt_keymaxbits; - if(sa_p->ips_key_bits_aips_key_bits_a>keymaxbits) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_alg_auth_key_create: incorrect auth" - "key size: %d bits -- must be between %d,%d bits\n"/*octets (bytes)\n"*/, - sa_p->ips_key_bits_a, keyminbits, keymaxbits); - ret=-EINVAL; - goto ixt_out; - } - /* save auth key pointer */ - sa_p->ips_auth_bits = ixt_a->ixt_a_keylen * 8; /* XXX XXX */ - akp = sa_p->ips_key_a; - aks = sa_p->ips_key_a_size; - - /* will hold: 2 ctx and a blocksize buffer: kb */ - sa_p->ips_key_a_size = ixt_a->ixt_a_ctx_size; - if((sa_p->ips_key_a = - (caddr_t) kmalloc(sa_p->ips_key_a_size, GFP_ATOMIC)) == NULL) { - ret=-ENOMEM; - goto ixt_out; - } - ixt_a->ixt_a_hmac_set_key(ixt_a, sa_p->ips_key_a, akp, sa_p->ips_key_bits_a/8); /* XXX XXX */ - ret=0; - memset(akp, 0, aks); - kfree(akp); - -ixt_out: - return ret; -} -int ipsec_alg_sa_esp_hash(const struct ipsec_sa *sa_p, const __u8 *espp, int len, __u8 *hash, int hashlen) { - struct ipsec_alg_auth *ixt_a=sa_p->ips_alg_auth; - if (!ixt_a) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_sa_esp_hash: " - "NULL ipsec_alg_auth object\n"); - return -EPROTO; - } - KLIPS_PRINT(debug_tunnel|debug_rcv, - "klips_debug:ipsec_sa_esp_hash: " - "hashing %p (%d bytes) to %p (%d bytes)\n", - espp, len, - hash, hashlen); - ixt_a->ixt_a_hmac_hash(ixt_a, - sa_p->ips_key_a, - espp, len, - hash, hashlen); - return 0; -} - -/*************************************************************** - * - * INTERFACE for module loading,testing, and unloading - * - ***************************************************************/ - -/* validation for registering (enc) module */ -static int check_enc(struct ipsec_alg_enc *ixt) { - int ret=-EINVAL; - if (ixt->ixt_alg_id==0 || ixt->ixt_alg_id > SADB_EALG_MAX) - barf_out("invalid alg_id=%d >= %d\n", ixt->ixt_alg_id, SADB_EALG_MAX); - if (ixt->ixt_blocksize==0) /* || ixt->ixt_blocksize%2) need for ESP_NULL */ - barf_out(KERN_ERR "invalid blocksize=%d\n", ixt->ixt_blocksize); - if (ixt->ixt_keyminbits==0 && ixt->ixt_keymaxbits==0 && ixt->ixt_e_keylen==0) - goto zero_key_ok; - if (ixt->ixt_keyminbits==0) - barf_out(KERN_ERR "invalid keyminbits=%d\n", ixt->ixt_keyminbits); - if (ixt->ixt_keymaxbits==0) - barf_out(KERN_ERR "invalid keymaxbits=%d\n", ixt->ixt_keymaxbits); - if (ixt->ixt_e_keylen==0) - barf_out(KERN_ERR "invalid keysize=%d\n", ixt->ixt_e_keylen); -zero_key_ok: - if (ixt->ixt_e_ctx_size==0 && ixt->ixt_e_new_key == NULL) - barf_out(KERN_ERR "invalid key_e_size=%d and ixt_e_new_key=NULL\n", ixt->ixt_e_ctx_size); - if (ixt->ixt_e_cbc_encrypt==NULL) - barf_out(KERN_ERR "e_cbc_encrypt() must be not NULL\n"); - ret=0; -out: - return ret; -} - -/* validation for registering (auth) module */ -static int check_auth(struct ipsec_alg_auth *ixt) { - int ret=-EINVAL; - if (ixt->ixt_alg_id==0 || ixt->ixt_alg_id > SADB_AALG_MAX) - barf_out("invalid alg_id=%d > %d (SADB_AALG_MAX)\n", ixt->ixt_alg_id, SADB_AALG_MAX); - if (ixt->ixt_blocksize==0 || ixt->ixt_blocksize%2) - barf_out(KERN_ERR "invalid blocksize=%d\n", ixt->ixt_blocksize); - if (ixt->ixt_blocksize>AH_BLKLEN_MAX) - barf_out(KERN_ERR "sorry blocksize=%d > %d. " - "Please increase AH_BLKLEN_MAX and recompile\n", - ixt->ixt_blocksize, - AH_BLKLEN_MAX); - if (ixt->ixt_keyminbits==0 && ixt->ixt_keymaxbits==0 && ixt->ixt_a_keylen==0) - goto zero_key_ok; - if (ixt->ixt_keyminbits==0) - barf_out(KERN_ERR "invalid keyminbits=%d\n", ixt->ixt_keyminbits); - if (ixt->ixt_keymaxbits==0) - barf_out(KERN_ERR "invalid keymaxbits=%d\n", ixt->ixt_keymaxbits); - if (ixt->ixt_keymaxbits!=ixt->ixt_keyminbits) - barf_out(KERN_ERR "keymaxbits must equal keyminbits (not sure).\n"); - if (ixt->ixt_a_keylen==0) - barf_out(KERN_ERR "invalid keysize=%d\n", ixt->ixt_a_keylen); -zero_key_ok: - if (ixt->ixt_a_ctx_size==0) - barf_out(KERN_ERR "invalid a_ctx_size=%d\n", ixt->ixt_a_ctx_size); - if (ixt->ixt_a_hmac_set_key==NULL) - barf_out(KERN_ERR "a_hmac_set_key() must be not NULL\n"); - if (ixt->ixt_a_hmac_hash==NULL) - barf_out(KERN_ERR "a_hmac_hash() must be not NULL\n"); - ret=0; -out: - return ret; -} - -/* - * Generic (enc, auth) registration entry point - */ -int register_ipsec_alg(struct ipsec_alg *ixt) { - int ret=-EINVAL; - /* Validation */ - if (ixt==NULL) - barf_out("NULL ipsec_alg object passed\n"); - if ((ixt->ixt_version&0xffffff00) != (IPSEC_ALG_VERSION&0xffffff00)) - barf_out("incorrect version: %d.%d.%d-%d, " - "must be %d.%d.%d[-%d]\n", - IPSEC_ALG_VERSION_QUAD(ixt->ixt_version), - IPSEC_ALG_VERSION_QUAD(IPSEC_ALG_VERSION)); - switch(ixt->ixt_alg_type) { - case IPSEC_ALG_TYPE_AUTH: - if ((ret=check_auth((struct ipsec_alg_auth *)ixt)<0)) - goto out; - break; - case IPSEC_ALG_TYPE_ENCRYPT: - if ((ret=check_enc((struct ipsec_alg_enc *)ixt)<0)) - goto out; - /* - * Adapted two lines below: - * ivlen == 0 is possible (NULL enc has blocksize==1) - * - * fixed NULL support by David De Reu - */ - if (ixt->ixt_ivlen == 0 && ixt->ixt_blocksize > 1) - ixt->ixt_ivlen = ixt->ixt_blocksize*8; - break; - default: - barf_out("alg_type=%d not supported\n", ixt->ixt_alg_type); - } - INIT_LIST_HEAD(&ixt->ixt_list); - ret = ipsec_alg_insert(ixt); - if (ret<0) - barf_out(KERN_WARNING "ipsec_alg for alg_id=%d failed." - "Not loaded (ret=%d).\n", - ixt->ixt_alg_id, ret); - - ret = pfkey_list_insert_supported((struct supported *)&ixt->ixt_support, &(pfkey_supported_list[SADB_SATYPE_ESP])); - if (ret==0) { - ixt->ixt_state |= IPSEC_ALG_ST_SUPP; - /* send register event to userspace */ - pfkey_register_reply(SADB_SATYPE_ESP, NULL); - } else - printk(KERN_ERR "pfkey_list_insert_supported returned %d. " - "Loading anyway.\n", ret); - ret=0; -out: - return ret; -} - -/* - * unregister ipsec_alg object from own tables, if - * success => calls pfkey_list_remove_supported() - */ -int unregister_ipsec_alg(struct ipsec_alg *ixt) { - int ret= -EINVAL; - switch(ixt->ixt_alg_type) { - case IPSEC_ALG_TYPE_AUTH: - case IPSEC_ALG_TYPE_ENCRYPT: - break; - default: - /* this is not a typo :) */ - barf_out("frog found in list (\"%s\"): ixt_p=NULL\n", - ixt->ixt_name); - } - - ret=ipsec_alg_delete(ixt); - if (ixt->ixt_state&IPSEC_ALG_ST_SUPP) { - ixt->ixt_state &= ~IPSEC_ALG_ST_SUPP; - pfkey_list_remove_supported((struct supported *)&ixt->ixt_support, &(pfkey_supported_list[SADB_SATYPE_ESP])); - /* send register event to userspace */ - pfkey_register_reply(SADB_SATYPE_ESP, NULL); - } - -out: - return ret; -} -/* - * Must be called from user context - * used at module load type for testing algo implementation - */ -static int ipsec_alg_test_encrypt(int enc_alg, int test) { - int ret; - caddr_t buf = NULL; - int iv_size, keysize, key_e_size; - struct ipsec_alg_enc *ixt_e; - void *tmp_key_e = NULL; - #define BUFSZ 1024 - #define MARGIN 0 - #define test_enc (buf+MARGIN) - #define test_dec (test_enc+BUFSZ+MARGIN) - #define test_tmp (test_dec+BUFSZ+MARGIN) - #define test_key_e (test_tmp+BUFSZ+MARGIN) - #define test_iv (test_key_e+key_e_size+MARGIN) - #define test_key (test_iv+iv_size+MARGIN) - #define test_size (BUFSZ*3+key_e_size+iv_size+keysize+MARGIN*7) - ixt_e=(struct ipsec_alg_enc *)ipsec_alg_get(IPSEC_ALG_TYPE_ENCRYPT, enc_alg); - if (ixt_e==NULL) { - KLIPS_PRINT(1, - "klips_debug: ipsec_alg_test_encrypt: " - "encalg=%d object not found\n", - enc_alg); - ret=-EINVAL; - goto out; - } - iv_size=ixt_e->ixt_ivlen / 8; - key_e_size=ixt_e->ixt_e_ctx_size; - keysize=ixt_e->ixt_e_keylen; - KLIPS_PRINT(1, - "klips_debug: ipsec_alg_test_encrypt: " - "enc_alg=%d blocksize=%d key_e_size=%d keysize=%d\n", - enc_alg, iv_size, key_e_size, keysize); - if ((buf=kmalloc (test_size, GFP_KERNEL)) == NULL) { - ret= -ENOMEM; - goto out; - } - get_random_bytes(test_key, keysize); - get_random_bytes(test_iv, iv_size); - if (ixt_e->ixt_e_new_key) { - tmp_key_e = ixt_e->ixt_e_new_key(ixt_e, test_key, keysize); - ret = tmp_key_e ? 0 : -EINVAL; - } else { - tmp_key_e = test_key_e; - ret = ixt_e->ixt_e_set_key(ixt_e, test_key_e, test_key, keysize); - } - if (ret < 0) - goto out; - get_random_bytes(test_enc, BUFSZ); - memcpy(test_tmp, test_enc, BUFSZ); - ret=ixt_e->ixt_e_cbc_encrypt(ixt_e, tmp_key_e, test_enc, BUFSZ, test_iv, 1); - printk(KERN_INFO - "klips_info: ipsec_alg_test_encrypt: " - "cbc_encrypt=1 ret=%d\n", - ret); - ret=memcmp(test_enc, test_tmp, BUFSZ); - printk(KERN_INFO - "klips_info: ipsec_alg_test_encrypt: " - "memcmp(enc, tmp) ret=%d: %s\n", ret, - ret!=0? "OK. (encr->DIFFers)" : "FAIL! (encr->SAME)" ); - memcpy(test_dec, test_enc, BUFSZ); - ret=ixt_e->ixt_e_cbc_encrypt(ixt_e, tmp_key_e, test_dec, BUFSZ, test_iv, 0); - printk(KERN_INFO - "klips_info: ipsec_alg_test_encrypt: " - "cbc_encrypt=0 ret=%d\n", ret); - ret=memcmp(test_dec, test_tmp, BUFSZ); - printk(KERN_INFO - "klips_info: ipsec_alg_test_encrypt: " - "memcmp(dec,tmp) ret=%d: %s\n", ret, - ret==0? "OK. (encr->decr->SAME)" : "FAIL! (encr->decr->DIFFers)" ); - { - /* Shamelessly taken from drivers/md sources O:) */ - unsigned long now; - int i, count, max=0; - int encrypt, speed; - for (encrypt=0; encrypt <2;encrypt ++) { - for (i = 0; i < 5; i++) { - now = jiffies; - count = 0; - while (jiffies == now) { - mb(); - ixt_e->ixt_e_cbc_encrypt(ixt_e, - tmp_key_e, test_tmp, - BUFSZ, test_iv, encrypt); - mb(); - count++; - mb(); - } - if (count > max) - max = count; - } - speed = max * (HZ * BUFSZ / 1024); - printk(KERN_INFO - "klips_info: ipsec_alg_test_encrypt: " - "%s %s speed=%d KB/s\n", - ixt_e->ixt_name, - encrypt? "encrypt": "decrypt", speed); - } - } -out: - if (tmp_key_e && ixt_e->ixt_e_destroy_key) ixt_e->ixt_e_destroy_key(ixt_e, tmp_key_e); - if (buf) kfree(buf); - if (ixt_e) ipsec_alg_put((struct ipsec_alg *)ixt_e); - return ret; - #undef test_enc - #undef test_dec - #undef test_tmp - #undef test_key_e - #undef test_iv - #undef test_key - #undef test_size -} -/* - * Must be called from user context - * used at module load type for testing algo implementation - */ -static int ipsec_alg_test_auth(int auth_alg, int test) { - int ret; - caddr_t buf = NULL; - int blocksize, keysize, key_a_size; - struct ipsec_alg_auth *ixt_a; - #define BUFSZ 1024 - #define MARGIN 0 - #define test_auth (buf+MARGIN) - #define test_key_a (test_auth+BUFSZ+MARGIN) - #define test_key (test_key_a+key_a_size+MARGIN) - #define test_hash (test_key+keysize+MARGIN) - #define test_size (BUFSZ+key_a_size+keysize+AHHMAC_HASHLEN+MARGIN*4) - ixt_a=(struct ipsec_alg_auth *)ipsec_alg_get(IPSEC_ALG_TYPE_AUTH, auth_alg); - if (ixt_a==NULL) { - KLIPS_PRINT(1, - "klips_debug: ipsec_alg_test_auth: " - "encalg=%d object not found\n", - auth_alg); - ret=-EINVAL; - goto out; - } - blocksize=ixt_a->ixt_blocksize; - key_a_size=ixt_a->ixt_a_ctx_size; - keysize=ixt_a->ixt_a_keylen; - KLIPS_PRINT(1, - "klips_debug: ipsec_alg_test_auth: " - "auth_alg=%d blocksize=%d key_a_size=%d keysize=%d\n", - auth_alg, blocksize, key_a_size, keysize); - if ((buf=kmalloc (test_size, GFP_KERNEL)) == NULL) { - ret= -ENOMEM; - goto out; - } - get_random_bytes(test_key, keysize); - ret = ixt_a->ixt_a_hmac_set_key(ixt_a, test_key_a, test_key, keysize); - if (ret < 0 ) - goto out; - get_random_bytes(test_auth, BUFSZ); - ret=ixt_a->ixt_a_hmac_hash(ixt_a, test_key_a, test_auth, BUFSZ, test_hash, AHHMAC_HASHLEN); - printk(KERN_INFO - "klips_info: ipsec_alg_test_auth: " - "ret=%d\n", ret); - { - /* Shamelessly taken from drivers/md sources O:) */ - unsigned long now; - int i, count, max=0; - int speed; - for (i = 0; i < 5; i++) { - now = jiffies; - count = 0; - while (jiffies == now) { - mb(); - ixt_a->ixt_a_hmac_hash(ixt_a, test_key_a, test_auth, BUFSZ, test_hash, AHHMAC_HASHLEN); - mb(); - count++; - mb(); - } - if (count > max) - max = count; - } - speed = max * (HZ * BUFSZ / 1024); - printk(KERN_INFO - "klips_info: ipsec_alg_test_auth: " - "%s hash speed=%d KB/s\n", - ixt_a->ixt_name, - speed); - } -out: - if (buf) kfree(buf); - if (ixt_a) ipsec_alg_put((struct ipsec_alg *)ixt_a); - return ret; - #undef test_auth - #undef test_key_a - #undef test_key - #undef test_hash - #undef test_size -} -int ipsec_alg_test(unsigned alg_type, unsigned alg_id, int test) { - switch(alg_type) { - case IPSEC_ALG_TYPE_ENCRYPT: - return ipsec_alg_test_encrypt(alg_id, test); - break; - case IPSEC_ALG_TYPE_AUTH: - return ipsec_alg_test_auth(alg_id, test); - break; - } - printk(KERN_ERR "klips_info: ipsec_alg_test() called incorrectly: " - "alg_type=%d alg_id=%d\n", - alg_type, alg_id); - return -EINVAL; -} -int ipsec_alg_init(void) { - KLIPS_PRINT(1, "klips_info:ipsec_alg_init: " - "KLIPS alg v=%d.%d.%d-%d (EALG_MAX=%d, AALG_MAX=%d)\n", - IPSEC_ALG_VERSION_QUAD(IPSEC_ALG_VERSION), - SADB_EALG_MAX, SADB_AALG_MAX); - /* Initialize tables */ - write_lock_bh(&ipsec_alg_lock); - ipsec_alg_hash_init(); - write_unlock_bh(&ipsec_alg_lock); - /* Initialize static algos */ - KLIPS_PRINT(1, "klips_info:ipsec_alg_init: " - "calling ipsec_alg_static_init()\n"); - ipsec_alg_static_init(); - return 0; -} - -/********************************************** - * - * INTERFACE for ipsec_sa init and wipe - * - **********************************************/ - -/* - * Called from pluto -> pfkey_v2_parser.c:pfkey_ipsec_sa_init() - */ -int ipsec_alg_sa_init(struct ipsec_sa *sa_p) { - struct ipsec_alg_enc *ixt_e; - struct ipsec_alg_auth *ixt_a; - - /* Only ESP for now ... */ - if (sa_p->ips_said.proto != IPPROTO_ESP) - return -EPROTONOSUPPORT; - KLIPS_PRINT(debug_pfkey, "klips_debug: ipsec_alg_sa_init() :" - "entering for encalg=%d, authalg=%d\n", - sa_p->ips_encalg, sa_p->ips_authalg); - if ((ixt_e=(struct ipsec_alg_enc *) - ipsec_alg_get(IPSEC_ALG_TYPE_ENCRYPT, sa_p->ips_encalg))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug: ipsec_alg_sa_init() :" - "found ipsec_alg (ixt_e=%p) for encalg=%d\n", - ixt_e, sa_p->ips_encalg); - sa_p->ips_alg_enc=ixt_e; - } - if ((ixt_a=(struct ipsec_alg_auth *) - ipsec_alg_get(IPSEC_ALG_TYPE_AUTH, sa_p->ips_authalg))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug: ipsec_alg_sa_init() :" - "found ipsec_alg (ixt_a=%p) for auth=%d\n", - ixt_a, sa_p->ips_authalg); - sa_p->ips_alg_auth=ixt_a; - } - return 0; -} - -/* - * Called from pluto -> ipsec_sa.c:ipsec_sa_delchain() - */ -int ipsec_alg_sa_wipe(struct ipsec_sa *sa_p) { - struct ipsec_alg *ixt; - if ((ixt=(struct ipsec_alg *)sa_p->ips_alg_enc)) { - KLIPS_PRINT(debug_pfkey, "klips_debug: ipsec_alg_sa_wipe() :" - "unlinking for encalg=%d\n", - ixt->ixt_alg_id); - ipsec_alg_put(ixt); - } - if ((ixt=(struct ipsec_alg *)sa_p->ips_alg_auth)) { - KLIPS_PRINT(debug_pfkey, "klips_debug: ipsec_alg_sa_wipe() :" - "unlinking for authalg=%d\n", - ixt->ixt_alg_id); - ipsec_alg_put(ixt); - } - return 0; -} - -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_xform_get_info(char *buffer, - char **start, - off_t offset, - int length IPSEC_PROC_LAST_ARG) -{ - int len = 0; - off_t begin = 0; - int i; - struct list_head *head; - struct ipsec_alg *ixt; - - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_tncfg_get_info: " - "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", - buffer, - *start, - (int)offset, - length); - - for(i = 0, head = ipsec_alg_hash_table; i< IPSEC_ALG_HASHSZ; i++, head++) - { - struct list_head *p; - for (p=head->next; p!=head; p=p->next) - { - ixt = list_entry(p, struct ipsec_alg, ixt_list); - len += ipsec_snprintf(buffer+len, length-len, - "VERSION=%d TYPE=%d ID=%d NAME=%s REFCNT=%d ", - ixt->ixt_version, ixt->ixt_alg_type, ixt->ixt_alg_id, - ixt->ixt_name, ixt->ixt_refcnt); - - len += ipsec_snprintf(buffer+len, length-len, - "STATE=%08x BLOCKSIZE=%d IVLEN=%d KEYMINBITS=%d KEYMAXBITS=%d ", - ixt->ixt_state, ixt->ixt_blocksize, - ixt->ixt_ivlen, ixt->ixt_keyminbits, ixt->ixt_keymaxbits); - - len += ipsec_snprintf(buffer+len, length-len, - "IVLEN=%d KEYMINBITS=%d KEYMAXBITS=%d ", - ixt->ixt_ivlen, ixt->ixt_keyminbits, ixt->ixt_keymaxbits); - - switch(ixt->ixt_alg_type) - { - case IPSEC_ALG_TYPE_AUTH: - { - struct ipsec_alg_auth *auth = (struct ipsec_alg_auth *)ixt; - - len += ipsec_snprintf(buffer+len, length-len, - "KEYLEN=%d CTXSIZE=%d AUTHLEN=%d ", - auth->ixt_a_keylen, auth->ixt_a_ctx_size, - auth->ixt_a_authlen); - break; - } - case IPSEC_ALG_TYPE_ENCRYPT: - { - struct ipsec_alg_enc *enc = (struct ipsec_alg_enc *)ixt; - len += ipsec_snprintf(buffer+len, length-len, - "KEYLEN=%d CTXSIZE=%d ", - enc->ixt_e_keylen, enc->ixt_e_ctx_size); - - break; - } - } - - len += ipsec_snprintf(buffer+len, length-len, "\n"); - } - } - - *start = buffer + (offset - begin); /* Start of wanted data */ - len -= (offset - begin); /* Start slop */ - if (len > length) - len = length; - return len; -} - -/* - * As the author of this module, I ONLY ALLOW using it from - * GPL (or same LICENSE TERMS as kernel source) modules. - * - * In respect to hardware crypto engines this means: - * * Closed-source device drivers ARE NOT ALLOWED to use - * this interface. - * * Closed-source VHDL/Verilog firmware running on - * the crypto hardware device IS ALLOWED to use this interface - * via a GPL (or same LICENSE TERMS as kernel source) device driver. - * --Juan Jose Ciarlante 20/03/2002 (thanks RGB for the correct wording) - */ - -/* - * These symbols can only be used from GPL modules - * for now, I'm disabling this because it creates false - * symbol problems for old modutils. - */ - -/* #ifndef EXPORT_SYMBOL_GPL */ -#undef EXPORT_SYMBOL_GPL -#define EXPORT_SYMBOL_GPL EXPORT_SYMBOL -/* #endif */ -EXPORT_SYMBOL_GPL(register_ipsec_alg); -EXPORT_SYMBOL_GPL(unregister_ipsec_alg); -EXPORT_SYMBOL_GPL(ipsec_alg_test); -#endif /* CONFIG_IPSEC_ALG */ diff --git a/linux/net/ipsec/ipsec_init.c b/linux/net/ipsec/ipsec_init.c deleted file mode 100644 index 56512acb6..000000000 --- a/linux/net/ipsec/ipsec_init.c +++ /dev/null @@ -1,755 +0,0 @@ -/* - * @(#) Initialization code. - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001, 2002 Richard Guy Briggs - * 2001 Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * /proc system code was split out into ipsec_proc.c after rev. 1.70. - * - */ - -char ipsec_init_c_version[] = "RCSID $Id: ipsec_init.c,v 1.3 2004/06/13 19:57:49 as Exp $"; - -#include -#include -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include /* struct sockaddr_in */ -#include -#include /* get_random_bytes() */ -#include - -#ifdef SPINLOCK -# ifdef SPINLOCK_23 -# include /* *lock* */ -# else /* 23_SPINLOCK */ -# include /* *lock* */ -# endif /* 23_SPINLOCK */ -#endif /* SPINLOCK */ - -#ifdef NET_21 -# include -# include -#endif /* NET_21 */ - -#include -#include - -#ifdef CONFIG_PROC_FS -# include -#endif /* CONFIG_PROC_FS */ - -#ifdef NETLINK_SOCK -# include -#else -# include -#endif - -#include "freeswan/radij.h" - -#include "freeswan/ipsec_life.h" -#include "freeswan/ipsec_stats.h" -#include "freeswan/ipsec_sa.h" - -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_tunnel.h" - -#include "freeswan/ipsec_rcv.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" - -#ifdef CONFIG_IPSEC_IPCOMP -# include "freeswan/ipcomp.h" -#endif /* CONFIG_IPSEC_IPCOMP */ - -#include "freeswan/ipsec_proto.h" -#include "freeswan/ipsec_alg.h" - -#include -#include - -#if !defined(CONFIG_IPSEC_ESP) && !defined(CONFIG_IPSEC_AH) -#error "kernel configuration must include ESP or AH" -#endif - -/* - * seems to be present in 2.4.10 (Linus), but also in some RH and other - * distro kernels of a lower number. - */ -#ifdef MODULE_LICENSE -MODULE_LICENSE("GPL"); -#endif - -#ifdef CONFIG_IPSEC_DEBUG -int debug_eroute = 0; -int debug_spi = 0; -int debug_netlink = 0; -#endif /* CONFIG_IPSEC_DEBUG */ - -struct prng ipsec_prng; - -extern int ipsec_device_event(struct notifier_block *dnot, unsigned long event, void *ptr); -/* - * the following structure is required so that we receive - * event notifications when network devices are enabled and - * disabled (ifconfig up and down). - */ -static struct notifier_block ipsec_dev_notifier={ - ipsec_device_event, - NULL, - 0 -}; - -#ifdef CONFIG_SYSCTL -extern int ipsec_sysctl_register(void); -extern void ipsec_sysctl_unregister(void); -#endif - -static inline int -freeswan_inet_add_protocol(struct inet_protocol *prot, unsigned protocol) -{ -#ifdef NETDEV_25 - return inet_add_protocol(prot, protocol); -#else - inet_add_protocol(prot); - return 0; -#endif -} - -static inline int -freeswan_inet_del_protocol(struct inet_protocol *prot, unsigned protocol) -{ -#ifdef NETDEV_25 - return inet_del_protocol(prot, protocol); -#else - inet_del_protocol(prot); - return 0; -#endif -} - -/* void */ -int -ipsec_init(void) -{ - int error = 0; - unsigned char seed[256]; -#ifdef CONFIG_IPSEC_ENC_3DES - extern int des_check_key; - - /* turn off checking of keys */ - des_check_key=0; -#endif /* CONFIG_IPSEC_ENC_3DES */ - - KLIPS_PRINT(1, "klips_info:ipsec_init: " - "KLIPS startup, FreeS/WAN IPSec version: %s\n", - ipsec_version_code()); - - error |= ipsec_proc_init(); - -#ifdef SPINLOCK - ipsec_sadb.sadb_lock = SPIN_LOCK_UNLOCKED; -#else /* SPINLOCK */ - ipsec_sadb.sadb_lock = 0; -#endif /* SPINLOCK */ - -#ifndef SPINLOCK - tdb_lock.lock = 0; - eroute_lock.lock = 0; -#endif /* !SPINLOCK */ - - error |= ipsec_sadb_init(); - error |= ipsec_radijinit(); - - error |= pfkey_init(); - - error |= register_netdevice_notifier(&ipsec_dev_notifier); - -#ifdef CONFIG_IPSEC_ESP - freeswan_inet_add_protocol(&esp_protocol, IPPROTO_ESP); -#endif /* CONFIG_IPSEC_ESP */ - -#ifdef CONFIG_IPSEC_AH - freeswan_inet_add_protocol(&ah_protocol, IPPROTO_AH); -#endif /* CONFIG_IPSEC_AH */ - -/* we never actually link IPCOMP to the stack */ -#ifdef IPCOMP_USED_ALONE -#ifdef CONFIG_IPSEC_IPCOMP - freeswan_inet_add_protocol(&comp_protocol, IPPROTO_COMP); -#endif /* CONFIG_IPSEC_IPCOMP */ -#endif - - error |= ipsec_tunnel_init_devices(); - - -#ifdef CONFIG_SYSCTL - error |= ipsec_sysctl_register(); -#endif - -#ifdef CONFIG_IPSEC_ALG - ipsec_alg_init(); -#endif - - get_random_bytes((void *)seed, sizeof(seed)); - prng_init(&ipsec_prng, seed, sizeof(seed)); - - return error; -} - - -/* void */ -int -ipsec_cleanup(void) -{ - int error = 0; - -#ifdef CONFIG_SYSCTL - ipsec_sysctl_unregister(); -#endif - KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ - "klips_debug:ipsec_cleanup: " - "calling ipsec_tunnel_cleanup_devices.\n"); - error |= ipsec_tunnel_cleanup_devices(); - - KLIPS_PRINT(debug_netlink, "called ipsec_tunnel_cleanup_devices"); - -/* we never actually link IPCOMP to the stack */ -#ifdef IPCOMP_USED_ALONE -#ifdef CONFIG_IPSEC_IPCOMP - if (freeswan_inet_del_protocol(&comp_protocol, IPPROTO_COMP) < 0) - printk(KERN_INFO "klips_debug:ipsec_cleanup: " - "comp close: can't remove protocol\n"); -#endif /* CONFIG_IPSEC_IPCOMP */ -#endif /* IPCOMP_USED_ALONE */ - -#ifdef CONFIG_IPSEC_AH - if (freeswan_inet_del_protocol(&ah_protocol, IPPROTO_AH) < 0) - printk(KERN_INFO "klips_debug:ipsec_cleanup: " - "ah close: can't remove protocol\n"); -#endif /* CONFIG_IPSEC_AH */ - -#ifdef CONFIG_IPSEC_ESP - if (freeswan_inet_del_protocol(&esp_protocol, IPPROTO_ESP) < 0) - printk(KERN_INFO "klips_debug:ipsec_cleanup: " - "esp close: can't remove protocol\n"); -#endif /* CONFIG_IPSEC_ESP */ - - error |= unregister_netdevice_notifier(&ipsec_dev_notifier); - - KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ - "klips_debug:ipsec_cleanup: " - "calling ipsec_sadb_cleanup.\n"); - error |= ipsec_sadb_cleanup(0); - error |= ipsec_sadb_free(); - - KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ - "klips_debug:ipsec_cleanup: " - "calling ipsec_radijcleanup.\n"); - error |= ipsec_radijcleanup(); - - KLIPS_PRINT(debug_pfkey, /* debug_tunnel & DB_TN_INIT, */ - "klips_debug:ipsec_cleanup: " - "calling pfkey_cleanup.\n"); - error |= pfkey_cleanup(); - - ipsec_proc_cleanup(); - - prng_final(&ipsec_prng); - - return error; -} - -#ifdef MODULE -int -init_module(void) -{ - int error = 0; - - error |= ipsec_init(); - - return error; -} - -int -cleanup_module(void) -{ - int error = 0; - - KLIPS_PRINT(debug_netlink, /* debug_tunnel & DB_TN_INIT, */ - "klips_debug:cleanup_module: " - "calling ipsec_cleanup.\n"); - - error |= ipsec_cleanup(); - - KLIPS_PRINT(1, "klips_info:cleanup_module: " - "ipsec module unloaded.\n"); - - return error; -} -#endif /* MODULE */ - -/* - * $Log: ipsec_init.c,v $ - * Revision 1.3 2004/06/13 19:57:49 as - * removed inclusion of ipsec_netlink.h - * - * Revision 1.2 2004/03/22 21:53:19 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.4.1 2004/03/16 09:48:19 as - * alg-0.8.1rc12 patch merged - * - * Revision 1.1 2004/03/15 20:35:26 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.89 2003/07/31 22:47:16 mcr - * preliminary (untested by FS-team) 2.5 patches. - * - * Revision 1.88 2003/06/22 20:05:36 mcr - * clarified why IPCOMP was not being registered, and put a new - * #ifdef in rather than #if 0. - * - * Revision 1.87 2002/09/20 15:40:51 rgb - * Added a lock to the global ipsec_sadb struct for future use. - * Split ipsec_sadb_cleanup from new funciton ipsec_sadb_free to avoid problem - * of freeing newly created structures when clearing the reftable upon startup - * to start from a known state. - * - * Revision 1.86 2002/08/15 18:39:15 rgb - * Move ipsec_prng outside debug code. - * - * Revision 1.85 2002/05/14 02:35:29 rgb - * Change reference to tdb to ipsa. - * - * Revision 1.84 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.83 2002/04/24 07:36:28 mcr - * Moved from ./klips/net/ipsec/ipsec_init.c,v - * - * Revision 1.82 2002/04/20 00:12:25 rgb - * Added esp IV CBC attack fix, disabled. - * - * Revision 1.81 2002/04/09 16:13:32 mcr - * switch license to straight GPL. - * - * Revision 1.80 2002/03/24 07:34:08 rgb - * Sanity check for at least one of AH or ESP configured. - * - * Revision 1.79 2002/02/05 22:55:15 mcr - * added MODULE_LICENSE declaration. - * This macro does not appear in all kernel versions (see comment). - * - * Revision 1.78 2002/01/29 17:17:55 mcr - * moved include of ipsec_param.h to after include of linux/kernel.h - * otherwise, it seems that some option that is set in ipsec_param.h - * screws up something subtle in the include path to kernel.h, and - * it complains on the snprintf() prototype. - * - * Revision 1.77 2002/01/29 04:00:51 mcr - * more excise of kversions.h header. - * - * Revision 1.76 2002/01/29 02:13:17 mcr - * introduction of ipsec_kversion.h means that include of - * ipsec_param.h must preceed any decisions about what files to - * include to deal with differences in kernel source. - * - * Revision 1.75 2001/11/26 09:23:48 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.74 2001/11/22 05:44:11 henry - * new version stuff - * - * Revision 1.71.2.2 2001/10/22 20:51:00 mcr - * explicitely set des_check_key. - * - * Revision 1.71.2.1 2001/09/25 02:19:39 mcr - * /proc manipulation code moved to new ipsec_proc.c - * - * Revision 1.73 2001/11/06 19:47:17 rgb - * Changed lifetime_packets to uint32 from uint64. - * - * Revision 1.72 2001/10/18 04:45:19 rgb - * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, - * lib/freeswan.h version macros moved to lib/kversions.h. - * Other compiler directive cleanups. - * - * Revision 1.71 2001/09/20 15:32:45 rgb - * Minor pfkey lifetime fixes. - * - * Revision 1.70 2001/07/06 19:51:21 rgb - * Added inbound policy checking code for IPIP SAs. - * - * Revision 1.69 2001/06/14 19:33:26 rgb - * Silence startup message for console, but allow it to be logged. - * Update copyright date. - * - * Revision 1.68 2001/05/29 05:14:36 rgb - * Added PMTU to /proc/net/ipsec_tncfg output. See 'man 5 ipsec_tncfg'. - * - * Revision 1.67 2001/05/04 16:34:52 rgb - * Rremove erroneous checking of return codes for proc_net_* in 2.4. - * - * Revision 1.66 2001/05/03 19:40:34 rgb - * Check error return codes in startup and shutdown. - * - * Revision 1.65 2001/02/28 05:03:27 rgb - * Clean up and rationalise startup messages. - * - * Revision 1.64 2001/02/27 22:24:53 rgb - * Re-formatting debug output (line-splitting, joining, 1arg/line). - * Check for satoa() return codes. - * - * Revision 1.63 2000/11/29 20:14:06 rgb - * Add src= to the output of /proc/net/ipsec_spi and delete dst from IPIP. - * - * Revision 1.62 2000/11/06 04:31:24 rgb - * Ditched spin_lock_irqsave in favour of spin_lock_bh. - * Fixed longlong for pre-2.4 kernels (Svenning). - * Add Svenning's adaptive content compression. - * Disabled registration of ipcomp handler. - * - * Revision 1.61 2000/10/11 13:37:54 rgb - * #ifdef out debug print that causes proc/net/ipsec_version to oops. - * - * Revision 1.60 2000/09/20 03:59:01 rgb - * Change static info functions to DEBUG_NO_STATIC to reveal function names - * in oopsen. - * - * Revision 1.59 2000/09/16 01:06:26 rgb - * Added cast of var to silence compiler warning about long fed to int - * format. - * - * Revision 1.58 2000/09/15 11:37:01 rgb - * Merge in heavily modified Svenning Soerensen's - * IPCOMP zlib deflate code. - * - * Revision 1.57 2000/09/12 03:21:50 rgb - * Moved radij_c_version printing to ipsec_version_get_info(). - * Reformatted ipsec_version_get_info(). - * Added sysctl_{,un}register() calls. - * - * Revision 1.56 2000/09/08 19:16:50 rgb - * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. - * Removed all references to CONFIG_IPSEC_PFKEYv2. - * - * Revision 1.55 2000/08/30 05:19:03 rgb - * Cleaned up no longer used spi_next, netlink register/unregister, other - * minor cleanup. - * Removed cruft replaced by TDB_XFORM_NAME. - * Removed all the rest of the references to tdb_spi, tdb_proto, tdb_dst. - * Moved debug version strings to printk when /proc/net/ipsec_version is - * called. - * - * Revision 1.54 2000/08/20 18:31:05 rgb - * Changed cosmetic alignment in spi_info. - * Changed addtime and usetime to use actual value which is relative - * anyways, as intended. (Momchil) - * - * Revision 1.53 2000/08/18 17:37:03 rgb - * Added an (int) cast to shut up the compiler... - * - * Revision 1.52 2000/08/01 14:51:50 rgb - * Removed _all_ remaining traces of DES. - * - * Revision 1.51 2000/07/25 20:41:22 rgb - * Removed duplicate parameter in spi_getinfo. - * - * Revision 1.50 2000/07/17 03:21:45 rgb - * Removed /proc/net/ipsec_spinew. - * - * Revision 1.49 2000/06/28 05:46:51 rgb - * Renamed ivlen to iv_bits for consistency. - * Changed output of add and use times to be relative to now. - * - * Revision 1.48 2000/05/11 18:26:10 rgb - * Commented out calls to netlink_attach/detach to avoid activating netlink - * in the kenrel config. - * - * Revision 1.47 2000/05/10 22:35:26 rgb - * Comment out most of the startup version information. - * - * Revision 1.46 2000/03/22 16:15:36 rgb - * Fixed renaming of dev_get (MB). - * - * Revision 1.45 2000/03/16 06:40:48 rgb - * Hardcode PF_KEYv2 support. - * - * Revision 1.44 2000/01/22 23:19:20 rgb - * Simplified code to use existing macro TDB_XFORM_NAME(). - * - * Revision 1.43 2000/01/21 06:14:04 rgb - * Print individual stats only if non-zero. - * Removed 'bits' from each keylength for brevity. - * Shortened lifetimes legend for brevity. - * Changed wording from 'last_used' to the clearer 'idle'. - * - * Revision 1.42 1999/12/31 14:57:19 rgb - * MB fix for new dummy-less proc_get_info in 2.3.35. - * - * Revision 1.41 1999/11/23 23:04:03 rgb - * Use provided macro ADDRTOA_BUF instead of hardcoded value. - * Sort out pfkey and freeswan headers, putting them in a library path. - * - * Revision 1.40 1999/11/18 18:47:01 rgb - * Added dynamic proc registration for 2.3.25+. - * Changed all device registrations for static linking to - * dynamic to reduce the number and size of patches. - * Changed all protocol registrations for static linking to - * dynamic to reduce the number and size of patches. - * - * Revision 1.39 1999/11/18 04:12:07 rgb - * Replaced all kernel version macros to shorter, readable form. - * Added Marc Boucher's 2.3.25 proc patches. - * Converted all PROC_FS entries to dynamic to reduce kernel patching. - * Added CONFIG_PROC_FS compiler directives in case it is shut off. - * - * Revision 1.38 1999/11/17 15:53:38 rgb - * Changed all occurrences of #include "../../../lib/freeswan.h" - * to #include which works due to -Ilibfreeswan in the - * klips/net/ipsec/Makefile. - * - * Revision 1.37 1999/10/16 04:23:06 rgb - * Add stats for replaywin_errs, replaywin_max_sequence_difference, - * authentication errors, encryption size errors, encryption padding - * errors, and time since last packet. - * - * Revision 1.36 1999/10/16 00:30:47 rgb - * Added SA lifetime counting. - * - * Revision 1.35 1999/10/15 22:14:00 rgb - * Clean out cruft. - * - * Revision 1.34 1999/10/03 18:46:28 rgb - * Spinlock fixes for 2.0.xx and 2.3.xx. - * - * Revision 1.33 1999/10/01 17:08:10 rgb - * Disable spinlock init. - * - * Revision 1.32 1999/10/01 16:22:24 rgb - * Switch from assignment init. to functional init. of spinlocks. - * - * Revision 1.31 1999/10/01 15:44:52 rgb - * Move spinlock header include to 2.1> scope. - * - * Revision 1.30 1999/10/01 00:00:16 rgb - * Added eroute structure locking. - * Added tdb structure locking. - * Minor formatting changes. - * Add call to initialize tdb hash table. - * - * Revision 1.29 1999/09/23 20:22:40 rgb - * Enable, tidy and fix network notifier code. - * - * Revision 1.28 1999/09/18 11:39:56 rgb - * Start to add (disabled) netdevice notifier code. - * - * Revision 1.27 1999/08/28 08:24:47 rgb - * Add compiler directives to compile cleanly without debugging. - * - * Revision 1.26 1999/08/06 16:03:22 rgb - * Correct error messages on failure to unload /proc entries. - * - * Revision 1.25 1999/08/03 17:07:25 rgb - * Report device MTU, not private MTU. - * - * Revision 1.24 1999/05/25 22:24:37 rgb - * /PROC/NET/ipsec* init problem fix. - * - * Revision 1.23 1999/05/25 02:16:38 rgb - * Make modular proc_fs entries dynamic and fix for 2.2.x. - * - * Revision 1.22 1999/05/09 03:25:35 rgb - * Fix bug introduced by 2.2 quick-and-dirty patch. - * - * Revision 1.21 1999/05/05 22:02:30 rgb - * Add a quick and dirty port to 2.2 kernels by Marc Boucher . - * - * Revision 1.20 1999/04/29 15:15:50 rgb - * Fix undetected iv_len reporting bug. - * Add sanity checking for null pointer to private data space. - * Add return values to init and cleanup functions. - * - * Revision 1.19 1999/04/27 19:24:44 rgb - * Added /proc/net/ipsec_klipsdebug support for reading the current debug - * settings. - * Instrument module load/init/unload. - * - * Revision 1.18 1999/04/15 15:37:24 rgb - * Forward check changes from POST1_00 branch. - * - * Revision 1.15.2.3 1999/04/13 20:29:19 rgb - * /proc/net/ipsec_* cleanup. - * - * Revision 1.15.2.2 1999/04/02 04:28:23 rgb - * /proc/net/ipsec_* formatting enhancements. - * - * Revision 1.15.2.1 1999/03/30 17:08:33 rgb - * Add pfkey initialisation. - * - * Revision 1.17 1999/04/11 00:28:57 henry - * GPL boilerplate - * - * Revision 1.16 1999/04/06 04:54:25 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.15 1999/02/24 20:15:07 rgb - * Update output format. - * - * Revision 1.14 1999/02/17 16:49:39 rgb - * Convert DEBUG_IPSEC to KLIPS_PRINT - * Ditch NET_IPIP dependancy. - * - * Revision 1.13 1999/01/26 02:06:37 rgb - * Remove ah/esp switching on include files. - * Removed CONFIG_IPSEC_ALGO_SWITCH macro. - * Removed dead code. - * Remove references to INET_GET_PROTOCOL. - * - * Revision 1.12 1999/01/22 06:19:18 rgb - * Cruft clean-out. - * 64-bit clean-up. - * Added algorithm switch code. - * - * Revision 1.11 1998/12/01 05:54:53 rgb - * Cleanup and order debug version output. - * - * Revision 1.10 1998/11/30 13:22:54 rgb - * Rationalised all the klips kernel file headers. They are much shorter - * now and won't conflict under RH5.2. - * - * Revision 1.9 1998/11/10 05:35:13 rgb - * Print direction in/out flag from /proc/net/ipsec_spi. - * - * Revision 1.8 1998/10/27 13:48:10 rgb - * Cleaned up /proc/net/ipsec_* filesystem for easy parsing by scripts. - * Fixed less(1) truncated output bug. - * Code clean-up. - * - * Revision 1.7 1998/10/22 06:43:16 rgb - * Convert to use satoa for printk. - * - * Revision 1.6 1998/10/19 14:24:35 rgb - * Added inclusion of freeswan.h. - * - * Revision 1.5 1998/10/09 04:43:35 rgb - * Added 'klips_debug' prefix to all klips printk debug statements. - * - * Revision 1.4 1998/07/27 21:50:22 rgb - * Not necessary to traverse mask tree for /proc/net/ipsec_eroute. - * - * Revision 1.3 1998/06/25 19:51:20 rgb - * Clean up #endif comments. - * Shift debugging comment control for procfs to debug_tunnel. - * Make proc_dir_entries visible to rest of kernel for static link. - * Replace hardwired fileperms with macros. - * Use macros for procfs inode numbers. - * Rearrange initialisations between ipsec_init and module_init as appropriate - * for static loading. - * - * Revision 1.2 1998/06/23 02:55:43 rgb - * Slightly quieted init-time messages. - * Re-introduced inet_add_protocol after it mysteriously disappeared... - * Check for and warn of absence of IPIP protocol on install of module. - * Move tdbcleanup to ipsec_xform.c. - * - * Revision 1.10 1998/06/18 21:29:04 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid kernel - * build scripts happier in presence of symbolic links - * - * Revision 1.9 1998/06/14 23:49:40 rgb - * Clarify version reporting on module loading. - * - * Revision 1.8 1998/06/11 05:54:23 rgb - * Added /proc/net/ipsec_version to report freeswan and transform versions. - * Added /proc/net/ipsec_spinew to generate new and unique spi's.. - * Fixed /proc/net/ipsec_tncfg bug. - * - * Revision 1.7 1998/05/25 20:23:13 rgb - * proc_register changed to dynamic registration to avoid arbitrary inode - * numbers. - * - * Implement memory recovery from tdb and eroute tables. - * - * Revision 1.6 1998/05/21 13:08:58 rgb - * Rewrote procinfo subroutines to avoid *bad things* when more that 3k of - * information is available for printout. - * - * Revision 1.5 1998/05/18 21:29:48 rgb - * Cleaned up /proc/net/ipsec_* output, including a title line, algorithm - * names instead of numbers, standard format for numerical output base, - * whitespace for legibility, and the names themselves for consistency. - * - * Added /proc/net/ipsec_spigrp and /proc/net/ipsec_tncfg. - * - * Revision 1.4 1998/04/30 15:42:24 rgb - * Silencing attach for normal operations with #ifdef IPSEC_DEBUG. - * - * Revision 1.3 1998/04/21 21:28:58 rgb - * Rearrange debug switches to change on the fly debug output from user - * space. Only kernel changes checked in at this time. radij.c was also - * changed to temporarily remove buggy debugging code in rj_delete causing - * an OOPS and hence, netlink device open errors. - * - * Revision 1.2 1998/04/12 22:03:22 rgb - * Updated ESP-3DES-HMAC-MD5-96, - * ESP-DES-HMAC-MD5-96, - * AH-HMAC-MD5-96, - * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository - * from old standards (RFC182[5-9] to new (as of March 1998) drafts. - * - * Fixed eroute references in /proc/net/ipsec*. - * - * Started to patch module unloading memory leaks in ipsec_netlink and - * radij tree unloading. - * - * Revision 1.1 1998/04/09 03:06:05 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:02 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.4 1997/01/15 01:28:15 ji - * No changes. - * - * Revision 0.3 1996/11/20 14:39:04 ji - * Fixed problem with node names of /proc/net entries. - * Other minor cleanups. - * Rationalized debugging code. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * Local variables: - * c-file-style: "linux" - * End: - * - */ diff --git a/linux/net/ipsec/ipsec_life.c b/linux/net/ipsec/ipsec_life.c deleted file mode 100644 index 384866c06..000000000 --- a/linux/net/ipsec/ipsec_life.c +++ /dev/null @@ -1,210 +0,0 @@ -/* - * @(#) lifetime structure utilities - * - * Copyright (C) 2001 Richard Guy Briggs - * and Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_life.c,v 1.3 2004/04/28 08:06:22 as Exp $ - * - */ - -/* - * This provides series of utility functions for dealing with lifetime - * structures. - * - * ipsec_check_lifetime - returns -1 hard lifetime exceeded - * 0 soft lifetime exceeded - * 1 everything is okay - * based upon whether or not the count exceeds hard/soft - * - */ - -#define __NO_VERSION__ -#include -#include /* for CONFIG_IP_FORWARD */ -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#include /* struct device, struct net_device_stats and other headers */ -#include /* eth_type_trans */ -#include -#include - -#include "freeswan/radij.h" -#include "freeswan/ipsec_life.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_eroute.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" - -#include "freeswan/ipsec_sa.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_ipe4.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" - -#ifdef CONFIG_IPSEC_IPCOMP -#include "freeswan/ipcomp.h" -#endif /* CONFIG_IPSEC_IPCOMP */ - -#include -#include - -#include "freeswan/ipsec_proto.h" - - -enum ipsec_life_alive -ipsec_lifetime_check(struct ipsec_lifetime64 *il64, - const char *lifename, - const char *saname, - enum ipsec_life_type ilt, - enum ipsec_direction idir, - struct ipsec_sa *ips) -{ - __u64 count; - const char *dir; - - if(saname == NULL) { - saname = "unknown-SA"; - } - - if(idir == ipsec_incoming) { - dir = "incoming"; - } else { - dir = "outgoing"; - } - - - if(ilt == ipsec_life_timebased) { - count = jiffies/HZ - il64->ipl_count; - } else { - count = il64->ipl_count; - } - - if(il64->ipl_hard && - (count > il64->ipl_hard)) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_lifetime_check: " - "hard %s lifetime of SA:<%s%s%s> %s has been reached, SA expired, " - "%s packet dropped.\n", - lifename, - IPS_XFORM_NAME(ips), - saname, - dir); - - pfkey_expire(ips, 1); - return ipsec_life_harddied; - } - - if(il64->ipl_soft && - (count > il64->ipl_soft)) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_lifetime_check: " - "soft %s lifetime of SA:<%s%s%s> %s has been reached, SA expiring, " - "soft expire message sent up, %s packet still processed.\n", - lifename, - IPS_XFORM_NAME(ips), - saname, - dir); - - if(ips->ips_state != SADB_SASTATE_DYING) { - pfkey_expire(ips, 0); - } - ips->ips_state = SADB_SASTATE_DYING; - - return ipsec_life_softdied; - } - return ipsec_life_okay; -} - - -/* - * This function takes a buffer (with length), a lifetime name and type, - * and formats a string to represent the current values of the lifetime. - * - * It returns the number of bytes that the format took (or would take, - * if the buffer were large enough: snprintf semantics). - * This is used in /proc routines and in debug output. - */ -int -ipsec_lifetime_format(char *buffer, - int buflen, - char *lifename, - enum ipsec_life_type timebaselife, - struct ipsec_lifetime64 *lifetime) -{ - int len = 0; - __u64 count; - - if(timebaselife == ipsec_life_timebased) { - count = jiffies/HZ - lifetime->ipl_count; - } else { - count = lifetime->ipl_count; - } - - if(lifetime->ipl_count > 1 || - lifetime->ipl_soft || - lifetime->ipl_hard) { -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0)) - len = ipsec_snprintf(buffer, buflen, - "%s(%Lu,%Lu,%Lu)", - lifename, - count, - lifetime->ipl_soft, - lifetime->ipl_hard); -#else /* XXX high 32 bits are not displayed */ - len = ipsec_snprintf(buffer, buflen, - "%s(%lu,%lu,%lu)", - lifename, - (unsigned long)count, - (unsigned long)lifetime->ipl_soft, - (unsigned long)lifetime->ipl_hard); -#endif - } - - return len; -} - -void -ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime, - __u64 newvalue) -{ - if(newvalue && - (!lifetime->ipl_hard || - (newvalue < lifetime->ipl_hard))) { - lifetime->ipl_hard = newvalue; - - if(!lifetime->ipl_soft && - (lifetime->ipl_hard < lifetime->ipl_soft)) { - lifetime->ipl_soft = lifetime->ipl_hard; - } - } -} - -void -ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime, - __u64 newvalue) -{ - if(newvalue && - (!lifetime->ipl_soft || - (newvalue < lifetime->ipl_soft))) { - lifetime->ipl_soft = newvalue; - - if(lifetime->ipl_hard && - (lifetime->ipl_hard < lifetime->ipl_soft)) { - lifetime->ipl_soft = lifetime->ipl_hard; - } - } -} diff --git a/linux/net/ipsec/ipsec_mast.c b/linux/net/ipsec/ipsec_mast.c deleted file mode 100644 index f5216b541..000000000 --- a/linux/net/ipsec/ipsec_mast.c +++ /dev/null @@ -1,1064 +0,0 @@ -/* - * IPSEC MAST code. - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001, 2002 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -char ipsec_mast_c_version[] = "RCSID $Id: ipsec_mast.c,v 1.2 2004/06/13 19:57:49 as Exp $"; - -#define __NO_VERSION__ -#include -#include /* for CONFIG_IP_FORWARD */ -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include /* struct tcphdr */ -#include /* struct udphdr */ -#include -#include -#include -#include -#include -#undef dev_kfree_skb -#define dev_kfree_skb(a,b) kfree_skb(a) -#define PHYSDEV_TYPE -#include -#include /* icmp_send() */ -#include -#include - -#include - -#include "freeswan/radij.h" -#include "freeswan/ipsec_life.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_eroute.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_sa.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_mast.h" -#include "freeswan/ipsec_ipe4.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" - -#include -#include - -#include "freeswan/ipsec_proto.h" - -int ipsec_maxdevice_count = -1; - -DEBUG_NO_STATIC int -ipsec_mast_open(struct device *dev) -{ - struct ipsecpriv *prv = dev->priv; - - /* - * Can't open until attached. - */ - - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_open: " - "dev = %s, prv->dev = %s\n", - dev->name, prv->dev?prv->dev->name:"NONE"); - - if (prv->dev == NULL) - return -ENODEV; - - MOD_INC_USE_COUNT; - return 0; -} - -DEBUG_NO_STATIC int -ipsec_mast_close(struct device *dev) -{ - MOD_DEC_USE_COUNT; - return 0; -} - -static inline int ipsec_mast_xmit2(struct sk_buff *skb) -{ - return ip_send(skb); -} - -enum ipsec_xmit_value -ipsec_mast_send(struct ipsec_xmit_state*ixs) -{ - /* new route/dst cache code from James Morris */ - ixs->skb->dev = ixs->physdev; - /*skb_orphan(ixs->skb);*/ - if((ixs->error = ip_route_output(&ixs->route, - ixs->skb->nh.iph->daddr, - ixs->pass ? 0 : ixs->skb->nh.iph->saddr, - RT_TOS(ixs->skb->nh.iph->tos), - ixs->physdev->iflink /* rgb: should this be 0? */))) { - ixs->stats->tx_errors++; - KLIPS_PRINT(debug_mast & DB_MAST_XMIT, - "klips_debug:ipsec_xmit_send: " - "ip_route_output failed with error code %d, rt->u.dst.dev=%s, dropped\n", - ixs->error, - ixs->route->u.dst.dev->name); - return IPSEC_XMIT_ROUTEERR; - } - if(ixs->dev == ixs->route->u.dst.dev) { - ip_rt_put(ixs->route); - /* This is recursion, drop it. */ - ixs->stats->tx_errors++; - KLIPS_PRINT(debug_mast & DB_MAST_XMIT, - "klips_debug:ipsec_xmit_send: " - "suspect recursion, dev=rt->u.dst.dev=%s, dropped\n", - ixs->dev->name); - return IPSEC_XMIT_RECURSDETECT; - } - dst_release(ixs->skb->dst); - ixs->skb->dst = &ixs->route->u.dst; - ixs->stats->tx_bytes += ixs->skb->len; - if(ixs->skb->len < ixs->skb->nh.raw - ixs->skb->data) { - ixs->stats->tx_errors++; - printk(KERN_WARNING - "klips_error:ipsec_xmit_send: " - "tried to __skb_pull nh-data=%ld, %d available. This should never happen, please report.\n", - (unsigned long)(ixs->skb->nh.raw - ixs->skb->data), - ixs->skb->len); - return IPSEC_XMIT_PUSHPULLERR; - } - __skb_pull(ixs->skb, ixs->skb->nh.raw - ixs->skb->data); -#ifdef SKB_RESET_NFCT - nf_conntrack_put(ixs->skb->nfct); - ixs->skb->nfct = NULL; -#ifdef CONFIG_NETFILTER_DEBUG - ixs->skb->nf_debug = 0; -#endif /* CONFIG_NETFILTER_DEBUG */ -#endif /* SKB_RESET_NFCT */ - KLIPS_PRINT(debug_mast & DB_MAST_XMIT, - "klips_debug:ipsec_xmit_send: " - "...done, calling ip_send() on device:%s\n", - ixs->skb->dev ? ixs->skb->dev->name : "NULL"); - KLIPS_IP_PRINT(debug_mast & DB_MAST_XMIT, ixs->skb->nh.iph); - { - int err; - - err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, ixs->skb, NULL, ixs->route->u.dst.dev, - ipsec_mast_xmit2); - if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) { - if(net_ratelimit()) - printk(KERN_ERR - "klips_error:ipsec_xmit_send: " - "ip_send() failed, err=%d\n", - -err); - ixs->stats->tx_errors++; - ixs->stats->tx_aborted_errors++; - ixs->skb = NULL; - return IPSEC_XMIT_IPSENDFAILURE; - } - } - ixs->stats->tx_packets++; - - ixs->skb = NULL; - - return IPSEC_XMIT_OK; -} - -void -ipsec_mast_cleanup(struct ipsec_xmit_state*ixs) -{ -#if defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) - netif_wake_queue(ixs->dev); -#else /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */ - ixs->dev->tbusy = 0; -#endif /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */ - if(ixs->saved_header) { - kfree(ixs->saved_header); - } - if(ixs->skb) { - dev_kfree_skb(ixs->skb, FREE_WRITE); - } - if(ixs->oskb) { - dev_kfree_skb(ixs->oskb, FREE_WRITE); - } - if (ixs->ips.ips_ident_s.data) { - kfree(ixs->ips.ips_ident_s.data); - } - if (ixs->ips.ips_ident_d.data) { - kfree(ixs->ips.ips_ident_d.data); - } -} - -#if 0 -/* - * This function assumes it is being called from dev_queue_xmit() - * and that skb is filled properly by that function. - */ -int -ipsec_mast_start_xmit(struct sk_buff *skb, struct device *dev, IPsecSAref_t SAref) -{ - struct ipsec_xmit_state ixs_mem; - struct ipsec_xmit_state *ixs = &ixs_mem; - enum ipsec_xmit_value stat = IPSEC_XMIT_OK; - - /* dev could be a mast device, but should be optional, I think... */ - /* SAref is also optional, but one of the two must be present. */ - /* I wonder if it could accept no device or saref and guess? */ - -/* ipsec_xmit_sanity_check_dev(ixs); */ - - ipsec_xmit_sanity_check_skb(ixs); - - ipsec_xmit_adjust_hard_header(ixs); - - stat = ipsec_xmit_encap_bundle(ixs); - if(stat != IPSEC_XMIT_OK) { - /* SA processing failed */ - } - - ipsec_xmit_hard_header_restore(); -} -#endif - -DEBUG_NO_STATIC struct net_device_stats * -ipsec_mast_get_stats(struct device *dev) -{ - return &(((struct ipsecpriv *)(dev->priv))->mystats); -} - -/* - * Revectored calls. - * For each of these calls, a field exists in our private structure. - */ - -DEBUG_NO_STATIC int -ipsec_mast_hard_header(struct sk_buff *skb, struct device *dev, - unsigned short type, void *daddr, void *saddr, unsigned len) -{ - struct ipsecpriv *prv = dev->priv; - struct device *tmp; - int ret; - struct net_device_stats *stats; /* This device's statistics */ - - if(skb == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_hard_header: " - "no skb...\n"); - return -ENODATA; - } - - if(dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_hard_header: " - "no device...\n"); - return -ENODEV; - } - - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_hard_header: " - "skb->dev=%s dev=%s.\n", - skb->dev ? skb->dev->name : "NULL", - dev->name); - - if(prv == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_hard_header: " - "no private space associated with dev=%s\n", - dev->name ? dev->name : "NULL"); - return -ENODEV; - } - - stats = (struct net_device_stats *) &(prv->mystats); - - if(prv->dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_hard_header: " - "no physical device associated with dev=%s\n", - dev->name ? dev->name : "NULL"); - stats->tx_dropped++; - return -ENODEV; - } - - /* check if we have to send a IPv6 packet. It might be a Router - Solicitation, where the building of the packet happens in - reverse order: - 1. ll hdr, - 2. IPv6 hdr, - 3. ICMPv6 hdr - -> skb->nh.raw is still uninitialized when this function is - called!! If this is no IPv6 packet, we can print debugging - messages, otherwise we skip all debugging messages and just - build the ll header */ - if(type != ETH_P_IPV6) { - /* execute this only, if we don't have to build the - header for a IPv6 packet */ - if(!prv->hard_header) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_hard_header: " - "physical device has been detached, packet dropped 0p%p->0p%p len=%d type=%d dev=%s->NULL ", - saddr, - daddr, - len, - type, - dev->name); - KLIPS_PRINTMORE(debug_mast & DB_MAST_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->nh.iph->saddr), - (__u32)ntohl(skb->nh.iph->daddr) ); - stats->tx_dropped++; - return -ENODEV; - } - -#define da ((struct device *)(prv->dev))->dev_addr - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_hard_header: " - "Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ", - saddr, - daddr, - len, - type, - dev->name, - prv->dev->name, - da[0], da[1], da[2], da[3], da[4], da[5]); - KLIPS_PRINTMORE(debug_mast & DB_MAST_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->nh.iph->saddr), - (__u32)ntohl(skb->nh.iph->daddr) ); - } else { - KLIPS_PRINT(debug_mast, - "klips_debug:ipsec_mast_hard_header: " - "is IPv6 packet, skip debugging messages, only revector and build linklocal header.\n"); - } - tmp = skb->dev; - skb->dev = prv->dev; - ret = prv->hard_header(skb, prv->dev, type, (void *)daddr, (void *)saddr, len); - skb->dev = tmp; - return ret; -} - -DEBUG_NO_STATIC int -ipsec_mast_rebuild_header(struct sk_buff *skb) -{ - struct ipsecpriv *prv = skb->dev->priv; - struct device *tmp; - int ret; - struct net_device_stats *stats; /* This device's statistics */ - - if(skb->dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_rebuild_header: " - "no device..."); - return -ENODEV; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_rebuild_header: " - "no private space associated with dev=%s", - skb->dev->name ? skb->dev->name : "NULL"); - return -ENODEV; - } - - stats = (struct net_device_stats *) &(prv->mystats); - - if(prv->dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_rebuild_header: " - "no physical device associated with dev=%s", - skb->dev->name ? skb->dev->name : "NULL"); - stats->tx_dropped++; - return -ENODEV; - } - - if(!prv->rebuild_header) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_rebuild_header: " - "physical device has been detached, packet dropped skb->dev=%s->NULL ", - skb->dev->name); - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->nh.iph->saddr), - (__u32)ntohl(skb->nh.iph->daddr) ); - stats->tx_dropped++; - return -ENODEV; - } - - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast: " - "Revectored rebuild_header dev=%s->%s ", - skb->dev->name, prv->dev->name); - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->nh.iph->saddr), - (__u32)ntohl(skb->nh.iph->daddr) ); - tmp = skb->dev; - skb->dev = prv->dev; - - ret = prv->rebuild_header(skb); - skb->dev = tmp; - return ret; -} - -DEBUG_NO_STATIC int -ipsec_mast_set_mac_address(struct device *dev, void *addr) -{ - struct ipsecpriv *prv = dev->priv; - - struct net_device_stats *stats; /* This device's statistics */ - - if(dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_set_mac_address: " - "no device..."); - return -ENODEV; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_set_mac_address: " - "no private space associated with dev=%s", - dev->name ? dev->name : "NULL"); - return -ENODEV; - } - - stats = (struct net_device_stats *) &(prv->mystats); - - if(prv->dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_set_mac_address: " - "no physical device associated with dev=%s", - dev->name ? dev->name : "NULL"); - stats->tx_dropped++; - return -ENODEV; - } - - if(!prv->set_mac_address) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_set_mac_address: " - "physical device has been detached, cannot set - skb->dev=%s->NULL\n", - dev->name); - return -ENODEV; - } - - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_set_mac_address: " - "Revectored dev=%s->%s addr=0p%p\n", - dev->name, prv->dev->name, addr); - return prv->set_mac_address(prv->dev, addr); - -} - -DEBUG_NO_STATIC void -ipsec_mast_cache_update(struct hh_cache *hh, struct device *dev, unsigned char * haddr) -{ - struct ipsecpriv *prv = dev->priv; - - struct net_device_stats *stats; /* This device's statistics */ - - if(dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_cache_update: " - "no device..."); - return; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_cache_update: " - "no private space associated with dev=%s", - dev->name ? dev->name : "NULL"); - return; - } - - stats = (struct net_device_stats *) &(prv->mystats); - - if(prv->dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_cache_update: " - "no physical device associated with dev=%s", - dev->name ? dev->name : "NULL"); - stats->tx_dropped++; - return; - } - - if(!prv->header_cache_update) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_cache_update: " - "physical device has been detached, cannot set - skb->dev=%s->NULL\n", - dev->name); - return; - } - - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast: " - "Revectored cache_update\n"); - prv->header_cache_update(hh, prv->dev, haddr); - return; -} - -DEBUG_NO_STATIC int -ipsec_mast_neigh_setup(struct neighbour *n) -{ - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_neigh_setup:\n"); - - if (n->nud_state == NUD_NONE) { - n->ops = &arp_broken_ops; - n->output = n->ops->output; - } - return 0; -} - -DEBUG_NO_STATIC int -ipsec_mast_neigh_setup_dev(struct device *dev, struct neigh_parms *p) -{ - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_neigh_setup_dev: " - "setting up %s\n", - dev ? dev->name : "NULL"); - - if (p->tbl->family == AF_INET) { - p->neigh_setup = ipsec_mast_neigh_setup; - p->ucast_probes = 0; - p->mcast_probes = 0; - } - return 0; -} - -/* - * We call the attach routine to attach another device. - */ - -DEBUG_NO_STATIC int -ipsec_mast_attach(struct device *dev, struct device *physdev) -{ - int i; - struct ipsecpriv *prv = dev->priv; - - if(dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_attach: " - "no device..."); - return -ENODEV; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_attach: " - "no private space associated with dev=%s", - dev->name ? dev->name : "NULL"); - return -ENODATA; - } - - prv->dev = physdev; - prv->hard_start_xmit = physdev->hard_start_xmit; - prv->get_stats = physdev->get_stats; - - if (physdev->hard_header) { - prv->hard_header = physdev->hard_header; - dev->hard_header = ipsec_mast_hard_header; - } else - dev->hard_header = NULL; - - if (physdev->rebuild_header) { - prv->rebuild_header = physdev->rebuild_header; - dev->rebuild_header = ipsec_mast_rebuild_header; - } else - dev->rebuild_header = NULL; - - if (physdev->set_mac_address) { - prv->set_mac_address = physdev->set_mac_address; - dev->set_mac_address = ipsec_mast_set_mac_address; - } else - dev->set_mac_address = NULL; - - if (physdev->header_cache_update) { - prv->header_cache_update = physdev->header_cache_update; - dev->header_cache_update = ipsec_mast_cache_update; - } else - dev->header_cache_update = NULL; - - dev->hard_header_len = physdev->hard_header_len; - -/* prv->neigh_setup = physdev->neigh_setup; */ - dev->neigh_setup = ipsec_mast_neigh_setup_dev; - dev->mtu = 16260; /* 0xfff0; */ /* dev->mtu; */ - prv->mtu = physdev->mtu; - -#ifdef PHYSDEV_TYPE - dev->type = physdev->type; /* ARPHRD_MAST; */ -#endif /* PHYSDEV_TYPE */ - - dev->addr_len = physdev->addr_len; - for (i=0; iaddr_len; i++) { - dev->dev_addr[i] = physdev->dev_addr[i]; - } -#ifdef CONFIG_IPSEC_DEBUG - if(debug_mast & DB_MAST_INIT) { - printk(KERN_INFO "klips_debug:ipsec_mast_attach: " - "physical device %s being attached has HW address: %2x", - physdev->name, physdev->dev_addr[0]); - for (i=1; i < physdev->addr_len; i++) { - printk(":%02x", physdev->dev_addr[i]); - } - printk("\n"); - } -#endif /* CONFIG_IPSEC_DEBUG */ - - return 0; -} - -/* - * We call the detach routine to detach the ipsec mast from another device. - */ - -DEBUG_NO_STATIC int -ipsec_mast_detach(struct device *dev) -{ - int i; - struct ipsecpriv *prv = dev->priv; - - if(dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_detach: " - "no device..."); - return -ENODEV; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_REVEC, - "klips_debug:ipsec_mast_detach: " - "no private space associated with dev=%s", - dev->name ? dev->name : "NULL"); - return -ENODATA; - } - - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_detach: " - "physical device %s being detached from virtual device %s\n", - prv->dev ? prv->dev->name : "NULL", - dev->name); - - prv->dev = NULL; - prv->hard_start_xmit = NULL; - prv->get_stats = NULL; - - prv->hard_header = NULL; -#ifdef DETACH_AND_DOWN - dev->hard_header = NULL; -#endif /* DETACH_AND_DOWN */ - - prv->rebuild_header = NULL; -#ifdef DETACH_AND_DOWN - dev->rebuild_header = NULL; -#endif /* DETACH_AND_DOWN */ - - prv->set_mac_address = NULL; -#ifdef DETACH_AND_DOWN - dev->set_mac_address = NULL; -#endif /* DETACH_AND_DOWN */ - - prv->header_cache_update = NULL; -#ifdef DETACH_AND_DOWN - dev->header_cache_update = NULL; -#endif /* DETACH_AND_DOWN */ - -#ifdef DETACH_AND_DOWN - dev->neigh_setup = NULL; -#endif /* DETACH_AND_DOWN */ - - dev->hard_header_len = 0; -#ifdef DETACH_AND_DOWN - dev->mtu = 0; -#endif /* DETACH_AND_DOWN */ - prv->mtu = 0; - for (i=0; idev_addr[i] = 0; - } - dev->addr_len = 0; -#ifdef PHYSDEV_TYPE - dev->type = ARPHRD_VOID; /* ARPHRD_MAST; */ -#endif /* PHYSDEV_TYPE */ - - return 0; -} - -/* - * We call the clear routine to detach all ipsec masts from other devices. - */ -DEBUG_NO_STATIC int -ipsec_mast_clear(void) -{ - int i; - struct device *ipsecdev = NULL, *prvdev; - struct ipsecpriv *prv; - char name[9]; - int ret; - - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_clear: .\n"); - - for(i = 0; i < IPSEC_NUM_IF; i++) { - sprintf(name, IPSEC_DEV_FORMAT, i); - if((ipsecdev = ipsec_dev_get(name)) != NULL) { - if((prv = (struct ipsecpriv *)(ipsecdev->priv))) { - prvdev = (struct device *)(prv->dev); - if(prvdev) { - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_clear: " - "physical device for device %s is %s\n", - name, prvdev->name); - if((ret = ipsec_mast_detach(ipsecdev))) { - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_clear: " - "error %d detatching device %s from device %s.\n", - ret, name, prvdev->name); - return ret; - } - } - } - } - } - return 0; -} - -DEBUG_NO_STATIC int -ipsec_mast_ioctl(struct device *dev, struct ifreq *ifr, int cmd) -{ - struct ipsecmastconf *cf = (struct ipsecmastconf *)&ifr->ifr_data; - struct ipsecpriv *prv = dev->priv; - struct device *them; /* physical device */ -#ifdef CONFIG_IP_ALIAS - char *colon; - char realphysname[IFNAMSIZ]; -#endif /* CONFIG_IP_ALIAS */ - - if(dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "device not supplied.\n"); - return -ENODEV; - } - - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "tncfg service call #%d for dev=%s\n", - cmd, - dev->name ? dev->name : "NULL"); - switch (cmd) { - /* attach a virtual ipsec? device to a physical device */ - case IPSEC_SET_DEV: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "calling ipsec_mast_attatch...\n"); -#ifdef CONFIG_IP_ALIAS - /* If this is an IP alias interface, get its real physical name */ - strncpy(realphysname, cf->cf_name, IFNAMSIZ); - realphysname[IFNAMSIZ-1] = 0; - colon = strchr(realphysname, ':'); - if (colon) *colon = 0; - them = ipsec_dev_get(realphysname); -#else /* CONFIG_IP_ALIAS */ - them = ipsec_dev_get(cf->cf_name); -#endif /* CONFIG_IP_ALIAS */ - - if (them == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "physical device %s requested is null\n", - cf->cf_name); - return -ENXIO; - } - -#if 0 - if (them->flags & IFF_UP) { - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "physical device %s requested is not up.\n", - cf->cf_name); - return -ENXIO; - } -#endif - - if (prv && prv->dev) { - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "virtual device is already connected to %s.\n", - prv->dev->name ? prv->dev->name : "NULL"); - return -EBUSY; - } - return ipsec_mast_attach(dev, them); - - case IPSEC_DEL_DEV: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "calling ipsec_mast_detatch.\n"); - if (! prv->dev) { - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "physical device not connected.\n"); - return -ENODEV; - } - return ipsec_mast_detach(dev); - - case IPSEC_CLR_DEV: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "calling ipsec_mast_clear.\n"); - return ipsec_mast_clear(); - - default: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_ioctl: " - "unknown command %d.\n", - cmd); - return -EOPNOTSUPP; - } -} - -int -ipsec_mast_device_event(struct notifier_block *unused, unsigned long event, void *ptr) -{ - struct device *dev = ptr; - struct device *ipsec_dev; - struct ipsecpriv *priv; - char name[9]; - int i; - - if (dev == NULL) { - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "dev=NULL for event type %ld.\n", - event); - return(NOTIFY_DONE); - } - - /* check for loopback devices */ - if (dev && (dev->flags & IFF_LOOPBACK)) { - return(NOTIFY_DONE); - } - - switch (event) { - case NETDEV_DOWN: - /* look very carefully at the scope of these compiler - directives before changing anything... -- RGB */ - - case NETDEV_UNREGISTER: - switch (event) { - case NETDEV_DOWN: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_DOWN dev=%s flags=%x\n", - dev->name, - dev->flags); - if(strncmp(dev->name, "ipsec", strlen("ipsec")) == 0) { - printk(KERN_CRIT "IPSEC EVENT: KLIPS device %s shut down.\n", - dev->name); - } - break; - case NETDEV_UNREGISTER: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_UNREGISTER dev=%s flags=%x\n", - dev->name, - dev->flags); - break; - } - - /* find the attached physical device and detach it. */ - for(i = 0; i < IPSEC_NUM_IF; i++) { - sprintf(name, IPSEC_DEV_FORMAT, i); - ipsec_dev = ipsec_dev_get(name); - if(ipsec_dev) { - priv = (struct ipsecpriv *)(ipsec_dev->priv); - if(priv) { - ; - if(((struct device *)(priv->dev)) == dev) { - /* dev_close(ipsec_dev); */ - /* return */ ipsec_mast_detach(ipsec_dev); - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "device '%s' has been detached.\n", - ipsec_dev->name); - break; - } - } else { - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "device '%s' has no private data space!\n", - ipsec_dev->name); - } - } - } - break; - case NETDEV_UP: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_UP dev=%s\n", - dev->name); - break; - case NETDEV_REBOOT: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_REBOOT dev=%s\n", - dev->name); - break; - case NETDEV_CHANGE: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_CHANGE dev=%s flags=%x\n", - dev->name, - dev->flags); - break; - case NETDEV_REGISTER: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_REGISTER dev=%s\n", - dev->name); - break; - case NETDEV_CHANGEMTU: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_CHANGEMTU dev=%s to mtu=%d\n", - dev->name, - dev->mtu); - break; - case NETDEV_CHANGEADDR: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_CHANGEADDR dev=%s\n", - dev->name); - break; - case NETDEV_GOING_DOWN: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_GOING_DOWN dev=%s\n", - dev->name); - break; - case NETDEV_CHANGENAME: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "NETDEV_CHANGENAME dev=%s\n", - dev->name); - break; - default: - KLIPS_PRINT(debug_mast & DB_MAST_INIT, - "klips_debug:ipsec_mast_device_event: " - "event type %ld unrecognised for dev=%s\n", - event, - dev->name); - break; - } - return NOTIFY_DONE; -} - -/* - * Called when an ipsec mast device is initialized. - * The ipsec mast device structure is passed to us. - */ - -int -ipsec_mast_init(struct device *dev) -{ - int i; - - KLIPS_PRINT(debug_mast, - "klips_debug:ipsec_mast_init: " - "allocating %lu bytes initialising device: %s\n", - (unsigned long) sizeof(struct ipsecpriv), - dev->name ? dev->name : "NULL"); - - /* Add our mast functions to the device */ - dev->open = ipsec_mast_open; - dev->stop = ipsec_mast_close; - dev->hard_start_xmit = ipsec_mast_start_xmit; - dev->get_stats = ipsec_mast_get_stats; - - dev->priv = kmalloc(sizeof(struct ipsecpriv), GFP_KERNEL); - if (dev->priv == NULL) - return -ENOMEM; - memset((caddr_t)(dev->priv), 0, sizeof(struct ipsecpriv)); - - for(i = 0; i < sizeof(zeroes); i++) { - ((__u8*)(zeroes))[i] = 0; - } - - dev->set_multicast_list = NULL; - dev->do_ioctl = ipsec_mast_ioctl; - dev->hard_header = NULL; - dev->rebuild_header = NULL; - dev->set_mac_address = NULL; - dev->header_cache_update= NULL; - dev->neigh_setup = ipsec_mast_neigh_setup_dev; - dev->hard_header_len = 0; - dev->mtu = 0; - dev->addr_len = 0; - dev->type = ARPHRD_VOID; /* ARPHRD_MAST; */ /* ARPHRD_ETHER; */ - dev->tx_queue_len = 10; /* Small queue */ - memset((caddr_t)(dev->broadcast),0xFF, ETH_ALEN); /* what if this is not attached to ethernet? */ - - /* New-style flags. */ - dev->flags = IFF_NOARP /* 0 */ /* Petr Novak */; - dev_init_buffers(dev); - - /* We're done. Have I forgotten anything? */ - return 0; -} - -/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ -/* Module specific interface (but it links with the rest of IPSEC) */ -/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ - -int -ipsec_mast_probe(struct device *dev) -{ - ipsec_mast_init(dev); - return 0; -} - -int -ipsec_mast_init_devices(void) -{ - return 0; -} - -/* void */ -int -ipsec_mast_cleanup_devices(void) -{ - int error = 0; - int i; - char name[10]; - struct device *dev_mast; - - for(i = 0; i < ipsec_mastdevice_count; i++) { - sprintf(name, MAST_DEV_FORMAT, i); - if((dev_mast = ipsec_dev_get(name)) == NULL) { - break; - } - unregister_netdev(dev_mast); - kfree(dev_mast->priv); - dev_mast->priv=NULL; - } - return error; -} diff --git a/linux/net/ipsec/ipsec_md5c.c b/linux/net/ipsec/ipsec_md5c.c deleted file mode 100644 index 41a1551c1..000000000 --- a/linux/net/ipsec/ipsec_md5c.c +++ /dev/null @@ -1,448 +0,0 @@ -/* - * RCSID $Id: ipsec_md5c.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ - -/* - * The rest of the code is derived from MD5C.C by RSADSI. Minor cosmetic - * changes to accomodate it in the kernel by ji. - */ - -#include -#include - -#include "freeswan/ipsec_md5h.h" - -/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm - */ - -/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All -rights reserved. - -License to copy and use this software is granted provided that it -is identified as the "RSA Data Security, Inc. MD5 Message-Digest -Algorithm" in all material mentioning or referencing this software -or this function. - -License is also granted to make and use derivative works provided -that such works are identified as "derived from the RSA Data -Security, Inc. MD5 Message-Digest Algorithm" in all material -mentioning or referencing the derived work. - -RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided "as is" -without express or implied warranty of any kind. - -These notices must be retained in any copies of any part of this -documentation and/or software. - */ - -/* - * Additions by JI - * - * HAVEMEMCOPY is defined if mem* routines are available - * - * HAVEHTON is defined if htons() and htonl() can be used - * for big/little endian conversions - * - */ - -#define HAVEMEMCOPY -#ifdef __LITTLE_ENDIAN -#define LITTLENDIAN -#endif -#ifdef __BIG_ENDIAN -#define BIGENDIAN -#endif - -/* Constants for MD5Transform routine. - */ - -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - -static void MD5Transform PROTO_LIST ((UINT4 [4], unsigned char [64])); - -#ifdef LITTLEENDIAN -#define Encode MD5_memcpy -#define Decode MD5_memcpy -#else -static void Encode PROTO_LIST - ((unsigned char *, UINT4 *, unsigned int)); -static void Decode PROTO_LIST - ((UINT4 *, unsigned char *, unsigned int)); -#endif - -#ifdef HAVEMEMCOPY -/* no need to include here; defines these */ -#define MD5_memcpy memcpy -#define MD5_memset memset -#else -#ifdef HAVEBCOPY -#define MD5_memcpy(_a,_b,_c) bcopy((_b),(_a),(_c)) -#define MD5_memset(_a,_b,_c) bzero((_a),(_c)) -#else -static void MD5_memcpy PROTO_LIST ((POINTER, POINTER, unsigned int)); -static void MD5_memset PROTO_LIST ((POINTER, int, unsigned int)); -#endif -#endif -static unsigned char PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* F, G, H and I are basic MD5 functions. - */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits. - */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. -Rotation is separate from addition to prevent recomputation. - */ -#define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define II(a, b, c, d, x, s, ac) { \ - (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } - -/* - * MD5 initialization. Begins an MD5 operation, writing a new context. - */ -void MD5Init(void *vcontext) -{ - MD5_CTX *context = vcontext; - - context->count[0] = context->count[1] = 0; - /* Load magic initialization constants. -*/ - context->state[0] = 0x67452301; - context->state[1] = 0xefcdab89; - context->state[2] = 0x98badcfe; - context->state[3] = 0x10325476; -} - -/* MD5 block update operation. Continues an MD5 message-digest - operation, processing another message block, and updating the - context. - */ -void MD5Update (vcontext, input, inputLen) - void *vcontext; - unsigned char *input; /* input block */ - __u32 inputLen; /* length of input block */ -{ - MD5_CTX *context = vcontext; - __u32 i; - unsigned int index, partLen; - - /* Compute number of bytes mod 64 */ - index = (unsigned int)((context->count[0] >> 3) & 0x3F); - - /* Update number of bits */ - if ((context->count[0] += ((UINT4)inputLen << 3)) - < ((UINT4)inputLen << 3)) - context->count[1]++; - context->count[1] += ((UINT4)inputLen >> 29); - - partLen = 64 - index; - - /* Transform as many times as possible. -*/ - if (inputLen >= partLen) { - MD5_memcpy - ((POINTER)&context->buffer[index], (POINTER)input, partLen); - MD5Transform (context->state, context->buffer); - - for (i = partLen; i + 63 < inputLen; i += 64) - MD5Transform (context->state, &input[i]); - - index = 0; - } - else - i = 0; - - /* Buffer remaining input */ - MD5_memcpy - ((POINTER)&context->buffer[index], (POINTER)&input[i], - inputLen-i); -} - -/* MD5 finalization. Ends an MD5 message-digest operation, writing the - the message digest and zeroizing the context. - */ -void MD5Final (digest, vcontext) -unsigned char digest[16]; /* message digest */ -void *vcontext; /* context */ -{ - MD5_CTX *context = vcontext; - unsigned char bits[8]; - unsigned int index, padLen; - - /* Save number of bits */ - Encode (bits, context->count, 8); - - /* Pad out to 56 mod 64. -*/ - index = (unsigned int)((context->count[0] >> 3) & 0x3f); - padLen = (index < 56) ? (56 - index) : (120 - index); - MD5Update (context, PADDING, padLen); - - /* Append length (before padding) */ - MD5Update (context, bits, 8); - - if (digest != NULL) /* Bill Simpson's padding */ - { - /* store state in digest */ - Encode (digest, context->state, 16); - - /* Zeroize sensitive information. - */ - MD5_memset ((POINTER)context, 0, sizeof (*context)); - } -} - -/* MD5 basic transformation. Transforms state based on block. - */ -static void MD5Transform (state, block) -UINT4 state[4]; -unsigned char block[64]; -{ - UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16]; - - Decode (x, block, 64); - - /* Round 1 */ - FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ - FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ - FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ - FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ - FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ - FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ - FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ - FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ - FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ - FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ - FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - - /* Round 2 */ - GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ - GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ - GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ - GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ - GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ - GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ - GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ - GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ - GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ - GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ - GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - - /* Round 3 */ - HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ - HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ - HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ - HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ - HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ - HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ - HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ - HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ - HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ - HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ - - /* Round 4 */ - II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ - II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ - II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ - II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ - II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ - II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ - II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ - II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ - II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ - II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - - /* Zeroize sensitive information. -*/ - MD5_memset ((POINTER)x, 0, sizeof (x)); -} - -#ifndef LITTLEENDIAN - -/* Encodes input (UINT4) into output (unsigned char). Assumes len is - a multiple of 4. - */ -static void Encode (output, input, len) -unsigned char *output; -UINT4 *input; -unsigned int len; -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (unsigned char)(input[i] & 0xff); - output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); - output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); - output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); - } -} - -/* Decodes input (unsigned char) into output (UINT4). Assumes len is - a multiple of 4. - */ -static void Decode (output, input, len) -UINT4 *output; -unsigned char *input; -unsigned int len; -{ - unsigned int i, j; - - for (i = 0, j = 0; j < len; i++, j += 4) - output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) | - (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24); -} - -#endif - -#ifndef HAVEMEMCOPY -#ifndef HAVEBCOPY -/* Note: Replace "for loop" with standard memcpy if possible. - */ - -static void MD5_memcpy (output, input, len) -POINTER output; -POINTER input; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - - output[i] = input[i]; -} - -/* Note: Replace "for loop" with standard memset if possible. - */ - -static void MD5_memset (output, value, len) -POINTER output; -int value; -unsigned int len; -{ - unsigned int i; - - for (i = 0; i < len; i++) - ((char *)output)[i] = (char)value; -} -#endif -#endif - -/* - * $Log: ipsec_md5c.c,v $ - * Revision 1.1 2004/03/15 20:35:26 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.7 2002/09/10 01:45:14 mcr - * changed type of MD5_CTX and SHA1_CTX to void * so that - * the function prototypes would match, and could be placed - * into a pointer to a function. - * - * Revision 1.6 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.5 2002/04/24 07:36:28 mcr - * Moved from ./klips/net/ipsec/ipsec_md5c.c,v - * - * Revision 1.4 1999/12/13 13:59:12 rgb - * Quick fix to argument size to Update bugs. - * - * Revision 1.3 1999/05/21 18:09:28 henry - * unnecessary include causes trouble in 2.2 - * - * Revision 1.2 1999/04/06 04:54:26 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.1 1998/06/18 21:27:48 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.2 1998/04/23 20:54:02 rgb - * Fixed md5 and sha1 include file nesting issues, to be cleaned up when - * verified. - * - * Revision 1.1 1998/04/09 03:06:08 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:04 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.3 1996/11/20 14:48:53 ji - * Release update only. - * - * Revision 0.2 1996/11/02 00:18:33 ji - * First limited release. - * - * - */ diff --git a/linux/net/ipsec/ipsec_proc.c b/linux/net/ipsec/ipsec_proc.c deleted file mode 100644 index 5d2bba554..000000000 --- a/linux/net/ipsec/ipsec_proc.c +++ /dev/null @@ -1,1003 +0,0 @@ -/* - * @(#) /proc file system interface code. - * - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs - * 2001 Michael Richardson - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * Split out from ipsec_init.c version 1.70. - */ - -char ipsec_proc_c_version[] = "RCSID $Id: ipsec_proc.c,v 1.8 2004/04/28 08:06:22 as Exp $"; - -#include -#include -#define __NO_VERSION__ -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include /* struct sockaddr_in */ -#include -#include -#ifdef SPINLOCK -#ifdef SPINLOCK_23 -#include /* *lock* */ -#else /* SPINLOCK_23 */ -#include /* *lock* */ -#endif /* SPINLOCK_23 */ -#endif /* SPINLOCK */ -#ifdef NET_21 -#include -#include -#endif /* NET_21 */ -#include -#include -#ifdef CONFIG_PROC_FS -#include -#endif /* CONFIG_PROC_FS */ -#ifdef NETLINK_SOCK -#include -#else -#include -#endif - -#include "freeswan/radij.h" - -#include "freeswan/ipsec_life.h" -#include "freeswan/ipsec_stats.h" -#include "freeswan/ipsec_sa.h" - -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_xmit.h" - -#include "freeswan/ipsec_rcv.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" - -#ifdef CONFIG_IPSEC_IPCOMP -#include "freeswan/ipcomp.h" -#endif /* CONFIG_IPSEC_IPCOMP */ - -#include "freeswan/ipsec_proto.h" - -#include -#include - -#ifdef CONFIG_PROC_FS - -#ifdef IPSEC_PROC_SUBDIRS -static struct proc_dir_entry *proc_net_ipsec_dir = NULL; -static struct proc_dir_entry *proc_eroute_dir = NULL; -static struct proc_dir_entry *proc_spi_dir = NULL; -static struct proc_dir_entry *proc_spigrp_dir = NULL; -static struct proc_dir_entry *proc_birth_dir = NULL; -static struct proc_dir_entry *proc_stats_dir = NULL; -#endif - -struct ipsec_birth_reply ipsec_ipv4_birth_packet; -struct ipsec_birth_reply ipsec_ipv6_birth_packet; - -extern int ipsec_xform_get_info(char *buffer, char **start, - off_t offset, int length IPSEC_PROC_LAST_ARG); - - -/* ipsec_snprintf: like snprintf except - * - size is signed and a negative value is treated as if it were 0 - * - the returned result is never negative -- - * an error generates a "?" or null output (depending on space). - * (Our callers are too lazy to check for an error return.) - * - * @param buf String buffer - * @param size Size of the string - * @param fmt printf string - * @param ... Variables to be displayed in fmt - * @return int Return code - */ -int ipsec_snprintf(char *buf, ssize_t size, const char *fmt, ...) -{ - va_list args; - int i; - size_t possize = size < 0? 0 : size; - va_start(args, fmt); - i = vsnprintf(buf,possize,fmt,args); - va_end(args); - if (i < 0) { - /* create empty output in place of error */ - i = 0; - if (size > 0) { - *buf = '\0'; - } - } - return i; -} - - -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_eroute_get_info(char *buffer, - char **start, - off_t offset, - int length IPSEC_PROC_LAST_ARG) -{ - struct wsbuf w = {buffer, length, offset, 0, 0}; - -#ifdef CONFIG_IPSEC_DEBUG - if (debug_radij & DB_RJ_DUMPTREES) - rj_dumptrees(); /* XXXXXXXXX */ -#endif /* CONFIG_IPSEC_DEBUG */ - - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_eroute_get_info: " - "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", - buffer, - *start, - (int)offset, - length); - - spin_lock_bh(&eroute_lock); - - rj_walktree(rnh, ipsec_rj_walker_procprint, &w); -/* rj_walktree(mask_rjhead, ipsec_rj_walker_procprint, &w); */ - - spin_unlock_bh(&eroute_lock); - - *start = buffer + (offset - w.begin); /* Start of wanted data */ - return w.len - (offset - w.begin); -} - -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_spi_get_info(char *buffer, - char **start, - off_t offset, - int length IPSEC_PROC_LAST_ARG) -{ - /* Limit of useful snprintf output */ - const int max_content = length > 0? length-1 : 0; - - int len = 0; - off_t begin = 0; - int i; - struct ipsec_sa *sa_p; - char sa[SATOA_BUF]; - char buf_s[SUBNETTOA_BUF]; - char buf_d[SUBNETTOA_BUF]; - size_t sa_len; - - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_spi_get_info: " - "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", - buffer, - *start, - (int)offset, - length); - - spin_lock_bh(&tdb_lock); - - - - for (i = 0; i < SADB_HASHMOD; i++) { - for (sa_p = ipsec_sadb_hash[i]; - sa_p; - sa_p = sa_p->ips_hnext) { - atomic_inc(&sa_p->ips_refcount); - sa_len = satoa(sa_p->ips_said, 0, sa, SATOA_BUF); - len += ipsec_snprintf(buffer+len, length-len, "%s ", - sa_len ? sa : " (error)"); - - len += ipsec_snprintf(buffer+len, length-len, "%s%s%s", - IPS_XFORM_NAME(sa_p)); - - len += ipsec_snprintf(buffer+len, length-len, ": dir=%s", - (sa_p->ips_flags & EMT_INBOUND) ? - "in " : "out"); - - if(sa_p->ips_addr_s) { - addrtoa(((struct sockaddr_in*)(sa_p->ips_addr_s))->sin_addr, - 0, buf_s, sizeof(buf_s)); - len += ipsec_snprintf(buffer+len, length-len, " src=%s", - buf_s); - } - - if((sa_p->ips_said.proto == IPPROTO_IPIP) - && (sa_p->ips_flags & SADB_X_SAFLAGS_INFLOW)) { - subnettoa(sa_p->ips_flow_s.u.v4.sin_addr, - sa_p->ips_mask_s.u.v4.sin_addr, - 0, - buf_s, - sizeof(buf_s)); - - subnettoa(sa_p->ips_flow_d.u.v4.sin_addr, - sa_p->ips_mask_d.u.v4.sin_addr, - 0, - buf_d, - sizeof(buf_d)); - - len += ipsec_snprintf(buffer+len, length-len, " policy=%s->%s", - buf_s, buf_d); - } - - if(sa_p->ips_iv_bits) { - int j; - len += ipsec_snprintf(buffer+len, length-len, " iv_bits=%dbits iv=0x", - sa_p->ips_iv_bits); - - for(j = 0; j < sa_p->ips_iv_bits / 8; j++) { - len += ipsec_snprintf(buffer+len, length-len, "%02x", - (__u32)((__u8*)(sa_p->ips_iv))[j]); - } - } - - if(sa_p->ips_encalg || sa_p->ips_authalg) { - if(sa_p->ips_replaywin) { - len += ipsec_snprintf(buffer+len, length-len, " ooowin=%d", - sa_p->ips_replaywin); - } - if(sa_p->ips_errs.ips_replaywin_errs) { - len += ipsec_snprintf(buffer+len, length-len, " ooo_errs=%d", - sa_p->ips_errs.ips_replaywin_errs); - } - if(sa_p->ips_replaywin_lastseq) { - len += ipsec_snprintf(buffer+len, length-len, " seq=%d", - sa_p->ips_replaywin_lastseq); - } - if(sa_p->ips_replaywin_bitmap) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) - len += ipsec_snprintf(buffer+len, length-len, " bit=0x%Lx", - sa_p->ips_replaywin_bitmap); -#else - len += ipsec_snprintf(buffer+len, length-len, " bit=0x%x%08x", - (__u32)(sa_p->ips_replaywin_bitmap >> 32), - (__u32)sa_p->ips_replaywin_bitmap); -#endif - } - if(sa_p->ips_replaywin_maxdiff) { - len += ipsec_snprintf(buffer+len, length-len, " max_seq_diff=%d", - sa_p->ips_replaywin_maxdiff); - } - } - if(sa_p->ips_flags & ~EMT_INBOUND) { - len += ipsec_snprintf(buffer+len, length-len, " flags=0x%x", - sa_p->ips_flags & ~EMT_INBOUND); - len += ipsec_snprintf(buffer+len, length-len, "<"); - /* flag printing goes here */ - len += ipsec_snprintf(buffer+len, length-len, ">"); - } - if(sa_p->ips_auth_bits) { - len += ipsec_snprintf(buffer+len, length-len, " alen=%d", - sa_p->ips_auth_bits); - } - if(sa_p->ips_key_bits_a) { - len += ipsec_snprintf(buffer+len, length-len, " aklen=%d", - sa_p->ips_key_bits_a); - } - if(sa_p->ips_errs.ips_auth_errs) { - len += ipsec_snprintf(buffer+len, length-len, " auth_errs=%d", - sa_p->ips_errs.ips_auth_errs); - } - if(sa_p->ips_key_bits_e) { - len += ipsec_snprintf(buffer+len, length-len, " eklen=%d", - sa_p->ips_key_bits_e); - } - if(sa_p->ips_errs.ips_encsize_errs) { - len += ipsec_snprintf(buffer+len, length-len, " encr_size_errs=%d", - sa_p->ips_errs.ips_encsize_errs); - } - if(sa_p->ips_errs.ips_encpad_errs) { - len += ipsec_snprintf(buffer+len, length-len, " encr_pad_errs=%d", - sa_p->ips_errs.ips_encpad_errs); - } - - len += ipsec_snprintf(buffer+len, length-len, " life(c,s,h)="); - - len += ipsec_lifetime_format(buffer + len, - length - len, - "alloc", - ipsec_life_countbased, - &sa_p->ips_life.ipl_allocations); - - len += ipsec_lifetime_format(buffer + len, - length - len, - "bytes", - ipsec_life_countbased, - &sa_p->ips_life.ipl_bytes); - - len += ipsec_lifetime_format(buffer + len, - length - len, - "addtime", - ipsec_life_timebased, - &sa_p->ips_life.ipl_addtime); - - len += ipsec_lifetime_format(buffer + len, - length - len, - "usetime", - ipsec_life_timebased, - &sa_p->ips_life.ipl_usetime); - - len += ipsec_lifetime_format(buffer + len, - length - len, - "packets", - ipsec_life_countbased, - &sa_p->ips_life.ipl_packets); - - if(sa_p->ips_life.ipl_usetime.ipl_last) { /* XXX-MCR should be last? */ -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) - len += ipsec_snprintf(buffer+len, length-len, " idle=%Ld", - jiffies / HZ - sa_p->ips_life.ipl_usetime.ipl_last); -#else - len += ipsec_snprintf(buffer+len, length-len, " idle=%lu", - jiffies / HZ - (unsigned long)sa_p->ips_life.ipl_usetime.ipl_last); -#endif - } - -#ifdef CONFIG_IPSEC_IPCOMP - if(sa_p->ips_said.proto == IPPROTO_COMP && - (sa_p->ips_comp_ratio_dbytes || - sa_p->ips_comp_ratio_cbytes)) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0) - len += ipsec_snprintf(buffer+len, length-len, " ratio=%Ld:%Ld", - sa_p->ips_comp_ratio_dbytes, - sa_p->ips_comp_ratio_cbytes); -#else - len += ipsec_snprintf(buffer+len, length-len, " ratio=%lu:%lu", - (unsigned long)sa_p->ips_comp_ratio_dbytes, - (unsigned long)sa_p->ips_comp_ratio_cbytes); -#endif - } -#endif /* CONFIG_IPSEC_IPCOMP */ - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if(sa_p->ips_natt_type != 0) { - char *natttype_name; - - switch(sa_p->ips_natt_type) - { - case ESPINUDP_WITH_NON_IKE: - natttype_name="nonike"; - break; - case ESPINUDP_WITH_NON_ESP: - natttype_name="nonesp"; - break; - default: - natttype_name="unknown"; - break; - } - - len += ipsec_snprintf(buffer+len, length-len, " natencap=%s", - natttype_name); - - len += ipsec_snprintf(buffer+len, length-len, " natsport=%d", - sa_p->ips_natt_sport); - - len += ipsec_snprintf(buffer+len, length-len, " natdport=%d", - sa_p->ips_natt_dport); - } -#endif /* CONFIG_IPSEC_NAT_TRAVERSAL */ - - len += ipsec_snprintf(buffer+len, length-len, " refcount=%d", - atomic_read(&sa_p->ips_refcount)); - - len += ipsec_snprintf(buffer+len, length-len, " ref=%d", - sa_p->ips_ref); -#ifdef CONFIG_IPSEC_DEBUG - if(debug_xform) { - len += ipsec_snprintf(buffer+len, length-len, " reftable=%lu refentry=%lu", - (unsigned long)IPsecSAref2table(sa_p->ips_ref), - (unsigned long)IPsecSAref2entry(sa_p->ips_ref)); - } -#endif /* CONFIG_IPSEC_DEBUG */ - - len += ipsec_snprintf(buffer+len, length-len, "\n"); - - atomic_dec(&sa_p->ips_refcount); - - if (len >= max_content) { - /* we've done all that can fit -- stop loops */ - len = max_content; /* truncate crap */ - goto done_spi_i; - } else { - const off_t pos = begin + len; - - if (pos <= offset) { - /* all is before first interesting character: - * discard, but note where we are. - */ - len = 0; - begin = pos; - } - } - } - } - -done_spi_i: - spin_unlock_bh(&tdb_lock); - - *start = buffer + (offset - begin); /* Start of wanted data */ - return len - (offset - begin); -} - -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_spigrp_get_info(char *buffer, - char **start, - off_t offset, - int length IPSEC_PROC_LAST_ARG) -{ - /* limit of useful snprintf output */ - const int max_content = length > 0? length-1 : 0; - - int len = 0; - off_t begin = 0; - int i; - struct ipsec_sa *sa_p, *sa_p2; - char sa[SATOA_BUF]; - size_t sa_len; - - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_spigrp_get_info: " - "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", - buffer, - *start, - (int)offset, - length); - - spin_lock_bh(&tdb_lock); - - for (i = 0; i < SADB_HASHMOD; i++) { - for (sa_p = ipsec_sadb_hash[i]; - sa_p != NULL; - sa_p = sa_p->ips_hnext) - { - atomic_inc(&sa_p->ips_refcount); - if(sa_p->ips_inext == NULL) { - sa_p2 = sa_p; - while(sa_p2 != NULL) { - atomic_inc(&sa_p2->ips_refcount); - sa_len = satoa(sa_p2->ips_said, - 0, sa, SATOA_BUF); - - len += ipsec_snprintf(buffer+len, length-len, "%s ", - sa_len ? sa : " (error)"); - atomic_dec(&sa_p2->ips_refcount); - sa_p2 = sa_p2->ips_onext; - } - len += ipsec_snprintf(buffer+len, length-len, "\n"); - } - - atomic_dec(&sa_p->ips_refcount); - - if (len >= max_content) { - /* we've done all that can fit -- stop loops */ - len = max_content; /* truncate crap */ - goto done_spigrp_i; - } else { - const off_t pos = begin + len; - - if (pos <= offset) { - /* all is before first interesting character: - * discard, but note where we are. - */ - len = 0; - begin = pos; - } - } - } - } - - done_spigrp_i: - spin_unlock_bh(&tdb_lock); - - *start = buffer + (offset - begin); /* Start of wanted data */ - return len - (offset - begin); -} - -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_tncfg_get_info(char *buffer, - char **start, - off_t offset, - int length IPSEC_PROC_LAST_ARG) -{ - /* limit of useful snprintf output */ - const int max_content = length > 0? length-1 : 0; - - int len = 0; - off_t begin = 0; - int i; - char name[9]; - struct device *dev, *privdev; - struct ipsecpriv *priv; - - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_tncfg_get_info: " - "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", - buffer, - *start, - (int)offset, - length); - - for(i = 0; i < IPSEC_NUM_IF; i++) { - ipsec_snprintf(name, (ssize_t) sizeof(name), IPSEC_DEV_FORMAT, i); - dev = __ipsec_dev_get(name); - if(dev) { - priv = (struct ipsecpriv *)(dev->priv); - len += ipsec_snprintf(buffer+len, length-len, "%s", - dev->name); - if(priv) { - privdev = (struct device *)(priv->dev); - len += ipsec_snprintf(buffer+len, length-len, " -> %s", - privdev ? privdev->name : "NULL"); - len += ipsec_snprintf(buffer+len, length-len, " mtu=%d(%d) -> %d", - dev->mtu, - priv->mtu, - privdev ? privdev->mtu : 0); - } else { - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_tncfg_get_info: device '%s' has no private data space!\n", - dev->name); - } - len += ipsec_snprintf(buffer+len, length-len, "\n"); - - if (len >= max_content) { - /* we've done all that can fit -- stop loop */ - len = max_content; /* truncate crap */ - break; - } else { - const off_t pos = begin + len; - if (pos <= offset) { - len = 0; - begin = pos; - } - } - } - } - *start = buffer + (offset - begin); /* Start of wanted data */ - len -= (offset - begin); /* Start slop */ - if (len > length) - len = length; - return len; -} - -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_version_get_info(char *buffer, - char **start, - off_t offset, - int length IPSEC_PROC_LAST_ARG) -{ - int len = 0; - off_t begin = 0; - - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_version_get_info: " - "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", - buffer, - *start, - (int)offset, - length); - - len += ipsec_snprintf(buffer+len, length-len, "strongSwan version: %s\n", - ipsec_version_code()); -#if 0 - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_version_get_info: " - "ipsec_init version: %s\n", - ipsec_init_c_version); - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_version_get_info: " - "ipsec_tunnel version: %s\n", - ipsec_tunnel_c_version); - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_version_get_info: " - "ipsec_netlink version: %s\n", - ipsec_netlink_c_version); - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_version_get_info: " - "radij_c_version: %s\n", - radij_c_version); -#endif - - *start = buffer + (offset - begin); /* Start of wanted data */ - len -= (offset - begin); /* Start slop */ - if (len > length) - len = length; - return len; -} - -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_birth_info(char *page, - char **start, - off_t offset, - int count, - int *eof, - void *data) -{ - struct ipsec_birth_reply *ibr = (struct ipsec_birth_reply *)data; - int len; - - if(offset >= ibr->packet_template_len) { - if(eof) { - *eof=1; - } - return 0; - } - - len = ibr->packet_template_len; - len -= offset; - if (len > count) - len = count; - - memcpy(page + offset, ibr->packet_template+offset, len); - - return len; -} - -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_birth_set(struct file *file, const char *buffer, - unsigned long count, void *data) -{ - struct ipsec_birth_reply *ibr = (struct ipsec_birth_reply *)data; - int len; - - MOD_INC_USE_COUNT; - if(count > IPSEC_BIRTH_TEMPLATE_MAXLEN) { - len = IPSEC_BIRTH_TEMPLATE_MAXLEN; - } else { - len = count; - } - - if(copy_from_user(ibr->packet_template, buffer, len)) { - MOD_DEC_USE_COUNT; - return -EFAULT; - } - ibr->packet_template_len = len; - - MOD_DEC_USE_COUNT; - - return len; -} - - -#ifdef CONFIG_IPSEC_DEBUG -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_klipsdebug_get_info(char *buffer, - char **start, - off_t offset, - int length IPSEC_PROC_LAST_ARG) -{ - int len = 0; - off_t begin = 0; - - KLIPS_PRINT(debug_tunnel & DB_TN_PROCFS, - "klips_debug:ipsec_klipsdebug_get_info: " - "buffer=0p%p, *start=0p%p, offset=%d, length=%d\n", - buffer, - *start, - (int)offset, - length); - - len += ipsec_snprintf(buffer+len, length-len, "debug_tunnel=%08x.\n", debug_tunnel); - len += ipsec_snprintf(buffer+len, length-len, "debug_xform=%08x.\n", debug_xform); - len += ipsec_snprintf(buffer+len, length-len, "debug_eroute=%08x.\n", debug_eroute); - len += ipsec_snprintf(buffer+len, length-len, "debug_spi=%08x.\n", debug_spi); - len += ipsec_snprintf(buffer+len, length-len, "debug_radij=%08x.\n", debug_radij); - len += ipsec_snprintf(buffer+len, length-len, "debug_esp=%08x.\n", debug_esp); - len += ipsec_snprintf(buffer+len, length-len, "debug_ah=%08x.\n", debug_ah); - len += ipsec_snprintf(buffer+len, length-len, "debug_rcv=%08x.\n", debug_rcv); - len += ipsec_snprintf(buffer+len, length-len, "debug_pfkey=%08x.\n", debug_pfkey); - - *start = buffer + (offset - begin); /* Start of wanted data */ - len -= (offset - begin); /* Start slop */ - if (len > length) - len = length; - return len; -} -#endif /* CONFIG_IPSEC_DEBUG */ - -IPSEC_PROCFS_DEBUG_NO_STATIC -int -ipsec_stats_get_int_info(char *buffer, - char **start, - off_t offset, - int length, - int *eof, - void *data) -{ - /* Limit of useful snprintf output */ - const int max_content = length > 0? length-1 : 0; - - int len = 0; - int *thing; - - thing = (int *)data; - - len = ipsec_snprintf(buffer+len, length-len, "%08x\n", *thing); - - if (len >= max_content) - len = max_content; /* truncate crap */ - - *start = buffer + offset; /* Start of wanted data */ - return len > offset? len - offset : 0; -} - -#ifndef PROC_FS_2325 -struct proc_dir_entry ipsec_eroute = -{ - 0, - 12, "ipsec_eroute", - S_IFREG | S_IRUGO, 1, 0, 0, 0, - &proc_net_inode_operations, - ipsec_eroute_get_info, - NULL, NULL, NULL, NULL, NULL -}; - -struct proc_dir_entry ipsec_spi = -{ - 0, - 9, "ipsec_spi", - S_IFREG | S_IRUGO, 1, 0, 0, 0, - &proc_net_inode_operations, - ipsec_spi_get_info, - NULL, NULL, NULL, NULL, NULL -}; - -struct proc_dir_entry ipsec_spigrp = -{ - 0, - 12, "ipsec_spigrp", - S_IFREG | S_IRUGO, 1, 0, 0, 0, - &proc_net_inode_operations, - ipsec_spigrp_get_info, - NULL, NULL, NULL, NULL, NULL -}; - -struct proc_dir_entry ipsec_tncfg = -{ - 0, - 11, "ipsec_tncfg", - S_IFREG | S_IRUGO, 1, 0, 0, 0, - &proc_net_inode_operations, - ipsec_tncfg_get_info, - NULL, NULL, NULL, NULL, NULL -}; - -struct proc_dir_entry ipsec_version = -{ - 0, - 13, "ipsec_version", - S_IFREG | S_IRUGO, 1, 0, 0, 0, - &proc_net_inode_operations, - ipsec_version_get_info, - NULL, NULL, NULL, NULL, NULL -}; - -#ifdef CONFIG_IPSEC_DEBUG -struct proc_dir_entry ipsec_klipsdebug = -{ - 0, - 16, "ipsec_klipsdebug", - S_IFREG | S_IRUGO, 1, 0, 0, 0, - &proc_net_inode_operations, - ipsec_klipsdebug_get_info, - NULL, NULL, NULL, NULL, NULL -}; -#endif /* CONFIG_IPSEC_DEBUG */ -#endif /* !PROC_FS_2325 */ -#endif /* CONFIG_PROC_FS */ - -#if defined(PROC_FS_2325) -struct ipsec_proc_list { - char *name; - struct proc_dir_entry **parent; - struct proc_dir_entry **dir; - read_proc_t *readthing; - write_proc_t *writething; - void *data; -}; -static struct ipsec_proc_list proc_items[]={ -#ifdef CONFIG_IPSEC_DEBUG - {"klipsdebug", &proc_net_ipsec_dir, NULL, ipsec_klipsdebug_get_info, NULL, NULL}, -#endif - {"eroute", &proc_net_ipsec_dir, &proc_eroute_dir, NULL, NULL, NULL}, - {"all", &proc_eroute_dir, NULL, ipsec_eroute_get_info, NULL, NULL}, - {"spi", &proc_net_ipsec_dir, &proc_spi_dir, NULL, NULL, NULL}, - {"all", &proc_spi_dir, NULL, ipsec_spi_get_info, NULL, NULL}, - {"spigrp", &proc_net_ipsec_dir, &proc_spigrp_dir, NULL, NULL, NULL}, - {"all", &proc_spigrp_dir, NULL, ipsec_spigrp_get_info, NULL, NULL}, - {"birth", &proc_net_ipsec_dir, &proc_birth_dir, NULL, NULL, NULL}, - {"ipv4", &proc_birth_dir, NULL, ipsec_birth_info, ipsec_birth_set, (void *)&ipsec_ipv4_birth_packet}, - {"ipv6", &proc_birth_dir, NULL, ipsec_birth_info, ipsec_birth_set, (void *)&ipsec_ipv6_birth_packet}, - {"xforms", &proc_net_ipsec_dir, NULL, ipsec_xform_get_info, NULL, NULL}, - {"tncfg", &proc_net_ipsec_dir, NULL, ipsec_tncfg_get_info, NULL, NULL}, - {"stats", &proc_net_ipsec_dir, &proc_stats_dir, NULL, NULL, NULL}, - {"trap_count", &proc_stats_dir, NULL, ipsec_stats_get_int_info, NULL, &ipsec_xmit_trap_count}, - {"trap_sendcount", &proc_stats_dir, NULL, ipsec_stats_get_int_info, NULL, &ipsec_xmit_trap_sendcount}, - {"version", &proc_net_ipsec_dir, NULL, ipsec_version_get_info, NULL, NULL}, - {NULL, NULL, NULL, NULL, NULL, NULL} -}; -#endif - -int -ipsec_proc_init() -{ - int error = 0; -#ifdef IPSEC_PROC_SUBDIRS - struct proc_dir_entry *item; -#endif - - /* - * just complain because pluto won't run without /proc! - */ -#ifndef CONFIG_PROC_FS -#error You must have PROC_FS built in to use KLIPS -#endif - - /* for 2.0 kernels */ -#if !defined(PROC_FS_2325) && !defined(PROC_FS_21) - error |= proc_register_dynamic(&proc_net, &ipsec_eroute); - error |= proc_register_dynamic(&proc_net, &ipsec_spi); - error |= proc_register_dynamic(&proc_net, &ipsec_spigrp); - error |= proc_register_dynamic(&proc_net, &ipsec_tncfg); - error |= proc_register_dynamic(&proc_net, &ipsec_version); -#ifdef CONFIG_IPSEC_DEBUG - error |= proc_register_dynamic(&proc_net, &ipsec_klipsdebug); -#endif /* CONFIG_IPSEC_DEBUG */ -#endif - - /* for 2.2 kernels */ -#if !defined(PROC_FS_2325) && defined(PROC_FS_21) - error |= proc_register(proc_net, &ipsec_eroute); - error |= proc_register(proc_net, &ipsec_spi); - error |= proc_register(proc_net, &ipsec_spigrp); - error |= proc_register(proc_net, &ipsec_tncfg); - error |= proc_register(proc_net, &ipsec_version); -#ifdef CONFIG_IPSEC_DEBUG - error |= proc_register(proc_net, &ipsec_klipsdebug); -#endif /* CONFIG_IPSEC_DEBUG */ -#endif - - /* for 2.4 kernels */ -#if defined(PROC_FS_2325) - /* create /proc/net/ipsec */ - - /* zero these out before we initialize /proc/net/ipsec/birth/stuff */ - memset(&ipsec_ipv4_birth_packet, 0, sizeof(struct ipsec_birth_reply)); - memset(&ipsec_ipv6_birth_packet, 0, sizeof(struct ipsec_birth_reply)); - - proc_net_ipsec_dir = proc_mkdir("ipsec", proc_net); - if(proc_net_ipsec_dir == NULL) { - /* no point in continuing */ - return 1; - } - - { - struct ipsec_proc_list *it; - - it=proc_items; - while(it->name!=NULL) { - if(it->dir) { - /* make a dir instead */ - item = proc_mkdir(it->name, *it->parent); - *it->dir = item; - } else { - item = create_proc_entry(it->name, 0400, *it->parent); - } - if(item) { - item->read_proc = it->readthing; - item->write_proc = it->writething; - item->data = it->data; -#ifdef MODULE - item->owner = THIS_MODULE; -#endif - } else { - error |= 1; - } - it++; - } - } - - /* now create some symlinks to provide compatibility */ - proc_symlink("ipsec_eroute", proc_net, "ipsec/eroute/all"); - proc_symlink("ipsec_spi", proc_net, "ipsec/spi/all"); - proc_symlink("ipsec_spigrp", proc_net, "ipsec/spigrp/all"); - proc_symlink("ipsec_tncfg", proc_net, "ipsec/tncfg"); - proc_symlink("ipsec_version",proc_net, "ipsec/version"); - proc_symlink("ipsec_klipsdebug",proc_net,"ipsec/klipsdebug"); - -#endif /* !PROC_FS_2325 */ - - return error; -} - -void -ipsec_proc_cleanup() -{ - - /* for 2.0 and 2.2 kernels */ -#if !defined(PROC_FS_2325) - -#ifdef CONFIG_IPSEC_DEBUG - if (proc_net_unregister(ipsec_klipsdebug.low_ino) != 0) - printk("klips_debug:ipsec_cleanup: " - "cannot unregister /proc/net/ipsec_klipsdebug\n"); -#endif /* CONFIG_IPSEC_DEBUG */ - - if (proc_net_unregister(ipsec_version.low_ino) != 0) - printk("klips_debug:ipsec_cleanup: " - "cannot unregister /proc/net/ipsec_version\n"); - if (proc_net_unregister(ipsec_eroute.low_ino) != 0) - printk("klips_debug:ipsec_cleanup: " - "cannot unregister /proc/net/ipsec_eroute\n"); - if (proc_net_unregister(ipsec_spi.low_ino) != 0) - printk("klips_debug:ipsec_cleanup: " - "cannot unregister /proc/net/ipsec_spi\n"); - if (proc_net_unregister(ipsec_spigrp.low_ino) != 0) - printk("klips_debug:ipsec_cleanup: " - "cannot unregister /proc/net/ipsec_spigrp\n"); - if (proc_net_unregister(ipsec_tncfg.low_ino) != 0) - printk("klips_debug:ipsec_cleanup: " - "cannot unregister /proc/net/ipsec_tncfg\n"); -#endif - - /* for 2.4 kernels */ -#if defined(PROC_FS_2325) - { - struct ipsec_proc_list *it; - - /* find end of list */ - it=proc_items; - while(it->name!=NULL) { - it++; - } - it--; - - do { - remove_proc_entry(it->name, *it->parent); - it--; - } while(it > proc_items); - } - - -#ifdef CONFIG_IPSEC_DEBUG - remove_proc_entry("ipsec_klipsdebug", proc_net); -#endif /* CONFIG_IPSEC_DEBUG */ - remove_proc_entry("ipsec_eroute", proc_net); - remove_proc_entry("ipsec_spi", proc_net); - remove_proc_entry("ipsec_spigrp", proc_net); - remove_proc_entry("ipsec_tncfg", proc_net); - remove_proc_entry("ipsec_version", proc_net); - remove_proc_entry("ipsec", proc_net); -#endif /* 2.4 kernel */ -} - - diff --git a/linux/net/ipsec/ipsec_radij.c b/linux/net/ipsec/ipsec_radij.c deleted file mode 100644 index b20eb7a6f..000000000 --- a/linux/net/ipsec/ipsec_radij.c +++ /dev/null @@ -1,550 +0,0 @@ -/* - * Interface between the IPSEC code and the radix (radij) tree code - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_radij.c,v 1.5 2005/04/10 21:38:32 as Exp $ - */ - -#include -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, struct net_device_stats and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include -#include -#ifdef SPINLOCK -# ifdef SPINLOCK_23 -# include /* *lock* */ -# else /* 23_SPINLOCK */ -# include /* *lock* */ -# endif /* 23_SPINLOCK */ -#endif /* SPINLOCK */ -#ifdef NET_21 -# include -# include -#endif -#include -#include - -#include "freeswan/ipsec_eroute.h" -#include "freeswan/ipsec_sa.h" - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_tunnel.h" /* struct ipsecpriv */ -#include "freeswan/ipsec_xform.h" - -#include -#include - -#include "freeswan/ipsec_proto.h" - -#ifdef CONFIG_IPSEC_DEBUG -int debug_radij = 0; -#endif /* CONFIG_IPSEC_DEBUG */ - -struct radij_node_head *rnh = NULL; -#ifdef SPINLOCK -spinlock_t eroute_lock = SPIN_LOCK_UNLOCKED; -#else /* SPINLOCK */ -spinlock_t eroute_lock; -#endif /* SPINLOCK */ - -int -ipsec_radijinit(void) -{ - maj_keylen = sizeof (struct sockaddr_encap); - - rj_init(); - - if (rj_inithead((void **)&rnh, /*16*/offsetof(struct sockaddr_encap, sen_type) * sizeof(__u8)) == 0) /* 16 is bit offset of sen_type */ - return -1; - return 0; -} - -int -ipsec_radijcleanup(void) -{ - int error; - - spin_lock_bh(&eroute_lock); - - error = radijcleanup(); - - spin_unlock_bh(&eroute_lock); - - return error; -} - -int -ipsec_cleareroutes(void) -{ - int error; - - spin_lock_bh(&eroute_lock); - - error = radijcleartree(); - - spin_unlock_bh(&eroute_lock); - - return error; -} - -int -ipsec_breakroute(struct sockaddr_encap *eaddr, - struct sockaddr_encap *emask, - struct sk_buff **first, - struct sk_buff **last) -{ - struct eroute *ro; - struct radij_node *rn; - int error; -#ifdef CONFIG_IPSEC_DEBUG - - if (debug_eroute) { - char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; - - subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1)); - subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2)); - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_breakroute: " - "attempting to delete eroute for %s:%d->%s:%d %d\n", - buf1, ntohs(eaddr->sen_sport), - buf2, ntohs(eaddr->sen_dport), eaddr->sen_proto); - } -#endif /* CONFIG_IPSEC_DEBUG */ - - spin_lock_bh(&eroute_lock); - - if ((error = rj_delete(eaddr, emask, rnh, &rn)) != 0) { - spin_unlock_bh(&eroute_lock); - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_breakroute: " - "node not found, eroute delete failed.\n"); - return error; - } - - spin_unlock_bh(&eroute_lock); - - ro = (struct eroute *)rn; - - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_breakroute: " - "deleted eroute=0p%p, ident=0p%p->0p%p, first=0p%p, last=0p%p\n", - ro, - ro->er_ident_s.data, - ro->er_ident_d.data, - ro->er_first, - ro->er_last); - - if (ro->er_ident_s.data != NULL) { - kfree(ro->er_ident_s.data); - } - if (ro->er_ident_d.data != NULL) { - kfree(ro->er_ident_d.data); - } - if (ro->er_first != NULL) { -#if 0 - struct net_device_stats *stats = (struct net_device_stats *) &(((struct ipsecpriv *)(ro->er_first->dev->priv))->mystats); - stats->tx_dropped--; -#endif - *first = ro->er_first; - } - if (ro->er_last != NULL) { -#if 0 - struct net_device_stats *stats = (struct net_device_stats *) &(((struct ipsecpriv *)(ro->er_last->dev->priv))->mystats); - stats->tx_dropped--; -#endif - *last = ro->er_last; - } - - if (rn->rj_flags & (RJF_ACTIVE | RJF_ROOT)) - panic ("ipsec_breakroute RMT_DELEROUTE root or active node\n"); - memset((caddr_t)rn, 0, sizeof (struct eroute)); - kfree(rn); - - return 0; -} - -int -ipsec_makeroute(struct sockaddr_encap *eaddr, - struct sockaddr_encap *emask, - struct sa_id said, - uint32_t pid, - struct sk_buff *skb, - struct ident *ident_s, - struct ident *ident_d) -{ - struct eroute *retrt; - int error; - char sa[SATOA_BUF]; - size_t sa_len; -#ifdef CONFIG_IPSEC_DEBUG - - if (debug_eroute) { - { - char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; - - subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1)); - subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2)); - sa_len = satoa(said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_makeroute: " - "attempting to allocate %lu bytes to insert eroute for %s:%d->%s:%d %d, SA: %s, PID:%d, skb=0p%p, ident:%s->%s\n", - (unsigned long) sizeof(struct eroute), - buf1, ntohs(eaddr->sen_sport), - buf2, ntohs(eaddr->sen_dport), - eaddr->sen_proto, - sa_len ? sa : " (error)", - pid, - skb, - (ident_s ? (ident_s->data ? ident_s->data : "NULL") : "NULL"), - (ident_d ? (ident_d->data ? ident_d->data : "NULL") : "NULL")); - } - { - char buf1[sizeof(struct sockaddr_encap)*2 + 1]; - char buf2[sizeof(struct sockaddr_encap)*2 + 1]; - int i; - unsigned char *b1 = buf1, - *b2 = buf2, - *ea = (unsigned char *)eaddr, - *em = (unsigned char *)emask; - - for (i=0; ier_eaddr = *eaddr; - retrt->er_emask = *emask; - retrt->er_said = said; - retrt->er_pid = pid; - retrt->er_count = 0; - retrt->er_lasttime = jiffies/HZ; - { - struct sockaddr_encap **rkeyp = (struct sockaddr_encap**)&((retrt->er_rjt).rd_nodes->rj_key); - *rkeyp = &(retrt->er_eaddr); - } - - if (ident_s && ident_s->type != SADB_IDENTTYPE_RESERVED) { - int data_len = ident_s->len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); - - retrt->er_ident_s.type = ident_s->type; - retrt->er_ident_s.id = ident_s->id; - retrt->er_ident_s.len = ident_s->len; - if(data_len) { - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_makeroute: " - "attempting to allocate %u bytes for ident_s.\n", - data_len); - if(!(retrt->er_ident_s.data = kmalloc(data_len, GFP_KERNEL))) { - kfree(retrt); - printk("klips_error:ipsec_makeroute: not able to allocate kernel memory (%d)\n", data_len); - return ENOMEM; - } - memcpy(retrt->er_ident_s.data, ident_s->data, data_len); - } else { - retrt->er_ident_s.data = NULL; - } - } - - if (ident_d && ident_d->type != SADB_IDENTTYPE_RESERVED) { - int data_len = ident_d->len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); - - retrt->er_ident_d.type = ident_d->type; - retrt->er_ident_d.id = ident_d->id; - retrt->er_ident_d.len = ident_d->len; - if(data_len) { - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_makeroute: " - "attempting to allocate %u bytes for ident_d.\n", - data_len); - if(!(retrt->er_ident_d.data = kmalloc(data_len, GFP_KERNEL))) { - if (retrt->er_ident_s.data) - kfree(retrt->er_ident_s.data); - kfree(retrt); - printk("klips_error:ipsec_makeroute: not able to allocate kernel memory (%d)\n", data_len); - return ENOMEM; - } - memcpy(retrt->er_ident_d.data, ident_d->data, data_len); - } else { - retrt->er_ident_d.data = NULL; - } - } - retrt->er_first = skb; - retrt->er_last = NULL; - - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_makeroute: " - "calling rj_addroute now\n"); - - spin_lock_bh(&eroute_lock); - - error = rj_addroute(&(retrt->er_eaddr), &(retrt->er_emask), - rnh, retrt->er_rjt.rd_nodes); - - spin_unlock_bh(&eroute_lock); - - if(error) { - sa_len = satoa(said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_makeroute: " - "rj_addroute not able to insert eroute for SA:%s (error:%d)\n", - sa_len ? sa : " (error)", error); - if (retrt->er_ident_s.data) - kfree(retrt->er_ident_s.data); - if (retrt->er_ident_d.data) - kfree(retrt->er_ident_d.data); - - kfree(retrt); - - return error; - } - -#ifdef CONFIG_IPSEC_DEBUG - if (debug_eroute) { - char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; -/* - subnettoa(eaddr->sen_ip_src, emask->sen_ip_src, 0, buf1, sizeof(buf1)); - subnettoa(eaddr->sen_ip_dst, emask->sen_ip_dst, 0, buf2, sizeof(buf2)); -*/ - subnettoa(rd_key((&(retrt->er_rjt)))->sen_ip_src, rd_mask((&(retrt->er_rjt)))->sen_ip_src, 0, buf1, sizeof(buf1)); - subnettoa(rd_key((&(retrt->er_rjt)))->sen_ip_dst, rd_mask((&(retrt->er_rjt)))->sen_ip_dst, 0, buf2, sizeof(buf2)); - sa_len = satoa(retrt->er_said, 0, sa, SATOA_BUF); - - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_makeroute: " - "pid=%05d " - "count=%10d " - "lasttime=%6d " - "%-18s -> %-18s => %s\n", - retrt->er_pid, - retrt->er_count, - (int)(jiffies/HZ - retrt->er_lasttime), - buf1, - buf2, - sa_len ? sa : " (error)"); - } -#endif /* CONFIG_IPSEC_DEBUG */ - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_makeroute: " - "succeeded.\n"); - return 0; -} - -struct eroute * -ipsec_findroute(struct sockaddr_encap *eaddr) -{ - struct radij_node *rn; -#ifdef CONFIG_IPSEC_DEBUG - char buf1[ADDRTOA_BUF], buf2[ADDRTOA_BUF]; - - if (debug_radij & DB_RJ_FINDROUTE) { - addrtoa(eaddr->sen_ip_src, 0, buf1, sizeof(buf1)); - addrtoa(eaddr->sen_ip_dst, 0, buf2, sizeof(buf2)); - KLIPS_PRINT(debug_eroute, - "klips_debug:ipsec_findroute: " - "%s:%d->%s:%d %d\n", - buf1, ntohs(eaddr->sen_sport), - buf2, ntohs(eaddr->sen_dport), - eaddr->sen_proto); - } -#endif /* CONFIG_IPSEC_DEBUG */ - rn = rj_match((caddr_t)eaddr, rnh); - if(rn) { - KLIPS_PRINT(debug_eroute && sysctl_ipsec_debug_verbose, - "klips_debug:ipsec_findroute: " - "found, points to proto=%d, spi=%x, dst=%x.\n", - ((struct eroute*)rn)->er_said.proto, - ntohl(((struct eroute*)rn)->er_said.spi), - ntohl(((struct eroute*)rn)->er_said.dst.s_addr)); - } - return (struct eroute *)rn; -} - -#ifdef CONFIG_PROC_FS -/** ipsec_rj_walker_procprint: print one line of eroute table output. - * - * Theoretical BUG: if w->length is less than the length - * of some line we should produce, that line will never - * be finished. In effect, the "file" will stop part way - * through that line. - */ -int -ipsec_rj_walker_procprint(struct radij_node *rn, void *w0) -{ - struct eroute *ro = (struct eroute *)rn; - struct rjtentry *rd = (struct rjtentry *)rn; - struct wsbuf *w = (struct wsbuf *)w0; - char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; - char buf3[16]; - char sa[SATOA_BUF]; - size_t sa_len, buf_len; - struct sockaddr_encap *key, *mask; - - KLIPS_PRINT(debug_radij, - "klips_debug:ipsec_rj_walker_procprint: " - "rn=0p%p, w0=0p%p\n", - rn, - w0); - if (rn->rj_b >= 0) { - return 0; - } - - key = rd_key(rd); - mask = rd_mask(rd); - - if (key == NULL || mask == NULL) { - return 0; - } - - buf_len = subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1)); - if(key->sen_sport != 0) { - sprintf(buf1+buf_len-1, ":%d", ntohs(key->sen_sport)); - } - - buf_len = subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2)); - if(key->sen_dport != 0) { - sprintf(buf2+buf_len-1, ":%d", ntohs(key->sen_dport)); - } - - buf3[0]='\0'; - if(key->sen_proto != 0) { - sprintf(buf3, ":%d", key->sen_proto); - } - - sa_len = satoa(ro->er_said, 0, sa, SATOA_BUF); - - w->len += ipsec_snprintf(w->buffer + w->len, - w->length - w->len, - "%-10d " - "%-18s -> %-18s => %s%s\n", - ro->er_count, - buf1, - buf2, - sa_len ? sa : " (error)", - buf3); - - { - /* snprintf can only fill the last character with NUL - * so the maximum useful character is w->length-1. - * However, if w->length == 0, we cannot go back. - * (w->length surely cannot be negative.) - */ - int max_content = w->length > 0? w->length-1 : 0; - - if (w->len >= max_content) { - /* we've done all that can fit -- stop treewalking */ - w->len = max_content; /* truncate crap */ - return -ENOBUFS; - } else { - const off_t pos = w->begin + w->len; /* file position of end of what we've generated */ - - if (pos <= w->offset) { - /* all is before first interesting character: - * discard, but note where we are. - */ - w->len = 0; - w->begin = pos; - } - return 0; - } - } -} -#endif /* CONFIG_PROC_FS */ - -int -ipsec_rj_walker_delete(struct radij_node *rn, void *w0) -{ - struct eroute *ro; - struct rjtentry *rd = (struct rjtentry *)rn; - struct radij_node *rn2; - int error; - struct sockaddr_encap *key, *mask; - - key = rd_key(rd); - mask = rd_mask(rd); - - if(!key || !mask) { - return -ENODATA; - } -#ifdef CONFIG_IPSEC_DEBUG - if(debug_radij) { - char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF]; - - subnettoa(key->sen_ip_src, mask->sen_ip_src, 0, buf1, sizeof(buf1)); - subnettoa(key->sen_ip_dst, mask->sen_ip_dst, 0, buf2, sizeof(buf2)); - KLIPS_PRINT(debug_radij, - "klips_debug:ipsec_rj_walker_delete: " - "deleting: %s -> %s\n", - buf1, - buf2); - } -#endif /* CONFIG_IPSEC_DEBUG */ - - if((error = rj_delete(key, mask, rnh, &rn2))) { - KLIPS_PRINT(debug_radij, - "klips_debug:ipsec_rj_walker_delete: " - "rj_delete failed with error=%d.\n", error); - return error; - } - - if(rn2 != rn) { - printk("klips_debug:ipsec_rj_walker_delete: " - "tried to delete a different node?!? This should never happen!\n"); - } - - ro = (struct eroute *)rn; - - if (ro->er_ident_s.data) - kfree(ro->er_ident_s.data); - if (ro->er_ident_d.data) - kfree(ro->er_ident_d.data); - - memset((caddr_t)rn, 0, sizeof (struct eroute)); - kfree(rn); - - return 0; -} - diff --git a/linux/net/ipsec/ipsec_rcv.c b/linux/net/ipsec/ipsec_rcv.c deleted file mode 100644 index 4df839fe2..000000000 --- a/linux/net/ipsec/ipsec_rcv.c +++ /dev/null @@ -1,2204 +0,0 @@ -/* - * receive code - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -char ipsec_rcv_c_version[] = "RCSID $Id: ipsec_rcv.c,v 1.5 2005/04/10 21:38:32 as Exp $"; - -#include -#include - -#define __NO_VERSION__ -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include -#include -#ifdef SPINLOCK -# ifdef SPINLOCK_23 -# include /* *lock* */ -# else /* SPINLOCK_23 */ -# include /* *lock* */ -# endif /* SPINLOCK_23 */ -#endif /* SPINLOCK */ -#ifdef NET_21 -# include -# include -# define proto_priv cb -#endif /* NET21 */ -#include -#include - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_sa.h" - -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_rcv.h" - -#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) -#include "freeswan/ipsec_ah.h" -#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */ - -#ifdef CONFIG_IPSEC_ESP -#include "freeswan/ipsec_esp.h" -#endif /* !CONFIG_IPSEC_ESP */ - -#ifdef CONFIG_IPSEC_IPCOMP -#include "freeswan/ipcomp.h" -#endif /* CONFIG_IPSEC_COMP */ - -#include -#include - -#include "freeswan/ipsec_proto.h" -#include "freeswan/ipsec_alg.h" - -#ifdef CONFIG_IPSEC_DEBUG -int debug_ah = 0; -int debug_esp = 0; -int debug_rcv = 0; -#endif /* CONFIG_IPSEC_DEBUG */ - -int sysctl_ipsec_inbound_policy_check = 1; - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -#include -#endif - -#ifdef CONFIG_IPSEC_DEBUG -static void -rcv_dmp(char *s, caddr_t bb, int len) -{ - int i; - unsigned char *b = bb; - - if (debug_rcv && sysctl_ipsec_debug_verbose) { - printk(KERN_INFO "klips_debug:ipsec_tunnel_:dmp: " - "at %s, len=%d:", - s, - len); - for (i=0; i < len; i++) { - if(!(i%16)){ - printk("\nklips_debug: "); - } - printk(" %02x", *b++); - } - printk("\n"); - } -} -#else /* CONFIG_IPSEC_DEBUG */ -#define rcv_dmp(_x, _y, _z) -#endif /* CONFIG_IPSEC_DEBUG */ - - -#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) -__u32 zeroes[AH_AMAX]; -#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */ - -/* - * Check-replay-window routine, adapted from the original - * by J. Hughes, from draft-ietf-ipsec-esp-des-md5-03.txt - * - * This is a routine that implements a 64 packet window. This is intend- - * ed on being an implementation sample. - */ - -DEBUG_NO_STATIC int -ipsec_checkreplaywindow(struct ipsec_sa*ipsp, __u32 seq) -{ - __u32 diff; - - if (ipsp->ips_replaywin == 0) /* replay shut off */ - return 1; - if (seq == 0) - return 0; /* first == 0 or wrapped */ - - /* new larger sequence number */ - if (seq > ipsp->ips_replaywin_lastseq) { - return 1; /* larger is good */ - } - diff = ipsp->ips_replaywin_lastseq - seq; - - /* too old or wrapped */ /* if wrapped, kill off SA? */ - if (diff >= ipsp->ips_replaywin) { - return 0; - } - /* this packet already seen */ - if (ipsp->ips_replaywin_bitmap & (1 << diff)) - return 0; - return 1; /* out of order but good */ -} - -DEBUG_NO_STATIC int -ipsec_updatereplaywindow(struct ipsec_sa*ipsp, __u32 seq) -{ - __u32 diff; - - if (ipsp->ips_replaywin == 0) /* replay shut off */ - return 1; - if (seq == 0) - return 0; /* first == 0 or wrapped */ - - /* new larger sequence number */ - if (seq > ipsp->ips_replaywin_lastseq) { - diff = seq - ipsp->ips_replaywin_lastseq; - - /* In win, set bit for this pkt */ - if (diff < ipsp->ips_replaywin) - ipsp->ips_replaywin_bitmap = - (ipsp->ips_replaywin_bitmap << diff) | 1; - else - /* This packet has way larger seq num */ - ipsp->ips_replaywin_bitmap = 1; - - if(seq - ipsp->ips_replaywin_lastseq - 1 > ipsp->ips_replaywin_maxdiff) { - ipsp->ips_replaywin_maxdiff = seq - ipsp->ips_replaywin_lastseq - 1; - } - ipsp->ips_replaywin_lastseq = seq; - return 1; /* larger is good */ - } - diff = ipsp->ips_replaywin_lastseq - seq; - - /* too old or wrapped */ /* if wrapped, kill off SA? */ - if (diff >= ipsp->ips_replaywin) { -/* - if(seq < 0.25*max && ipsp->ips_replaywin_lastseq > 0.75*max) { - ipsec_sa_delchain(ipsp); - } -*/ - return 0; - } - /* this packet already seen */ - if (ipsp->ips_replaywin_bitmap & (1 << diff)) - return 0; - ipsp->ips_replaywin_bitmap |= (1 << diff); /* mark as seen */ - return 1; /* out of order but good */ -} - -#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 -struct auth_alg ipsec_rcv_md5[]={ - {MD5Init, MD5Update, MD5Final, AHMD596_ALEN} -}; - -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ - -#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 -struct auth_alg ipsec_rcv_sha1[]={ - {SHA1Init, SHA1Update, SHA1Final, AHSHA196_ALEN} -}; -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ - -enum ipsec_rcv_value { - IPSEC_RCV_LASTPROTO=1, - IPSEC_RCV_OK=0, - IPSEC_RCV_BADPROTO=-1, - IPSEC_RCV_BADLEN=-2, - IPSEC_RCV_ESP_BADALG=-3, - IPSEC_RCV_3DES_BADBLOCKING=-4, - IPSEC_RCV_ESP_DECAPFAIL=-5, - IPSEC_RCV_DECAPFAIL=-6, - IPSEC_RCV_SAIDNOTFOUND=-7, - IPSEC_RCV_IPCOMPALONE=-8, - IPSEC_RCV_IPCOMPFAILED=-10, - IPSEC_RCV_SAIDNOTLIVE=-11, - IPSEC_RCV_FAILEDINBOUND=-12, - IPSEC_RCV_LIFETIMEFAILED=-13, - IPSEC_RCV_BADAUTH=-14, - IPSEC_RCV_REPLAYFAILED=-15, - IPSEC_RCV_AUTHFAILED=-16, - IPSEC_RCV_REPLAYROLLED=-17, - IPSEC_RCV_BAD_DECRYPT=-18 -}; - -struct ipsec_rcv_state { - struct sk_buff *skb; - struct net_device_stats *stats; - struct iphdr *ipp; - struct ipsec_sa *ipsp; - int len; - int ilen; - int authlen; - int hard_header_len; - int iphlen; - struct auth_alg *authfuncs; - struct sa_id said; - char sa[SATOA_BUF]; - size_t sa_len; - __u8 next_header; - __u8 hash[AH_AMAX]; - char ipsaddr_txt[ADDRTOA_BUF]; - char ipdaddr_txt[ADDRTOA_BUF]; - __u8 *octx; - __u8 *ictx; - int ictx_len; - int octx_len; - union { - struct { - struct esphdr *espp; - } espstuff; - struct { - struct ahhdr *ahp; - } ahstuff; - struct { - struct ipcomphdr *compp; - } ipcompstuff; - } protostuff; -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - __u16 natt_len; - __u16 natt_sport; - __u16 natt_dport; - __u8 natt_type; -#endif -}; - -struct xform_functions { - enum ipsec_rcv_value (*checks)(struct ipsec_rcv_state *irs, - struct sk_buff *skb); - enum ipsec_rcv_value (*decrypt)(struct ipsec_rcv_state *irs); - - enum ipsec_rcv_value (*setup_auth)(struct ipsec_rcv_state *irs, - struct sk_buff *skb, - __u32 *replay, - unsigned char **authenticator); - enum ipsec_rcv_value (*calc_auth)(struct ipsec_rcv_state *irs, - struct sk_buff *skb); -}; - -#ifdef CONFIG_IPSEC_ESP -enum ipsec_rcv_value -ipsec_rcv_esp_checks(struct ipsec_rcv_state *irs, - struct sk_buff *skb) -{ - __u8 proto; - int len; /* packet length */ - - len = skb->len; - proto = irs->ipp->protocol; - - /* XXX this will need to be 8 for IPv6 */ - if ((proto == IPPROTO_ESP) && ((len - irs->iphlen) % 4)) { - printk("klips_error:ipsec_rcv: " - "got packet with content length = %d from %s -- should be on 4 octet boundary, packet dropped\n", - len - irs->iphlen, - irs->ipsaddr_txt); - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_BADLEN; - } - - if(skb->len < (irs->hard_header_len + sizeof(struct iphdr) + sizeof(struct esphdr))) { - KLIPS_PRINT(debug_rcv & DB_RX_INAU, - "klips_debug:ipsec_rcv: " - "runt esp packet of skb->len=%d received from %s, dropped.\n", - skb->len, - irs->ipsaddr_txt); - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_BADLEN; - } - - irs->protostuff.espstuff.espp = (struct esphdr *)(skb->data + irs->iphlen); - irs->said.spi = irs->protostuff.espstuff.espp->esp_spi; - - return IPSEC_RCV_OK; -} - -enum ipsec_rcv_value -ipsec_rcv_esp_decrypt_setup(struct ipsec_rcv_state *irs, - struct sk_buff *skb, - __u32 *replay, - unsigned char **authenticator) -{ - struct esphdr *espp = irs->protostuff.espstuff.espp; - - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "packet from %s received with seq=%d (iv)=0x%08x%08x iplen=%d esplen=%d sa=%s\n", - irs->ipsaddr_txt, - (__u32)ntohl(espp->esp_rpl), - (__u32)ntohl(*((__u32 *)(espp->esp_iv) )), - (__u32)ntohl(*((__u32 *)(espp->esp_iv) + 1)), - irs->len, - irs->ilen, - irs->sa_len ? irs->sa : " (error)"); - - *replay = ntohl(espp->esp_rpl); - *authenticator = &(skb->data[irs->len - irs->authlen]); - - return IPSEC_RCV_OK; -} - -enum ipsec_rcv_value -ipsec_rcv_esp_authcalc(struct ipsec_rcv_state *irs, - struct sk_buff *skb) -{ - struct auth_alg *aa; - struct esphdr *espp = irs->protostuff.espstuff.espp; - union { - MD5_CTX md5; - SHA1_CTX sha1; - } tctx; - -#ifdef CONFIG_IPSEC_ALG - if (irs->ipsp->ips_alg_auth) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "ipsec_alg hashing proto=%d... ", - irs->said.proto); - if(irs->said.proto == IPPROTO_ESP) { - ipsec_alg_sa_esp_hash(irs->ipsp, - (caddr_t)espp, irs->ilen, - irs->hash, AHHMAC_HASHLEN); - return IPSEC_RCV_OK; - } - return IPSEC_RCV_BADPROTO; - } -#endif - aa = irs->authfuncs; - - /* copy the initialized keying material */ - memcpy(&tctx, irs->ictx, irs->ictx_len); - - (*aa->update)((void *)&tctx, (caddr_t)espp, irs->ilen); - - (*aa->final)(irs->hash, (void *)&tctx); - - memcpy(&tctx, irs->octx, irs->octx_len); - - (*aa->update)((void *)&tctx, irs->hash, aa->hashlen); - (*aa->final)(irs->hash, (void *)&tctx); - - return IPSEC_RCV_OK; -} - - -enum ipsec_rcv_value -ipsec_rcv_esp_decrypt(struct ipsec_rcv_state *irs) -{ - struct ipsec_sa *ipsp = irs->ipsp; - struct esphdr *espp = irs->protostuff.espstuff.espp; - int esphlen = 0; - __u8 *idat; /* pointer to content to be decrypted/authenticated */ -#ifdef CONFIG_IPSEC_ENC_3DES - __u32 iv[2]; -#endif /* !CONFIG_IPSEC_ENC_3DES */ - int pad = 0, padlen; - int badpad = 0; - int i; - struct sk_buff *skb; -#ifdef CONFIG_IPSEC_ALG - struct ipsec_alg_enc *ixt_e=NULL; -#endif /* CONFIG_IPSEC_ALG */ - - skb=irs->skb; - - idat = skb->data + irs->iphlen; - -#ifdef CONFIG_IPSEC_ALG - if ((ixt_e=ipsp->ips_alg_enc)) { - esphlen = ESP_HEADER_LEN + ixt_e->ixt_ivlen/8; - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "encalg=%d esphlen=%d\n", - ipsp->ips_encalg, esphlen); - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ipsp->ips_encalg) { -#ifdef CONFIG_IPSEC_ENC_3DES - case ESP_3DES: - iv[0] = *((__u32 *)(espp->esp_iv) ); - iv[1] = *((__u32 *)(espp->esp_iv) + 1); - esphlen = sizeof(struct esphdr); - break; -#endif /* !CONFIG_IPSEC_ENC_3DES */ - default: - ipsp->ips_errs.ips_alg_errs += 1; - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_ESP_BADALG; - } - - idat += esphlen; - irs->ilen -= esphlen; - -#ifdef CONFIG_IPSEC_ALG - if (ixt_e) - { - if (ipsec_alg_esp_encrypt(ipsp, - idat, irs->ilen, espp->esp_iv, - IPSEC_ALG_DECRYPT) <= 0) - { - printk("klips_error:ipsec_rcv: " - "got packet with esplen = %d " - "from %s -- should be on " - "ENC(%d) octet boundary, " - "packet dropped\n", - irs->ilen, - irs->ipsaddr_txt, - ipsp->ips_encalg); - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_BAD_DECRYPT; - } - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ipsp->ips_encalg) { -#ifdef CONFIG_IPSEC_ENC_3DES - case ESP_3DES: - if ((irs->ilen) % 8) { - ipsp->ips_errs.ips_encsize_errs += 1; - printk("klips_error:ipsec_rcv: " - "got packet with esplen = %d from %s -- should be on 8 octet boundary, packet dropped\n", - irs->ilen, - irs->ipsaddr_txt); - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_3DES_BADBLOCKING; - } - des_ede3_cbc_encrypt((des_cblock *)idat, - (des_cblock *)idat, - irs->ilen, - ((struct des_eks *)(ipsp->ips_key_e))[0].ks, - ((struct des_eks *)(ipsp->ips_key_e))[1].ks, - ((struct des_eks *)(ipsp->ips_key_e))[2].ks, - (des_cblock *)iv, 0); - break; -#endif /* !CONFIG_IPSEC_ENC_3DES */ - } - - rcv_dmp("postdecrypt", skb->data, skb->len); - - irs->next_header = idat[irs->ilen - 1]; - padlen = idat[irs->ilen - 2]; - pad = padlen + 2 + irs->authlen; - - KLIPS_PRINT(debug_rcv & DB_RX_IPAD, - "klips_debug:ipsec_rcv: " - "padlen=%d, contents: 0x: 0x 0x ...\n", - padlen); - - for (i = 1; i <= padlen; i++) { - if((i % 16) == 1) { - KLIPS_PRINT(debug_rcv & DB_RX_IPAD, - "klips_debug: %02x:", - i - 1); - } - KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD, - " %02x", - idat[irs->ilen - 2 - padlen + i - 1]); - if(i != idat[irs->ilen - 2 - padlen + i - 1]) { - badpad = 1; - } - if((i % 16) == 0) { - KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD, - "\n"); - } - } - if((i % 16) != 1) { - KLIPS_PRINTMORE(debug_rcv & DB_RX_IPAD, - "\n"); - } - if(badpad) { - KLIPS_PRINT(debug_rcv & DB_RX_IPAD, - "klips_debug:ipsec_rcv: " - "warning, decrypted packet from %s has bad padding\n", - irs->ipsaddr_txt); - KLIPS_PRINT(debug_rcv & DB_RX_IPAD, - "klips_debug:ipsec_rcv: " - "...may be bad decryption -- not dropped\n"); - ipsp->ips_errs.ips_encpad_errs += 1; - } - - KLIPS_PRINT(debug_rcv & DB_RX_IPAD, - "klips_debug:ipsec_rcv: " - "packet decrypted from %s: next_header = %d, padding = %d\n", - irs->ipsaddr_txt, - irs->next_header, - pad - 2 - irs->authlen); - - irs->ipp->tot_len = htons(ntohs(irs->ipp->tot_len) - (esphlen + pad)); - - /* - * move the IP header forward by the size of the ESP header, which - * will remove the the ESP header from the packet. - */ - memmove((void *)(skb->data + esphlen), - (void *)(skb->data), irs->iphlen); - - rcv_dmp("esp postmove", skb->data, skb->len); - - /* skb_pull below, will move up by esphlen */ - - /* XXX not clear how this can happen, as the message indicates */ - if(skb->len < esphlen) { - printk(KERN_WARNING - "klips_error:ipsec_rcv: " - "tried to skb_pull esphlen=%d, %d available. This should never happen, please report.\n", - esphlen, (int)(skb->len)); - return IPSEC_RCV_ESP_DECAPFAIL; - } - skb_pull(skb, esphlen); - - irs->ipp = (struct iphdr *)skb->data; - - rcv_dmp("esp postpull", skb->data, skb->len); - - /* now, trip off the padding from the end */ - KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, - "klips_debug:ipsec_rcv: " - "trimming to %d.\n", - irs->len - esphlen - pad); - if(pad + esphlen <= irs->len) { - skb_trim(skb, irs->len - esphlen - pad); - } else { - KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, - "klips_debug:ipsec_rcv: " - "bogus packet, size is zero or negative, dropping.\n"); - return IPSEC_RCV_DECAPFAIL; - } - - return IPSEC_RCV_OK; -} - - -struct xform_functions esp_rcv_funcs[]={ - { checks: ipsec_rcv_esp_checks, - setup_auth: ipsec_rcv_esp_decrypt_setup, - calc_auth: ipsec_rcv_esp_authcalc, - decrypt: ipsec_rcv_esp_decrypt, - }, -}; -#endif /* !CONFIG_IPSEC_ESP */ - -#ifdef CONFIG_IPSEC_AH -enum ipsec_rcv_value -ipsec_rcv_ah_checks(struct ipsec_rcv_state *irs, - struct sk_buff *skb) -{ - int ahminlen; - - ahminlen = irs->hard_header_len + sizeof(struct iphdr); - - /* take care not to deref this pointer until we check the minlen though */ - irs->protostuff.ahstuff.ahp = (struct ahhdr *) (skb->data + irs->iphlen); - - if((skb->len < ahminlen+sizeof(struct ahhdr)) || - (skb->len < ahminlen+(irs->protostuff.ahstuff.ahp->ah_hl << 2))) { - KLIPS_PRINT(debug_rcv & DB_RX_INAU, - "klips_debug:ipsec_rcv: " - "runt ah packet of skb->len=%d received from %s, dropped.\n", - skb->len, - irs->ipsaddr_txt); - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_BADLEN; - } - - irs->said.spi = irs->protostuff.ahstuff.ahp->ah_spi; - - /* XXX we only support the one 12-byte authenticator for now */ - if(irs->protostuff.ahstuff.ahp->ah_hl != ((AHHMAC_HASHLEN+AHHMAC_RPLLEN) >> 2)) { - KLIPS_PRINT(debug_rcv & DB_RX_INAU, - "klips_debug:ipsec_rcv: " - "bad authenticator length %ld, expected %lu from %s.\n", - (long)(irs->protostuff.ahstuff.ahp->ah_hl << 2), - (unsigned long) sizeof(struct ahhdr), - irs->ipsaddr_txt); - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_BADLEN; - } - - return IPSEC_RCV_OK; -} - - -enum ipsec_rcv_value -ipsec_rcv_ah_setup_auth(struct ipsec_rcv_state *irs, - struct sk_buff *skb, - __u32 *replay, - unsigned char **authenticator) -{ - struct ahhdr *ahp = irs->protostuff.ahstuff.ahp; - - *replay = ntohl(ahp->ah_rpl); - *authenticator = ahp->ah_data; - - return IPSEC_RCV_OK; -} - -enum ipsec_rcv_value -ipsec_rcv_ah_authcalc(struct ipsec_rcv_state *irs, - struct sk_buff *skb) -{ - struct auth_alg *aa; - struct ahhdr *ahp = irs->protostuff.ahstuff.ahp; - union { - MD5_CTX md5; - SHA1_CTX sha1; - } tctx; - struct iphdr ipo; - int ahhlen; - - aa = irs->authfuncs; - - /* copy the initialized keying material */ - memcpy(&tctx, irs->ictx, irs->ictx_len); - - ipo = *irs->ipp; - ipo.tos = 0; /* mutable RFC 2402 3.3.3.1.1.1 */ - ipo.frag_off = 0; - ipo.ttl = 0; - ipo.check = 0; - - - /* do the sanitized header */ - (*aa->update)((void*)&tctx, (caddr_t)&ipo, sizeof(struct iphdr)); - - /* XXX we didn't do the options here! */ - - /* now do the AH header itself */ - ahhlen = AH_BASIC_LEN + (ahp->ah_hl << 2); - (*aa->update)((void*)&tctx, (caddr_t)ahp, ahhlen - AHHMAC_HASHLEN); - - /* now, do some zeroes */ - (*aa->update)((void*)&tctx, (caddr_t)zeroes, AHHMAC_HASHLEN); - - /* finally, do the packet contents themselves */ - (*aa->update)((void*)&tctx, - (caddr_t)skb->data + irs->iphlen + ahhlen, - skb->len - irs->iphlen - ahhlen); - - (*aa->final)(irs->hash, (void *)&tctx); - - memcpy(&tctx, irs->octx, irs->octx_len); - - (*aa->update)((void *)&tctx, irs->hash, aa->hashlen); - (*aa->final)(irs->hash, (void *)&tctx); - - return IPSEC_RCV_OK; -} - -enum ipsec_rcv_value -ipsec_rcv_ah_decap(struct ipsec_rcv_state *irs) -{ - struct ahhdr *ahp = irs->protostuff.ahstuff.ahp; - struct sk_buff *skb; - int ahhlen; - - skb=irs->skb; - - ahhlen = AH_BASIC_LEN + (ahp->ah_hl << 2); - - irs->ipp->tot_len = htons(ntohs(irs->ipp->tot_len) - ahhlen); - irs->next_header = ahp->ah_nh; - - /* - * move the IP header forward by the size of the AH header, which - * will remove the the AH header from the packet. - */ - memmove((void *)(skb->data + ahhlen), - (void *)(skb->data), irs->iphlen); - - rcv_dmp("ah postmove", skb->data, skb->len); - - /* skb_pull below, will move up by ahhlen */ - - /* XXX not clear how this can happen, as the message indicates */ - if(skb->len < ahhlen) { - printk(KERN_WARNING - "klips_error:ipsec_rcv: " - "tried to skb_pull ahhlen=%d, %d available. This should never happen, please report.\n", - ahhlen, - (int)(skb->len)); - return IPSEC_RCV_DECAPFAIL; - } - skb_pull(skb, ahhlen); - - irs->ipp = (struct iphdr *)skb->data; - - rcv_dmp("ah postpull", skb->data, skb->len); - - return IPSEC_RCV_OK; -} - - -struct xform_functions ah_rcv_funcs[]={ - { checks: ipsec_rcv_ah_checks, - setup_auth: ipsec_rcv_ah_setup_auth, - calc_auth: ipsec_rcv_ah_authcalc, - decrypt: ipsec_rcv_ah_decap, - }, -}; - -#endif /* CONFIG_IPSEC_AH */ - -#ifdef CONFIG_IPSEC_IPCOMP -enum ipsec_rcv_value -ipsec_rcv_ipcomp_checks(struct ipsec_rcv_state *irs, - struct sk_buff *skb) -{ - int ipcompminlen; - - ipcompminlen = irs->hard_header_len + sizeof(struct iphdr); - - if(skb->len < (ipcompminlen + sizeof(struct ipcomphdr))) { - KLIPS_PRINT(debug_rcv & DB_RX_INAU, - "klips_debug:ipsec_rcv: " - "runt comp packet of skb->len=%d received from %s, dropped.\n", - skb->len, - irs->ipsaddr_txt); - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_BADLEN; - } - - irs->protostuff.ipcompstuff.compp = (struct ipcomphdr *)(skb->data + irs->iphlen); - irs->said.spi = htonl((__u32)ntohs(irs->protostuff.ipcompstuff.compp->ipcomp_cpi)); - return IPSEC_RCV_OK; -} - -enum ipsec_rcv_value -ipsec_rcv_ipcomp_decomp(struct ipsec_rcv_state *irs) -{ - unsigned int flags = 0; - struct ipsec_sa *ipsp = irs->ipsp; - struct sk_buff *skb; - - skb=irs->skb; - - rcv_dmp("ipcomp", skb->data, skb->len); - - if(ipsp == NULL) { - return IPSEC_RCV_SAIDNOTFOUND; - } - -#if 0 - /* we want to check that this wasn't the first SA on the list, because - * we don't support bare IPCOMP, for unexplained reasons. MCR - */ - if (ipsp->ips_onext != NULL) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "Incoming packet with outer IPCOMP header SA:%s: not yet supported by KLIPS, dropped\n", - irs->sa_len ? irs->sa : " (error)"); - if(irs->stats) { - irs->stats->rx_dropped++; - } - - return IPSEC_RCV_IPCOMPALONE; - } -#endif - - if(sysctl_ipsec_inbound_policy_check && - ((((ntohl(ipsp->ips_said.spi) & 0x0000ffff) != ntohl(irs->said.spi)) && - (ipsp->ips_encalg != ntohl(irs->said.spi)) /* this is a workaround for peer non-compliance with rfc2393 */ - ))) { - char sa2[SATOA_BUF]; - size_t sa_len2 = 0; - - sa_len2 = satoa(ipsp->ips_said, 0, sa2, SATOA_BUF); - - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "Incoming packet with SA(IPCA):%s does not match policy SA(IPCA):%s cpi=%04x cpi->spi=%08x spi=%08x, spi->cpi=%04x for SA grouping, dropped.\n", - irs->sa_len ? irs->sa : " (error)", - ipsp != NULL ? (sa_len2 ? sa2 : " (error)") : "NULL", - ntohs(irs->protostuff.ipcompstuff.compp->ipcomp_cpi), - (__u32)ntohl(irs->said.spi), - ipsp != NULL ? (__u32)ntohl((ipsp->ips_said.spi)) : 0, - ipsp != NULL ? (__u16)(ntohl(ipsp->ips_said.spi) & 0x0000ffff) : 0); - if(irs->stats) { - irs->stats->rx_dropped++; - } - return IPSEC_RCV_SAIDNOTFOUND; - } - - ipsp->ips_comp_ratio_cbytes += ntohs(irs->ipp->tot_len); - irs->next_header = irs->protostuff.ipcompstuff.compp->ipcomp_nh; - - skb = skb_decompress(skb, ipsp, &flags); - if (!skb || flags) { - spin_unlock(&tdb_lock); - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "skb_decompress() returned error flags=%x, dropped.\n", - flags); - if (irs->stats) { - if (flags) - irs->stats->rx_errors++; - else - irs->stats->rx_dropped++; - } - return IPSEC_RCV_IPCOMPFAILED; - } - - /* make sure we update the pointer */ - irs->skb = skb; - -#ifdef NET_21 - irs->ipp = skb->nh.iph; -#else /* NET_21 */ - irs->ipp = skb->ip_hdr; -#endif /* NET_21 */ - - ipsp->ips_comp_ratio_dbytes += ntohs(irs->ipp->tot_len); - - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "packet decompressed SA(IPCA):%s cpi->spi=%08x spi=%08x, spi->cpi=%04x, nh=%d.\n", - irs->sa_len ? irs->sa : " (error)", - (__u32)ntohl(irs->said.spi), - ipsp != NULL ? (__u32)ntohl((ipsp->ips_said.spi)) : 0, - ipsp != NULL ? (__u16)(ntohl(ipsp->ips_said.spi) & 0x0000ffff) : 0, - irs->next_header); - KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, irs->ipp); - - return IPSEC_RCV_OK; -} - - -struct xform_functions ipcomp_rcv_funcs[]={ - {checks: ipsec_rcv_ipcomp_checks, - decrypt: ipsec_rcv_ipcomp_decomp, - }, -}; - -#endif /* CONFIG_IPSEC_IPCOMP */ - -enum ipsec_rcv_value -ipsec_rcv_decap_once(struct ipsec_rcv_state *irs) -{ - int iphlen; - unsigned char *dat; - __u8 proto; - struct in_addr ipsaddr; - struct in_addr ipdaddr; - int replay = 0; /* replay value in AH or ESP packet */ - struct ipsec_sa* ipsnext = NULL; /* next SA towards inside of packet */ - struct xform_functions *proto_funcs; - struct ipsec_sa *newipsp; - struct iphdr *ipp; - struct sk_buff *skb; -#ifdef CONFIG_IPSEC_ALG - struct ipsec_alg_auth *ixt_a=NULL; -#endif /* CONFIG_IPSEC_ALG */ - - skb = irs->skb; - irs->len = skb->len; - dat = skb->data; - ipp = irs->ipp; - proto = ipp->protocol; - ipsaddr.s_addr = ipp->saddr; - addrtoa(ipsaddr, 0, irs->ipsaddr_txt, sizeof(irs->ipsaddr_txt)); - ipdaddr.s_addr = ipp->daddr; - addrtoa(ipdaddr, 0, irs->ipdaddr_txt, sizeof(irs->ipdaddr_txt)); - - iphlen = ipp->ihl << 2; - irs->iphlen=iphlen; - ipp->check = 0; /* we know the sum is good */ - - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv_decap_once: " - "decap (%d) from %s -> %s\n", - proto, irs->ipsaddr_txt, irs->ipdaddr_txt); - - switch(proto) { -#ifdef CONFIG_IPSEC_ESP - case IPPROTO_ESP: - proto_funcs = esp_rcv_funcs; - break; -#endif /* !CONFIG_IPSEC_ESP */ - -#ifdef CONFIG_IPSEC_AH - case IPPROTO_AH: - proto_funcs = ah_rcv_funcs; - break; -#endif /* !CONFIG_IPSEC_AH */ - -#ifdef CONFIG_IPSEC_IPCOMP - case IPPROTO_COMP: - proto_funcs = ipcomp_rcv_funcs; - break; -#endif /* !CONFIG_IPSEC_IPCOMP */ - default: - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_BADPROTO; - } - - /* - * Find tunnel control block and (indirectly) call the - * appropriate tranform routine. The resulting sk_buf - * is a valid IP packet ready to go through input processing. - */ - - irs->said.dst.s_addr = ipp->daddr; - - if(proto_funcs->checks) { - enum ipsec_rcv_value retval = (*proto_funcs->checks)(irs, skb); - - if(retval < 0) { - return retval; - } - } - - irs->said.proto = proto; - irs->sa_len = satoa(irs->said, 0, irs->sa, SATOA_BUF); - if(irs->sa_len == 0) { - strcpy(irs->sa, "(error)"); - } - - newipsp = ipsec_sa_getbyid(&irs->said); - if (newipsp == NULL) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "no ipsec_sa for SA:%s: incoming packet with no SA dropped\n", - irs->sa_len ? irs->sa : " (error)"); - if(irs->stats) { - irs->stats->rx_dropped++; - } - return IPSEC_RCV_SAIDNOTFOUND; - } - - /* MCR - XXX this is bizarre. ipsec_sa_getbyid returned it, having incremented the refcount, - * why in the world would we decrement it here? - - ipsec_sa_put(irs->ipsp);*/ /* incomplete */ - - /* If it is in larval state, drop the packet, we cannot process yet. */ - if(newipsp->ips_state == SADB_SASTATE_LARVAL) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "ipsec_sa in larval state, cannot be used yet, dropping packet.\n"); - if(irs->stats) { - irs->stats->rx_dropped++; - } - ipsec_sa_put(newipsp); - return IPSEC_RCV_SAIDNOTLIVE; - } - - if(newipsp->ips_state == SADB_SASTATE_DEAD) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "ipsec_sa in dead state, cannot be used any more, dropping packet.\n"); - if(irs->stats) { - irs->stats->rx_dropped++; - } - ipsec_sa_put(newipsp); - return IPSEC_RCV_SAIDNOTLIVE; - } - - if(sysctl_ipsec_inbound_policy_check) { - if(irs->ipp->saddr != ((struct sockaddr_in*)(newipsp->ips_addr_s))->sin_addr.s_addr) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s, src=%s of pkt does not agree with expected SA source address policy.\n", - irs->sa_len ? irs->sa : " (error)", - irs->ipsaddr_txt); - if(irs->stats) { - irs->stats->rx_dropped++; - } - ipsec_sa_put(newipsp); - return IPSEC_RCV_FAILEDINBOUND; - } - - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s, src=%s of pkt agrees with expected SA source address policy.\n", - irs->sa_len ? irs->sa : " (error)", - irs->ipsaddr_txt); - - /* - * at this point, we have looked up a new SA, and we want to make sure that if this - * isn't the first SA in the list, that the previous SA actually points at this one. - */ - if(irs->ipsp) { - if(irs->ipsp->ips_inext != newipsp) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "unexpected SA:%s: does not agree with ips->inext policy, dropped\n", - irs->sa_len ? irs->sa : " (error)"); - if(irs->stats) { - irs->stats->rx_dropped++; - } - ipsec_sa_put(newipsp); - return IPSEC_RCV_FAILEDINBOUND; - } - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s grouping from previous SA is OK.\n", - irs->sa_len ? irs->sa : " (error)"); - } else { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s First SA in group.\n", - irs->sa_len ? irs->sa : " (error)"); - } - - /* - * previously, at this point, we checked if the back pointer from the new SA that - * we just found matched the back pointer. But, we won't do this check anymore, - * because we want to be able to nest SAs - */ -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "natt_type=%u tdbp->ips_natt_type=%u : %s\n", - irs->natt_type, newipsp->ips_natt_type, - (irs->natt_type==newipsp->ips_natt_type)?"ok":"bad"); - if (irs->natt_type != newipsp->ips_natt_type) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s does not agree with expected NAT-T policy.\n", - irs->sa_len ? irs->sa : " (error)"); - if(irs->stats) { - irs->stats->rx_dropped++; - } - ipsec_sa_put(newipsp); - return IPSEC_RCV_FAILEDINBOUND; - } -#endif - } - - /* okay, SA checks out, so free any previous SA, and record a new one */ - - if(irs->ipsp) { - ipsec_sa_put(irs->ipsp); - } - irs->ipsp=newipsp; - - /* note that the outer code will free the irs->ipsp if there is an error */ - - - /* now check the lifetimes */ - if(ipsec_lifetime_check(&irs->ipsp->ips_life.ipl_bytes, "bytes", irs->sa, - ipsec_life_countbased, ipsec_incoming, irs->ipsp) == ipsec_life_harddied || - ipsec_lifetime_check(&irs->ipsp->ips_life.ipl_addtime, "addtime",irs->sa, - ipsec_life_timebased, ipsec_incoming, irs->ipsp) == ipsec_life_harddied || - ipsec_lifetime_check(&irs->ipsp->ips_life.ipl_addtime, "usetime",irs->sa, - ipsec_life_timebased, ipsec_incoming, irs->ipsp) == ipsec_life_harddied || - ipsec_lifetime_check(&irs->ipsp->ips_life.ipl_packets, "packets",irs->sa, - ipsec_life_countbased, ipsec_incoming, irs->ipsp) == ipsec_life_harddied) { - ipsec_sa_delchain(irs->ipsp); - if(irs->stats) { - irs->stats->rx_dropped++; - } - - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv_decap_once: " - "decap (%d) failed lifetime check\n", - proto); - - return IPSEC_RCV_LIFETIMEFAILED; - } - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if ((irs->natt_type) && - ( (irs->ipp->saddr != (((struct sockaddr_in*)(newipsp->ips_addr_s))->sin_addr.s_addr)) || - (irs->natt_sport != newipsp->ips_natt_sport) - )) { - struct sockaddr sipaddr; - /** Advertise NAT-T addr change to pluto **/ - sipaddr.sa_family = AF_INET; - ((struct sockaddr_in*)&sipaddr)->sin_addr.s_addr = irs->ipp->saddr; - ((struct sockaddr_in*)&sipaddr)->sin_port = htons(irs->natt_sport); - pfkey_nat_t_new_mapping(newipsp, &sipaddr, irs->natt_sport); - /** - * Then allow or block packet depending on - * sysctl_ipsec_inbound_policy_check. - * - * In all cases, pluto will update SA if new mapping is - * accepted. - */ - if (sysctl_ipsec_inbound_policy_check) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s, src=%s:%u of pkt does not agree with expected " - "SA source address policy (pluto has been informed).\n", - irs->sa_len ? irs->sa : " (error)", - irs->ipsaddr_txt, irs->natt_sport); - if(irs->stats) { - irs->stats->rx_dropped++; - } - ipsec_sa_put(newipsp); - return IPSEC_RCV_FAILEDINBOUND; - } - } -#endif - - irs->authfuncs=NULL; - /* authenticate, if required */ -#ifdef CONFIG_IPSEC_ALG - if ((ixt_a=irs->ipsp->ips_alg_auth)) { - irs->authlen = AHHMAC_HASHLEN; - irs->authfuncs = NULL; - irs->ictx = NULL; - irs->octx = NULL; - irs->ictx_len = 0; - irs->octx_len = 0; - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "authalg=%d authlen=%d\n", - irs->ipsp->ips_authalg, - irs->authlen); - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(irs->ipsp->ips_authalg) { -#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - case AH_MD5: - irs->authlen = AHHMAC_HASHLEN; - irs->authfuncs = ipsec_rcv_md5; - irs->ictx = (void *)&((struct md5_ctx*)(irs->ipsp->ips_key_a))->ictx; - irs->octx = (void *)&((struct md5_ctx*)(irs->ipsp->ips_key_a))->octx; - irs->ictx_len = sizeof(((struct md5_ctx*)(irs->ipsp->ips_key_a))->ictx); - irs->octx_len = sizeof(((struct md5_ctx*)(irs->ipsp->ips_key_a))->octx); - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - case AH_SHA: - irs->authlen = AHHMAC_HASHLEN; - irs->authfuncs = ipsec_rcv_sha1; - irs->ictx = (void *)&((struct sha1_ctx*)(irs->ipsp->ips_key_a))->ictx; - irs->octx = (void *)&((struct sha1_ctx*)(irs->ipsp->ips_key_a))->octx; - irs->ictx_len = sizeof(((struct sha1_ctx*)(irs->ipsp->ips_key_a))->ictx); - irs->octx_len = sizeof(((struct sha1_ctx*)(irs->ipsp->ips_key_a))->octx); - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ - case AH_NONE: - irs->authlen = 0; - irs->authfuncs = NULL; - irs->ictx = NULL; - irs->octx = NULL; - irs->ictx_len = 0; - irs->octx_len = 0; - - break; - default: - irs->ipsp->ips_errs.ips_alg_errs += 1; - if(irs->stats) { - irs->stats->rx_errors++; - } - return IPSEC_RCV_BADAUTH; - } - - irs->ilen = irs->len - iphlen - irs->authlen; - if(irs->ilen <= 0) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "runt %s packet with no data, dropping.\n", - (proto == IPPROTO_ESP ? "esp" : "ah")); - if(irs->stats) { - irs->stats->rx_dropped++; - } - return IPSEC_RCV_BADLEN; - } - -#ifdef CONFIG_IPSEC_ALG - if(irs->authfuncs || ixt_a) { -#else - if(irs->authfuncs) { -#endif - unsigned char *authenticator = NULL; - - if(proto_funcs->setup_auth) { - enum ipsec_rcv_value retval - = (*proto_funcs->setup_auth)(irs, skb, - &replay, - &authenticator); - if(retval < 0) { - return retval; - } - } - - if(!authenticator) { - irs->ipsp->ips_errs.ips_auth_errs += 1; - if(irs->stats) { - irs->stats->rx_dropped++; - } - return IPSEC_RCV_BADAUTH; - } - - if(!ipsec_checkreplaywindow(irs->ipsp, replay)) { - irs->ipsp->ips_errs.ips_replaywin_errs += 1; - KLIPS_PRINT(debug_rcv & DB_RX_REPLAY, - "klips_debug:ipsec_rcv: " - "duplicate frame from %s, packet dropped\n", - irs->ipsaddr_txt); - if(irs->stats) { - irs->stats->rx_dropped++; - } - return IPSEC_RCV_REPLAYFAILED; - } - - /* - * verify authenticator - */ - - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "encalg = %d, authalg = %d.\n", - irs->ipsp->ips_encalg, - irs->ipsp->ips_authalg); - - /* calculate authenticator */ - if(proto_funcs->calc_auth == NULL) { - return IPSEC_RCV_BADAUTH; - } - (*proto_funcs->calc_auth)(irs, skb); - - if (memcmp(irs->hash, authenticator, irs->authlen)) { - irs->ipsp->ips_errs.ips_auth_errs += 1; - KLIPS_PRINT(debug_rcv & DB_RX_INAU, - "klips_debug:ipsec_rcv: " - "auth failed on incoming packet from %s: hash=%08x%08x%08x auth=%08x%08x%08x, dropped\n", - irs->ipsaddr_txt, - ntohl(*(__u32*)&irs->hash[0]), - ntohl(*(__u32*)&irs->hash[4]), - ntohl(*(__u32*)&irs->hash[8]), - ntohl(*(__u32*)authenticator), - ntohl(*((__u32*)authenticator + 1)), - ntohl(*((__u32*)authenticator + 2))); - if(irs->stats) { - irs->stats->rx_dropped++; - } - return IPSEC_RCV_AUTHFAILED; - } else { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "authentication successful.\n"); - } - - /* Crypto hygiene: clear memory used to calculate autheticator. - * The length varies with the algorithm. - */ - memset(irs->hash, 0, irs->authlen); - - /* If the sequence number == 0, expire SA, it had rolled */ - if(irs->ipsp->ips_replaywin && !replay /* !irs->ipsp->ips_replaywin_lastseq */) { - ipsec_sa_delchain(irs->ipsp); - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "replay window counter rolled, expiring SA.\n"); - if(irs->stats) { - irs->stats->rx_dropped++; - } - return IPSEC_RCV_REPLAYROLLED; - } - - /* now update the replay counter */ - if (!ipsec_updatereplaywindow(irs->ipsp, replay)) { - irs->ipsp->ips_errs.ips_replaywin_errs += 1; - KLIPS_PRINT(debug_rcv & DB_RX_REPLAY, - "klips_debug:ipsec_rcv: " - "duplicate frame from %s, packet dropped\n", - irs->ipsaddr_txt); - if(irs->stats) { - irs->stats->rx_dropped++; - } - return IPSEC_RCV_REPLAYROLLED; - } - } - - if(proto_funcs->decrypt) { - enum ipsec_rcv_value retval = - (*proto_funcs->decrypt)(irs); - - if(retval != IPSEC_RCV_OK) { - return retval; - } - } - - /* - * Adjust pointers - */ - skb = irs->skb; - irs->len = skb->len; - dat = skb->data; - -#ifdef NET_21 -/* skb->h.ipiph=(struct iphdr *)skb->data; */ - skb->nh.raw = skb->data; - skb->h.raw = skb->nh.raw + (skb->nh.iph->ihl << 2); - - memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); -#else /* NET_21 */ - skb->h.iph=(struct iphdr *)skb->data; - skb->ip_hdr=(struct iphdr *)skb->data; - memset(skb->proto_priv, 0, sizeof(struct options)); -#endif /* NET_21 */ - - ipp = (struct iphdr *)dat; - ipsaddr.s_addr = ipp->saddr; - addrtoa(ipsaddr, 0, irs->ipsaddr_txt, sizeof(irs->ipsaddr_txt)); - ipdaddr.s_addr = ipp->daddr; - addrtoa(ipdaddr, 0, irs->ipdaddr_txt, sizeof(irs->ipdaddr_txt)); - /* - * Discard the original ESP/AH header - */ - ipp->protocol = irs->next_header; - - ipp->check = 0; /* NOTE: this will be included in checksum */ - ipp->check = ip_fast_csum((unsigned char *)dat, iphlen >> 2); - - KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, - "klips_debug:ipsec_rcv: " - "after <%s%s%s>, SA:%s:\n", - IPS_XFORM_NAME(irs->ipsp), - irs->sa_len ? irs->sa : " (error)"); - KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp); - - skb->protocol = htons(ETH_P_IP); - skb->ip_summed = 0; - - ipsnext = irs->ipsp->ips_inext; - if(sysctl_ipsec_inbound_policy_check) { - if(ipsnext) { - if( - ipp->protocol != IPPROTO_AH - && ipp->protocol != IPPROTO_ESP -#ifdef CONFIG_IPSEC_IPCOMP - && ipp->protocol != IPPROTO_COMP - && (ipsnext->ips_said.proto != IPPROTO_COMP - || ipsnext->ips_inext) -#endif /* CONFIG_IPSEC_IPCOMP */ - && ipp->protocol != IPPROTO_IPIP - ) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "packet with incomplete policy dropped, last successful SA:%s.\n", - irs->sa_len ? irs->sa : " (error)"); - if(irs->stats) { - irs->stats->rx_dropped++; - } - return IPSEC_RCV_FAILEDINBOUND; - } - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s, Another IPSEC header to process.\n", - irs->sa_len ? irs->sa : " (error)"); - } else { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "No ips_inext from this SA:%s.\n", - irs->sa_len ? irs->sa : " (error)"); - } - } - -#ifdef CONFIG_IPSEC_IPCOMP - /* update ipcomp ratio counters, even if no ipcomp packet is present */ - if (ipsnext - && ipsnext->ips_said.proto == IPPROTO_COMP - && ipp->protocol != IPPROTO_COMP) { - ipsnext->ips_comp_ratio_cbytes += ntohs(ipp->tot_len); - ipsnext->ips_comp_ratio_dbytes += ntohs(ipp->tot_len); - } -#endif /* CONFIG_IPSEC_IPCOMP */ - - irs->ipsp->ips_life.ipl_bytes.ipl_count += irs->len; - irs->ipsp->ips_life.ipl_bytes.ipl_last = irs->len; - - if(!irs->ipsp->ips_life.ipl_usetime.ipl_count) { - irs->ipsp->ips_life.ipl_usetime.ipl_count = jiffies / HZ; - } - irs->ipsp->ips_life.ipl_usetime.ipl_last = jiffies / HZ; - irs->ipsp->ips_life.ipl_packets.ipl_count += 1; - -#ifdef CONFIG_NETFILTER - if(proto == IPPROTO_ESP || proto == IPPROTO_AH) { - skb->nfmark = (skb->nfmark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_MASK)))) - | IPsecSAref2NFmark(IPsecSA2SAref(irs->ipsp)); - KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, - "klips_debug:ipsec_rcv: " - "%s SA sets skb->nfmark=0x%x.\n", - proto == IPPROTO_ESP ? "ESP" : "AH", - (unsigned)skb->nfmark); - } -#endif /* CONFIG_NETFILTER */ - - return IPSEC_RCV_OK; -} - - -int -#ifdef PROTO_HANDLER_SINGLE_PARM -ipsec_rcv(struct sk_buff *skb) -#else /* PROTO_HANDLER_SINGLE_PARM */ -#ifdef NET_21 -ipsec_rcv(struct sk_buff *skb, unsigned short xlen) -#else /* NET_21 */ -ipsec_rcv(struct sk_buff *skb, struct device *dev, struct options *opt, - __u32 daddr_unused, unsigned short xlen, __u32 saddr, - int redo, struct inet_protocol *protocol) -#endif /* NET_21 */ -#endif /* PROTO_HANDLER_SINGLE_PARM */ -{ -#ifdef NET_21 -#ifdef CONFIG_IPSEC_DEBUG - struct device *dev = skb->dev; -#endif /* CONFIG_IPSEC_DEBUG */ -#endif /* NET_21 */ - unsigned char protoc; - struct iphdr *ipp; -#if defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) -#endif /* defined(CONFIG_IPSEC_ESP) || defined(CONFIG_IPSEC_AH) */ - - struct ipsec_sa *ipsp = NULL; - struct net_device_stats *stats = NULL; /* This device's statistics */ - struct device *ipsecdev = NULL, *prvdev; - struct ipsecpriv *prv; - char name[9]; - int i; - struct in_addr ipsaddr; - struct in_addr ipdaddr; - - struct ipsec_sa* ipsnext = NULL; /* next SA towards inside of packet */ - struct ipsec_rcv_state irs; - - /* Don't unlink in the middle of a turnaround */ - MOD_INC_USE_COUNT; - - memset(&irs, 0, sizeof(struct ipsec_rcv_state)); - - if (skb == NULL) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NULL skb passed in.\n"); - goto rcvleave; - } - - if (skb->data == NULL) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NULL skb->data passed in, packet is bogus, dropping.\n"); - goto rcvleave; - } - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if (skb->sk && skb->nh.iph && skb->nh.iph->protocol==IPPROTO_UDP) { - /** - * Packet comes from udp_queue_rcv_skb so it is already defrag, - * checksum verified, ... (ie safe to use) - * - * If the packet is not for us, return -1 and udp_queue_rcv_skb - * will continue to handle it (do not kfree skb !!). - */ - struct udp_opt *tp = &(skb->sk->tp_pinfo.af_udp); - struct iphdr *ip = (struct iphdr *)skb->nh.iph; - struct udphdr *udp = (struct udphdr *)((__u32 *)ip+ip->ihl); - __u8 *udpdata = (__u8 *)udp + sizeof(struct udphdr); - __u32 *udpdata32 = (__u32 *)udpdata; - - irs.natt_sport = ntohs(udp->source); - irs.natt_dport = ntohs(udp->dest); - - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "suspected ESPinUDP packet (NAT-Traversal) [%d].\n", - tp->esp_in_udp); - KLIPS_IP_PRINT(debug_rcv, ip); - - if (udpdata < skb->tail) { - unsigned int len = skb->tail - udpdata; - if ((len==1) && (udpdata[0]==0xff)) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - /* not IPv6 compliant message */ - "NAT-keepalive from %d.%d.%d.%d.\n", NIPQUAD(ip->saddr)); - goto rcvleave; - } - else if ( (tp->esp_in_udp == ESPINUDP_WITH_NON_IKE) && - (len > (2*sizeof(__u32) + sizeof(struct esphdr))) && - (udpdata32[0]==0) && (udpdata32[1]==0) ) { - /* ESP Packet with Non-IKE header */ - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "ESPinUDP pkt with Non-IKE - spi=0x%x\n", - udpdata32[2]); - irs.natt_type = ESPINUDP_WITH_NON_IKE; - irs.natt_len = sizeof(struct udphdr)+(2*sizeof(__u32)); - } - else if ( (tp->esp_in_udp == ESPINUDP_WITH_NON_ESP) && - (len > sizeof(struct esphdr)) && - (udpdata32[0]!=0) ) { - /* ESP Packet without Non-ESP header */ - irs.natt_type = ESPINUDP_WITH_NON_ESP; - irs.natt_len = sizeof(struct udphdr); - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "ESPinUDP pkt without Non-ESP - spi=0x%x\n", - udpdata32[0]); - } - else { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "IKE packet - not handled here\n"); - MOD_DEC_USE_COUNT; - return -1; - } - } - else { - MOD_DEC_USE_COUNT; - return -1; - } - } -#endif - -#ifdef IPH_is_SKB_PULLED - /* In Linux 2.4.4, the IP header has been skb_pull()ed before the - packet is passed to us. So we'll skb_push() to get back to it. */ - if (skb->data == skb->h.raw) { - skb_push(skb, skb->h.raw - skb->nh.raw); - } -#endif /* IPH_is_SKB_PULLED */ - - /* dev->hard_header_len is unreliable and should not be used */ - irs.hard_header_len = skb->mac.raw ? (skb->data - skb->mac.raw) : 0; - if((irs.hard_header_len < 0) || (irs.hard_header_len > skb_headroom(skb))) - irs.hard_header_len = 0; - -#ifdef NET_21 - /* if skb was cloned (most likely due to a packet sniffer such as - tcpdump being momentarily attached to the interface), make - a copy of our own to modify */ - if(skb_cloned(skb)) { - /* include any mac header while copying.. */ - if(skb_headroom(skb) < irs.hard_header_len) { - printk(KERN_WARNING "klips_error:ipsec_rcv: " - "tried to skb_push hhlen=%d, %d available. This should never happen, please report.\n", - irs.hard_header_len, - skb_headroom(skb)); - goto rcvleave; - } - skb_push(skb, irs.hard_header_len); - if -#ifdef SKB_COW_NEW - (skb_cow(skb, skb_headroom(skb)) != 0) -#else /* SKB_COW_NEW */ - ((skb = skb_cow(skb, skb_headroom(skb))) == NULL) -#endif /* SKB_COW_NEW */ - { - goto rcvleave; - } - if(skb->len < irs.hard_header_len) { - printk(KERN_WARNING "klips_error:ipsec_rcv: " - "tried to skb_pull hhlen=%d, %d available. This should never happen, please report.\n", - irs.hard_header_len, - skb->len); - goto rcvleave; - } - skb_pull(skb, irs.hard_header_len); - } - -#endif /* NET_21 */ - -#if IP_FRAGMENT_LINEARIZE - /* In Linux 2.4.4, we may have to reassemble fragments. They are - not assembled automatically to save TCP from having to copy - twice. - */ - if (skb_is_nonlinear(skb)) { - if (skb_linearize(skb, GFP_ATOMIC) != 0) { - goto rcvleave; - } - } -#endif /* IP_FRAGMENT_LINEARIZE */ - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if (irs.natt_len) { - /** - * Now, we are sure packet is ESPinUDP. Remove natt_len bytes from - * packet and modify protocol to ESP. - */ - if (((unsigned char *)skb->data > (unsigned char *)skb->nh.iph) && - ((unsigned char *)skb->nh.iph > (unsigned char *)skb->head)) { - unsigned int _len = (unsigned char *)skb->data - - (unsigned char *)skb->nh.iph; - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: adjusting skb: skb_push(%u)\n", - _len); - skb_push(skb, _len); - } - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "removing %d bytes from ESPinUDP packet\n", irs.natt_len); - ipp = (struct iphdr *)skb->data; - irs.iphlen = ipp->ihl << 2; - ipp->tot_len = htons(ntohs(ipp->tot_len) - irs.natt_len); - if (skb->len < irs.iphlen + irs.natt_len) { - printk(KERN_WARNING - "klips_error:ipsec_rcv: " - "ESPinUDP packet is too small (%d < %d+%d). " - "This should never happen, please report.\n", - (int)(skb->len), irs.iphlen, irs.natt_len); - goto rcvleave; - } - memmove(skb->data + irs.natt_len, skb->data, irs.iphlen); - skb_pull(skb, irs.natt_len); - - /* update nh.iph */ - ipp = skb->nh.iph = (struct iphdr *)skb->data; - - /* modify protocol */ - ipp->protocol = IPPROTO_ESP; - - skb->sk = NULL; - - KLIPS_IP_PRINT(debug_rcv, skb->nh.iph); - } -#endif - - ipp = skb->nh.iph; - ipsaddr.s_addr = ipp->saddr; - addrtoa(ipsaddr, 0, irs.ipsaddr_txt, sizeof(irs.ipsaddr_txt)); - ipdaddr.s_addr = ipp->daddr; - addrtoa(ipdaddr, 0, irs.ipdaddr_txt, sizeof(irs.ipdaddr_txt)); - irs.iphlen = ipp->ihl << 2; - - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "<<< Info -- "); - KLIPS_PRINTMORE(debug_rcv && skb->dev, "skb->dev=%s ", - skb->dev->name ? skb->dev->name : "NULL"); - KLIPS_PRINTMORE(debug_rcv && dev, "dev=%s ", - dev->name ? dev->name : "NULL"); - KLIPS_PRINTMORE(debug_rcv, "\n"); - - KLIPS_PRINT(debug_rcv && !(skb->dev && dev && (skb->dev == dev)), - "klips_debug:ipsec_rcv: " - "Informational -- **if this happens, find out why** skb->dev:%s is not equal to dev:%s\n", - skb->dev ? (skb->dev->name ? skb->dev->name : "NULL") : "NULL", - dev ? (dev->name ? dev->name : "NULL") : "NULL"); - - protoc = ipp->protocol; -#ifndef NET_21 - if((!protocol) || (protocol->protocol != protoc)) { - KLIPS_PRINT(debug_rcv & DB_RX_IPSA, - "klips_debug:ipsec_rcv: " - "protocol arg is NULL or unequal to the packet contents, this is odd, using value in packet.\n"); - } -#endif /* !NET_21 */ - - if( (protoc != IPPROTO_AH) && -#ifdef CONFIG_IPSEC_IPCOMP_disabled_until_we_register_IPCOMP_HANDLER - (protoc != IPPROTO_COMP) && -#endif /* CONFIG_IPSEC_IPCOMP */ - (protoc != IPPROTO_ESP) ) { - KLIPS_PRINT(debug_rcv & DB_RX_IPSA, - "klips_debug:ipsec_rcv: Why the hell is someone " - "passing me a non-ipsec protocol = %d packet? -- dropped.\n", - protoc); - goto rcvleave; - } - - if(skb->dev) { - for(i = 0; i < IPSEC_NUM_IF; i++) { - sprintf(name, IPSEC_DEV_FORMAT, i); - if(!strcmp(name, skb->dev->name)) { - prv = (struct ipsecpriv *)(skb->dev->priv); - if(prv) { - stats = (struct net_device_stats *) &(prv->mystats); - } - ipsecdev = skb->dev; - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "Info -- pkt already proc'ed a group of ipsec headers, processing next group of ipsec headers.\n"); - break; - } - if((ipsecdev = __ipsec_dev_get(name)) == NULL) { - KLIPS_PRINT(debug_rcv, - "klips_error:ipsec_rcv: " - "device %s does not exist\n", - name); - } - prv = ipsecdev ? (struct ipsecpriv *)(ipsecdev->priv) : NULL; - prvdev = prv ? (struct device *)(prv->dev) : NULL; - -#if 0 - KLIPS_PRINT(debug_rcv && prvdev, - "klips_debug:ipsec_rcv: " - "physical device for device %s is %s\n", - name, - prvdev->name); -#endif - if(prvdev && skb->dev && - !strcmp(prvdev->name, skb->dev->name)) { - stats = prv ? ((struct net_device_stats *) &(prv->mystats)) : NULL; - skb->dev = ipsecdev; - KLIPS_PRINT(debug_rcv && prvdev, - "klips_debug:ipsec_rcv: " - "assigning packet ownership to virtual device %s from physical device %s.\n", - name, prvdev->name); - if(stats) { - stats->rx_packets++; - } - break; - } - } - } else { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "device supplied with skb is NULL\n"); - } - - if(stats == NULL) { - KLIPS_PRINT((debug_rcv), - "klips_error:ipsec_rcv: " - "packet received from physical I/F (%s) not connected to ipsec I/F. Cannot record stats. May not have SA for decoding. Is IPSEC traffic expected on this I/F? Check routing.\n", - skb->dev ? (skb->dev->name ? skb->dev->name : "NULL") : "NULL"); - } - - KLIPS_IP_PRINT(debug_rcv, ipp); - - /* begin decapsulating loop here */ - - /* - The spinlock is to prevent any other process from - accessing or deleting the ipsec_sa hash table or any of the - ipsec_sa s while we are using and updating them. - - This is not optimal, but was relatively straightforward - at the time. A better way to do it has been planned for - more than a year, to lock the hash table and put reference - counts on each ipsec_sa instead. This is not likely to happen - in KLIPS1 unless a volunteer contributes it, but will be - designed into KLIPS2. - */ - spin_lock(&tdb_lock); - - /* set up for decap loop */ - irs.stats= stats; - irs.ipp = ipp; - irs.ipsp = NULL; - irs.ilen = 0; - irs.authlen=0; - irs.authfuncs=NULL; - irs.skb = skb; - - do { - int decap_stat; - - decap_stat = ipsec_rcv_decap_once(&irs); - - if(decap_stat != IPSEC_RCV_OK) { - spin_unlock(&tdb_lock); - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: decap_once failed: %d\n", - decap_stat); - - goto rcvleave; - } - /* end decapsulation loop here */ - } while( (irs.ipp->protocol == IPPROTO_ESP ) - || (irs.ipp->protocol == IPPROTO_AH ) -#ifdef CONFIG_IPSEC_IPCOMP - || (irs.ipp->protocol == IPPROTO_COMP) -#endif /* CONFIG_IPSEC_IPCOMP */ - ); - - /* set up for decap loop */ - ipp =irs.ipp; - ipsp =irs.ipsp; - ipsnext = ipsp->ips_inext; - skb = irs.skb; - - /* if there is an IPCOMP, but we don't have an IPPROTO_COMP, - * then we can just skip it - */ -#ifdef CONFIG_IPSEC_IPCOMP - if(ipsnext && ipsnext->ips_said.proto == IPPROTO_COMP) { - ipsp = ipsnext; - ipsnext = ipsp->ips_inext; - } -#endif /* CONFIG_IPSEC_IPCOMP */ - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if ((irs.natt_type) && (ipp->protocol != IPPROTO_IPIP)) { - /** - * NAT-Traversal and Transport Mode: - * we need to correct TCP/UDP checksum - * - * If we've got NAT-OA, we can fix checksum without recalculation. - */ - __u32 natt_oa = ipsp->ips_natt_oa ? - ((struct sockaddr_in*)(ipsp->ips_natt_oa))->sin_addr.s_addr : 0; - __u16 pkt_len = skb->tail - (unsigned char *)ipp; - __u16 data_len = pkt_len - (ipp->ihl << 2); - - switch (ipp->protocol) { - case IPPROTO_TCP: - if (data_len >= sizeof(struct tcphdr)) { - struct tcphdr *tcp = (struct tcphdr *)((__u32 *)ipp+ipp->ihl); - if (natt_oa) { - __u32 buff[2] = { ~natt_oa, ipp->saddr }; - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NAT-T & TRANSPORT: " - "fix TCP checksum using NAT-OA\n"); - tcp->check = csum_fold( - csum_partial((unsigned char *)buff, sizeof(buff), - tcp->check^0xffff)); - } - else { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NAT-T & TRANSPORT: recalc TCP checksum\n"); - if (pkt_len > (ntohs(ipp->tot_len))) - data_len -= (pkt_len - ntohs(ipp->tot_len)); - tcp->check = 0; - tcp->check = csum_tcpudp_magic(ipp->saddr, ipp->daddr, - data_len, IPPROTO_TCP, - csum_partial((unsigned char *)tcp, data_len, 0)); - } - } - else { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NAT-T & TRANSPORT: can't fix TCP checksum\n"); - } - break; - case IPPROTO_UDP: - if (data_len >= sizeof(struct udphdr)) { - struct udphdr *udp = (struct udphdr *)((__u32 *)ipp+ipp->ihl); - if (udp->check == 0) { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NAT-T & TRANSPORT: UDP checksum already 0\n"); - } - else if (natt_oa) { - __u32 buff[2] = { ~natt_oa, ipp->saddr }; - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NAT-T & TRANSPORT: " - "fix UDP checksum using NAT-OA\n"); - udp->check = csum_fold( - csum_partial((unsigned char *)buff, sizeof(buff), - udp->check^0xffff)); - } - else { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NAT-T & TRANSPORT: zero UDP checksum\n"); - udp->check = 0; - } - } - else { - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NAT-T & TRANSPORT: can't fix UDP checksum\n"); - } - break; - default: - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "NAT-T & TRANSPORT: non TCP/UDP packet -- do nothing\n"); - break; - } - } -#endif - - /* - * XXX this needs to be locked from when it was first looked - * up in the decapsulation loop. Perhaps it is better to put - * the IPIP decap inside the loop. - */ - if(ipsnext) { - ipsp = ipsnext; - irs.sa_len = satoa(irs.said, 0, irs.sa, SATOA_BUF); - if(ipp->protocol != IPPROTO_IPIP) { - spin_unlock(&tdb_lock); - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s, Hey! How did this get through? Dropped.\n", - irs.sa_len ? irs.sa : " (error)"); - if(stats) { - stats->rx_dropped++; - } - goto rcvleave; - } - if(sysctl_ipsec_inbound_policy_check) { - if((ipsnext = ipsp->ips_inext)) { - char sa2[SATOA_BUF]; - size_t sa_len2; - sa_len2 = satoa(ipsnext->ips_said, 0, sa2, SATOA_BUF); - spin_unlock(&tdb_lock); - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "unexpected SA:%s after IPIP SA:%s\n", - sa_len2 ? sa2 : " (error)", - irs.sa_len ? irs.sa : " (error)"); - if(stats) { - stats->rx_dropped++; - } - goto rcvleave; - } - if(ipp->saddr != ((struct sockaddr_in*)(ipsp->ips_addr_s))->sin_addr.s_addr) { - spin_unlock(&tdb_lock); - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s, src=%s of pkt does not agree with expected SA source address policy.\n", - irs.sa_len ? irs.sa : " (error)", - irs.ipsaddr_txt); - if(stats) { - stats->rx_dropped++; - } - goto rcvleave; - } - } - - /* - * XXX this needs to be locked from when it was first looked - * up in the decapsulation loop. Perhaps it is better to put - * the IPIP decap inside the loop. - */ - ipsp->ips_life.ipl_bytes.ipl_count += skb->len; - ipsp->ips_life.ipl_bytes.ipl_last = skb->len; - - if(!ipsp->ips_life.ipl_usetime.ipl_count) { - ipsp->ips_life.ipl_usetime.ipl_count = jiffies / HZ; - } - ipsp->ips_life.ipl_usetime.ipl_last = jiffies / HZ; - ipsp->ips_life.ipl_packets.ipl_count += 1; - - if(skb->len < irs.iphlen) { - spin_unlock(&tdb_lock); - printk(KERN_WARNING "klips_debug:ipsec_rcv: " - "tried to skb_pull iphlen=%d, %d available. This should never happen, please report.\n", - irs.iphlen, - (int)(skb->len)); - - goto rcvleave; - } - skb_pull(skb, irs.iphlen); - -#ifdef NET_21 - skb->nh.raw = skb->data; - ipp = (struct iphdr *)skb->nh.raw; - skb->h.raw = skb->nh.raw + (skb->nh.iph->ihl << 2); - - memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); -#else /* NET_21 */ - ipp = skb->ip_hdr = skb->h.iph = (struct iphdr *)skb->data; - - memset(skb->proto_priv, 0, sizeof(struct options)); -#endif /* NET_21 */ - ipsaddr.s_addr = ipp->saddr; - addrtoa(ipsaddr, 0, irs.ipsaddr_txt, sizeof(irs.ipsaddr_txt)); - ipdaddr.s_addr = ipp->daddr; - addrtoa(ipdaddr, 0, irs.ipdaddr_txt, sizeof(irs.ipdaddr_txt)); - - skb->protocol = htons(ETH_P_IP); - skb->ip_summed = 0; - KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, - "klips_debug:ipsec_rcv: " - "IPIP tunnel stripped.\n"); - KLIPS_IP_PRINT(debug_rcv & DB_RX_PKTRX, ipp); - - if(sysctl_ipsec_inbound_policy_check - /* - Note: "xor" (^) logically replaces "not equal" - (!=) and "bitwise or" (|) logically replaces - "boolean or" (||). This is done to speed up - execution by doing only bitwise operations and - no branch operations - */ - && (((ipp->saddr & ipsp->ips_mask_s.u.v4.sin_addr.s_addr) - ^ ipsp->ips_flow_s.u.v4.sin_addr.s_addr) - | ((ipp->daddr & ipsp->ips_mask_d.u.v4.sin_addr.s_addr) - ^ ipsp->ips_flow_d.u.v4.sin_addr.s_addr)) ) - { - char sflow_txt[SUBNETTOA_BUF], dflow_txt[SUBNETTOA_BUF]; - - subnettoa(ipsp->ips_flow_s.u.v4.sin_addr, - ipsp->ips_mask_s.u.v4.sin_addr, - 0, sflow_txt, sizeof(sflow_txt)); - subnettoa(ipsp->ips_flow_d.u.v4.sin_addr, - ipsp->ips_mask_d.u.v4.sin_addr, - 0, dflow_txt, sizeof(dflow_txt)); - spin_unlock(&tdb_lock); - KLIPS_PRINT(debug_rcv, - "klips_debug:ipsec_rcv: " - "SA:%s, inner tunnel policy [%s -> %s] does not agree with pkt contents [%s -> %s].\n", - irs.sa_len ? irs.sa : " (error)", - sflow_txt, - dflow_txt, - irs.ipsaddr_txt, - irs.ipdaddr_txt); - if(stats) { - stats->rx_dropped++; - } - goto rcvleave; - } -#ifdef CONFIG_NETFILTER - skb->nfmark = (skb->nfmark & (~(IPsecSAref2NFmark(IPSEC_SA_REF_TABLE_MASK)))) - | IPsecSAref2NFmark(IPsecSA2SAref(ipsp)); - KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, - "klips_debug:ipsec_rcv: " - "IPIP SA sets skb->nfmark=0x%x.\n", - (unsigned)skb->nfmark); -#endif /* CONFIG_NETFILTER */ - } - - spin_unlock(&tdb_lock); - -#ifdef NET_21 - if(stats) { - stats->rx_bytes += skb->len; - } - if(skb->dst) { - dst_release(skb->dst); - skb->dst = NULL; - } - skb->pkt_type = PACKET_HOST; - if(irs.hard_header_len && - (skb->mac.raw != (skb->data - irs.hard_header_len)) && - (irs.hard_header_len <= skb_headroom(skb))) { - /* copy back original MAC header */ - memmove(skb->data - irs.hard_header_len, skb->mac.raw, irs.hard_header_len); - skb->mac.raw = skb->data - irs.hard_header_len; - } -#endif /* NET_21 */ - -#ifdef CONFIG_IPSEC_IPCOMP - if(ipp->protocol == IPPROTO_COMP) { - unsigned int flags = 0; - - if(sysctl_ipsec_inbound_policy_check) { - KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, - "klips_debug:ipsec_rcv: " - "inbound policy checking enabled, IPCOMP follows IPIP, dropped.\n"); - if (stats) { - stats->rx_errors++; - } - goto rcvleave; - } - /* - XXX need a ipsec_sa for updating ratio counters but it is not - following policy anyways so it is not a priority - */ - skb = skb_decompress(skb, NULL, &flags); - if (!skb || flags) { - KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, - "klips_debug:ipsec_rcv: " - "skb_decompress() returned error flags: %d, dropped.\n", - flags); - if (stats) { - stats->rx_errors++; - } - goto rcvleave; - } - } -#endif /* CONFIG_IPSEC_IPCOMP */ - -#ifdef SKB_RESET_NFCT - nf_conntrack_put(skb->nfct); - skb->nfct = NULL; -#ifdef CONFIG_NETFILTER_DEBUG - skb->nf_debug = 0; -#endif /* CONFIG_NETFILTER_DEBUG */ -#endif /* SKB_RESET_NFCT */ - KLIPS_PRINT(debug_rcv & DB_RX_PKTRX, - "klips_debug:ipsec_rcv: " - "netif_rx() called.\n"); - netif_rx(skb); - - MOD_DEC_USE_COUNT; - return(0); - - rcvleave: - if(skb) { - ipsec_kfree_skb(skb); - } - - MOD_DEC_USE_COUNT; - return(0); -} - -struct inet_protocol ah_protocol = -{ - ipsec_rcv, /* AH handler */ - NULL, /* TUNNEL error control */ -#ifdef NETDEV_25 - 1, /* no policy */ -#else - 0, /* next */ - IPPROTO_AH, /* protocol ID */ - 0, /* copy */ - NULL, /* data */ - "AH" /* name */ -#endif -}; - -struct inet_protocol esp_protocol = -{ - ipsec_rcv, /* ESP handler */ - NULL, /* TUNNEL error control */ -#ifdef NETDEV_25 - 1, /* no policy */ -#else - 0, /* next */ - IPPROTO_ESP, /* protocol ID */ - 0, /* copy */ - NULL, /* data */ - "ESP" /* name */ -#endif -}; - -#if 0 -/* We probably don't want to install a pure IPCOMP protocol handler, but - only want to handle IPCOMP if it is encapsulated inside an ESP payload - (which is already handled) */ -#ifdef CONFIG_IPSEC_IPCOMP -struct inet_protocol comp_protocol = -{ - ipsec_rcv, /* COMP handler */ - NULL, /* COMP error control */ -#ifdef NETDEV_25 - 1, /* no policy */ -#else - 0, /* next */ - IPPROTO_COMP, /* protocol ID */ - 0, /* copy */ - NULL, /* data */ - "COMP" /* name */ -#endif -}; -#endif /* CONFIG_IPSEC_IPCOMP */ -#endif diff --git a/linux/net/ipsec/ipsec_sa.c b/linux/net/ipsec/ipsec_sa.c deleted file mode 100644 index 4f73b92f2..000000000 --- a/linux/net/ipsec/ipsec_sa.c +++ /dev/null @@ -1,1031 +0,0 @@ -/* - * Common routines for IPsec SA maintenance routines. - * - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001, 2002 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_sa.c,v 1.3 2004/06/13 19:57:50 as Exp $ - * - * This is the file formerly known as "ipsec_xform.h" - * - */ - -#include -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* vmalloc() */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include -#include -#ifdef SPINLOCK -#ifdef SPINLOCK_23 -#include /* *lock* */ -#else /* SPINLOCK_23 */ -#include /* *lock* */ -#endif /* SPINLOCK_23 */ -#endif /* SPINLOCK */ -#ifdef NET_21 -#include -#include -#endif -#include -#include - -#include "freeswan/radij.h" - -#include "freeswan/ipsec_stats.h" -#include "freeswan/ipsec_life.h" -#include "freeswan/ipsec_sa.h" -#include "freeswan/ipsec_xform.h" - -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_ipe4.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" - -#include -#include - -#include "freeswan/ipsec_proto.h" -#include "freeswan/ipsec_alg.h" - - -#ifdef CONFIG_IPSEC_DEBUG -int debug_xform = 0; -#endif /* CONFIG_IPSEC_DEBUG */ - -#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) - -struct ipsec_sa *ipsec_sadb_hash[SADB_HASHMOD]; -#ifdef SPINLOCK -spinlock_t tdb_lock = SPIN_LOCK_UNLOCKED; -#else /* SPINLOCK */ -spinlock_t tdb_lock; -#endif /* SPINLOCK */ - -struct ipsec_sadb ipsec_sadb; - -#if IPSEC_SA_REF_CODE - -/* the sub table must be narrower (or equal) in bits than the variable type - in the main table to count the number of unused entries in it. */ -typedef struct { - int testSizeOf_refSubTable : - ((sizeof(IPsecRefTableUnusedCount) * 8) < IPSEC_SA_REF_SUBTABLE_IDX_WIDTH ? -1 : 1); -} dummy; - - -/* The field where the saref will be hosted in the skb must be wide enough to - accomodate the information it needs to store. */ -typedef struct { - int testSizeOf_refField : - (IPSEC_SA_REF_HOST_FIELD_WIDTH < IPSEC_SA_REF_TABLE_IDX_WIDTH ? -1 : 1 ); -} dummy2; - - -void -ipsec_SAtest(void) -{ - IPsecSAref_t SAref = 258; - struct ipsec_sa ips; - ips.ips_ref = 772; - - printk("klips_debug:ipsec_SAtest: " - "IPSEC_SA_REF_SUBTABLE_IDX_WIDTH=%u\n" - "IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES=%u\n" - "IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES=%u\n" - "IPSEC_SA_REF_HOST_FIELD_WIDTH=%lu\n" - "IPSEC_SA_REF_TABLE_MASK=%x\n" - "IPSEC_SA_REF_ENTRY_MASK=%x\n" - "IPsecSAref2table(%d)=%u\n" - "IPsecSAref2entry(%d)=%u\n" - "IPsecSAref2NFmark(%d)=%u\n" - "IPsecSAref2SA(%d)=%p\n" - "IPsecSA2SAref(%p)=%d\n" - , - IPSEC_SA_REF_SUBTABLE_IDX_WIDTH, - IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES, - IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES, - (unsigned long) IPSEC_SA_REF_HOST_FIELD_WIDTH, - IPSEC_SA_REF_TABLE_MASK, - IPSEC_SA_REF_ENTRY_MASK, - SAref, IPsecSAref2table(SAref), - SAref, IPsecSAref2entry(SAref), - SAref, IPsecSAref2NFmark(SAref), - SAref, IPsecSAref2SA(SAref), - (&ips), IPsecSA2SAref((&ips)) - ); - return; -} - -int -ipsec_SAref_recycle(void) -{ - int table; - int entry; - int error = 0; - - ipsec_sadb.refFreeListHead = -1; - ipsec_sadb.refFreeListTail = -1; - - if(ipsec_sadb.refFreeListCont == IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES * IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_recycle: " - "end of table reached, continuing at start..\n"); - ipsec_sadb.refFreeListCont = 0; - } - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_recycle: " - "recycling, continuing from SAref=%d (0p%p), table=%d, entry=%d.\n", - ipsec_sadb.refFreeListCont, - (ipsec_sadb.refTable[IPsecSAref2table(ipsec_sadb.refFreeListCont)] != NULL) ? IPsecSAref2SA(ipsec_sadb.refFreeListCont) : NULL, - IPsecSAref2table(ipsec_sadb.refFreeListCont), - IPsecSAref2entry(ipsec_sadb.refFreeListCont)); - - for(table = IPsecSAref2table(ipsec_sadb.refFreeListCont); - table < IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES; - table++) { - if(ipsec_sadb.refTable[table] == NULL) { - error = ipsec_SArefSubTable_alloc(table); - if(error) { - return error; - } - } - for(entry = IPsecSAref2entry(ipsec_sadb.refFreeListCont); - entry < IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES; - entry++) { - if(ipsec_sadb.refTable[table]->entry[entry] == NULL) { - ipsec_sadb.refFreeList[++ipsec_sadb.refFreeListTail] = IPsecSArefBuild(table, entry); - if(ipsec_sadb.refFreeListTail == (IPSEC_SA_REF_FREELIST_NUM_ENTRIES - 1)) { - ipsec_sadb.refFreeListHead = 0; - ipsec_sadb.refFreeListCont = ipsec_sadb.refFreeList[ipsec_sadb.refFreeListTail] + 1; - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_recycle: " - "SArefFreeList refilled.\n"); - return 0; - } - } - } - } - - if(ipsec_sadb.refFreeListTail == -1) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_recycle: " - "out of room in the SArefTable.\n"); - - return(-ENOSPC); - } - - ipsec_sadb.refFreeListHead = 0; - ipsec_sadb.refFreeListCont = ipsec_sadb.refFreeList[ipsec_sadb.refFreeListTail] + 1; - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_recycle: " - "SArefFreeList partly refilled to %d of %d.\n", - ipsec_sadb.refFreeListTail, - IPSEC_SA_REF_FREELIST_NUM_ENTRIES); - return 0; -} - -int -ipsec_SArefSubTable_alloc(unsigned table) -{ - unsigned entry; - struct IPsecSArefSubTable* SArefsub; - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SArefSubTable_alloc: " - "allocating %lu bytes for table %u of %u.\n", - (unsigned long) (IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES * sizeof(struct ipsec_sa *)), - table, - IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES); - - /* allocate another sub-table */ - SArefsub = vmalloc(IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES * sizeof(struct ipsec_sa *)); - if(SArefsub == NULL) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SArefSubTable_alloc: " - "error allocating memory for table %u of %u!\n", - table, - IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES); - return -ENOMEM; - } - - /* add this sub-table to the main table */ - ipsec_sadb.refTable[table] = SArefsub; - - /* initialise each element to NULL */ - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SArefSubTable_alloc: " - "initialising %u elements (2 ^ %u) of table %u.\n", - IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES, - IPSEC_SA_REF_SUBTABLE_IDX_WIDTH, - table); - for(entry = 0; entry < IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES; entry++) { - SArefsub->entry[entry] = NULL; - } - - return 0; -} -#endif /* IPSEC_SA_REF_CODE */ - -int -ipsec_saref_freelist_init(void) -{ - int i; - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_saref_freelist_init: " - "initialising %u elements of FreeList.\n", - IPSEC_SA_REF_FREELIST_NUM_ENTRIES); - - for(i = 0; i < IPSEC_SA_REF_FREELIST_NUM_ENTRIES; i++) { - ipsec_sadb.refFreeList[i] = IPSEC_SAREF_NULL; - } - ipsec_sadb.refFreeListHead = -1; - ipsec_sadb.refFreeListCont = 0; - ipsec_sadb.refFreeListTail = -1; - - return 0; -} - -int -ipsec_sadb_init(void) -{ - int error = 0; - unsigned i; - - for(i = 0; i < SADB_HASHMOD; i++) { - ipsec_sadb_hash[i] = NULL; - } - /* parts above are for the old style SADB hash table */ - - -#if IPSEC_SA_REF_CODE - /* initialise SA reference table */ - - /* initialise the main table */ - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_init: " - "initialising main table of size %u (2 ^ %u).\n", - IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES, - IPSEC_SA_REF_MAINTABLE_IDX_WIDTH); - { - unsigned table; - for(table = 0; table < IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES; table++) { - ipsec_sadb.refTable[table] = NULL; - } - } - - /* allocate the first sub-table */ - error = ipsec_SArefSubTable_alloc(0); - if(error) { - return error; - } - - error = ipsec_saref_freelist_init(); -#endif /* IPSEC_SA_REF_CODE */ - return error; -} - -#if IPSEC_SA_REF_CODE -IPsecSAref_t -ipsec_SAref_alloc(int*error) /* pass in error var by pointer */ -{ - IPsecSAref_t SAref; - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_alloc: " - "SAref requested... head=%d, cont=%d, tail=%d, listsize=%d.\n", - ipsec_sadb.refFreeListHead, - ipsec_sadb.refFreeListCont, - ipsec_sadb.refFreeListTail, - IPSEC_SA_REF_FREELIST_NUM_ENTRIES); - - if(ipsec_sadb.refFreeListHead == -1) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_alloc: " - "FreeList empty, recycling...\n"); - *error = ipsec_SAref_recycle(); - if(*error) { - return IPSEC_SAREF_NULL; - } - } - - SAref = ipsec_sadb.refFreeList[ipsec_sadb.refFreeListHead]; - if(SAref == IPSEC_SAREF_NULL) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_alloc: " - "unexpected error, refFreeListHead = %d points to invalid entry.\n", - ipsec_sadb.refFreeListHead); - *error = -ESPIPE; - return IPSEC_SAREF_NULL; - } - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_alloc: " - "allocating SAref=%d, table=%u, entry=%u of %u.\n", - SAref, - IPsecSAref2table(SAref), - IPsecSAref2entry(SAref), - IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES * IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES); - - ipsec_sadb.refFreeList[ipsec_sadb.refFreeListHead] = IPSEC_SAREF_NULL; - ipsec_sadb.refFreeListHead++; - if(ipsec_sadb.refFreeListHead > ipsec_sadb.refFreeListTail) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_SAref_alloc: " - "last FreeList entry allocated, resetting list head to empty.\n"); - ipsec_sadb.refFreeListHead = -1; - } - - return SAref; -} -#endif /* IPSEC_SA_REF_CODE */ - -int -ipsec_sa_print(struct ipsec_sa *ips) -{ - char sa[SATOA_BUF]; - size_t sa_len; - - printk(KERN_INFO "klips_debug: SA:"); - if(ips == NULL) { - printk("NULL\n"); - return -ENOENT; - } - printk(" ref=%d", ips->ips_ref); - printk(" refcount=%d", atomic_read(&ips->ips_refcount)); - if(ips->ips_hnext != NULL) { - printk(" hnext=0p%p", ips->ips_hnext); - } - if(ips->ips_inext != NULL) { - printk(" inext=0p%p", ips->ips_inext); - } - if(ips->ips_onext != NULL) { - printk(" onext=0p%p", ips->ips_onext); - } - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - printk(" said=%s", sa_len ? sa : " (error)"); - if(ips->ips_seq) { - printk(" seq=%u", ips->ips_seq); - } - if(ips->ips_pid) { - printk(" pid=%u", ips->ips_pid); - } - if(ips->ips_authalg) { - printk(" authalg=%u", ips->ips_authalg); - } - if(ips->ips_encalg) { - printk(" encalg=%u", ips->ips_encalg); - } - printk(" XFORM=%s%s%s", IPS_XFORM_NAME(ips)); - if(ips->ips_replaywin) { - printk(" ooowin=%u", ips->ips_replaywin); - } - if(ips->ips_flags) { - printk(" flags=%u", ips->ips_flags); - } - if(ips->ips_addr_s) { - char buf[SUBNETTOA_BUF]; - addrtoa(((struct sockaddr_in*)(ips->ips_addr_s))->sin_addr, - 0, buf, sizeof(buf)); - printk(" src=%s", buf); - } - if(ips->ips_addr_d) { - char buf[SUBNETTOA_BUF]; - addrtoa(((struct sockaddr_in*)(ips->ips_addr_s))->sin_addr, - 0, buf, sizeof(buf)); - printk(" dst=%s", buf); - } - if(ips->ips_addr_p) { - char buf[SUBNETTOA_BUF]; - addrtoa(((struct sockaddr_in*)(ips->ips_addr_p))->sin_addr, - 0, buf, sizeof(buf)); - printk(" proxy=%s", buf); - } - if(ips->ips_key_bits_a) { - printk(" key_bits_a=%u", ips->ips_key_bits_a); - } - if(ips->ips_key_bits_e) { - printk(" key_bits_e=%u", ips->ips_key_bits_e); - } - - printk("\n"); - return 0; -} - -struct ipsec_sa* -ipsec_sa_alloc(int*error) /* pass in error var by pointer */ -{ - struct ipsec_sa* ips; - - if((ips = kmalloc(sizeof(*ips), GFP_ATOMIC) ) == NULL) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_alloc: " - "memory allocation error\n"); - *error = -ENOMEM; - return NULL; - } - memset((caddr_t)ips, 0, sizeof(*ips)); -#if IPSEC_SA_REF_CODE - ips->ips_ref = ipsec_SAref_alloc(error); /* pass in error return by pointer */ - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_alloc: " - "allocated %lu bytes for ipsec_sa struct=0p%p ref=%d.\n", - (unsigned long) sizeof(*ips), - ips, - ips->ips_ref); - if(ips->ips_ref == IPSEC_SAREF_NULL) { - kfree(ips); - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_alloc: " - "SAref allocation error\n"); - return NULL; - } - - atomic_inc(&ips->ips_refcount); - IPsecSAref2SA(ips->ips_ref) = ips; -#endif /* IPSEC_SA_REF_CODE */ - - *error = 0; - return(ips); -} - -int -ipsec_sa_free(struct ipsec_sa* ips) -{ - return ipsec_sa_wipe(ips); -} - -struct ipsec_sa * -ipsec_sa_getbyid(struct sa_id *said) -{ - int hashval; - struct ipsec_sa *ips; - char sa[SATOA_BUF]; - size_t sa_len; - - if(said == NULL) { - KLIPS_PRINT(debug_xform, - "klips_error:ipsec_sa_getbyid: " - "null pointer passed in!\n"); - return NULL; - } - - sa_len = satoa(*said, 0, sa, SATOA_BUF); - - hashval = (said->spi+said->dst.s_addr+said->proto) % SADB_HASHMOD; - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_getbyid: " - "linked entry in ipsec_sa table for hash=%d of SA:%s requested.\n", - hashval, - sa_len ? sa : " (error)"); - - if((ips = ipsec_sadb_hash[hashval]) == NULL) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_getbyid: " - "no entries in ipsec_sa table for hash=%d of SA:%s.\n", - hashval, - sa_len ? sa : " (error)"); - return NULL; - } - - for (; ips; ips = ips->ips_hnext) { - if ((ips->ips_said.spi == said->spi) && - (ips->ips_said.dst.s_addr == said->dst.s_addr) && - (ips->ips_said.proto == said->proto)) { - atomic_inc(&ips->ips_refcount); - return ips; - } - } - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_getbyid: " - "no entry in linked list for hash=%d of SA:%s.\n", - hashval, - sa_len ? sa : " (error)"); - return NULL; -} - -int -ipsec_sa_put(struct ipsec_sa *ips) -{ - char sa[SATOA_BUF]; - size_t sa_len; - - if(ips == NULL) { - KLIPS_PRINT(debug_xform, - "klips_error:ipsec_sa_put: " - "null pointer passed in!\n"); - return -1; - } - - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_put: " - "ipsec_sa SA:%s, ref:%d reference count decremented.\n", - sa_len ? sa : " (error)", - ips->ips_ref); - - atomic_dec(&ips->ips_refcount); - - return 0; -} - -/* - The ipsec_sa table better *NOT* be locked before it is handed in, or SMP locks will happen -*/ -int -ipsec_sa_add(struct ipsec_sa *ips) -{ - int error = 0; - unsigned int hashval; - - if(ips == NULL) { - KLIPS_PRINT(debug_xform, - "klips_error:ipsec_sa_add: " - "null pointer passed in!\n"); - return -ENODATA; - } - hashval = ((ips->ips_said.spi + ips->ips_said.dst.s_addr + ips->ips_said.proto) % SADB_HASHMOD); - - atomic_inc(&ips->ips_refcount); - spin_lock_bh(&tdb_lock); - - ips->ips_hnext = ipsec_sadb_hash[hashval]; - ipsec_sadb_hash[hashval] = ips; - - spin_unlock_bh(&tdb_lock); - - return error; -} - -/* - The ipsec_sa table better be locked before it is handed in, or races might happen -*/ -int -ipsec_sa_del(struct ipsec_sa *ips) -{ - unsigned int hashval; - struct ipsec_sa *ipstp; - char sa[SATOA_BUF]; - size_t sa_len; - - if(ips == NULL) { - KLIPS_PRINT(debug_xform, - "klips_error:ipsec_sa_del: " - "null pointer passed in!\n"); - return -ENODATA; - } - - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - if(ips->ips_inext || ips->ips_onext) { - KLIPS_PRINT(debug_xform, - "klips_error:ipsec_sa_del: " - "SA:%s still linked!\n", - sa_len ? sa : " (error)"); - return -EMLINK; - } - - hashval = ((ips->ips_said.spi + ips->ips_said.dst.s_addr + ips->ips_said.proto) % SADB_HASHMOD); - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_del: " - "deleting SA:%s, hashval=%d.\n", - sa_len ? sa : " (error)", - hashval); - if(ipsec_sadb_hash[hashval] == NULL) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_del: " - "no entries in ipsec_sa table for hash=%d of SA:%s.\n", - hashval, - sa_len ? sa : " (error)"); - return -ENOENT; - } - - if (ips == ipsec_sadb_hash[hashval]) { - ipsec_sadb_hash[hashval] = ipsec_sadb_hash[hashval]->ips_hnext; - ips->ips_hnext = NULL; - atomic_dec(&ips->ips_refcount); - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_del: " - "successfully deleted first ipsec_sa in chain.\n"); - return 0; - } else { - for (ipstp = ipsec_sadb_hash[hashval]; - ipstp; - ipstp = ipstp->ips_hnext) { - if (ipstp->ips_hnext == ips) { - ipstp->ips_hnext = ips->ips_hnext; - ips->ips_hnext = NULL; - atomic_dec(&ips->ips_refcount); - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_del: " - "successfully deleted link in ipsec_sa chain.\n"); - return 0; - } - } - } - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_del: " - "no entries in linked list for hash=%d of SA:%s.\n", - hashval, - sa_len ? sa : " (error)"); - return -ENOENT; -} - -/* - The ipsec_sa table better be locked before it is handed in, or races - might happen -*/ -int -ipsec_sa_delchain(struct ipsec_sa *ips) -{ - struct ipsec_sa *ipsdel; - int error = 0; - char sa[SATOA_BUF]; - size_t sa_len; - - if(ips == NULL) { - KLIPS_PRINT(debug_xform, - "klips_error:ipsec_sa_delchain: " - "null pointer passed in!\n"); - return -ENODATA; - } - - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_delchain: " - "passed SA:%s\n", - sa_len ? sa : " (error)"); - while(ips->ips_onext != NULL) { - ips = ips->ips_onext; - } - - while(ips) { - /* XXX send a pfkey message up to advise of deleted ipsec_sa */ - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_delchain: " - "unlinking and delting SA:%s", - sa_len ? sa : " (error)"); - ipsdel = ips; - ips = ips->ips_inext; - if(ips != NULL) { - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - ", inext=%s", - sa_len ? sa : " (error)"); - atomic_dec(&ipsdel->ips_refcount); - ipsdel->ips_inext = NULL; - atomic_dec(&ips->ips_refcount); - ips->ips_onext = NULL; - } - KLIPS_PRINT(debug_xform, - ".\n"); - if((error = ipsec_sa_del(ipsdel))) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_delchain: " - "ipsec_sa_del returned error %d.\n", -error); - return error; - } - if((error = ipsec_sa_wipe(ipsdel))) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_delchain: " - "ipsec_sa_wipe returned error %d.\n", -error); - return error; - } - } - return error; -} - -int -ipsec_sadb_cleanup(__u8 proto) -{ - unsigned i; - int error = 0; - struct ipsec_sa *ips, **ipsprev, *ipsdel; - char sa[SATOA_BUF]; - size_t sa_len; - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_cleanup: " - "cleaning up proto=%d.\n", - proto); - - spin_lock_bh(&tdb_lock); - - for (i = 0; i < SADB_HASHMOD; i++) { - ipsprev = &(ipsec_sadb_hash[i]); - ips = ipsec_sadb_hash[i]; - if(ips != NULL) { - atomic_inc(&ips->ips_refcount); - } - for(; ips != NULL;) { - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_cleanup: " - "checking SA:%s, hash=%d, ref=%d", - sa_len ? sa : " (error)", - i, - ips->ips_ref); - ipsdel = ips; - ips = ipsdel->ips_hnext; - if(ips != NULL) { - atomic_inc(&ips->ips_refcount); - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - ", hnext=%s", - sa_len ? sa : " (error)"); - } - if(*ipsprev != NULL) { - sa_len = satoa((*ipsprev)->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - ", *ipsprev=%s", - sa_len ? sa : " (error)"); - if((*ipsprev)->ips_hnext) { - sa_len = satoa((*ipsprev)->ips_hnext->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - ", *ipsprev->ips_hnext=%s", - sa_len ? sa : " (error)"); - } - } - KLIPS_PRINT(debug_xform, - ".\n"); - if(proto == 0 || (proto == ipsdel->ips_said.proto)) { - sa_len = satoa(ipsdel->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_cleanup: " - "deleting SA chain:%s.\n", - sa_len ? sa : " (error)"); - if((error = ipsec_sa_delchain(ipsdel))) { - SENDERR(-error); - } - ipsprev = &(ipsec_sadb_hash[i]); - ips = ipsec_sadb_hash[i]; - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_cleanup: " - "deleted SA chain:%s", - sa_len ? sa : " (error)"); - if(ips != NULL) { - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - ", ipsec_sadb_hash[%d]=%s", - i, - sa_len ? sa : " (error)"); - } - if(*ipsprev != NULL) { - sa_len = satoa((*ipsprev)->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - ", *ipsprev=%s", - sa_len ? sa : " (error)"); - if((*ipsprev)->ips_hnext != NULL) { - sa_len = satoa((*ipsprev)->ips_hnext->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - ", *ipsprev->ips_hnext=%s", - sa_len ? sa : " (error)"); - } - } - KLIPS_PRINT(debug_xform, - ".\n"); - } else { - ipsprev = &ipsdel; - } - if(ipsdel != NULL) { - ipsec_sa_put(ipsdel); - } - } - } - errlab: - - spin_unlock_bh(&tdb_lock); - - -#if IPSEC_SA_REF_CODE - /* clean up SA reference table */ - - /* go through the ref table and clean out all the SAs */ - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_cleanup: " - "removing SAref entries and tables."); - { - unsigned table, entry; - for(table = 0; table < IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES; table++) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_cleanup: " - "cleaning SAref table=%u.\n", - table); - if(ipsec_sadb.refTable[table] == NULL) { - printk("\n"); - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_cleanup: " - "cleaned %u used refTables.\n", - table); - break; - } - for(entry = 0; entry < IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES; entry++) { - if(ipsec_sadb.refTable[table]->entry[entry] != NULL) { - ipsec_sa_delchain(ipsec_sadb.refTable[table]->entry[entry]); - ipsec_sadb.refTable[table]->entry[entry] = NULL; - } - } - } - } -#endif /* IPSEC_SA_REF_CODE */ - - return(error); -} - -int -ipsec_sadb_free(void) -{ - int error = 0; - - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_free: " - "freeing SArefTable memory.\n"); - - /* clean up SA reference table */ - - /* go through the ref table and clean out all the SAs if any are - left and free table memory */ - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_free: " - "removing SAref entries and tables.\n"); - { - unsigned table, entry; - for(table = 0; table < IPSEC_SA_REF_MAINTABLE_NUM_ENTRIES; table++) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_free: " - "removing SAref table=%u.\n", - table); - if(ipsec_sadb.refTable[table] == NULL) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sadb_free: " - "removed %u used refTables.\n", - table); - break; - } - for(entry = 0; entry < IPSEC_SA_REF_SUBTABLE_NUM_ENTRIES; entry++) { - if(ipsec_sadb.refTable[table]->entry[entry] != NULL) { - ipsec_sa_delchain(ipsec_sadb.refTable[table]->entry[entry]); - ipsec_sadb.refTable[table]->entry[entry] = NULL; - } - } - vfree(ipsec_sadb.refTable[table]); - ipsec_sadb.refTable[table] = NULL; - } - } - - return(error); -} - -int -ipsec_sa_wipe(struct ipsec_sa *ips) -{ - if(ips == NULL) { - return -ENODATA; - } - - /* if(atomic_dec_and_test(ips)) { - }; */ - -#if IPSEC_SA_REF_CODE - /* remove me from the SArefTable */ - { - char sa[SATOA_BUF]; - size_t sa_len; - sa_len = satoa(ips->ips_said, 0, sa, SATOA_BUF); - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_wipe: " - "removing SA=%s(0p%p), SAref=%d, table=%d(0p%p), entry=%d from the refTable.\n", - sa_len ? sa : " (error)", - ips, - ips->ips_ref, - IPsecSAref2table(IPsecSA2SAref(ips)), - ipsec_sadb.refTable[IPsecSAref2table(IPsecSA2SAref(ips))], - IPsecSAref2entry(IPsecSA2SAref(ips))); - } - if(ips->ips_ref == IPSEC_SAREF_NULL) { - KLIPS_PRINT(debug_xform, - "klips_debug:ipsec_sa_wipe: " - "why does this SA not have a valid SAref?.\n"); - } - ipsec_sadb.refTable[IPsecSAref2table(IPsecSA2SAref(ips))]->entry[IPsecSAref2entry(IPsecSA2SAref(ips))] = NULL; - ips->ips_ref = IPSEC_SAREF_NULL; - ipsec_sa_put(ips); -#endif /* IPSEC_SA_REF_CODE */ - - /* paranoid clean up */ - if(ips->ips_addr_s != NULL) { - memset((caddr_t)(ips->ips_addr_s), 0, ips->ips_addr_s_size); - kfree(ips->ips_addr_s); - } - ips->ips_addr_s = NULL; - - if(ips->ips_addr_d != NULL) { - memset((caddr_t)(ips->ips_addr_d), 0, ips->ips_addr_d_size); - kfree(ips->ips_addr_d); - } - ips->ips_addr_d = NULL; - - if(ips->ips_addr_p != NULL) { - memset((caddr_t)(ips->ips_addr_p), 0, ips->ips_addr_p_size); - kfree(ips->ips_addr_p); - } - ips->ips_addr_p = NULL; - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if(ips->ips_natt_oa) { - memset((caddr_t)(ips->ips_natt_oa), 0, ips->ips_natt_oa_size); - kfree(ips->ips_natt_oa); - } - ips->ips_natt_oa = NULL; -#endif - - if(ips->ips_key_a != NULL) { - memset((caddr_t)(ips->ips_key_a), 0, ips->ips_key_a_size); - kfree(ips->ips_key_a); - } - ips->ips_key_a = NULL; - - if(ips->ips_key_e != NULL) { -#ifdef CONFIG_IPSEC_ALG - if (ips->ips_alg_enc&&ips->ips_alg_enc->ixt_e_destroy_key) { - ips->ips_alg_enc->ixt_e_destroy_key(ips->ips_alg_enc, - ips->ips_key_e); - } else { -#endif /* CONFIG_IPSEC_ALG */ - memset((caddr_t)(ips->ips_key_e), 0, ips->ips_key_e_size); - kfree(ips->ips_key_e); -#ifdef CONFIG_IPSEC_ALG - } -#endif /* CONFIG_IPSEC_ALG */ - } - ips->ips_key_e = NULL; - - if(ips->ips_iv != NULL) { - memset((caddr_t)(ips->ips_iv), 0, ips->ips_iv_size); - kfree(ips->ips_iv); - } - ips->ips_iv = NULL; - - if(ips->ips_ident_s.data != NULL) { - memset((caddr_t)(ips->ips_ident_s.data), - 0, - ips->ips_ident_s.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident)); - kfree(ips->ips_ident_s.data); - } - ips->ips_ident_s.data = NULL; - - if(ips->ips_ident_d.data != NULL) { - memset((caddr_t)(ips->ips_ident_d.data), - 0, - ips->ips_ident_d.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident)); - kfree(ips->ips_ident_d.data); - } - ips->ips_ident_d.data = NULL; - -#ifdef CONFIG_IPSEC_ALG - if (ips->ips_alg_enc||ips->ips_alg_auth) { - ipsec_alg_sa_wipe(ips); - } -#endif /* CONFIG_IPSEC_ALG */ - - memset((caddr_t)ips, 0, sizeof(*ips)); - kfree(ips); - ips = NULL; - - return 0; -} diff --git a/linux/net/ipsec/ipsec_sha1.c b/linux/net/ipsec/ipsec_sha1.c deleted file mode 100644 index 389a55b06..000000000 --- a/linux/net/ipsec/ipsec_sha1.c +++ /dev/null @@ -1,219 +0,0 @@ -/* - * RCSID $Id: ipsec_sha1.c,v 1.1 2004/03/15 20:35:26 as Exp $ - */ - -/* - * The rest of the code is derived from sha1.c by Steve Reid, which is - * public domain. - * Minor cosmetic changes to accomodate it in the Linux kernel by ji. - */ - -#include -#include - -#include "freeswan/ipsec_sha1.h" - -#if defined(rol) -#undef rol -#endif - -#define SHA1HANDSOFF - -#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) - -/* blk0() and blk() perform the initial expand. */ -/* I got the idea of expanding during the round function from SSLeay */ -#ifdef __LITTLE_ENDIAN -#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ - |(rol(block->l[i],8)&0x00FF00FF)) -#else -#define blk0(i) block->l[i] -#endif -#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ - ^block->l[(i+2)&15]^block->l[i&15],1)) - -/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ -#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); -#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); -#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); - - -/* Hash a single 512-bit block. This is the core of the algorithm. */ - -void SHA1Transform(__u32 state[5], __u8 buffer[64]) -{ -__u32 a, b, c, d, e; -typedef union { - unsigned char c[64]; - __u32 l[16]; -} CHAR64LONG16; -CHAR64LONG16* block; -#ifdef SHA1HANDSOFF -static unsigned char workspace[64]; - block = (CHAR64LONG16*)workspace; - memcpy(block, buffer, 64); -#else - block = (CHAR64LONG16*)buffer; -#endif - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - /* Wipe variables */ - a = b = c = d = e = 0; -} - - -/* SHA1Init - Initialize new context */ - -void SHA1Init(void *vcontext) -{ - SHA1_CTX* context = vcontext; - - /* SHA1 initialization constants */ - context->state[0] = 0x67452301; - context->state[1] = 0xEFCDAB89; - context->state[2] = 0x98BADCFE; - context->state[3] = 0x10325476; - context->state[4] = 0xC3D2E1F0; - context->count[0] = context->count[1] = 0; -} - - -/* Run your data through this. */ - -void SHA1Update(void *vcontext, unsigned char* data, __u32 len) -{ - SHA1_CTX* context = vcontext; - __u32 i, j; - - j = context->count[0]; - if ((context->count[0] += len << 3) < j) - context->count[1]++; - context->count[1] += (len>>29); - j = (j >> 3) & 63; - if ((j + len) > 63) { - memcpy(&context->buffer[j], data, (i = 64-j)); - SHA1Transform(context->state, context->buffer); - for ( ; i + 63 < len; i += 64) { - SHA1Transform(context->state, &data[i]); - } - j = 0; - } - else i = 0; - memcpy(&context->buffer[j], &data[i], len - i); -} - - -/* Add padding and return the message digest. */ - -void SHA1Final(unsigned char digest[20], void *vcontext) -{ - __u32 i, j; - unsigned char finalcount[8]; - SHA1_CTX* context = vcontext; - - for (i = 0; i < 8; i++) { - finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] - >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ - } - SHA1Update(context, (unsigned char *)"\200", 1); - while ((context->count[0] & 504) != 448) { - SHA1Update(context, (unsigned char *)"\0", 1); - } - SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ - for (i = 0; i < 20; i++) { - digest[i] = (unsigned char) - ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); - } - /* Wipe variables */ - i = j = 0; - memset(context->buffer, 0, 64); - memset(context->state, 0, 20); - memset(context->count, 0, 8); - memset(&finalcount, 0, 8); -#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */ - SHA1Transform(context->state, context->buffer); -#endif -} - - -/* - * $Log: ipsec_sha1.c,v $ - * Revision 1.1 2004/03/15 20:35:26 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.8 2002/09/10 01:45:14 mcr - * changed type of MD5_CTX and SHA1_CTX to void * so that - * the function prototypes would match, and could be placed - * into a pointer to a function. - * - * Revision 1.7 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.6 2002/04/24 07:36:30 mcr - * Moved from ./klips/net/ipsec/ipsec_sha1.c,v - * - * Revision 1.5 1999/12/13 13:59:13 rgb - * Quick fix to argument size to Update bugs. - * - * Revision 1.4 1999/04/11 00:29:00 henry - * GPL boilerplate - * - * Revision 1.3 1999/04/06 04:54:27 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - * Revision 1.2 1999/01/22 06:55:50 rgb - * 64-bit clean-up. - * - * Revision 1.1 1998/06/18 21:27:50 henry - * move sources from klips/src to klips/net/ipsec, to keep stupid - * kernel-build scripts happier in the presence of symlinks - * - * Revision 1.2 1998/04/23 20:54:04 rgb - * Fixed md5 and sha1 include file nesting issues, to be cleaned up when - * verified. - * - * Revision 1.1 1998/04/09 03:06:11 henry - * sources moved up from linux/net/ipsec - * - * Revision 1.1.1.1 1998/04/08 05:35:05 henry - * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8 - * - * Revision 0.4 1997/01/15 01:28:15 ji - * New transform - * - * - */ diff --git a/linux/net/ipsec/ipsec_tunnel.c b/linux/net/ipsec/ipsec_tunnel.c deleted file mode 100644 index de86843bb..000000000 --- a/linux/net/ipsec/ipsec_tunnel.c +++ /dev/null @@ -1,1671 +0,0 @@ -/* - * IPSEC Tunneling code. Heavily based on drivers/net/new_tunnel.c - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -char ipsec_tunnel_c_version[] = "RCSID $Id: ipsec_tunnel.c,v 1.4 2005/06/16 21:21:02 as Exp $"; - -#define __NO_VERSION__ -#include -#include /* for CONFIG_IP_FORWARD */ -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include /* struct tcphdr */ -#include /* struct udphdr */ -#include -#include -#ifdef NET_21 -# include -# include -# define ip_chk_addr inet_addr_type -# define IS_MYADDR RTN_LOCAL -# include -# undef dev_kfree_skb -# define dev_kfree_skb(a,b) kfree_skb(a) -# define PHYSDEV_TYPE -#endif /* NET_21 */ -#include -#include /* icmp_send() */ -#include -#ifdef NETDEV_23 -# include -#endif /* NETDEV_23 */ - -#include - -#include "freeswan/radij.h" -#include "freeswan/ipsec_life.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_eroute.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_sa.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_xmit.h" -#include "freeswan/ipsec_ipe4.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" - -#include -#include - -#include "freeswan/ipsec_proto.h" -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -#include -#endif - -static __u32 zeroes[64]; - -#ifdef CONFIG_IPSEC_DEBUG -int debug_tunnel = 0; -#endif /* CONFIG_IPSEC_DEBUG */ - -DEBUG_NO_STATIC int -ipsec_tunnel_open(struct device *dev) -{ - struct ipsecpriv *prv = dev->priv; - - /* - * Can't open until attached. - */ - - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_open: " - "dev = %s, prv->dev = %s\n", - dev->name, prv->dev?prv->dev->name:"NONE"); - - if (prv->dev == NULL) - return -ENODEV; - - MOD_INC_USE_COUNT; - return 0; -} - -DEBUG_NO_STATIC int -ipsec_tunnel_close(struct device *dev) -{ - MOD_DEC_USE_COUNT; - return 0; -} - -#ifdef NETDEV_23 -static inline int ipsec_tunnel_xmit2(struct sk_buff *skb) -{ -#ifdef NETDEV_25 /* 2.6 kernels */ - return dst_output(skb); -#else - return ip_send(skb); -#endif -} -#endif /* NETDEV_23 */ - -enum ipsec_xmit_value -ipsec_tunnel_strip_hard_header(struct ipsec_xmit_state *ixs) -{ - /* ixs->physdev->hard_header_len is unreliable and should not be used */ - ixs->hard_header_len = (unsigned char *)(ixs->iph) - ixs->skb->data; - - if(ixs->hard_header_len < 0) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_error:ipsec_xmit_strip_hard_header: " - "Negative hard_header_len (%d)?!\n", ixs->hard_header_len); - ixs->stats->tx_dropped++; - return IPSEC_XMIT_BADHHLEN; - } - - /* while ixs->physdev->hard_header_len is unreliable and - * should not be trusted, it accurate and required for ATM, GRE and - * some other interfaces to work. Thanks to Willy Tarreau - * . - */ - if(ixs->hard_header_len == 0) { /* no hard header present */ - ixs->hard_header_stripped = 1; - ixs->hard_header_len = ixs->physdev->hard_header_len; - } - -#ifdef CONFIG_IPSEC_DEBUG - if (debug_tunnel & DB_TN_XMIT) { - int i; - char c; - - printk(KERN_INFO "klips_debug:ipsec_xmit_strip_hard_header: " - ">>> skb->len=%ld hard_header_len:%d", - (unsigned long int)ixs->skb->len, ixs->hard_header_len); - c = ' '; - for (i=0; i < ixs->hard_header_len; i++) { - printk("%c%02x", c, ixs->skb->data[i]); - c = ':'; - } - printk(" \n"); - } -#endif /* CONFIG_IPSEC_DEBUG */ - - KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, ixs->iph); - - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_strip_hard_header: " - "Original head,tailroom: %d,%d\n", - skb_headroom(ixs->skb), skb_tailroom(ixs->skb)); - - return IPSEC_XMIT_OK; -} - -enum ipsec_xmit_value -ipsec_tunnel_SAlookup(struct ipsec_xmit_state *ixs) -{ - /* - * First things first -- look us up in the erouting tables. - */ - ixs->matcher.sen_len = sizeof (struct sockaddr_encap); - ixs->matcher.sen_family = AF_ENCAP; - ixs->matcher.sen_type = SENT_IP4; - ixs->matcher.sen_ip_src.s_addr = ixs->iph->saddr; - ixs->matcher.sen_ip_dst.s_addr = ixs->iph->daddr; - ixs->matcher.sen_proto = ixs->iph->protocol; - ipsec_extract_ports(ixs->iph, &ixs->matcher); - - /* - * The spinlock is to prevent any other process from accessing or deleting - * the eroute while we are using and updating it. - */ - spin_lock(&eroute_lock); - - ixs->eroute = ipsec_findroute(&ixs->matcher); - - if(ixs->iph->protocol == IPPROTO_UDP) { - if(ixs->skb->sk) { - ixs->sport=ntohs(ixs->skb->sk->sport); - ixs->dport=ntohs(ixs->skb->sk->dport); - } else if((ntohs(ixs->iph->frag_off) & IP_OFFSET) == 0 && - ((ixs->skb->len - ixs->hard_header_len) >= - ((ixs->iph->ihl << 2) + sizeof(struct udphdr)))) { - ixs->sport=ntohs(((struct udphdr*)((caddr_t)ixs->iph+(ixs->iph->ihl<<2)))->source); - ixs->dport=ntohs(((struct udphdr*)((caddr_t)ixs->iph + (ixs->iph->ihl<<2)))->dest); - } else { - ixs->sport=0; ixs->dport=0; - } - } - - /* default to a %drop eroute */ - ixs->outgoing_said.proto = IPPROTO_INT; - ixs->outgoing_said.spi = htonl(SPI_DROP); - ixs->outgoing_said.dst.s_addr = INADDR_ANY; - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_SAlookup: " - "checking for local udp/500 IKE packet " - "saddr=%x, er=0p%p, daddr=%x, er_dst=%x, proto=%d sport=%d dport=%d\n", - ntohl((unsigned int)ixs->iph->saddr), - ixs->eroute, - ntohl((unsigned int)ixs->iph->daddr), - ixs->eroute ? ntohl((unsigned int)ixs->eroute->er_said.dst.s_addr) : 0, - ixs->iph->protocol, - ixs->sport, - ixs->dport); - - /* - * Quick cheat for now...are we udp/500 or udp/4500? If so, let it through - * without interference since it is most likely an IKE packet. - */ - - if (ip_chk_addr((unsigned long)ixs->iph->saddr) == IS_MYADDR - && (!ixs->eroute - || ixs->iph->daddr == ixs->eroute->er_said.dst.s_addr - || INADDR_ANY == ixs->eroute->er_said.dst.s_addr) - && ((ixs->sport == 500) || (ixs->sport == 4500))) { - /* Whatever the eroute, this is an IKE message - * from us (i.e. not being forwarded). - * Furthermore, if there is a tunnel eroute, - * the destination is the peer for this eroute. - * So %pass the packet: modify the default %drop. - */ - ixs->outgoing_said.spi = htonl(SPI_PASS); - if(!(ixs->skb->sk) && ((ntohs(ixs->iph->frag_off) & IP_MF) != 0)) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_SAlookup: " - "local UDP/500 (probably IKE) passthrough: base fragment, rest of fragments will probably get filtered.\n"); - } - } else if (ixs->eroute) { - ixs->eroute->er_count++; - ixs->eroute->er_lasttime = jiffies/HZ; - if(ixs->eroute->er_said.proto==IPPROTO_INT - && ixs->eroute->er_said.spi==htonl(SPI_HOLD)) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_SAlookup: " - "shunt SA of HOLD: skb stored in HOLD.\n"); - if(ixs->eroute->er_last != NULL) { - kfree_skb(ixs->eroute->er_last); - } - ixs->eroute->er_last = ixs->skb; - ixs->skb = NULL; - ixs->stats->tx_dropped++; - spin_unlock(&eroute_lock); - return IPSEC_XMIT_STOLEN; - } - ixs->outgoing_said = ixs->eroute->er_said; - ixs->eroute_pid = ixs->eroute->er_pid; - /* Copy of the ident for the TRAP/TRAPSUBNET eroutes */ - if(ixs->outgoing_said.proto==IPPROTO_INT - && (ixs->outgoing_said.spi==htonl(SPI_TRAP) - || (ixs->outgoing_said.spi==htonl(SPI_TRAPSUBNET)))) { - int len; - - ixs->ips.ips_ident_s.type = ixs->eroute->er_ident_s.type; - ixs->ips.ips_ident_s.id = ixs->eroute->er_ident_s.id; - ixs->ips.ips_ident_s.len = ixs->eroute->er_ident_s.len; - if (ixs->ips.ips_ident_s.len) { - len = ixs->ips.ips_ident_s.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_SAlookup: " - "allocating %d bytes for ident_s shunt SA of HOLD: skb stored in HOLD.\n", - len); - if ((ixs->ips.ips_ident_s.data = kmalloc(len, GFP_ATOMIC)) == NULL) { - printk(KERN_WARNING "klips_debug:ipsec_xmit_SAlookup: " - "Failed, tried to allocate %d bytes for source ident.\n", - len); - ixs->stats->tx_dropped++; - spin_unlock(&eroute_lock); - return IPSEC_XMIT_ERRMEMALLOC; - } - memcpy(ixs->ips.ips_ident_s.data, ixs->eroute->er_ident_s.data, len); - } - ixs->ips.ips_ident_d.type = ixs->eroute->er_ident_d.type; - ixs->ips.ips_ident_d.id = ixs->eroute->er_ident_d.id; - ixs->ips.ips_ident_d.len = ixs->eroute->er_ident_d.len; - if (ixs->ips.ips_ident_d.len) { - len = ixs->ips.ips_ident_d.len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_SAlookup: " - "allocating %d bytes for ident_d shunt SA of HOLD: skb stored in HOLD.\n", - len); - if ((ixs->ips.ips_ident_d.data = kmalloc(len, GFP_ATOMIC)) == NULL) { - printk(KERN_WARNING "klips_debug:ipsec_xmit_SAlookup: " - "Failed, tried to allocate %d bytes for dest ident.\n", - len); - ixs->stats->tx_dropped++; - spin_unlock(&eroute_lock); - return IPSEC_XMIT_ERRMEMALLOC; - } - memcpy(ixs->ips.ips_ident_d.data, ixs->eroute->er_ident_d.data, len); - } - } - } - - spin_unlock(&eroute_lock); - return IPSEC_XMIT_OK; -} - -enum ipsec_xmit_value -ipsec_tunnel_restore_hard_header(struct ipsec_xmit_state*ixs) -{ - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_restore_hard_header: " - "After recursive xforms -- head,tailroom: %d,%d\n", - skb_headroom(ixs->skb), - skb_tailroom(ixs->skb)); - - if(ixs->saved_header) { - if(skb_headroom(ixs->skb) < ixs->hard_header_len) { - printk(KERN_WARNING - "klips_error:ipsec_xmit_restore_hard_header: " - "tried to skb_push hhlen=%d, %d available. This should never happen, please report.\n", - ixs->hard_header_len, - skb_headroom(ixs->skb)); - ixs->stats->tx_errors++; - return IPSEC_XMIT_PUSHPULLERR; - - } - skb_push(ixs->skb, ixs->hard_header_len); - { - int i; - for (i = 0; i < ixs->hard_header_len; i++) { - ixs->skb->data[i] = ixs->saved_header[i]; - } - } - } -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if (ixs->natt_type && ixs->natt_head) { - struct iphdr *ipp = ixs->skb->nh.iph; - struct udphdr *udp; - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_tunnel_start_xmit: " - "encapsulating packet into UDP (NAT-Traversal) (%d %d)\n", - ixs->natt_type, ixs->natt_head); - ixs->iphlen = ipp->ihl << 2; - ipp->tot_len = - htons(ntohs(ipp->tot_len) + ixs->natt_head); - if(skb_tailroom(ixs->skb) < ixs->natt_head) { - printk(KERN_WARNING "klips_error:ipsec_tunnel_start_xmit: " - "tried to skb_put %d, %d available. " - "This should never happen, please report.\n", - ixs->natt_head, - skb_tailroom(ixs->skb)); - ixs->stats->tx_errors++; - return IPSEC_XMIT_ESPUDP; - } - skb_put(ixs->skb, ixs->natt_head); - udp = (struct udphdr *)((char *)ipp + ixs->iphlen); - /* move ESP hdr after UDP hdr */ - memmove((void *)((char *)udp + ixs->natt_head), - (void *)(udp), - ntohs(ipp->tot_len) - ixs->iphlen - ixs->natt_head); - /* clear UDP & Non-IKE Markers (if any) */ - memset(udp, 0, ixs->natt_head); - /* fill UDP with usefull informations ;-) */ - udp->source = htons(ixs->natt_sport); - udp->dest = htons(ixs->natt_dport); - udp->len = htons(ntohs(ipp->tot_len) - ixs->iphlen); - /* set protocol */ - ipp->protocol = IPPROTO_UDP; - /* fix IP checksum */ - ipp->check = 0; - ipp->check = ip_fast_csum((unsigned char *)ipp, ipp->ihl); - } -#endif - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_restore_hard_header: " - "With hard_header, final head,tailroom: %d,%d\n", - skb_headroom(ixs->skb), - skb_tailroom(ixs->skb)); - - return IPSEC_XMIT_OK; -} - -enum ipsec_xmit_value -ipsec_tunnel_send(struct ipsec_xmit_state*ixs) -{ -#ifdef NETDEV_25 - struct flowi fl; -#endif - -#ifdef NET_21 /* 2.2 and 2.4 kernels */ - /* new route/dst cache code from James Morris */ - ixs->skb->dev = ixs->physdev; -#ifdef NETDEV_25 - fl.oif = ixs->physdev->iflink; - fl.nl_u.ip4_u.daddr = ixs->skb->nh.iph->daddr; - fl.nl_u.ip4_u.saddr = ixs->pass ? 0 : ixs->skb->nh.iph->saddr; - fl.nl_u.ip4_u.tos = RT_TOS(ixs->skb->nh.iph->tos); - fl.proto = ixs->skb->nh.iph->protocol; - if ((ixs->error = ip_route_output_key(&ixs->route, &fl))) { -#else - /*skb_orphan(ixs->skb);*/ - if((ixs->error = ip_route_output(&ixs->route, - ixs->skb->nh.iph->daddr, - ixs->pass ? 0 : ixs->skb->nh.iph->saddr, - RT_TOS(ixs->skb->nh.iph->tos), - /* mcr->rgb: should this be 0 instead? */ - ixs->physdev->iflink))) { -#endif - ixs->stats->tx_errors++; - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_send: " - "ip_route_output failed with error code %d, rt->u.dst.dev=%s, dropped\n", - ixs->error, - ixs->route->u.dst.dev->name); - return IPSEC_XMIT_ROUTEERR; - } - if(ixs->dev == ixs->route->u.dst.dev) { - ip_rt_put(ixs->route); - /* This is recursion, drop it. */ - ixs->stats->tx_errors++; - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_send: " - "suspect recursion, dev=rt->u.dst.dev=%s, dropped\n", - ixs->dev->name); - return IPSEC_XMIT_RECURSDETECT; - } - dst_release(ixs->skb->dst); - ixs->skb->dst = &ixs->route->u.dst; - ixs->stats->tx_bytes += ixs->skb->len; - if(ixs->skb->len < ixs->skb->nh.raw - ixs->skb->data) { - ixs->stats->tx_errors++; - printk(KERN_WARNING - "klips_error:ipsec_xmit_send: " - "tried to __skb_pull nh-data=%ld, %d available. This should never happen, please report.\n", - (unsigned long)(ixs->skb->nh.raw - ixs->skb->data), - ixs->skb->len); - return IPSEC_XMIT_PUSHPULLERR; - } - __skb_pull(ixs->skb, ixs->skb->nh.raw - ixs->skb->data); -#ifdef SKB_RESET_NFCT - if(!ixs->pass) { - nf_conntrack_put(ixs->skb->nfct); - ixs->skb->nfct = NULL; - } -#ifdef CONFIG_NETFILTER_DEBUG - ixs->skb->nf_debug = 0; -#endif /* CONFIG_NETFILTER_DEBUG */ -#endif /* SKB_RESET_NFCT */ - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_send: " - "...done, calling ip_send() on device:%s\n", - ixs->skb->dev ? ixs->skb->dev->name : "NULL"); - KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, ixs->skb->nh.iph); -#ifdef NETDEV_23 /* 2.4 kernels */ - { - int err; - - err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, ixs->skb, NULL, ixs->route->u.dst.dev, - ipsec_tunnel_xmit2); - if(err != NET_XMIT_SUCCESS && err != NET_XMIT_CN) { - if(net_ratelimit()) - printk(KERN_ERR - "klips_error:ipsec_xmit_send: " - "ip_send() failed, err=%d\n", - -err); - ixs->stats->tx_errors++; - ixs->stats->tx_aborted_errors++; - ixs->skb = NULL; - return IPSEC_XMIT_IPSENDFAILURE; - } - } -#else /* NETDEV_23 */ /* 2.2 kernels */ - ip_send(ixs->skb); -#endif /* NETDEV_23 */ -#else /* NET_21 */ /* 2.0 kernels */ - ixs->skb->arp = 1; - /* ISDN/ASYNC PPP from Matjaz Godec. */ - /* skb->protocol = htons(ETH_P_IP); */ - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_send: " - "...done, calling dev_queue_xmit() or ip_fragment().\n"); - IP_SEND(ixs->skb, ixs->physdev); -#endif /* NET_21 */ - ixs->stats->tx_packets++; - - ixs->skb = NULL; - - return IPSEC_XMIT_OK; -} - -void -ipsec_tunnel_cleanup(struct ipsec_xmit_state*ixs) -{ -#if defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) - netif_wake_queue(ixs->dev); -#else /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */ - ixs->dev->tbusy = 0; -#endif /* defined(HAS_NETIF_QUEUE) || defined (HAVE_NETIF_QUEUE) */ - if(ixs->saved_header) { - kfree(ixs->saved_header); - } - if(ixs->skb) { - dev_kfree_skb(ixs->skb, FREE_WRITE); - } - if(ixs->oskb) { - dev_kfree_skb(ixs->oskb, FREE_WRITE); - } - if (ixs->ips.ips_ident_s.data) { - kfree(ixs->ips.ips_ident_s.data); - } - if (ixs->ips.ips_ident_d.data) { - kfree(ixs->ips.ips_ident_d.data); - } -} - -/* - * This function assumes it is being called from dev_queue_xmit() - * and that skb is filled properly by that function. - */ -int -ipsec_tunnel_start_xmit(struct sk_buff *skb, struct device *dev) -{ - struct ipsec_xmit_state ixs_mem; - struct ipsec_xmit_state *ixs = &ixs_mem; - enum ipsec_xmit_value stat; - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - ixs->natt_type = 0, ixs->natt_head = 0; - ixs->natt_sport = 0, ixs->natt_dport = 0; -#endif - - memset((caddr_t)ixs, 0, sizeof(*ixs)); - ixs->oskb = NULL; - ixs->saved_header = NULL; /* saved copy of the hard header */ - ixs->route = NULL; - memset((caddr_t)&(ixs->ips), 0, sizeof(ixs->ips)); - ixs->dev = dev; - ixs->skb = skb; - - stat = ipsec_xmit_sanity_check_dev(ixs); - if(stat != IPSEC_XMIT_OK) { - goto cleanup; - } - - stat = ipsec_xmit_sanity_check_skb(ixs); - if(stat != IPSEC_XMIT_OK) { - goto cleanup; - } - - stat = ipsec_tunnel_strip_hard_header(ixs); - if(stat != IPSEC_XMIT_OK) { - goto cleanup; - } - - stat = ipsec_tunnel_SAlookup(ixs); - if(stat != IPSEC_XMIT_OK) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_tunnel_start_xmit: SAlookup failed: %d\n", - stat); - goto cleanup; - } - - ixs->innersrc = ixs->iph->saddr; - /* start encapsulation loop here XXX */ - do { - stat = ipsec_xmit_encap_bundle(ixs); - if(stat != IPSEC_XMIT_OK) { - if(stat == IPSEC_XMIT_PASS) { - goto bypass; - } - - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_tunnel_start_xmit: encap_bundle failed: %d\n", - stat); - goto cleanup; - } - - ixs->matcher.sen_ip_src.s_addr = ixs->iph->saddr; - ixs->matcher.sen_ip_dst.s_addr = ixs->iph->daddr; - ixs->matcher.sen_proto = ixs->iph->protocol; - ipsec_extract_ports(ixs->iph, &ixs->matcher); - - spin_lock(&eroute_lock); - ixs->eroute = ipsec_findroute(&ixs->matcher); - if(ixs->eroute) { - ixs->outgoing_said = ixs->eroute->er_said; - ixs->eroute_pid = ixs->eroute->er_pid; - ixs->eroute->er_count++; - ixs->eroute->er_lasttime = jiffies/HZ; - } - spin_unlock(&eroute_lock); - - KLIPS_PRINT((debug_tunnel & DB_TN_XMIT) && - /* ((ixs->orgdst != ixs->newdst) || (ixs->orgsrc != ixs->newsrc)) */ - (ixs->orgedst != ixs->outgoing_said.dst.s_addr) && - ixs->outgoing_said.dst.s_addr && - ixs->eroute, - "klips_debug:ipsec_tunnel_start_xmit: " - "We are recursing here.\n"); - - } while(/*((ixs->orgdst != ixs->newdst) || (ixs->orgsrc != ixs->newsrc))*/ - (ixs->orgedst != ixs->outgoing_said.dst.s_addr) && - ixs->outgoing_said.dst.s_addr && - ixs->eroute); - - stat = ipsec_tunnel_restore_hard_header(ixs); - if(stat != IPSEC_XMIT_OK) { - goto cleanup; - } - - bypass: - stat = ipsec_tunnel_send(ixs); - - cleanup: - ipsec_tunnel_cleanup(ixs); - - return 0; -} - -DEBUG_NO_STATIC struct net_device_stats * -ipsec_tunnel_get_stats(struct device *dev) -{ - return &(((struct ipsecpriv *)(dev->priv))->mystats); -} - -/* - * Revectored calls. - * For each of these calls, a field exists in our private structure. - */ - -DEBUG_NO_STATIC int -ipsec_tunnel_hard_header(struct sk_buff *skb, struct device *dev, - unsigned short type, void *daddr, void *saddr, unsigned len) -{ - struct ipsecpriv *prv = dev->priv; - struct device *tmp; - int ret; - struct net_device_stats *stats; /* This device's statistics */ - - if(skb == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_hard_header: " - "no skb...\n"); - return -ENODATA; - } - - if(dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_hard_header: " - "no device...\n"); - return -ENODEV; - } - - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_hard_header: " - "skb->dev=%s dev=%s.\n", - skb->dev ? skb->dev->name : "NULL", - dev->name); - - if(prv == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_hard_header: " - "no private space associated with dev=%s\n", - dev->name ? dev->name : "NULL"); - return -ENODEV; - } - - stats = (struct net_device_stats *) &(prv->mystats); - - if(prv->dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_hard_header: " - "no physical device associated with dev=%s\n", - dev->name ? dev->name : "NULL"); - stats->tx_dropped++; - return -ENODEV; - } - - /* check if we have to send a IPv6 packet. It might be a Router - Solicitation, where the building of the packet happens in - reverse order: - 1. ll hdr, - 2. IPv6 hdr, - 3. ICMPv6 hdr - -> skb->nh.raw is still uninitialized when this function is - called!! If this is no IPv6 packet, we can print debugging - messages, otherwise we skip all debugging messages and just - build the ll header */ - if(type != ETH_P_IPV6) { - /* execute this only, if we don't have to build the - header for a IPv6 packet */ - if(!prv->hard_header) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_hard_header: " - "physical device has been detached, packet dropped 0p%p->0p%p len=%d type=%d dev=%s->NULL ", - saddr, - daddr, - len, - type, - dev->name); -#ifdef NET_21 - KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->nh.iph->saddr), - (__u32)ntohl(skb->nh.iph->daddr) ); -#else /* NET_21 */ - KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->ip_hdr->saddr), - (__u32)ntohl(skb->ip_hdr->daddr) ); -#endif /* NET_21 */ - stats->tx_dropped++; - return -ENODEV; - } - -#define da ((struct device *)(prv->dev))->dev_addr - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_hard_header: " - "Revectored 0p%p->0p%p len=%d type=%d dev=%s->%s dev_addr=%02x:%02x:%02x:%02x:%02x:%02x ", - saddr, - daddr, - len, - type, - dev->name, - prv->dev->name, - da[0], da[1], da[2], da[3], da[4], da[5]); -#ifdef NET_21 - KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->nh.iph->saddr), - (__u32)ntohl(skb->nh.iph->daddr) ); -#else /* NET_21 */ - KLIPS_PRINTMORE(debug_tunnel & DB_TN_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->ip_hdr->saddr), - (__u32)ntohl(skb->ip_hdr->daddr) ); -#endif /* NET_21 */ - } else { - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_hard_header: " - "is IPv6 packet, skip debugging messages, only revector and build linklocal header.\n"); - } - tmp = skb->dev; - skb->dev = prv->dev; - ret = prv->hard_header(skb, prv->dev, type, (void *)daddr, (void *)saddr, len); - skb->dev = tmp; - return ret; -} - -DEBUG_NO_STATIC int -#ifdef NET_21 -ipsec_tunnel_rebuild_header(struct sk_buff *skb) -#else /* NET_21 */ -ipsec_tunnel_rebuild_header(void *buff, struct device *dev, - unsigned long raddr, struct sk_buff *skb) -#endif /* NET_21 */ -{ - struct ipsecpriv *prv = skb->dev->priv; - struct device *tmp; - int ret; - struct net_device_stats *stats; /* This device's statistics */ - - if(skb->dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_rebuild_header: " - "no device..."); - return -ENODEV; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_rebuild_header: " - "no private space associated with dev=%s", - skb->dev->name ? skb->dev->name : "NULL"); - return -ENODEV; - } - - stats = (struct net_device_stats *) &(prv->mystats); - - if(prv->dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_rebuild_header: " - "no physical device associated with dev=%s", - skb->dev->name ? skb->dev->name : "NULL"); - stats->tx_dropped++; - return -ENODEV; - } - - if(!prv->rebuild_header) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_rebuild_header: " - "physical device has been detached, packet dropped skb->dev=%s->NULL ", - skb->dev->name); -#ifdef NET_21 - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->nh.iph->saddr), - (__u32)ntohl(skb->nh.iph->daddr) ); -#else /* NET_21 */ - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->ip_hdr->saddr), - (__u32)ntohl(skb->ip_hdr->daddr) ); -#endif /* NET_21 */ - stats->tx_dropped++; - return -ENODEV; - } - - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel: " - "Revectored rebuild_header dev=%s->%s ", - skb->dev->name, prv->dev->name); -#ifdef NET_21 - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->nh.iph->saddr), - (__u32)ntohl(skb->nh.iph->daddr) ); -#else /* NET_21 */ - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "ip=%08x->%08x\n", - (__u32)ntohl(skb->ip_hdr->saddr), - (__u32)ntohl(skb->ip_hdr->daddr) ); -#endif /* NET_21 */ - tmp = skb->dev; - skb->dev = prv->dev; - -#ifdef NET_21 - ret = prv->rebuild_header(skb); -#else /* NET_21 */ - ret = prv->rebuild_header(buff, prv->dev, raddr, skb); -#endif /* NET_21 */ - skb->dev = tmp; - return ret; -} - -DEBUG_NO_STATIC int -ipsec_tunnel_set_mac_address(struct device *dev, void *addr) -{ - struct ipsecpriv *prv = dev->priv; - - struct net_device_stats *stats; /* This device's statistics */ - - if(dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_set_mac_address: " - "no device..."); - return -ENODEV; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_set_mac_address: " - "no private space associated with dev=%s", - dev->name ? dev->name : "NULL"); - return -ENODEV; - } - - stats = (struct net_device_stats *) &(prv->mystats); - - if(prv->dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_set_mac_address: " - "no physical device associated with dev=%s", - dev->name ? dev->name : "NULL"); - stats->tx_dropped++; - return -ENODEV; - } - - if(!prv->set_mac_address) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_set_mac_address: " - "physical device has been detached, cannot set - skb->dev=%s->NULL\n", - dev->name); - return -ENODEV; - } - - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_set_mac_address: " - "Revectored dev=%s->%s addr=0p%p\n", - dev->name, prv->dev->name, addr); - return prv->set_mac_address(prv->dev, addr); - -} - -#ifndef NET_21 -DEBUG_NO_STATIC void -ipsec_tunnel_cache_bind(struct hh_cache **hhp, struct device *dev, - unsigned short htype, __u32 daddr) -{ - struct ipsecpriv *prv = dev->priv; - - struct net_device_stats *stats; /* This device's statistics */ - - if(dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_cache_bind: " - "no device..."); - return; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_cache_bind: " - "no private space associated with dev=%s", - dev->name ? dev->name : "NULL"); - return; - } - - stats = (struct net_device_stats *) &(prv->mystats); - - if(prv->dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_cache_bind: " - "no physical device associated with dev=%s", - dev->name ? dev->name : "NULL"); - stats->tx_dropped++; - return; - } - - if(!prv->header_cache_bind) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_cache_bind: " - "physical device has been detached, cannot set - skb->dev=%s->NULL\n", - dev->name); - stats->tx_dropped++; - return; - } - - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_cache_bind: " - "Revectored \n"); - prv->header_cache_bind(hhp, prv->dev, htype, daddr); - return; -} -#endif /* !NET_21 */ - - -DEBUG_NO_STATIC void -ipsec_tunnel_cache_update(struct hh_cache *hh, struct device *dev, unsigned char * haddr) -{ - struct ipsecpriv *prv = dev->priv; - - struct net_device_stats *stats; /* This device's statistics */ - - if(dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_cache_update: " - "no device..."); - return; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_cache_update: " - "no private space associated with dev=%s", - dev->name ? dev->name : "NULL"); - return; - } - - stats = (struct net_device_stats *) &(prv->mystats); - - if(prv->dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_cache_update: " - "no physical device associated with dev=%s", - dev->name ? dev->name : "NULL"); - stats->tx_dropped++; - return; - } - - if(!prv->header_cache_update) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_cache_update: " - "physical device has been detached, cannot set - skb->dev=%s->NULL\n", - dev->name); - return; - } - - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel: " - "Revectored cache_update\n"); - prv->header_cache_update(hh, prv->dev, haddr); - return; -} - -#ifdef NET_21 -DEBUG_NO_STATIC int -ipsec_tunnel_neigh_setup(struct neighbour *n) -{ - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_neigh_setup:\n"); - - if (n->nud_state == NUD_NONE) { - n->ops = &arp_broken_ops; - n->output = n->ops->output; - } - return 0; -} - -DEBUG_NO_STATIC int -ipsec_tunnel_neigh_setup_dev(struct device *dev, struct neigh_parms *p) -{ - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_neigh_setup_dev: " - "setting up %s\n", - dev ? dev->name : "NULL"); - - if (p->tbl->family == AF_INET) { - p->neigh_setup = ipsec_tunnel_neigh_setup; - p->ucast_probes = 0; - p->mcast_probes = 0; - } - return 0; -} -#endif /* NET_21 */ - -/* - * We call the attach routine to attach another device. - */ - -DEBUG_NO_STATIC int -ipsec_tunnel_attach(struct device *dev, struct device *physdev) -{ - int i; - struct ipsecpriv *prv = dev->priv; - - if(dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_attach: " - "no device..."); - return -ENODEV; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_attach: " - "no private space associated with dev=%s", - dev->name ? dev->name : "NULL"); - return -ENODATA; - } - - prv->dev = physdev; - prv->hard_start_xmit = physdev->hard_start_xmit; - prv->get_stats = physdev->get_stats; - - if (physdev->hard_header) { - prv->hard_header = physdev->hard_header; - dev->hard_header = ipsec_tunnel_hard_header; - } else - dev->hard_header = NULL; - - if (physdev->rebuild_header) { - prv->rebuild_header = physdev->rebuild_header; - dev->rebuild_header = ipsec_tunnel_rebuild_header; - } else - dev->rebuild_header = NULL; - - if (physdev->set_mac_address) { - prv->set_mac_address = physdev->set_mac_address; - dev->set_mac_address = ipsec_tunnel_set_mac_address; - } else - dev->set_mac_address = NULL; - -#ifndef NET_21 - if (physdev->header_cache_bind) { - prv->header_cache_bind = physdev->header_cache_bind; - dev->header_cache_bind = ipsec_tunnel_cache_bind; - } else - dev->header_cache_bind = NULL; -#endif /* !NET_21 */ - - if (physdev->header_cache_update) { - prv->header_cache_update = physdev->header_cache_update; - dev->header_cache_update = ipsec_tunnel_cache_update; - } else - dev->header_cache_update = NULL; - - dev->hard_header_len = physdev->hard_header_len; - -#ifdef NET_21 -/* prv->neigh_setup = physdev->neigh_setup; */ - dev->neigh_setup = ipsec_tunnel_neigh_setup_dev; -#endif /* NET_21 */ - dev->mtu = 16260; /* 0xfff0; */ /* dev->mtu; */ - prv->mtu = physdev->mtu; - -#ifdef PHYSDEV_TYPE - dev->type = physdev->type; /* ARPHRD_TUNNEL; */ -#endif /* PHYSDEV_TYPE */ - - dev->addr_len = physdev->addr_len; - for (i=0; iaddr_len; i++) { - dev->dev_addr[i] = physdev->dev_addr[i]; - } -#ifdef CONFIG_IPSEC_DEBUG - if(debug_tunnel & DB_TN_INIT) { - printk(KERN_INFO "klips_debug:ipsec_tunnel_attach: " - "physical device %s being attached has HW address: %2x", - physdev->name, physdev->dev_addr[0]); - for (i=1; i < physdev->addr_len; i++) { - printk(":%02x", physdev->dev_addr[i]); - } - printk("\n"); - } -#endif /* CONFIG_IPSEC_DEBUG */ - - return 0; -} - -/* - * We call the detach routine to detach the ipsec tunnel from another device. - */ - -DEBUG_NO_STATIC int -ipsec_tunnel_detach(struct device *dev) -{ - int i; - struct ipsecpriv *prv = dev->priv; - - if(dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_detach: " - "no device..."); - return -ENODEV; - } - - if(prv == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_REVEC, - "klips_debug:ipsec_tunnel_detach: " - "no private space associated with dev=%s", - dev->name ? dev->name : "NULL"); - return -ENODATA; - } - - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_detach: " - "physical device %s being detached from virtual device %s\n", - prv->dev ? prv->dev->name : "NULL", - dev->name); - - ipsec_dev_put(prv->dev); - prv->dev = NULL; - prv->hard_start_xmit = NULL; - prv->get_stats = NULL; - - prv->hard_header = NULL; -#ifdef DETACH_AND_DOWN - dev->hard_header = NULL; -#endif /* DETACH_AND_DOWN */ - - prv->rebuild_header = NULL; -#ifdef DETACH_AND_DOWN - dev->rebuild_header = NULL; -#endif /* DETACH_AND_DOWN */ - - prv->set_mac_address = NULL; -#ifdef DETACH_AND_DOWN - dev->set_mac_address = NULL; -#endif /* DETACH_AND_DOWN */ - -#ifndef NET_21 - prv->header_cache_bind = NULL; -#ifdef DETACH_AND_DOWN - dev->header_cache_bind = NULL; -#endif /* DETACH_AND_DOWN */ -#endif /* !NET_21 */ - - prv->header_cache_update = NULL; -#ifdef DETACH_AND_DOWN - dev->header_cache_update = NULL; -#endif /* DETACH_AND_DOWN */ - -#ifdef NET_21 -/* prv->neigh_setup = NULL; */ -#ifdef DETACH_AND_DOWN - dev->neigh_setup = NULL; -#endif /* DETACH_AND_DOWN */ -#endif /* NET_21 */ - dev->hard_header_len = 0; -#ifdef DETACH_AND_DOWN - dev->mtu = 0; -#endif /* DETACH_AND_DOWN */ - prv->mtu = 0; - for (i=0; idev_addr[i] = 0; - } - dev->addr_len = 0; -#ifdef PHYSDEV_TYPE - dev->type = ARPHRD_VOID; /* ARPHRD_TUNNEL; */ -#endif /* PHYSDEV_TYPE */ - - return 0; -} - -/* - * We call the clear routine to detach all ipsec tunnels from other devices. - */ -DEBUG_NO_STATIC int -ipsec_tunnel_clear(void) -{ - int i; - struct device *ipsecdev = NULL, *prvdev; - struct ipsecpriv *prv; - char name[9]; - int ret; - - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_clear: .\n"); - - for(i = 0; i < IPSEC_NUM_IF; i++) { - ipsecdev = ipsecdevices[i]; - if(ipsecdev != NULL) { - if((prv = (struct ipsecpriv *)(ipsecdev->priv))) { - prvdev = (struct device *)(prv->dev); - if(prvdev) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_clear: " - "physical device for device %s is %s\n", - name, prvdev->name); - if((ret = ipsec_tunnel_detach(ipsecdev))) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_clear: " - "error %d detatching device %s from device %s.\n", - ret, name, prvdev->name); - return ret; - } - } - } - } - } - return 0; -} - -DEBUG_NO_STATIC int -ipsec_tunnel_ioctl(struct device *dev, struct ifreq *ifr, int cmd) -{ - struct ipsectunnelconf *cf = (struct ipsectunnelconf *)&ifr->ifr_data; - struct ipsecpriv *prv = dev->priv; - struct device *them; /* physical device */ -#ifdef CONFIG_IP_ALIAS - char *colon; - char realphysname[IFNAMSIZ]; -#endif /* CONFIG_IP_ALIAS */ - - if(dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "device not supplied.\n"); - return -ENODEV; - } - - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "tncfg service call #%d for dev=%s\n", - cmd, - dev->name ? dev->name : "NULL"); - switch (cmd) { - /* attach a virtual ipsec? device to a physical device */ - case IPSEC_SET_DEV: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "calling ipsec_tunnel_attatch...\n"); -#ifdef CONFIG_IP_ALIAS - /* If this is an IP alias interface, get its real physical name */ - strncpy(realphysname, cf->cf_name, IFNAMSIZ); - realphysname[IFNAMSIZ-1] = 0; - colon = strchr(realphysname, ':'); - if (colon) *colon = 0; - them = ipsec_dev_get(realphysname); -#else /* CONFIG_IP_ALIAS */ - them = ipsec_dev_get(cf->cf_name); -#endif /* CONFIG_IP_ALIAS */ - - if (them == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "physical device %s requested is null\n", - cf->cf_name); - return -ENXIO; - } - -#if 0 - if (them->flags & IFF_UP) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "physical device %s requested is not up.\n", - cf->cf_name); - ipsec_dev_put(them); - return -ENXIO; - } -#endif - - if (prv && prv->dev) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "virtual device is already connected to %s.\n", - prv->dev->name ? prv->dev->name : "NULL"); - ipsec_dev_put(them); - return -EBUSY; - } - return ipsec_tunnel_attach(dev, them); - - case IPSEC_DEL_DEV: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "calling ipsec_tunnel_detatch.\n"); - if (! prv->dev) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "physical device not connected.\n"); - return -ENODEV; - } - return ipsec_tunnel_detach(dev); - - case IPSEC_CLR_DEV: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "calling ipsec_tunnel_clear.\n"); - return ipsec_tunnel_clear(); - - default: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_ioctl: " - "unknown command %d.\n", - cmd); - return -EOPNOTSUPP; - } -} - -int -ipsec_device_event(struct notifier_block *unused, unsigned long event, void *ptr) -{ - struct device *dev = ptr; - struct device *ipsec_dev; - struct ipsecpriv *priv; - int i; - - if (dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "dev=NULL for event type %ld.\n", - event); - return(NOTIFY_DONE); - } - - /* check for loopback devices */ - if (dev && (dev->flags & IFF_LOOPBACK)) { - return(NOTIFY_DONE); - } - - switch (event) { - case NETDEV_DOWN: - /* look very carefully at the scope of these compiler - directives before changing anything... -- RGB */ -#ifdef NET_21 - case NETDEV_UNREGISTER: - switch (event) { - case NETDEV_DOWN: -#endif /* NET_21 */ - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_DOWN dev=%s flags=%x\n", - dev->name, - dev->flags); - if(strncmp(dev->name, "ipsec", strlen("ipsec")) == 0) { - printk(KERN_CRIT "IPSEC EVENT: KLIPS device %s shut down.\n", - dev->name); - } -#ifdef NET_21 - break; - case NETDEV_UNREGISTER: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_UNREGISTER dev=%s flags=%x\n", - dev->name, - dev->flags); - break; - } -#endif /* NET_21 */ - - /* find the attached physical device and detach it. */ - for(i = 0; i < IPSEC_NUM_IF; i++) { - ipsec_dev = ipsecdevices[i]; - - if(ipsec_dev) { - priv = (struct ipsecpriv *)(ipsec_dev->priv); - if(priv) { - ; - if(((struct device *)(priv->dev)) == dev) { - /* dev_close(ipsec_dev); */ - /* return */ ipsec_tunnel_detach(ipsec_dev); - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "device '%s' has been detached.\n", - ipsec_dev->name); - break; - } - } else { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "device '%s' has no private data space!\n", - ipsec_dev->name); - } - } - } - break; - case NETDEV_UP: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_UP dev=%s\n", - dev->name); - break; -#ifdef NET_21 - case NETDEV_REBOOT: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_REBOOT dev=%s\n", - dev->name); - break; - case NETDEV_CHANGE: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_CHANGE dev=%s flags=%x\n", - dev->name, - dev->flags); - break; - case NETDEV_REGISTER: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_REGISTER dev=%s\n", - dev->name); - break; - case NETDEV_CHANGEMTU: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_CHANGEMTU dev=%s to mtu=%d\n", - dev->name, - dev->mtu); - break; - case NETDEV_CHANGEADDR: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_CHANGEADDR dev=%s\n", - dev->name); - break; - case NETDEV_GOING_DOWN: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_GOING_DOWN dev=%s\n", - dev->name); - break; - case NETDEV_CHANGENAME: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "NETDEV_CHANGENAME dev=%s\n", - dev->name); - break; -#endif /* NET_21 */ - default: - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_device_event: " - "event type %ld unrecognised for dev=%s\n", - event, - dev->name); - break; - } - return NOTIFY_DONE; -} - -/* - * Called when an ipsec tunnel device is initialized. - * The ipsec tunnel device structure is passed to us. - */ - -int -ipsec_tunnel_init(struct device *dev) -{ - int i; - - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_init: " - "allocating %lu bytes initialising device: %s\n", - (unsigned long) sizeof(struct ipsecpriv), - dev->name ? dev->name : "NULL"); - - /* Add our tunnel functions to the device */ - dev->open = ipsec_tunnel_open; - dev->stop = ipsec_tunnel_close; - dev->hard_start_xmit = ipsec_tunnel_start_xmit; - dev->get_stats = ipsec_tunnel_get_stats; - - dev->priv = kmalloc(sizeof(struct ipsecpriv), GFP_KERNEL); - if (dev->priv == NULL) - return -ENOMEM; - memset((caddr_t)(dev->priv), 0, sizeof(struct ipsecpriv)); - - for(i = 0; i < sizeof(zeroes); i++) { - ((__u8*)(zeroes))[i] = 0; - } - -#ifndef NET_21 - /* Initialize the tunnel device structure */ - for (i = 0; i < DEV_NUMBUFFS; i++) - skb_queue_head_init(&dev->buffs[i]); -#endif /* !NET_21 */ - - dev->set_multicast_list = NULL; - dev->do_ioctl = ipsec_tunnel_ioctl; - dev->hard_header = NULL; - dev->rebuild_header = NULL; - dev->set_mac_address = NULL; -#ifndef NET_21 - dev->header_cache_bind = NULL; -#endif /* !NET_21 */ - dev->header_cache_update= NULL; - -#ifdef NET_21 -/* prv->neigh_setup = NULL; */ - dev->neigh_setup = ipsec_tunnel_neigh_setup_dev; -#endif /* NET_21 */ - dev->hard_header_len = 0; - dev->mtu = 0; - dev->addr_len = 0; - dev->type = ARPHRD_VOID; /* ARPHRD_TUNNEL; */ /* ARPHRD_ETHER; */ - dev->tx_queue_len = 10; /* Small queue */ - memset((caddr_t)(dev->broadcast),0xFF, ETH_ALEN); /* what if this is not attached to ethernet? */ - - /* New-style flags. */ - dev->flags = IFF_NOARP /* 0 */ /* Petr Novak */; -#ifdef NET_21 - dev_init_buffers(dev); -#else /* NET_21 */ - dev->family = AF_INET; - dev->pa_addr = 0; - dev->pa_brdaddr = 0; - dev->pa_mask = 0; - dev->pa_alen = 4; -#endif /* NET_21 */ - - /* We're done. Have I forgotten anything? */ - return 0; -} - -/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ -/* Module specific interface (but it links with the rest of IPSEC) */ -/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ - -int -ipsec_tunnel_probe(struct device *dev) -{ - ipsec_tunnel_init(dev); - return 0; -} - -struct device *ipsecdevices[IPSEC_NUM_IF]; - -int -ipsec_tunnel_init_devices(void) -{ - int i; - char name[IFNAMSIZ]; - struct device *dev_ipsec; - - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_init_devices: " - "creating and registering IPSEC_NUM_IF=%u devices, allocating %lu per device, IFNAMSIZ=%u.\n", - IPSEC_NUM_IF, - (unsigned long) (sizeof(struct device) + IFNAMSIZ), - IFNAMSIZ); - - for(i = 0; i < IPSEC_NUM_IF; i++) { - sprintf(name, IPSEC_DEV_FORMAT, i); - dev_ipsec = (struct device*)kmalloc(sizeof(struct device), GFP_KERNEL); - if (dev_ipsec == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_init_devices: " - "failed to allocate memory for device %s, quitting device init.\n", - name); - return -ENOMEM; - } - memset((caddr_t)dev_ipsec, 0, sizeof(struct device)); -#ifdef NETDEV_23 - strncpy(dev_ipsec->name, name, sizeof(dev_ipsec->name)); -#else /* NETDEV_23 */ - dev_ipsec->name = (char*)kmalloc(IFNAMSIZ, GFP_KERNEL); - if (dev_ipsec->name == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_init_devices: " - "failed to allocate memory for device %s name, quitting device init.\n", - name); - return -ENOMEM; - } - memset((caddr_t)dev_ipsec->name, 0, IFNAMSIZ); - strncpy(dev_ipsec->name, name, IFNAMSIZ); -#endif /* NETDEV_23 */ - dev_ipsec->next = NULL; - dev_ipsec->init = &ipsec_tunnel_probe; - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_init_devices: " - "registering device %s\n", - dev_ipsec->name); - - /* reference and hold the device reference */ - dev_hold(dev_ipsec); - ipsecdevices[i]=dev_ipsec; - - if (register_netdev(dev_ipsec) != 0) { - KLIPS_PRINT(1 || debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_init_devices: " - "registering device %s failed, quitting device init.\n", - dev_ipsec->name); - return -EIO; - } else { - KLIPS_PRINT(debug_tunnel & DB_TN_INIT, - "klips_debug:ipsec_tunnel_init_devices: " - "registering device %s succeeded, continuing...\n", - dev_ipsec->name); - } - } - return 0; -} - -/* void */ -int -ipsec_tunnel_cleanup_devices(void) -{ - int error = 0; - int i; - char name[32]; - struct device *dev_ipsec; - - for(i = 0; i < IPSEC_NUM_IF; i++) { - dev_ipsec = ipsecdevices[i]; - if(dev_ipsec == NULL) { - continue; - } - - /* release reference */ - ipsecdevices[i]=NULL; - ipsec_dev_put(dev_ipsec); - - KLIPS_PRINT(debug_tunnel, "Unregistering %s (refcnt=%d)\n", - name, - atomic_read(&dev_ipsec->refcnt)); - unregister_netdev(dev_ipsec); - KLIPS_PRINT(debug_tunnel, "Unregisted %s\n", name); -#ifndef NETDEV_23 - kfree(dev_ipsec->name); - dev_ipsec->name=NULL; -#endif /* !NETDEV_23 */ - kfree(dev_ipsec->priv); - dev_ipsec->priv=NULL; - } - return error; -} diff --git a/linux/net/ipsec/ipsec_xform.c b/linux/net/ipsec/ipsec_xform.c deleted file mode 100644 index 677f83aaf..000000000 --- a/linux/net/ipsec/ipsec_xform.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Common routines for IPSEC transformations. - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: ipsec_xform.c,v 1.2 2004/06/13 19:57:50 as Exp $ - */ - -#include -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include -#include /* get_random_bytes() */ -#include -#ifdef SPINLOCK -# ifdef SPINLOCK_23 -# include /* *lock* */ -# else /* SPINLOCK_23 */ -# include /* *lock* */ -# endif /* SPINLOCK_23 */ -#endif /* SPINLOCK */ -#ifdef NET_21 -# include -# include -#endif -#include -#include - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_ipe4.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" - -#include -#include - -#ifdef CONFIG_IPSEC_DEBUG -int debug_xform = 0; -#endif /* CONFIG_IPSEC_DEBUG */ - -#ifdef SPINLOCK -spinlock_t tdb_lock = SPIN_LOCK_UNLOCKED; -#else /* SPINLOCK */ -spinlock_t tdb_lock; -#endif /* SPINLOCK */ diff --git a/linux/net/ipsec/ipsec_xmit.c b/linux/net/ipsec/ipsec_xmit.c deleted file mode 100644 index bb390bcf9..000000000 --- a/linux/net/ipsec/ipsec_xmit.c +++ /dev/null @@ -1,1782 +0,0 @@ -/* - * IPSEC Transmit code. - * Copyright (C) 1996, 1997 John Ioannidis. - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -char ipsec_xmit_c_version[] = "RCSID $Id: ipsec_xmit.c,v 1.3 2004/06/13 19:37:23 as Exp $"; - -#define __NO_VERSION__ -#include -#include /* for CONFIG_IP_FORWARD */ -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, struct net_device_stats, dev_queue_xmit() and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include /* struct tcphdr */ -#include /* struct udphdr */ -#include -#include -#ifdef NET_21 -# define MSS_HACK_ /* experimental */ -# include -# include -# include -# define proto_priv cb -#endif /* NET_21 */ -#include -#include /* icmp_send() */ -#include -#ifdef NETDEV_23 -# include -#endif /* NETDEV_23 */ - -#include -#ifdef MSS_HACK -# include /* TCP options */ -#endif /* MSS_HACK */ - -#include "freeswan/radij.h" -#include "freeswan/ipsec_life.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_eroute.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_xmit.h" -#include "freeswan/ipsec_sa.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_ipe4.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" - -#ifdef CONFIG_IPSEC_IPCOMP -#include "freeswan/ipcomp.h" -#endif /* CONFIG_IPSEC_IPCOMP */ - -#include -#include - -#include "freeswan/ipsec_proto.h" -#include "freeswan/ipsec_alg.h" - - -/* - * Stupid kernel API differences in APIs. Not only do some - * kernels not have ip_select_ident, but some have differing APIs, - * and SuSE has one with one parameter, but no way of checking to - * see what is really what. - */ - -#ifdef SUSE_LINUX_2_4_19_IS_STUPID -#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph) -#else - -/* simplest case, nothing */ -#if !defined(IP_SELECT_IDENT) -#define KLIPS_IP_SELECT_IDENT(iph, skb) do { iph->id = htons(ip_id_count++); } while(0) -#endif - -/* kernels > 2.3.37-ish */ -#if defined(IP_SELECT_IDENT) && !defined(IP_SELECT_IDENT_NEW) -#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst) -#endif - -/* kernels > 2.4.2 */ -#if defined(IP_SELECT_IDENT) && defined(IP_SELECT_IDENT_NEW) -#define KLIPS_IP_SELECT_IDENT(iph, skb) ip_select_ident(iph, skb->dst, NULL) -#endif - -#endif /* SUSE_LINUX_2_4_19_IS_STUPID */ - - -static __u32 zeroes[64]; - -#ifdef CONFIG_IPSEC_DEBUG -int sysctl_ipsec_debug_verbose = 0; -#endif /* CONFIG_IPSEC_DEBUG */ - -int ipsec_xmit_trap_count = 0; -int ipsec_xmit_trap_sendcount = 0; - -int sysctl_ipsec_icmp = 0; -int sysctl_ipsec_tos = 0; - -/* - * If the IP packet (iph) is a carrying TCP/UDP, then set the encaps - * source and destination ports to those from the TCP/UDP header. - */ -void ipsec_extract_ports(struct iphdr * iph, struct sockaddr_encap * er) -{ - struct udphdr *udp; - - switch (iph->protocol) { - case IPPROTO_UDP: - case IPPROTO_TCP: - /* - * The ports are at the same offsets in a TCP and UDP - * header so hack it ... - */ - udp = (struct udphdr*)(((char*)iph)+(iph->ihl<<2)); - er->sen_sport = udp->source; - er->sen_dport = udp->dest; - break; - default: - er->sen_sport = 0; - er->sen_dport = 0; - break; - } -} - -/* - * A TRAP eroute is installed and we want to replace it with a HOLD - * eroute. - */ -static int create_hold_eroute(struct sk_buff * skb, struct iphdr * iph, - uint32_t eroute_pid) -{ - struct eroute hold_eroute; - struct sa_id hold_said; - struct sk_buff *first, *last; - int error; - - first = last = NULL; - memset((caddr_t)&hold_eroute, 0, sizeof(hold_eroute)); - memset((caddr_t)&hold_said, 0, sizeof(hold_said)); - - hold_said.proto = IPPROTO_INT; - hold_said.spi = htonl(SPI_HOLD); - hold_said.dst.s_addr = INADDR_ANY; - - hold_eroute.er_eaddr.sen_len = sizeof(struct sockaddr_encap); - hold_eroute.er_emask.sen_len = sizeof(struct sockaddr_encap); - hold_eroute.er_eaddr.sen_family = AF_ENCAP; - hold_eroute.er_emask.sen_family = AF_ENCAP; - hold_eroute.er_eaddr.sen_type = SENT_IP4; - hold_eroute.er_emask.sen_type = 255; - - hold_eroute.er_eaddr.sen_ip_src.s_addr = iph->saddr; - hold_eroute.er_eaddr.sen_ip_dst.s_addr = iph->daddr; - hold_eroute.er_emask.sen_ip_src.s_addr = INADDR_BROADCAST; - hold_eroute.er_emask.sen_ip_dst.s_addr = INADDR_BROADCAST; - hold_eroute.er_emask.sen_sport = ~0; - hold_eroute.er_emask.sen_dport = ~0; - hold_eroute.er_pid = eroute_pid; - hold_eroute.er_count = 0; - hold_eroute.er_lasttime = jiffies/HZ; - - hold_eroute.er_eaddr.sen_proto = iph->protocol; - ipsec_extract_ports(iph, &hold_eroute.er_eaddr); - -#ifdef CONFIG_IPSEC_DEBUG - if (debug_pfkey) { - char buf1[64], buf2[64]; - subnettoa(hold_eroute.er_eaddr.sen_ip_src, - hold_eroute.er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); - subnettoa(hold_eroute.er_eaddr.sen_ip_dst, - hold_eroute.er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_tunnel_start_xmit: " - "calling breakeroute and makeroute for %s:%d->%s:%d %d HOLD eroute.\n", - buf1, ntohs(hold_eroute.er_eaddr.sen_sport), - buf2, ntohs(hold_eroute.er_eaddr.sen_dport), - hold_eroute.er_eaddr.sen_proto); - } -#endif /* CONFIG_IPSEC_DEBUG */ - - if (ipsec_breakroute(&(hold_eroute.er_eaddr), &(hold_eroute.er_emask), - &first, &last)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_tunnel_start_xmit: " - "HOLD breakeroute found nothing.\n"); - } else { - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_tunnel_start_xmit: " - "HOLD breakroute deleted %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u %u\n", - NIPQUAD(hold_eroute.er_eaddr.sen_ip_src), - ntohs(hold_eroute.er_eaddr.sen_sport), - NIPQUAD(hold_eroute.er_eaddr.sen_ip_dst), - ntohs(hold_eroute.er_eaddr.sen_dport), - hold_eroute.er_eaddr.sen_proto); - } - if (first != NULL) - kfree_skb(first); - if (last != NULL) - kfree_skb(last); - - error = ipsec_makeroute(&(hold_eroute.er_eaddr), - &(hold_eroute.er_emask), - hold_said, eroute_pid, skb, NULL, NULL); - if (error) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_tunnel_start_xmit: " - "HOLD makeroute returned %d, failed.\n", error); - } else { - KLIPS_PRINT(debug_pfkey, - "klips_debug:ipsec_tunnel_start_xmit: " - "HOLD makeroute call successful.\n"); - } - return (error == 0); -} - -#ifdef CONFIG_IPSEC_DEBUG_ -DEBUG_NO_STATIC void -dmp(char *s, caddr_t bb, int len) -{ - int i; - unsigned char *b = bb; - - if (debug_tunnel) { - printk(KERN_INFO "klips_debug:ipsec_tunnel_:dmp: " - "at %s, len=%d:", - s, - len); - for (i=0; i < len; i++) { - if(!(i%16)){ - printk("\nklips_debug: "); - } - printk(" %02x", *b++); - } - printk("\n"); - } -} -#else /* CONFIG_IPSEC_DEBUG */ -#define dmp(_x, _y, _z) -#endif /* CONFIG_IPSEC_DEBUG */ - -#ifndef SKB_COPY_EXPAND -/* - * This is mostly skbuff.c:skb_copy(). - */ -struct sk_buff * -skb_copy_expand(struct sk_buff *skb, int headroom, int tailroom, int priority) -{ - struct sk_buff *n; - unsigned long offset; - - /* - * Do sanity checking - */ - if((headroom < 0) || (tailroom < 0) || ((headroom+tailroom) < 0)) { - printk(KERN_WARNING - "klips_error:skb_copy_expand: " - "Illegal negative head,tailroom %d,%d\n", - headroom, - tailroom); - return NULL; - } - /* - * Allocate the copy buffer - */ - -#ifndef NET_21 - IS_SKB(skb); -#endif /* !NET_21 */ - - - n=alloc_skb(skb->end - skb->head + headroom + tailroom, priority); - - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:skb_copy_expand: " - "allocating %d bytes, head=0p%p data=0p%p tail=0p%p end=0p%p end-head=%d tail-data=%d\n", - skb->end - skb->head + headroom + tailroom, - skb->head, - skb->data, - skb->tail, - skb->end, - skb->end - skb->head, - skb->tail - skb->data); - - if(n==NULL) - return NULL; - - /* - * Shift between the two data areas in bytes - */ - - /* Set the data pointer */ - skb_reserve(n,skb->data-skb->head+headroom); - /* Set the tail pointer and length */ - if(skb_tailroom(n) < skb->len) { - printk(KERN_WARNING "klips_error:skb_copy_expand: " - "tried to skb_put %ld, %d available. This should never happen, please report.\n", - (unsigned long int)skb->len, - skb_tailroom(n)); - ipsec_kfree_skb(n); - return NULL; - } - skb_put(n,skb->len); - - offset=n->head + headroom - skb->head; - - /* Copy the bytes */ - memcpy(n->head + headroom, skb->head,skb->end-skb->head); -#ifdef NET_21 - n->csum=skb->csum; - n->priority=skb->priority; - n->dst=dst_clone(skb->dst); - if(skb->nh.raw) - n->nh.raw=skb->nh.raw+offset; -#ifndef NETDEV_23 - n->is_clone=0; -#endif /* NETDEV_23 */ - atomic_set(&n->users, 1); - n->destructor = NULL; - n->security=skb->security; -#else /* NET_21 */ - n->link3=NULL; - n->when=skb->when; - if(skb->ip_hdr) - n->ip_hdr=(struct iphdr *)(((char *)skb->ip_hdr)+offset); - n->saddr=skb->saddr; - n->daddr=skb->daddr; - n->raddr=skb->raddr; - n->seq=skb->seq; - n->end_seq=skb->end_seq; - n->ack_seq=skb->ack_seq; - n->acked=skb->acked; - n->free=1; - n->arp=skb->arp; - n->tries=0; - n->lock=0; - n->users=0; -#endif /* NET_21 */ - n->protocol=skb->protocol; - n->list=NULL; - n->sk=NULL; - n->dev=skb->dev; - if(skb->h.raw) - n->h.raw=skb->h.raw+offset; - if(skb->mac.raw) - n->mac.raw=skb->mac.raw+offset; - memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv)); -#ifndef NETDEV_23 - n->used=skb->used; -#endif /* !NETDEV_23 */ - n->pkt_type=skb->pkt_type; - n->stamp=skb->stamp; - -#ifndef NET_21 - IS_SKB(n); -#endif /* !NET_21 */ - return n; -} -#endif /* !SKB_COPY_EXPAND */ - -#ifdef CONFIG_IPSEC_DEBUG -void -ipsec_print_ip(struct iphdr *ip) -{ - char buf[ADDRTOA_BUF]; - - printk(KERN_INFO "klips_debug: IP:"); - printk(" ihl:%d", ip->ihl << 2); - printk(" ver:%d", ip->version); - printk(" tos:%d", ip->tos); - printk(" tlen:%d", ntohs(ip->tot_len)); - printk(" id:%d", ntohs(ip->id)); - printk(" %s%s%sfrag_off:%d", - ip->frag_off & __constant_htons(IP_CE) ? "CE " : "", - ip->frag_off & __constant_htons(IP_DF) ? "DF " : "", - ip->frag_off & __constant_htons(IP_MF) ? "MF " : "", - (ntohs(ip->frag_off) & IP_OFFSET) << 3); - printk(" ttl:%d", ip->ttl); - printk(" proto:%d", ip->protocol); - if(ip->protocol == IPPROTO_UDP) - printk(" (UDP)"); - if(ip->protocol == IPPROTO_TCP) - printk(" (TCP)"); - if(ip->protocol == IPPROTO_ICMP) - printk(" (ICMP)"); - printk(" chk:%d", ntohs(ip->check)); - addrtoa(*((struct in_addr*)(&ip->saddr)), 0, buf, sizeof(buf)); - printk(" saddr:%s", buf); - if(ip->protocol == IPPROTO_UDP) - printk(":%d", - ntohs(((struct udphdr*)((caddr_t)ip + (ip->ihl << 2)))->source)); - if(ip->protocol == IPPROTO_TCP) - printk(":%d", - ntohs(((struct tcphdr*)((caddr_t)ip + (ip->ihl << 2)))->source)); - addrtoa(*((struct in_addr*)(&ip->daddr)), 0, buf, sizeof(buf)); - printk(" daddr:%s", buf); - if(ip->protocol == IPPROTO_UDP) - printk(":%d", - ntohs(((struct udphdr*)((caddr_t)ip + (ip->ihl << 2)))->dest)); - if(ip->protocol == IPPROTO_TCP) - printk(":%d", - ntohs(((struct tcphdr*)((caddr_t)ip + (ip->ihl << 2)))->dest)); - if(ip->protocol == IPPROTO_ICMP) - printk(" type:code=%d:%d", - ((struct icmphdr*)((caddr_t)ip + (ip->ihl << 2)))->type, - ((struct icmphdr*)((caddr_t)ip + (ip->ihl << 2)))->code); - printk("\n"); - - if(sysctl_ipsec_debug_verbose) { - __u8 *c; - int i; - - c = ((__u8*)ip) + ip->ihl*4; - for(i = 0; i < ntohs(ip->tot_len) - ip->ihl*4; i++ /*, c++*/) { - if(!(i % 16)) { - printk(KERN_INFO - "klips_debug: @%03x:", - i); - } - printk(" %02x", /***/c[i]); - if(!((i + 1) % 16)) { - printk("\n"); - } - } - if(i % 16) { - printk("\n"); - } - } -} -#endif /* CONFIG_IPSEC_DEBUG */ - -#ifdef MSS_HACK -/* - * Issues: - * 1) Fragments arriving in the tunnel should probably be rejected. - * 2) How does this affect syncookies, mss_cache, dst cache ? - * 3) Path MTU discovery handling needs to be reviewed. For example, - * if we receive an ICMP 'packet too big' message from an intermediate - * router specifying it's next hop MTU, our stack may process this and - * adjust the MSS without taking our AH/ESP overheads into account. - */ - - -/* - * Recaclulate checksum using differences between changed datum, - * borrowed from netfilter. - */ -DEBUG_NO_STATIC u_int16_t -ipsec_fast_csum(u_int32_t oldvalinv, u_int32_t newval, u_int16_t oldcheck) -{ - u_int32_t diffs[] = { oldvalinv, newval }; - return csum_fold(csum_partial((char *)diffs, sizeof(diffs), - oldcheck^0xFFFF)); -} - -/* - * Determine effective MSS. - * - * Note that we assume that there is always an MSS option for our own - * SYN segments, which is mentioned in tcp_syn_build_options(), kernel 2.2.x. - * This could change, and we should probably parse TCP options instead. - * - */ -DEBUG_NO_STATIC u_int8_t -ipsec_adjust_mss(struct sk_buff *skb, struct tcphdr *tcph, u_int16_t mtu) -{ - u_int16_t oldmss, newmss; - u_int32_t *mssp; - struct sock *sk = skb->sk; - - newmss = tcp_sync_mss(sk, mtu); - printk(KERN_INFO "klips: setting mss to %u\n", newmss); - mssp = (u_int32_t *)tcph + sizeof(struct tcphdr) / sizeof(u_int32_t); - oldmss = ntohl(*mssp) & 0x0000FFFF; - *mssp = htonl((TCPOPT_MSS << 24) | (TCPOLEN_MSS << 16) | newmss); - tcph->check = ipsec_fast_csum(htons(~oldmss), - htons(newmss), tcph->check); - return 1; -} -#endif /* MSS_HACK */ - -/* - * Sanity checks - */ -enum ipsec_xmit_value -ipsec_xmit_sanity_check_dev(struct ipsec_xmit_state *ixs) -{ - - if (ixs->dev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_error:ipsec_xmit_sanity_check_dev: " - "No device associated with skb!\n" ); - return IPSEC_XMIT_NODEV; - } - - ixs->prv = ixs->dev->priv; - if (ixs->prv == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_error:ipsec_xmit_sanity_check_dev: " - "Device has no private structure!\n" ); - return IPSEC_XMIT_NOPRIVDEV; - } - - ixs->physdev = ixs->prv->dev; - if (ixs->physdev == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_error:ipsec_xmit_sanity_check_dev: " - "Device is not attached to physical device!\n" ); - return IPSEC_XMIT_NOPHYSDEV; - } - - ixs->physmtu = ixs->physdev->mtu; - - ixs->stats = (struct net_device_stats *) &(ixs->prv->mystats); - - return IPSEC_XMIT_OK; -} - -enum ipsec_xmit_value -ipsec_xmit_sanity_check_skb(struct ipsec_xmit_state *ixs) -{ - /* - * Return if there is nothing to do. (Does this ever happen?) XXX - */ - if (ixs->skb == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_error:ipsec_xmit_sanity_check_skb: " - "Nothing to do!\n" ); - return IPSEC_XMIT_NOSKB; - } -#ifdef NET_21 - /* if skb was cloned (most likely due to a packet sniffer such as - tcpdump being momentarily attached to the interface), make - a copy of our own to modify */ - if(skb_cloned(ixs->skb)) { - if -#ifdef SKB_COW_NEW - (skb_cow(ixs->skb, skb_headroom(ixs->skb)) != 0) -#else /* SKB_COW_NEW */ - ((ixs->skb = skb_cow(ixs->skb, skb_headroom(ixs->skb))) == NULL) -#endif /* SKB_COW_NEW */ - { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_error:ipsec_xmit_sanity_check_skb: " - "skb_cow failed to allocate buffer, dropping.\n" ); - ixs->stats->tx_dropped++; - return IPSEC_XMIT_ERRSKBALLOC; - } - } -#endif /* NET_21 */ - -#ifdef NET_21 - ixs->iph = ixs->skb->nh.iph; -#else /* NET_21 */ - ixs->iph = ixs->skb->ip_hdr; -#endif /* NET_21 */ - - /* sanity check for IP version as we can't handle IPv6 right now */ - if (ixs->iph->version != 4) { - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_xmit_sanity_check_skb: " - "found IP Version %d but cannot process other IP versions than v4.\n", - ixs->iph->version); /* XXX */ - ixs->stats->tx_dropped++; - return IPSEC_XMIT_NOIPV6; - } - -#if IPSEC_DISALLOW_IPOPTIONS - if ((ixs->iph->ihl << 2) != sizeof (struct iphdr)) { - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_xmit_sanity_check_skb: " - "cannot process IP header options yet. May be mal-formed packet.\n"); /* XXX */ - ixs->stats->tx_dropped++; - return IPSEC_XMIT_NOIPOPTIONS; - } -#endif /* IPSEC_DISALLOW_IPOPTIONS */ - -#ifndef NET_21 - if (ixs->iph->ttl <= 0) { - /* Tell the sender its packet died... */ - ICMP_SEND(ixs->skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0, ixs->physdev); - - KLIPS_PRINT(debug_tunnel, "klips_debug:ipsec_xmit_sanity_check_skb: " - "TTL=0, too many hops!\n"); - ixs->stats->tx_dropped++; - return IPSEC_XMIT_TTLEXPIRED; - } -#endif /* !NET_21 */ - - return IPSEC_XMIT_OK; -} - -enum ipsec_xmit_value -ipsec_xmit_encap_once(struct ipsec_xmit_state *ixs) -{ -#ifdef CONFIG_IPSEC_ESP - struct esphdr *espp; -#ifdef CONFIG_IPSEC_ENC_3DES - __u32 iv[ESP_IV_MAXSZ_INT]; -#endif /* !CONFIG_IPSEC_ENC_3DES */ - unsigned char *idat, *pad; - int authlen = 0, padlen = 0, i; -#endif /* !CONFIG_IPSEC_ESP */ -#ifdef CONFIG_IPSEC_AH - struct iphdr ipo; - struct ahhdr *ahp; -#endif /* CONFIG_IPSEC_AH */ -#if defined(CONFIG_IPSEC_AUTH_HMAC_MD5) || defined(CONFIG_IPSEC_AUTH_HMAC_SHA1) - union { -#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - MD5_CTX md5; -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - SHA1_CTX sha1; -#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ - } tctx; - __u8 hash[AH_AMAX]; -#endif /* defined(CONFIG_IPSEC_AUTH_HMAC_MD5) || defined(CONFIG_IPSEC_AUTH_HMAC_SHA1) */ - int headroom = 0, tailroom = 0, ilen = 0, len = 0; - unsigned char *dat; - int blocksize = 8; /* XXX: should be inside ixs --jjo */ -#ifdef CONFIG_IPSEC_ALG - struct ipsec_alg_enc *ixt_e = NULL; - struct ipsec_alg_auth *ixt_a = NULL; -#endif /* CONFIG_IPSEC_ALG */ - - ixs->iphlen = ixs->iph->ihl << 2; - ixs->pyldsz = ntohs(ixs->iph->tot_len) - ixs->iphlen; - ixs->sa_len = satoa(ixs->ipsp->ips_said, 0, ixs->sa_txt, SATOA_BUF); - KLIPS_PRINT(debug_tunnel & DB_TN_OXFS, - "klips_debug:ipsec_xmit_encap_once: " - "calling output for <%s%s%s>, SA:%s\n", - IPS_XFORM_NAME(ixs->ipsp), - ixs->sa_len ? ixs->sa_txt : " (error)"); - - switch(ixs->ipsp->ips_said.proto) { -#ifdef CONFIG_IPSEC_AH - case IPPROTO_AH: - headroom += sizeof(struct ahhdr); - break; -#endif /* CONFIG_IPSEC_AH */ -#ifdef CONFIG_IPSEC_ESP - case IPPROTO_ESP: -#ifdef CONFIG_IPSEC_ALG - if ((ixt_e=ixs->ipsp->ips_alg_enc)) { - blocksize = ixt_e->ixt_blocksize; - headroom += ESP_HEADER_LEN + ixt_e->ixt_ivlen/8; - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ixs->ipsp->ips_encalg) { -#ifdef CONFIG_IPSEC_ENC_3DES - case ESP_3DES: - headroom += sizeof(struct esphdr); - break; -#endif /* CONFIG_IPSEC_ENC_3DES */ - default: - ixs->stats->tx_errors++; - return IPSEC_XMIT_ESP_BADALG; - } -#ifdef CONFIG_IPSEC_ALG - if ((ixt_a=ixs->ipsp->ips_alg_auth)) { - tailroom += AHHMAC_HASHLEN; - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ixs->ipsp->ips_authalg) { -#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - case AH_MD5: - authlen = AHHMAC_HASHLEN; - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - case AH_SHA: - authlen = AHHMAC_HASHLEN; - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ - case AH_NONE: - break; - default: - ixs->stats->tx_errors++; - return IPSEC_XMIT_ESP_BADALG; - } -#ifdef CONFIG_IPSEC_ALG - tailroom += blocksize != 1 ? - ((blocksize - ((ixs->pyldsz + 2) % blocksize)) % blocksize) + 2 : - ((4 - ((ixs->pyldsz + 2) % 4)) % 4) + 2; -#else - tailroom += ((8 - ((ixs->pyldsz + 2 * sizeof(unsigned char)) % 8)) % 8) + 2; -#endif /* CONFIG_IPSEC_ALG */ - tailroom += authlen; - break; -#endif /* !CONFIG_IPSEC_ESP */ -#ifdef CONFIG_IPSEC_IPIP - case IPPROTO_IPIP: - headroom += sizeof(struct iphdr); - ixs->iphlen = sizeof(struct iphdr); - break; -#endif /* !CONFIG_IPSEC_IPIP */ -#ifdef CONFIG_IPSEC_IPCOMP - case IPPROTO_COMP: - break; -#endif /* CONFIG_IPSEC_IPCOMP */ - default: - ixs->stats->tx_errors++; - return IPSEC_XMIT_BADPROTO; - } - - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_once: " - "pushing %d bytes, putting %d, proto %d.\n", - headroom, tailroom, ixs->ipsp->ips_said.proto); - if(skb_headroom(ixs->skb) < headroom) { - printk(KERN_WARNING - "klips_error:ipsec_xmit_encap_once: " - "tried to skb_push headroom=%d, %d available. This should never happen, please report.\n", - headroom, skb_headroom(ixs->skb)); - ixs->stats->tx_errors++; - return IPSEC_XMIT_ESP_PUSHPULLERR; - } - dat = skb_push(ixs->skb, headroom); - ilen = ixs->skb->len - tailroom; - if(skb_tailroom(ixs->skb) < tailroom) { - printk(KERN_WARNING - "klips_error:ipsec_xmit_encap_once: " - "tried to skb_put %d, %d available. This should never happen, please report.\n", - tailroom, skb_tailroom(ixs->skb)); - ixs->stats->tx_errors++; - return IPSEC_XMIT_ESP_PUSHPULLERR; - } - skb_put(ixs->skb, tailroom); - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_once: " - "head,tailroom: %d,%d before xform.\n", - skb_headroom(ixs->skb), skb_tailroom(ixs->skb)); - len = ixs->skb->len; - if(len > 0xfff0) { - printk(KERN_WARNING "klips_error:ipsec_xmit_encap_once: " - "tot_len (%d) > 65520. This should never happen, please report.\n", - len); - ixs->stats->tx_errors++; - return IPSEC_XMIT_BADLEN; - } - memmove((void *)dat, (void *)(dat + headroom), ixs->iphlen); - ixs->iph = (struct iphdr *)dat; - ixs->iph->tot_len = htons(ixs->skb->len); - - switch(ixs->ipsp->ips_said.proto) { -#ifdef CONFIG_IPSEC_ESP - case IPPROTO_ESP: - espp = (struct esphdr *)(dat + ixs->iphlen); - espp->esp_spi = ixs->ipsp->ips_said.spi; - espp->esp_rpl = htonl(++(ixs->ipsp->ips_replaywin_lastseq)); - -#ifdef CONFIG_IPSEC_ALG - if (!ixt_e) -#endif /* CONFIG_IPSEC_ALG */ - switch(ixs->ipsp->ips_encalg) { -#if defined(CONFIG_IPSEC_ENC_3DES) -#ifdef CONFIG_IPSEC_ENC_3DES - case ESP_3DES: -#endif /* CONFIG_IPSEC_ENC_3DES */ - iv[0] = *((__u32*)&(espp->esp_iv) ) = - ((__u32*)(ixs->ipsp->ips_iv))[0]; - iv[1] = *((__u32*)&(espp->esp_iv) + 1) = - ((__u32*)(ixs->ipsp->ips_iv))[1]; - break; -#endif /* defined(CONFIG_IPSEC_ENC_3DES) */ - default: - ixs->stats->tx_errors++; - return IPSEC_XMIT_ESP_BADALG; - } - - idat = dat + ixs->iphlen + headroom; - ilen = len - (ixs->iphlen + headroom + authlen); - - /* Self-describing padding */ - pad = &dat[len - tailroom]; - padlen = tailroom - 2 - authlen; - for (i = 0; i < padlen; i++) { - pad[i] = i + 1; - } - dat[len - authlen - 2] = padlen; - - dat[len - authlen - 1] = ixs->iph->protocol; - ixs->iph->protocol = IPPROTO_ESP; - -#ifdef CONFIG_IPSEC_ALG - /* Do all operations here: - * copy IV->ESP, encrypt, update ips IV - */ - if (ixt_e) { - int ret; - memcpy(espp->esp_iv, - ixs->ipsp->ips_iv, - ixt_e->ixt_ivlen/8); - ret=ipsec_alg_esp_encrypt(ixs->ipsp, - idat, ilen, espp->esp_iv, - IPSEC_ALG_ENCRYPT); - memcpy(ixs->ipsp->ips_iv, - idat + ilen - ixt_e->ixt_ivlen/8, - ixt_e->ixt_ivlen/8); - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ixs->ipsp->ips_encalg) { -#ifdef CONFIG_IPSEC_ENC_3DES - case ESP_3DES: - des_ede3_cbc_encrypt((des_cblock *)idat, - (des_cblock *)idat, - ilen, - ((struct des_eks *)(ixs->ipsp->ips_key_e))[0].ks, - ((struct des_eks *)(ixs->ipsp->ips_key_e))[1].ks, - ((struct des_eks *)(ixs->ipsp->ips_key_e))[2].ks, - (des_cblock *)iv, 1); - break; -#endif /* CONFIG_IPSEC_ENC_3DES */ - default: - ixs->stats->tx_errors++; - return IPSEC_XMIT_ESP_BADALG; - } - -#ifdef CONFIG_IPSEC_ALG - if (!ixt_e) -#endif /* CONFIG_IPSEC_ALG */ - switch(ixs->ipsp->ips_encalg) { -#if defined(CONFIG_IPSEC_ENC_3DES) -#ifdef CONFIG_IPSEC_ENC_3DES - case ESP_3DES: -#endif /* CONFIG_IPSEC_ENC_3DES */ - /* XXX update IV with the last 8 octets of the encryption */ -#if KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK - ((__u32*)(ixs->ipsp->ips_iv))[0] = - ((__u32 *)(idat))[(ilen >> 2) - 2]; - ((__u32*)(ixs->ipsp->ips_iv))[1] = - ((__u32 *)(idat))[(ilen >> 2) - 1]; -#else /* KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK */ - prng_bytes(&ipsec_prng, (char *)ixs->ipsp->ips_iv, EMT_ESPDES_IV_SZ); -#endif /* KLIPS_IMPAIRMENT_ESPIV_CBC_ATTACK */ - break; -#endif /* defined(CONFIG_IPSEC_ENC_3DES) */ - default: - ixs->stats->tx_errors++; - return IPSEC_XMIT_ESP_BADALG; - } - -#ifdef CONFIG_IPSEC_ALG - if (ixt_a) { - ipsec_alg_sa_esp_hash(ixs->ipsp, - (caddr_t)espp, len - ixs->iphlen - authlen, - &(dat[len - authlen]), authlen); - - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ixs->ipsp->ips_authalg) { -#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - case AH_MD5: - dmp("espp", (char*)espp, len - ixs->iphlen - authlen); - tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->ictx; - dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Update(&tctx.md5, (caddr_t)espp, len - ixs->iphlen - authlen); - dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Final(hash, &tctx.md5); - dmp("ictx hash", (char*)&hash, sizeof(hash)); - tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->octx; - dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Update(&tctx.md5, hash, AHMD596_ALEN); - dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Final(hash, &tctx.md5); - dmp("octx hash", (char*)&hash, sizeof(hash)); - memcpy(&(dat[len - authlen]), hash, authlen); - - /* paranoid */ - memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5)); - memset((caddr_t)hash, 0, sizeof(*hash)); - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - case AH_SHA: - tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->ictx; - SHA1Update(&tctx.sha1, (caddr_t)espp, len - ixs->iphlen - authlen); - SHA1Final(hash, &tctx.sha1); - tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->octx; - SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN); - SHA1Final(hash, &tctx.sha1); - memcpy(&(dat[len - authlen]), hash, authlen); - - /* paranoid */ - memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1)); - memset((caddr_t)hash, 0, sizeof(*hash)); - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ - case AH_NONE: - break; - default: - ixs->stats->tx_errors++; - return IPSEC_XMIT_AH_BADALG; - } -#ifdef NET_21 - ixs->skb->h.raw = (unsigned char*)espp; -#endif /* NET_21 */ - break; -#endif /* !CONFIG_IPSEC_ESP */ -#ifdef CONFIG_IPSEC_AH - case IPPROTO_AH: - ahp = (struct ahhdr *)(dat + ixs->iphlen); - ahp->ah_spi = ixs->ipsp->ips_said.spi; - ahp->ah_rpl = htonl(++(ixs->ipsp->ips_replaywin_lastseq)); - ahp->ah_rv = 0; - ahp->ah_nh = ixs->iph->protocol; - ahp->ah_hl = (headroom >> 2) - sizeof(__u64)/sizeof(__u32); - ixs->iph->protocol = IPPROTO_AH; - dmp("ahp", (char*)ahp, sizeof(*ahp)); - - ipo = *ixs->iph; - ipo.tos = 0; - ipo.frag_off = 0; - ipo.ttl = 0; - ipo.check = 0; - dmp("ipo", (char*)&ipo, sizeof(ipo)); - - switch(ixs->ipsp->ips_authalg) { -#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - case AH_MD5: - tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->ictx; - dmp("ictx", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Update(&tctx.md5, (unsigned char *)&ipo, sizeof (struct iphdr)); - dmp("ictx+ipo", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Update(&tctx.md5, (unsigned char *)ahp, headroom - sizeof(ahp->ah_data)); - dmp("ictx+ahp", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Update(&tctx.md5, (unsigned char *)zeroes, AHHMAC_HASHLEN); - dmp("ictx+zeroes", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Update(&tctx.md5, dat + ixs->iphlen + headroom, len - ixs->iphlen - headroom); - dmp("ictx+dat", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Final(hash, &tctx.md5); - dmp("ictx hash", (char*)&hash, sizeof(hash)); - tctx.md5 = ((struct md5_ctx*)(ixs->ipsp->ips_key_a))->octx; - dmp("octx", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Update(&tctx.md5, hash, AHMD596_ALEN); - dmp("octx+hash", (char*)&tctx.md5, sizeof(tctx.md5)); - MD5Final(hash, &tctx.md5); - dmp("octx hash", (char*)&hash, sizeof(hash)); - - memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN); - - /* paranoid */ - memset((caddr_t)&tctx.md5, 0, sizeof(tctx.md5)); - memset((caddr_t)hash, 0, sizeof(*hash)); - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - case AH_SHA: - tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->ictx; - SHA1Update(&tctx.sha1, (unsigned char *)&ipo, sizeof (struct iphdr)); - SHA1Update(&tctx.sha1, (unsigned char *)ahp, headroom - sizeof(ahp->ah_data)); - SHA1Update(&tctx.sha1, (unsigned char *)zeroes, AHHMAC_HASHLEN); - SHA1Update(&tctx.sha1, dat + ixs->iphlen + headroom, len - ixs->iphlen - headroom); - SHA1Final(hash, &tctx.sha1); - tctx.sha1 = ((struct sha1_ctx*)(ixs->ipsp->ips_key_a))->octx; - SHA1Update(&tctx.sha1, hash, AHSHA196_ALEN); - SHA1Final(hash, &tctx.sha1); - - memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN); - - /* paranoid */ - memset((caddr_t)&tctx.sha1, 0, sizeof(tctx.sha1)); - memset((caddr_t)hash, 0, sizeof(*hash)); - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ - default: - ixs->stats->tx_errors++; - return IPSEC_XMIT_AH_BADALG; - } -#ifdef NET_21 - ixs->skb->h.raw = (unsigned char*)ahp; -#endif /* NET_21 */ - break; -#endif /* CONFIG_IPSEC_AH */ -#ifdef CONFIG_IPSEC_IPIP - case IPPROTO_IPIP: - ixs->iph->version = 4; - switch(sysctl_ipsec_tos) { - case 0: -#ifdef NET_21 - ixs->iph->tos = ixs->skb->nh.iph->tos; -#else /* NET_21 */ - ixs->iph->tos = ixs->skb->ip_hdr->tos; -#endif /* NET_21 */ - break; - case 1: - ixs->iph->tos = 0; - break; - default: - break; - } -#ifdef NET_21 -#ifdef NETDEV_23 - ixs->iph->ttl = sysctl_ip_default_ttl; -#else /* NETDEV_23 */ - ixs->iph->ttl = ip_statistics.IpDefaultTTL; -#endif /* NETDEV_23 */ -#else /* NET_21 */ - ixs->iph->ttl = 64; /* ip_statistics.IpDefaultTTL; */ -#endif /* NET_21 */ - ixs->iph->frag_off = 0; - ixs->iph->saddr = ((struct sockaddr_in*)(ixs->ipsp->ips_addr_s))->sin_addr.s_addr; - ixs->iph->daddr = ((struct sockaddr_in*)(ixs->ipsp->ips_addr_d))->sin_addr.s_addr; - ixs->iph->protocol = IPPROTO_IPIP; - ixs->iph->ihl = sizeof(struct iphdr) >> 2; - - KLIPS_IP_SELECT_IDENT(ixs->iph, ixs->skb); - - ixs->newdst = (__u32)ixs->iph->daddr; - ixs->newsrc = (__u32)ixs->iph->saddr; - -#ifdef NET_21 - ixs->skb->h.ipiph = ixs->skb->nh.iph; -#endif /* NET_21 */ - break; -#endif /* !CONFIG_IPSEC_IPIP */ -#ifdef CONFIG_IPSEC_IPCOMP - case IPPROTO_COMP: - { - unsigned int flags = 0; -#ifdef CONFIG_IPSEC_DEBUG - unsigned int old_tot_len = ntohs(ixs->iph->tot_len); -#endif /* CONFIG_IPSEC_DEBUG */ - ixs->ipsp->ips_comp_ratio_dbytes += ntohs(ixs->iph->tot_len); - - ixs->skb = skb_compress(ixs->skb, ixs->ipsp, &flags); - -#ifdef NET_21 - ixs->iph = ixs->skb->nh.iph; -#else /* NET_21 */ - ixs->iph = ixs->skb->ip_hdr; -#endif /* NET_21 */ - - ixs->ipsp->ips_comp_ratio_cbytes += ntohs(ixs->iph->tot_len); - -#ifdef CONFIG_IPSEC_DEBUG - if (debug_tunnel & DB_TN_CROUT) - { - if (old_tot_len > ntohs(ixs->iph->tot_len)) - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_once: " - "packet shrunk from %d to %d bytes after compression, cpi=%04x (should be from spi=%08x, spi&0xffff=%04x.\n", - old_tot_len, ntohs(ixs->iph->tot_len), - ntohs(((struct ipcomphdr*)(((char*)ixs->iph) + ((ixs->iph->ihl) << 2)))->ipcomp_cpi), - ntohl(ixs->ipsp->ips_said.spi), - (__u16)(ntohl(ixs->ipsp->ips_said.spi) & 0x0000ffff)); - else - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_once: " - "packet did not compress (flags = %d).\n", - flags); - } -#endif /* CONFIG_IPSEC_DEBUG */ - } - break; -#endif /* CONFIG_IPSEC_IPCOMP */ - default: - ixs->stats->tx_errors++; - return IPSEC_XMIT_BADPROTO; - } - -#ifdef NET_21 - ixs->skb->nh.raw = ixs->skb->data; -#else /* NET_21 */ - ixs->skb->ip_hdr = ixs->skb->h.iph = (struct iphdr *) ixs->skb->data; -#endif /* NET_21 */ - ixs->iph->check = 0; - ixs->iph->check = ip_fast_csum((unsigned char *)ixs->iph, ixs->iph->ihl); - - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_once: " - "after <%s%s%s>, SA:%s:\n", - IPS_XFORM_NAME(ixs->ipsp), - ixs->sa_len ? ixs->sa_txt : " (error)"); - KLIPS_IP_PRINT(debug_tunnel & DB_TN_XMIT, ixs->iph); - - ixs->ipsp->ips_life.ipl_bytes.ipl_count += len; - ixs->ipsp->ips_life.ipl_bytes.ipl_last = len; - - if(!ixs->ipsp->ips_life.ipl_usetime.ipl_count) { - ixs->ipsp->ips_life.ipl_usetime.ipl_count = jiffies / HZ; - } - ixs->ipsp->ips_life.ipl_usetime.ipl_last = jiffies / HZ; - ixs->ipsp->ips_life.ipl_packets.ipl_count++; - - ixs->ipsp = ixs->ipsp->ips_onext; - - return IPSEC_XMIT_OK; -} - -enum ipsec_xmit_value -ipsec_xmit_encap_bundle(struct ipsec_xmit_state *ixs) -{ -#ifdef CONFIG_IPSEC_ALG - struct ipsec_alg_enc *ixt_e = NULL; - struct ipsec_alg_auth *ixt_a = NULL; - int blocksize = 8; -#endif /* CONFIG_IPSEC_ALG */ - enum ipsec_xmit_value bundle_stat = IPSEC_XMIT_OK; - - ixs->newdst = ixs->orgdst = ixs->iph->daddr; - ixs->newsrc = ixs->orgsrc = ixs->iph->saddr; - ixs->orgedst = ixs->outgoing_said.dst.s_addr; - ixs->iphlen = ixs->iph->ihl << 2; - ixs->pyldsz = ntohs(ixs->iph->tot_len) - ixs->iphlen; - ixs->max_headroom = ixs->max_tailroom = 0; - - if (ixs->outgoing_said.proto == IPPROTO_INT) { - switch (ntohl(ixs->outgoing_said.spi)) { - case SPI_DROP: - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "shunt SA of DROP or no eroute: dropping.\n"); - ixs->stats->tx_dropped++; - break; - - case SPI_REJECT: - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "shunt SA of REJECT: notifying and dropping.\n"); - ICMP_SEND(ixs->skb, - ICMP_DEST_UNREACH, - ICMP_PKT_FILTERED, - 0, - ixs->physdev); - ixs->stats->tx_dropped++; - break; - - case SPI_PASS: -#ifdef NET_21 - ixs->pass = 1; -#endif /* NET_21 */ - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "PASS: calling dev_queue_xmit\n"); - return IPSEC_XMIT_PASS; - goto cleanup; - -#if 1 /* now moved up to finderoute so we don't need to lock it longer */ - case SPI_HOLD: - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "shunt SA of HOLD: this does not make sense here, dropping.\n"); - ixs->stats->tx_dropped++; - break; -#endif - case SPI_TRAP: - case SPI_TRAPSUBNET: - { - struct sockaddr_in src, dst; -#ifdef CONFIG_IPSEC_DEBUG - char bufsrc[ADDRTOA_BUF], bufdst[ADDRTOA_BUF]; -#endif /* CONFIG_IPSEC_DEBUG */ - - /* Signal all listening KMds with a PF_KEY ACQUIRE */ - ixs->ips.ips_said.proto = ixs->iph->protocol; - src.sin_family = AF_INET; - dst.sin_family = AF_INET; - src.sin_addr.s_addr = ixs->iph->saddr; - dst.sin_addr.s_addr = ixs->iph->daddr; - src.sin_port = - (ixs->iph->protocol == IPPROTO_UDP - ? ((struct udphdr*) (((caddr_t)ixs->iph) + (ixs->iph->ihl << 2)))->source - : (ixs->iph->protocol == IPPROTO_TCP - ? ((struct tcphdr*)((caddr_t)ixs->iph + (ixs->iph->ihl << 2)))->source - : 0)); - dst.sin_port = - (ixs->iph->protocol == IPPROTO_UDP - ? ((struct udphdr*) (((caddr_t)ixs->iph) + (ixs->iph->ihl << 2)))->dest - : (ixs->iph->protocol == IPPROTO_TCP - ? ((struct tcphdr*)((caddr_t)ixs->iph + (ixs->iph->ihl << 2)))->dest - : 0)); - { - int i; - for(i = 0; - i < sizeof(struct sockaddr_in) - - offsetof(struct sockaddr_in, sin_zero); - i++) { - src.sin_zero[i] = 0; - dst.sin_zero[i] = 0; - } - } - - ixs->ips.ips_addr_s = (struct sockaddr*)(&src); - ixs->ips.ips_addr_d = (struct sockaddr*)(&dst); - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "SADB_ACQUIRE sent with src=%s:%d, dst=%s:%d, proto=%d.\n", - addrtoa(((struct sockaddr_in*)(ixs->ips.ips_addr_s))->sin_addr, 0, bufsrc, sizeof(bufsrc)) <= ADDRTOA_BUF ? bufsrc : "BAD_ADDR", - ntohs(((struct sockaddr_in*)(ixs->ips.ips_addr_s))->sin_port), - addrtoa(((struct sockaddr_in*)(ixs->ips.ips_addr_d))->sin_addr, 0, bufdst, sizeof(bufdst)) <= ADDRTOA_BUF ? bufdst : "BAD_ADDR", - ntohs(((struct sockaddr_in*)(ixs->ips.ips_addr_d))->sin_port), - ixs->ips.ips_said.proto); - - /* increment count of total traps needed */ - ipsec_xmit_trap_count++; - - if (pfkey_acquire(&ixs->ips) == 0) { - - /* note that we succeeded */ - ipsec_xmit_trap_sendcount++; - - if (ixs->outgoing_said.spi==htonl(SPI_TRAPSUBNET)) { - /* - * The spinlock is to prevent any other - * process from accessing or deleting - * the eroute while we are using and - * updating it. - */ - spin_lock(&eroute_lock); - ixs->eroute = ipsec_findroute(&ixs->matcher); - if(ixs->eroute) { - ixs->eroute->er_said.spi = htonl(SPI_HOLD); - ixs->eroute->er_first = ixs->skb; - ixs->skb = NULL; - } - spin_unlock(&eroute_lock); - } else if (create_hold_eroute(ixs->skb, ixs->iph, ixs->eroute_pid)) { - ixs->skb = NULL; - } - } - ixs->stats->tx_dropped++; - } - default: - /* XXX what do we do with an unknown shunt spi? */ - break; - } /* switch (ntohl(ixs->outgoing_said.spi)) */ - return IPSEC_XMIT_STOLEN; - } /* if (ixs->outgoing_said.proto == IPPROTO_INT) */ - - /* - The spinlock is to prevent any other process from - accessing or deleting the ipsec_sa hash table or any of the - ipsec_sa s while we are using and updating them. - - This is not optimal, but was relatively straightforward - at the time. A better way to do it has been planned for - more than a year, to lock the hash table and put reference - counts on each ipsec_sa instead. This is not likely to happen - in KLIPS1 unless a volunteer contributes it, but will be - designed into KLIPS2. - */ - spin_lock(&tdb_lock); - - ixs->ipsp = ipsec_sa_getbyid(&ixs->outgoing_said); - ixs->sa_len = satoa(ixs->outgoing_said, 0, ixs->sa_txt, SATOA_BUF); - - if (ixs->ipsp == NULL) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "no ipsec_sa for SA%s: outgoing packet with no SA, dropped.\n", - ixs->sa_len ? ixs->sa_txt : " (error)"); - ixs->stats->tx_dropped++; - bundle_stat = IPSEC_XMIT_SAIDNOTFOUND; - goto cleanup; - } - - ipsec_sa_put(ixs->ipsp); /* incomplete */ - - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "found ipsec_sa -- SA:<%s%s%s> %s\n", - IPS_XFORM_NAME(ixs->ipsp), - ixs->sa_len ? ixs->sa_txt : " (error)"); - - /* - * How much headroom do we need to be able to apply - * all the grouped transforms? - */ - ixs->ipsq = ixs->ipsp; /* save the head of the ipsec_sa chain */ - while (ixs->ipsp) { - ixs->sa_len = satoa(ixs->ipsp->ips_said, 0, ixs->sa_txt, SATOA_BUF); - if(ixs->sa_len == 0) { - strcpy(ixs->sa_txt, "(error)"); - } - - /* If it is in larval state, drop the packet, we cannot process yet. */ - if(ixs->ipsp->ips_state == SADB_SASTATE_LARVAL) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "ipsec_sa in larval state for SA:<%s%s%s> %s, cannot be used yet, dropping packet.\n", - IPS_XFORM_NAME(ixs->ipsp), - ixs->sa_len ? ixs->sa_txt : " (error)"); - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_SAIDNOTLIVE; - goto cleanup; - } - - if(ixs->ipsp->ips_state == SADB_SASTATE_DEAD) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "ipsec_sa in dead state for SA:<%s%s%s> %s, can no longer be used, dropping packet.\n", - IPS_XFORM_NAME(ixs->ipsp), - ixs->sa_len ? ixs->sa_txt : " (error)"); - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_SAIDNOTLIVE; - goto cleanup; - } - - /* If the replay window counter == -1, expire SA, it will roll */ - if(ixs->ipsp->ips_replaywin && ixs->ipsp->ips_replaywin_lastseq == -1) { - pfkey_expire(ixs->ipsp, 1); - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "replay window counter rolled for SA:<%s%s%s> %s, packet dropped, expiring SA.\n", - IPS_XFORM_NAME(ixs->ipsp), - ixs->sa_len ? ixs->sa_txt : " (error)"); - ipsec_sa_delchain(ixs->ipsp); - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_REPLAYROLLED; - goto cleanup; - } - - /* - * if this is the first time we are using this SA, mark start time, - * and offset hard/soft counters by "now" for later checking. - */ -#if 0 - if(ixs->ipsp->ips_life.ipl_usetime.count == 0) { - ixs->ipsp->ips_life.ipl_usetime.count = jiffies; - ixs->ipsp->ips_life.ipl_usetime.hard += jiffies; - ixs->ipsp->ips_life.ipl_usetime.soft += jiffies; - } -#endif - - - if(ipsec_lifetime_check(&ixs->ipsp->ips_life.ipl_bytes, "bytes", ixs->sa_txt, - ipsec_life_countbased, ipsec_outgoing, ixs->ipsp) == ipsec_life_harddied || - ipsec_lifetime_check(&ixs->ipsp->ips_life.ipl_addtime, "addtime",ixs->sa_txt, - ipsec_life_timebased, ipsec_outgoing, ixs->ipsp) == ipsec_life_harddied || - ipsec_lifetime_check(&ixs->ipsp->ips_life.ipl_usetime, "usetime",ixs->sa_txt, - ipsec_life_timebased, ipsec_outgoing, ixs->ipsp) == ipsec_life_harddied || - ipsec_lifetime_check(&ixs->ipsp->ips_life.ipl_packets, "packets",ixs->sa_txt, - ipsec_life_countbased, ipsec_outgoing, ixs->ipsp) == ipsec_life_harddied) { - - ipsec_sa_delchain(ixs->ipsp); - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_LIFETIMEFAILED; - goto cleanup; - } - - - ixs->headroom = ixs->tailroom = 0; - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "calling room for <%s%s%s>, SA:%s\n", - IPS_XFORM_NAME(ixs->ipsp), - ixs->sa_len ? ixs->sa_txt : " (error)"); - switch(ixs->ipsp->ips_said.proto) { -#ifdef CONFIG_IPSEC_AH - case IPPROTO_AH: - ixs->headroom += sizeof(struct ahhdr); - break; -#endif /* CONFIG_IPSEC_AH */ -#ifdef CONFIG_IPSEC_ESP - case IPPROTO_ESP: -#ifdef CONFIG_IPSEC_ALG - if ((ixt_e=ixs->ipsp->ips_alg_enc)) { - blocksize = ixt_e->ixt_blocksize; - ixs->headroom += ESP_HEADER_LEN + ixt_e->ixt_ivlen/8; - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ixs->ipsp->ips_encalg) { -#ifdef CONFIG_IPSEC_ENC_3DES - case ESP_3DES: - ixs->headroom += sizeof(struct esphdr); - break; -#endif /* CONFIG_IPSEC_ENC_3DES */ - default: - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_ESP_BADALG; - goto cleanup; - } -#ifdef CONFIG_IPSEC_ALG - if ((ixt_a=ixs->ipsp->ips_alg_auth)) { - ixs->tailroom += AHHMAC_HASHLEN; - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ixs->ipsp->ips_authalg) { -#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - case AH_MD5: - ixs->tailroom += AHHMAC_HASHLEN; - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - case AH_SHA: - ixs->tailroom += AHHMAC_HASHLEN; - break; -#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ - case AH_NONE: - break; - default: - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_AH_BADALG; - goto cleanup; - } -#ifdef CONFIG_IPSEC_ALG - ixs->tailroom += blocksize != 1 ? - ((blocksize - ((ixs->pyldsz + 2) % blocksize)) % blocksize) + 2 : - ((4 - ((ixs->pyldsz + 2) % 4)) % 4) + 2; -#else - ixs->tailroom += ((8 - ((ixs->pyldsz + 2 * sizeof(unsigned char)) % 8)) % 8) + 2; -#endif /* CONFIG_IPSEC_ALG */ -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if ((ixs->ipsp->ips_natt_type) && (!ixs->natt_type)) { - ixs->natt_type = ixs->ipsp->ips_natt_type; - ixs->natt_sport = ixs->ipsp->ips_natt_sport; - ixs->natt_dport = ixs->ipsp->ips_natt_dport; - switch (ixs->natt_type) { - case ESPINUDP_WITH_NON_IKE: - ixs->natt_head = sizeof(struct udphdr)+(2*sizeof(__u32)); - break; - case ESPINUDP_WITH_NON_ESP: - ixs->natt_head = sizeof(struct udphdr); - break; - default: - ixs->natt_head = 0; - break; - } - ixs->tailroom += ixs->natt_head; - } -#endif - break; -#endif /* !CONFIG_IPSEC_ESP */ -#ifdef CONFIG_IPSEC_IPIP - case IPPROTO_IPIP: - ixs->headroom += sizeof(struct iphdr); - break; -#endif /* !CONFIG_IPSEC_IPIP */ - case IPPROTO_COMP: -#ifdef CONFIG_IPSEC_IPCOMP - /* - We can't predict how much the packet will - shrink without doing the actual compression. - We could do it here, if we were the first - encapsulation in the chain. That might save - us a skb_copy_expand, since we might fit - into the existing skb then. However, this - would be a bit unclean (and this hack has - bit us once), so we better not do it. After - all, the skb_copy_expand is cheap in - comparison to the actual compression. - At least we know the packet will not grow. - */ - break; -#endif /* CONFIG_IPSEC_IPCOMP */ - default: - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_BADPROTO; - goto cleanup; - } - ixs->ipsp = ixs->ipsp->ips_onext; - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "Required head,tailroom: %d,%d\n", - ixs->headroom, ixs->tailroom); - ixs->max_headroom += ixs->headroom; - ixs->max_tailroom += ixs->tailroom; - ixs->pyldsz += (ixs->headroom + ixs->tailroom); - } - ixs->ipsp = ixs->ipsq; /* restore the head of the ipsec_sa chain */ - - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "existing head,tailroom: %d,%d before applying xforms with head,tailroom: %d,%d .\n", - skb_headroom(ixs->skb), skb_tailroom(ixs->skb), - ixs->max_headroom, ixs->max_tailroom); - - ixs->tot_headroom += ixs->max_headroom; - ixs->tot_tailroom += ixs->max_tailroom; - - ixs->mtudiff = ixs->prv->mtu + ixs->tot_headroom + ixs->tot_tailroom - ixs->physmtu; - - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "mtu:%d physmtu:%d tothr:%d tottr:%d mtudiff:%d ippkttotlen:%d\n", - ixs->prv->mtu, ixs->physmtu, - ixs->tot_headroom, ixs->tot_tailroom, ixs->mtudiff, ntohs(ixs->iph->tot_len)); - if(ixs->mtudiff > 0) { - int newmtu = ixs->physmtu - (ixs->tot_headroom + ((ixs->tot_tailroom + 2) & ~7) + 5); - - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_info:ipsec_xmit_encap_bundle: " - "dev %s mtu of %d decreased by %d to %d\n", - ixs->dev->name, - ixs->prv->mtu, - ixs->prv->mtu - newmtu, - newmtu); - ixs->prv->mtu = newmtu; -#ifdef NET_21 -#if 0 - ixs->skb->dst->pmtu = ixs->prv->mtu; /* RGB */ -#endif /* 0 */ -#else /* NET_21 */ -#if 0 - ixs->dev->mtu = ixs->prv->mtu; /* RGB */ -#endif /* 0 */ -#endif /* NET_21 */ - } - - /* - If the sender is doing PMTU discovery, and the - packet doesn't fit within ixs->prv->mtu, notify him - (unless it was an ICMP packet, or it was not the - zero-offset packet) and send it anyways. - - Note: buggy firewall configuration may prevent the - ICMP packet from getting back. - */ - if(sysctl_ipsec_icmp - && ixs->prv->mtu < ntohs(ixs->iph->tot_len) - && (ixs->iph->frag_off & __constant_htons(IP_DF)) ) { - int notify = ixs->iph->protocol != IPPROTO_ICMP - && (ixs->iph->frag_off & __constant_htons(IP_OFFSET)) == 0; - -#ifdef IPSEC_obey_DF - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "fragmentation needed and DF set; %sdropping packet\n", - notify ? "sending ICMP and " : ""); - if (notify) - ICMP_SEND(ixs->skb, - ICMP_DEST_UNREACH, - ICMP_FRAG_NEEDED, - ixs->prv->mtu, - ixs->physdev); - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_CANNOTFRAG; - goto cleanup; -#else /* IPSEC_obey_DF */ - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "fragmentation needed and DF set; %spassing packet\n", - notify ? "sending ICMP and " : ""); - if (notify) - ICMP_SEND(ixs->skb, - ICMP_DEST_UNREACH, - ICMP_FRAG_NEEDED, - ixs->prv->mtu, - ixs->physdev); -#endif /* IPSEC_obey_DF */ - } - -#ifdef MSS_HACK - /* - * If this is a transport mode TCP packet with - * SYN set, determine an effective MSS based on - * AH/ESP overheads determined above. - */ - if (ixs->iph->protocol == IPPROTO_TCP - && ixs->outgoing_said.proto != IPPROTO_IPIP) { - struct tcphdr *tcph = ixs->skb->h.th; - if (tcph->syn && !tcph->ack) { - if(!ipsec_adjust_mss(ixs->skb, tcph, ixs->prv->mtu)) { - printk(KERN_WARNING - "klips_warning:ipsec_xmit_encap_bundle: " - "ipsec_adjust_mss() failed\n"); - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_MSSERR; - goto cleanup; - } - } - } -#endif /* MSS_HACK */ - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if ((ixs->natt_type) && (ixs->outgoing_said.proto != IPPROTO_IPIP)) { - /** - * NAT-Traversal and Transport Mode: - * we need to correct TCP/UDP checksum - * - * If we've got NAT-OA, we can fix checksum without recalculation. - * If we don't we can zero udp checksum. - */ - __u32 natt_oa = ixs->ipsp->ips_natt_oa ? - ((struct sockaddr_in*)(ixs->ipsp->ips_natt_oa))->sin_addr.s_addr : 0; - __u16 pkt_len = ixs->skb->tail - (unsigned char *)ixs->iph; - __u16 data_len = pkt_len - (ixs->iph->ihl << 2); - switch (ixs->iph->protocol) { - case IPPROTO_TCP: - if (data_len >= sizeof(struct tcphdr)) { - struct tcphdr *tcp = (struct tcphdr *)((__u32 *)ixs->iph+ixs->iph->ihl); - if (natt_oa) { - __u32 buff[2] = { ~ixs->iph->daddr, natt_oa }; - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_start_xmit: " - "NAT-T & TRANSPORT: " - "fix TCP checksum using NAT-OA\n"); - tcp->check = csum_fold( - csum_partial((unsigned char *)buff, sizeof(buff), - tcp->check^0xffff)); - } - else { - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_start_xmit: " - "NAT-T & TRANSPORT: do not recalc TCP checksum\n"); - } - } - else { - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_start_xmit: " - "NAT-T & TRANSPORT: can't fix TCP checksum\n"); - } - break; - case IPPROTO_UDP: - if (data_len >= sizeof(struct udphdr)) { - struct udphdr *udp = (struct udphdr *)((__u32 *)ixs->iph+ixs->iph->ihl); - if (udp->check == 0) { - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_start_xmit: " - "NAT-T & TRANSPORT: UDP checksum already 0\n"); - } - else if (natt_oa) { - __u32 buff[2] = { ~ixs->iph->daddr, natt_oa }; - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_start_xmit: " - "NAT-T & TRANSPORT: " - "fix UDP checksum using NAT-OA\n"); - udp->check = csum_fold( - csum_partial((unsigned char *)buff, sizeof(buff), - udp->check^0xffff)); - } - else { - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_start_xmit: " - "NAT-T & TRANSPORT: zero UDP checksum\n"); - udp->check = 0; - } - } - else { - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_start_xmit: " - "NAT-T & TRANSPORT: can't fix UDP checksum\n"); - } - break; - default: - KLIPS_PRINT(debug_tunnel, - "klips_debug:ipsec_tunnel_start_xmit: " - "NAT-T & TRANSPORT: non TCP/UDP packet -- do nothing\n"); - break; - } - } -#endif /* CONFIG_IPSEC_NAT_TRAVERSAL */ - - if(!ixs->hard_header_stripped) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: " - "allocating %d bytes for hardheader.\n", - ixs->hard_header_len); - if((ixs->saved_header = kmalloc(ixs->hard_header_len, GFP_ATOMIC)) == NULL) { - printk(KERN_WARNING "klips_debug:ipsec_xmit_encap_bundle: " - "Failed, tried to allocate %d bytes for temp hard_header.\n", - ixs->hard_header_len); - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_ERRMEMALLOC; - goto cleanup; - } - { - int i; - for (i = 0; i < ixs->hard_header_len; i++) { - ixs->saved_header[i] = ixs->skb->data[i]; - } - } - if(ixs->skb->len < ixs->hard_header_len) { - printk(KERN_WARNING "klips_error:ipsec_xmit_encap_bundle: " - "tried to skb_pull hhlen=%d, %d available. This should never happen, please report.\n", - ixs->hard_header_len, (int)(ixs->skb->len)); - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_ESP_PUSHPULLERR; - goto cleanup; - } - skb_pull(ixs->skb, ixs->hard_header_len); - ixs->hard_header_stripped = 1; - -/* ixs->iph = (struct iphdr *) (ixs->skb->data); */ - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "head,tailroom: %d,%d after hard_header stripped.\n", - skb_headroom(ixs->skb), skb_tailroom(ixs->skb)); - KLIPS_IP_PRINT(debug_tunnel & DB_TN_CROUT, ixs->iph); - } else { - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "hard header already stripped.\n"); - } - - ixs->ll_headroom = (ixs->hard_header_len + 15) & ~15; - - if ((skb_headroom(ixs->skb) >= ixs->max_headroom + 2 * ixs->ll_headroom) && - (skb_tailroom(ixs->skb) >= ixs->max_tailroom) -#ifndef NET_21 - && ixs->skb->free -#endif /* !NET_21 */ - ) { - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "data fits in existing skb\n"); - } else { - struct sk_buff* tskb; - - if(!ixs->oskb) { - ixs->oskb = ixs->skb; - } - - tskb = skb_copy_expand(ixs->skb, - /* The need for 2 * link layer length here remains unexplained...RGB */ - ixs->max_headroom + 2 * ixs->ll_headroom, - ixs->max_tailroom, - GFP_ATOMIC); -#ifdef NET_21 - if(tskb && ixs->skb->sk) { - skb_set_owner_w(tskb, ixs->skb->sk); - } -#endif /* NET_21 */ - if(ixs->skb != ixs->oskb) { - ipsec_kfree_skb(ixs->skb); - } - ixs->skb = tskb; - if (!ixs->skb) { - printk(KERN_WARNING - "klips_debug:ipsec_xmit_encap_bundle: " - "Failed, tried to allocate %d head and %d tailroom\n", - ixs->max_headroom, ixs->max_tailroom); - ixs->stats->tx_errors++; - bundle_stat = IPSEC_XMIT_ERRSKBALLOC; - goto cleanup; - } - KLIPS_PRINT(debug_tunnel & DB_TN_CROUT, - "klips_debug:ipsec_xmit_encap_bundle: " - "head,tailroom: %d,%d after allocation\n", - skb_headroom(ixs->skb), skb_tailroom(ixs->skb)); - } - - /* - * Apply grouped transforms to packet - */ - while (ixs->ipsp) { - enum ipsec_xmit_value encap_stat = IPSEC_XMIT_OK; - - encap_stat = ipsec_xmit_encap_once(ixs); - if(encap_stat != IPSEC_XMIT_OK) { - KLIPS_PRINT(debug_tunnel & DB_TN_XMIT, - "klips_debug:ipsec_xmit_encap_bundle: encap_once failed: %d\n", - encap_stat); - - bundle_stat = IPSEC_XMIT_ENCAPFAIL; - goto cleanup; - } - } - /* end encapsulation loop here XXX */ - cleanup: - spin_unlock(&tdb_lock); - return bundle_stat; -} diff --git a/linux/net/ipsec/pfkey_v2.c b/linux/net/ipsec/pfkey_v2.c deleted file mode 100644 index a78aaf26e..000000000 --- a/linux/net/ipsec/pfkey_v2.c +++ /dev/null @@ -1,2125 +0,0 @@ -/* - * @(#) RFC2367 PF_KEYv2 Key management API domain socket I/F - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: pfkey_v2.c,v 1.4 2004/09/29 22:27:41 as Exp $ - */ - -/* - * Template from /usr/src/linux-2.0.36/net/unix/af_unix.c. - * Hints from /usr/src/linux-2.0.36/net/ipv4/udp.c. - */ - -#define __NO_VERSION__ -#include -#include -#include -#include - -#include "freeswan/ipsec_param.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include /* struct socket */ -#include -#include -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include -#include -#include -#include /* struct sock */ -/* #include */ -#include -#ifdef CONFIG_PROC_FS -# include -#endif /* CONFIG_PROC_FS */ - -#include - -#include -#ifdef NET_21 -# include -# include -#endif /* NET_21 */ - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_sa.h" - -#include -#include - -#include "freeswan/ipsec_proto.h" - -#ifdef CONFIG_IPSEC_DEBUG -int debug_pfkey = 0; -extern int sysctl_ipsec_debug_verbose; -#endif /* CONFIG_IPSEC_DEBUG */ - -#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) - -#ifndef SOCKOPS_WRAPPED -#define SOCKOPS_WRAPPED(name) name -#endif /* SOCKOPS_WRAPPED */ - -extern struct proto_ops pfkey_ops; -struct sock *pfkey_sock_list = NULL; -struct supported_list *pfkey_supported_list[SADB_SATYPE_MAX+1]; - -struct socket_list *pfkey_open_sockets = NULL; -struct socket_list *pfkey_registered_sockets[SADB_SATYPE_MAX+1]; - -int pfkey_msg_interp(struct sock *, struct sadb_msg *, struct sadb_msg **); - -int -pfkey_list_remove_socket(struct socket *socketp, struct socket_list **sockets) -{ - struct socket_list *socket_listp,*prev; - - if(!socketp) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_remove_socket: " - "NULL socketp handed in, failed.\n"); - return -EINVAL; - } - - if(!sockets) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_remove_socket: " - "NULL sockets list handed in, failed.\n"); - return -EINVAL; - } - - socket_listp = *sockets; - prev = NULL; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_remove_socket: " - "removing sock=0p%p\n", - socketp); - - while(socket_listp != NULL) { - if(socket_listp->socketp == socketp) { - if(prev != NULL) { - prev->next = socket_listp->next; - } else { - *sockets = socket_listp->next; - } - - kfree((void*)socket_listp); - - break; - } - prev = socket_listp; - socket_listp = socket_listp->next; - } - - return 0; -} - -int -pfkey_list_insert_socket(struct socket *socketp, struct socket_list **sockets) -{ - struct socket_list *socket_listp; - - if(!socketp) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_insert_socket: " - "NULL socketp handed in, failed.\n"); - return -EINVAL; - } - - if(!sockets) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_insert_socket: " - "NULL sockets list handed in, failed.\n"); - return -EINVAL; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_insert_socket: " - "allocating %lu bytes for socketp=0p%p\n", - (unsigned long) sizeof(struct socket_list), - socketp); - - if((socket_listp = (struct socket_list *)kmalloc(sizeof(struct socket_list), GFP_KERNEL)) == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_insert_socket: " - "memory allocation error.\n"); - return -ENOMEM; - } - - socket_listp->socketp = socketp; - socket_listp->next = *sockets; - *sockets = socket_listp; - - return 0; -} - -int -pfkey_list_remove_supported(struct supported *supported, struct supported_list **supported_list) -{ - struct supported_list *supported_listp = *supported_list, *prev = NULL; - - if(!supported) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_remove_supported: " - "NULL supported handed in, failed.\n"); - return -EINVAL; - } - - if(!supported_list) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_remove_supported: " - "NULL supported_list handed in, failed.\n"); - return -EINVAL; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_remove_supported: " - "removing supported=0p%p\n", - supported); - - while(supported_listp != NULL) { - if(supported_listp->supportedp == supported) { - if(prev != NULL) { - prev->next = supported_listp->next; - } else { - *supported_list = supported_listp->next; - } - - kfree((void*)supported_listp); - - break; - } - prev = supported_listp; - supported_listp = supported_listp->next; - } - - return 0; -} - -int -pfkey_list_insert_supported(struct supported *supported, struct supported_list **supported_list) -{ - struct supported_list *supported_listp; - - if(!supported) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_insert_supported: " - "NULL supported handed in, failed.\n"); - return -EINVAL; - } - - if(!supported_list) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_insert_supported: " - "NULL supported_list handed in, failed.\n"); - return -EINVAL; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_insert_supported: " - "allocating %lu bytes for incoming, supported=0p%p, supported_list=0p%p\n", - (unsigned long) sizeof(struct supported_list), - supported, - supported_list); - - supported_listp = (struct supported_list *)kmalloc(sizeof(struct supported_list), GFP_KERNEL); - if(supported_listp == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_insert_supported: " - "memory allocation error.\n"); - return -ENOMEM; - } - - supported_listp->supportedp = supported; - supported_listp->next = *supported_list; - *supported_list = supported_listp; - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_list_insert_supported: " - "outgoing, supported=0p%p, supported_list=0p%p\n", - supported, - supported_list); - - return 0; -} - -#ifndef NET_21 -DEBUG_NO_STATIC void -pfkey_state_change(struct sock *sk) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_state_change: .\n"); - if(!sk->dead) { - wake_up_interruptible(sk->sleep); - } -} -#endif /* !NET_21 */ - -#ifndef NET_21 -DEBUG_NO_STATIC void -pfkey_data_ready(struct sock *sk, int len) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_data_ready: " - "sk=0p%p len=%d\n", - sk, - len); - if(!sk->dead) { - wake_up_interruptible(sk->sleep); - sock_wake_async(sk->socket, 1); - } -} - -DEBUG_NO_STATIC void -pfkey_write_space(struct sock *sk) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_write_space: .\n"); - if(!sk->dead) { - wake_up_interruptible(sk->sleep); - sock_wake_async(sk->socket, 2); - } -} -#endif /* !NET_21 */ - -DEBUG_NO_STATIC void -pfkey_insert_socket(struct sock *sk) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_insert_socket: " - "sk=0p%p\n", - sk); - cli(); - sk->next=pfkey_sock_list; - pfkey_sock_list=sk; - sti(); -} - -DEBUG_NO_STATIC void -pfkey_remove_socket(struct sock *sk) -{ - struct sock **s; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_remove_socket: .\n"); - cli(); - s=&pfkey_sock_list; - - while(*s!=NULL) { - if(*s==sk) { - *s=sk->next; - sk->next=NULL; - sti(); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_remove_socket: " - "succeeded.\n"); - return; - } - s=&((*s)->next); - } - sti(); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_remove_socket: " - "not found.\n"); - return; -} - -DEBUG_NO_STATIC void -pfkey_destroy_socket(struct sock *sk) -{ - struct sk_buff *skb; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_destroy_socket: .\n"); - pfkey_remove_socket(sk); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_destroy_socket: " - "pfkey_remove_socket called.\n"); - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_destroy_socket: " - "sk(0p%p)->(&0p%p)receive_queue.{next=0p%p,prev=0p%p}.\n", - sk, - &(sk->receive_queue), - sk->receive_queue.next, - sk->receive_queue.prev); - while(sk && ((skb=skb_dequeue(&(sk->receive_queue)))!=NULL)) { -#ifdef NET_21 -#ifdef CONFIG_IPSEC_DEBUG - if(debug_pfkey && sysctl_ipsec_debug_verbose) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_destroy_socket: " - "skb=0p%p dequeued.\n", skb); - printk(KERN_INFO "klips_debug:pfkey_destroy_socket: " - "pfkey_skb contents:"); - printk(" next:0p%p", skb->next); - printk(" prev:0p%p", skb->prev); - printk(" list:0p%p", skb->list); - printk(" sk:0p%p", skb->sk); - printk(" stamp:%ld.%ld", skb->stamp.tv_sec, skb->stamp.tv_usec); - printk(" dev:0p%p", skb->dev); - if(skb->dev) { - if(skb->dev->name) { - printk(" dev->name:%s", skb->dev->name); - } else { - printk(" dev->name:NULL?"); - } - } else { - printk(" dev:NULL"); - } - printk(" h:0p%p", skb->h.raw); - printk(" nh:0p%p", skb->nh.raw); - printk(" mac:0p%p", skb->mac.raw); - printk(" dst:0p%p", skb->dst); - if(sysctl_ipsec_debug_verbose) { - int i; - - printk(" cb"); - for(i=0; i<48; i++) { - printk(":%2x", skb->cb[i]); - } - } - printk(" len:%d", skb->len); - printk(" csum:%d", skb->csum); -#ifndef NETDEV_23 - printk(" used:%d", skb->used); - printk(" is_clone:%d", skb->is_clone); -#endif /* NETDEV_23 */ - printk(" cloned:%d", skb->cloned); - printk(" pkt_type:%d", skb->pkt_type); - printk(" ip_summed:%d", skb->ip_summed); - printk(" priority:%d", skb->priority); - printk(" protocol:%d", skb->protocol); - printk(" security:%d", skb->security); - printk(" truesize:%d", skb->truesize); - printk(" head:0p%p", skb->head); - printk(" data:0p%p", skb->data); - printk(" tail:0p%p", skb->tail); - printk(" end:0p%p", skb->end); - if(sysctl_ipsec_debug_verbose) { - unsigned char* i; - printk(" data"); - for(i = skb->head; i < skb->end; i++) { - printk(":%2x", (unsigned char)(*(i))); - } - } - printk(" destructor:0p%p", skb->destructor); - printk("\n"); - } -#endif /* CONFIG_IPSEC_DEBUG */ -#endif /* NET_21 */ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_destroy_socket: " - "skb=0p%p freed.\n", - skb); - ipsec_kfree_skb(skb); - } - - sk->dead = 1; - sk_free(sk); - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_destroy_socket: destroyed.\n"); -} - -int -pfkey_upmsg(struct socket *sock, struct sadb_msg *pfkey_msg) -{ - int error = 0; - struct sk_buff * skb = NULL; - struct sock *sk; - - if(sock == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_upmsg: " - "NULL socket passed in.\n"); - return -EINVAL; - } - - if(pfkey_msg == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_upmsg: " - "NULL pfkey_msg passed in.\n"); - return -EINVAL; - } - -#ifdef NET_21 - sk = sock->sk; -#else /* NET_21 */ - sk = sock->data; -#endif /* NET_21 */ - - if(sk == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_upmsg: " - "NULL sock passed in.\n"); - return -EINVAL; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_upmsg: " - "allocating %d bytes...\n", - (int)(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN)); - if(!(skb = alloc_skb(pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN, GFP_ATOMIC) )) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_upmsg: " - "no buffers left to send up a message.\n"); - return -ENOBUFS; - } - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_upmsg: " - "...allocated at 0p%p.\n", - skb); - - skb->dev = NULL; - - if(skb_tailroom(skb) < pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) { - printk(KERN_WARNING "klips_error:pfkey_upmsg: " - "tried to skb_put %ld, %d available. This should never happen, please report.\n", - (unsigned long int)pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN, - skb_tailroom(skb)); - ipsec_kfree_skb(skb); - return -ENOBUFS; - } - skb->h.raw = skb_put(skb, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); - memcpy(skb->h.raw, pfkey_msg, pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN); - -#ifndef NET_21 - skb->free = 1; -#endif /* !NET_21 */ - - if((error = sock_queue_rcv_skb(sk, skb)) < 0) { - skb->sk=NULL; - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_upmsg: " - "error=%d calling sock_queue_rcv_skb with skb=0p%p.\n", - error, - skb); - ipsec_kfree_skb(skb); - return error; - } - return error; -} - -DEBUG_NO_STATIC int -pfkey_create(struct socket *sock, int protocol) -{ - struct sock *sk; - - if(sock == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_create: " - "socket NULL.\n"); - return -EINVAL; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_create: " - "sock=0p%p type:%d state:%d flags:%ld protocol:%d\n", - sock, - sock->type, - (unsigned int)(sock->state), - sock->flags, protocol); - - if(sock->type != SOCK_RAW) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_create: " - "only SOCK_RAW supported.\n"); - return -ESOCKTNOSUPPORT; - } - - if(protocol != PF_KEY_V2) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_create: " - "protocol not PF_KEY_V2.\n"); - return -EPROTONOSUPPORT; - } - - if((current->uid != 0)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_create: " - "must be root to open pfkey sockets.\n"); - return -EACCES; - } - -#ifdef NET_21 - sock->state = SS_UNCONNECTED; -#endif /* NET_21 */ - MOD_INC_USE_COUNT; -#ifdef NET_21 - if((sk=(struct sock *)sk_alloc(PF_KEY, GFP_KERNEL, 1)) == NULL) -#else /* NET_21 */ - if((sk=(struct sock *)sk_alloc(GFP_KERNEL)) == NULL) -#endif /* NET_21 */ - { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_create: " - "Out of memory trying to allocate.\n"); - MOD_DEC_USE_COUNT; - return -ENOMEM; - } - -#ifndef NET_21 - memset(sk, 0, sizeof(*sk)); -#endif /* !NET_21 */ - -#ifdef NET_21 - sock_init_data(sock, sk); - - sk->destruct = NULL; - sk->reuse = 1; - sock->ops = &pfkey_ops; - - sk->zapped=0; - sk->family = PF_KEY; -/* sk->num = protocol; */ - sk->protocol = protocol; - key_pid(sk) = current->pid; - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_create: " - "sock->fasync_list=0p%p sk->sleep=0p%p.\n", - sock->fasync_list, - sk->sleep); -#else /* NET_21 */ - sk->type=sock->type; - init_timer(&sk->timer); - skb_queue_head_init(&sk->write_queue); - skb_queue_head_init(&sk->receive_queue); - skb_queue_head_init(&sk->back_log); - sk->rcvbuf=SK_RMEM_MAX; - sk->sndbuf=SK_WMEM_MAX; - sk->allocation=GFP_KERNEL; - sk->state=TCP_CLOSE; - sk->priority=SOPRI_NORMAL; - sk->state_change=pfkey_state_change; - sk->data_ready=pfkey_data_ready; - sk->write_space=pfkey_write_space; - sk->error_report=pfkey_state_change; - sk->mtu=4096; - sk->socket=sock; - sock->data=(void *)sk; - sk->sleep=sock->wait; -#endif /* NET_21 */ - - pfkey_insert_socket(sk); - pfkey_list_insert_socket(sock, &pfkey_open_sockets); - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_create: " - "Socket sock=0p%p sk=0p%p initialised.\n", sock, sk); - return 0; -} - -#ifndef NET_21 -DEBUG_NO_STATIC int -pfkey_dup(struct socket *newsock, struct socket *oldsock) -{ - struct sock *sk; - - if(newsock==NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_dup: " - "No new socket attached.\n"); - return -EINVAL; - } - - if(oldsock==NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_dup: " - "No old socket attached.\n"); - return -EINVAL; - } - -#ifdef NET_21 - sk=oldsock->sk; -#else /* NET_21 */ - sk=oldsock->data; -#endif /* NET_21 */ - - /* May not have data attached */ - if(sk==NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_dup: " - "No sock attached to old socket.\n"); - return -EINVAL; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_dup: .\n"); - - return pfkey_create(newsock, sk->protocol); -} -#endif /* !NET_21 */ - -DEBUG_NO_STATIC int -#ifdef NETDEV_23 -pfkey_release(struct socket *sock) -#else /* NETDEV_23 */ -pfkey_release(struct socket *sock, struct socket *peersock) -#endif /* NETDEV_23 */ -{ - struct sock *sk; - int i; - - if(sock==NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_release: " - "No socket attached.\n"); - return 0; /* -EINVAL; */ - } - -#ifdef NET_21 - sk=sock->sk; -#else /* NET_21 */ - sk=sock->data; -#endif /* NET_21 */ - - /* May not have data attached */ - if(sk==NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_release: " - "No sk attached to sock=0p%p.\n", sock); - return 0; /* -EINVAL; */ - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_release: " - "sock=0p%p sk=0p%p\n", sock, sk); - -#ifdef NET_21 - if(!sk->dead) -#endif /* NET_21 */ - if(sk->state_change) { - sk->state_change(sk); - } - -#ifdef NET_21 - sock->sk = NULL; -#else /* NET_21 */ - sock->data = NULL; -#endif /* NET_21 */ - - /* Try to flush out this socket. Throw out buffers at least */ - pfkey_destroy_socket(sk); - pfkey_list_remove_socket(sock, &pfkey_open_sockets); - for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) { - pfkey_list_remove_socket(sock, &(pfkey_registered_sockets[i])); - } - - MOD_DEC_USE_COUNT; - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_release: " - "succeeded.\n"); - - return 0; -} - -#ifndef NET_21 -DEBUG_NO_STATIC int -pfkey_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_bind: " - "operation not supported.\n"); - return -EINVAL; -} - -DEBUG_NO_STATIC int -pfkey_connect(struct socket *sock, struct sockaddr *uaddr, int addr_len, int flags) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_connect: " - "operation not supported.\n"); - return -EINVAL; -} - -DEBUG_NO_STATIC int -pfkey_socketpair(struct socket *a, struct socket *b) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_socketpair: " - "operation not supported.\n"); - return -EINVAL; -} - -DEBUG_NO_STATIC int -pfkey_accept(struct socket *sock, struct socket *newsock, int flags) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_aaccept: " - "operation not supported.\n"); - return -EINVAL; -} - -DEBUG_NO_STATIC int -pfkey_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, - int peer) -{ - struct sockaddr *ska = (struct sockaddr*)uaddr; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_getname: .\n"); - ska->sa_family = PF_KEY; - *uaddr_len = sizeof(*ska); - return 0; -} - -DEBUG_NO_STATIC int -pfkey_select(struct socket *sock, int sel_type, select_table *wait) -{ - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_select: " - ".sock=0p%p sk=0p%p sel_type=%d\n", - sock, - sock->data, - sel_type); - if(sock == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_select: " - "Null socket passed in.\n"); - return -EINVAL; - } - return datagram_select(sock->data, sel_type, wait); -} - -DEBUG_NO_STATIC int -pfkey_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ioctl: " - "not supported.\n"); - return -EINVAL; -} - -DEBUG_NO_STATIC int -pfkey_listen(struct socket *sock, int backlog) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_listen: " - "not supported.\n"); - return -EINVAL; -} -#endif /* !NET_21 */ - -DEBUG_NO_STATIC int -pfkey_shutdown(struct socket *sock, int mode) -{ - struct sock *sk; - - if(sock == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_shutdown: " - "NULL socket passed in.\n"); - return -EINVAL; - } - -#ifdef NET_21 - sk=sock->sk; -#else /* NET_21 */ - sk=sock->data; -#endif /* NET_21 */ - - if(sk == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_shutdown: " - "No sock attached to socket.\n"); - return -EINVAL; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_shutdown: " - "mode=%x.\n", mode); - mode++; - - if(mode&SEND_SHUTDOWN) { - sk->shutdown|=SEND_SHUTDOWN; - sk->state_change(sk); - } - - if(mode&RCV_SHUTDOWN) { - sk->shutdown|=RCV_SHUTDOWN; - sk->state_change(sk); - } - return 0; -} - -#ifndef NET_21 -DEBUG_NO_STATIC int -pfkey_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen) -{ -#ifndef NET_21 - struct sock *sk; - - if(sock == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_setsockopt: " - "Null socket passed in.\n"); - return -EINVAL; - } - - sk=sock->data; - - if(sk == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_setsockopt: " - "Null sock passed in.\n"); - return -EINVAL; - } -#endif /* !NET_21 */ - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_setsockopt: .\n"); - if(level!=SOL_SOCKET) { - return -EOPNOTSUPP; - } -#ifdef NET_21 - return sock_setsockopt(sock, level, optname, optval, optlen); -#else /* NET_21 */ - return sock_setsockopt(sk, level, optname, optval, optlen); -#endif /* NET_21 */ -} - -DEBUG_NO_STATIC int -pfkey_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen) -{ -#ifndef NET_21 - struct sock *sk; - - if(sock == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_setsockopt: " - "Null socket passed in.\n"); - return -EINVAL; - } - - sk=sock->data; - - if(sk == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_setsockopt: " - "Null sock passed in.\n"); - return -EINVAL; - } -#endif /* !NET_21 */ - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_getsockopt: .\n"); - if(level!=SOL_SOCKET) { - return -EOPNOTSUPP; - } -#ifdef NET_21 - return sock_getsockopt(sock, level, optname, optval, optlen); -#else /* NET_21 */ - return sock_getsockopt(sk, level, optname, optval, optlen); -#endif /* NET_21 */ -} - -DEBUG_NO_STATIC int -pfkey_fcntl(struct socket *sock, unsigned int cmd, unsigned long arg) -{ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_fcntl: " - "not supported.\n"); - return -EINVAL; -} -#endif /* !NET_21 */ - -/* - * Send PF_KEY data down. - */ - -DEBUG_NO_STATIC int -#ifdef NET_21 -pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm) -#else /* NET_21 */ -pfkey_sendmsg(struct socket *sock, struct msghdr *msg, int len, int nonblock, int flags) -#endif /* NET_21 */ -{ - struct sock *sk; - int error = 0; - struct sadb_msg *pfkey_msg = NULL, *pfkey_reply = NULL; - - if(sock == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "Null socket passed in.\n"); - SENDERR(EINVAL); - } - -#ifdef NET_21 - sk = sock->sk; -#else /* NET_21 */ - sk = sock->data; -#endif /* NET_21 */ - - if(sk == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "Null sock passed in.\n"); - SENDERR(EINVAL); - } - - if(msg == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "Null msghdr passed in.\n"); - SENDERR(EINVAL); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: .\n"); - if(sk->err) { - error = sock_error(sk); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "sk->err is non-zero, returns %d.\n", - error); - SENDERR(-error); - } - - if((current->uid != 0)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "must be root to send messages to pfkey sockets.\n"); - SENDERR(EACCES); - } - -#ifdef NET_21 - if(msg->msg_control) -#else /* NET_21 */ - if(flags || msg->msg_control) -#endif /* NET_21 */ - { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "can't set flags or set msg_control.\n"); - SENDERR(EINVAL); - } - - if(sk->shutdown & SEND_SHUTDOWN) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "shutdown.\n"); - send_sig(SIGPIPE, current, 0); - SENDERR(EPIPE); - } - - if(len < sizeof(struct sadb_msg)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "bogus msg len of %d, too small.\n", len); - SENDERR(EMSGSIZE); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "allocating %d bytes for downward message.\n", - len); - if((pfkey_msg = (struct sadb_msg*)kmalloc(len, GFP_KERNEL)) == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "memory allocation error.\n"); - SENDERR(ENOBUFS); - } - - memcpy_fromiovec((void *)pfkey_msg, msg->msg_iov, len); - - if(pfkey_msg->sadb_msg_version != PF_KEY_V2) { - KLIPS_PRINT(1 || debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "not PF_KEY_V2 msg, found %d, should be %d.\n", - pfkey_msg->sadb_msg_version, - PF_KEY_V2); - kfree((void*)pfkey_msg); - return -EINVAL; - } - - if(len != pfkey_msg->sadb_msg_len * IPSEC_PFKEYv2_ALIGN) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "bogus msg len of %d, not %d byte aligned.\n", - len, (int)IPSEC_PFKEYv2_ALIGN); - SENDERR(EMSGSIZE); - } - -#if 0 - /* This check is questionable, since a downward message could be - the result of an ACQUIRE either from kernel (PID==0) or - userspace (some other PID). */ - /* check PID */ - if(pfkey_msg->sadb_msg_pid != current->pid) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "pid (%d) does not equal sending process pid (%d).\n", - pfkey_msg->sadb_msg_pid, current->pid); - SENDERR(EINVAL); - } -#endif - - if(pfkey_msg->sadb_msg_reserved) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "reserved field must be zero, set to %d.\n", - pfkey_msg->sadb_msg_reserved); - SENDERR(EINVAL); - } - - if((pfkey_msg->sadb_msg_type > SADB_MAX) || (!pfkey_msg->sadb_msg_type)){ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "msg type too large or small:%d.\n", - pfkey_msg->sadb_msg_type); - SENDERR(EINVAL); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "msg sent for parsing.\n"); - - if((error = pfkey_msg_interp(sk, pfkey_msg, &pfkey_reply))) { - struct socket_list *pfkey_socketsp; - - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " - "pfkey_msg_parse returns %d.\n", - error); - - if((pfkey_reply = (struct sadb_msg*)kmalloc(sizeof(struct sadb_msg), GFP_KERNEL)) == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "memory allocation error.\n"); - SENDERR(ENOBUFS); - } - memcpy((void*)pfkey_reply, (void*)pfkey_msg, sizeof(struct sadb_msg)); - pfkey_reply->sadb_msg_errno = -error; - pfkey_reply->sadb_msg_len = sizeof(struct sadb_msg) / IPSEC_PFKEYv2_ALIGN; - - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - int error_upmsg = 0; - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " - "sending up error=%d message=0p%p to socket=0p%p.\n", - error, - pfkey_reply, - pfkey_socketsp->socketp); - if((error_upmsg = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " - "sending up error message to socket=0p%p failed with error=%d.\n", - pfkey_socketsp->socketp, - error_upmsg); - /* pfkey_msg_free(&pfkey_reply); */ - /* SENDERR(-error); */ - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_sendmsg: " - "sending up error message to socket=0p%p succeeded.\n", - pfkey_socketsp->socketp); - } - - pfkey_msg_free(&pfkey_reply); - - SENDERR(-error); - } - - errlab: - if (pfkey_msg) { - kfree((void*)pfkey_msg); - } - - if(error) { - return error; - } else { - return len; - } -} - -/* - * Receive PF_KEY data up. - */ - -DEBUG_NO_STATIC int -#ifdef NET_21 -pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags, struct scm_cookie *scm) -#else /* NET_21 */ -pfkey_recvmsg(struct socket *sock, struct msghdr *msg, int size, int noblock, int flags, int *addr_len) -#endif /* NET_21 */ -{ - struct sock *sk; -#ifdef NET_21 - int noblock = flags & MSG_DONTWAIT; -#endif /* NET_21 */ - struct sk_buff *skb; - int error; - - if(sock == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_recvmsg: " - "Null socket passed in.\n"); - return -EINVAL; - } - -#ifdef NET_21 - sk = sock->sk; -#else /* NET_21 */ - sk = sock->data; -#endif /* NET_21 */ - - if(sk == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_recvmsg: " - "Null sock passed in for sock=0p%p.\n", sock); - return -EINVAL; - } - - if(msg == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_recvmsg: " - "Null msghdr passed in for sock=0p%p, sk=0p%p.\n", - sock, sk); - return -EINVAL; - } - - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_recvmsg: sock=0p%p sk=0p%p msg=0p%p size=%d.\n", - sock, sk, msg, size); - if(flags & ~MSG_PEEK) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "flags (%d) other than MSG_PEEK not supported.\n", - flags); - return -EOPNOTSUPP; - } - -#ifdef NET_21 - msg->msg_namelen = 0; /* sizeof(*ska); */ -#else /* NET_21 */ - if(addr_len) { - *addr_len = 0; /* sizeof(*ska); */ - } -#endif /* NET_21 */ - - if(sk->err) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sendmsg: " - "sk->err=%d.\n", sk->err); - return sock_error(sk); - } - - if((skb = skb_recv_datagram(sk, flags, noblock, &error) ) == NULL) { - return error; - } - - if(size > skb->len) { - size = skb->len; - } -#ifdef NET_21 - else if(size len) { - msg->msg_flags |= MSG_TRUNC; - } -#endif /* NET_21 */ - - skb_copy_datagram_iovec(skb, 0, msg->msg_iov, size); - sk->stamp=skb->stamp; - - skb_free_datagram(sk, skb); - return size; -} - -#ifdef NET_21 -struct net_proto_family pfkey_family_ops = { - PF_KEY, - pfkey_create -}; - -struct proto_ops SOCKOPS_WRAPPED(pfkey_ops) = { -#ifdef NETDEV_23 - family: PF_KEY, - release: pfkey_release, - bind: sock_no_bind, - connect: sock_no_connect, - socketpair: sock_no_socketpair, - accept: sock_no_accept, - getname: sock_no_getname, - poll: datagram_poll, - ioctl: sock_no_ioctl, - listen: sock_no_listen, - shutdown: pfkey_shutdown, - setsockopt: sock_no_setsockopt, - getsockopt: sock_no_getsockopt, - sendmsg: pfkey_sendmsg, - recvmsg: pfkey_recvmsg, - mmap: sock_no_mmap, -#else /* NETDEV_23 */ - PF_KEY, - sock_no_dup, - pfkey_release, - sock_no_bind, - sock_no_connect, - sock_no_socketpair, - sock_no_accept, - sock_no_getname, - datagram_poll, - sock_no_ioctl, - sock_no_listen, - pfkey_shutdown, - sock_no_setsockopt, - sock_no_getsockopt, - sock_no_fcntl, - pfkey_sendmsg, - pfkey_recvmsg -#endif /* NETDEV_23 */ -}; - -#ifdef NETDEV_23 -#include -SOCKOPS_WRAP(pfkey, PF_KEY); -#endif /* NETDEV_23 */ - -#else /* NET_21 */ -struct proto_ops pfkey_proto_ops = { - PF_KEY, - pfkey_create, - pfkey_dup, - pfkey_release, - pfkey_bind, - pfkey_connect, - pfkey_socketpair, - pfkey_accept, - pfkey_getname, - pfkey_select, - pfkey_ioctl, - pfkey_listen, - pfkey_shutdown, - pfkey_setsockopt, - pfkey_getsockopt, - pfkey_fcntl, - pfkey_sendmsg, - pfkey_recvmsg -}; -#endif /* NET_21 */ - -#ifdef CONFIG_PROC_FS -#ifndef PROC_FS_2325 -DEBUG_NO_STATIC -#endif /* PROC_FS_2325 */ -int -pfkey_get_info(char *buffer, char **start, off_t offset, int length -#ifndef PROC_NO_DUMMY -, int dummy -#endif /* !PROC_NO_DUMMY */ -) -{ - const int max_content = length > 0? length-1 : 0; - - off_t begin=0; - int len=0; - struct sock *sk=pfkey_sock_list; - -#ifdef CONFIG_IPSEC_DEBUG - if(!sysctl_ipsec_debug_verbose) { -#endif /* CONFIG_IPSEC_DEBUG */ - len+= snprintf(buffer,length, - " sock pid socket next prev e n p sndbf Flags Type St\n"); -#ifdef CONFIG_IPSEC_DEBUG - } else { - len+= snprintf(buffer,length, - " sock pid d sleep socket next prev e r z n p sndbf stamp Flags Type St\n"); - } -#endif /* CONFIG_IPSEC_DEBUG */ - - while(sk!=NULL) { -#ifdef CONFIG_IPSEC_DEBUG - if(!sysctl_ipsec_debug_verbose) { -#endif /* CONFIG_IPSEC_DEBUG */ - len += ipsec_snprintf(buffer+len, length-len, - "%8p %5d %8p %8p %8p %d %d %d %5d %08lX %8X %2X\n", - sk, - key_pid(sk), - sk->socket, - sk->next, - sk->prev, - sk->err, - sk->num, - sk->protocol, - sk->sndbuf, - sk->socket->flags, - sk->socket->type, - sk->socket->state); -#ifdef CONFIG_IPSEC_DEBUG - } else { - len += ipsec_snprintf(buffer+len, length-len, - "%8p %5d %d %8p %8p %8p %8p %d %d %d %d %d %5d %d.%06d %08lX %8X %2X\n", - sk, - key_pid(sk), - sk->dead, - sk->sleep, - sk->socket, - sk->next, - sk->prev, - sk->err, - sk->reuse, - sk->zapped, - sk->num, - sk->protocol, - sk->sndbuf, - (unsigned int)sk->stamp.tv_sec, - (unsigned int)sk->stamp.tv_usec, - sk->socket->flags, - sk->socket->type, - sk->socket->state); - } -#endif /* CONFIG_IPSEC_DEBUG */ - - if (len >= max_content) { - /* we've done all that can fit -- stop loop */ - len = max_content; /* truncate crap */ - break; - } else { - const off_t pos = begin + len; /* file position of end of what we've generated */ - - if (pos <= offset) { - /* all is before first interesting character: - * discard, but note where we are. - */ - len = 0; - begin = pos; - } - } - sk=sk->next; - } - - *start = buffer + (offset - begin); /* Start of wanted data */ - return len - (offset - begin); -} - -#ifndef PROC_FS_2325 -DEBUG_NO_STATIC -#endif /* PROC_FS_2325 */ -int -pfkey_supported_get_info(char *buffer, char **start, off_t offset, int length -#ifndef PROC_NO_DUMMY -, int dummy -#endif /* !PROC_NO_DUMMY */ -) -{ - const int max_content = length > 0? length-1 : 0; - - off_t begin=0; - int len=0; - int satype; - struct supported_list *pfkey_supported_p; - - len += ipsec_snprintf(buffer, length, - "satype exttype alg_id ivlen minbits maxbits\n"); - - for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) { - pfkey_supported_p = pfkey_supported_list[satype]; - while(pfkey_supported_p) { - len += ipsec_snprintf(buffer+len, length-len, - " %2d %2d %2d %3d %3d %3d\n", - satype, - pfkey_supported_p->supportedp->supported_alg_exttype, - pfkey_supported_p->supportedp->supported_alg_id, - pfkey_supported_p->supportedp->supported_alg_ivlen, - pfkey_supported_p->supportedp->supported_alg_minbits, - pfkey_supported_p->supportedp->supported_alg_maxbits); - - if (len >= max_content) { - /* we've done all that can fit -- stop loop */ - len = max_content; /* truncate crap */ - break; - } else { - const off_t pos = begin + len; /* file position of end of what we've generated */ - - if (pos <= offset) { - /* all is before first interesting character: - * discard, but note where we are. - */ - len = 0; - begin = pos; - } - } - - pfkey_supported_p = pfkey_supported_p->next; - } - } - - *start = buffer + (offset - begin); /* Start of wanted data */ - return len - (offset - begin); -} - -#ifndef PROC_FS_2325 -DEBUG_NO_STATIC -#endif /* PROC_FS_2325 */ -int -pfkey_registered_get_info(char *buffer, char **start, off_t offset, int length -#ifndef PROC_NO_DUMMY -, int dummy -#endif /* !PROC_NO_DUMMY */ -) -{ - const int max_content = length > 0? length-1 : 0; - - off_t begin=0; - int len=0; - int satype; - struct socket_list *pfkey_sockets; - - len += ipsec_snprintf(buffer, length, - "satype socket pid sk\n"); - - for(satype = SADB_SATYPE_UNSPEC; satype <= SADB_SATYPE_MAX; satype++) { - pfkey_sockets = pfkey_registered_sockets[satype]; - while(pfkey_sockets) { -#ifdef NET_21 - len += ipsec_snprintf(buffer+len, length-len, - " %2d %8p %5d %8p\n", - satype, - pfkey_sockets->socketp, - key_pid(pfkey_sockets->socketp->sk), - pfkey_sockets->socketp->sk); -#else /* NET_21 */ - len += ipsec_snprintf(buffer+len, length-len, - " %2d %8p N/A %8p\n", - satype, - pfkey_sockets->socketp, -#if 0 - key_pid((pfkey_sockets->socketp)->data), -#endif - (pfkey_sockets->socketp)->data); -#endif /* NET_21 */ - - if (len >= max_content) { - /* we've done all that can fit -- stop loop (could stop two) */ - len = max_content; /* truncate crap */ - break; - } else { - const off_t pos = begin + len; /* file position of end of what we've generated */ - - if (pos <= offset) { - /* all is before first interesting character: - * discard, but note where we are. - */ - len = 0; - begin = pos; - } - } - - pfkey_sockets = pfkey_sockets->next; - } - } - - *start = buffer + (offset - begin); /* Start of wanted data */ - return len - (offset - begin); -} - -#ifndef PROC_FS_2325 -struct proc_dir_entry proc_net_pfkey = -{ - 0, - 6, "pf_key", - S_IFREG | S_IRUGO, 1, 0, 0, - 0, &proc_net_inode_operations, - pfkey_get_info -}; -struct proc_dir_entry proc_net_pfkey_supported = -{ - 0, - 16, "pf_key_supported", - S_IFREG | S_IRUGO, 1, 0, 0, - 0, &proc_net_inode_operations, - pfkey_supported_get_info -}; -struct proc_dir_entry proc_net_pfkey_registered = -{ - 0, - 17, "pf_key_registered", - S_IFREG | S_IRUGO, 1, 0, 0, - 0, &proc_net_inode_operations, - pfkey_registered_get_info -}; -#endif /* !PROC_FS_2325 */ -#endif /* CONFIG_PROC_FS */ - -DEBUG_NO_STATIC int -supported_add_all(int satype, struct supported supported[], int size) -{ - int i; - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:init_pfkey: " - "sizeof(supported_init_)[%d]/sizeof(struct supported)[%d]=%d.\n", - satype, - size, - (int)sizeof(struct supported), - (int)(size/sizeof(struct supported))); - - for(i = 0; i < size / sizeof(struct supported); i++) { - - KLIPS_PRINT(debug_pfkey, - "klips_debug:init_pfkey: " - "i=%d inserting satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n", - i, - satype, - supported[i].supported_alg_exttype, - supported[i].supported_alg_id, - supported[i].supported_alg_ivlen, - supported[i].supported_alg_minbits, - supported[i].supported_alg_maxbits); - - error |= pfkey_list_insert_supported(&(supported[i]), - &(pfkey_supported_list[satype])); - } - return error; -} - -DEBUG_NO_STATIC int -supported_remove_all(int satype) -{ - int error = 0; - struct supported*supportedp; - - while(pfkey_supported_list[satype]) { - supportedp = pfkey_supported_list[satype]->supportedp; - KLIPS_PRINT(debug_pfkey, - "klips_debug:init_pfkey: " - "removing satype=%d exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n", - satype, - supportedp->supported_alg_exttype, - supportedp->supported_alg_id, - supportedp->supported_alg_ivlen, - supportedp->supported_alg_minbits, - supportedp->supported_alg_maxbits); - - error |= pfkey_list_remove_supported(supportedp, - &(pfkey_supported_list[satype])); - } - return error; -} - -int -pfkey_init(void) -{ - int error = 0; - int i; - - static struct supported supported_init_ah[] = { -#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5_HMAC, 0, 128, 128}, -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1_HMAC, 0, 160, 160} -#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ - }; - static struct supported supported_init_esp[] = { -#ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_MD5_HMAC, 0, 128, 128}, -#endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -#ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - {SADB_EXT_SUPPORTED_AUTH, SADB_AALG_SHA1_HMAC, 0, 160, 160}, -#endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ -#ifdef CONFIG_IPSEC_ENC_3DES - {SADB_EXT_SUPPORTED_ENCRYPT, SADB_EALG_3DES_CBC, 64, 168, 168}, -#endif /* CONFIG_IPSEC_ENC_3DES */ - }; - static struct supported supported_init_ipip[] = { - {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv4, 0, 32, 32} -#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) - , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv4, 0, 128, 32} - , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv4_in_IPv6, 0, 32, 128} - , {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_TALG_IPv6_in_IPv6, 0, 128, 128} -#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ - }; -#ifdef CONFIG_IPSEC_IPCOMP - static struct supported supported_init_ipcomp[] = { - {SADB_EXT_SUPPORTED_ENCRYPT, SADB_X_CALG_DEFLATE, 0, 1, 1} - }; -#endif /* CONFIG_IPSEC_IPCOMP */ - -#if 0 - printk(KERN_INFO - "klips_info:pfkey_init: " - "FreeS/WAN: initialising PF_KEYv2 domain sockets.\n"); -#endif - - for(i = SADB_SATYPE_UNSPEC; i <= SADB_SATYPE_MAX; i++) { - pfkey_registered_sockets[i] = NULL; - pfkey_supported_list[i] = NULL; - } - - error |= supported_add_all(SADB_SATYPE_AH, supported_init_ah, sizeof(supported_init_ah)); - error |= supported_add_all(SADB_SATYPE_ESP, supported_init_esp, sizeof(supported_init_esp)); -#ifdef CONFIG_IPSEC_IPCOMP - error |= supported_add_all(SADB_X_SATYPE_COMP, supported_init_ipcomp, sizeof(supported_init_ipcomp)); -#endif /* CONFIG_IPSEC_IPCOMP */ - error |= supported_add_all(SADB_X_SATYPE_IPIP, supported_init_ipip, sizeof(supported_init_ipip)); - -#ifdef NET_21 - error |= sock_register(&pfkey_family_ops); -#else /* NET_21 */ - error |= sock_register(pfkey_proto_ops.family, &pfkey_proto_ops); -#endif /* NET_21 */ - -#ifdef CONFIG_PROC_FS -# ifndef PROC_FS_2325 -# ifdef PROC_FS_21 - error |= proc_register(proc_net, &proc_net_pfkey); - error |= proc_register(proc_net, &proc_net_pfkey_supported); - error |= proc_register(proc_net, &proc_net_pfkey_registered); -# else /* PROC_FS_21 */ - error |= proc_register_dynamic(&proc_net, &proc_net_pfkey); - error |= proc_register_dynamic(&proc_net, &proc_net_pfkey_supported); - error |= proc_register_dynamic(&proc_net, &proc_net_pfkey_registered); -# endif /* PROC_FS_21 */ -# else /* !PROC_FS_2325 */ - proc_net_create ("pf_key", 0, pfkey_get_info); - proc_net_create ("pf_key_supported", 0, pfkey_supported_get_info); - proc_net_create ("pf_key_registered", 0, pfkey_registered_get_info); -# endif /* !PROC_FS_2325 */ -#endif /* CONFIG_PROC_FS */ - - return error; -} - -int -pfkey_cleanup(void) -{ - int error = 0; - - printk(KERN_INFO "klips_info:pfkey_cleanup: " - "shutting down PF_KEY domain sockets.\n"); -#ifdef NET_21 - error |= sock_unregister(PF_KEY); -#else /* NET_21 */ - error |= sock_unregister(pfkey_proto_ops.family); -#endif /* NET_21 */ - - error |= supported_remove_all(SADB_SATYPE_AH); - error |= supported_remove_all(SADB_SATYPE_ESP); -#ifdef CONFIG_IPSEC_IPCOMP - error |= supported_remove_all(SADB_X_SATYPE_COMP); -#endif /* CONFIG_IPSEC_IPCOMP */ - error |= supported_remove_all(SADB_X_SATYPE_IPIP); - -#ifdef CONFIG_PROC_FS -# ifndef PROC_FS_2325 - if (proc_net_unregister(proc_net_pfkey.low_ino) != 0) - printk("klips_debug:pfkey_cleanup: " - "cannot unregister /proc/net/pf_key\n"); - if (proc_net_unregister(proc_net_pfkey_supported.low_ino) != 0) - printk("klips_debug:pfkey_cleanup: " - "cannot unregister /proc/net/pf_key_supported\n"); - if (proc_net_unregister(proc_net_pfkey_registered.low_ino) != 0) - printk("klips_debug:pfkey_cleanup: " - "cannot unregister /proc/net/pf_key_registered\n"); -# else /* !PROC_FS_2325 */ - proc_net_remove ("pf_key"); - proc_net_remove ("pf_key_supported"); - proc_net_remove ("pf_key_registered"); -# endif /* !PROC_FS_2325 */ -#endif /* CONFIG_PROC_FS */ - - /* other module unloading cleanup happens here */ - return error; -} - -#ifdef MODULE -#if 0 -int -init_module(void) -{ - pfkey_init(); - return 0; -} - -void -cleanup_module(void) -{ - pfkey_cleanup(); -} -#endif /* 0 */ -#else /* MODULE */ -void -pfkey_proto_init(struct net_proto *pro) -{ - pfkey_init(); -} -#endif /* MODULE */ - -/* - * $Log: pfkey_v2.c,v $ - * Revision 1.4 2004/09/29 22:27:41 as - * changed SADB identifiers - * - * Revision 1.3 2004/04/28 08:06:22 as - * added dhr's freeswan-2.06 changes - * - * Revision 1.2 2004/03/22 21:53:19 as - * merged alg-0.8.1 branch with HEAD - * - * Revision 1.1.4.1 2004/03/16 09:48:20 as - * alg-0.8.1rc12 patch merged - * - * Revision 1.1 2004/03/15 20:35:26 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.78 2003/04/03 17:38:09 rgb - * Centralised ipsec_kfree_skb and ipsec_dev_{get,put}. - * - * Revision 1.77 2002/10/17 16:49:36 mcr - * sock->ops should reference the unwrapped options so that - * we get hacked in locking on SMP systems. - * - * Revision 1.76 2002/10/12 23:11:53 dhr - * - * [KenB + DHR] more 64-bit cleanup - * - * Revision 1.75 2002/09/20 05:01:57 rgb - * Added memory allocation debugging. - * - * Revision 1.74 2002/09/19 02:42:50 mcr - * do not define the pfkey_ops function for now. - * - * Revision 1.73 2002/09/17 17:29:23 mcr - * #if 0 out some dead code - pfkey_ops is never used as written. - * - * Revision 1.72 2002/07/24 18:44:54 rgb - * Type fiddling to tame ia64 compiler. - * - * Revision 1.71 2002/05/23 07:14:11 rgb - * Cleaned up %p variants to 0p%p for test suite cleanup. - * - * Revision 1.70 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.69 2002/04/24 07:36:33 mcr - * Moved from ./klips/net/ipsec/pfkey_v2.c,v - * - * Revision 1.68 2002/03/08 01:15:17 mcr - * put some internal structure only debug messages behind - * && sysctl_ipsec_debug_verbose. - * - * Revision 1.67 2002/01/29 17:17:57 mcr - * moved include of ipsec_param.h to after include of linux/kernel.h - * otherwise, it seems that some option that is set in ipsec_param.h - * screws up something subtle in the include path to kernel.h, and - * it complains on the snprintf() prototype. - * - * Revision 1.66 2002/01/29 04:00:54 mcr - * more excise of kversions.h header. - * - * Revision 1.65 2002/01/29 02:13:18 mcr - * introduction of ipsec_kversion.h means that include of - * ipsec_param.h must preceed any decisions about what files to - * include to deal with differences in kernel source. - * - * Revision 1.64 2001/11/26 09:23:51 rgb - * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes. - * - * Revision 1.61.2.1 2001/09/25 02:28:44 mcr - * cleaned up includes. - * - * Revision 1.63 2001/11/12 19:38:00 rgb - * Continue trying other sockets even if one fails and return only original - * error. - * - * Revision 1.62 2001/10/18 04:45:22 rgb - * 2.4.9 kernel deprecates linux/malloc.h in favour of linux/slab.h, - * lib/freeswan.h version macros moved to lib/kversions.h. - * Other compiler directive cleanups. - * - * Revision 1.61 2001/09/20 15:32:59 rgb - * Min/max cleanup. - * - * Revision 1.60 2001/06/14 19:35:12 rgb - * Update copyright date. - * - * Revision 1.59 2001/06/13 15:35:48 rgb - * Fixed #endif comments. - * - * Revision 1.58 2001/05/04 16:37:24 rgb - * Remove erroneous checking of return codes for proc_net_* in 2.4. - * - * Revision 1.57 2001/05/03 19:43:36 rgb - * Initialise error return variable. - * Check error return codes in startup and shutdown. - * Standardise on SENDERR() macro. - * - * Revision 1.56 2001/04/21 23:05:07 rgb - * Define out skb->used for 2.4 kernels. - * - * Revision 1.55 2001/02/28 05:03:28 rgb - * Clean up and rationalise startup messages. - * - * Revision 1.54 2001/02/27 22:24:55 rgb - * Re-formatting debug output (line-splitting, joining, 1arg/line). - * Check for satoa() return codes. - * - * Revision 1.53 2001/02/27 06:48:18 rgb - * Fixed pfkey socket unregister log message to reflect type and function. - * - * Revision 1.52 2001/02/26 22:34:38 rgb - * Fix error return code that was getting overwritten by the error return - * code of an upmsg. - * - * Revision 1.51 2001/01/30 23:42:47 rgb - * Allow pfkey msgs from pid other than user context required for ACQUIRE - * and subsequent ADD or UDATE. - * - * Revision 1.50 2001/01/23 20:22:59 rgb - * 2.4 fix to remove removed is_clone member. - * - * Revision 1.49 2000/11/06 04:33:47 rgb - * Changed non-exported functions to DEBUG_NO_STATIC. - * - * Revision 1.48 2000/09/29 19:47:41 rgb - * Update copyright. - * - * Revision 1.47 2000/09/22 04:23:04 rgb - * Added more debugging to pfkey_upmsg() call from pfkey_sendmsg() error. - * - * Revision 1.46 2000/09/21 04:20:44 rgb - * Fixed array size off-by-one error. (Thanks Svenning!) - * - * Revision 1.45 2000/09/20 04:01:26 rgb - * Changed static functions to DEBUG_NO_STATIC for revealing function names - * in oopsen. - * - * Revision 1.44 2000/09/19 00:33:17 rgb - * 2.0 fixes. - * - * Revision 1.43 2000/09/16 01:28:13 rgb - * Fixed use of 0 in p format warning. - * - * Revision 1.42 2000/09/16 01:09:41 rgb - * Fixed debug format warning for pointers that was expecting ints. - * - * Revision 1.41 2000/09/13 15:54:00 rgb - * Rewrote pfkey_get_info(), added pfkey_{supported,registered}_get_info(). - * Moved supported algos add and remove to functions. - * - * Revision 1.40 2000/09/12 18:49:28 rgb - * Added IPIP tunnel and IPCOMP register support. - * - * Revision 1.39 2000/09/12 03:23:49 rgb - * Converted #if0 debugs to sysctl. - * Removed debug_pfkey initialisations that prevented no_debug loading or - * linking. - * - * Revision 1.38 2000/09/09 06:38:02 rgb - * Return positive errno in pfkey_reply error message. - * - * Revision 1.37 2000/09/08 19:19:09 rgb - * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG. - * Clean-up of long-unused crud... - * Create pfkey error message on on failure. - * Give pfkey_list_{insert,remove}_{socket,supported}() some error - * checking. - * - * Revision 1.36 2000/09/01 18:49:38 rgb - * Reap experimental NET_21_ bits. - * Turned registered sockets list into an array of one list per satype. - * Remove references to deprecated sklist_{insert,remove}_socket. - * Removed leaking socket debugging code. - * Removed duplicate pfkey_insert_socket in pfkey_create. - * Removed all references to pfkey msg->msg_name, since it is not used for - * pfkey. - * Added a supported algorithms array lists, one per satype and registered - * existing algorithms. - * Fixed pfkey_list_{insert,remove}_{socket,support}() to allow change to - * list. - * Only send pfkey_expire() messages to sockets registered for that satype. - * - * Revision 1.35 2000/08/24 17:03:00 rgb - * Corrected message size error return code for PF_KEYv2. - * Removed downward error prohibition. - * - * Revision 1.34 2000/08/21 16:32:26 rgb - * Re-formatted for cosmetic consistency and readability. - * - * Revision 1.33 2000/08/20 21:38:24 rgb - * Added a pfkey_reply parameter to pfkey_msg_interp(). (Momchil) - * Extended the upward message initiation of pfkey_sendmsg(). (Momchil) - * - * Revision 1.32 2000/07/28 14:58:31 rgb - * Changed kfree_s to kfree, eliminating extra arg to fix 2.4.0-test5. - * - * Revision 1.31 2000/05/16 03:04:00 rgb - * Updates for 2.3.99pre8 from MB. - * - * Revision 1.30 2000/05/10 19:22:21 rgb - * Use sklist private functions for 2.3.xx compatibility. - * - * Revision 1.29 2000/03/22 16:17:03 rgb - * Fixed SOCKOPS_WRAPPED macro for SMP (MB). - * - * Revision 1.28 2000/02/21 19:30:45 rgb - * Removed references to pkt_bridged for 2.3.47 compatibility. - * - * Revision 1.27 2000/02/14 21:07:00 rgb - * Fixed /proc/net/pf-key legend spacing. - * - * Revision 1.26 2000/01/22 03:46:59 rgb - * Fixed pfkey error return mechanism so that we are able to free the - * local copy of the pfkey_msg, plugging a memory leak and silencing - * the bad object free complaints. - * - * Revision 1.25 2000/01/21 06:19:44 rgb - * Moved pfkey_list_remove_socket() calls to before MOD_USE_DEC_COUNT. - * Added debugging to pfkey_upmsg. - * - * Revision 1.24 2000/01/10 16:38:23 rgb - * MB fixups for 2.3.x. - * - * Revision 1.23 1999/12/09 23:22:16 rgb - * Added more instrumentation for debugging 2.0 socket - * selection/reading. - * Removed erroneous 2.0 wait==NULL check bug in select. - * - * Revision 1.22 1999/12/08 20:32:16 rgb - * Tidied up 2.0.xx support, after major pfkey work, eliminating - * msg->msg_name twiddling in the process, since it is not defined - * for PF_KEYv2. - * - * Revision 1.21 1999/12/01 22:17:19 rgb - * Set skb->dev to zero on new skb in case it is a reused skb. - * Added check for skb_put overflow and freeing to avoid upmsg on error. - * Added check for wrong pfkey version and freeing to avoid upmsg on - * error. - * Shut off content dumping in pfkey_destroy. - * Added debugging message for size of buffer allocated for upmsg. - * - * Revision 1.20 1999/11/27 12:11:00 rgb - * Minor clean-up, enabling quiet operation of pfkey if desired. - * - * Revision 1.19 1999/11/25 19:04:21 rgb - * Update proc_fs code for pfkey to use dynamic registration. - * - * Revision 1.18 1999/11/25 09:07:17 rgb - * Implemented SENDERR macro for propagating error codes. - * Fixed error return code bug. - * - * Revision 1.17 1999/11/23 23:07:20 rgb - * Change name of pfkey_msg_parser to pfkey_msg_interp since it no longer - * parses. (PJO) - * Sort out pfkey and freeswan headers, putting them in a library path. - * - * Revision 1.16 1999/11/20 22:00:22 rgb - * Moved socketlist type declarations and prototypes for shared use. - * Renamed reformatted and generically extended for use by other socket - * lists pfkey_{del,add}_open_socket to pfkey_list_{remove,insert}_socket. - * - * Revision 1.15 1999/11/18 04:15:09 rgb - * Make pfkey_data_ready temporarily available for 2.2.x testing. - * Clean up pfkey_destroy_socket() debugging statements. - * Add Peter Onion's code to send messages up to all listening sockets. - * Changed all occurrences of #include "../../../lib/freeswan.h" - * to #include which works due to -Ilibfreeswan in the - * klips/net/ipsec/Makefile. - * Replaced all kernel version macros to shorter, readable form. - * Added CONFIG_PROC_FS compiler directives in case it is shut off. - * - * Revision 1.14 1999/11/17 16:01:00 rgb - * Make pfkey_data_ready temporarily available for 2.2.x testing. - * Clean up pfkey_destroy_socket() debugging statements. - * Add Peter Onion's code to send messages up to all listening sockets. - * Changed #include "../../../lib/freeswan.h" to #include - * which works due to -Ilibfreeswan in the klips/net/ipsec/Makefile. - * - * Revision 1.13 1999/10/27 19:59:51 rgb - * Removed af_unix comments that are no longer relevant. - * Added debug prink statements. - * Added to the /proc output in pfkey_get_info. - * Made most functions non-static to enable oops tracing. - * Re-enable skb dequeueing and freeing. - * Fix skb_alloc() and skb_put() size bug in pfkey_upmsg(). - * - * Revision 1.12 1999/10/26 17:05:42 rgb - * Complete re-ordering based on proto_ops structure order. - * Separated out proto_ops structures for 2.0.x and 2.2.x for clarity. - * Simplification to use built-in socket ops where possible for 2.2.x. - * Add shorter macros for compiler directives to visually clean-up. - * Add lots of sk skb dequeueing debugging statements. - * Added to the /proc output in pfkey_get_info. - * - * Revision 1.11 1999/09/30 02:55:10 rgb - * Bogus skb detection. - * Fix incorrect /proc/net/ipsec-eroute printk message. - * - * Revision 1.10 1999/09/21 15:22:13 rgb - * Temporary fix while I figure out the right way to destroy sockets. - * - * Revision 1.9 1999/07/08 19:19:44 rgb - * Fix pointer format warning. - * Fix missing member error under 2.0.xx kernels. - * - * Revision 1.8 1999/06/13 07:24:04 rgb - * Add more debugging. - * - * Revision 1.7 1999/06/10 05:24:17 rgb - * Clarified compiler directives. - * Renamed variables to reduce confusion. - * Used sklist_*_socket() kernel functions to simplify 2.2.x socket support. - * Added lots of sanity checking. - * - * Revision 1.6 1999/06/03 18:59:50 rgb - * More updates to 2.2.x socket support. Almost works, oops at end of call. - * - * Revision 1.5 1999/05/25 22:44:05 rgb - * Start fixing 2.2 sockets. - * - * Revision 1.4 1999/04/29 15:21:34 rgb - * Move log to the end of the file. - * Eliminate min/max redefinition in #include . - * Correct path for pfkey #includes - * Standardise an error return method. - * Add debugging instrumentation. - * Move message type checking to pfkey_msg_parse(). - * Add check for errno incorrectly set. - * Add check for valid PID. - * Add check for reserved illegally set. - * Add check for message out of bounds. - * - * Revision 1.3 1999/04/15 17:58:07 rgb - * Add RCSID labels. - * - * Revision 1.2 1999/04/15 15:37:26 rgb - * Forward check changes from POST1_00 branch. - * - * Revision 1.1.2.2 1999/04/13 20:37:12 rgb - * Header Title correction. - * - * Revision 1.1.2.1 1999/03/26 20:58:55 rgb - * Add pfkeyv2 support to KLIPS. - * - * - * RFC 2367 - * PF_KEY_v2 Key Management API - */ diff --git a/linux/net/ipsec/pfkey_v2_ext_process.c b/linux/net/ipsec/pfkey_v2_ext_process.c deleted file mode 100644 index 9269bd59e..000000000 --- a/linux/net/ipsec/pfkey_v2_ext_process.c +++ /dev/null @@ -1,851 +0,0 @@ -/* - * @(#) RFC2367 PF_KEYv2 Key management API message parser - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: pfkey_v2_ext_process.c,v 1.3 2004/06/13 19:57:50 as Exp $ - */ - -/* - * Template from klips/net/ipsec/ipsec/ipsec_netlink.c. - */ - -char pfkey_v2_ext_process_c_version[] = "$Id: pfkey_v2_ext_process.c,v 1.3 2004/06/13 19:57:50 as Exp $"; - -#include -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include - -#include - -#include - -#ifdef SPINLOCK -# ifdef SPINLOCK_23 -# include /* *lock* */ -# else /* SPINLOCK_23 */ -# include /* *lock* */ -# endif /* SPINLOCK_23 */ -#endif /* SPINLOCK */ -#ifdef NET_21 -# include -# include -# define ip_chk_addr inet_addr_type -# define IS_MYADDR RTN_LOCAL -#endif -#include -#include -#ifdef NETLINK_SOCK -# include -#else -# include -#endif - -#include /* get_random_bytes() */ - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_sa.h" - -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_rcv.h" -#include "freeswan/ipcomp.h" - -#include -#include - -#include "freeswan/ipsec_proto.h" -#include "freeswan/ipsec_alg.h" - -#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) - -int -pfkey_sa_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - struct sadb_sa *pfkey_sa = (struct sadb_sa *)pfkey_ext; - int error = 0; - struct ipsec_sa* ipsp; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sa_process: .\n"); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sa_process: " - "extr or extr->ips is NULL, fatal\n"); - SENDERR(EINVAL); - } - - switch(pfkey_ext->sadb_ext_type) { - case SADB_EXT_SA: - ipsp = extr->ips; - break; - case SADB_X_EXT_SA2: - if(extr->ips2 == NULL) { - extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */ - } - if(extr->ips2 == NULL) { - SENDERR(-error); - } - ipsp = extr->ips2; - break; - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sa_process: " - "invalid exttype=%d.\n", - pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); - } - - ipsp->ips_said.spi = pfkey_sa->sadb_sa_spi; - ipsp->ips_replaywin = pfkey_sa->sadb_sa_replay; - ipsp->ips_state = pfkey_sa->sadb_sa_state; - ipsp->ips_flags = pfkey_sa->sadb_sa_flags; - ipsp->ips_replaywin_lastseq = ipsp->ips_replaywin_bitmap = 0; - ipsp->ips_ref_rel = pfkey_sa->sadb_x_sa_ref; - - switch(ipsp->ips_said.proto) { - case IPPROTO_AH: - ipsp->ips_authalg = pfkey_sa->sadb_sa_auth; - ipsp->ips_encalg = SADB_EALG_NONE; - break; - case IPPROTO_ESP: - ipsp->ips_authalg = pfkey_sa->sadb_sa_auth; - ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt; -#ifdef CONFIG_IPSEC_ALG - ipsec_alg_sa_init(ipsp); -#endif /* CONFIG_IPSEC_ALG */ - break; - case IPPROTO_IPIP: - ipsp->ips_authalg = AH_NONE; - ipsp->ips_encalg = ESP_NONE; - break; -#ifdef CONFIG_IPSEC_IPCOMP - case IPPROTO_COMP: - ipsp->ips_authalg = AH_NONE; - ipsp->ips_encalg = pfkey_sa->sadb_sa_encrypt; - break; -#endif /* CONFIG_IPSEC_IPCOMP */ - case IPPROTO_INT: - ipsp->ips_authalg = AH_NONE; - ipsp->ips_encalg = ESP_NONE; - break; - case 0: - break; - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sa_process: " - "unknown proto=%d.\n", - ipsp->ips_said.proto); - SENDERR(EINVAL); - } - -errlab: - return error; -} - -int -pfkey_lifetime_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct sadb_lifetime *pfkey_lifetime = (struct sadb_lifetime *)pfkey_ext; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_lifetime_process: .\n"); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_lifetime_process: " - "extr or extr->ips is NULL, fatal\n"); - SENDERR(EINVAL); - } - - switch(pfkey_lifetime->sadb_lifetime_exttype) { - case SADB_EXT_LIFETIME_CURRENT: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_lifetime_process: " - "lifetime_current not supported yet.\n"); - SENDERR(EINVAL); - break; - case SADB_EXT_LIFETIME_HARD: - ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_allocations, - pfkey_lifetime->sadb_lifetime_allocations); - - ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_bytes, - pfkey_lifetime->sadb_lifetime_bytes); - - ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_addtime, - pfkey_lifetime->sadb_lifetime_addtime); - - ipsec_lifetime_update_hard(&extr->ips->ips_life.ipl_usetime, - pfkey_lifetime->sadb_lifetime_usetime); - - break; - - case SADB_EXT_LIFETIME_SOFT: - ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_allocations, - pfkey_lifetime->sadb_lifetime_allocations); - - ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_bytes, - pfkey_lifetime->sadb_lifetime_bytes); - - ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_addtime, - pfkey_lifetime->sadb_lifetime_addtime); - - ipsec_lifetime_update_soft(&extr->ips->ips_life.ipl_usetime, - pfkey_lifetime->sadb_lifetime_usetime); - - break; - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_lifetime_process: " - "invalid exttype=%d.\n", - pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); - } - -errlab: - return error; -} - -int -pfkey_address_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - int saddr_len = 0; - char ipaddr_txt[ADDRTOA_BUF]; - unsigned char **sap; - unsigned short * portp = 0; - struct sadb_address *pfkey_address = (struct sadb_address *)pfkey_ext; - struct sockaddr* s = (struct sockaddr*)((char*)pfkey_address + sizeof(*pfkey_address)); - struct ipsec_sa* ipsp; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process:\n"); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "extr or extr->ips is NULL, fatal\n"); - SENDERR(EINVAL); - } - - switch(s->sa_family) { - case AF_INET: - saddr_len = sizeof(struct sockaddr_in); - addrtoa(((struct sockaddr_in*)s)->sin_addr, 0, ipaddr_txt, sizeof(ipaddr_txt)); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found address family=%d, AF_INET, %s.\n", - s->sa_family, - ipaddr_txt); - break; -#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) - case AF_INET6: - saddr_len = sizeof(struct sockaddr_in6); - break; -#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */ - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "s->sa_family=%d not supported.\n", - s->sa_family); - SENDERR(EPFNOSUPPORT); - } - - switch(pfkey_address->sadb_address_exttype) { - case SADB_EXT_ADDRESS_SRC: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found src address.\n"); - sap = (unsigned char **)&(extr->ips->ips_addr_s); - extr->ips->ips_addr_s_size = saddr_len; - break; - case SADB_EXT_ADDRESS_DST: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found dst address.\n"); - sap = (unsigned char **)&(extr->ips->ips_addr_d); - extr->ips->ips_addr_d_size = saddr_len; - break; - case SADB_EXT_ADDRESS_PROXY: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found proxy address.\n"); - sap = (unsigned char **)&(extr->ips->ips_addr_p); - extr->ips->ips_addr_p_size = saddr_len; - break; - case SADB_X_EXT_ADDRESS_DST2: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found 2nd dst address.\n"); - if(extr->ips2 == NULL) { - extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */ - } - if(extr->ips2 == NULL) { - SENDERR(-error); - } - sap = (unsigned char **)&(extr->ips2->ips_addr_d); - extr->ips2->ips_addr_d_size = saddr_len; - break; - case SADB_X_EXT_ADDRESS_SRC_FLOW: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found src flow address.\n"); - if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { - SENDERR(ENOMEM); - } - sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_src); - portp = &(extr->eroute->er_eaddr.sen_sport); - break; - case SADB_X_EXT_ADDRESS_DST_FLOW: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found dst flow address.\n"); - if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { - SENDERR(ENOMEM); - } - sap = (unsigned char **)&(extr->eroute->er_eaddr.sen_ip_dst); - portp = &(extr->eroute->er_eaddr.sen_dport); - break; - case SADB_X_EXT_ADDRESS_SRC_MASK: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found src mask address.\n"); - if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { - SENDERR(ENOMEM); - } - sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_src); - portp = &(extr->eroute->er_emask.sen_sport); - break; - case SADB_X_EXT_ADDRESS_DST_MASK: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found dst mask address.\n"); - if(pfkey_alloc_eroute(&(extr->eroute)) == ENOMEM) { - SENDERR(ENOMEM); - } - sap = (unsigned char **)&(extr->eroute->er_emask.sen_ip_dst); - portp = &(extr->eroute->er_emask.sen_dport); - break; -#ifdef NAT_TRAVERSAL - case SADB_X_EXT_NAT_T_OA: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "found NAT-OA address.\n"); - sap = (unsigned char **)&(extr->ips->ips_natt_oa); - extr->ips->ips_natt_oa_size = saddr_len; - break; -#endif - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "unrecognised ext_type=%d.\n", - pfkey_address->sadb_address_exttype); - SENDERR(EINVAL); - } - - switch(pfkey_address->sadb_address_exttype) { - case SADB_EXT_ADDRESS_SRC: - case SADB_EXT_ADDRESS_DST: - case SADB_EXT_ADDRESS_PROXY: - case SADB_X_EXT_ADDRESS_DST2: -#ifdef NAT_TRAVERSAL - case SADB_X_EXT_NAT_T_OA: -#endif - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "allocating %d bytes for saddr.\n", - saddr_len); - if(!(*sap = kmalloc(saddr_len, GFP_KERNEL))) { - SENDERR(ENOMEM); - } - memcpy(*sap, s, saddr_len); - break; - default: - if(s->sa_family != AF_INET) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "s->sa_family=%d not supported.\n", - s->sa_family); - SENDERR(EPFNOSUPPORT); - } - (unsigned long)(*sap) = ((struct sockaddr_in*)s)->sin_addr.s_addr; - if (portp != 0) - *portp = ((struct sockaddr_in*)s)->sin_port; -#ifdef CONFIG_IPSEC_DEBUG - if(extr->eroute) { - char buf1[64], buf2[64]; - if (debug_pfkey) { - subnettoa(extr->eroute->er_eaddr.sen_ip_src, - extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); - subnettoa(extr->eroute->er_eaddr.sen_ip_dst, - extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_parse: " - "extr->eroute set to %s:%d->%s:%d\n", - buf1, - ntohs(extr->eroute->er_eaddr.sen_sport), - buf2, - ntohs(extr->eroute->er_eaddr.sen_dport)); - } - } -#endif /* CONFIG_IPSEC_DEBUG */ - } - - ipsp = extr->ips; - switch(pfkey_address->sadb_address_exttype) { - case SADB_X_EXT_ADDRESS_DST2: - ipsp = extr->ips2; - case SADB_EXT_ADDRESS_DST: - if(s->sa_family == AF_INET) { - ipsp->ips_said.dst.s_addr = ((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr.s_addr; - addrtoa(((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr, - 0, - ipaddr_txt, - sizeof(ipaddr_txt)); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "ips_said.dst set to %s.\n", - ipaddr_txt); - } else { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: " - "uh, ips_said.dst doesn't do address family=%d yet, said will be invalid.\n", - s->sa_family); - } - default: - break; - } - - /* XXX check if port!=0 */ - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_address_process: successful.\n"); - errlab: - return error; -} - -int -pfkey_key_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct sadb_key *pfkey_key = (struct sadb_key *)pfkey_ext; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_key_process: .\n"); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_key_process: " - "extr or extr->ips is NULL, fatal\n"); - SENDERR(EINVAL); - } - - switch(pfkey_key->sadb_key_exttype) { - case SADB_EXT_KEY_AUTH: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_key_process: " - "allocating %d bytes for authkey.\n", - DIVUP(pfkey_key->sadb_key_bits, 8)); - if(!(extr->ips->ips_key_a = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_key_process: " - "memory allocation error.\n"); - SENDERR(ENOMEM); - } - extr->ips->ips_key_bits_a = pfkey_key->sadb_key_bits; - extr->ips->ips_key_a_size = DIVUP(pfkey_key->sadb_key_bits, 8); - memcpy(extr->ips->ips_key_a, - (char*)pfkey_key + sizeof(struct sadb_key), - extr->ips->ips_key_a_size); - break; - case SADB_EXT_KEY_ENCRYPT: /* Key(s) */ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_key_process: " - "allocating %d bytes for enckey.\n", - DIVUP(pfkey_key->sadb_key_bits, 8)); - if(!(extr->ips->ips_key_e = kmalloc(DIVUP(pfkey_key->sadb_key_bits, 8), GFP_KERNEL))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_key_process: " - "memory allocation error.\n"); - SENDERR(ENOMEM); - } - extr->ips->ips_key_bits_e = pfkey_key->sadb_key_bits; - extr->ips->ips_key_e_size = DIVUP(pfkey_key->sadb_key_bits, 8); - memcpy(extr->ips->ips_key_e, - (char*)pfkey_key + sizeof(struct sadb_key), - extr->ips->ips_key_e_size); - break; - default: - SENDERR(EINVAL); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_key_process: " - "success.\n"); -errlab: - return error; -} - -int -pfkey_ident_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct sadb_ident *pfkey_ident = (struct sadb_ident *)pfkey_ext; - int data_len; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ident_process: .\n"); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ident_process: " - "extr or extr->ips is NULL, fatal\n"); - SENDERR(EINVAL); - } - - switch(pfkey_ident->sadb_ident_exttype) { - case SADB_EXT_IDENTITY_SRC: - data_len = pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); - - extr->ips->ips_ident_s.type = pfkey_ident->sadb_ident_type; - extr->ips->ips_ident_s.id = pfkey_ident->sadb_ident_id; - extr->ips->ips_ident_s.len = pfkey_ident->sadb_ident_len; - if(data_len) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ident_process: " - "allocating %d bytes for ident_s.\n", - data_len); - if(!(extr->ips->ips_ident_s.data - = kmalloc(data_len, GFP_KERNEL))) { - SENDERR(ENOMEM); - } - memcpy(extr->ips->ips_ident_s.data, - (char*)pfkey_ident + sizeof(struct sadb_ident), - data_len); - } else { - extr->ips->ips_ident_s.data = NULL; - } - break; - case SADB_EXT_IDENTITY_DST: /* Identity(ies) */ - data_len = pfkey_ident->sadb_ident_len * IPSEC_PFKEYv2_ALIGN - sizeof(struct sadb_ident); - - extr->ips->ips_ident_d.type = pfkey_ident->sadb_ident_type; - extr->ips->ips_ident_d.id = pfkey_ident->sadb_ident_id; - extr->ips->ips_ident_d.len = pfkey_ident->sadb_ident_len; - if(data_len) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ident_process: " - "allocating %d bytes for ident_d.\n", - data_len); - if(!(extr->ips->ips_ident_d.data - = kmalloc(data_len, GFP_KERNEL))) { - SENDERR(ENOMEM); - } - memcpy(extr->ips->ips_ident_d.data, - (char*)pfkey_ident + sizeof(struct sadb_ident), - data_len); - } else { - extr->ips->ips_ident_d.data = NULL; - } - break; - default: - SENDERR(EINVAL); - } -errlab: - return error; -} - -int -pfkey_sens_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_sens_process: " - "Sorry, I can't process exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - errlab: - return error; -} - -int -pfkey_prop_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_prop_process: " - "Sorry, I can't process exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - - errlab: - return error; -} - -int -pfkey_supported_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_supported_process: " - "Sorry, I can't process exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - -errlab: - return error; -} - -int -pfkey_spirange_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_spirange_process: .\n"); -/* errlab: */ - return error; -} - -int -pfkey_x_kmprivate_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_kmprivate_process: " - "Sorry, I can't process exttype=%d yet.\n", - pfkey_ext->sadb_ext_type); - SENDERR(EINVAL); /* don't process these yet */ - -errlab: - return error; -} - -int -pfkey_x_satype_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct sadb_x_satype *pfkey_x_satype = (struct sadb_x_satype *)pfkey_ext; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_satype_process: .\n"); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_satype_process: " - "extr or extr->ips is NULL, fatal\n"); - SENDERR(EINVAL); - } - - if(extr->ips2 == NULL) { - extr->ips2 = ipsec_sa_alloc(&error); /* pass error var by pointer */ - } - if(extr->ips2 == NULL) { - SENDERR(-error); - } - if(!(extr->ips2->ips_said.proto = satype2proto(pfkey_x_satype->sadb_x_satype_satype))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_satype_process: " - "proto lookup from satype=%d failed.\n", - pfkey_x_satype->sadb_x_satype_satype); - SENDERR(EINVAL); - } - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_satype_process: " - "protocol==%d decoded from satype==%d(%s).\n", - extr->ips2->ips_said.proto, - pfkey_x_satype->sadb_x_satype_satype, - satype2name(pfkey_x_satype->sadb_x_satype_satype)); - -errlab: - return error; -} - - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -int -pfkey_x_nat_t_type_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct sadb_x_nat_t_type *pfkey_x_nat_t_type = (struct sadb_x_nat_t_type *)pfkey_ext; - - if(!pfkey_x_nat_t_type) { - printk("klips_debug:pfkey_x_nat_t_type_process: " - "null pointer passed in\n"); - SENDERR(EINVAL); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_nat_t_type_process: %d.\n", - pfkey_x_nat_t_type->sadb_x_nat_t_type_type); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_nat_t_type_process: " - "extr or extr->ips is NULL, fatal\n"); - SENDERR(EINVAL); - } - - switch(pfkey_x_nat_t_type->sadb_x_nat_t_type_type) { - case ESPINUDP_WITH_NON_IKE: /* with Non-IKE */ - case ESPINUDP_WITH_NON_ESP: /* with Non-ESP */ - extr->ips->ips_natt_type = pfkey_x_nat_t_type->sadb_x_nat_t_type_type; - break; - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_nat_t_type_process: " - "unknown type %d.\n", - pfkey_x_nat_t_type->sadb_x_nat_t_type_type); - SENDERR(EINVAL); - break; - } - -errlab: - return error; -} - -int -pfkey_x_nat_t_port_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct sadb_x_nat_t_port *pfkey_x_nat_t_port = (struct sadb_x_nat_t_port *)pfkey_ext; - - if(!pfkey_x_nat_t_port) { - printk("klips_debug:pfkey_x_nat_t_port_process: " - "null pointer passed in\n"); - SENDERR(EINVAL); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_nat_t_port_process: %d/%d.\n", - pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype, - pfkey_x_nat_t_port->sadb_x_nat_t_port_port); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_nat_t_type_process: " - "extr or extr->ips is NULL, fatal\n"); - SENDERR(EINVAL); - } - - switch(pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype) { - case SADB_X_EXT_NAT_T_SPORT: - extr->ips->ips_natt_sport = pfkey_x_nat_t_port->sadb_x_nat_t_port_port; - break; - case SADB_X_EXT_NAT_T_DPORT: - extr->ips->ips_natt_dport = pfkey_x_nat_t_port->sadb_x_nat_t_port_port; - break; - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_nat_t_port_process: " - "unknown exttype %d.\n", - pfkey_x_nat_t_port->sadb_x_nat_t_port_exttype); - SENDERR(EINVAL); - break; - } - -errlab: - return error; -} -#endif - -int -pfkey_x_debug_process(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct sadb_x_debug *pfkey_x_debug = (struct sadb_x_debug *)pfkey_ext; - - if(!pfkey_x_debug) { - printk("klips_debug:pfkey_x_debug_process: " - "null pointer passed in\n"); - SENDERR(EINVAL); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_debug_process: .\n"); - -#ifdef CONFIG_IPSEC_DEBUG - if(pfkey_x_debug->sadb_x_debug_netlink >> - (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 - 1)) { - pfkey_x_debug->sadb_x_debug_netlink &= - ~(1 << (sizeof(pfkey_x_debug->sadb_x_debug_netlink) * 8 -1)); - debug_tunnel |= pfkey_x_debug->sadb_x_debug_tunnel; - debug_netlink |= pfkey_x_debug->sadb_x_debug_netlink; - debug_xform |= pfkey_x_debug->sadb_x_debug_xform; - debug_eroute |= pfkey_x_debug->sadb_x_debug_eroute; - debug_spi |= pfkey_x_debug->sadb_x_debug_spi; - debug_radij |= pfkey_x_debug->sadb_x_debug_radij; - debug_esp |= pfkey_x_debug->sadb_x_debug_esp; - debug_ah |= pfkey_x_debug->sadb_x_debug_ah; - debug_rcv |= pfkey_x_debug->sadb_x_debug_rcv; - debug_pfkey |= pfkey_x_debug->sadb_x_debug_pfkey; -#ifdef CONFIG_IPSEC_IPCOMP - sysctl_ipsec_debug_ipcomp |= pfkey_x_debug->sadb_x_debug_ipcomp; -#endif /* CONFIG_IPSEC_IPCOMP */ - sysctl_ipsec_debug_verbose |= pfkey_x_debug->sadb_x_debug_verbose; - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_debug_process: " - "set\n"); - } else { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_debug_process: " - "unset\n"); - debug_tunnel &= pfkey_x_debug->sadb_x_debug_tunnel; - debug_netlink &= pfkey_x_debug->sadb_x_debug_netlink; - debug_xform &= pfkey_x_debug->sadb_x_debug_xform; - debug_eroute &= pfkey_x_debug->sadb_x_debug_eroute; - debug_spi &= pfkey_x_debug->sadb_x_debug_spi; - debug_radij &= pfkey_x_debug->sadb_x_debug_radij; - debug_esp &= pfkey_x_debug->sadb_x_debug_esp; - debug_ah &= pfkey_x_debug->sadb_x_debug_ah; - debug_rcv &= pfkey_x_debug->sadb_x_debug_rcv; - debug_pfkey &= pfkey_x_debug->sadb_x_debug_pfkey; -#ifdef CONFIG_IPSEC_IPCOMP - sysctl_ipsec_debug_ipcomp &= pfkey_x_debug->sadb_x_debug_ipcomp; -#endif /* CONFIG_IPSEC_IPCOMP */ - sysctl_ipsec_debug_verbose &= pfkey_x_debug->sadb_x_debug_verbose; - } -#else /* CONFIG_IPSEC_DEBUG */ - printk("klips_debug:pfkey_x_debug_process: " - "debugging not enabled\n"); - SENDERR(EINVAL); -#endif /* CONFIG_IPSEC_DEBUG */ - -errlab: - return error; -} diff --git a/linux/net/ipsec/pfkey_v2_parser.c b/linux/net/ipsec/pfkey_v2_parser.c deleted file mode 100644 index d170ddea5..000000000 --- a/linux/net/ipsec/pfkey_v2_parser.c +++ /dev/null @@ -1,3420 +0,0 @@ -/* - * @(#) RFC2367 PF_KEYv2 Key management API message parser - * Copyright (C) 1999, 2000, 2001 Richard Guy Briggs - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: pfkey_v2_parser.c,v 1.4 2004/09/29 22:27:41 as Exp $ - */ - -/* - * Template from klips/net/ipsec/ipsec/ipsec_netlink.c. - */ - -char pfkey_v2_parser_c_version[] = "$Id: pfkey_v2_parser.c,v 1.4 2004/09/29 22:27:41 as Exp $"; - -#include -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include - -#include - -#include - -#ifdef SPINLOCK -# ifdef SPINLOCK_23 -# include /* *lock* */ -# else /* SPINLOCK_23 */ -# include /* *lock* */ -# endif /* SPINLOCK_23 */ -#endif /* SPINLOCK */ -#ifdef NET_21 -# include -# include -# define ip_chk_addr inet_addr_type -# define IS_MYADDR RTN_LOCAL -#endif -#include -#include -#ifdef NETLINK_SOCK -# include -#else -# include -#endif - -#include /* get_random_bytes() */ - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_sa.h" - -#include "freeswan/ipsec_radij.h" -#include "freeswan/ipsec_xform.h" -#include "freeswan/ipsec_ah.h" -#include "freeswan/ipsec_esp.h" -#include "freeswan/ipsec_tunnel.h" -#include "freeswan/ipsec_rcv.h" -#include "freeswan/ipcomp.h" - -#include -#include - -#include "freeswan/ipsec_proto.h" -#include "freeswan/ipsec_alg.h" - - -#define SENDERR(_x) do { error = -(_x); goto errlab; } while (0) - -struct sklist_t { - struct socket *sk; - struct sklist_t* next; -} pfkey_sklist_head, *pfkey_sklist, *pfkey_sklist_prev; - -__u32 pfkey_msg_seq = 0; - -int -pfkey_alloc_eroute(struct eroute** eroute) -{ - int error = 0; - if(*eroute) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_alloc_eroute: " - "eroute struct already allocated\n"); - SENDERR(EEXIST); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_alloc_eroute: " - "allocating %lu bytes for an eroute.\n", - (unsigned long) sizeof(**eroute)); - if((*eroute = kmalloc(sizeof(**eroute), GFP_ATOMIC) ) == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_alloc_eroute: " - "memory allocation error\n"); - SENDERR(ENOMEM); - } - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_alloc_eroute: " - "allocated eroute struct=0p%p.\n", eroute); - memset((caddr_t)*eroute, 0, sizeof(**eroute)); - (*eroute)->er_eaddr.sen_len = - (*eroute)->er_emask.sen_len = sizeof(struct sockaddr_encap); - (*eroute)->er_eaddr.sen_family = - (*eroute)->er_emask.sen_family = AF_ENCAP; - (*eroute)->er_eaddr.sen_type = SENT_IP4; - (*eroute)->er_emask.sen_type = 255; - (*eroute)->er_pid = 0; - (*eroute)->er_count = 0; - (*eroute)->er_lasttime = jiffies/HZ; - - errlab: - return(error); -} - -DEBUG_NO_STATIC int -pfkey_x_protocol_process(struct sadb_ext *pfkey_ext, - struct pfkey_extracted_data *extr) -{ - int error = 0; - struct sadb_protocol * p = (struct sadb_protocol *)pfkey_ext; - - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_protocol_process: %p\n", extr); - - if (extr == 0) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_protocol_process:" - "extr is NULL, fatal\n"); - SENDERR(EINVAL); - } - if (extr->eroute == 0) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_protocol_process:" - "extr->eroute is NULL, fatal\n"); - SENDERR(EINVAL); - } - extr->eroute->er_eaddr.sen_proto = p->sadb_protocol_proto; - extr->eroute->er_emask.sen_proto = p->sadb_protocol_proto ? ~0:0; - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_protocol_process: protocol = %d.\n", - p->sadb_protocol_proto); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_ipsec_sa_init(struct ipsec_sa *ipsp, struct sadb_ext **extensions) -{ - int error = 0; - char sa[SATOA_BUF]; - size_t sa_len; - char ipaddr_txt[ADDRTOA_BUF]; - char ipaddr2_txt[ADDRTOA_BUF]; -#if defined (CONFIG_IPSEC_AUTH_HMAC_MD5) || defined (CONFIG_IPSEC_AUTH_HMAC_SHA1) - int i; - unsigned char kb[AHMD596_BLKLEN]; -#endif -#ifdef CONFIG_IPSEC_ALG - struct ipsec_alg_enc *ixt_e = NULL; - struct ipsec_alg_auth *ixt_a = NULL; -#endif /* CONFIG_IPSEC_ALG */ - - if(ipsp == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "ipsp is NULL, fatal\n"); - SENDERR(EINVAL); - } - - sa_len = satoa(ipsp->ips_said, 0, sa, SATOA_BUF); - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "(pfkey defined) called for SA:%s\n", - sa_len ? sa : " (error)"); - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "calling init routine of %s%s%s\n", - IPS_XFORM_NAME(ipsp)); - - switch(ipsp->ips_said.proto) { - -#ifdef CONFIG_IPSEC_IPIP - case IPPROTO_IPIP: { - addrtoa(((struct sockaddr_in*)(ipsp->ips_addr_s))->sin_addr, - 0, - ipaddr_txt, sizeof(ipaddr_txt)); - addrtoa(((struct sockaddr_in*)(ipsp->ips_addr_d))->sin_addr, - 0, - ipaddr2_txt, sizeof(ipaddr_txt)); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "(pfkey defined) IPIP ipsec_sa set for %s->%s.\n", - ipaddr_txt, - ipaddr2_txt); - } - break; -#endif /* !CONFIG_IPSEC_IPIP */ -#ifdef CONFIG_IPSEC_AH - case IPPROTO_AH: - switch(ipsp->ips_authalg) { -# ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - case AH_MD5: { - unsigned char *akp; - unsigned int aks; - MD5_CTX *ictx; - MD5_CTX *octx; - - if(ipsp->ips_key_bits_a != (AHMD596_KLEN * 8)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "incorrect key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, - ipsp->ips_key_bits_a, AHMD596_KLEN * 8); - SENDERR(EINVAL); - } - -# if KLIPS_DIVULGE_HMAC_KEY - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "hmac md5-96 key is 0x%08x %08x %08x %08x\n", - ntohl(*(((__u32 *)ipsp->ips_key_a)+0)), - ntohl(*(((__u32 *)ipsp->ips_key_a)+1)), - ntohl(*(((__u32 *)ipsp->ips_key_a)+2)), - ntohl(*(((__u32 *)ipsp->ips_key_a)+3))); -# endif /* KLIPS_DIVULGE_HMAC_KEY */ - - ipsp->ips_auth_bits = AHMD596_ALEN * 8; - - /* save the pointer to the key material */ - akp = ipsp->ips_key_a; - aks = ipsp->ips_key_a_size; - - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "allocating %lu bytes for md5_ctx.\n", - (unsigned long) sizeof(struct md5_ctx)); - if((ipsp->ips_key_a = (caddr_t) - kmalloc(sizeof(struct md5_ctx), GFP_ATOMIC)) == NULL) { - ipsp->ips_key_a = akp; - SENDERR(ENOMEM); - } - ipsp->ips_key_a_size = sizeof(struct md5_ctx); - - for (i = 0; i < DIVUP(ipsp->ips_key_bits_a, 8); i++) { - kb[i] = akp[i] ^ HMAC_IPAD; - } - for (; i < AHMD596_BLKLEN; i++) { - kb[i] = HMAC_IPAD; - } - - ictx = &(((struct md5_ctx*)(ipsp->ips_key_a))->ictx); - MD5Init(ictx); - MD5Update(ictx, kb, AHMD596_BLKLEN); - - for (i = 0; i < AHMD596_BLKLEN; i++) { - kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); - } - - octx = &(((struct md5_ctx*)(ipsp->ips_key_a))->octx); - MD5Init(octx); - MD5Update(octx, kb, AHMD596_BLKLEN); - -# if KLIPS_DIVULGE_HMAC_KEY - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "MD5 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", - ((__u32*)ictx)[0], - ((__u32*)ictx)[1], - ((__u32*)ictx)[2], - ((__u32*)ictx)[3], - ((__u32*)octx)[0], - ((__u32*)octx)[1], - ((__u32*)octx)[2], - ((__u32*)octx)[3] ); -# endif /* KLIPS_DIVULGE_HMAC_KEY */ - - /* zero key buffer -- paranoid */ - memset(akp, 0, aks); - kfree(akp); - } - break; -# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - case AH_SHA: { - unsigned char *akp; - unsigned int aks; - SHA1_CTX *ictx; - SHA1_CTX *octx; - - if(ipsp->ips_key_bits_a != (AHSHA196_KLEN * 8)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "incorrect key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, - ipsp->ips_key_bits_a, AHSHA196_KLEN * 8); - SENDERR(EINVAL); - } - -# if KLIPS_DIVULGE_HMAC_KEY - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "hmac sha1-96 key is 0x%08x %08x %08x %08x\n", - ntohl(*(((__u32 *)ipsp->ips_key_a)+0)), - ntohl(*(((__u32 *)ipsp->ips_key_a)+1)), - ntohl(*(((__u32 *)ipsp->ips_key_a)+2)), - ntohl(*(((__u32 *)ipsp->ips_key_a)+3))); -# endif /* KLIPS_DIVULGE_HMAC_KEY */ - - ipsp->ips_auth_bits = AHSHA196_ALEN * 8; - - /* save the pointer to the key material */ - akp = ipsp->ips_key_a; - aks = ipsp->ips_key_a_size; - - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "allocating %lu bytes for sha1_ctx.\n", - (unsigned long) sizeof(struct sha1_ctx)); - if((ipsp->ips_key_a = (caddr_t) - kmalloc(sizeof(struct sha1_ctx), GFP_ATOMIC)) == NULL) { - ipsp->ips_key_a = akp; - SENDERR(ENOMEM); - } - ipsp->ips_key_a_size = sizeof(struct sha1_ctx); - - for (i = 0; i < DIVUP(ipsp->ips_key_bits_a, 8); i++) { - kb[i] = akp[i] ^ HMAC_IPAD; - } - for (; i < AHMD596_BLKLEN; i++) { - kb[i] = HMAC_IPAD; - } - - ictx = &(((struct sha1_ctx*)(ipsp->ips_key_a))->ictx); - SHA1Init(ictx); - SHA1Update(ictx, kb, AHSHA196_BLKLEN); - - for (i = 0; i < AHSHA196_BLKLEN; i++) { - kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); - } - - octx = &(((struct sha1_ctx*)(ipsp->ips_key_a))->octx); - SHA1Init(octx); - SHA1Update(octx, kb, AHSHA196_BLKLEN); - -# if KLIPS_DIVULGE_HMAC_KEY - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "SHA1 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", - ((__u32*)ictx)[0], - ((__u32*)ictx)[1], - ((__u32*)ictx)[2], - ((__u32*)ictx)[3], - ((__u32*)octx)[0], - ((__u32*)octx)[1], - ((__u32*)octx)[2], - ((__u32*)octx)[3] ); -# endif /* KLIPS_DIVULGE_HMAC_KEY */ - /* zero key buffer -- paranoid */ - memset(akp, 0, aks); - kfree(akp); - } - break; -# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "authalg=%d support not available in the kernel", - ipsp->ips_authalg); - SENDERR(EINVAL); - } - break; -#endif /* CONFIG_IPSEC_AH */ -#ifdef CONFIG_IPSEC_ESP - case IPPROTO_ESP: { -#if defined (CONFIG_IPSEC_AUTH_HMAC_MD5) || defined (CONFIG_IPSEC_AUTH_HMAC_SHA1) - unsigned char *akp; - unsigned int aks; -#endif -#if defined (CONFIG_IPSEC_ENC_3DES) - unsigned char *ekp; - unsigned int eks; -#endif - - ipsp->ips_iv_size = 0; -#ifdef CONFIG_IPSEC_ALG - if ((ixt_e=ipsp->ips_alg_enc)) { - ipsp->ips_iv_size = ixt_e->ixt_ivlen/8; - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ipsp->ips_encalg) { -# ifdef CONFIG_IPSEC_ENC_3DES - case ESP_3DES: -# endif /* CONFIG_IPSEC_ENC_3DES */ -# if defined(CONFIG_IPSEC_ENC_3DES) - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "allocating %u bytes for iv.\n", - EMT_ESPDES_IV_SZ); - if((ipsp->ips_iv = (caddr_t) - kmalloc((ipsp->ips_iv_size = EMT_ESPDES_IV_SZ), GFP_ATOMIC)) == NULL) { - SENDERR(ENOMEM); - } - prng_bytes(&ipsec_prng, (char *)ipsp->ips_iv, EMT_ESPDES_IV_SZ); - ipsp->ips_iv_bits = ipsp->ips_iv_size * 8; - ipsp->ips_iv_size = EMT_ESPDES_IV_SZ; - break; -# endif /* defined(CONFIG_IPSEC_ENC_3DES) */ - case ESP_NONE: - break; - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "encalg=%d support not available in the kernel", - ipsp->ips_encalg); - SENDERR(EINVAL); - } - - /* Create IV */ - if (ipsp->ips_iv_size) { - if((ipsp->ips_iv = (caddr_t) - kmalloc(ipsp->ips_iv_size, GFP_ATOMIC)) == NULL) { - SENDERR(ENOMEM); - } - prng_bytes(&ipsec_prng, (char *)ipsp->ips_iv, ipsp->ips_iv_size); - ipsp->ips_iv_bits = ipsp->ips_iv_size * 8; - } - -#ifdef CONFIG_IPSEC_ALG - if (ixt_e) { - if ((error=ipsec_alg_enc_key_create(ipsp)) < 0) - SENDERR(-error); - } else -#endif /* CONFIG_IPSEC_ALG */ - switch(ipsp->ips_encalg) { -# ifdef CONFIG_IPSEC_ENC_3DES - case ESP_3DES: - if(ipsp->ips_key_bits_e != (EMT_ESP3DES_KEY_SZ * 8)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "incorrect encryption key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, - ipsp->ips_key_bits_e, EMT_ESP3DES_KEY_SZ * 8); - SENDERR(EINVAL); - } - - /* save encryption key pointer */ - ekp = ipsp->ips_key_e; - eks = ipsp->ips_key_e_size; - - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "allocating %lu bytes for 3des.\n", - (unsigned long) (3 * sizeof(struct des_eks))); - if((ipsp->ips_key_e = (caddr_t) - kmalloc(3 * sizeof(struct des_eks), GFP_ATOMIC)) == NULL) { - ipsp->ips_key_e = ekp; - SENDERR(ENOMEM); - } - ipsp->ips_key_e_size = 3 * sizeof(struct des_eks); - - for(i = 0; i < 3; i++) { -#if KLIPS_DIVULGE_CYPHER_KEY - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "3des key %d/3 is 0x%08x%08x\n", - i + 1, - ntohl(*((__u32 *)ekp + i * 2)), - ntohl(*((__u32 *)ekp + i * 2 + 1))); -# endif -#if KLIPS_FIXES_DES_PARITY - /* force parity */ - des_set_odd_parity((des_cblock *)(ekp + EMT_ESPDES_KEY_SZ * i)); -#endif - error = des_set_key((des_cblock *)(ekp + EMT_ESPDES_KEY_SZ * i), - ((struct des_eks *)(ipsp->ips_key_e))[i].ks); - if (error == -1) - printk("klips_debug:pfkey_ipsec_sa_init: " - "parity error in des key %d/3\n", - i + 1); - else if (error == -2) - printk("klips_debug:pfkey_ipsec_sa_init: " - "illegal weak des key %d/3\n", i + 1); - if (error) { - memset(ekp, 0, eks); - kfree(ekp); - SENDERR(EINVAL); - } - } - - /* paranoid */ - memset(ekp, 0, eks); - kfree(ekp); - break; -# endif /* CONFIG_IPSEC_ENC_3DES */ - case ESP_NONE: - break; - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "encalg=%d support not available in the kernel", - ipsp->ips_encalg); - SENDERR(EINVAL); - } - -#ifdef CONFIG_IPSEC_ALG - if ((ixt_a=ipsp->ips_alg_auth)) { - if ((error=ipsec_alg_auth_key_create(ipsp)) < 0) - SENDERR(-error); - } else -#endif /* CONFIG_IPSEC_ALG */ - - switch(ipsp->ips_authalg) { -# ifdef CONFIG_IPSEC_AUTH_HMAC_MD5 - case AH_MD5: { - MD5_CTX *ictx; - MD5_CTX *octx; - - if(ipsp->ips_key_bits_a != (AHMD596_KLEN * 8)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "incorrect authorisation key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, - ipsp->ips_key_bits_a, - AHMD596_KLEN * 8); - SENDERR(EINVAL); - } - -# if KLIPS_DIVULGE_HMAC_KEY - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "hmac md5-96 key is 0x%08x %08x %08x %08x\n", - ntohl(*(((__u32 *)(ipsp->ips_key_a))+0)), - ntohl(*(((__u32 *)(ipsp->ips_key_a))+1)), - ntohl(*(((__u32 *)(ipsp->ips_key_a))+2)), - ntohl(*(((__u32 *)(ipsp->ips_key_a))+3))); -# endif /* KLIPS_DIVULGE_HMAC_KEY */ - ipsp->ips_auth_bits = AHMD596_ALEN * 8; - - /* save the pointer to the key material */ - akp = ipsp->ips_key_a; - aks = ipsp->ips_key_a_size; - - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "allocating %lu bytes for md5_ctx.\n", - (unsigned long) sizeof(struct md5_ctx)); - if((ipsp->ips_key_a = (caddr_t) - kmalloc(sizeof(struct md5_ctx), GFP_ATOMIC)) == NULL) { - ipsp->ips_key_a = akp; - SENDERR(ENOMEM); - } - ipsp->ips_key_a_size = sizeof(struct md5_ctx); - - for (i = 0; i < DIVUP(ipsp->ips_key_bits_a, 8); i++) { - kb[i] = akp[i] ^ HMAC_IPAD; - } - for (; i < AHMD596_BLKLEN; i++) { - kb[i] = HMAC_IPAD; - } - - ictx = &(((struct md5_ctx*)(ipsp->ips_key_a))->ictx); - MD5Init(ictx); - MD5Update(ictx, kb, AHMD596_BLKLEN); - - for (i = 0; i < AHMD596_BLKLEN; i++) { - kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); - } - - octx = &(((struct md5_ctx*)(ipsp->ips_key_a))->octx); - MD5Init(octx); - MD5Update(octx, kb, AHMD596_BLKLEN); - -# if KLIPS_DIVULGE_HMAC_KEY - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "MD5 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", - ((__u32*)ictx)[0], - ((__u32*)ictx)[1], - ((__u32*)ictx)[2], - ((__u32*)ictx)[3], - ((__u32*)octx)[0], - ((__u32*)octx)[1], - ((__u32*)octx)[2], - ((__u32*)octx)[3] ); -# endif /* KLIPS_DIVULGE_HMAC_KEY */ - /* paranoid */ - memset(akp, 0, aks); - kfree(akp); - break; - } -# endif /* CONFIG_IPSEC_AUTH_HMAC_MD5 */ -# ifdef CONFIG_IPSEC_AUTH_HMAC_SHA1 - case AH_SHA: { - SHA1_CTX *ictx; - SHA1_CTX *octx; - - if(ipsp->ips_key_bits_a != (AHSHA196_KLEN * 8)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "incorrect authorisation key size: %d bits -- must be %d bits\n"/*octets (bytes)\n"*/, - ipsp->ips_key_bits_a, - AHSHA196_KLEN * 8); - SENDERR(EINVAL); - } - -# if KLIPS_DIVULGE_HMAC_KEY - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "hmac sha1-96 key is 0x%08x %08x %08x %08x\n", - ntohl(*(((__u32 *)ipsp->ips_key_a)+0)), - ntohl(*(((__u32 *)ipsp->ips_key_a)+1)), - ntohl(*(((__u32 *)ipsp->ips_key_a)+2)), - ntohl(*(((__u32 *)ipsp->ips_key_a)+3))); -# endif /* KLIPS_DIVULGE_HMAC_KEY */ - ipsp->ips_auth_bits = AHSHA196_ALEN * 8; - - /* save the pointer to the key material */ - akp = ipsp->ips_key_a; - aks = ipsp->ips_key_a_size; - - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "allocating %lu bytes for sha1_ctx.\n", - (unsigned long) sizeof(struct sha1_ctx)); - if((ipsp->ips_key_a = (caddr_t) - kmalloc(sizeof(struct sha1_ctx), GFP_ATOMIC)) == NULL) { - ipsp->ips_key_a = akp; - SENDERR(ENOMEM); - } - ipsp->ips_key_a_size = sizeof(struct sha1_ctx); - - for (i = 0; i < DIVUP(ipsp->ips_key_bits_a, 8); i++) { - kb[i] = akp[i] ^ HMAC_IPAD; - } - for (; i < AHMD596_BLKLEN; i++) { - kb[i] = HMAC_IPAD; - } - - ictx = &(((struct sha1_ctx*)(ipsp->ips_key_a))->ictx); - SHA1Init(ictx); - SHA1Update(ictx, kb, AHSHA196_BLKLEN); - - for (i = 0; i < AHSHA196_BLKLEN; i++) { - kb[i] ^= (HMAC_IPAD ^ HMAC_OPAD); - } - - octx = &((struct sha1_ctx*)(ipsp->ips_key_a))->octx; - SHA1Init(octx); - SHA1Update(octx, kb, AHSHA196_BLKLEN); - -# if KLIPS_DIVULGE_HMAC_KEY - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_ipsec_sa_init: " - "SHA1 ictx=0x%08x %08x %08x %08x octx=0x%08x %08x %08x %08x\n", - ((__u32*)ictx)[0], - ((__u32*)ictx)[1], - ((__u32*)ictx)[2], - ((__u32*)ictx)[3], - ((__u32*)octx)[0], - ((__u32*)octx)[1], - ((__u32*)octx)[2], - ((__u32*)octx)[3] ); -# endif /* KLIPS_DIVULGE_HMAC_KEY */ - memset(akp, 0, aks); - kfree(akp); - break; - } -# endif /* CONFIG_IPSEC_AUTH_HMAC_SHA1 */ - case AH_NONE: - break; - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "authalg=%d support not available in the kernel.\n", - ipsp->ips_authalg); - SENDERR(EINVAL); - } - } - break; -#endif /* !CONFIG_IPSEC_ESP */ -#ifdef CONFIG_IPSEC_IPCOMP - case IPPROTO_COMP: - ipsp->ips_comp_adapt_tries = 0; - ipsp->ips_comp_adapt_skip = 0; - ipsp->ips_comp_ratio_cbytes = 0; - ipsp->ips_comp_ratio_dbytes = 0; - break; -#endif /* CONFIG_IPSEC_IPCOMP */ - default: - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_ipsec_sa_init: " - "proto=%d unknown.\n", - ipsp->ips_said.proto); - SENDERR(EINVAL); - } - - errlab: - return(error); -} - - -int -pfkey_safe_build(int error, struct sadb_ext *extensions[SADB_MAX+1]) -{ - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build: " - "error=%d\n", - error); - if (!error) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build:" - "success.\n"); - return 1; - } else { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_safe_build:" - "caught error %d\n", - error); - pfkey_extensions_free(extensions); - return 0; - } -} - - -DEBUG_NO_STATIC int -pfkey_getspi_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - ipsec_spi_t minspi = htonl(256), maxspi = htonl(-1L); - int found_avail = 0; - struct ipsec_sa *ipsq; - char sa[SATOA_BUF]; - size_t sa_len; - struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_reply = NULL; - struct socket_list *pfkey_socketsp; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_getspi_parse: .\n"); - - pfkey_extensions_init(extensions_reply); - - if(extr == NULL || extr->ips == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_getspi_parse: " - "error, extr or extr->ipsec_sa pointer NULL\n"); - SENDERR(EINVAL); - } - - if(extensions[SADB_EXT_SPIRANGE]) { - minspi = ((struct sadb_spirange *)extensions[SADB_EXT_SPIRANGE])->sadb_spirange_min; - maxspi = ((struct sadb_spirange *)extensions[SADB_EXT_SPIRANGE])->sadb_spirange_max; - } - - if(maxspi == minspi) { - extr->ips->ips_said.spi = maxspi; - ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); - if(ipsq != NULL) { - sa_len = satoa(extr->ips->ips_said, 0, sa, SATOA_BUF); - ipsec_sa_put(ipsq); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_getspi_parse: " - "EMT_GETSPI found an old ipsec_sa for SA: %s, delete it first.\n", - sa_len ? sa : " (error)"); - SENDERR(EEXIST); - } else { - found_avail = 1; - } - } else { - int i = 0; - __u32 rand_val; - __u32 spi_diff; - while( ( i < (spi_diff = (ntohl(maxspi) - ntohl(minspi)))) && !found_avail ) { - prng_bytes(&ipsec_prng, (char *) &(rand_val), - ( (spi_diff < (2^8)) ? 1 : - ( (spi_diff < (2^16)) ? 2 : - ( (spi_diff < (2^24)) ? 3 : - 4 ) ) ) ); - extr->ips->ips_said.spi = htonl(ntohl(minspi) + - (rand_val % - (spi_diff + 1))); - i++; - ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); - if(ipsq == NULL) { - found_avail = 1; - } else { - ipsec_sa_put(ipsq); - } - } - } - - sa_len = satoa(extr->ips->ips_said, 0, sa, SATOA_BUF); - - if (!found_avail) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_getspi_parse: " - "found an old ipsec_sa for SA: %s, delete it first.\n", - sa_len ? sa : " (error)"); - SENDERR(EEXIST); - } - - if(ip_chk_addr((unsigned long)extr->ips->ips_said.dst.s_addr) == IS_MYADDR) { - extr->ips->ips_flags |= EMT_INBOUND; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_getspi_parse: " - "existing ipsec_sa not found (this is good) for SA: %s, %s-bound, allocating.\n", - sa_len ? sa : " (error)", - extr->ips->ips_flags & EMT_INBOUND ? "in" : "out"); - - /* XXX extr->ips->ips_rcvif = &(enc_softc[em->em_if].enc_if);*/ - extr->ips->ips_rcvif = NULL; - extr->ips->ips_life.ipl_addtime.ipl_count = jiffies/HZ; - - extr->ips->ips_state = SADB_SASTATE_LARVAL; - - if(!extr->ips->ips_life.ipl_allocations.ipl_count) { - extr->ips->ips_life.ipl_allocations.ipl_count += 1; - } - - if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], - SADB_GETSPI, - satype, - 0, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), - extensions_reply) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], - SADB_EXT_SA, - extr->ips->ips_said.spi, - 0, - SADB_SASTATE_LARVAL, - 0, - 0, - 0, - extr->ips->ips_ref), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_s), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_d), - extensions_reply) )) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " - "failed to build the getspi reply message extensions\n"); - goto errlab; - } - - if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " - "failed to build the getspi reply message\n"); - SENDERR(-error); - } - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " - "sending up getspi reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " - "sending up getspi reply message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - - if((error = ipsec_sa_add(extr->ips))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_getspi_parse: " - "failed to add the larval SA=%s with error=%d.\n", - sa_len ? sa : " (error)", - error); - SENDERR(-error); - } - extr->ips = NULL; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_getspi_parse: " - "successful for SA: %s\n", - sa_len ? sa : " (error)"); - - errlab: - if (pfkey_reply) { - pfkey_msg_free(&pfkey_reply); - } - pfkey_extensions_free(extensions_reply); - return error; -} - -DEBUG_NO_STATIC int -pfkey_update_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct ipsec_sa* ipsq; - char sa[SATOA_BUF]; - size_t sa_len; - struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_reply = NULL; - struct socket_list *pfkey_socketsp; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - struct ipsec_sa *nat_t_ips_saved = NULL; -#endif - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse: .\n"); - - pfkey_extensions_init(extensions_reply); - - if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse: " - "error, sa_state=%d must be MATURE=%d\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, - SADB_SASTATE_MATURE); - SENDERR(EINVAL); - } - - if(extr == NULL || extr->ips == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse: " - "error, extr or extr->ips pointer NULL\n"); - SENDERR(EINVAL); - } - - sa_len = satoa(extr->ips->ips_said, 0, sa, SATOA_BUF); - - spin_lock_bh(&tdb_lock); - - ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); - if (ipsq == NULL) { - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse: " - "reserved ipsec_sa for SA: %s not found. Call SADB_GETSPI first or call SADB_ADD instead.\n", - sa_len ? sa : " (error)"); - SENDERR(ENOENT); - } - - if(ip_chk_addr((unsigned long)extr->ips->ips_said.dst.s_addr) == IS_MYADDR) { - extr->ips->ips_flags |= EMT_INBOUND; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse: " - "existing ipsec_sa found (this is good) for SA: %s, %s-bound, updating.\n", - sa_len ? sa : " (error)", - extr->ips->ips_flags & EMT_INBOUND ? "in" : "out"); - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if (extr->ips->ips_natt_sport || extr->ips->ips_natt_dport) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse: only updating NAT-T ports " - "(%u:%u -> %u:%u)\n", - ipsq->ips_natt_sport, ipsq->ips_natt_dport, - extr->ips->ips_natt_sport, extr->ips->ips_natt_dport); - - if (extr->ips->ips_natt_sport) { - ipsq->ips_natt_sport = extr->ips->ips_natt_sport; - if (ipsq->ips_addr_s->sa_family == AF_INET) { - ((struct sockaddr_in *)(ipsq->ips_addr_s))->sin_port = htons(extr->ips->ips_natt_sport); - } - } - - if (extr->ips->ips_natt_dport) { - ipsq->ips_natt_dport = extr->ips->ips_natt_dport; - if (ipsq->ips_addr_d->sa_family == AF_INET) { - ((struct sockaddr_in *)(ipsq->ips_addr_d))->sin_port = htons(extr->ips->ips_natt_dport); - } - } - - nat_t_ips_saved = extr->ips; - extr->ips = ipsq; - } - else { -#endif - - /* XXX extr->ips->ips_rcvif = &(enc_softc[em->em_if].enc_if);*/ - extr->ips->ips_rcvif = NULL; - if ((error = pfkey_ipsec_sa_init(extr->ips, extensions))) { - ipsec_sa_put(ipsq); - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse: " - "not successful for SA: %s, deleting.\n", - sa_len ? sa : " (error)"); - SENDERR(-error); - } - - extr->ips->ips_life.ipl_addtime.ipl_count = ipsq->ips_life.ipl_addtime.ipl_count; - ipsec_sa_put(ipsq); - if((error = ipsec_sa_delchain(ipsq))) { - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse: " - "error=%d, trouble deleting intermediate ipsec_sa for SA=%s.\n", - error, - sa_len ? sa : " (error)"); - SENDERR(-error); - } -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - } -#endif - - spin_unlock_bh(&tdb_lock); - - if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], - SADB_UPDATE, - satype, - 0, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), - extensions_reply) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], - SADB_EXT_SA, - extr->ips->ips_said.spi, - extr->ips->ips_replaywin, - extr->ips->ips_state, - extr->ips->ips_authalg, - extr->ips->ips_encalg, - extr->ips->ips_flags, - extr->ips->ips_ref), - extensions_reply) - /* The 3 lifetime extentions should only be sent if non-zero. */ - && (extensions[SADB_EXT_LIFETIME_HARD] - ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_HARD], - SADB_EXT_LIFETIME_HARD, - extr->ips->ips_life.ipl_allocations.ipl_hard, - extr->ips->ips_life.ipl_bytes.ipl_hard, - extr->ips->ips_life.ipl_addtime.ipl_hard, - extr->ips->ips_life.ipl_usetime.ipl_hard, - extr->ips->ips_life.ipl_packets.ipl_hard), - extensions_reply) : 1) - && (extensions[SADB_EXT_LIFETIME_SOFT] - ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_SOFT], - SADB_EXT_LIFETIME_SOFT, - extr->ips->ips_life.ipl_allocations.ipl_count, - extr->ips->ips_life.ipl_bytes.ipl_count, - extr->ips->ips_life.ipl_addtime.ipl_count, - extr->ips->ips_life.ipl_usetime.ipl_count, - extr->ips->ips_life.ipl_packets.ipl_count), - extensions_reply) : 1) - && (extr->ips->ips_life.ipl_allocations.ipl_count - || extr->ips->ips_life.ipl_bytes.ipl_count - || extr->ips->ips_life.ipl_addtime.ipl_count - || extr->ips->ips_life.ipl_usetime.ipl_count - || extr->ips->ips_life.ipl_packets.ipl_count - - ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_CURRENT], - SADB_EXT_LIFETIME_CURRENT, - extr->ips->ips_life.ipl_allocations.ipl_count, - extr->ips->ips_life.ipl_bytes.ipl_count, - extr->ips->ips_life.ipl_addtime.ipl_count, - extr->ips->ips_life.ipl_usetime.ipl_count, - extr->ips->ips_life.ipl_packets.ipl_count), - extensions_reply) : 1) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_s), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_d), - extensions_reply) - && (extr->ips->ips_ident_s.data - ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC], - SADB_EXT_IDENTITY_SRC, - extr->ips->ips_ident_s.type, - extr->ips->ips_ident_s.id, - extr->ips->ips_ident_s.len, - extr->ips->ips_ident_s.data), - extensions_reply) : 1) - && (extr->ips->ips_ident_d.data - ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST], - SADB_EXT_IDENTITY_DST, - extr->ips->ips_ident_d.type, - extr->ips->ips_ident_d.id, - extr->ips->ips_ident_d.len, - extr->ips->ips_ident_d.data), - extensions_reply) : 1) -#if 0 - /* FIXME: This won't work yet because I have not finished - it. */ - && (extr->ips->ips_sens_ - ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY], - extr->ips->ips_sens_dpd, - extr->ips->ips_sens_sens_level, - extr->ips->ips_sens_sens_len, - extr->ips->ips_sens_sens_bitmap, - extr->ips->ips_sens_integ_level, - extr->ips->ips_sens_integ_len, - extr->ips->ips_sens_integ_bitmap), - extensions_reply) : 1) -#endif - )) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " - "failed to build the update reply message extensions\n"); - SENDERR(-error); - } - - if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " - "failed to build the update reply message\n"); - SENDERR(-error); - } - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " - "sending up update reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " - "sending up update reply message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - if (nat_t_ips_saved) { - /** - * As we _really_ update existing SA, we keep tdbq and need to delete - * parsed ips (nat_t_ips_saved, was extr->ips). - * - * goto errlab with extr->ips = nat_t_ips_saved will free it. - */ - - extr->ips = nat_t_ips_saved; - - error = 0; - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse (NAT-T ports): " - "successful for SA: %s\n", - sa_len ? sa : " (error)"); - - goto errlab; - } -#endif - - if((error = ipsec_sa_add(extr->ips))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_update_parse: " - "failed to update the mature SA=%s with error=%d.\n", - sa_len ? sa : " (error)", - error); - SENDERR(-error); - } - extr->ips = NULL; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_update_parse: " - "successful for SA: %s\n", - sa_len ? sa : " (error)"); - - errlab: - if (pfkey_reply) { - pfkey_msg_free(&pfkey_reply); - } - pfkey_extensions_free(extensions_reply); - return error; -} - -DEBUG_NO_STATIC int -pfkey_add_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct ipsec_sa* ipsq; - char sa[SATOA_BUF]; - size_t sa_len; - struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_reply = NULL; - struct socket_list *pfkey_socketsp; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_add_parse: .\n"); - - pfkey_extensions_init(extensions_reply); - - if(((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state != SADB_SASTATE_MATURE) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_add_parse: " - "error, sa_state=%d must be MATURE=%d\n", - ((struct sadb_sa*)extensions[SADB_EXT_SA])->sadb_sa_state, - SADB_SASTATE_MATURE); - SENDERR(EINVAL); - } - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_add_parse: " - "extr or extr->ips pointer NULL\n"); - SENDERR(EINVAL); - } - - sa_len = satoa(extr->ips->ips_said, 0, sa, SATOA_BUF); - - ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); - if(ipsq != NULL) { - ipsec_sa_put(ipsq); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_add_parse: " - "found an old ipsec_sa for SA%s, delete it first.\n", - sa_len ? sa : " (error)"); - SENDERR(EEXIST); - } - - if(ip_chk_addr((unsigned long)extr->ips->ips_said.dst.s_addr) == IS_MYADDR) { - extr->ips->ips_flags |= EMT_INBOUND; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_add_parse: " - "existing ipsec_sa not found (this is good) for SA%s, %s-bound, allocating.\n", - sa_len ? sa : " (error)", - extr->ips->ips_flags & EMT_INBOUND ? "in" : "out"); - - /* XXX extr->ips->ips_rcvif = &(enc_softc[em->em_if].enc_if);*/ - extr->ips->ips_rcvif = NULL; - - if ((error = pfkey_ipsec_sa_init(extr->ips, extensions))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_add_parse: " - "not successful for SA: %s, deleting.\n", - sa_len ? sa : " (error)"); - SENDERR(-error); - } - - extr->ips->ips_life.ipl_addtime.ipl_count = jiffies / HZ; - if(!extr->ips->ips_life.ipl_allocations.ipl_count) { - extr->ips->ips_life.ipl_allocations.ipl_count += 1; - } - - if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], - SADB_ADD, - satype, - 0, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), - extensions_reply) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], - SADB_EXT_SA, - extr->ips->ips_said.spi, - extr->ips->ips_replaywin, - extr->ips->ips_state, - extr->ips->ips_authalg, - extr->ips->ips_encalg, - extr->ips->ips_flags, - extr->ips->ips_ref), - extensions_reply) - /* The 3 lifetime extentions should only be sent if non-zero. */ - && (extensions[SADB_EXT_LIFETIME_HARD] - ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_HARD], - SADB_EXT_LIFETIME_HARD, - extr->ips->ips_life.ipl_allocations.ipl_hard, - extr->ips->ips_life.ipl_bytes.ipl_hard, - extr->ips->ips_life.ipl_addtime.ipl_hard, - extr->ips->ips_life.ipl_usetime.ipl_hard, - extr->ips->ips_life.ipl_packets.ipl_hard), - extensions_reply) : 1) - && (extensions[SADB_EXT_LIFETIME_SOFT] - ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_SOFT], - SADB_EXT_LIFETIME_SOFT, - extr->ips->ips_life.ipl_allocations.ipl_soft, - extr->ips->ips_life.ipl_bytes.ipl_soft, - extr->ips->ips_life.ipl_addtime.ipl_soft, - extr->ips->ips_life.ipl_usetime.ipl_soft, - extr->ips->ips_life.ipl_packets.ipl_soft), - extensions_reply) : 1) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_s), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_d), - extensions_reply) - && (extr->ips->ips_ident_s.data - ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC], - SADB_EXT_IDENTITY_SRC, - extr->ips->ips_ident_s.type, - extr->ips->ips_ident_s.id, - extr->ips->ips_ident_s.len, - extr->ips->ips_ident_s.data), - extensions_reply) : 1) - && (extr->ips->ips_ident_d.data - ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST], - SADB_EXT_IDENTITY_DST, - extr->ips->ips_ident_d.type, - extr->ips->ips_ident_d.id, - extr->ips->ips_ident_d.len, - extr->ips->ips_ident_d.data), - extensions_reply) : 1) -#if 0 - /* FIXME: This won't work yet because I have not finished - it. */ - && (extr->ips->ips_sens_ - ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY], - extr->ips->ips_sens_dpd, - extr->ips->ips_sens_sens_level, - extr->ips->ips_sens_sens_len, - extr->ips->ips_sens_sens_bitmap, - extr->ips->ips_sens_integ_level, - extr->ips->ips_sens_integ_len, - extr->ips->ips_sens_integ_bitmap), - extensions_reply) : 1) -#endif - )) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " - "failed to build the add reply message extensions\n"); - SENDERR(-error); - } - - if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " - "failed to build the add reply message\n"); - SENDERR(-error); - } - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " - "sending up add reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " - "sending up add reply message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - - if((error = ipsec_sa_add(extr->ips))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_add_parse: " - "failed to add the mature SA=%s with error=%d.\n", - sa_len ? sa : " (error)", - error); - SENDERR(-error); - } - extr->ips = NULL; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_add_parse: " - "successful for SA: %s\n", - sa_len ? sa : " (error)"); - - errlab: - if (pfkey_reply) { - pfkey_msg_free(&pfkey_reply); - } - pfkey_extensions_free(extensions_reply); - return error; -} - -DEBUG_NO_STATIC int -pfkey_delete_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - struct ipsec_sa *ipsp; - char sa[SATOA_BUF]; - size_t sa_len; - int error = 0; - struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_reply = NULL; - struct socket_list *pfkey_socketsp; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_delete_parse: .\n"); - - pfkey_extensions_init(extensions_reply); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_delete_parse: " - "extr or extr->ips pointer NULL, fatal\n"); - SENDERR(EINVAL); - } - - sa_len = satoa(extr->ips->ips_said, 0, sa, SATOA_BUF); - - spin_lock_bh(&tdb_lock); - - ipsp = ipsec_sa_getbyid(&(extr->ips->ips_said)); - if (ipsp == NULL) { - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_delete_parse: " - "ipsec_sa not found for SA:%s, could not delete.\n", - sa_len ? sa : " (error)"); - SENDERR(ESRCH); - } - - ipsec_sa_put(ipsp); - if((error = ipsec_sa_delchain(ipsp))) { - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_delete_parse: " - "error=%d returned trying to delete ipsec_sa for SA:%s.\n", - error, - sa_len ? sa : " (error)"); - SENDERR(-error); - } - spin_unlock_bh(&tdb_lock); - - if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], - SADB_DELETE, - satype, - 0, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), - extensions_reply) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], - SADB_EXT_SA, - extr->ips->ips_said.spi, - 0, - 0, - 0, - 0, - 0, - extr->ips->ips_ref), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_s), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_d), - extensions_reply) - )) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " - "failed to build the delete reply message extensions\n"); - SENDERR(-error); - } - - if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " - "failed to build the delete reply message\n"); - SENDERR(-error); - } - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " - "sending up delete reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_delete_parse: " - "sending up delete reply message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - - errlab: - if (pfkey_reply) { - pfkey_msg_free(&pfkey_reply); - } - pfkey_extensions_free(extensions_reply); - return error; -} - -DEBUG_NO_STATIC int -pfkey_get_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct ipsec_sa *ipsp; - char sa[SATOA_BUF]; - size_t sa_len; - struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_reply = NULL; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_get_parse: .\n"); - - pfkey_extensions_init(extensions_reply); - - if(!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_get_parse: " - "extr or extr->ips pointer NULL, fatal\n"); - SENDERR(EINVAL); - } - - sa_len = satoa(extr->ips->ips_said, 0, sa, SATOA_BUF); - - spin_lock_bh(&tdb_lock); - - ipsp = ipsec_sa_getbyid(&(extr->ips->ips_said)); - if (ipsp == NULL) { - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " - "ipsec_sa not found for SA=%s, could not get.\n", - sa_len ? sa : " (error)"); - SENDERR(ESRCH); - } - - if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], - SADB_GET, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype, - 0, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), - extensions_reply) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], - SADB_EXT_SA, - extr->ips->ips_said.spi, - extr->ips->ips_replaywin, - extr->ips->ips_state, - extr->ips->ips_authalg, - extr->ips->ips_encalg, - extr->ips->ips_flags, - extr->ips->ips_ref), - extensions_reply) - /* The 3 lifetime extentions should only be sent if non-zero. */ - && (ipsp->ips_life.ipl_allocations.ipl_count - || ipsp->ips_life.ipl_bytes.ipl_count - || ipsp->ips_life.ipl_addtime.ipl_count - || ipsp->ips_life.ipl_usetime.ipl_count - || ipsp->ips_life.ipl_packets.ipl_count - ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_CURRENT], - SADB_EXT_LIFETIME_CURRENT, - ipsp->ips_life.ipl_allocations.ipl_count, - ipsp->ips_life.ipl_bytes.ipl_count, - ipsp->ips_life.ipl_addtime.ipl_count, - ipsp->ips_life.ipl_usetime.ipl_count, - ipsp->ips_life.ipl_packets.ipl_count), - extensions_reply) : 1) - && (ipsp->ips_life.ipl_allocations.ipl_hard - || ipsp->ips_life.ipl_bytes.ipl_hard - || ipsp->ips_life.ipl_addtime.ipl_hard - || ipsp->ips_life.ipl_usetime.ipl_hard - || ipsp->ips_life.ipl_packets.ipl_hard - ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_HARD], - SADB_EXT_LIFETIME_HARD, - ipsp->ips_life.ipl_allocations.ipl_hard, - ipsp->ips_life.ipl_bytes.ipl_hard, - ipsp->ips_life.ipl_addtime.ipl_hard, - ipsp->ips_life.ipl_usetime.ipl_hard, - ipsp->ips_life.ipl_packets.ipl_hard), - extensions_reply) : 1) - && (ipsp->ips_life.ipl_allocations.ipl_soft - || ipsp->ips_life.ipl_bytes.ipl_soft - || ipsp->ips_life.ipl_addtime.ipl_soft - || ipsp->ips_life.ipl_usetime.ipl_soft - || ipsp->ips_life.ipl_packets.ipl_soft - ? pfkey_safe_build(error = pfkey_lifetime_build(&extensions_reply[SADB_EXT_LIFETIME_SOFT], - SADB_EXT_LIFETIME_SOFT, - ipsp->ips_life.ipl_allocations.ipl_soft, - ipsp->ips_life.ipl_bytes.ipl_soft, - ipsp->ips_life.ipl_addtime.ipl_soft, - ipsp->ips_life.ipl_usetime.ipl_soft, - ipsp->ips_life.ipl_packets.ipl_soft), - extensions_reply) : 1) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_s), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_d), - extensions_reply) - && (extr->ips->ips_addr_p - ? pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_PROXY], - SADB_EXT_ADDRESS_PROXY, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_p), - extensions_reply) : 1) -#if 0 - /* FIXME: This won't work yet because the keys are not - stored directly in the ipsec_sa. They are stored as - contexts. */ - && (extr->ips->ips_key_a_size - ? pfkey_safe_build(error = pfkey_key_build(&extensions_reply[SADB_EXT_KEY_AUTH], - SADB_EXT_KEY_AUTH, - extr->ips->ips_key_a_size * 8, - extr->ips->ips_key_a), - extensions_reply) : 1) - /* FIXME: This won't work yet because the keys are not - stored directly in the ipsec_sa. They are stored as - key schedules. */ - && (extr->ips->ips_key_e_size - ? pfkey_safe_build(error = pfkey_key_build(&extensions_reply[SADB_EXT_KEY_ENCRYPT], - SADB_EXT_KEY_ENCRYPT, - extr->ips->ips_key_e_size * 8, - extr->ips->ips_key_e), - extensions_reply) : 1) -#endif - && (extr->ips->ips_ident_s.data - ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_SRC], - SADB_EXT_IDENTITY_SRC, - extr->ips->ips_ident_s.type, - extr->ips->ips_ident_s.id, - extr->ips->ips_ident_s.len, - extr->ips->ips_ident_s.data), - extensions_reply) : 1) - && (extr->ips->ips_ident_d.data - ? pfkey_safe_build(error = pfkey_ident_build(&extensions_reply[SADB_EXT_IDENTITY_DST], - SADB_EXT_IDENTITY_DST, - extr->ips->ips_ident_d.type, - extr->ips->ips_ident_d.id, - extr->ips->ips_ident_d.len, - extr->ips->ips_ident_d.data), - extensions_reply) : 1) -#if 0 - /* FIXME: This won't work yet because I have not finished - it. */ - && (extr->ips->ips_sens_ - ? pfkey_safe_build(error = pfkey_sens_build(&extensions_reply[SADB_EXT_SENSITIVITY], - extr->ips->ips_sens_dpd, - extr->ips->ips_sens_sens_level, - extr->ips->ips_sens_sens_len, - extr->ips->ips_sens_sens_bitmap, - extr->ips->ips_sens_integ_level, - extr->ips->ips_sens_integ_len, - extr->ips->ips_sens_integ_bitmap), - extensions_reply) : 1) -#endif - )) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " - "failed to build the get reply message extensions\n"); - ipsec_sa_put(ipsp); - spin_unlock_bh(&tdb_lock); - SENDERR(-error); - } - - ipsec_sa_put(ipsp); - spin_unlock_bh(&tdb_lock); - - if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " - "failed to build the get reply message\n"); - SENDERR(-error); - } - - if((error = pfkey_upmsg(sk->socket, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " - "failed to send the get reply message\n"); - SENDERR(-error); - } - - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_get_parse: " - "succeeded in sending get reply message.\n"); - - errlab: - if (pfkey_reply) { - pfkey_msg_free(&pfkey_reply); - } - pfkey_extensions_free(extensions_reply); - return error; -} - -DEBUG_NO_STATIC int -pfkey_acquire_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct socket_list *pfkey_socketsp; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_acquire_parse: .\n"); - - /* XXX I don't know if we want an upper bound, since userspace may - want to register itself for an satype > SADB_SATYPE_MAX. */ - if((satype == 0) || (satype > SADB_SATYPE_MAX)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_acquire_parse: " - "SATYPE=%d invalid.\n", - satype); - SENDERR(EINVAL); - } - - if(!(pfkey_registered_sockets[satype])) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: " - "no sockets registered for SAtype=%d(%s).\n", - satype, - satype2name(satype)); - SENDERR(EPROTONOSUPPORT); - } - - for(pfkey_socketsp = pfkey_registered_sockets[satype]; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: " - "sending up acquire reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire_parse: " - "sending up acquire reply message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_register_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_parse: .\n"); - - /* XXX I don't know if we want an upper bound, since userspace may - want to register itself for an satype > SADB_SATYPE_MAX. */ - if((satype == 0) || (satype > SADB_SATYPE_MAX)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_parse: " - "SATYPE=%d invalid.\n", - satype); - SENDERR(EINVAL); - } - - if(!pfkey_list_insert_socket(sk->socket, - &(pfkey_registered_sockets[satype]))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_parse: " - "SATYPE=%02d(%s) successfully registered by KMd (pid=%d).\n", - satype, - satype2name(satype), - key_pid(sk)); - }; - - /* send up register msg with supported SATYPE algos */ - - error=pfkey_register_reply(satype, (struct sadb_msg*)extensions[SADB_EXT_RESERVED]); - errlab: - return error; -} -int -pfkey_register_reply(int satype, struct sadb_msg *sadb_msg) -{ - struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_reply = NULL; - struct socket_list *pfkey_socketsp; - struct supported_list *pfkey_supported_listp; - unsigned int alg_num_a = 0, alg_num_e = 0; - struct sadb_alg *alg_a = NULL, *alg_e = NULL, *alg_ap = NULL, *alg_ep = NULL; - int error = 0; - - pfkey_extensions_init(extensions_reply); - - if((satype == 0) || (satype > SADB_SATYPE_MAX)) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " - "SAtype=%d unspecified or unknown.\n", - satype); - SENDERR(EINVAL); - } - if(!(pfkey_registered_sockets[satype])) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " - "no sockets registered for SAtype=%d(%s).\n", - satype, - satype2name(satype)); - SENDERR(EPROTONOSUPPORT); - } - /* send up register msg with supported SATYPE algos */ - pfkey_supported_listp = pfkey_supported_list[satype]; - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_reply: " - "pfkey_supported_list[%d]=0p%p\n", - satype, - pfkey_supported_list[satype]); - while(pfkey_supported_listp) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_reply: " - "checking supported=0p%p\n", - pfkey_supported_listp); - if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_AUTH) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_reply: " - "adding auth alg.\n"); - alg_num_a++; - } - if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_ENCRYPT) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_reply: " - "adding encrypt alg.\n"); - alg_num_e++; - } - pfkey_supported_listp = pfkey_supported_listp->next; - } - - if(alg_num_a) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_reply: " - "allocating %lu bytes for auth algs.\n", - (unsigned long) (alg_num_a * sizeof(struct sadb_alg))); - if((alg_a = kmalloc(alg_num_a * sizeof(struct sadb_alg), GFP_ATOMIC) ) == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_reply: " - "auth alg memory allocation error\n"); - SENDERR(ENOMEM); - } - alg_ap = alg_a; - } - - if(alg_num_e) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_reply: " - "allocating %lu bytes for enc algs.\n", - (unsigned long) (alg_num_e * sizeof(struct sadb_alg))); - if((alg_e = kmalloc(alg_num_e * sizeof(struct sadb_alg), GFP_ATOMIC) ) == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_reply: " - "enc alg memory allocation error\n"); - SENDERR(ENOMEM); - } - alg_ep = alg_e; - } - - pfkey_supported_listp = pfkey_supported_list[satype]; - while(pfkey_supported_listp) { - if(alg_num_a) { - if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_AUTH) { - alg_ap->sadb_alg_id = pfkey_supported_listp->supportedp->supported_alg_id; - alg_ap->sadb_alg_ivlen = pfkey_supported_listp->supportedp->supported_alg_ivlen; - alg_ap->sadb_alg_minbits = pfkey_supported_listp->supportedp->supported_alg_minbits; - alg_ap->sadb_alg_maxbits = pfkey_supported_listp->supportedp->supported_alg_maxbits; - alg_ap->sadb_alg_reserved = 0; - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_register_reply: " - "adding auth=0p%p\n", - alg_ap); - alg_ap++; - } - } - if(alg_num_e) { - if(pfkey_supported_listp->supportedp->supported_alg_exttype == SADB_EXT_SUPPORTED_ENCRYPT) { - alg_ep->sadb_alg_id = pfkey_supported_listp->supportedp->supported_alg_id; - alg_ep->sadb_alg_ivlen = pfkey_supported_listp->supportedp->supported_alg_ivlen; - alg_ep->sadb_alg_minbits = pfkey_supported_listp->supportedp->supported_alg_minbits; - alg_ep->sadb_alg_maxbits = pfkey_supported_listp->supportedp->supported_alg_maxbits; - alg_ep->sadb_alg_reserved = 0; - KLIPS_PRINT(debug_pfkey && sysctl_ipsec_debug_verbose, - "klips_debug:pfkey_register_reply: " - "adding encrypt=0p%p\n", - alg_ep); - alg_ep++; - } - } - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_register_reply: " - "found satype=%d(%s) exttype=%d id=%d ivlen=%d minbits=%d maxbits=%d.\n", - satype, - satype2name(satype), - pfkey_supported_listp->supportedp->supported_alg_exttype, - pfkey_supported_listp->supportedp->supported_alg_id, - pfkey_supported_listp->supportedp->supported_alg_ivlen, - pfkey_supported_listp->supportedp->supported_alg_minbits, - pfkey_supported_listp->supportedp->supported_alg_maxbits); - pfkey_supported_listp = pfkey_supported_listp->next; - } - if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], - SADB_REGISTER, - satype, - 0, - sadb_msg? sadb_msg->sadb_msg_seq : ++pfkey_msg_seq, - sadb_msg? sadb_msg->sadb_msg_pid: current->pid), - extensions_reply) && - (alg_num_a ? pfkey_safe_build(error = pfkey_supported_build(&extensions_reply[SADB_EXT_SUPPORTED_AUTH], - SADB_EXT_SUPPORTED_AUTH, - alg_num_a, - alg_a), - extensions_reply) : 1) && - (alg_num_e ? pfkey_safe_build(error = pfkey_supported_build(&extensions_reply[SADB_EXT_SUPPORTED_ENCRYPT], - SADB_EXT_SUPPORTED_ENCRYPT, - alg_num_e, - alg_e), - extensions_reply) : 1))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " - "failed to build the register message extensions_reply\n"); - SENDERR(-error); - } - - if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " - "failed to build the register message\n"); - SENDERR(-error); - } - /* this should go to all registered sockets for that satype only */ - for(pfkey_socketsp = pfkey_registered_sockets[satype]; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " - "sending up acquire message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_register_reply: " - "sending up register message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - - errlab: - if(alg_a) { - kfree(alg_a); - } - if(alg_e) { - kfree(alg_e); - } - if (pfkey_reply) { - pfkey_msg_free(&pfkey_reply); - } - pfkey_extensions_free(extensions_reply); - return error; -} - -DEBUG_NO_STATIC int -pfkey_expire_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct socket_list *pfkey_socketsp; -#ifdef CONFIG_IPSEC_DEBUG - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; -#endif /* CONFIG_IPSEC_DEBUG */ - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_expire_parse: .\n"); - - if(pfkey_open_sockets) { - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire_parse: " - "sending up expire reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire_parse: " - "sending up expire reply message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - } - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_flush_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - struct socket_list *pfkey_socketsp; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; - uint8_t proto = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_flush_parse: " - "flushing type %d SAs\n", - satype); - - if(satype && !(proto = satype2proto(satype))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_flush_parse: " - "satype %d lookup failed.\n", - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype); - SENDERR(EINVAL); - } - - if ((error = ipsec_sadb_cleanup(proto))) { - SENDERR(-error); - } - - if(pfkey_open_sockets) { - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_flush_parse: " - "sending up flush reply message for satype=%d(%s) (proto=%d) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - proto, - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_flush_parse: " - "sending up flush reply message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - } - - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_dump_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_dump_parse: .\n"); - - SENDERR(ENOSYS); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_promisc_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_promisc_parse: .\n"); - - SENDERR(ENOSYS); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_pchange_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_pchange_parse: .\n"); - - SENDERR(ENOSYS); - errlab: - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_grpsa_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - struct ipsec_sa *ips1p, *ips2p, *ipsp; - struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_reply = NULL; - struct socket_list *pfkey_socketsp; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; - char sa1[SATOA_BUF], sa2[SATOA_BUF]; - size_t sa_len1, sa_len2 = 0; - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_grpsa_parse: .\n"); - - pfkey_extensions_init(extensions_reply); - - if(extr == NULL || extr->ips == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_grpsa_parse: " - "extr or extr->ips is NULL, fatal.\n"); - SENDERR(EINVAL); - } - - sa_len1 = satoa(extr->ips->ips_said, 0, sa1, SATOA_BUF); - if(extr->ips2 != NULL) { - sa_len2 = satoa(extr->ips2->ips_said, 0, sa2, SATOA_BUF); - } - - spin_lock_bh(&tdb_lock); - - ips1p = ipsec_sa_getbyid(&(extr->ips->ips_said)); - if(ips1p == NULL) { - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_grpsa_parse: " - "reserved ipsec_sa for SA1: %s not found. Call SADB_ADD/UPDATE first.\n", - sa_len1 ? sa1 : " (error)"); - SENDERR(ENOENT); - } - if(extr->ips2) { /* GRPSA */ - ips2p = ipsec_sa_getbyid(&(extr->ips2->ips_said)); - if(ips2p == NULL) { - ipsec_sa_put(ips1p); - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_grpsa_parse: " - "reserved ipsec_sa for SA2: %s not found. Call SADB_ADD/UPDATE first.\n", - sa_len2 ? sa2 : " (error)"); - SENDERR(ENOENT); - } - - /* Is either one already linked? */ - if(ips1p->ips_onext) { - ipsec_sa_put(ips1p); - ipsec_sa_put(ips2p); - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_grpsa_parse: " - "ipsec_sa for SA: %s is already linked.\n", - sa_len1 ? sa1 : " (error)"); - SENDERR(EEXIST); - } - if(ips2p->ips_inext) { - ipsec_sa_put(ips1p); - ipsec_sa_put(ips2p); - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_grpsa_parse: " - "ipsec_sa for SA: %s is already linked.\n", - sa_len2 ? sa2 : " (error)"); - SENDERR(EEXIST); - } - - /* Is extr->ips already linked to extr->ips2? */ - ipsp = ips2p; - while(ipsp) { - if(ipsp == ips1p) { - ipsec_sa_put(ips1p); - ipsec_sa_put(ips2p); - spin_unlock_bh(&tdb_lock); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_grpsa_parse: " - "ipsec_sa for SA: %s is already linked to %s.\n", - sa_len1 ? sa1 : " (error)", - sa_len2 ? sa2 : " (error)"); - SENDERR(EEXIST); - } - ipsp = ipsp->ips_onext; - } - - /* link 'em */ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_grpsa_parse: " - "linking ipsec_sa SA: %s with %s.\n", - sa_len1 ? sa1 : " (error)", - sa_len2 ? sa2 : " (error)"); - ips1p->ips_onext = ips2p; - ips2p->ips_inext = ips1p; - } else { /* UNGRPSA */ - ipsec_sa_put(ips1p); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_grpsa_parse: " - "unlinking ipsec_sa SA: %s.\n", - sa_len1 ? sa1 : " (error)"); - while(ips1p->ips_onext) { - ips1p = ips1p->ips_onext; - } - while(ips1p->ips_inext) { - ipsp = ips1p; - ips1p = ips1p->ips_inext; - ipsec_sa_put(ips1p); - ipsp->ips_inext = NULL; - ipsec_sa_put(ipsp); - ips1p->ips_onext = NULL; - } - } - - spin_unlock_bh(&tdb_lock); - - if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], - SADB_X_GRPSA, - satype, - 0, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), - extensions_reply) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], - SADB_EXT_SA, - extr->ips->ips_said.spi, - extr->ips->ips_replaywin, - extr->ips->ips_state, - extr->ips->ips_authalg, - extr->ips->ips_encalg, - extr->ips->ips_flags, - extr->ips->ips_ref), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_d), - extensions_reply) - && (extr->ips2 - ? (pfkey_safe_build(error = pfkey_x_satype_build(&extensions_reply[SADB_X_EXT_SATYPE2], - ((struct sadb_x_satype*)extensions[SADB_X_EXT_SATYPE2])->sadb_x_satype_satype - /* proto2satype(extr->ips2->ips_said.proto) */), - extensions_reply) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_X_EXT_SA2], - SADB_X_EXT_SA2, - extr->ips2->ips_said.spi, - extr->ips2->ips_replaywin, - extr->ips2->ips_state, - extr->ips2->ips_authalg, - extr->ips2->ips_encalg, - extr->ips2->ips_flags, - extr->ips2->ips_ref), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST2], - SADB_X_EXT_ADDRESS_DST2, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips2->ips_addr_d), - extensions_reply) ) : 1 ) - )) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " - "failed to build the x_grpsa reply message extensions\n"); - SENDERR(-error); - } - - if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " - "failed to build the x_grpsa reply message\n"); - SENDERR(-error); - } - - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " - "sending up x_grpsa reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " - "sending up x_grpsa reply message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_grpsa_parse: " - "succeeded in sending x_grpsa reply message.\n"); - - errlab: - if (pfkey_reply) { - pfkey_msg_free(&pfkey_reply); - } - pfkey_extensions_free(extensions_reply); - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_addflow_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; -#ifdef CONFIG_IPSEC_DEBUG - char buf1[64], buf2[64]; -#endif /* CONFIG_IPSEC_DEBUG */ - struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_reply = NULL; - struct socket_list *pfkey_socketsp; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; - ip_address srcflow, dstflow, srcmask, dstmask; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: .\n"); - - pfkey_extensions_init(extensions_reply); - - memset((caddr_t)&srcflow, 0, sizeof(srcflow)); - memset((caddr_t)&dstflow, 0, sizeof(dstflow)); - memset((caddr_t)&srcmask, 0, sizeof(srcmask)); - memset((caddr_t)&dstmask, 0, sizeof(dstmask)); - - if(!extr || !(extr->ips) || !(extr->eroute)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "missing extr, ipsec_sa or eroute data.\n"); - SENDERR(EINVAL); - } - - srcflow.u.v4.sin_family = AF_INET; - dstflow.u.v4.sin_family = AF_INET; - srcmask.u.v4.sin_family = AF_INET; - dstmask.u.v4.sin_family = AF_INET; - srcflow.u.v4.sin_addr = extr->eroute->er_eaddr.sen_ip_src; - dstflow.u.v4.sin_addr = extr->eroute->er_eaddr.sen_ip_dst; - srcmask.u.v4.sin_addr = extr->eroute->er_emask.sen_ip_src; - dstmask.u.v4.sin_addr = extr->eroute->er_emask.sen_ip_dst; - -#ifdef CONFIG_IPSEC_DEBUG - if (debug_pfkey) { - subnettoa(extr->eroute->er_eaddr.sen_ip_src, - extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); - subnettoa(extr->eroute->er_eaddr.sen_ip_dst, - extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "calling breakeroute and/or makeroute for %s->%s\n", - buf1, buf2); - } -#endif /* CONFIG_IPSEC_DEBUG */ - if(extr->ips->ips_flags & SADB_X_SAFLAGS_INFLOW) { -/* if(ip_chk_addr((unsigned long)extr->ips->ips_said.dst.s_addr) == IS_MYADDR) */ - struct ipsec_sa *ipsp, *ipsq; - char sa[SATOA_BUF]; - size_t sa_len; - - ipsq = ipsec_sa_getbyid(&(extr->ips->ips_said)); - if(ipsq == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "ipsec_sa not found, cannot set incoming policy.\n"); - SENDERR(ENOENT); - } - - ipsp = ipsq; - while(ipsp && ipsp->ips_said.proto != IPPROTO_IPIP) { - ipsp = ipsp->ips_inext; - } - - if(ipsp == NULL) { - ipsec_sa_put(ipsq); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "SA chain does not have an IPIP SA, cannot set incoming policy.\n"); - SENDERR(ENOENT); - } - - sa_len = satoa(extr->ips->ips_said, 0, sa, SATOA_BUF); - - ipsp->ips_flags |= SADB_X_SAFLAGS_INFLOW; - ipsp->ips_flow_s = srcflow; - ipsp->ips_flow_d = dstflow; - ipsp->ips_mask_s = srcmask; - ipsp->ips_mask_d = dstmask; - - ipsec_sa_put(ipsq); - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "inbound eroute, setting incoming policy information in IPIP ipsec_sa for SA: %s.\n", - sa_len ? sa : " (error)"); - } else { - struct sk_buff *first = NULL, *last = NULL; - - if(extr->ips->ips_flags & SADB_X_SAFLAGS_REPLACEFLOW) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "REPLACEFLOW flag set, calling breakeroute.\n"); - if ((error = ipsec_breakroute(&(extr->eroute->er_eaddr), - &(extr->eroute->er_emask), - &first, &last))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "breakeroute returned %d. first=0p%p, last=0p%p\n", - error, - first, - last); - if(first != NULL) { - ipsec_kfree_skb(first); - } - if(last != NULL) { - ipsec_kfree_skb(last); - } - SENDERR(-error); - } - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "calling makeroute.\n"); - - if ((error = ipsec_makeroute(&(extr->eroute->er_eaddr), - &(extr->eroute->er_emask), - extr->ips->ips_said, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid, - NULL, - &(extr->ips->ips_ident_s), - &(extr->ips->ips_ident_d)))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "makeroute returned %d.\n", error); - SENDERR(-error); - } - if(first != NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "first=0p%p HOLD packet re-injected.\n", - first); - DEV_QUEUE_XMIT(first, first->dev, SOPRI_NORMAL); - } - if(last != NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "last=0p%p HOLD packet re-injected.\n", - last); - DEV_QUEUE_XMIT(last, last->dev, SOPRI_NORMAL); - } - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "makeroute call successful.\n"); - - if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], - SADB_X_ADDFLOW, - satype, - 0, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), - extensions_reply) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], - SADB_EXT_SA, - extr->ips->ips_said.spi, - extr->ips->ips_replaywin, - extr->ips->ips_state, - extr->ips->ips_authalg, - extr->ips->ips_encalg, - extr->ips->ips_flags, - extr->ips->ips_ref), - extensions_reply) - && (extensions[SADB_EXT_ADDRESS_SRC] - ? pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_s), - extensions_reply) : 1) - && (extensions[SADB_EXT_ADDRESS_DST] - ? pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - 0, /*extr->ips->ips_said.proto,*/ - 0, - extr->ips->ips_addr_d), - extensions_reply) : 1) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_SRC_FLOW], - SADB_X_EXT_ADDRESS_SRC_FLOW, - 0, /*extr->ips->ips_said.proto,*/ - 0, - (struct sockaddr*)&srcflow), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST_FLOW], - SADB_X_EXT_ADDRESS_DST_FLOW, - 0, /*extr->ips->ips_said.proto,*/ - 0, - (struct sockaddr*)&dstflow), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_SRC_MASK], - SADB_X_EXT_ADDRESS_SRC_MASK, - 0, /*extr->ips->ips_said.proto,*/ - 0, - (struct sockaddr*)&srcmask), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST_MASK], - SADB_X_EXT_ADDRESS_DST_MASK, - 0, /*extr->ips->ips_said.proto,*/ - 0, - (struct sockaddr*)&dstmask), - extensions_reply) - )) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_addflow_parse: " - "failed to build the x_addflow reply message extensions\n"); - SENDERR(-error); - } - - if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_addflow_parse: " - "failed to build the x_addflow reply message\n"); - SENDERR(-error); - } - - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_addflow_parse: " - "sending up x_addflow reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_addflow_parse: " - "sending up x_addflow reply message for satype=%d(%s) (proto=%d) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - extr->ips->ips_said.proto, - pfkey_socketsp->socketp); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_addflow_parse: " - "extr->ips cleaned up and freed.\n"); - - errlab: - if (pfkey_reply) { - pfkey_msg_free(&pfkey_reply); - } - pfkey_extensions_free(extensions_reply); - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_delflow_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; -#ifdef CONFIG_IPSEC_DEBUG - char buf1[64], buf2[64]; -#endif /* CONFIG_IPSEC_DEBUG */ - struct sadb_ext *extensions_reply[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_reply = NULL; - struct socket_list *pfkey_socketsp; - uint8_t satype = ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_satype; - ip_address srcflow, dstflow, srcmask, dstmask; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_delflow_parse: .\n"); - - pfkey_extensions_init(extensions_reply); - - memset((caddr_t)&srcflow, 0, sizeof(srcflow)); - memset((caddr_t)&dstflow, 0, sizeof(dstflow)); - memset((caddr_t)&srcmask, 0, sizeof(srcmask)); - memset((caddr_t)&dstmask, 0, sizeof(dstmask)); - - if(!extr || !(extr->ips)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_delflow_parse: " - "extr, or extr->ips is NULL, fatal\n"); - SENDERR(EINVAL); - } - - if(extr->ips->ips_flags & SADB_X_SAFLAGS_CLEARFLOW) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_delflow_parse: " - "CLEARFLOW flag set, calling cleareroutes.\n"); - if ((error = ipsec_cleareroutes())) - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_delflow_parse: " - "cleareroutes returned %d.\n", error); - SENDERR(-error); - } else { - struct sk_buff *first = NULL, *last = NULL; - - if(!(extr->eroute)) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_delflow_parse: " - "extr->eroute is NULL, fatal.\n"); - SENDERR(EINVAL); - } - - srcflow.u.v4.sin_family = AF_INET; - dstflow.u.v4.sin_family = AF_INET; - srcmask.u.v4.sin_family = AF_INET; - dstmask.u.v4.sin_family = AF_INET; - srcflow.u.v4.sin_addr = extr->eroute->er_eaddr.sen_ip_src; - dstflow.u.v4.sin_addr = extr->eroute->er_eaddr.sen_ip_dst; - srcmask.u.v4.sin_addr = extr->eroute->er_emask.sen_ip_src; - dstmask.u.v4.sin_addr = extr->eroute->er_emask.sen_ip_dst; - -#ifdef CONFIG_IPSEC_DEBUG - if (debug_pfkey) { - subnettoa(extr->eroute->er_eaddr.sen_ip_src, - extr->eroute->er_emask.sen_ip_src, 0, buf1, sizeof(buf1)); - subnettoa(extr->eroute->er_eaddr.sen_ip_dst, - extr->eroute->er_emask.sen_ip_dst, 0, buf2, sizeof(buf2)); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_delflow_parse: " - "calling breakeroute for %s->%s\n", - buf1, buf2); - } -#endif /* CONFIG_IPSEC_DEBUG */ - error = ipsec_breakroute(&(extr->eroute->er_eaddr), - &(extr->eroute->er_emask), - &first, &last); - if(error) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_delflow_parse: " - "breakeroute returned %d. first=0p%p, last=0p%p\n", - error, - first, - last); - } - if(first != NULL) { - ipsec_kfree_skb(first); - } - if(last != NULL) { - ipsec_kfree_skb(last); - } - if(error) { - SENDERR(-error); - } - } - - if(!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions_reply[0], - SADB_X_DELFLOW, - satype, - 0, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_seq, - ((struct sadb_msg*)extensions[SADB_EXT_RESERVED])->sadb_msg_pid), - extensions_reply) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions_reply[SADB_EXT_SA], - SADB_EXT_SA, - extr->ips->ips_said.spi, - extr->ips->ips_replaywin, - extr->ips->ips_state, - extr->ips->ips_authalg, - extr->ips->ips_encalg, - extr->ips->ips_flags, - extr->ips->ips_ref), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_SRC_FLOW], - SADB_X_EXT_ADDRESS_SRC_FLOW, - 0, /*extr->ips->ips_said.proto,*/ - 0, - (struct sockaddr*)&srcflow), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST_FLOW], - SADB_X_EXT_ADDRESS_DST_FLOW, - 0, /*extr->ips->ips_said.proto,*/ - 0, - (struct sockaddr*)&dstflow), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_SRC_MASK], - SADB_X_EXT_ADDRESS_SRC_MASK, - 0, /*extr->ips->ips_said.proto,*/ - 0, - (struct sockaddr*)&srcmask), - extensions_reply) - && pfkey_safe_build(error = pfkey_address_build(&extensions_reply[SADB_X_EXT_ADDRESS_DST_MASK], - SADB_X_EXT_ADDRESS_DST_MASK, - 0, /*extr->ips->ips_said.proto,*/ - 0, - (struct sockaddr*)&dstmask), - extensions_reply) - )) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_delflow_parse: " - "failed to build the x_delflow reply message extensions\n"); - SENDERR(-error); - } - - if((error = pfkey_msg_build(&pfkey_reply, extensions_reply, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_delflow_parse: " - "failed to build the x_delflow reply message\n"); - SENDERR(-error); - } - - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_reply))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_delflow_parse: " - "sending up x_delflow reply message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_x_delflow_parse: " - "sending up x_delflow reply message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_delflow_parse: " - "extr->ips cleaned up and freed.\n"); - - errlab: - if (pfkey_reply) { - pfkey_msg_free(&pfkey_reply); - } - pfkey_extensions_free(extensions_reply); - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_msg_debug_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - int error = 0; - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_x_msg_debug_parse: .\n"); - -/* errlab:*/ - return error; -} - -/* pfkey_expire expects the ipsec_sa table to be locked before being called. */ -int -pfkey_expire(struct ipsec_sa *ipsp, int hard) -{ - struct sadb_ext *extensions[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_msg = NULL; - struct socket_list *pfkey_socketsp; - int error = 0; - uint8_t satype; - - pfkey_extensions_init(extensions); - - if(!(satype = proto2satype(ipsp->ips_said.proto))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_expire: " - "satype lookup for protocol %d lookup failed.\n", - ipsp->ips_said.proto); - SENDERR(EINVAL); - } - - if(!pfkey_open_sockets) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " - "no sockets listening.\n"); - SENDERR(EPROTONOSUPPORT); - } - - if (!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions[0], - SADB_EXPIRE, - satype, - 0, - ++pfkey_msg_seq, - 0), - extensions) - && pfkey_safe_build(error = pfkey_sa_ref_build(&extensions[SADB_EXT_SA], - SADB_EXT_SA, - ipsp->ips_said.spi, - ipsp->ips_replaywin, - ipsp->ips_state, - ipsp->ips_authalg, - ipsp->ips_encalg, - ipsp->ips_flags, - ipsp->ips_ref), - extensions) - && pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_CURRENT], - SADB_EXT_LIFETIME_CURRENT, - ipsp->ips_life.ipl_allocations.ipl_count, - ipsp->ips_life.ipl_bytes.ipl_count, - ipsp->ips_life.ipl_addtime.ipl_count, - ipsp->ips_life.ipl_usetime.ipl_count, - ipsp->ips_life.ipl_packets.ipl_count), - extensions) - && (hard ? - pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_HARD], - SADB_EXT_LIFETIME_HARD, - ipsp->ips_life.ipl_allocations.ipl_hard, - ipsp->ips_life.ipl_bytes.ipl_hard, - ipsp->ips_life.ipl_addtime.ipl_hard, - ipsp->ips_life.ipl_usetime.ipl_hard, - ipsp->ips_life.ipl_packets.ipl_hard), - extensions) - : pfkey_safe_build(error = pfkey_lifetime_build(&extensions[SADB_EXT_LIFETIME_SOFT], - SADB_EXT_LIFETIME_SOFT, - ipsp->ips_life.ipl_allocations.ipl_soft, - ipsp->ips_life.ipl_bytes.ipl_soft, - ipsp->ips_life.ipl_addtime.ipl_soft, - ipsp->ips_life.ipl_usetime.ipl_soft, - ipsp->ips_life.ipl_packets.ipl_soft), - extensions)) - && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, - 0, /* ipsp->ips_said.proto, */ - 0, - ipsp->ips_addr_s), - extensions) - && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - 0, /* ipsp->ips_said.proto, */ - 0, - ipsp->ips_addr_d), - extensions))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " - "failed to build the expire message extensions\n"); - spin_unlock(&tdb_lock); - goto errlab; - } - - if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " - "failed to build the expire message\n"); - SENDERR(-error); - } - - for(pfkey_socketsp = pfkey_open_sockets; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " - "sending up expire message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_expire: " - "sending up expire message for satype=%d(%s) (proto=%d) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - ipsp->ips_said.proto, - pfkey_socketsp->socketp); - } - - errlab: - if (pfkey_msg) { - pfkey_msg_free(&pfkey_msg); - } - pfkey_extensions_free(extensions); - return error; -} - -int -pfkey_acquire(struct ipsec_sa *ipsp) -{ - struct sadb_ext *extensions[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_msg = NULL; - struct socket_list *pfkey_socketsp; - int error = 0; - struct sadb_comb comb[] = { - /* auth; encrypt; flags; */ - /* auth_minbits; auth_maxbits; encrypt_minbits; encrypt_maxbits; */ - /* reserved; soft_allocations; hard_allocations; soft_bytes; hard_bytes; */ - /* soft_addtime; hard_addtime; soft_usetime; hard_usetime; */ - /* soft_packets; hard_packets; */ - { SADB_AALG_MD5_HMAC, SADB_EALG_3DES_CBC, SADB_SAFLAGS_PFS, - 128, 128, 168, 168, - 0, 0, 0, 0, 0, - 57600, 86400, 57600, 86400, - 0, 0 }, - { SADB_AALG_SHA1_HMAC, SADB_EALG_3DES_CBC, SADB_SAFLAGS_PFS, - 160, 160, 168, 168, - 0, 0, 0, 0, 0, - 57600, 86400, 57600, 86400, - 0, 0 } - }; - - /* XXX This should not be hard-coded. It should be taken from the spdb */ - uint8_t satype = SADB_SATYPE_ESP; - - pfkey_extensions_init(extensions); - - if((satype == 0) || (satype > SADB_SATYPE_MAX)) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: " - "SAtype=%d unspecified or unknown.\n", - satype); - SENDERR(EINVAL); - } - - if(!(pfkey_registered_sockets[satype])) { - KLIPS_PRINT(1|debug_pfkey, "klips_debug:pfkey_acquire: " - "no sockets registered for SAtype=%d(%s).\n", - satype, - satype2name(satype)); - SENDERR(EPROTONOSUPPORT); - } - - if (!(pfkey_safe_build(error = pfkey_msg_hdr_build(&extensions[0], - SADB_ACQUIRE, - satype, - 0, - ++pfkey_msg_seq, - 0), - extensions) - && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, - ipsp->ips_said.proto, - 0, - ipsp->ips_addr_s), - extensions) - && pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - ipsp->ips_said.proto, - 0, - ipsp->ips_addr_d), - extensions) -#if 0 - && (ipsp->ips_addr_p - ? pfkey_safe_build(error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_PROXY], - SADB_EXT_ADDRESS_PROXY, - ipsp->ips_said.proto, - 0, - ipsp->ips_addr_p), - extensions) : 1) -#endif - && (ipsp->ips_ident_s.type != SADB_IDENTTYPE_RESERVED - ? pfkey_safe_build(error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_SRC], - SADB_EXT_IDENTITY_SRC, - ipsp->ips_ident_s.type, - ipsp->ips_ident_s.id, - ipsp->ips_ident_s.len, - ipsp->ips_ident_s.data), - extensions) : 1) - - && (ipsp->ips_ident_d.type != SADB_IDENTTYPE_RESERVED - ? pfkey_safe_build(error = pfkey_ident_build(&extensions[SADB_EXT_IDENTITY_DST], - SADB_EXT_IDENTITY_DST, - ipsp->ips_ident_d.type, - ipsp->ips_ident_d.id, - ipsp->ips_ident_d.len, - ipsp->ips_ident_d.data), - extensions) : 1) -#if 0 - /* FIXME: This won't work yet because I have not finished - it. */ - && (ipsp->ips_sens_ - ? pfkey_safe_build(error = pfkey_sens_build(&extensions[SADB_EXT_SENSITIVITY], - ipsp->ips_sens_dpd, - ipsp->ips_sens_sens_level, - ipsp->ips_sens_sens_len, - ipsp->ips_sens_sens_bitmap, - ipsp->ips_sens_integ_level, - ipsp->ips_sens_integ_len, - ipsp->ips_sens_integ_bitmap), - extensions) : 1) -#endif - && pfkey_safe_build(error = pfkey_prop_build(&extensions[SADB_EXT_PROPOSAL], - 64, /* replay */ - sizeof(comb)/sizeof(struct sadb_comb), - &(comb[0])), - extensions) - )) { - KLIPS_PRINT(1|debug_pfkey, "klips_debug:pfkey_acquire: " - "failed to build the acquire message extensions\n"); - SENDERR(-error); - } - - if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) { - KLIPS_PRINT(1|debug_pfkey, "klips_debug:pfkey_acquire: " - "failed to build the acquire message\n"); - SENDERR(-error); - } - -#if KLIPS_PFKEY_ACQUIRE_LOSSAGE > 0 - if(sysctl_ipsec_regress_pfkey_lossage) { - return(0); - } -#endif - - /* this should go to all registered sockets for that satype only */ - for(pfkey_socketsp = pfkey_registered_sockets[satype]; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) { - KLIPS_PRINT(1|debug_pfkey, "klips_debug:pfkey_acquire: " - "sending up acquire message for satype=%d(%s) to socket=0p%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_acquire: " - "sending up acquire message for satype=%d(%s) to socket=0p%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - - errlab: - if (pfkey_msg) { - pfkey_msg_free(&pfkey_msg); - } - pfkey_extensions_free(extensions); - return error; -} - -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -int -pfkey_nat_t_new_mapping(struct ipsec_sa *ipsp, struct sockaddr *ipaddr, - __u16 sport) -{ - struct sadb_ext *extensions[SADB_EXT_MAX+1]; - struct sadb_msg *pfkey_msg = NULL; - struct socket_list *pfkey_socketsp; - int error = 0; - uint8_t satype = (ipsp->ips_said.proto==IPPROTO_ESP) ? SADB_SATYPE_ESP : 0; - - /* Construct SADB_X_NAT_T_NEW_MAPPING message */ - - pfkey_extensions_init(extensions); - - if((satype == 0) || (satype > SADB_SATYPE_MAX)) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " - "SAtype=%d unspecified or unknown.\n", - satype); - SENDERR(EINVAL); - } - - if(!(pfkey_registered_sockets[satype])) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " - "no sockets registered for SAtype=%d(%s).\n", - satype, - satype2name(satype)); - SENDERR(EPROTONOSUPPORT); - } - - if (!(pfkey_safe_build - (error = pfkey_msg_hdr_build(&extensions[0], SADB_X_NAT_T_NEW_MAPPING, - satype, 0, ++pfkey_msg_seq, 0), extensions) - /* SA */ - && pfkey_safe_build - (error = pfkey_sa_build(&extensions[SADB_EXT_SA], - SADB_EXT_SA, ipsp->ips_said.spi, 0, 0, 0, 0, 0), extensions) - /* ADDRESS_SRC = old addr */ - && pfkey_safe_build - (error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, ipsp->ips_said.proto, 0, ipsp->ips_addr_s), - extensions) - /* NAT_T_SPORT = old port */ - && pfkey_safe_build - (error = pfkey_x_nat_t_port_build(&extensions[SADB_X_EXT_NAT_T_SPORT], - SADB_X_EXT_NAT_T_SPORT, ipsp->ips_natt_sport), extensions) - /* ADDRESS_DST = new addr */ - && pfkey_safe_build - (error = pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, ipsp->ips_said.proto, 0, ipaddr), extensions) - /* NAT_T_DPORT = new port */ - && pfkey_safe_build - (error = pfkey_x_nat_t_port_build(&extensions[SADB_X_EXT_NAT_T_DPORT], - SADB_X_EXT_NAT_T_DPORT, sport), extensions) - )) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " - "failed to build the nat_t_new_mapping message extensions\n"); - SENDERR(-error); - } - - if ((error = pfkey_msg_build(&pfkey_msg, extensions, EXT_BITS_OUT))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " - "failed to build the nat_t_new_mapping message\n"); - SENDERR(-error); - } - - /* this should go to all registered sockets for that satype only */ - for(pfkey_socketsp = pfkey_registered_sockets[satype]; - pfkey_socketsp; - pfkey_socketsp = pfkey_socketsp->next) { - if((error = pfkey_upmsg(pfkey_socketsp->socketp, pfkey_msg))) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " - "sending up nat_t_new_mapping message for satype=%d(%s) to socket=%p failed with error=%d.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp, - error); - SENDERR(-error); - } - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_nat_t_new_mapping: " - "sending up nat_t_new_mapping message for satype=%d(%s) to socket=%p succeeded.\n", - satype, - satype2name(satype), - pfkey_socketsp->socketp); - } - - errlab: - if (pfkey_msg) { - pfkey_msg_free(&pfkey_msg); - } - pfkey_extensions_free(extensions); - return error; -} - -DEBUG_NO_STATIC int -pfkey_x_nat_t_new_mapping_parse(struct sock *sk, struct sadb_ext **extensions, struct pfkey_extracted_data* extr) -{ - /* SADB_X_NAT_T_NEW_MAPPING not used in kernel */ - return -EINVAL; -} -#endif - -DEBUG_NO_STATIC int (*ext_processors[SADB_EXT_MAX+1])(struct sadb_ext *pfkey_ext, struct pfkey_extracted_data* extr) = -{ - NULL, /* pfkey_msg_process, */ - pfkey_sa_process, - pfkey_lifetime_process, - pfkey_lifetime_process, - pfkey_lifetime_process, - pfkey_address_process, - pfkey_address_process, - pfkey_address_process, - pfkey_key_process, - pfkey_key_process, - pfkey_ident_process, - pfkey_ident_process, - pfkey_sens_process, - pfkey_prop_process, - pfkey_supported_process, - pfkey_supported_process, - pfkey_spirange_process, - pfkey_x_kmprivate_process, - pfkey_x_satype_process, - pfkey_sa_process, - pfkey_address_process, - pfkey_address_process, - pfkey_address_process, - pfkey_address_process, - pfkey_address_process, - pfkey_x_debug_process, - pfkey_x_protocol_process -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - , - pfkey_x_nat_t_type_process, - pfkey_x_nat_t_port_process, - pfkey_x_nat_t_port_process, - pfkey_address_process -#endif -}; - - -DEBUG_NO_STATIC int (*msg_parsers[SADB_MAX +1])(struct sock *sk, struct sadb_ext *extensions[], struct pfkey_extracted_data* extr) - = -{ - NULL, /* RESERVED */ - pfkey_getspi_parse, - pfkey_update_parse, - pfkey_add_parse, - pfkey_delete_parse, - pfkey_get_parse, - pfkey_acquire_parse, - pfkey_register_parse, - pfkey_expire_parse, - pfkey_flush_parse, - pfkey_dump_parse, - pfkey_x_promisc_parse, - pfkey_x_pchange_parse, - pfkey_x_grpsa_parse, - pfkey_x_addflow_parse, - pfkey_x_delflow_parse, - pfkey_x_msg_debug_parse -#ifdef CONFIG_IPSEC_NAT_TRAVERSAL - , pfkey_x_nat_t_new_mapping_parse -#endif -}; - -int -pfkey_build_reply(struct sadb_msg *pfkey_msg, struct pfkey_extracted_data *extr, - struct sadb_msg **pfkey_reply) -{ - struct sadb_ext *extensions[SADB_EXT_MAX+1]; - int error = 0; - int msg_type = pfkey_msg->sadb_msg_type; - int seq = pfkey_msg->sadb_msg_seq; - - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: " - "building reply with type: %d\n", - msg_type); - pfkey_extensions_init(extensions); - if (!extr || !extr->ips) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: " - "bad ipsec_sa passed\n"); - return EINVAL; - } - error = pfkey_safe_build(pfkey_msg_hdr_build(&extensions[0], - msg_type, - proto2satype(extr->ips->ips_said.proto), - 0, - seq, - pfkey_msg->sadb_msg_pid), - extensions) && - (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & - 1 << SADB_EXT_SA) - || pfkey_safe_build(pfkey_sa_ref_build(&extensions[SADB_EXT_SA], - SADB_EXT_SA, - extr->ips->ips_said.spi, - extr->ips->ips_replaywin, - extr->ips->ips_state, - extr->ips->ips_authalg, - extr->ips->ips_encalg, - extr->ips->ips_flags, - extr->ips->ips_ref), - extensions)) && - (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & - 1 << SADB_EXT_LIFETIME_CURRENT) - || pfkey_safe_build(pfkey_lifetime_build(&extensions - [SADB_EXT_LIFETIME_CURRENT], - SADB_EXT_LIFETIME_CURRENT, - extr->ips->ips_life.ipl_allocations.ipl_count, - extr->ips->ips_life.ipl_bytes.ipl_count, - extr->ips->ips_life.ipl_addtime.ipl_count, - extr->ips->ips_life.ipl_usetime.ipl_count, - extr->ips->ips_life.ipl_packets.ipl_count), - extensions)) && - (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & - 1 << SADB_EXT_ADDRESS_SRC) - || pfkey_safe_build(pfkey_address_build(&extensions[SADB_EXT_ADDRESS_SRC], - SADB_EXT_ADDRESS_SRC, - extr->ips->ips_said.proto, - 0, - extr->ips->ips_addr_s), - extensions)) && - (!(extensions_bitmaps[EXT_BITS_OUT][EXT_BITS_REQ][msg_type] & - 1 << SADB_EXT_ADDRESS_DST) - || pfkey_safe_build(pfkey_address_build(&extensions[SADB_EXT_ADDRESS_DST], - SADB_EXT_ADDRESS_DST, - extr->ips->ips_said.proto, - 0, - extr->ips->ips_addr_d), - extensions)); - - if (error == 0) { - KLIPS_PRINT(debug_pfkey, "klips_debug:pfkey_build_reply: " - "building extensions failed\n"); - return EINVAL; - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_build_reply: " - "built extensions, proceed to build the message\n"); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_build_reply: " - "extensions[1]=0p%p\n", - extensions[1]); - error = pfkey_msg_build(pfkey_reply, extensions, EXT_BITS_OUT); - pfkey_extensions_free(extensions); - - return error; -} - -int -pfkey_msg_interp(struct sock *sk, struct sadb_msg *pfkey_msg, - struct sadb_msg **pfkey_reply) -{ - int error = 0; - int i; - struct sadb_ext *extensions[SADB_EXT_MAX+1]; - struct pfkey_extracted_data extr = {NULL, NULL, NULL}; - - pfkey_extensions_init(extensions); - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "parsing message ver=%d, type=%d, errno=%d, satype=%d(%s), len=%d, res=%d, seq=%d, pid=%d.\n", - pfkey_msg->sadb_msg_version, - pfkey_msg->sadb_msg_type, - pfkey_msg->sadb_msg_errno, - pfkey_msg->sadb_msg_satype, - satype2name(pfkey_msg->sadb_msg_satype), - pfkey_msg->sadb_msg_len, - pfkey_msg->sadb_msg_reserved, - pfkey_msg->sadb_msg_seq, - pfkey_msg->sadb_msg_pid); - - extr.ips = ipsec_sa_alloc(&error); /* pass in error var by pointer */ - if(extr.ips == NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "memory allocation error.\n"); - SENDERR(-error); - } - - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "allocated extr->ips=0p%p.\n", - extr.ips); - - if(pfkey_msg->sadb_msg_satype > SADB_SATYPE_MAX) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "satype %d > max %d\n", - pfkey_msg->sadb_msg_satype, - SADB_SATYPE_MAX); - SENDERR(EINVAL); - } - - switch(pfkey_msg->sadb_msg_type) { - case SADB_GETSPI: - case SADB_UPDATE: - case SADB_ADD: - case SADB_DELETE: - case SADB_X_GRPSA: - case SADB_X_ADDFLOW: - if(!(extr.ips->ips_said.proto = satype2proto(pfkey_msg->sadb_msg_satype))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "satype %d lookup failed.\n", - pfkey_msg->sadb_msg_satype); - SENDERR(EINVAL); - } else { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "satype %d lookups to proto=%d.\n", - pfkey_msg->sadb_msg_satype, - extr.ips->ips_said.proto); - } - break; - default: - break; - } - - /* The NULL below causes the default extension parsers to be used */ - /* Parse the extensions */ - if((error = pfkey_msg_parse(pfkey_msg, NULL, extensions, EXT_BITS_IN))) - { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "message parsing failed with error %d.\n", - error); - SENDERR(-error); - } - - /* Process the extensions */ - for(i=1; i <= SADB_EXT_MAX;i++) { - if(extensions[i] != NULL) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "processing ext %d 0p%p with processor 0p%p.\n", - i, extensions[i], ext_processors[i]); - if((error = ext_processors[i](extensions[i], &extr))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "extension processing for type %d failed with error %d.\n", - i, - error); - SENDERR(-error); - } - - } - - } - - /* Parse the message types */ - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "parsing message type %d(%s) with msg_parser 0p%p.\n", - pfkey_msg->sadb_msg_type, - pfkey_v2_sadb_type_string(pfkey_msg->sadb_msg_type), - msg_parsers[pfkey_msg->sadb_msg_type]); - if((error = msg_parsers[pfkey_msg->sadb_msg_type](sk, extensions, &extr))) { - KLIPS_PRINT(debug_pfkey, - "klips_debug:pfkey_msg_interp: " - "message parsing failed with error %d.\n", - error); - SENDERR(-error); - } - -#if 0 - error = pfkey_build_reply(pfkey_msg, &extr, pfkey_reply); - if (error) { - *pfkey_reply = NULL; - } -#endif - errlab: - if(extr.ips != NULL) { - ipsec_sa_wipe(extr.ips); - } - if(extr.ips2 != NULL) { - ipsec_sa_wipe(extr.ips2); - } - if (extr.eroute != NULL) { - kfree(extr.eroute); - } - return(error); -} - diff --git a/linux/net/ipsec/radij.c b/linux/net/ipsec/radij.c deleted file mode 100644 index 7dbec8d37..000000000 --- a/linux/net/ipsec/radij.c +++ /dev/null @@ -1,992 +0,0 @@ -char radij_c_version[] = "RCSID $Id: radij.c,v 1.2 2004/06/13 19:57:50 as Exp $"; - -/* - * This file is defived from ${SRC}/sys/net/radix.c of BSD 4.4lite - * - * Variable and procedure names have been modified so that they don't - * conflict with the original BSD code, as a small number of modifications - * have been introduced and we may want to reuse this code in BSD. - * - * The `j' in `radij' is pronounced as a voiceless guttural (like a Greek - * chi or a German ch sound (as `doch', not as in `milch'), or even a - * spanish j as in Juan. It is not as far back in the throat like - * the corresponding Hebrew sound, nor is it a soft breath like the English h. - * It has nothing to do with the Dutch ij sound. - * - * Here is the appropriate copyright notice: - */ - -/* - * Copyright (c) 1988, 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)radix.c 8.2 (Berkeley) 1/4/94 - */ - -/* - * Routines to build and maintain radix trees for routing lookups. - */ - -#include -#include -#include /* printk() */ - -#include "freeswan/ipsec_param.h" - -#ifdef MALLOC_SLAB -# include /* kmalloc() */ -#else /* MALLOC_SLAB */ -# include /* kmalloc() */ -#endif /* MALLOC_SLAB */ -#include /* error codes */ -#include /* size_t */ -#include /* mark_bh */ - -#include /* struct device, and other headers */ -#include /* eth_type_trans */ -#include /* struct iphdr */ -#include -#ifdef NET_21 -# include -# include -#endif /* NET_21 */ -#include -#include - -#include - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" -#include "freeswan/ipsec_radij.h" - -int maj_keylen; -struct radij_mask *rj_mkfreelist; -struct radij_node_head *mask_rjhead; -static int gotOddMasks; -static char *maskedKey; -static char *rj_zeroes, *rj_ones; - -#define rj_masktop (mask_rjhead->rnh_treetop) -#ifdef Bcmp -# undef Bcmp -#endif /* Bcmp */ -#define Bcmp(a, b, l) (l == 0 ? 0 : memcmp((caddr_t)(b), (caddr_t)(a), (size_t)l)) -/* - * The data structure for the keys is a radix tree with one way - * branching removed. The index rj_b at an internal node n represents a bit - * position to be tested. The tree is arranged so that all descendants - * of a node n have keys whose bits all agree up to position rj_b - 1. - * (We say the index of n is rj_b.) - * - * There is at least one descendant which has a one bit at position rj_b, - * and at least one with a zero there. - * - * A route is determined by a pair of key and mask. We require that the - * bit-wise logical and of the key and mask to be the key. - * We define the index of a route to associated with the mask to be - * the first bit number in the mask where 0 occurs (with bit number 0 - * representing the highest order bit). - * - * We say a mask is normal if every bit is 0, past the index of the mask. - * If a node n has a descendant (k, m) with index(m) == index(n) == rj_b, - * and m is a normal mask, then the route applies to every descendant of n. - * If the index(m) < rj_b, this implies the trailing last few bits of k - * before bit b are all 0, (and hence consequently true of every descendant - * of n), so the route applies to all descendants of the node as well. - * - * The present version of the code makes no use of normal routes, - * but similar logic shows that a non-normal mask m such that - * index(m) <= index(n) could potentially apply to many children of n. - * Thus, for each non-host route, we attach its mask to a list at an internal - * node as high in the tree as we can go. - */ - -struct radij_node * -rj_search(v_arg, head) - void *v_arg; - struct radij_node *head; -{ - register struct radij_node *x; - register caddr_t v; - - for (x = head, v = v_arg; x->rj_b >= 0;) { - if (x->rj_bmask & v[x->rj_off]) - x = x->rj_r; - else - x = x->rj_l; - } - return (x); -}; - -struct radij_node * -rj_search_m(v_arg, head, m_arg) - struct radij_node *head; - void *v_arg, *m_arg; -{ - register struct radij_node *x; - register caddr_t v = v_arg, m = m_arg; - - for (x = head; x->rj_b >= 0;) { - if ((x->rj_bmask & m[x->rj_off]) && - (x->rj_bmask & v[x->rj_off])) - x = x->rj_r; - else - x = x->rj_l; - } - return x; -}; - -int -rj_refines(m_arg, n_arg) - void *m_arg, *n_arg; -{ - register caddr_t m = m_arg, n = n_arg; - register caddr_t lim, lim2 = lim = n + *(u_char *)n; - int longer = (*(u_char *)n++) - (int)(*(u_char *)m++); - int masks_are_equal = 1; - - if (longer > 0) - lim -= longer; - while (n < lim) { - if (*n & ~(*m)) - return 0; - if (*n++ != *m++) - masks_are_equal = 0; - - } - while (n < lim2) - if (*n++) - return 0; - if (masks_are_equal && (longer < 0)) - for (lim2 = m - longer; m < lim2; ) - if (*m++) - return 1; - return (!masks_are_equal); -} - - -struct radij_node * -rj_match(v_arg, head) - void *v_arg; - struct radij_node_head *head; -{ - caddr_t v = v_arg; - register struct radij_node *t = head->rnh_treetop, *x; - register caddr_t cp = v, cp2, cp3; - caddr_t cplim, mstart; - struct radij_node *saved_t, *top = t; - int off = t->rj_off, vlen = *(u_char *)cp, matched_off; - - /* - * Open code rj_search(v, top) to avoid overhead of extra - * subroutine call. - */ - for (; t->rj_b >= 0; ) { - if (t->rj_bmask & cp[t->rj_off]) - t = t->rj_r; - else - t = t->rj_l; - } - /* - * See if we match exactly as a host destination - */ - KLIPS_PRINT(debug_radij, - "klips_debug:rj_match: " - "* See if we match exactly as a host destination\n"); - - cp += off; cp2 = t->rj_key + off; cplim = v + vlen; - for (; cp < cplim; cp++, cp2++) - if (*cp != *cp2) - goto on1; - /* - * This extra grot is in case we are explicitly asked - * to look up the default. Ugh! - */ - if ((t->rj_flags & RJF_ROOT) && t->rj_dupedkey) - t = t->rj_dupedkey; - return t; -on1: - matched_off = cp - v; - saved_t = t; - KLIPS_PRINT(debug_radij, - "klips_debug:rj_match: " - "** try to match a leaf, t=0p%p\n", t); - do { - if (t->rj_mask) { - /* - * Even if we don't match exactly as a hosts; - * we may match if the leaf we wound up at is - * a route to a net. - */ - cp3 = matched_off + t->rj_mask; - cp2 = matched_off + t->rj_key; - for (; cp < cplim; cp++) - if ((*cp2++ ^ *cp) & *cp3++) - break; - if (cp == cplim) - return t; - cp = matched_off + v; - } - } while ((t = t->rj_dupedkey)); - t = saved_t; - /* start searching up the tree */ - KLIPS_PRINT(debug_radij, - "klips_debug:rj_match: " - "*** start searching up the tree, t=0p%p\n", - t); - do { - register struct radij_mask *m; - - t = t->rj_p; - KLIPS_PRINT(debug_radij, - "klips_debug:rj_match: " - "**** t=0p%p\n", - t); - if ((m = t->rj_mklist)) { - /* - * After doing measurements here, it may - * turn out to be faster to open code - * rj_search_m here instead of always - * copying and masking. - */ - /* off = min(t->rj_off, matched_off); */ - off = t->rj_off; - if (matched_off < off) - off = matched_off; - mstart = maskedKey + off; - do { - cp2 = mstart; - cp3 = m->rm_mask + off; - KLIPS_PRINT(debug_radij, - "klips_debug:rj_match: " - "***** cp2=0p%p cp3=0p%p\n", - cp2, cp3); - for (cp = v + off; cp < cplim;) - *cp2++ = *cp++ & *cp3++; - x = rj_search(maskedKey, t); - while (x && x->rj_mask != m->rm_mask) - x = x->rj_dupedkey; - if (x && - (Bcmp(mstart, x->rj_key + off, - vlen - off) == 0)) - return x; - } while ((m = m->rm_mklist)); - } - } while (t != top); - KLIPS_PRINT(debug_radij, - "klips_debug:rj_match: " - "***** not found.\n"); - return 0; -}; - -#ifdef RJ_DEBUG -int rj_nodenum; -struct radij_node *rj_clist; -int rj_saveinfo; -DEBUG_NO_STATIC void traverse(struct radij_node *); -#ifdef RJ_DEBUG2 -int rj_debug = 1; -#else -int rj_debug = 0; -#endif /* RJ_DEBUG2 */ -#endif /* RJ_DEBUG */ - -struct radij_node * -rj_newpair(v, b, nodes) - void *v; - int b; - struct radij_node nodes[2]; -{ - register struct radij_node *tt = nodes, *t = tt + 1; - t->rj_b = b; t->rj_bmask = 0x80 >> (b & 7); - t->rj_l = tt; t->rj_off = b >> 3; - tt->rj_b = -1; tt->rj_key = (caddr_t)v; tt->rj_p = t; - tt->rj_flags = t->rj_flags = RJF_ACTIVE; -#ifdef RJ_DEBUG - tt->rj_info = rj_nodenum++; t->rj_info = rj_nodenum++; - tt->rj_twin = t; tt->rj_ybro = rj_clist; rj_clist = tt; -#endif /* RJ_DEBUG */ - return t; -} - -struct radij_node * -rj_insert(v_arg, head, dupentry, nodes) - void *v_arg; - struct radij_node_head *head; - int *dupentry; - struct radij_node nodes[2]; -{ - caddr_t v = v_arg; - struct radij_node *top = head->rnh_treetop; - int head_off = top->rj_off, vlen = (int)*((u_char *)v); - register struct radij_node *t = rj_search(v_arg, top); - register caddr_t cp = v + head_off; - register int b; - struct radij_node *tt; - /* - *find first bit at which v and t->rj_key differ - */ - { - register caddr_t cp2 = t->rj_key + head_off; - register int cmp_res; - caddr_t cplim = v + vlen; - - while (cp < cplim) - if (*cp2++ != *cp++) - goto on1; - *dupentry = 1; - return t; -on1: - *dupentry = 0; - cmp_res = (cp[-1] ^ cp2[-1]) & 0xff; - for (b = (cp - v) << 3; cmp_res; b--) - cmp_res >>= 1; - } - { - register struct radij_node *p, *x = top; - cp = v; - do { - p = x; - if (cp[x->rj_off] & x->rj_bmask) - x = x->rj_r; - else x = x->rj_l; - } while (b > (unsigned) x->rj_b); /* x->rj_b < b && x->rj_b >= 0 */ -#ifdef RJ_DEBUG - if (rj_debug) - printk("klips_debug:rj_insert: Going In:\n"), traverse(p); -#endif /* RJ_DEBUG */ - t = rj_newpair(v_arg, b, nodes); tt = t->rj_l; - if ((cp[p->rj_off] & p->rj_bmask) == 0) - p->rj_l = t; - else - p->rj_r = t; - x->rj_p = t; t->rj_p = p; /* frees x, p as temp vars below */ - if ((cp[t->rj_off] & t->rj_bmask) == 0) { - t->rj_r = x; - } else { - t->rj_r = tt; t->rj_l = x; - } -#ifdef RJ_DEBUG - if (rj_debug) - printk("klips_debug:rj_insert: Coming out:\n"), traverse(p); -#endif /* RJ_DEBUG */ - } - return (tt); -} - -struct radij_node * -rj_addmask(n_arg, search, skip) - int search, skip; - void *n_arg; -{ - caddr_t netmask = (caddr_t)n_arg; - register struct radij_node *x; - register caddr_t cp, cplim; - register int b, mlen, j; - int maskduplicated; - - mlen = *(u_char *)netmask; - if (search) { - x = rj_search(netmask, rj_masktop); - mlen = *(u_char *)netmask; - if (Bcmp(netmask, x->rj_key, mlen) == 0) - return (x); - } - R_Malloc(x, struct radij_node *, maj_keylen + 2 * sizeof (*x)); - if (x == 0) - return (0); - Bzero(x, maj_keylen + 2 * sizeof (*x)); - cp = (caddr_t)(x + 2); - Bcopy(netmask, cp, mlen); - netmask = cp; - x = rj_insert(netmask, mask_rjhead, &maskduplicated, x); - /* - * Calculate index of mask. - */ - cplim = netmask + mlen; - for (cp = netmask + skip; cp < cplim; cp++) - if (*(u_char *)cp != 0xff) - break; - b = (cp - netmask) << 3; - if (cp != cplim) { - if (*cp != 0) { - gotOddMasks = 1; - for (j = 0x80; j; b++, j >>= 1) - if ((j & *cp) == 0) - break; - } - } - x->rj_b = -1 - b; - return (x); -} - -#if 0 -struct radij_node * -#endif -int -rj_addroute(v_arg, n_arg, head, treenodes) - void *v_arg, *n_arg; - struct radij_node_head *head; - struct radij_node treenodes[2]; -{ - caddr_t v = (caddr_t)v_arg, netmask = (caddr_t)n_arg; - register struct radij_node *t, *x=NULL, *tt; - struct radij_node *saved_tt, *top = head->rnh_treetop; - short b = 0, b_leaf; - int mlen, keyduplicated; - caddr_t cplim; - struct radij_mask *m, **mp; - - /* - * In dealing with non-contiguous masks, there may be - * many different routes which have the same mask. - * We will find it useful to have a unique pointer to - * the mask to speed avoiding duplicate references at - * nodes and possibly save time in calculating indices. - */ - if (netmask) { - x = rj_search(netmask, rj_masktop); - mlen = *(u_char *)netmask; - if (Bcmp(netmask, x->rj_key, mlen) != 0) { - x = rj_addmask(netmask, 0, top->rj_off); - if (x == 0) - return -ENOMEM; /* (0) rgb */ - } - netmask = x->rj_key; - b = -1 - x->rj_b; - } - /* - * Deal with duplicated keys: attach node to previous instance - */ - saved_tt = tt = rj_insert(v, head, &keyduplicated, treenodes); - if (keyduplicated) { - do { - if (tt->rj_mask == netmask) - return -EEXIST; /* -ENXIO; (0) rgb */ - t = tt; - if (netmask == 0 || - (tt->rj_mask && rj_refines(netmask, tt->rj_mask))) - break; - } while ((tt = tt->rj_dupedkey)); - /* - * If the mask is not duplicated, we wouldn't - * find it among possible duplicate key entries - * anyway, so the above test doesn't hurt. - * - * We sort the masks for a duplicated key the same way as - * in a masklist -- most specific to least specific. - * This may require the unfortunate nuisance of relocating - * the head of the list. - */ - if (tt && t == saved_tt) { - struct radij_node *xx = x; - /* link in at head of list */ - (tt = treenodes)->rj_dupedkey = t; - tt->rj_flags = t->rj_flags; - tt->rj_p = x = t->rj_p; - if (x->rj_l == t) x->rj_l = tt; else x->rj_r = tt; - saved_tt = tt; x = xx; - } else { - (tt = treenodes)->rj_dupedkey = t->rj_dupedkey; - t->rj_dupedkey = tt; - } -#ifdef RJ_DEBUG - t=tt+1; tt->rj_info = rj_nodenum++; t->rj_info = rj_nodenum++; - tt->rj_twin = t; tt->rj_ybro = rj_clist; rj_clist = tt; -#endif /* RJ_DEBUG */ - t = saved_tt; - tt->rj_key = (caddr_t) v; - tt->rj_b = -1; - tt->rj_flags = t->rj_flags & ~RJF_ROOT; - } - /* - * Put mask in tree. - */ - if (netmask) { - tt->rj_mask = netmask; - tt->rj_b = x->rj_b; - } - t = saved_tt->rj_p; - b_leaf = -1 - t->rj_b; - if (t->rj_r == saved_tt) x = t->rj_l; else x = t->rj_r; - /* Promote general routes from below */ - if (x->rj_b < 0) { - if (x->rj_mask && (x->rj_b >= b_leaf) && x->rj_mklist == 0) { - MKGet(m); - if (m) { - Bzero(m, sizeof *m); - m->rm_b = x->rj_b; - m->rm_mask = x->rj_mask; - x->rj_mklist = t->rj_mklist = m; - } - } - } else if (x->rj_mklist) { - /* - * Skip over masks whose index is > that of new node - */ - for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) - if (m->rm_b >= b_leaf) - break; - t->rj_mklist = m; *mp = 0; - } - /* Add new route to highest possible ancestor's list */ - if ((netmask == 0) || (b > t->rj_b )) - return 0; /* tt rgb */ /* can't lift at all */ - b_leaf = tt->rj_b; - do { - x = t; - t = t->rj_p; - } while (b <= t->rj_b && x != top); - /* - * Search through routes associated with node to - * insert new route according to index. - * For nodes of equal index, place more specific - * masks first. - */ - cplim = netmask + mlen; - for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) { - if (m->rm_b < b_leaf) - continue; - if (m->rm_b > b_leaf) - break; - if (m->rm_mask == netmask) { - m->rm_refs++; - tt->rj_mklist = m; - return 0; /* tt rgb */ - } - if (rj_refines(netmask, m->rm_mask)) - break; - } - MKGet(m); - if (m == 0) { - printk("klips_debug:rj_addroute: " - "Mask for route not entered\n"); - return 0; /* (tt) rgb */ - } - Bzero(m, sizeof *m); - m->rm_b = b_leaf; - m->rm_mask = netmask; - m->rm_mklist = *mp; - *mp = m; - tt->rj_mklist = m; - return 0; /* tt rgb */ -} - -int -rj_delete(v_arg, netmask_arg, head, node) - void *v_arg, *netmask_arg; - struct radij_node_head *head; - struct radij_node **node; -{ - register struct radij_node *t, *p, *x, *tt; - struct radij_mask *m, *saved_m, **mp; - struct radij_node *dupedkey, *saved_tt, *top; - caddr_t v, netmask; - int b, head_off, vlen; - - v = v_arg; - netmask = netmask_arg; - x = head->rnh_treetop; - tt = rj_search(v, x); - head_off = x->rj_off; - vlen = *(u_char *)v; - saved_tt = tt; - top = x; - if (tt == 0 || - Bcmp(v + head_off, tt->rj_key + head_off, vlen - head_off)) - return -EFAULT; /* (0) rgb */ - /* - * Delete our route from mask lists. - */ - if ((dupedkey = tt->rj_dupedkey)) { - if (netmask) - netmask = rj_search(netmask, rj_masktop)->rj_key; - while (tt->rj_mask != netmask) - if ((tt = tt->rj_dupedkey) == 0) - return -ENOENT; /* -ENXIO; (0) rgb */ - } - if (tt->rj_mask == 0 || (saved_m = m = tt->rj_mklist) == 0) - goto on1; - if (m->rm_mask != tt->rj_mask) { - printk("klips_debug:rj_delete: " - "inconsistent annotation\n"); - goto on1; - } - if (--m->rm_refs >= 0) - goto on1; - b = -1 - tt->rj_b; - t = saved_tt->rj_p; - if (b > t->rj_b) - goto on1; /* Wasn't lifted at all */ - do { - x = t; - t = t->rj_p; - } while (b <= t->rj_b && x != top); - for (mp = &x->rj_mklist; (m = *mp); mp = &m->rm_mklist) - if (m == saved_m) { - *mp = m->rm_mklist; - MKFree(m); - break; - } - if (m == 0) - printk("klips_debug:rj_delete: " - "couldn't find our annotation\n"); -on1: - /* - * Eliminate us from tree - */ - if (tt->rj_flags & RJF_ROOT) - return -EFAULT; /* (0) rgb */ -#ifdef RJ_DEBUG - /* Get us out of the creation list */ - for (t = rj_clist; t && t->rj_ybro != tt; t = t->rj_ybro) {} - if (t) t->rj_ybro = tt->rj_ybro; -#endif /* RJ_DEBUG */ - t = tt->rj_p; - if (dupedkey) { - if (tt == saved_tt) { - x = dupedkey; x->rj_p = t; - if (t->rj_l == tt) t->rj_l = x; else t->rj_r = x; - } else { - for (x = p = saved_tt; p && p->rj_dupedkey != tt;) - p = p->rj_dupedkey; - if (p) p->rj_dupedkey = tt->rj_dupedkey; - else printk("klips_debug:rj_delete: " - "couldn't find us\n"); - } - t = tt + 1; - if (t->rj_flags & RJF_ACTIVE) { -#ifndef RJ_DEBUG - *++x = *t; p = t->rj_p; -#else - b = t->rj_info; *++x = *t; t->rj_info = b; p = t->rj_p; -#endif /* RJ_DEBUG */ - if (p->rj_l == t) p->rj_l = x; else p->rj_r = x; - x->rj_l->rj_p = x; x->rj_r->rj_p = x; - } - goto out; - } - if (t->rj_l == tt) x = t->rj_r; else x = t->rj_l; - p = t->rj_p; - if (p->rj_r == t) p->rj_r = x; else p->rj_l = x; - x->rj_p = p; - /* - * Demote routes attached to us. - */ - if (t->rj_mklist) { - if (x->rj_b >= 0) { - for (mp = &x->rj_mklist; (m = *mp);) - mp = &m->rm_mklist; - *mp = t->rj_mklist; - } else { - for (m = t->rj_mklist; m;) { - struct radij_mask *mm = m->rm_mklist; - if (m == x->rj_mklist && (--(m->rm_refs) < 0)) { - x->rj_mklist = 0; - MKFree(m); - } else - printk("klips_debug:rj_delete: " - "Orphaned Mask 0p%p at 0p%p\n", m, x); - m = mm; - } - } - } - /* - * We may be holding an active internal node in the tree. - */ - x = tt + 1; - if (t != x) { -#ifndef RJ_DEBUG - *t = *x; -#else - b = t->rj_info; *t = *x; t->rj_info = b; -#endif /* RJ_DEBUG */ - t->rj_l->rj_p = t; t->rj_r->rj_p = t; - p = x->rj_p; - if (p->rj_l == x) p->rj_l = t; else p->rj_r = t; - } -out: - tt->rj_flags &= ~RJF_ACTIVE; - tt[1].rj_flags &= ~RJF_ACTIVE; - *node = tt; - return 0; /* (tt) rgb */ -} - -int -rj_walktree(h, f, w) - struct radij_node_head *h; - register int (*f)(struct radij_node *,void *); - void *w; -{ - int error; - struct radij_node *base, *next; - register struct radij_node *rn; - - if(!h || !f /* || !w */) { - return -ENODATA; - } - - rn = h->rnh_treetop; - /* - * This gets complicated because we may delete the node - * while applying the function f to it, so we need to calculate - * the successor node in advance. - */ - /* First time through node, go left */ - while (rn->rj_b >= 0) - rn = rn->rj_l; - for (;;) { -#ifdef CONFIG_IPSEC_DEBUG - if(debug_radij) { - printk("klips_debug:rj_walktree: " - "for: rn=0p%p rj_b=%d rj_flags=%x", - rn, - rn->rj_b, - rn->rj_flags); - rn->rj_b >= 0 ? - printk(" node off=%x\n", - rn->rj_off) : - printk(" leaf key = %08x->%08x\n", - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)) - ; - } -#endif /* CONFIG_IPSEC_DEBUG */ - base = rn; - /* If at right child go back up, otherwise, go right */ - while (rn->rj_p->rj_r == rn && (rn->rj_flags & RJF_ROOT) == 0) - rn = rn->rj_p; - /* Find the next *leaf* since next node might vanish, too */ - for (rn = rn->rj_p->rj_r; rn->rj_b >= 0;) - rn = rn->rj_l; - next = rn; -#ifdef CONFIG_IPSEC_DEBUG - if(debug_radij) { - printk("klips_debug:rj_walktree: " - "processing leaves, rn=0p%p rj_b=%d rj_flags=%x", - rn, - rn->rj_b, - rn->rj_flags); - rn->rj_b >= 0 ? - printk(" node off=%x\n", - rn->rj_off) : - printk(" leaf key = %08x->%08x\n", - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)) - ; - } -#endif /* CONFIG_IPSEC_DEBUG */ - /* Process leaves */ - while ((rn = base)) { - base = rn->rj_dupedkey; -#ifdef CONFIG_IPSEC_DEBUG - if(debug_radij) { - printk("klips_debug:rj_walktree: " - "while: base=0p%p rn=0p%p rj_b=%d rj_flags=%x", - base, - rn, - rn->rj_b, - rn->rj_flags); - rn->rj_b >= 0 ? - printk(" node off=%x\n", - rn->rj_off) : - printk(" leaf key = %08x->%08x\n", - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)) - ; - } -#endif /* CONFIG_IPSEC_DEBUG */ - if (!(rn->rj_flags & RJF_ROOT) && (error = (*f)(rn, w))) - return (-error); - } - rn = next; - if (rn->rj_flags & RJF_ROOT) - return (0); - } - /* NOTREACHED */ -} - -int -rj_inithead(head, off) - void **head; - int off; -{ - register struct radij_node_head *rnh; - register struct radij_node *t, *tt, *ttt; - if (*head) - return (1); - R_Malloc(rnh, struct radij_node_head *, sizeof (*rnh)); - if (rnh == NULL) - return (0); - Bzero(rnh, sizeof (*rnh)); - *head = rnh; - t = rj_newpair(rj_zeroes, off, rnh->rnh_nodes); - ttt = rnh->rnh_nodes + 2; - t->rj_r = ttt; - t->rj_p = t; - tt = t->rj_l; - tt->rj_flags = t->rj_flags = RJF_ROOT | RJF_ACTIVE; - tt->rj_b = -1 - off; - *ttt = *tt; - ttt->rj_key = rj_ones; - rnh->rnh_addaddr = rj_addroute; - rnh->rnh_deladdr = rj_delete; - rnh->rnh_matchaddr = rj_match; - rnh->rnh_walktree = rj_walktree; - rnh->rnh_treetop = t; - return (1); -} - -void -rj_init() -{ - char *cp, *cplim; - - if (maj_keylen == 0) { - printk("klips_debug:rj_init: " - "radij functions require maj_keylen be set\n"); - return; - } - R_Malloc(rj_zeroes, char *, 3 * maj_keylen); - if (rj_zeroes == NULL) - panic("rj_init"); - Bzero(rj_zeroes, 3 * maj_keylen); - rj_ones = cp = rj_zeroes + maj_keylen; - maskedKey = cplim = rj_ones + maj_keylen; - while (cp < cplim) - *cp++ = -1; - if (rj_inithead((void **)&mask_rjhead, 0) == 0) - panic("rj_init 2"); -} - -void -rj_preorder(struct radij_node *rn, int l) -{ - int i; - - if (rn == NULL){ - printk("klips_debug:rj_preorder: " - "NULL pointer\n"); - return; - } - - if (rn->rj_b >= 0){ - rj_preorder(rn->rj_l, l+1); - rj_preorder(rn->rj_r, l+1); - printk("klips_debug:"); - for (i=0; irj_off); - } else { - printk("klips_debug:"); - for (i=0; irj_flags); - if (rn->rj_flags & RJF_ACTIVE) { - printk(" @key=0p%p", - rn->rj_key); - printk(" key = %08x->%08x", - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_src.s_addr), - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_key)->sen_ip_dst.s_addr)); - printk(" @mask=0p%p", - rn->rj_mask); - if (rn->rj_mask) - printk(" mask = %08x->%08x", - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_mask)->sen_ip_src.s_addr), - (u_int)ntohl(((struct sockaddr_encap *)rn->rj_mask)->sen_ip_dst.s_addr)); - if (rn->rj_dupedkey) - printk(" dupedkey = 0p%p", - rn->rj_dupedkey); - } - printk("\n"); - } -} - -#ifdef RJ_DEBUG -DEBUG_NO_STATIC void traverse(struct radij_node *p) -{ - rj_preorder(p, 0); -} -#endif /* RJ_DEBUG */ - -void -rj_dumptrees(void) -{ - rj_preorder(rnh->rnh_treetop, 0); -} - -void -rj_free_mkfreelist(void) -{ - struct radij_mask *mknp, *mknp2; - - mknp = rj_mkfreelist; - while(mknp) - { - mknp2 = mknp; - mknp = mknp->rm_mklist; - kfree(mknp2); - } -} - -int -radijcleartree(void) -{ - return rj_walktree(rnh, ipsec_rj_walker_delete, NULL); -} - -int -radijcleanup(void) -{ - int error = 0; - - error = radijcleartree(); - - rj_free_mkfreelist(); - -/* rj_walktree(mask_rjhead, ipsec_rj_walker_delete, NULL); */ - if(mask_rjhead) { - kfree(mask_rjhead); - } - - if(rj_zeroes) { - kfree(rj_zeroes); - } - - if(rnh) { - kfree(rnh); - } - - return error; -} - diff --git a/linux/net/ipsec/sysctl_net_ipsec.c b/linux/net/ipsec/sysctl_net_ipsec.c deleted file mode 100644 index b494329f6..000000000 --- a/linux/net/ipsec/sysctl_net_ipsec.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - * sysctl interface to net IPSEC subsystem. - * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: sysctl_net_ipsec.c,v 1.1 2004/03/15 20:35:27 as Exp $ - */ - -/* -*- linux-c -*- - * - * Initiated April 3, 1998, Richard Guy Briggs - */ - -#include -#include - -#include "freeswan/ipsec_param.h" - -#ifdef CONFIG_SYSCTL - -#define NET_IPSEC 2112 /* Random number */ -#ifdef CONFIG_IPSEC_DEBUG -extern int debug_ah; -extern int debug_esp; -extern int debug_tunnel; -extern int debug_eroute; -extern int debug_spi; -extern int debug_radij; -extern int debug_netlink; -extern int debug_xform; -extern int debug_rcv; -extern int debug_pfkey; -extern int sysctl_ipsec_debug_verbose; -#ifdef CONFIG_IPSEC_IPCOMP -extern int sysctl_ipsec_debug_ipcomp; -#endif /* CONFIG_IPSEC_IPCOMP */ -#endif /* CONFIG_IPSEC_DEBUG */ - -extern int sysctl_ipsec_icmp; -extern int sysctl_ipsec_inbound_policy_check; -extern int sysctl_ipsec_tos; -int sysctl_ipsec_regress_pfkey_lossage; - -enum { -#ifdef CONFIG_IPSEC_DEBUG - NET_IPSEC_DEBUG_AH=1, - NET_IPSEC_DEBUG_ESP=2, - NET_IPSEC_DEBUG_TUNNEL=3, - NET_IPSEC_DEBUG_EROUTE=4, - NET_IPSEC_DEBUG_SPI=5, - NET_IPSEC_DEBUG_RADIJ=6, - NET_IPSEC_DEBUG_NETLINK=7, - NET_IPSEC_DEBUG_XFORM=8, - NET_IPSEC_DEBUG_RCV=9, - NET_IPSEC_DEBUG_PFKEY=10, - NET_IPSEC_DEBUG_VERBOSE=11, - NET_IPSEC_DEBUG_IPCOMP=12, -#endif /* CONFIG_IPSEC_DEBUG */ - NET_IPSEC_ICMP=13, - NET_IPSEC_INBOUND_POLICY_CHECK=14, - NET_IPSEC_TOS=15, - NET_IPSEC_REGRESS_PFKEY_LOSSAGE=16, -}; - -static ctl_table ipsec_table[] = { -#ifdef CONFIG_IPSEC_DEBUG - { NET_IPSEC_DEBUG_AH, "debug_ah", &debug_ah, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_ESP, "debug_esp", &debug_esp, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_TUNNEL, "debug_tunnel", &debug_tunnel, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_EROUTE, "debug_eroute", &debug_eroute, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_SPI, "debug_spi", &debug_spi, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_RADIJ, "debug_radij", &debug_radij, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_NETLINK, "debug_netlink", &debug_netlink, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_XFORM, "debug_xform", &debug_xform, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_RCV, "debug_rcv", &debug_rcv, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_PFKEY, "debug_pfkey", &debug_pfkey, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_DEBUG_VERBOSE, "debug_verbose",&sysctl_ipsec_debug_verbose, - sizeof(int), 0644, NULL, &proc_dointvec}, -#ifdef CONFIG_IPSEC_IPCOMP - { NET_IPSEC_DEBUG_IPCOMP, "debug_ipcomp", &sysctl_ipsec_debug_ipcomp, - sizeof(int), 0644, NULL, &proc_dointvec}, -#endif /* CONFIG_IPSEC_IPCOMP */ - -#ifdef CONFIG_IPSEC_REGRESS - { NET_IPSEC_REGRESS_PFKEY_LOSSAGE, "pfkey_lossage", - &sysctl_ipsec_regress_pfkey_lossage, - sizeof(int), 0644, NULL, &proc_dointvec}, -#endif /* CONFIG_IPSEC_REGRESS */ - -#endif /* CONFIG_IPSEC_DEBUG */ - { NET_IPSEC_ICMP, "icmp", &sysctl_ipsec_icmp, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_INBOUND_POLICY_CHECK, "inbound_policy_check", &sysctl_ipsec_inbound_policy_check, - sizeof(int), 0644, NULL, &proc_dointvec}, - { NET_IPSEC_TOS, "tos", &sysctl_ipsec_tos, - sizeof(int), 0644, NULL, &proc_dointvec}, - {0} -}; - -static ctl_table ipsec_net_table[] = { - { NET_IPSEC, "ipsec", NULL, 0, 0555, ipsec_table }, - { 0 } -}; - -static ctl_table ipsec_root_table[] = { - { CTL_NET, "net", NULL, 0, 0555, ipsec_net_table }, - { 0 } -}; - -static struct ctl_table_header *ipsec_table_header; - -int ipsec_sysctl_register(void) -{ - ipsec_table_header = register_sysctl_table(ipsec_root_table, 0); - if (!ipsec_table_header) { - return -ENOMEM; - } - return 0; -} - -void ipsec_sysctl_unregister(void) -{ - unregister_sysctl_table(ipsec_table_header); -} - -#endif /* CONFIG_SYSCTL */ - -/* - * $Log: sysctl_net_ipsec.c,v $ - * Revision 1.1 2004/03/15 20:35:27 as - * added files from freeswan-2.04-x509-1.5.3 - * - * Revision 1.15 2002/04/24 07:55:32 mcr - * #include patches and Makefiles for post-reorg compilation. - * - * Revision 1.14 2002/04/24 07:36:35 mcr - * Moved from ./klips/net/ipsec/sysctl_net_ipsec.c,v - * - * Revision 1.13 2002/01/12 02:58:32 mcr - * first regression test causes acquire messages to be lost - * 100% of the time. This is to help testing of pluto. - * - * Revision 1.12 2001/06/14 19:35:13 rgb - * Update copyright date. - * - * Revision 1.11 2001/02/26 19:58:13 rgb - * Drop sysctl_ipsec_{no_eroute_pass,opportunistic}, replaced by magic SAs. - * - * Revision 1.10 2000/09/16 01:50:15 rgb - * Protect sysctl_ipsec_debug_ipcomp with compiler defines too so that the - * linker won't blame rj_delete() for missing symbols. ;-> Damn statics... - * - * Revision 1.9 2000/09/15 23:17:51 rgb - * Moved stuff around to compile with debug off. - * - * Revision 1.8 2000/09/15 11:37:02 rgb - * Merge in heavily modified Svenning Soerensen's - * IPCOMP zlib deflate code. - * - * Revision 1.7 2000/09/15 07:37:15 rgb - * Munged silly log comment that was causing a warning. - * - * Revision 1.6 2000/09/15 04:58:23 rgb - * Added tos runtime switch. - * Removed 'sysctl_ipsec_' prefix from /proc/sys/net/ipsec/ filenames. - * - * Revision 1.5 2000/09/12 03:25:28 rgb - * Filled in and implemented sysctl. - * - * Revision 1.4 1999/04/11 00:29:03 henry - * GPL boilerplate - * - * Revision 1.3 1999/04/06 04:54:29 rgb - * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes - * patch shell fixes. - * - */ diff --git a/linux/net/ipsec/tagsfile.mak b/linux/net/ipsec/tagsfile.mak deleted file mode 100644 index b2a5126a2..000000000 --- a/linux/net/ipsec/tagsfile.mak +++ /dev/null @@ -1,6 +0,0 @@ -TAGS: - etags *.c ../../include/*.h ../../include/freeswan/*.h - ctags *.c ../../include/*.h ../../include/freeswan/*.h - - - diff --git a/linux/net/ipv4/af_inet.c.fs2_0.patch b/linux/net/ipv4/af_inet.c.fs2_0.patch deleted file mode 100644 index bc8a5083c..000000000 --- a/linux/net/ipv4/af_inet.c.fs2_0.patch +++ /dev/null @@ -1,21 +0,0 @@ -RCSID $Id: af_inet.c.fs2_0.patch,v 1.1 2004/03/15 20:35:27 as Exp $ ---- ./net/ipv4/af_inet.c.preipsec Wed Jun 3 18:17:50 1998 -+++ ./net/ipv4/af_inet.c Fri Sep 17 10:14:12 1999 -@@ -1146,6 +1146,17 @@ - ip_alias_init(); - #endif - -+#if defined(CONFIG_IPSEC) -+ { -+ extern /* void */ int ipsec_init(void); -+ /* -+ * Initialise AF_INET ESP and AH protocol support including -+ * e-routing and SA tables -+ */ -+ ipsec_init(); -+ } -+#endif /* CONFIG_IPSEC */ -+ - #ifdef CONFIG_INET_RARP - rarp_ioctl_hook = rarp_ioctl; - #endif diff --git a/linux/net/ipv4/af_inet.c.fs2_2.patch b/linux/net/ipv4/af_inet.c.fs2_2.patch deleted file mode 100644 index 00c85baf3..000000000 --- a/linux/net/ipv4/af_inet.c.fs2_2.patch +++ /dev/null @@ -1,21 +0,0 @@ -RCSID $Id: af_inet.c.fs2_2.patch,v 1.1 2004/03/15 20:35:27 as Exp $ ---- ./net/ipv4/af_inet.c.preipsec Mon Aug 9 15:05:13 1999 -+++ ./net/ipv4/af_inet.c Fri Sep 17 10:13:07 1999 -@@ -1140,6 +1140,17 @@ - ip_mr_init(); - #endif - -+#if defined(CONFIG_IPSEC) -+ { -+ extern /* void */ int ipsec_init(void); -+ /* -+ * Initialise AF_INET ESP and AH protocol support including -+ * e-routing and SA tables -+ */ -+ ipsec_init(); -+ } -+#endif /* CONFIG_IPSEC */ -+ - #ifdef CONFIG_INET_RARP - rarp_ioctl_hook = rarp_ioctl; - #endif diff --git a/linux/net/ipv4/af_inet.c.fs2_4.patch b/linux/net/ipv4/af_inet.c.fs2_4.patch deleted file mode 100644 index 70290e3c8..000000000 --- a/linux/net/ipv4/af_inet.c.fs2_4.patch +++ /dev/null @@ -1,21 +0,0 @@ -RCSID $Id: af_inet.c.fs2_4.patch,v 1.1 2004/03/15 20:35:27 as Exp $ ---- ./net/ipv4/af_inet.c.preipsec Wed Apr 26 15:13:17 2000 -+++ ./net/ipv4/af_inet.c Fri Jun 30 15:01:27 2000 -@@ -1019,6 +1019,17 @@ - ip_mr_init(); - #endif - -+#if defined(CONFIG_IPSEC) -+ { -+ extern /* void */ int ipsec_init(void); -+ /* -+ * Initialise AF_INET ESP and AH protocol support including -+ * e-routing and SA tables -+ */ -+ ipsec_init(); -+ } -+#endif /* CONFIG_IPSEC */ -+ - /* - * Create all the /proc entries. - */ diff --git a/linux/net/ipv4/udp.c.fs2_2.patch b/linux/net/ipv4/udp.c.fs2_2.patch deleted file mode 100644 index 767ddaa23..000000000 --- a/linux/net/ipv4/udp.c.fs2_2.patch +++ /dev/null @@ -1,108 +0,0 @@ ---- ./net/ipv4/udp.c Sun Mar 25 18:37:41 2001 -+++ ./net/ipv4/udp.c Mon Jun 10 19:53:18 2002 -@@ -965,6 +965,9 @@ - - static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) - { -+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -+ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); -+#endif - /* - * Charge it to the socket, dropping if the queue is full. - */ -@@ -982,6 +985,38 @@ - } - #endif - -+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -+ if (tp->esp_in_udp) { -+ /* -+ * Set skb->sk and xmit packet to ipsec_rcv. -+ * -+ * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP), -+ * restore skb->sk and fall back to sock_queue_rcv_skb -+ */ -+ struct inet_protocol *esp = NULL; -+ -+#ifdef CONFIG_IPSEC_MODULE -+ for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)]; -+ (esp) && (esp->protocol != IPPROTO_ESP); -+ esp = esp->next); -+#else -+ extern struct inet_protocol esp_protocol; -+ esp = &esp_protocol; -+#endif -+ -+ if (esp && esp->handler) { -+ struct sock *sav_sk = skb->sk; -+ skb->sk = sk; -+ if (esp->handler(skb, 0) == 0) { -+ skb->sk = sav_sk; -+ /* not sure we might count ESPinUDP as UDP... */ -+ udp_statistics.UdpInDatagrams++; -+ return 0; -+ } -+ skb->sk = sav_sk; -+ } -+ } -+#endif - if (sock_queue_rcv_skb(sk,skb)<0) { - udp_statistics.UdpInErrors++; - ip_statistics.IpInDiscards++; -@@ -1165,6 +1200,44 @@ - return(0); - } - -+#if 1 -+static int udp_setsockopt(struct sock *sk, int level, int optname, -+ char *optval, int optlen) -+{ -+ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); -+ int val; -+ int err = 0; -+ -+ if (level != SOL_UDP) -+ return ip_setsockopt(sk, level, optname, optval, optlen); -+ -+ if(optlenesp_in_udp = val; -+ break; -+#endif -+ default: -+ err = -ENOPROTOOPT; -+ break; -+ } -+ -+ release_sock(sk); -+ return err; -+} -+#endif -+ - struct proto udp_prot = { - (struct sock *)&udp_prot, /* sklist_next */ - (struct sock *)&udp_prot, /* sklist_prev */ -@@ -1179,7 +1252,11 @@ - NULL, /* init */ - NULL, /* destroy */ - NULL, /* shutdown */ -+#if 1 -+ udp_setsockopt, /* setsockopt */ -+#else - ip_setsockopt, /* setsockopt */ -+#endif - ip_getsockopt, /* getsockopt */ - udp_sendmsg, /* sendmsg */ - udp_recvmsg, /* recvmsg */ diff --git a/linux/net/ipv4/udp.c.fs2_4.patch b/linux/net/ipv4/udp.c.fs2_4.patch deleted file mode 100644 index 87b208bac..000000000 --- a/linux/net/ipv4/udp.c.fs2_4.patch +++ /dev/null @@ -1,107 +0,0 @@ ---- ./net/ipv4/udp.c 2002/02/26 14:54:22 1.2 -+++ ./net/ipv4/udp.c 2002/05/22 12:14:58 -@@ -777,6 +777,9 @@ - - static int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) - { -+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -+ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); -+#endif - /* - * Charge it to the socket, dropping if the queue is full. - */ -@@ -794,6 +797,38 @@ - } - #endif - -+#ifdef CONFIG_IPSEC_NAT_TRAVERSAL -+ if (tp->esp_in_udp) { -+ /* -+ * Set skb->sk and xmit packet to ipsec_rcv. -+ * -+ * If ret != 0, ipsec_rcv refused the packet (not ESPinUDP), -+ * restore skb->sk and fall back to sock_queue_rcv_skb -+ */ -+ struct inet_protocol *esp = NULL; -+ -+#ifdef CONFIG_IPSEC_MODULE -+ for (esp = (struct inet_protocol *)inet_protos[IPPROTO_ESP & (MAX_INET_PROTOS - 1)]; -+ (esp) && (esp->protocol != IPPROTO_ESP); -+ esp = esp->next); -+#else -+ extern struct inet_protocol esp_protocol; -+ esp = &esp_protocol; -+#endif -+ -+ if (esp && esp->handler) { -+ struct sock *sav_sk = skb->sk; -+ skb->sk = sk; -+ if (esp->handler(skb) == 0) { -+ skb->sk = sav_sk; -+ /* not sure we might count ESPinUDP as UDP... */ -+ UDP_INC_STATS_BH(UdpInDatagrams); -+ return 0; -+ } -+ skb->sk = sav_sk; -+ } -+ } -+#endif - if (sock_queue_rcv_skb(sk,skb)<0) { - UDP_INC_STATS_BH(UdpInErrors); - IP_INC_STATS_BH(IpInDiscards); -@@ -1010,13 +1045,55 @@ - return len; - } - -+#if 1 -+static int udp_setsockopt(struct sock *sk, int level, int optname, -+ char *optval, int optlen) -+{ -+ struct udp_opt *tp = &(sk->tp_pinfo.af_udp); -+ int val; -+ int err = 0; -+ -+ if (level != SOL_UDP) -+ return ip_setsockopt(sk, level, optname, optval, optlen); -+ -+ if(optlenesp_in_udp = val; -+ break; -+#endif -+ default: -+ err = -ENOPROTOOPT; -+ break; -+ } -+ -+ release_sock(sk); -+ return err; -+} -+#endif -+ - struct proto udp_prot = { - name: "UDP", - close: udp_close, - connect: udp_connect, - disconnect: udp_disconnect, - ioctl: udp_ioctl, -+#if 1 -+ setsockopt: udp_setsockopt, -+#else - setsockopt: ip_setsockopt, -+#endif - getsockopt: ip_getsockopt, - sendmsg: udp_sendmsg, - recvmsg: udp_recvmsg, diff --git a/ltmain.sh b/ltmain.sh new file mode 100644 index 000000000..8f7a6ac10 --- /dev/null +++ b/ltmain.sh @@ -0,0 +1,6971 @@ +# ltmain.sh - Provide generalized library-building support services. +# NOTE: Changing this file will not affect anything until you rerun configure. +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# Originally by Gordon Matzigkeit , 1996 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +basename="s,^.*/,,g" + +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath="$0" + +# define SED for historic ltconfig's generated by Libtool 1.3 +test -z "$SED" && SED=sed + +# The name of this program: +progname=`echo "$progpath" | $SED $basename` +modename="$progname" + +# Global variables: +EXIT_SUCCESS=0 +EXIT_FAILURE=1 + +PROGRAM=ltmain.sh +PACKAGE=libtool +VERSION=1.5.22 +TIMESTAMP=" (1.1220.2.365 2005/12/18 22:14:06)" + +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes. +if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi +# Same for EGREP, and just to be sure, do LTCC as well +if test "X$EGREP" = X ; then + EGREP=egrep +fi +if test "X$LTCC" = X ; then + LTCC=${CC-gcc} +fi + +# Check that we have a working $echo. +if test "X$1" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. + shift +elif test "X$1" = X--fallback-echo; then + # Avoid inline document here, it may be left over + : +elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then + # Yippee, $echo works! + : +else + # Restart under the correct shell, and then maybe $echo will work. + exec $SHELL "$progpath" --no-reexec ${1+"$@"} +fi + +if test "X$1" = X--fallback-echo; then + # used as fallback echo + shift + cat <&2 + $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 + exit $EXIT_FAILURE +fi + +# Global variables. +mode=$default_mode +nonopt= +prev= +prevopt= +run= +show="$echo" +show_help= +execute_dlfiles= +duplicate_deps=no +preserve_args= +lo2o="s/\\.lo\$/.${objext}/" +o2lo="s/\\.${objext}\$/.lo/" + +if test -z "$max_cmd_len"; then + i=0 + testring="ABCD" + new_result= + + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while (test "X"`$SHELL $0 --fallback-echo "X$testring" 2>/dev/null` \ + = "XX$testring") >/dev/null 2>&1 && + new_result=`expr "X$testring" : ".*" 2>&1` && + max_cmd_len="$new_result" && + test "$i" != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + testring="$testring$testring" + done + testring= + # Add a significant safety factor because C++ compilers can tack on massive + # amounts of additional arguments before passing them to the linker. + # It appears as though 1/2 is a usable value. + max_cmd_len=`expr $max_cmd_len \/ 2` +fi + +##################################### +# Shell function definitions: +# This seems to be the best place for them + +# func_mktempdir [string] +# Make a temporary directory that won't clash with other running +# libtool processes, and avoids race conditions if possible. If +# given, STRING is the basename for that directory. +func_mktempdir () +{ + my_template="${TMPDIR-/tmp}/${1-$progname}" + + if test "$run" = ":"; then + # Return a directory name, but don't create it in dry-run mode + my_tmpdir="${my_template}-$$" + else + + # If mktemp works, use that first and foremost + my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` + + if test ! -d "$my_tmpdir"; then + # Failing that, at least try and use $RANDOM to avoid a race + my_tmpdir="${my_template}-${RANDOM-0}$$" + + save_mktempdir_umask=`umask` + umask 0077 + $mkdir "$my_tmpdir" + umask $save_mktempdir_umask + fi + + # If we're not in dry-run mode, bomb out on failure + test -d "$my_tmpdir" || { + $echo "cannot create temporary directory \`$my_tmpdir'" 1>&2 + exit $EXIT_FAILURE + } + fi + + $echo "X$my_tmpdir" | $Xsed +} + + +# func_win32_libid arg +# return the library type of file 'arg' +# +# Need a lot of goo to handle *both* DLLs and import libs +# Has to be a shell function in order to 'eat' the argument +# that is supplied when $file_magic_command is called. +func_win32_libid () +{ + win32_libid_type="unknown" + win32_fileres=`file -L $1 2>/dev/null` + case $win32_fileres in + *ar\ archive\ import\ library*) # definitely import + win32_libid_type="x86 archive import" + ;; + *ar\ archive*) # could be an import, or static + if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | \ + $EGREP -e 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then + win32_nmres=`eval $NM -f posix -A $1 | \ + $SED -n -e '1,100{/ I /{s,.*,import,;p;q;};}'` + case $win32_nmres in + import*) win32_libid_type="x86 archive import";; + *) win32_libid_type="x86 archive static";; + esac + fi + ;; + *DLL*) + win32_libid_type="x86 DLL" + ;; + *executable*) # but shell scripts are "executable" too... + case $win32_fileres in + *MS\ Windows\ PE\ Intel*) + win32_libid_type="x86 DLL" + ;; + esac + ;; + esac + $echo $win32_libid_type +} + + +# func_infer_tag arg +# Infer tagged configuration to use if any are available and +# if one wasn't chosen via the "--tag" command line option. +# Only attempt this if the compiler in the base compile +# command doesn't match the default compiler. +# arg is usually of the form 'gcc ...' +func_infer_tag () +{ + if test -n "$available_tags" && test -z "$tagname"; then + CC_quoted= + for arg in $CC; do + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + arg="\"$arg\"" + ;; + esac + CC_quoted="$CC_quoted $arg" + done + case $@ in + # Blanks in the command may have been stripped by the calling shell, + # but not from the CC environment variable when configure was run. + " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) ;; + # Blanks at the start of $base_compile will cause this to fail + # if we don't check for them as well. + *) + for z in $available_tags; do + if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + # Evaluate the configuration. + eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + CC_quoted= + for arg in $CC; do + # Double-quote args containing other shell metacharacters. + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + arg="\"$arg\"" + ;; + esac + CC_quoted="$CC_quoted $arg" + done + # user sometimes does CC=-gcc so we need to match that to 'gcc' + trimedcc=`echo ${CC} | $SED -e "s/${host}-//g"` + # and sometimes libtool has CC=-gcc but user does CC=gcc + extendcc=${host}-${CC} + # and sometimes libtool has CC=-gcc but user has CC=-gcc + # (Gentoo-specific hack because we always export $CHOST) + mungedcc=${CHOST-${host}}-${trimedcc} + case "$@ " in + "cc "* | " cc "* | "${host}-cc "* | " ${host}-cc "*|\ + "gcc "* | " gcc "* | "${host}-gcc "* | " ${host}-gcc "*) + tagname=CC + break ;; + "$trimedcc "* | " $trimedcc "* | "`$echo $trimedcc` "* | " `$echo $trimedcc` "*|\ + "$extendcc "* | " $extendcc "* | "`$echo $extendcc` "* | " `$echo $extendcc` "*|\ + "$mungedcc "* | " $mungedcc "* | "`$echo $mungedcc` "* | " `$echo $mungedcc` "*|\ + " $CC "* | "$CC "* | " `$echo $CC` "* | "`$echo $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$echo $CC_quoted` "* | "`$echo $CC_quoted` "*) + # The compiler in the base compile command matches + # the one in the tagged configuration. + # Assume this is the tagged configuration we want. + tagname=$z + break + ;; + esac + fi + done + # If $tagname still isn't set, then no tagged configuration + # was found and let the user know that the "--tag" command + # line option must be used. + if test -z "$tagname"; then + $echo "$modename: unable to infer tagged configuration" + $echo "$modename: specify a tag with \`--tag'" 1>&2 + exit $EXIT_FAILURE +# else +# $echo "$modename: using $tagname tagged configuration" + fi + ;; + esac + fi +} + + +# func_extract_an_archive dir oldlib +func_extract_an_archive () +{ + f_ex_an_ar_dir="$1"; shift + f_ex_an_ar_oldlib="$1" + + $show "(cd $f_ex_an_ar_dir && $AR x $f_ex_an_ar_oldlib)" + $run eval "(cd \$f_ex_an_ar_dir && $AR x \$f_ex_an_ar_oldlib)" || exit $? + if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then + : + else + $echo "$modename: ERROR: object name conflicts: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" 1>&2 + exit $EXIT_FAILURE + fi +} + +# func_extract_archives gentop oldlib ... +func_extract_archives () +{ + my_gentop="$1"; shift + my_oldlibs=${1+"$@"} + my_oldobjs="" + my_xlib="" + my_xabs="" + my_xdir="" + my_status="" + + $show "${rm}r $my_gentop" + $run ${rm}r "$my_gentop" + $show "$mkdir $my_gentop" + $run $mkdir "$my_gentop" + my_status=$? + if test "$my_status" -ne 0 && test ! -d "$my_gentop"; then + exit $my_status + fi + + for my_xlib in $my_oldlibs; do + # Extract the objects. + case $my_xlib in + [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; + *) my_xabs=`pwd`"/$my_xlib" ;; + esac + my_xlib=`$echo "X$my_xlib" | $Xsed -e 's%^.*/%%'` + my_xdir="$my_gentop/$my_xlib" + + $show "${rm}r $my_xdir" + $run ${rm}r "$my_xdir" + $show "$mkdir $my_xdir" + $run $mkdir "$my_xdir" + exit_status=$? + if test "$exit_status" -ne 0 && test ! -d "$my_xdir"; then + exit $exit_status + fi + case $host in + *-darwin*) + $show "Extracting $my_xabs" + # Do not bother doing anything if just a dry run + if test -z "$run"; then + darwin_orig_dir=`pwd` + cd $my_xdir || exit $? + darwin_archive=$my_xabs + darwin_curdir=`pwd` + darwin_base_archive=`$echo "X$darwin_archive" | $Xsed -e 's%^.*/%%'` + darwin_arches=`lipo -info "$darwin_archive" 2>/dev/null | $EGREP Architectures 2>/dev/null` + if test -n "$darwin_arches"; then + darwin_arches=`echo "$darwin_arches" | $SED -e 's/.*are://'` + darwin_arch= + $show "$darwin_base_archive has multiple architectures $darwin_arches" + for darwin_arch in $darwin_arches ; do + mkdir -p "unfat-$$/${darwin_base_archive}-${darwin_arch}" + lipo -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" + cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" + func_extract_an_archive "`pwd`" "${darwin_base_archive}" + cd "$darwin_curdir" + $rm "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" + done # $darwin_arches + ## Okay now we have a bunch of thin objects, gotta fatten them up :) + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print| xargs basename | sort -u | $NL2SP` + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do + darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` + lipo -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + ${rm}r unfat-$$ + cd "$darwin_orig_dir" + else + cd "$darwin_orig_dir" + func_extract_an_archive "$my_xdir" "$my_xabs" + fi # $darwin_arches + fi # $run + ;; + *) + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` + done + func_extract_archives_result="$my_oldobjs" +} +# End of Shell function definitions +##################################### + +# Darwin sucks +eval std_shrext=\"$shrext_cmds\" + +disable_libs=no + +# Parse our command line options once, thoroughly. +while test "$#" -gt 0 +do + arg="$1" + shift + + case $arg in + -*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;; + *) optarg= ;; + esac + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + execute_dlfiles) + execute_dlfiles="$execute_dlfiles $arg" + ;; + tag) + tagname="$arg" + preserve_args="${preserve_args}=$arg" + + # Check whether tagname contains only valid characters + case $tagname in + *[!-_A-Za-z0-9,/]*) + $echo "$progname: invalid tag name: $tagname" 1>&2 + exit $EXIT_FAILURE + ;; + esac + + case $tagname in + CC) + # Don't test for the "default" C tag, as we know, it's there, but + # not specially marked. + ;; + *) + if grep "^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$progpath" > /dev/null; then + taglist="$taglist $tagname" + # Evaluate the configuration. + eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$tagname'$/,/^# ### END LIBTOOL TAG CONFIG: '$tagname'$/p' < $progpath`" + else + $echo "$progname: ignoring unknown tag $tagname" 1>&2 + fi + ;; + esac + ;; + *) + eval "$prev=\$arg" + ;; + esac + + prev= + prevopt= + continue + fi + + # Have we seen a non-optional argument yet? + case $arg in + --help) + show_help=yes + ;; + + --version) + $echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP" + $echo + $echo "Copyright (C) 2005 Free Software Foundation, Inc." + $echo "This is free software; see the source for copying conditions. There is NO" + $echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + exit $? + ;; + + --config) + ${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $progpath + # Now print the configurations for the tags. + for tagname in $taglist; do + ${SED} -n -e "/^# ### BEGIN LIBTOOL TAG CONFIG: $tagname$/,/^# ### END LIBTOOL TAG CONFIG: $tagname$/p" < "$progpath" + done + exit $? + ;; + + --debug) + $echo "$progname: enabling shell trace mode" + set -x + preserve_args="$preserve_args $arg" + ;; + + --dry-run | -n) + run=: + ;; + + --features) + $echo "host: $host" + if test "$build_libtool_libs" = yes; then + $echo "enable shared libraries" + else + $echo "disable shared libraries" + fi + if test "$build_old_libs" = yes; then + $echo "enable static libraries" + else + $echo "disable static libraries" + fi + exit $? + ;; + + --finish) mode="finish" ;; + + --mode) prevopt="--mode" prev=mode ;; + --mode=*) mode="$optarg" ;; + + --preserve-dup-deps) duplicate_deps="yes" ;; + + --quiet | --silent) + show=: + preserve_args="$preserve_args $arg" + ;; + + --tag) + prevopt="--tag" + prev=tag + preserve_args="$preserve_args --tag" + ;; + --tag=*) + set tag "$optarg" ${1+"$@"} + shift + prev=tag + preserve_args="$preserve_args --tag" + ;; + + -dlopen) + prevopt="-dlopen" + prev=execute_dlfiles + ;; + + -*) + $echo "$modename: unrecognized option \`$arg'" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + ;; + + *) + nonopt="$arg" + break + ;; + esac +done + +if test -n "$prevopt"; then + $echo "$modename: option \`$prevopt' requires an argument" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE +fi + +case $disable_libs in +no) + ;; +shared) + build_libtool_libs=no + build_old_libs=yes + ;; +static) + build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` + ;; +esac + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + +if test -z "$show_help"; then + + # Infer the operation mode. + if test -z "$mode"; then + $echo "*** Warning: inferring the mode of operation is deprecated." 1>&2 + $echo "*** Future versions of Libtool will require --mode=MODE be specified." 1>&2 + case $nonopt in + *cc | cc* | *++ | gcc* | *-gcc* | g++* | xlc*) + mode=link + for arg + do + case $arg in + -c) + mode=compile + break + ;; + esac + done + ;; + *db | *dbx | *strace | *truss) + mode=execute + ;; + *install*|cp|mv) + mode=install + ;; + *rm) + mode=uninstall + ;; + *) + # If we have no mode, but dlfiles were specified, then do execute mode. + test -n "$execute_dlfiles" && mode=execute + + # Just use the default operation mode. + if test -z "$mode"; then + if test -n "$nonopt"; then + $echo "$modename: warning: cannot infer operation mode from \`$nonopt'" 1>&2 + else + $echo "$modename: warning: cannot infer operation mode without MODE-ARGS" 1>&2 + fi + fi + ;; + esac + fi + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$execute_dlfiles" && test "$mode" != execute; then + $echo "$modename: unrecognized option \`-dlopen'" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help="$help" + help="Try \`$modename --help --mode=$mode' for more information." + + # These modes are in order of execution frequency so that they run quickly. + case $mode in + # libtool compile mode + compile) + modename="$modename: compile" + # Get the compilation command and the source file. + base_compile= + srcfile="$nonopt" # always keep a non-empty value in "srcfile" + suppress_opt=yes + suppress_output= + arg_mode=normal + libobj= + later= + + for arg + do + case $arg_mode in + arg ) + # do not "continue". Instead, add this to base_compile + lastarg="$arg" + arg_mode=normal + ;; + + target ) + libobj="$arg" + arg_mode=normal + continue + ;; + + normal ) + # Accept any command-line options. + case $arg in + -o) + if test -n "$libobj" ; then + $echo "$modename: you cannot specify \`-o' more than once" 1>&2 + exit $EXIT_FAILURE + fi + arg_mode=target + continue + ;; + + -static | -prefer-pic | -prefer-non-pic) + later="$later $arg" + continue + ;; + + -no-suppress) + suppress_opt=no + continue + ;; + + -Xcompiler) + arg_mode=arg # the next one goes into the "base_compile" arg list + continue # The current "srcfile" will either be retained or + ;; # replaced later. I would guess that would be a bug. + + -Wc,*) + args=`$echo "X$arg" | $Xsed -e "s/^-Wc,//"` + lastarg= + save_ifs="$IFS"; IFS=',' + for arg in $args; do + IFS="$save_ifs" + + # Double-quote args containing other shell metacharacters. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + arg="\"$arg\"" + ;; + esac + lastarg="$lastarg $arg" + done + IFS="$save_ifs" + lastarg=`$echo "X$lastarg" | $Xsed -e "s/^ //"` + + # Add the arguments to base_compile. + base_compile="$base_compile $lastarg" + continue + ;; + + * ) + # Accept the current argument as the source file. + # The previous "srcfile" becomes the current argument. + # + lastarg="$srcfile" + srcfile="$arg" + ;; + esac # case $arg + ;; + esac # case $arg_mode + + # Aesthetically quote the previous argument. + lastarg=`$echo "X$lastarg" | $Xsed -e "$sed_quote_subst"` + + case $lastarg in + # Double-quote args containing other shell metacharacters. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, and some SunOS ksh mistreat backslash-escaping + # in scan sets (worked around with variable expansion), + # and furthermore cannot handle '|' '&' '(' ')' in scan sets + # at all, so we specify them separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + lastarg="\"$lastarg\"" + ;; + esac + + base_compile="$base_compile $lastarg" + done # for arg + + case $arg_mode in + arg) + $echo "$modename: you must specify an argument for -Xcompile" + exit $EXIT_FAILURE + ;; + target) + $echo "$modename: you must specify a target with \`-o'" 1>&2 + exit $EXIT_FAILURE + ;; + *) + # Get the name of the library object. + [ -z "$libobj" ] && libobj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%'` + ;; + esac + + # Recognize several different file suffixes. + # If the user specifies -o file.o, it is replaced with file.lo + xform='[cCFSifmso]' + case $libobj in + *.ada) xform=ada ;; + *.adb) xform=adb ;; + *.ads) xform=ads ;; + *.asm) xform=asm ;; + *.c++) xform=c++ ;; + *.cc) xform=cc ;; + *.ii) xform=ii ;; + *.class) xform=class ;; + *.cpp) xform=cpp ;; + *.cxx) xform=cxx ;; + *.f90) xform=f90 ;; + *.for) xform=for ;; + *.java) xform=java ;; + esac + + libobj=`$echo "X$libobj" | $Xsed -e "s/\.$xform$/.lo/"` + + case $libobj in + *.lo) obj=`$echo "X$libobj" | $Xsed -e "$lo2o"` ;; + *) + $echo "$modename: cannot determine name of library object from \`$libobj'" 1>&2 + exit $EXIT_FAILURE + ;; + esac + + func_infer_tag $base_compile + + for arg in $later; do + case $arg in + -static) + build_old_libs=yes + continue + ;; + + -prefer-pic) + pic_mode=yes + continue + ;; + + -prefer-non-pic) + pic_mode=no + continue + ;; + esac + done + + qlibobj=`$echo "X$libobj" | $Xsed -e "$sed_quote_subst"` + case $qlibobj in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + qlibobj="\"$qlibobj\"" ;; + esac + test "X$libobj" != "X$qlibobj" \ + && $echo "X$libobj" | grep '[]~#^*{};<>?"'"'"' &()|`$[]' \ + && $echo "$modename: libobj name \`$libobj' may not contain shell special characters." + objname=`$echo "X$obj" | $Xsed -e 's%^.*/%%'` + xdir=`$echo "X$obj" | $Xsed -e 's%/[^/]*$%%'` + if test "X$xdir" = "X$obj"; then + xdir= + else + xdir=$xdir/ + fi + lobj=${xdir}$objdir/$objname + + if test -z "$base_compile"; then + $echo "$modename: you must specify a compilation command" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Delete any leftover library objects. + if test "$build_old_libs" = yes; then + removelist="$obj $lobj $libobj ${libobj}T" + else + removelist="$lobj $libobj ${libobj}T" + fi + + $run $rm $removelist + trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15 + + # On Cygwin there's no "real" PIC flag so we must build both object types + case $host_os in + cygwin* | mingw* | pw32* | os2*) + pic_mode=default + ;; + esac + if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then + # non-PIC code in shared libraries is not supported + pic_mode=default + fi + + # Calculate the filename of the output object if compiler does + # not support -o with -c + if test "$compiler_c_o" = no; then + output_obj=`$echo "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext} + lockfile="$output_obj.lock" + removelist="$removelist $output_obj $lockfile" + trap "$run $rm $removelist; exit $EXIT_FAILURE" 1 2 15 + else + output_obj= + need_locks=no + lockfile= + fi + + # Lock this critical section if it is needed + # We use this script file to make the link, it avoids creating a new file + if test "$need_locks" = yes; then + until $run ln "$srcfile" "$lockfile" 2>/dev/null; do + $show "Waiting for $lockfile to be removed" + sleep 2 + done + elif test "$need_locks" = warn; then + if test -f "$lockfile"; then + $echo "\ +*** ERROR, $lockfile exists and contains: +`cat $lockfile 2>/dev/null` + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $run $rm $removelist + exit $EXIT_FAILURE + fi + $echo "$srcfile" > "$lockfile" + fi + + if test -n "$fix_srcfile_path"; then + eval srcfile=\"$fix_srcfile_path\" + fi + qsrcfile=`$echo "X$srcfile" | $Xsed -e "$sed_quote_subst"` + case $qsrcfile in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + qsrcfile="\"$qsrcfile\"" ;; + esac + + $run $rm "$libobj" "${libobj}T" + + # Create a libtool object file (analogous to a ".la" file), + # but don't create it if we're doing a dry run. + test -z "$run" && cat > ${libobj}T </dev/null`" != "X$srcfile"; then + $echo "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $run $rm $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed, then go on to compile the next one + if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then + $show "$mv $output_obj $lobj" + if $run $mv $output_obj $lobj; then : + else + error=$? + $run $rm $removelist + exit $error + fi + fi + + # Append the name of the PIC object to the libtool object file. + test -z "$run" && cat >> ${libobj}T <> ${libobj}T </dev/null`" != "X$srcfile"; then + $echo "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $run $rm $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed + if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then + $show "$mv $output_obj $obj" + if $run $mv $output_obj $obj; then : + else + error=$? + $run $rm $removelist + exit $error + fi + fi + + # Append the name of the non-PIC object the libtool object file. + # Only append if the libtool object file exists. + test -z "$run" && cat >> ${libobj}T <> ${libobj}T <&2 + fi + if test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + else + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=built + fi + build_libtool_libs=no + build_old_libs=yes + break + ;; + esac + done + + # See if our shared archives depend on static archives. + test -n "$old_archive_from_new_cmds" && build_old_libs=yes + + # Go through the arguments, transforming them on the way. + while test "$#" -gt 0; do + arg="$1" + shift + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + qarg=\"`$echo "X$arg" | $Xsed -e "$sed_quote_subst"`\" ### testsuite: skip nested quoting test + ;; + *) qarg=$arg ;; + esac + libtool_args="$libtool_args $qarg" + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + output) + compile_command="$compile_command @OUTPUT@" + finalize_command="$finalize_command @OUTPUT@" + ;; + esac + + case $prev in + dlfiles|dlprefiles) + if test "$preload" = no; then + # Add the symbol object into the linking commands. + compile_command="$compile_command @SYMFILE@" + finalize_command="$finalize_command @SYMFILE@" + preload=yes + fi + case $arg in + *.la | *.lo) ;; # We handle these cases below. + force) + if test "$dlself" = no; then + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + self) + if test "$prev" = dlprefiles; then + dlself=yes + elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then + dlself=yes + else + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + *) + if test "$prev" = dlfiles; then + dlfiles="$dlfiles $arg" + else + dlprefiles="$dlprefiles $arg" + fi + prev= + continue + ;; + esac + ;; + expsyms) + export_symbols="$arg" + if test ! -f "$arg"; then + $echo "$modename: symbol file \`$arg' does not exist" + exit $EXIT_FAILURE + fi + prev= + continue + ;; + expsyms_regex) + export_symbols_regex="$arg" + prev= + continue + ;; + inst_prefix) + inst_prefix_dir="$arg" + prev= + continue + ;; + precious_regex) + precious_files_regex="$arg" + prev= + continue + ;; + release) + release="-$arg" + prev= + continue + ;; + objectlist) + if test -f "$arg"; then + save_arg=$arg + moreargs= + for fil in `cat $save_arg` + do +# moreargs="$moreargs $fil" + arg=$fil + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then + pic_object= + non_pic_object= + + # Read the .lo file + # If there is no directory component, then add one. + case $arg in + */* | *\\*) . $arg ;; + *) . ./$arg ;; + esac + + if test -z "$pic_object" || \ + test -z "$non_pic_object" || + test "$pic_object" = none && \ + test "$non_pic_object" = none; then + $echo "$modename: cannot find name of object for \`$arg'" 1>&2 + exit $EXIT_FAILURE + fi + + # Extract subdirectory from the argument. + xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` + if test "X$xdir" = "X$arg"; then + xdir= + else + xdir="$xdir/" + fi + + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" + + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + dlfiles="$dlfiles $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + dlprefiles="$dlprefiles $pic_object" + prev= + fi + + # A PIC object. + libobjs="$libobjs $pic_object" + arg="$pic_object" + fi + + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" + + # A standard non-PIC object + non_pic_objects="$non_pic_objects $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + non_pic_objects="$non_pic_objects $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if test -z "$run"; then + $echo "$modename: \`$arg' is not a valid libtool object" 1>&2 + exit $EXIT_FAILURE + else + # Dry-run case. + + # Extract subdirectory from the argument. + xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` + if test "X$xdir" = "X$arg"; then + xdir= + else + xdir="$xdir/" + fi + + pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"` + non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"` + libobjs="$libobjs $pic_object" + non_pic_objects="$non_pic_objects $non_pic_object" + fi + fi + done + else + $echo "$modename: link input file \`$save_arg' does not exist" + exit $EXIT_FAILURE + fi + arg=$save_arg + prev= + continue + ;; + rpath | xrpath) + # We need an absolute path. + case $arg in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + $echo "$modename: only absolute run-paths are allowed" 1>&2 + exit $EXIT_FAILURE + ;; + esac + if test "$prev" = rpath; then + case "$rpath " in + *" $arg "*) ;; + *) rpath="$rpath $arg" ;; + esac + else + case "$xrpath " in + *" $arg "*) ;; + *) xrpath="$xrpath $arg" ;; + esac + fi + prev= + continue + ;; + xcompiler) + compiler_flags="$compiler_flags $qarg" + prev= + compile_command="$compile_command $qarg" + finalize_command="$finalize_command $qarg" + continue + ;; + xlinker) + linker_flags="$linker_flags $qarg" + compiler_flags="$compiler_flags $wl$qarg" + prev= + compile_command="$compile_command $wl$qarg" + finalize_command="$finalize_command $wl$qarg" + continue + ;; + xcclinker) + linker_flags="$linker_flags $qarg" + compiler_flags="$compiler_flags $qarg" + prev= + compile_command="$compile_command $qarg" + finalize_command="$finalize_command $qarg" + continue + ;; + shrext) + shrext_cmds="$arg" + prev= + continue + ;; + darwin_framework|darwin_framework_skip) + test "$prev" = "darwin_framework" && compiler_flags="$compiler_flags $arg" + compile_command="$compile_command $arg" + finalize_command="$finalize_command $arg" + prev= + continue + ;; + *) + eval "$prev=\"\$arg\"" + prev= + continue + ;; + esac + fi # test -n "$prev" + + prevarg="$arg" + + case $arg in + -all-static) + if test -n "$link_static_flag"; then + compile_command="$compile_command $link_static_flag" + finalize_command="$finalize_command $link_static_flag" + fi + continue + ;; + + -allow-undefined) + # FIXME: remove this flag sometime in the future. + $echo "$modename: \`-allow-undefined' is deprecated because it is the default" 1>&2 + continue + ;; + + -avoid-version) + avoid_version=yes + continue + ;; + + -dlopen) + prev=dlfiles + continue + ;; + + -dlpreopen) + prev=dlprefiles + continue + ;; + + -export-dynamic) + export_dynamic=yes + continue + ;; + + -export-symbols | -export-symbols-regex) + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + $echo "$modename: more than one -exported-symbols argument is not allowed" + exit $EXIT_FAILURE + fi + if test "X$arg" = "X-export-symbols"; then + prev=expsyms + else + prev=expsyms_regex + fi + continue + ;; + + -framework|-arch|-isysroot) + case " $CC " in + *" ${arg} ${1} "* | *" ${arg} ${1} "*) + prev=darwin_framework_skip ;; + *) compiler_flags="$compiler_flags $arg" + prev=darwin_framework ;; + esac + compile_command="$compile_command $arg" + finalize_command="$finalize_command $arg" + continue + ;; + + -inst-prefix-dir) + prev=inst_prefix + continue + ;; + + # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* + # so, if we see these flags be careful not to treat them like -L + -L[A-Z][A-Z]*:*) + case $with_gcc/$host in + no/*-*-irix* | /*-*-irix*) + compile_command="$compile_command $arg" + finalize_command="$finalize_command $arg" + ;; + esac + continue + ;; + + -L*) + dir=`$echo "X$arg" | $Xsed -e 's/^-L//'` + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + $echo "$modename: cannot determine absolute directory name of \`$dir'" 1>&2 + absdir="$dir" + notinst_path="$notinst_path $dir" + fi + dir="$absdir" + ;; + esac + case "$deplibs " in + *" -L$dir "*) ;; + *) + deplibs="$deplibs -L$dir" + lib_search_path="$lib_search_path $dir" + ;; + esac + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*) + testbindir=`$echo "X$dir" | $Xsed -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$dir:"*) ;; + *) dllsearchpath="$dllsearchpath:$dir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + *) dllsearchpath="$dllsearchpath:$testbindir";; + esac + ;; + esac + continue + ;; + + -l*) + if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos*) + # These systems don't actually have a C or math library (as such) + continue + ;; + *-*-os2*) + # These systems don't actually have a C library (as such) + test "X$arg" = "X-lc" && continue + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + test "X$arg" = "X-lc" && continue + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C and math libraries are in the System framework + deplibs="$deplibs -framework System" + continue + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + test "X$arg" = "X-lc" && continue + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + test "X$arg" = "X-lc" && continue + ;; + esac + elif test "X$arg" = "X-lc_r"; then + case $host in + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc_r directly, use -pthread flag. + continue + ;; + esac + fi + deplibs="$deplibs $arg" + continue + ;; + + # Tru64 UNIX uses -model [arg] to determine the layout of C++ + # classes, name mangling, and exception handling. + -model) + compile_command="$compile_command $arg" + compiler_flags="$compiler_flags $arg" + finalize_command="$finalize_command $arg" + prev=xcompiler + continue + ;; + + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe) + compiler_flags="$compiler_flags $arg" + compile_command="$compile_command $arg" + finalize_command="$finalize_command $arg" + continue + ;; + + -module) + module=yes + continue + ;; + + # -64, -mips[0-9] enable 64-bit mode on the SGI compiler + # -r[0-9][0-9]* specifies the processor on the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler + # +DA*, +DD* enable 64-bit mode on the HP compiler + # -q* pass through compiler args for the IBM compiler + # -m* pass through architecture-specific compiler args for GCC + # -m*, -t[45]*, -txscale* pass through architecture-specific + # compiler args for GCC + # -pg pass through profiling flag for GCC + # @file GCC response files + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*|-pg| \ + -t[45]*|-txscale*|@*) + + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + arg="\"$arg\"" + ;; + esac + compile_command="$compile_command $arg" + finalize_command="$finalize_command $arg" + compiler_flags="$compiler_flags $arg" + continue + ;; + + -shrext) + prev=shrext + continue + ;; + + -no-fast-install) + fast_install=no + continue + ;; + + -no-install) + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*) + # The PATH hackery in wrapper scripts is required on Windows + # in order for the loader to find any dlls it needs. + $echo "$modename: warning: \`-no-install' is ignored for $host" 1>&2 + $echo "$modename: warning: assuming \`-no-fast-install' instead" 1>&2 + fast_install=no + ;; + *) no_install=yes ;; + esac + continue + ;; + + -no-undefined) + allow_undefined=no + continue + ;; + + -objectlist) + prev=objectlist + continue + ;; + + -o) prev=output ;; + + -precious-files-regex) + prev=precious_regex + continue + ;; + + -release) + prev=release + continue + ;; + + -rpath) + prev=rpath + continue + ;; + + -R) + prev=xrpath + continue + ;; + + -R*) + dir=`$echo "X$arg" | $Xsed -e 's/^-R//'` + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + $echo "$modename: only absolute run-paths are allowed" 1>&2 + exit $EXIT_FAILURE + ;; + esac + case "$xrpath " in + *" $dir "*) ;; + *) xrpath="$xrpath $dir" ;; + esac + continue + ;; + + -static) + # The effects of -static are defined in a previous loop. + # We used to do the same as -all-static on platforms that + # didn't have a PIC flag, but the assumption that the effects + # would be equivalent was wrong. It would break on at least + # Digital Unix and AIX. + continue + ;; + + -thread-safe) + thread_safe=yes + continue + ;; + + -version-info) + prev=vinfo + continue + ;; + -version-number) + prev=vinfo + vinfo_number=yes + continue + ;; + + -Wc,*) + args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wc,//'` + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + case $flag in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + flag="\"$flag\"" + ;; + esac + arg="$arg $wl$flag" + compiler_flags="$compiler_flags $flag" + done + IFS="$save_ifs" + arg=`$echo "X$arg" | $Xsed -e "s/^ //"` + ;; + + -Wl,*) + args=`$echo "X$arg" | $Xsed -e "$sed_quote_subst" -e 's/^-Wl,//'` + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + case $flag in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + flag="\"$flag\"" + ;; + esac + arg="$arg $wl$flag" + compiler_flags="$compiler_flags $wl$flag" + linker_flags="$linker_flags $flag" + done + IFS="$save_ifs" + arg=`$echo "X$arg" | $Xsed -e "s/^ //"` + ;; + + -Xcompiler) + prev=xcompiler + continue + ;; + + -Xlinker) + prev=xlinker + continue + ;; + + -XCClinker) + prev=xcclinker + continue + ;; + + # Some other compiler flag. + -* | +*) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + arg="\"$arg\"" + ;; + esac + ;; + + *.$objext) + # A standard object. + objs="$objs $arg" + ;; + + *.lo) + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if (${SED} -e '2q' $arg | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then + pic_object= + non_pic_object= + + # Read the .lo file + # If there is no directory component, then add one. + case $arg in + */* | *\\*) . $arg ;; + *) . ./$arg ;; + esac + + if test -z "$pic_object" || \ + test -z "$non_pic_object" || + test "$pic_object" = none && \ + test "$non_pic_object" = none; then + $echo "$modename: cannot find name of object for \`$arg'" 1>&2 + exit $EXIT_FAILURE + fi + + # Extract subdirectory from the argument. + xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` + if test "X$xdir" = "X$arg"; then + xdir= + else + xdir="$xdir/" + fi + + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" + + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + dlfiles="$dlfiles $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + dlprefiles="$dlprefiles $pic_object" + prev= + fi + + # A PIC object. + libobjs="$libobjs $pic_object" + arg="$pic_object" + fi + + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" + + # A standard non-PIC object + non_pic_objects="$non_pic_objects $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + non_pic_objects="$non_pic_objects $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if test -z "$run"; then + $echo "$modename: \`$arg' is not a valid libtool object" 1>&2 + exit $EXIT_FAILURE + else + # Dry-run case. + + # Extract subdirectory from the argument. + xdir=`$echo "X$arg" | $Xsed -e 's%/[^/]*$%%'` + if test "X$xdir" = "X$arg"; then + xdir= + else + xdir="$xdir/" + fi + + pic_object=`$echo "X${xdir}${objdir}/${arg}" | $Xsed -e "$lo2o"` + non_pic_object=`$echo "X${xdir}${arg}" | $Xsed -e "$lo2o"` + libobjs="$libobjs $pic_object" + non_pic_objects="$non_pic_objects $non_pic_object" + fi + fi + ;; + + *.$libext) + # An archive. + deplibs="$deplibs $arg" + old_deplibs="$old_deplibs $arg" + continue + ;; + + *.la) + # A libtool-controlled library. + + if test "$prev" = dlfiles; then + # This library was specified with -dlopen. + dlfiles="$dlfiles $arg" + prev= + elif test "$prev" = dlprefiles; then + # The library was specified with -dlpreopen. + dlprefiles="$dlprefiles $arg" + prev= + else + deplibs="$deplibs $arg" + fi + continue + ;; + + # Some other compiler argument. + *) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + arg="\"$arg\"" + ;; + esac + ;; + esac # arg + + # Now actually substitute the argument into the commands. + if test -n "$arg"; then + compile_command="$compile_command $arg" + finalize_command="$finalize_command $arg" + fi + done # argument parsing loop + + if test -n "$prev"; then + $echo "$modename: the \`$prevarg' option requires an argument" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then + eval arg=\"$export_dynamic_flag_spec\" + compile_command="$compile_command $arg" + finalize_command="$finalize_command $arg" + fi + + oldlibs= + # calculate the name of the file, without its directory + outputname=`$echo "X$output" | $Xsed -e 's%^.*/%%'` + libobjs_save="$libobjs" + + if test -n "$shlibpath_var"; then + # get the directories listed in $shlibpath_var + eval shlib_search_path=\`\$echo \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\` + else + shlib_search_path= + fi + eval sys_lib_search_path=\"$sys_lib_search_path_spec\" + eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + + output_objdir=`$echo "X$output" | $Xsed -e 's%/[^/]*$%%'` + if test "X$output_objdir" = "X$output"; then + output_objdir="$objdir" + else + output_objdir="$output_objdir/$objdir" + fi + # Create the object directory. + if test ! -d "$output_objdir"; then + $show "$mkdir $output_objdir" + $run $mkdir $output_objdir + exit_status=$? + if test "$exit_status" -ne 0 && test ! -d "$output_objdir"; then + exit $exit_status + fi + fi + + # Determine the type of output + case $output in + "") + $echo "$modename: you must specify an output file" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + ;; + *.$libext) linkmode=oldlib ;; + *.lo | *.$objext) linkmode=obj ;; + *.la) linkmode=lib ;; + *) linkmode=prog ;; # Anything else should be a program. + esac + + case $host in + *cygwin* | *mingw* | *pw32*) + # don't eliminate duplications in $postdeps and $predeps + duplicate_compiler_generated_deps=yes + ;; + *) + duplicate_compiler_generated_deps=$duplicate_deps + ;; + esac + specialdeplibs= + + libs= + # Find all interdependent deplibs by searching for libraries + # that are linked more than once (e.g. -la -lb -la) + for deplib in $deplibs; do + if test "X$duplicate_deps" = "Xyes" ; then + case "$libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + libs="$libs $deplib" + done + + if test "$linkmode" = lib; then + libs="$predeps $libs $compiler_lib_search_path $postdeps" + + # Compute libraries that are listed more than once in $predeps + # $postdeps and mark them as special (i.e., whose duplicates are + # not to be eliminated). + pre_post_deps= + if test "X$duplicate_compiler_generated_deps" = "Xyes" ; then + for pre_post_dep in $predeps $postdeps; do + case "$pre_post_deps " in + *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;; + esac + pre_post_deps="$pre_post_deps $pre_post_dep" + done + fi + pre_post_deps= + fi + + deplibs= + newdependency_libs= + newlib_search_path= + need_relink=no # whether we're linking any uninstalled libtool libraries + notinst_deplibs= # not-installed libtool libraries + case $linkmode in + lib) + passes="conv link" + for file in $dlfiles $dlprefiles; do + case $file in + *.la) ;; + *) + $echo "$modename: libraries can \`-dlopen' only libtool libraries: $file" 1>&2 + exit $EXIT_FAILURE + ;; + esac + done + ;; + prog) + compile_deplibs= + finalize_deplibs= + alldeplibs=no + newdlfiles= + newdlprefiles= + passes="conv scan dlopen dlpreopen link" + ;; + *) passes="conv" + ;; + esac + for pass in $passes; do + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan"; then + libs="$deplibs" + deplibs= + fi + if test "$linkmode" = prog; then + case $pass in + dlopen) libs="$dlfiles" ;; + dlpreopen) libs="$dlprefiles" ;; + link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; + esac + fi + if test "$pass" = dlopen; then + # Collect dlpreopened libraries + save_deplibs="$deplibs" + deplibs= + fi + for deplib in $libs; do + lib= + found=no + case $deplib in + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe) + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + compiler_flags="$compiler_flags $deplib" + fi + continue + ;; + -l*) + if test "$linkmode" != lib && test "$linkmode" != prog; then + $echo "$modename: warning: \`-l' is ignored for archives/objects" 1>&2 + continue + fi + name=`$echo "X$deplib" | $Xsed -e 's/^-l//'` + for searchdir in $newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path; do + for search_ext in .la $std_shrext .so .a; do + # Search the libtool library + lib="$searchdir/lib${name}${search_ext}" + if test -f "$lib"; then + if test "$search_ext" = ".la"; then + found=yes + else + found=no + fi + break 2 + fi + done + done + if test "$found" != yes; then + # deplib doesn't seem to be a libtool library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + else # deplib is a libtool library + # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, + # We need to do some special things here, and not later. + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $deplib "*) + if (${SED} -e '2q' $lib | + grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then + library_names= + old_library= + case $lib in + */* | *\\*) . $lib ;; + *) . ./$lib ;; + esac + for l in $old_library $library_names; do + ll="$l" + done + if test "X$ll" = "X$old_library" ; then # only static version available + found=no + ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'` + test "X$ladir" = "X$lib" && ladir="." + lib=$ladir/$old_library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + fi + ;; + *) ;; + esac + fi + fi + ;; # -l + -L*) + case $linkmode in + lib) + deplibs="$deplib $deplibs" + test "$pass" = conv && continue + newdependency_libs="$deplib $newdependency_libs" + newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'` + ;; + prog) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + if test "$pass" = scan; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'` + ;; + *) + $echo "$modename: warning: \`-L' is ignored for archives/objects" 1>&2 + ;; + esac # linkmode + continue + ;; # -L + -R*) + if test "$pass" = link; then + dir=`$echo "X$deplib" | $Xsed -e 's/^-R//'` + # Make sure the xrpath contains only unique directories. + case "$xrpath " in + *" $dir "*) ;; + *) xrpath="$xrpath $dir" ;; + esac + fi + deplibs="$deplib $deplibs" + continue + ;; + *.la) lib="$deplib" ;; + *.$libext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + case $linkmode in + lib) + valid_a_lib=no + case $deplibs_check_method in + match_pattern*) + set dummy $deplibs_check_method + match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"` + if eval $echo \"$deplib\" 2>/dev/null \ + | $SED 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + valid_a_lib=yes + fi + ;; + pass_all) + valid_a_lib=yes + ;; + esac + if test "$valid_a_lib" != yes; then + $echo + $echo "*** Warning: Trying to link with static lib archive $deplib." + $echo "*** I have the capability to make that library automatically link in when" + $echo "*** you link to this library. But I can only do this if you have a" + $echo "*** shared version of the library, which you do not appear to have" + $echo "*** because the file extensions .$libext of this argument makes me believe" + $echo "*** that it is just a static archive that I should not used here." + else + $echo + $echo "*** Warning: Linking the shared library $output against the" + $echo "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + fi + continue + ;; + prog) + if test "$pass" != link; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + continue + ;; + esac # linkmode + ;; # *.$libext + *.lo | *.$objext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + elif test "$linkmode" = prog; then + if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then + # If there is no dlopen support or we're linking statically, + # we need to preload. + newdlprefiles="$newdlprefiles $deplib" + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + newdlfiles="$newdlfiles $deplib" + fi + fi + continue + ;; + %DEPLIBS%) + alldeplibs=yes + continue + ;; + esac # case $deplib + if test "$found" = yes || test -f "$lib"; then : + else + $echo "$modename: cannot find the library \`$lib' or unhandled argument \`$deplib'" 1>&2 + exit $EXIT_FAILURE + fi + + # Check to see that this really is a libtool archive. + if (${SED} -e '2q' $lib | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : + else + $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 + exit $EXIT_FAILURE + fi + + ladir=`$echo "X$lib" | $Xsed -e 's%/[^/]*$%%'` + test "X$ladir" = "X$lib" && ladir="." + + dlname= + dlopen= + dlpreopen= + libdir= + library_names= + old_library= + # If the library was installed with an old release of libtool, + # it will not redefine variables installed, or shouldnotlink + installed=yes + shouldnotlink=no + avoidtemprpath= + + + # Read the .la file + case $lib in + */* | *\\*) . $lib ;; + *) . ./$lib ;; + esac + + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan" || + { test "$linkmode" != prog && test "$linkmode" != lib; }; then + test -n "$dlopen" && dlfiles="$dlfiles $dlopen" + test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen" + fi + + if test "$pass" = conv; then + # Only check for convenience libraries + deplibs="$lib $deplibs" + if test -z "$libdir"; then + if test -z "$old_library"; then + $echo "$modename: cannot find name of link library for \`$lib'" 1>&2 + exit $EXIT_FAILURE + fi + # It is a libtool convenience library, so add in its objects. + convenience="$convenience $ladir/$objdir/$old_library" + old_convenience="$old_convenience $ladir/$objdir/$old_library" + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if test "X$duplicate_deps" = "Xyes" ; then + case "$tmp_libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + tmp_libs="$tmp_libs $deplib" + done + elif test "$linkmode" != prog && test "$linkmode" != lib; then + $echo "$modename: \`$lib' is not a convenience library" 1>&2 + exit $EXIT_FAILURE + fi + continue + fi # $pass = conv + + + # Get the name of the library we link against. + linklib= + for l in $old_library $library_names; do + linklib="$l" + done + if test -z "$linklib"; then + $echo "$modename: cannot find name of link library for \`$lib'" 1>&2 + exit $EXIT_FAILURE + fi + + # This library was specified with -dlopen. + if test "$pass" = dlopen; then + if test -z "$libdir"; then + $echo "$modename: cannot -dlopen a convenience library: \`$lib'" 1>&2 + exit $EXIT_FAILURE + fi + if test -z "$dlname" || + test "$dlopen_support" != yes || + test "$build_libtool_libs" = no; then + # If there is no dlname, no dlopen support or we're linking + # statically, we need to preload. We also need to preload any + # dependent libraries so libltdl's deplib preloader doesn't + # bomb out in the load deplibs phase. + dlprefiles="$dlprefiles $lib $dependency_libs" + else + newdlfiles="$newdlfiles $lib" + fi + continue + fi # $pass = dlopen + + # We need an absolute path. + case $ladir in + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; + *) + abs_ladir=`cd "$ladir" && pwd` + if test -z "$abs_ladir"; then + $echo "$modename: warning: cannot determine absolute directory name of \`$ladir'" 1>&2 + $echo "$modename: passing it literally to the linker, although it might fail" 1>&2 + abs_ladir="$ladir" + fi + ;; + esac + laname=`$echo "X$lib" | $Xsed -e 's%^.*/%%'` + + # Find the relevant object directory and library name. + if test "X$installed" = Xyes; then + if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then + $echo "$modename: warning: library \`$lib' was moved." 1>&2 + dir="$ladir" + absdir="$abs_ladir" + libdir="$abs_ladir" + else + dir="$libdir" + absdir="$libdir" + fi + test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes + else + if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then + dir="$ladir" + absdir="$abs_ladir" + # Remove this search path later + notinst_path="$notinst_path $abs_ladir" + else + dir="$ladir/$objdir" + absdir="$abs_ladir/$objdir" + # Remove this search path later + notinst_path="$notinst_path $abs_ladir" + fi + fi # $installed = yes + name=`$echo "X$laname" | $Xsed -e 's/\.la$//' -e 's/^lib//'` + + # This library was specified with -dlpreopen. + if test "$pass" = dlpreopen; then + if test -z "$libdir"; then + $echo "$modename: cannot -dlpreopen a convenience library: \`$lib'" 1>&2 + exit $EXIT_FAILURE + fi + # Prefer using a static library (so that no silly _DYNAMIC symbols + # are required to link). + if test -n "$old_library"; then + newdlprefiles="$newdlprefiles $dir/$old_library" + # Otherwise, use the dlname, so that lt_dlopen finds it. + elif test -n "$dlname"; then + newdlprefiles="$newdlprefiles $dir/$dlname" + else + newdlprefiles="$newdlprefiles $dir/$linklib" + fi + fi # $pass = dlpreopen + + if test -z "$libdir"; then + # Link the convenience library + if test "$linkmode" = lib; then + deplibs="$dir/$old_library $deplibs" + elif test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$dir/$old_library $compile_deplibs" + finalize_deplibs="$dir/$old_library $finalize_deplibs" + else + deplibs="$lib $deplibs" # used for prog,scan pass + fi + continue + fi + + + if test "$linkmode" = prog && test "$pass" != link; then + newlib_search_path="$newlib_search_path $ladir" + deplibs="$lib $deplibs" + + linkalldeplibs=no + if test "$link_all_deplibs" != no || test -z "$library_names" || + test "$build_libtool_libs" = no; then + linkalldeplibs=yes + fi + + tmp_libs= + for deplib in $dependency_libs; do + case $deplib in + -L*) newlib_search_path="$newlib_search_path "`$echo "X$deplib" | $Xsed -e 's/^-L//'`;; ### testsuite: skip nested quoting test + esac + # Need to link against all dependency_libs? + if test "$linkalldeplibs" = yes; then + deplibs="$deplib $deplibs" + else + # Need to hardcode shared library paths + # or/and link against static libraries + newdependency_libs="$deplib $newdependency_libs" + fi + if test "X$duplicate_deps" = "Xyes" ; then + case "$tmp_libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + tmp_libs="$tmp_libs $deplib" + done # for deplib + continue + fi # $linkmode = prog... + + if test "$linkmode,$pass" = "prog,link"; then + if test -n "$library_names" && + { test "$prefer_static_libs" = no || test -z "$old_library"; }; then + # We need to hardcode the library path + if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then + # Make sure the rpath contains only unique directories. + case "$temp_rpath " in + *" $dir "*) ;; + *" $absdir "*) ;; + *) temp_rpath="$temp_rpath $absdir" ;; + esac + fi + + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) compile_rpath="$compile_rpath $absdir" + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) finalize_rpath="$finalize_rpath $libdir" + esac + ;; + esac + fi # $linkmode,$pass = prog,link... + + if test "$alldeplibs" = yes && + { test "$deplibs_check_method" = pass_all || + { test "$build_libtool_libs" = yes && + test -n "$library_names"; }; }; then + # We only need to search for static libraries + continue + fi + fi + + link_static=no # Whether the deplib will be linked statically + use_static_libs=$prefer_static_libs + if test "$use_static_libs" = built && test "$installed" = yes ; then + use_static_libs=no + fi + if test -n "$library_names" && + { test "$use_static_libs" = no || test -z "$old_library"; }; then + if test "$installed" = no; then + notinst_deplibs="$notinst_deplibs $lib" + need_relink=yes + fi + # This is a shared library + + # Warn about portability, can't link against -module's on + # some systems (darwin) + if test "$shouldnotlink" = yes && test "$pass" = link ; then + $echo + if test "$linkmode" = prog; then + $echo "*** Warning: Linking the executable $output against the loadable module" + else + $echo "*** Warning: Linking the shared library $output against the loadable module" + fi + $echo "*** $linklib is not portable!" + fi + if test "$linkmode" = lib && + test "$hardcode_into_libs" = yes; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) compile_rpath="$compile_rpath $absdir" + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) finalize_rpath="$finalize_rpath $libdir" + esac + ;; + esac + fi + + if test -n "$old_archive_from_expsyms_cmds"; then + # figure out the soname + set dummy $library_names + realname="$2" + shift; shift + libname=`eval \\$echo \"$libname_spec\"` + # use dlname if we got it. it's perfectly good, no? + if test -n "$dlname"; then + soname="$dlname" + elif test -n "$soname_spec"; then + # bleh windows + case $host in + *cygwin* | mingw*) + major=`expr $current - $age` + versuffix="-$major" + ;; + esac + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + + # Make a new name for the extract_expsyms_cmds to use + soroot="$soname" + soname=`$echo $soroot | ${SED} -e 's/^.*\///'` + newlib="libimp-`$echo $soname | ${SED} 's/^lib//;s/\.dll$//'`.a" + + # If the library has no export list, then create one now + if test -f "$output_objdir/$soname-def"; then : + else + $show "extracting exported symbol list from \`$soname'" + save_ifs="$IFS"; IFS='~' + cmds=$extract_expsyms_cmds + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" || exit $? + done + IFS="$save_ifs" + fi + + # Create $newlib + if test -f "$output_objdir/$newlib"; then :; else + $show "generating import library for \`$soname'" + save_ifs="$IFS"; IFS='~' + cmds=$old_archive_from_expsyms_cmds + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" || exit $? + done + IFS="$save_ifs" + fi + # make sure the library variables are pointing to the new library + dir=$output_objdir + linklib=$newlib + fi # test -n "$old_archive_from_expsyms_cmds" + + if test "$linkmode" = prog || test "$mode" != relink; then + add_shlibpath= + add_dir= + add= + lib_linked=yes + case $hardcode_action in + immediate | unsupported) + if test "$hardcode_direct" = no; then + add="$dir/$linklib" + case $host in + *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; + *-*-sysv4*uw2*) add_dir="-L$dir" ;; + *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ + *-*-unixware7*) add_dir="-L$dir" ;; + *-*-darwin* ) + # if the lib is a module then we can not link against + # it, someone is ignoring the new warnings I added + if /usr/bin/file -L $add 2> /dev/null | + $EGREP ": [^:]* bundle" >/dev/null ; then + $echo "** Warning, lib $linklib is a module, not a shared library" + if test -z "$old_library" ; then + $echo + $echo "** And there doesn't seem to be a static archive available" + $echo "** The link will probably fail, sorry" + else + add="$dir/$old_library" + fi + fi + esac + elif test "$hardcode_minus_L" = no; then + case $host in + *-*-sunos*) add_shlibpath="$dir" ;; + esac + add_dir="-L$dir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = no; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + relink) + if test "$hardcode_direct" = yes; then + add="$dir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$dir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + add_dir="$add_dir -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + *) lib_linked=no ;; + esac + + if test "$lib_linked" != yes; then + $echo "$modename: configuration error: unsupported hardcode properties" + exit $EXIT_FAILURE + fi + + if test -n "$add_shlibpath"; then + case :$compile_shlibpath: in + *":$add_shlibpath:"*) ;; + *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;; + esac + fi + if test "$linkmode" = prog; then + test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" + test -n "$add" && compile_deplibs="$add $compile_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + if test "$hardcode_direct" != yes && \ + test "$hardcode_minus_L" != yes && \ + test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; + esac + fi + fi + fi + + if test "$linkmode" = prog || test "$mode" = relink; then + add_shlibpath= + add_dir= + add= + # Finalize command for both is simple: just hardcode it. + if test "$hardcode_direct" = yes; then + add="$libdir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$libdir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; + esac + add="-l$name" + elif test "$hardcode_automatic" = yes; then + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib" ; then + add="$inst_prefix_dir$libdir/$linklib" + else + add="$libdir/$linklib" + fi + else + # We cannot seem to hardcode it, guess we'll fake it. + add_dir="-L$libdir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + add_dir="$add_dir -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + fi + + if test "$linkmode" = prog; then + test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" + test -n "$add" && finalize_deplibs="$add $finalize_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + fi + fi + elif test "$linkmode" = prog; then + # Here we assume that one of hardcode_direct or hardcode_minus_L + # is not unsupported. This is valid on all known static and + # shared platforms. + if test "$hardcode_direct" != unsupported; then + test -n "$old_library" && linklib="$old_library" + compile_deplibs="$dir/$linklib $compile_deplibs" + finalize_deplibs="$dir/$linklib $finalize_deplibs" + else + compile_deplibs="-l$name -L$dir $compile_deplibs" + finalize_deplibs="-l$name -L$dir $finalize_deplibs" + fi + elif test "$build_libtool_libs" = yes; then + # Not a shared library + if test "$deplibs_check_method" != pass_all; then + # We're trying link a shared library against a static one + # but the system doesn't support it. + + # Just print a warning and add the library to dependency_libs so + # that the program can be linked against the static library. + $echo + $echo "*** Warning: This system can not link to static lib archive $lib." + $echo "*** I have the capability to make that library automatically link in when" + $echo "*** you link to this library. But I can only do this if you have a" + $echo "*** shared version of the library, which you do not appear to have." + if test "$module" = yes; then + $echo "*** But as you try to build a module library, libtool will still create " + $echo "*** a static module, that should work as long as the dlopening application" + $echo "*** is linked with the -dlopen flag to resolve symbols at runtime." + if test -z "$global_symbol_pipe"; then + $echo + $echo "*** However, this would only work if libtool was able to extract symbol" + $echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + $echo "*** not find such a program. So, this module is probably useless." + $echo "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + else + deplibs="$dir/$old_library $deplibs" + link_static=yes + fi + fi # link shared/static library? + + if test "$linkmode" = lib; then + if test -n "$dependency_libs" && + { test "$hardcode_into_libs" != yes || + test "$build_old_libs" = yes || + test "$link_static" = yes; }; then + # Extract -R from dependency_libs + temp_deplibs= + for libdir in $dependency_libs; do + case $libdir in + -R*) temp_xrpath=`$echo "X$libdir" | $Xsed -e 's/^-R//'` + case " $xrpath " in + *" $temp_xrpath "*) ;; + *) xrpath="$xrpath $temp_xrpath";; + esac;; + *) temp_deplibs="$temp_deplibs $libdir";; + esac + done + dependency_libs="$temp_deplibs" + fi + + newlib_search_path="$newlib_search_path $absdir" + # Link against this library + test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + # ... and its dependency_libs + tmp_libs= + for deplib in $dependency_libs; do + newdependency_libs="$deplib $newdependency_libs" + if test "X$duplicate_deps" = "Xyes" ; then + case "$tmp_libs " in + *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; + esac + fi + tmp_libs="$tmp_libs $deplib" + done + + if test "$link_all_deplibs" != no; then + # Add the search paths of all dependency libraries + for deplib in $dependency_libs; do + case $deplib in + -L*) path="$deplib" ;; + *.la) + dir=`$echo "X$deplib" | $Xsed -e 's%/[^/]*$%%'` + test "X$dir" = "X$deplib" && dir="." + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + $echo "$modename: warning: cannot determine absolute directory name of \`$dir'" 1>&2 + absdir="$dir" + fi + ;; + esac + if grep "^installed=no" $deplib > /dev/null; then + path="$absdir/$objdir" + else + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + if test -z "$libdir"; then + $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2 + exit $EXIT_FAILURE + fi + if test "$absdir" != "$libdir"; then + $echo "$modename: warning: \`$deplib' seems to be moved" 1>&2 + fi + path="$absdir" + fi + depdepl= + case $host in + *-*-darwin*) + # we do not want to link against static libs, + # but need to link against shared + eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names" ; then + for tmp in $deplibrary_names ; do + depdepl=$tmp + done + if test -f "$path/$depdepl" ; then + depdepl="$path/$depdepl" + fi + # do not add paths which are already there + case " $newlib_search_path " in + *" $path "*) ;; + *) newlib_search_path="$newlib_search_path $path";; + esac + fi + path="" + ;; + *) + path="-L$path" + ;; + esac + ;; + -l*) + case $host in + *-*-darwin*) + # Again, we only want to link against shared libraries + eval tmp_libs=`$echo "X$deplib" | $Xsed -e "s,^\-l,,"` + for tmp in $newlib_search_path ; do + if test -f "$tmp/lib$tmp_libs.dylib" ; then + eval depdepl="$tmp/lib$tmp_libs.dylib" + break + fi + done + path="" + ;; + *) continue ;; + esac + ;; + *) continue ;; + esac + case " $deplibs " in + *" $path "*) ;; + *) deplibs="$path $deplibs" ;; + esac + case " $deplibs " in + *" $depdepl "*) ;; + *) deplibs="$depdepl $deplibs" ;; + esac + done + fi # link_all_deplibs != no + fi # linkmode = lib + done # for deplib in $libs + dependency_libs="$newdependency_libs" + if test "$pass" = dlpreopen; then + # Link the dlpreopened libraries before other libraries + for deplib in $save_deplibs; do + deplibs="$deplib $deplibs" + done + fi + if test "$pass" != dlopen; then + if test "$pass" != conv; then + # Make sure lib_search_path contains only unique directories. + lib_search_path= + for dir in $newlib_search_path; do + case "$lib_search_path " in + *" $dir "*) ;; + *) lib_search_path="$lib_search_path $dir" ;; + esac + done + newlib_search_path= + fi + + if test "$linkmode,$pass" != "prog,link"; then + vars="deplibs" + else + vars="compile_deplibs finalize_deplibs" + fi + for var in $vars dependency_libs; do + # Add libraries to $var in reverse order + eval tmp_libs=\"\$$var\" + new_libs= + for deplib in $tmp_libs; do + # FIXME: Pedantically, this is the right thing to do, so + # that some nasty dependency loop isn't accidentally + # broken: + #new_libs="$deplib $new_libs" + # Pragmatically, this seems to cause very few problems in + # practice: + case $deplib in + -L*) new_libs="$deplib $new_libs" ;; + -R*) ;; + *) + # And here is the reason: when a library appears more + # than once as an explicit dependence of a library, or + # is implicitly linked in more than once by the + # compiler, it is considered special, and multiple + # occurrences thereof are not removed. Compare this + # with having the same library being listed as a + # dependency of multiple other libraries: in this case, + # we know (pedantically, we assume) the library does not + # need to be listed more than once, so we keep only the + # last copy. This is not always right, but it is rare + # enough that we require users that really mean to play + # such unportable linking tricks to link the library + # using -Wl,-lname, so that libtool does not consider it + # for duplicate removal. + case " $specialdeplibs " in + *" $deplib "*) new_libs="$deplib $new_libs" ;; + *) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$deplib $new_libs" ;; + esac + ;; + esac + ;; + esac + done + tmp_libs= + for deplib in $new_libs; do + case $deplib in + -L*) + case " $tmp_libs " in + *" $deplib "*) ;; + *) tmp_libs="$tmp_libs $deplib" ;; + esac + ;; + *) tmp_libs="$tmp_libs $deplib" ;; + esac + done + eval $var=\"$tmp_libs\" + done # for var + fi + # Last step: remove runtime libs from dependency_libs + # (they stay in deplibs) + tmp_libs= + for i in $dependency_libs ; do + case " $predeps $postdeps $compiler_lib_search_path " in + *" $i "*) + i="" + ;; + esac + if test -n "$i" ; then + tmp_libs="$tmp_libs $i" + fi + done + dependency_libs=$tmp_libs + done # for pass + if test "$linkmode" = prog; then + dlfiles="$newdlfiles" + dlprefiles="$newdlprefiles" + fi + + case $linkmode in + oldlib) + if test -n "$deplibs"; then + $echo "$modename: warning: \`-l' and \`-L' are ignored for archives" 1>&2 + fi + + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + $echo "$modename: warning: \`-dlopen' is ignored for archives" 1>&2 + fi + + if test -n "$rpath"; then + $echo "$modename: warning: \`-rpath' is ignored for archives" 1>&2 + fi + + if test -n "$xrpath"; then + $echo "$modename: warning: \`-R' is ignored for archives" 1>&2 + fi + + if test -n "$vinfo"; then + $echo "$modename: warning: \`-version-info/-version-number' is ignored for archives" 1>&2 + fi + + if test -n "$release"; then + $echo "$modename: warning: \`-release' is ignored for archives" 1>&2 + fi + + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + $echo "$modename: warning: \`-export-symbols' is ignored for archives" 1>&2 + fi + + # Now set the variables for building old libraries. + build_libtool_libs=no + oldlibs="$output" + objs="$objs$old_deplibs" + ;; + + lib) + # Make sure we only generate libraries of the form `libNAME.la'. + case $outputname in + lib*) + name=`$echo "X$outputname" | $Xsed -e 's/\.la$//' -e 's/^lib//'` + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + ;; + *) + if test "$module" = no; then + $echo "$modename: libtool library \`$output' must begin with \`lib'" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + if test "$need_lib_prefix" != no; then + # Add the "lib" prefix for modules if required + name=`$echo "X$outputname" | $Xsed -e 's/\.la$//'` + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + else + libname=`$echo "X$outputname" | $Xsed -e 's/\.la$//'` + fi + ;; + esac + + if test -n "$objs"; then + if test "$deplibs_check_method" != pass_all; then + $echo "$modename: cannot build libtool library \`$output' from non-libtool objects on this host:$objs" 2>&1 + exit $EXIT_FAILURE + else + $echo + $echo "*** Warning: Linking the shared library $output against the non-libtool" + $echo "*** objects $objs is not portable!" + libobjs="$libobjs $objs" + fi + fi + + if test "$dlself" != no; then + $echo "$modename: warning: \`-dlopen self' is ignored for libtool libraries" 1>&2 + fi + + set dummy $rpath + if test "$#" -gt 2; then + $echo "$modename: warning: ignoring multiple \`-rpath's for a libtool library" 1>&2 + fi + install_libdir="$2" + + oldlibs= + if test -z "$rpath"; then + if test "$build_libtool_libs" = yes; then + # Building a libtool convenience library. + # Some compilers have problems with a `.al' extension so + # convenience libraries should have the same extension an + # archive normally would. + oldlibs="$output_objdir/$libname.$libext $oldlibs" + build_libtool_libs=convenience + build_old_libs=yes + fi + + if test -n "$vinfo"; then + $echo "$modename: warning: \`-version-info/-version-number' is ignored for convenience libraries" 1>&2 + fi + + if test -n "$release"; then + $echo "$modename: warning: \`-release' is ignored for convenience libraries" 1>&2 + fi + else + + # Parse the version information argument. + save_ifs="$IFS"; IFS=':' + set dummy $vinfo 0 0 0 + IFS="$save_ifs" + + if test -n "$8"; then + $echo "$modename: too many parameters to \`-version-info'" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # convert absolute version numbers to libtool ages + # this retains compatibility with .la files and attempts + # to make the code below a bit more comprehensible + + case $vinfo_number in + yes) + number_major="$2" + number_minor="$3" + number_revision="$4" + # + # There are really only two kinds -- those that + # use the current revision as the major version + # and those that subtract age and use age as + # a minor version. But, then there is irix + # which has an extra 1 added just for fun + # + case $version_type in + darwin|linux|osf|windows) + current=`expr $number_major + $number_minor` + age="$number_minor" + revision="$number_revision" + ;; + freebsd-aout|freebsd-elf|sunos) + current="$number_major" + revision="$number_minor" + age="0" + ;; + irix|nonstopux) + current=`expr $number_major + $number_minor - 1` + age="$number_minor" + revision="$number_minor" + ;; + esac + ;; + no) + current="$2" + revision="$3" + age="$4" + ;; + esac + + # Check that each of the things are valid numbers. + case $current in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + $echo "$modename: CURRENT \`$current' must be a nonnegative integer" 1>&2 + $echo "$modename: \`$vinfo' is not valid version information" 1>&2 + exit $EXIT_FAILURE + ;; + esac + + case $revision in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + $echo "$modename: REVISION \`$revision' must be a nonnegative integer" 1>&2 + $echo "$modename: \`$vinfo' is not valid version information" 1>&2 + exit $EXIT_FAILURE + ;; + esac + + case $age in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + $echo "$modename: AGE \`$age' must be a nonnegative integer" 1>&2 + $echo "$modename: \`$vinfo' is not valid version information" 1>&2 + exit $EXIT_FAILURE + ;; + esac + + if test "$age" -gt "$current"; then + $echo "$modename: AGE \`$age' is greater than the current interface number \`$current'" 1>&2 + $echo "$modename: \`$vinfo' is not valid version information" 1>&2 + exit $EXIT_FAILURE + fi + + # Calculate the version variables. + major= + versuffix= + verstring= + case $version_type in + none) ;; + + darwin) + # Like Linux, but with the current version available in + # verstring for coding it into the library header + major=.`expr $current - $age` + versuffix="$major.$age.$revision" + # Darwin ld doesn't like 0 for these options... + minor_current=`expr $current + 1` + verstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" + ;; + + freebsd-aout) + major=".$current" + versuffix=".$current.$revision"; + ;; + + freebsd-elf) + major=".$current" + versuffix=".$current"; + ;; + + irix | nonstopux) + major=`expr $current - $age + 1` + + case $version_type in + nonstopux) verstring_prefix=nonstopux ;; + *) verstring_prefix=sgi ;; + esac + verstring="$verstring_prefix$major.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$revision + while test "$loop" -ne 0; do + iface=`expr $revision - $loop` + loop=`expr $loop - 1` + verstring="$verstring_prefix$major.$iface:$verstring" + done + + # Before this point, $major must not contain `.'. + major=.$major + versuffix="$major.$revision" + ;; + + linux) + major=.`expr $current - $age` + versuffix="$major.$age.$revision" + ;; + + osf) + major=.`expr $current - $age` + versuffix=".$current.$age.$revision" + verstring="$current.$age.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$age + while test "$loop" -ne 0; do + iface=`expr $current - $loop` + loop=`expr $loop - 1` + verstring="$verstring:${iface}.0" + done + + # Make executables depend on our current version. + verstring="$verstring:${current}.0" + ;; + + sunos) + major=".$current" + versuffix=".$current.$revision" + ;; + + windows) + # Use '-' rather than '.', since we only want one + # extension on DOS 8.3 filesystems. + major=`expr $current - $age` + versuffix="-$major" + ;; + + *) + $echo "$modename: unknown library version type \`$version_type'" 1>&2 + $echo "Fatal configuration error. See the $PACKAGE docs for more information." 1>&2 + exit $EXIT_FAILURE + ;; + esac + + # Clear the version info if we defaulted, and they specified a release. + if test -z "$vinfo" && test -n "$release"; then + major= + case $version_type in + darwin) + # we can't check for "0.0" in archive_cmds due to quoting + # problems, so we reset it completely + verstring= + ;; + *) + verstring="0.0" + ;; + esac + if test "$need_version" = no; then + versuffix= + else + versuffix=".0.0" + fi + fi + + # Remove version info from name if versioning should be avoided + if test "$avoid_version" = yes && test "$need_version" = no; then + major= + versuffix= + verstring="" + fi + + # Check to see if the archive will have undefined symbols. + if test "$allow_undefined" = yes; then + if test "$allow_undefined_flag" = unsupported; then + $echo "$modename: warning: undefined symbols not allowed in $host shared libraries" 1>&2 + build_libtool_libs=no + build_old_libs=yes + fi + else + # Don't allow undefined symbols. + allow_undefined_flag="$no_undefined_flag" + fi + fi + + if test "$mode" != relink; then + # Remove our outputs, but don't remove object files since they + # may have been created when compiling PIC objects. + removelist= + tempremovelist=`$echo "$output_objdir/*"` + for p in $tempremovelist; do + case $p in + *.$objext) + ;; + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) + if test "X$precious_files_regex" != "X"; then + if echo $p | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 + then + continue + fi + fi + removelist="$removelist $p" + ;; + *) ;; + esac + done + if test -n "$removelist"; then + $show "${rm}r $removelist" + $run ${rm}r $removelist + fi + fi + + # Now set the variables for building old libraries. + if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then + oldlibs="$oldlibs $output_objdir/$libname.$libext" + + # Transform .lo files to .o files. + oldobjs="$objs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP` + fi + + # Eliminate all temporary directories. + for path in $notinst_path; do + lib_search_path=`$echo "$lib_search_path " | ${SED} -e "s% $path % %g"` + deplibs=`$echo "$deplibs " | ${SED} -e "s% -L$path % %g"` + dependency_libs=`$echo "$dependency_libs " | ${SED} -e "s% -L$path % %g"` + done + + if test -n "$xrpath"; then + # If the user specified any rpath flags, then add them. + temp_xrpath= + for libdir in $xrpath; do + temp_xrpath="$temp_xrpath -R$libdir" + case "$finalize_rpath " in + *" $libdir "*) ;; + *) finalize_rpath="$finalize_rpath $libdir" ;; + esac + done + if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi + + # Make sure dlfiles contains only unique files that won't be dlpreopened + old_dlfiles="$dlfiles" + dlfiles= + for lib in $old_dlfiles; do + case " $dlprefiles $dlfiles " in + *" $lib "*) ;; + *) dlfiles="$dlfiles $lib" ;; + esac + done + + # Make sure dlprefiles contains only unique files + old_dlprefiles="$dlprefiles" + dlprefiles= + for lib in $old_dlprefiles; do + case "$dlprefiles " in + *" $lib "*) ;; + *) dlprefiles="$dlprefiles $lib" ;; + esac + done + + if test "$build_libtool_libs" = yes; then + if test -n "$rpath"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos*) + # these systems don't actually have a c library (as such)! + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C library is in the System framework + deplibs="$deplibs -framework System" + ;; + *-*-netbsd*) + # Don't link with libc until the a.out ld.so is fixed. + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + ;; + *) + # Add libc to deplibs on all other systems if necessary. + if test "$build_libtool_need_lc" = "yes"; then + deplibs="$deplibs -lc" + fi + ;; + esac + fi + + # Transform deplibs into only deplibs that can be linked in shared. + name_save=$name + libname_save=$libname + release_save=$release + versuffix_save=$versuffix + major_save=$major + # I'm not sure if I'm treating the release correctly. I think + # release should show up in the -l (ie -lgmp5) so we don't want to + # add it in twice. Is that correct? + release="" + versuffix="" + major="" + newdeplibs= + droppeddeps=no + case $deplibs_check_method in + pass_all) + # Don't check for shared/static. Everything works. + # This might be a little naive. We might want to check + # whether the library exists or not. But this is on + # osf3 & osf4 and I'm not really sure... Just + # implementing what was already the behavior. + newdeplibs=$deplibs + ;; + test_compile) + # This code stresses the "libraries are programs" paradigm to its + # limits. Maybe even breaks it. We compile a program, linking it + # against the deplibs as a proxy for the library. Then we can check + # whether they linked in statically or dynamically with ldd. + $rm conftest.c + cat > conftest.c </dev/null` + for potent_lib in $potential_libs; do + # Follow soft links. + if ls -lLd "$potent_lib" 2>/dev/null \ + | grep " -> " >/dev/null; then + continue + fi + # The statement above tries to avoid entering an + # endless loop below, in case of cyclic links. + # We might still enter an endless loop, since a link + # loop can be closed while we follow links, + # but so what? + potlib="$potent_lib" + while test -h "$potlib" 2>/dev/null; do + potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` + case $potliblink in + [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; + *) potlib=`$echo "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";; + esac + done + # It is ok to link against an archive when + # building a shared library. + if $AR -t $potlib > /dev/null 2>&1; then + newdeplibs="$newdeplibs $a_deplib" + a_deplib="" + break 2 + fi + if eval $file_magic_cmd \"\$potlib\" 2>/dev/null \ + | ${SED} 10q \ + | $EGREP "$file_magic_regex" > /dev/null; then + newdeplibs="$newdeplibs $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + $echo + $echo "*** Warning: linker path does not have real file for library $a_deplib." + $echo "*** I have the capability to make that library automatically link in when" + $echo "*** you link to this library. But I can only do this if you have a" + $echo "*** shared version of the library, which you do not appear to have" + $echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $echo "*** with $libname but no candidates were found. (...for file magic test)" + else + $echo "*** with $libname and none of the candidates passed a file format test" + $echo "*** using a file magic. Last file checked: $potlib" + fi + fi + else + # Add a -L argument. + newdeplibs="$newdeplibs $a_deplib" + fi + done # Gone through all deplibs. + ;; + match_pattern*) + set dummy $deplibs_check_method + match_pattern_regex=`expr "$deplibs_check_method" : "$2 \(.*\)"` + for a_deplib in $deplibs; do + name=`expr $a_deplib : '-l\(.*\)'` + # If $name is empty we are operating on a -L argument. + if test -n "$name" && test "$name" != "0"; then + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $a_deplib "*) + newdeplibs="$newdeplibs $a_deplib" + a_deplib="" + ;; + esac + fi + if test -n "$a_deplib" ; then + libname=`eval \\$echo \"$libname_spec\"` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + potential_libs=`ls $i/$libname[.-]* 2>/dev/null` + for potent_lib in $potential_libs; do + potlib="$potent_lib" # see symlink-check above in file_magic test + if eval $echo \"$potent_lib\" 2>/dev/null \ + | ${SED} 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + newdeplibs="$newdeplibs $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + $echo + $echo "*** Warning: linker path does not have real file for library $a_deplib." + $echo "*** I have the capability to make that library automatically link in when" + $echo "*** you link to this library. But I can only do this if you have a" + $echo "*** shared version of the library, which you do not appear to have" + $echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $echo "*** with $libname but no candidates were found. (...for regex pattern test)" + else + $echo "*** with $libname and none of the candidates passed a file format test" + $echo "*** using a regex pattern. Last file checked: $potlib" + fi + fi + else + # Add a -L argument. + newdeplibs="$newdeplibs $a_deplib" + fi + done # Gone through all deplibs. + ;; + none | unknown | *) + newdeplibs="" + tmp_deplibs=`$echo "X $deplibs" | $Xsed -e 's/ -lc$//' \ + -e 's/ -[LR][^ ]*//g'` + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + for i in $predeps $postdeps ; do + # can't use Xsed below, because $i might contain '/' + tmp_deplibs=`$echo "X $tmp_deplibs" | ${SED} -e "1s,^X,," -e "s,$i,,"` + done + fi + if $echo "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' \ + | grep . >/dev/null; then + $echo + if test "X$deplibs_check_method" = "Xnone"; then + $echo "*** Warning: inter-library dependencies are not supported in this platform." + else + $echo "*** Warning: inter-library dependencies are not known to be supported." + fi + $echo "*** All declared inter-library dependencies are being dropped." + droppeddeps=yes + fi + ;; + esac + versuffix=$versuffix_save + major=$major_save + release=$release_save + libname=$libname_save + name=$name_save + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + newdeplibs=`$echo "X $newdeplibs" | $Xsed -e 's/ -lc / -framework System /'` + ;; + esac + + if test "$droppeddeps" = yes; then + if test "$module" = yes; then + $echo + $echo "*** Warning: libtool could not satisfy all declared inter-library" + $echo "*** dependencies of module $libname. Therefore, libtool will create" + $echo "*** a static module, that should work as long as the dlopening" + $echo "*** application is linked with the -dlopen flag." + if test -z "$global_symbol_pipe"; then + $echo + $echo "*** However, this would only work if libtool was able to extract symbol" + $echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + $echo "*** not find such a program. So, this module is probably useless." + $echo "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + else + $echo "*** The inter-library dependencies that have been dropped here will be" + $echo "*** automatically added whenever a program is linked with this library" + $echo "*** or is declared to -dlopen it." + + if test "$allow_undefined" = no; then + $echo + $echo "*** Since this library must not contain undefined symbols," + $echo "*** because either the platform does not support them or" + $echo "*** it was explicitly requested with -no-undefined," + $echo "*** libtool will only create a static version of it." + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + fi + fi + # Done checking deplibs! + deplibs=$newdeplibs + fi + + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $deplibs " in + *" -L$path/$objdir "*) + new_libs="$new_libs -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$new_libs $deplib" ;; + esac + ;; + *) new_libs="$new_libs $deplib" ;; + esac + done + deplibs="$new_libs" + + + # All the library-specific variables (install_libdir is set above). + library_names= + old_library= + dlname= + + # Test again, we may have decided not to build it any more + if test "$build_libtool_libs" = yes; then + if test "$hardcode_into_libs" = yes; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= + rpath="$finalize_rpath" + test "$mode" != relink && rpath="$compile_rpath$rpath" + for libdir in $rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + dep_rpath="$dep_rpath $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) perm_rpath="$perm_rpath $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + if test -n "$hardcode_libdir_flag_spec_ld"; then + eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" + else + eval dep_rpath=\"$hardcode_libdir_flag_spec\" + fi + fi + if test -n "$runpath_var" && test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + rpath="$rpath$dir:" + done + eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" + fi + test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" + fi + + shlibpath="$finalize_shlibpath" + test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath" + if test -n "$shlibpath"; then + eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" + fi + + # Get the real and link names of the library. + eval shared_ext=\"$shrext_cmds\" + eval library_names=\"$library_names_spec\" + set dummy $library_names + realname="$2" + shift; shift + + if test -n "$soname_spec"; then + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + if test -z "$dlname"; then + dlname=$soname + fi + + lib="$output_objdir/$realname" + linknames= + for link + do + linknames="$linknames $link" + done + + # Use standard objects if they are pic + test -z "$pic_flag" && libobjs=`$echo "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then + $show "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $run $rm $export_symbols + cmds=$export_symbols_cmds + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + if len=`expr "X$cmd" : ".*"` && + test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then + $show "$cmd" + $run eval "$cmd" || exit $? + skipped_export=false + else + # The command line is too long to execute in one step. + $show "using reloadable object file for export list..." + skipped_export=: + # Break out early, otherwise skipped_export may be + # set to false by a later but shorter cmd. + break + fi + done + IFS="$save_ifs" + if test -n "$export_symbols_regex"; then + $show "$EGREP -e \"$export_symbols_regex\" \"$export_symbols\" > \"${export_symbols}T\"" + $run eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + $show "$mv \"${export_symbols}T\" \"$export_symbols\"" + $run eval '$mv "${export_symbols}T" "$export_symbols"' + fi + fi + fi + + if test -n "$export_symbols" && test -n "$include_expsyms"; then + $run eval '$echo "X$include_expsyms" | $SP2NL >> "$export_symbols"' + fi + + tmp_deplibs= + for test_deplib in $deplibs; do + case " $convenience " in + *" $test_deplib "*) ;; + *) + tmp_deplibs="$tmp_deplibs $test_deplib" + ;; + esac + done + deplibs="$tmp_deplibs" + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + else + gentop="$output_objdir/${outputname}x" + generated="$generated $gentop" + + func_extract_archives $gentop $convenience + libobjs="$libobjs $func_extract_archives_result" + fi + fi + + if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then + eval flag=\"$thread_safe_flag_spec\" + linker_flags="$linker_flags $flag" + fi + + # Make a backup of the uninstalled library when relinking + if test "$mode" = relink; then + $run eval '(cd $output_objdir && $rm ${realname}U && $mv $realname ${realname}U)' || exit $? + fi + + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + eval test_cmds=\"$module_expsym_cmds\" + cmds=$module_expsym_cmds + else + eval test_cmds=\"$module_cmds\" + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + eval test_cmds=\"$archive_expsym_cmds\" + cmds=$archive_expsym_cmds + else + eval test_cmds=\"$archive_cmds\" + cmds=$archive_cmds + fi + fi + + if test "X$skipped_export" != "X:" && + len=`expr "X$test_cmds" : ".*" 2>/dev/null` && + test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then + : + else + # The command line is too long to link in one step, link piecewise. + $echo "creating reloadable object files..." + + # Save the value of $output and $libobjs because we want to + # use them later. If we have whole_archive_flag_spec, we + # want to use save_libobjs as it was before + # whole_archive_flag_spec was expanded, because we can't + # assume the linker understands whole_archive_flag_spec. + # This may have to be revisited, in case too many + # convenience libraries get linked in and end up exceeding + # the spec. + if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + fi + save_output=$output + output_la=`$echo "X$output" | $Xsed -e "$basename"` + + # Clear the reloadable object creation command queue and + # initialize k to one. + test_cmds= + concat_cmds= + objlist= + delfiles= + last_robj= + k=1 + output=$output_objdir/$output_la-${k}.$objext + # Loop over the list of objects to be linked. + for obj in $save_libobjs + do + eval test_cmds=\"$reload_cmds $objlist $last_robj\" + if test "X$objlist" = X || + { len=`expr "X$test_cmds" : ".*" 2>/dev/null` && + test "$len" -le "$max_cmd_len"; }; then + objlist="$objlist $obj" + else + # The command $test_cmds is almost too long, add a + # command to the queue. + if test "$k" -eq 1 ; then + # The first file doesn't have a previous command to add. + eval concat_cmds=\"$reload_cmds $objlist $last_robj\" + else + # All subsequent reloadable object files will link in + # the last one created. + eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj\" + fi + last_robj=$output_objdir/$output_la-${k}.$objext + k=`expr $k + 1` + output=$output_objdir/$output_la-${k}.$objext + objlist=$obj + len=1 + fi + done + # Handle the remaining objects by creating one last + # reloadable object file. All subsequent reloadable object + # files will link in the last one created. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\" + + if ${skipped_export-false}; then + $show "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $run $rm $export_symbols + libobjs=$output + # Append the command to create the export file. + eval concat_cmds=\"\$concat_cmds~$export_symbols_cmds\" + fi + + # Set up a command to remove the reloadable object files + # after they are used. + i=0 + while test "$i" -lt "$k" + do + i=`expr $i + 1` + delfiles="$delfiles $output_objdir/$output_la-${i}.$objext" + done + + $echo "creating a temporary reloadable object file: $output" + + # Loop through the commands generated above and execute them. + save_ifs="$IFS"; IFS='~' + for cmd in $concat_cmds; do + IFS="$save_ifs" + $show "$cmd" + $run eval "$cmd" || exit $? + done + IFS="$save_ifs" + + libobjs=$output + # Restore the value of output. + output=$save_output + + if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + fi + # Expand the library linking commands again to reset the + # value of $libobjs for piecewise linking. + + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + cmds=$module_expsym_cmds + else + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + cmds=$archive_expsym_cmds + else + cmds=$archive_cmds + fi + fi + + # Append the command to remove the reloadable object files + # to the just-reset $cmds. + eval cmds=\"\$cmds~\$rm $delfiles\" + fi + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test "$mode" = relink; then + $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)' + fi + + exit $lt_exit + } + done + IFS="$save_ifs" + + # Restore the uninstalled library and exit + if test "$mode" = relink; then + $run eval '(cd $output_objdir && $rm ${realname}T && $mv $realname ${realname}T && $mv "$realname"U $realname)' || exit $? + + if test -n "$convenience"; then + if test -z "$whole_archive_flag_spec"; then + $show "${rm}r $gentop" + $run ${rm}r "$gentop" + fi + fi + + exit $EXIT_SUCCESS + fi + + # Create links to the real library. + for linkname in $linknames; do + if test "$realname" != "$linkname"; then + $show "(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)" + $run eval '(cd $output_objdir && $rm $linkname && $LN_S $realname $linkname)' || exit $? + fi + done + + # If -module or -export-dynamic was specified, set the dlname. + if test "$module" = yes || test "$export_dynamic" = yes; then + # On all known operating systems, these are identical. + dlname="$soname" + fi + fi + ;; + + obj) + if test -n "$deplibs"; then + $echo "$modename: warning: \`-l' and \`-L' are ignored for objects" 1>&2 + fi + + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + $echo "$modename: warning: \`-dlopen' is ignored for objects" 1>&2 + fi + + if test -n "$rpath"; then + $echo "$modename: warning: \`-rpath' is ignored for objects" 1>&2 + fi + + if test -n "$xrpath"; then + $echo "$modename: warning: \`-R' is ignored for objects" 1>&2 + fi + + if test -n "$vinfo"; then + $echo "$modename: warning: \`-version-info' is ignored for objects" 1>&2 + fi + + if test -n "$release"; then + $echo "$modename: warning: \`-release' is ignored for objects" 1>&2 + fi + + case $output in + *.lo) + if test -n "$objs$old_deplibs"; then + $echo "$modename: cannot build library object \`$output' from non-libtool objects" 1>&2 + exit $EXIT_FAILURE + fi + libobj="$output" + obj=`$echo "X$output" | $Xsed -e "$lo2o"` + ;; + *) + libobj= + obj="$output" + ;; + esac + + # Delete the old objects. + $run $rm $obj $libobj + + # Objects from convenience libraries. This assumes + # single-version convenience libraries. Whenever we create + # different ones for PIC/non-PIC, this we'll have to duplicate + # the extraction. + reload_conv_objs= + gentop= + # reload_cmds runs $LD directly, so let us get rid of + # -Wl from whole_archive_flag_spec + wl= + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + eval reload_conv_objs=\"\$reload_objs $whole_archive_flag_spec\" + else + gentop="$output_objdir/${obj}x" + generated="$generated $gentop" + + func_extract_archives $gentop $convenience + reload_conv_objs="$reload_objs $func_extract_archives_result" + fi + fi + + # Create the old-style object. + reload_objs="$objs$old_deplibs "`$echo "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test + + output="$obj" + cmds=$reload_cmds + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" || exit $? + done + IFS="$save_ifs" + + # Exit if we aren't doing a library object file. + if test -z "$libobj"; then + if test -n "$gentop"; then + $show "${rm}r $gentop" + $run ${rm}r $gentop + fi + + exit $EXIT_SUCCESS + fi + + if test "$build_libtool_libs" != yes; then + if test -n "$gentop"; then + $show "${rm}r $gentop" + $run ${rm}r $gentop + fi + + # Create an invalid libtool object if no PIC, so that we don't + # accidentally link it into a program. + # $show "echo timestamp > $libobj" + # $run eval "echo timestamp > $libobj" || exit $? + exit $EXIT_SUCCESS + fi + + if test -n "$pic_flag" || test "$pic_mode" != default; then + # Only do commands if we really have different PIC objects. + reload_objs="$libobjs $reload_conv_objs" + output="$libobj" + cmds=$reload_cmds + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" || exit $? + done + IFS="$save_ifs" + fi + + if test -n "$gentop"; then + $show "${rm}r $gentop" + $run ${rm}r $gentop + fi + + exit $EXIT_SUCCESS + ;; + + prog) + case $host in + *cygwin*) output=`$echo $output | ${SED} -e 's,.exe$,,;s,$,.exe,'` ;; + esac + if test -n "$vinfo"; then + $echo "$modename: warning: \`-version-info' is ignored for programs" 1>&2 + fi + + if test -n "$release"; then + $echo "$modename: warning: \`-release' is ignored for programs" 1>&2 + fi + + if test "$preload" = yes; then + if test "$dlopen_support" = unknown && test "$dlopen_self" = unknown && + test "$dlopen_self_static" = unknown; then + $echo "$modename: warning: \`AC_LIBTOOL_DLOPEN' not used. Assuming no dlopen support." + fi + fi + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + compile_deplibs=`$echo "X $compile_deplibs" | $Xsed -e 's/ -lc / -framework System /'` + finalize_deplibs=`$echo "X $finalize_deplibs" | $Xsed -e 's/ -lc / -framework System /'` + ;; + esac + + case $host in + *darwin*) + # Don't allow lazy linking, it breaks C++ global constructors + if test "$tagname" = CXX ; then + compile_command="$compile_command ${wl}-bind_at_load" + finalize_command="$finalize_command ${wl}-bind_at_load" + fi + ;; + esac + + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $compile_deplibs " in + *" -L$path/$objdir "*) + new_libs="$new_libs -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $compile_deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$new_libs $deplib" ;; + esac + ;; + *) new_libs="$new_libs $deplib" ;; + esac + done + compile_deplibs="$new_libs" + + + compile_command="$compile_command $compile_deplibs" + finalize_command="$finalize_command $finalize_deplibs" + + if test -n "$rpath$xrpath"; then + # If the user specified any rpath flags, then add them. + for libdir in $rpath $xrpath; do + # This is the magic to use -rpath. + case "$finalize_rpath " in + *" $libdir "*) ;; + *) finalize_rpath="$finalize_rpath $libdir" ;; + esac + done + fi + + # Now hardcode the library paths + rpath= + hardcode_libdirs= + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + rpath="$rpath $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) perm_rpath="$perm_rpath $libdir" ;; + esac + fi + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*) + testbindir=`$echo "X$libdir" | $Xsed -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$libdir:"*) ;; + *) dllsearchpath="$dllsearchpath:$libdir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + *) dllsearchpath="$dllsearchpath:$testbindir";; + esac + ;; + esac + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + compile_rpath="$rpath" + + rpath= + hardcode_libdirs= + for libdir in $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + rpath="$rpath $flag" + fi + elif test -n "$runpath_var"; then + case "$finalize_perm_rpath " in + *" $libdir "*) ;; + *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + finalize_rpath="$rpath" + + if test -n "$libobjs" && test "$build_old_libs" = yes; then + # Transform all the library objects into standard objects. + compile_command=`$echo "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + finalize_command=`$echo "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + fi + + dlsyms= + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + if test -n "$NM" && test -n "$global_symbol_pipe"; then + dlsyms="${outputname}S.c" + else + $echo "$modename: not configured to extract global symbols from dlpreopened files" 1>&2 + fi + fi + + if test -n "$dlsyms"; then + case $dlsyms in + "") ;; + *.c) + # Discover the nlist of each of the dlfiles. + nlist="$output_objdir/${outputname}.nm" + + $show "$rm $nlist ${nlist}S ${nlist}T" + $run $rm "$nlist" "${nlist}S" "${nlist}T" + + # Parse the name list into a source file. + $show "creating $output_objdir/$dlsyms" + + test -z "$run" && $echo > "$output_objdir/$dlsyms" "\ +/* $dlsyms - symbol resolution table for \`$outputname' dlsym emulation. */ +/* Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP */ + +#ifdef __cplusplus +extern \"C\" { +#endif + +/* Prevent the only kind of declaration conflicts we can make. */ +#define lt_preloaded_symbols some_other_symbol + +/* External symbol declarations for the compiler. */\ +" + + if test "$dlself" = yes; then + $show "generating symbol list for \`$output'" + + test -z "$run" && $echo ': @PROGRAM@ ' > "$nlist" + + # Add our own program objects to the symbol list. + progfiles=`$echo "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` + for arg in $progfiles; do + $show "extracting global C symbols from \`$arg'" + $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'" + done + + if test -n "$exclude_expsyms"; then + $run eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' + $run eval '$mv "$nlist"T "$nlist"' + fi + + if test -n "$export_symbols_regex"; then + $run eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' + $run eval '$mv "$nlist"T "$nlist"' + fi + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + export_symbols="$output_objdir/$outputname.exp" + $run $rm $export_symbols + $run eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + case $host in + *cygwin* | *mingw* ) + $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + $run eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' + ;; + esac + else + $run eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + $run eval 'grep -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' + $run eval 'mv "$nlist"T "$nlist"' + case $host in + *cygwin* | *mingw* ) + $run eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + $run eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' + ;; + esac + fi + fi + + for arg in $dlprefiles; do + $show "extracting global C symbols from \`$arg'" + name=`$echo "$arg" | ${SED} -e 's%^.*/%%'` + $run eval '$echo ": $name " >> "$nlist"' + $run eval "$NM $arg | $global_symbol_pipe >> '$nlist'" + done + + if test -z "$run"; then + # Make sure we have at least an empty file. + test -f "$nlist" || : > "$nlist" + + if test -n "$exclude_expsyms"; then + $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T + $mv "$nlist"T "$nlist" + fi + + # Try sorting and uniquifying the output. + if grep -v "^: " < "$nlist" | + if sort -k 3 /dev/null 2>&1; then + sort -k 3 + else + sort +2 + fi | + uniq > "$nlist"S; then + : + else + grep -v "^: " < "$nlist" > "$nlist"S + fi + + if test -f "$nlist"S; then + eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$dlsyms"' + else + $echo '/* NONE */' >> "$output_objdir/$dlsyms" + fi + + $echo >> "$output_objdir/$dlsyms" "\ + +#undef lt_preloaded_symbols + +#if defined (__STDC__) && __STDC__ +# define lt_ptr void * +#else +# define lt_ptr char * +# define const +#endif + +/* The mapping between symbol names and symbols. */ +" + + case $host in + *cygwin* | *mingw* ) + $echo >> "$output_objdir/$dlsyms" "\ +/* DATA imports from DLLs on WIN32 can't be const, because + runtime relocations are performed -- see ld's documentation + on pseudo-relocs */ +struct { +" + ;; + * ) + $echo >> "$output_objdir/$dlsyms" "\ +const struct { +" + ;; + esac + + + $echo >> "$output_objdir/$dlsyms" "\ + const char *name; + lt_ptr address; +} +lt_preloaded_symbols[] = +{\ +" + + eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$dlsyms" + + $echo >> "$output_objdir/$dlsyms" "\ + {0, (lt_ptr) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif\ +" + fi + + pic_flag_for_symtable= + case $host in + # compiling the symbol table file with pic_flag works around + # a FreeBSD bug that causes programs to crash when -lm is + # linked before any other PIC object. But we must not use + # pic_flag when linking with -static. The problem exists in + # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. + *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + case "$compile_command " in + *" -static "*) ;; + *) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND";; + esac;; + *-*-hpux*) + case "$compile_command " in + *" -static "*) ;; + *) pic_flag_for_symtable=" $pic_flag";; + esac + esac + + # Now compile the dynamic symbol file. + $show "(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable \"$dlsyms\")" + $run eval '(cd $output_objdir && $LTCC $LTCFLAGS -c$no_builtin_flag$pic_flag_for_symtable "$dlsyms")' || exit $? + + # Clean up the generated files. + $show "$rm $output_objdir/$dlsyms $nlist ${nlist}S ${nlist}T" + $run $rm "$output_objdir/$dlsyms" "$nlist" "${nlist}S" "${nlist}T" + + # Transform the symbol file into the correct name. + case $host in + *cygwin* | *mingw* ) + if test -f "$output_objdir/${outputname}.def" ; then + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}.def $output_objdir/${outputname}S.${objext}%"` + else + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + fi + ;; + * ) + compile_command=`$echo "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/${outputname}S.${objext}%"` + ;; + esac + ;; + *) + $echo "$modename: unknown suffix for \`$dlsyms'" 1>&2 + exit $EXIT_FAILURE + ;; + esac + else + # We keep going just in case the user didn't refer to + # lt_preloaded_symbols. The linker will fail if global_symbol_pipe + # really was required. + + # Nullify the symbol file. + compile_command=`$echo "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` + finalize_command=`$echo "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` + fi + + if test "$need_relink" = no || test "$build_libtool_libs" != yes; then + # Replace the output file specification. + compile_command=`$echo "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` + link_command="$compile_command$compile_rpath" + + # We have no uninstalled library dependencies, so finalize right now. + $show "$link_command" + $run eval "$link_command" + exit_status=$? + + # Delete the generated files. + if test -n "$dlsyms"; then + $show "$rm $output_objdir/${outputname}S.${objext}" + $run $rm "$output_objdir/${outputname}S.${objext}" + fi + + exit $exit_status + fi + + if test -n "$shlibpath_var"; then + # We should set the shlibpath_var + rpath= + for dir in $temp_rpath; do + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) + # Absolute path. + rpath="$rpath$dir:" + ;; + *) + # Relative path: add a thisdir entry. + rpath="$rpath\$thisdir/$dir:" + ;; + esac + done + temp_rpath="$rpath" + fi + + if test -n "$compile_shlibpath$finalize_shlibpath"; then + compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" + fi + if test -n "$finalize_shlibpath"; then + finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" + fi + + compile_var= + finalize_var= + if test -n "$runpath_var"; then + if test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + rpath="$rpath$dir:" + done + compile_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + if test -n "$finalize_perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $finalize_perm_rpath; do + rpath="$rpath$dir:" + done + finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + fi + + if test "$no_install" = yes; then + # We don't need to create a wrapper script. + link_command="$compile_var$compile_command$compile_rpath" + # Replace the output file specification. + link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` + # Delete the old output file. + $run $rm $output + # Link the executable and exit + $show "$link_command" + $run eval "$link_command" || exit $? + exit $EXIT_SUCCESS + fi + + if test "$hardcode_action" = relink; then + # Fast installation is not supported + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" + + $echo "$modename: warning: this platform does not like uninstalled shared libraries" 1>&2 + $echo "$modename: \`$output' will be relinked during installation" 1>&2 + else + if test "$fast_install" != no; then + link_command="$finalize_var$compile_command$finalize_rpath" + if test "$fast_install" = yes; then + relink_command=`$echo "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` + else + # fast_install is set to needless + relink_command= + fi + else + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" + fi + fi + + # Replace the output file specification. + link_command=`$echo "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + + # Delete the old output files. + $run $rm $output $output_objdir/$outputname $output_objdir/lt-$outputname + + $show "$link_command" + $run eval "$link_command" || exit $? + + # Now create the wrapper script. + $show "creating $output" + + # Quote the relink command for shipping. + if test -n "$relink_command"; then + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"` + relink_command="$var=\"$var_value\"; export $var; $relink_command" + fi + done + relink_command="(cd `pwd`; $relink_command)" + relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` + fi + + # Quote $echo for shipping. + if test "X$echo" = "X$SHELL $progpath --fallback-echo"; then + case $progpath in + [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";; + *) qecho="$SHELL `pwd`/$progpath --fallback-echo";; + esac + qecho=`$echo "X$qecho" | $Xsed -e "$sed_quote_subst"` + else + qecho=`$echo "X$echo" | $Xsed -e "$sed_quote_subst"` + fi + + # Only actually do things if our run command is non-null. + if test -z "$run"; then + # win32 will think the script is a binary if it has + # a .exe suffix, so we strip it off here. + case $output in + *.exe) output=`$echo $output|${SED} 's,.exe$,,'` ;; + esac + # test for cygwin because mv fails w/o .exe extensions + case $host in + *cygwin*) + exeext=.exe + outputname=`$echo $outputname|${SED} 's,.exe$,,'` ;; + *) exeext= ;; + esac + case $host in + *cygwin* | *mingw* ) + output_name=`basename $output` + output_path=`dirname $output` + cwrappersource="$output_path/$objdir/lt-$output_name.c" + cwrapper="$output_path/$output_name.exe" + $rm $cwrappersource $cwrapper + trap "$rm $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 + + cat > $cwrappersource <> $cwrappersource<<"EOF" +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined(PATH_MAX) +# define LT_PATHMAX PATH_MAX +#elif defined(MAXPATHLEN) +# define LT_PATHMAX MAXPATHLEN +#else +# define LT_PATHMAX 1024 +#endif + +#ifndef DIR_SEPARATOR +# define DIR_SEPARATOR '/' +# define PATH_SEPARATOR ':' +#endif + +#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ + defined (__OS2__) +# define HAVE_DOS_BASED_FILE_SYSTEM +# ifndef DIR_SEPARATOR_2 +# define DIR_SEPARATOR_2 '\\' +# endif +# ifndef PATH_SEPARATOR_2 +# define PATH_SEPARATOR_2 ';' +# endif +#endif + +#ifndef DIR_SEPARATOR_2 +# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) +#else /* DIR_SEPARATOR_2 */ +# define IS_DIR_SEPARATOR(ch) \ + (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) +#endif /* DIR_SEPARATOR_2 */ + +#ifndef PATH_SEPARATOR_2 +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) +#else /* PATH_SEPARATOR_2 */ +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) +#endif /* PATH_SEPARATOR_2 */ + +#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) +#define XFREE(stale) do { \ + if (stale) { free ((void *) stale); stale = 0; } \ +} while (0) + +/* -DDEBUG is fairly common in CFLAGS. */ +#undef DEBUG +#if defined DEBUGWRAPPER +# define DEBUG(format, ...) fprintf(stderr, format, __VA_ARGS__) +#else +# define DEBUG(format, ...) +#endif + +const char *program_name = NULL; + +void * xmalloc (size_t num); +char * xstrdup (const char *string); +const char * base_name (const char *name); +char * find_executable(const char *wrapper); +int check_executable(const char *path); +char * strendzap(char *str, const char *pat); +void lt_fatal (const char *message, ...); + +int +main (int argc, char *argv[]) +{ + char **newargz; + int i; + + program_name = (char *) xstrdup (base_name (argv[0])); + DEBUG("(main) argv[0] : %s\n",argv[0]); + DEBUG("(main) program_name : %s\n",program_name); + newargz = XMALLOC(char *, argc+2); +EOF + + cat >> $cwrappersource <> $cwrappersource <<"EOF" + newargz[1] = find_executable(argv[0]); + if (newargz[1] == NULL) + lt_fatal("Couldn't find %s", argv[0]); + DEBUG("(main) found exe at : %s\n",newargz[1]); + /* we know the script has the same name, without the .exe */ + /* so make sure newargz[1] doesn't end in .exe */ + strendzap(newargz[1],".exe"); + for (i = 1; i < argc; i++) + newargz[i+1] = xstrdup(argv[i]); + newargz[argc+1] = NULL; + + for (i=0; i> $cwrappersource <> $cwrappersource <> $cwrappersource <<"EOF" + return 127; +} + +void * +xmalloc (size_t num) +{ + void * p = (void *) malloc (num); + if (!p) + lt_fatal ("Memory exhausted"); + + return p; +} + +char * +xstrdup (const char *string) +{ + return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL +; +} + +const char * +base_name (const char *name) +{ + const char *base; + +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + /* Skip over the disk name in MSDOS pathnames. */ + if (isalpha ((unsigned char)name[0]) && name[1] == ':') + name += 2; +#endif + + for (base = name; *name; name++) + if (IS_DIR_SEPARATOR (*name)) + base = name + 1; + return base; +} + +int +check_executable(const char * path) +{ + struct stat st; + + DEBUG("(check_executable) : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!"); + if ((!path) || (!*path)) + return 0; + + if ((stat (path, &st) >= 0) && + ( + /* MinGW & native WIN32 do not support S_IXOTH or S_IXGRP */ +#if defined (S_IXOTH) + ((st.st_mode & S_IXOTH) == S_IXOTH) || +#endif +#if defined (S_IXGRP) + ((st.st_mode & S_IXGRP) == S_IXGRP) || +#endif + ((st.st_mode & S_IXUSR) == S_IXUSR)) + ) + return 1; + else + return 0; +} + +/* Searches for the full path of the wrapper. Returns + newly allocated full path name if found, NULL otherwise */ +char * +find_executable (const char* wrapper) +{ + int has_slash = 0; + const char* p; + const char* p_next; + /* static buffer for getcwd */ + char tmp[LT_PATHMAX + 1]; + int tmp_len; + char* concat_name; + + DEBUG("(find_executable) : %s\n", wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"); + + if ((wrapper == NULL) || (*wrapper == '\0')) + return NULL; + + /* Absolute path? */ +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + if (isalpha ((unsigned char)wrapper[0]) && wrapper[1] == ':') + { + concat_name = xstrdup (wrapper); + if (check_executable(concat_name)) + return concat_name; + XFREE(concat_name); + } + else + { +#endif + if (IS_DIR_SEPARATOR (wrapper[0])) + { + concat_name = xstrdup (wrapper); + if (check_executable(concat_name)) + return concat_name; + XFREE(concat_name); + } +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + } +#endif + + for (p = wrapper; *p; p++) + if (*p == '/') + { + has_slash = 1; + break; + } + if (!has_slash) + { + /* no slashes; search PATH */ + const char* path = getenv ("PATH"); + if (path != NULL) + { + for (p = path; *p; p = p_next) + { + const char* q; + size_t p_len; + for (q = p; *q; q++) + if (IS_PATH_SEPARATOR(*q)) + break; + p_len = q - p; + p_next = (*q == '\0' ? q : q + 1); + if (p_len == 0) + { + /* empty path: current directory */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal ("getcwd failed"); + tmp_len = strlen(tmp); + concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + } + else + { + concat_name = XMALLOC(char, p_len + 1 + strlen(wrapper) + 1); + memcpy (concat_name, p, p_len); + concat_name[p_len] = '/'; + strcpy (concat_name + p_len + 1, wrapper); + } + if (check_executable(concat_name)) + return concat_name; + XFREE(concat_name); + } + } + /* not found in PATH; assume curdir */ + } + /* Relative path | not found in path: prepend cwd */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal ("getcwd failed"); + tmp_len = strlen(tmp); + concat_name = XMALLOC(char, tmp_len + 1 + strlen(wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + + if (check_executable(concat_name)) + return concat_name; + XFREE(concat_name); + return NULL; +} + +char * +strendzap(char *str, const char *pat) +{ + size_t len, patlen; + + assert(str != NULL); + assert(pat != NULL); + + len = strlen(str); + patlen = strlen(pat); + + if (patlen <= len) + { + str += len - patlen; + if (strcmp(str, pat) == 0) + *str = '\0'; + } + return str; +} + +static void +lt_error_core (int exit_status, const char * mode, + const char * message, va_list ap) +{ + fprintf (stderr, "%s: %s: ", program_name, mode); + vfprintf (stderr, message, ap); + fprintf (stderr, ".\n"); + + if (exit_status >= 0) + exit (exit_status); +} + +void +lt_fatal (const char *message, ...) +{ + va_list ap; + va_start (ap, message); + lt_error_core (EXIT_FAILURE, "FATAL", message, ap); + va_end (ap); +} +EOF + # we should really use a build-platform specific compiler + # here, but OTOH, the wrappers (shell script and this C one) + # are only useful if you want to execute the "real" binary. + # Since the "real" binary is built for $host, then this + # wrapper might as well be built for $host, too. + $run $LTCC $LTCFLAGS -s -o $cwrapper $cwrappersource + ;; + esac + $rm $output + trap "$rm $output; exit $EXIT_FAILURE" 1 2 15 + + $echo > $output "\ +#! $SHELL + +# $output - temporary wrapper script for $objdir/$outputname +# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP +# +# The $output program cannot be directly executed until all the libtool +# libraries that it depends on are installed. +# +# This wrapper script should never be moved out of the build directory. +# If it is, it will not operate correctly. + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed='${SED} -e 1s/^X//' +sed_quote_subst='$sed_quote_subst' + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +relink_command=\"$relink_command\" + +# This environment variable determines our operation mode. +if test \"\$libtool_install_magic\" = \"$magic\"; then + # install mode needs the following variable: + notinst_deplibs='$notinst_deplibs' +else + # When we are sourced in execute mode, \$file and \$echo are already set. + if test \"\$libtool_execute_magic\" != \"$magic\"; then + echo=\"$qecho\" + file=\"\$0\" + # Make sure echo works. + if test \"X\$1\" = X--no-reexec; then + # Discard the --no-reexec flag, and continue. + shift + elif test \"X\`(\$echo '\t') 2>/dev/null\`\" = 'X\t'; then + # Yippee, \$echo works! + : + else + # Restart under the correct shell, and then maybe \$echo will work. + exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"} + fi + fi\ +" + $echo >> $output "\ + + # Find the directory that this script lives in. + thisdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\` + test \"x\$thisdir\" = \"x\$file\" && thisdir=. + + # Follow symbolic links until we get to the real thisdir. + file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\` + while test -n \"\$file\"; do + destdir=\`\$echo \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\` + + # If there was a directory component, then change thisdir. + if test \"x\$destdir\" != \"x\$file\"; then + case \"\$destdir\" in + [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; + *) thisdir=\"\$thisdir/\$destdir\" ;; + esac + fi + + file=\`\$echo \"X\$file\" | \$Xsed -e 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\` + done + + # Try to get the absolute directory name. + absdir=\`cd \"\$thisdir\" && pwd\` + test -n \"\$absdir\" && thisdir=\"\$absdir\" +" + + if test "$fast_install" = yes; then + $echo >> $output "\ + program=lt-'$outputname'$exeext + progdir=\"\$thisdir/$objdir\" + + if test ! -f \"\$progdir/\$program\" || \\ + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ + test \"X\$file\" != \"X\$progdir/\$program\"; }; then + + file=\"\$\$-\$program\" + + if test ! -d \"\$progdir\"; then + $mkdir \"\$progdir\" + else + $rm \"\$progdir/\$file\" + fi" + + $echo >> $output "\ + + # relink executable if necessary + if test -n \"\$relink_command\"; then + if relink_command_output=\`eval \$relink_command 2>&1\`; then : + else + $echo \"\$relink_command_output\" >&2 + $rm \"\$progdir/\$file\" + exit $EXIT_FAILURE + fi + fi + + $mv \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || + { $rm \"\$progdir/\$program\"; + $mv \"\$progdir/\$file\" \"\$progdir/\$program\"; } + $rm \"\$progdir/\$file\" + fi" + else + $echo >> $output "\ + program='$outputname' + progdir=\"\$thisdir/$objdir\" +" + fi + + $echo >> $output "\ + + if test -f \"\$progdir/\$program\"; then" + + # Export our shlibpath_var if we have one. + if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + $echo >> $output "\ + # Add our own library path to $shlibpath_var + $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" + + # Some systems cannot cope with colon-terminated $shlibpath_var + # The second colon is a workaround for a bug in BeOS R4 sed + $shlibpath_var=\`\$echo \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\` + + export $shlibpath_var +" + fi + + # fixup the dll searchpath if we need to. + if test -n "$dllsearchpath"; then + $echo >> $output "\ + # Add the dll search path components to the executable PATH + PATH=$dllsearchpath:\$PATH +" + fi + + $echo >> $output "\ + if test \"\$libtool_execute_magic\" != \"$magic\"; then + # Run the actual program with our arguments. + + # Make sure env LD_LIBRARY_PATH does not mess us up + if test -n \"\${LD_LIBRARY_PATH+set}\"; then + export LD_LIBRARY_PATH=\$progdir:\$LD_LIBRARY_PATH + fi +" + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2*) + $echo >> $output "\ + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $echo >> $output "\ + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $echo >> $output "\ + \$echo \"\$0: cannot exec \$program \${1+\"\$@\"}\" + exit $EXIT_FAILURE + fi + else + # The program doesn't exist. + \$echo \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 + \$echo \"This script is just a wrapper for \$program.\" 1>&2 + $echo \"See the $PACKAGE documentation for more information.\" 1>&2 + exit $EXIT_FAILURE + fi +fi\ +" + chmod +x $output + fi + exit $EXIT_SUCCESS + ;; + esac + + # See if we need to build an old-fashioned archive. + for oldlib in $oldlibs; do + + if test "$build_libtool_libs" = convenience; then + oldobjs="$libobjs_save" + addlibs="$convenience" + build_libtool_libs=no + else + if test "$build_libtool_libs" = module; then + oldobjs="$libobjs_save" + build_libtool_libs=no + else + oldobjs="$old_deplibs $non_pic_objects" + fi + addlibs="$old_convenience" + fi + + if test -n "$addlibs"; then + gentop="$output_objdir/${outputname}x" + generated="$generated $gentop" + + func_extract_archives $gentop $addlibs + oldobjs="$oldobjs $func_extract_archives_result" + fi + + # Do each command in the archive commands. + if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then + cmds=$old_archive_from_new_cmds + else + # POSIX demands no paths to be encoded in archives. We have + # to avoid creating archives with duplicate basenames if we + # might have to extract them afterwards, e.g., when creating a + # static archive out of a convenience library, or when linking + # the entirety of a libtool archive into another (currently + # not supported by libtool). + if (for obj in $oldobjs + do + $echo "X$obj" | $Xsed -e 's%^.*/%%' + done | sort | sort -uc >/dev/null 2>&1); then + : + else + $echo "copying selected object files to avoid basename conflicts..." + + if test -z "$gentop"; then + gentop="$output_objdir/${outputname}x" + generated="$generated $gentop" + + $show "${rm}r $gentop" + $run ${rm}r "$gentop" + $show "$mkdir $gentop" + $run $mkdir "$gentop" + exit_status=$? + if test "$exit_status" -ne 0 && test ! -d "$gentop"; then + exit $exit_status + fi + fi + + save_oldobjs=$oldobjs + oldobjs= + counter=1 + for obj in $save_oldobjs + do + objbase=`$echo "X$obj" | $Xsed -e 's%^.*/%%'` + case " $oldobjs " in + " ") oldobjs=$obj ;; + *[\ /]"$objbase "*) + while :; do + # Make sure we don't pick an alternate name that also + # overlaps. + newobj=lt$counter-$objbase + counter=`expr $counter + 1` + case " $oldobjs " in + *[\ /]"$newobj "*) ;; + *) if test ! -f "$gentop/$newobj"; then break; fi ;; + esac + done + $show "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" + $run ln "$obj" "$gentop/$newobj" || + $run cp "$obj" "$gentop/$newobj" + oldobjs="$oldobjs $gentop/$newobj" + ;; + *) oldobjs="$oldobjs $obj" ;; + esac + done + fi + + eval cmds=\"$old_archive_cmds\" + + if len=`expr "X$cmds" : ".*"` && + test "$len" -le "$max_cmd_len" || test "$max_cmd_len" -le -1; then + cmds=$old_archive_cmds + else + # the command line is too long to link in one step, link in parts + $echo "using piecewise archive linking..." + save_RANLIB=$RANLIB + RANLIB=: + objlist= + concat_cmds= + save_oldobjs=$oldobjs + + # Is there a better way of finding the last object in the list? + for obj in $save_oldobjs + do + last_oldobj=$obj + done + for obj in $save_oldobjs + do + oldobjs="$objlist $obj" + objlist="$objlist $obj" + eval test_cmds=\"$old_archive_cmds\" + if len=`expr "X$test_cmds" : ".*" 2>/dev/null` && + test "$len" -le "$max_cmd_len"; then + : + else + # the above command should be used before it gets too long + oldobjs=$objlist + if test "$obj" = "$last_oldobj" ; then + RANLIB=$save_RANLIB + fi + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" + objlist= + fi + done + RANLIB=$save_RANLIB + oldobjs=$objlist + if test "X$oldobjs" = "X" ; then + eval cmds=\"\$concat_cmds\" + else + eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + fi + fi + fi + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + eval cmd=\"$cmd\" + IFS="$save_ifs" + $show "$cmd" + $run eval "$cmd" || exit $? + done + IFS="$save_ifs" + done + + if test -n "$generated"; then + $show "${rm}r$generated" + $run ${rm}r$generated + fi + + # Now create the libtool archive. + case $output in + *.la) + old_library= + test "$build_old_libs" = yes && old_library="$libname.$libext" + $show "creating $output" + + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + var_value=`$echo "X$var_value" | $Xsed -e "$sed_quote_subst"` + relink_command="$var=\"$var_value\"; export $var; $relink_command" + fi + done + # Quote the link command for shipping. + relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command=`$echo "X$relink_command" | $Xsed -e "$sed_quote_subst"` + if test "$hardcode_automatic" = yes ; then + relink_command= + fi + + + # Only create the output if not a dry run. + if test -z "$run"; then + for installed in no yes; do + if test "$installed" = yes; then + if test -z "$install_libdir"; then + break + fi + output="$output_objdir/$outputname"i + # Replace all uninstalled libtool libraries with the installed ones + newdependency_libs= + for deplib in $dependency_libs; do + case $deplib in + *.la) + name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'` + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + if test -z "$libdir"; then + $echo "$modename: \`$deplib' is not a valid libtool archive" 1>&2 + exit $EXIT_FAILURE + fi + if test "X$EGREP" = X ; then + EGREP=egrep + fi + # We do not want portage's install root ($D) present. Check only for + # this if the .la is being installed. + if test "$installed" = yes && test "$D"; then + eval mynewdependency_lib=`echo "$libdir/$name" |sed -e "s:$D:/:g" -e 's:/\+:/:g'` + else + mynewdependency_lib="$libdir/$name" + fi + # Do not add duplicates + if test "$mynewdependency_lib"; then + my_little_ninja_foo_1=`echo $newdependency_libs |$EGREP -e "$mynewdependency_lib"` + if test -z "$my_little_ninja_foo_1"; then + newdependency_libs="$newdependency_libs $mynewdependency_lib" + fi + fi + ;; + *) + if test "$installed" = yes; then + # Rather use S=WORKDIR if our version of portage supports it. + # This is because some ebuild (gcc) do not use $S as buildroot. + if test "$PWORKDIR"; then + S="$PWORKDIR" + fi + # We do not want portage's build root ($S) present. + my_little_ninja_foo_2=`echo $deplib |$EGREP -e "$S"` + # We do not want portage's install root ($D) present. + my_little_ninja_foo_3=`echo $deplib |$EGREP -e "$D"` + if test -n "$my_little_ninja_foo_2" && test "$S"; then + mynewdependency_lib="" + elif test -n "$my_little_ninja_foo_3" && test "$D"; then + eval mynewdependency_lib=`echo "$deplib" |sed -e "s:$D:/:g" -e 's:/\+:/:g'` + else + mynewdependency_lib="$deplib" + fi + else + mynewdependency_lib="$deplib" + fi + # Do not add duplicates + if test "$mynewdependency_lib"; then + my_little_ninja_foo_4=`echo $newdependency_libs |$EGREP -e "$mynewdependency_lib"` + if test -z "$my_little_ninja_foo_4"; then + newdependency_libs="$newdependency_libs $mynewdependency_lib" + fi + fi + ;; + esac + done + dependency_libs="$newdependency_libs" + newdlfiles= + for lib in $dlfiles; do + name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'` + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + if test -z "$libdir"; then + $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 + exit $EXIT_FAILURE + fi + newdlfiles="$newdlfiles $libdir/$name" + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + name=`$echo "X$lib" | $Xsed -e 's%^.*/%%'` + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + if test -z "$libdir"; then + $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 + exit $EXIT_FAILURE + fi + newdlprefiles="$newdlprefiles $libdir/$name" + done + dlprefiles="$newdlprefiles" + else + newdlfiles= + for lib in $dlfiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + newdlfiles="$newdlfiles $abs" + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + newdlprefiles="$newdlprefiles $abs" + done + dlprefiles="$newdlprefiles" + fi + $rm $output + # place dlname in correct position for cygwin + tdlname=$dlname + case $host,$output,$installed,$module,$dlname in + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;; + esac + # Do not add duplicates + if test "$installed" = yes && test "$D"; then + install_libdir=`echo "$install_libdir" |sed -e "s:$D:/:g" -e 's:/\+:/:g'` + fi + $echo > $output "\ +# $outputname - a libtool library file +# Generated by $PROGRAM - GNU $PACKAGE $VERSION$TIMESTAMP +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='$tdlname' + +# Names of this library. +library_names='$library_names' + +# The name of the static archive. +old_library='$old_library' + +# Libraries that this one depends upon. +dependency_libs='$dependency_libs' + +# Version information for $libname. +current=$current +age=$age +revision=$revision + +# Is this an already installed library? +installed=$installed + +# Should we warn about portability when linking against -modules? +shouldnotlink=$module + +# Files to dlopen/dlpreopen +dlopen='$dlfiles' +dlpreopen='$dlprefiles' + +# Directory that this library needs to be installed in: +libdir='$install_libdir'" + if test "$installed" = no && test "$need_relink" = yes; then + $echo >> $output "\ +relink_command=\"$relink_command\"" + fi + done + fi + + # Do a symbolic link so that the libtool archive can be found in + # LD_LIBRARY_PATH before the program is installed. + $show "(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)" + $run eval '(cd $output_objdir && $rm $outputname && $LN_S ../$outputname $outputname)' || exit $? + ;; + esac + exit $EXIT_SUCCESS + ;; + + # libtool install mode + install) + modename="$modename: install" + + # There may be an optional sh(1) argument at the beginning of + # install_prog (especially on Windows NT). + if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || + # Allow the use of GNU shtool's install command. + $echo "X$nonopt" | grep shtool > /dev/null; then + # Aesthetically quote it. + arg=`$echo "X$nonopt" | $Xsed -e "$sed_quote_subst"` + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + arg="\"$arg\"" + ;; + esac + install_prog="$arg " + arg="$1" + shift + else + install_prog= + arg=$nonopt + fi + + # The real first argument should be the name of the installation program. + # Aesthetically quote it. + arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + arg="\"$arg\"" + ;; + esac + install_prog="$install_prog$arg" + + # We need to accept at least all the BSD install flags. + dest= + files= + opts= + prev= + install_type= + isdir=no + stripme= + for arg + do + if test -n "$dest"; then + files="$files $dest" + dest=$arg + continue + fi + + case $arg in + -d) isdir=yes ;; + -f) + case " $install_prog " in + *[\\\ /]cp\ *) ;; + *) prev=$arg ;; + esac + ;; + -g | -m | -o) prev=$arg ;; + -s) + stripme=" -s" + continue + ;; + -*) + ;; + *) + # If the previous option needed an argument, then skip it. + if test -n "$prev"; then + prev= + else + dest=$arg + continue + fi + ;; + esac + + # Aesthetically quote the argument. + arg=`$echo "X$arg" | $Xsed -e "$sed_quote_subst"` + case $arg in + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + arg="\"$arg\"" + ;; + esac + install_prog="$install_prog $arg" + done + + if test -z "$install_prog"; then + $echo "$modename: you must specify an install program" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + if test -n "$prev"; then + $echo "$modename: the \`$prev' option requires an argument" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + if test -z "$files"; then + if test -z "$dest"; then + $echo "$modename: no file or destination specified" 1>&2 + else + $echo "$modename: you must specify a destination" 1>&2 + fi + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Strip any trailing slash from the destination. + dest=`$echo "X$dest" | $Xsed -e 's%/$%%'` + + # Check to see that the destination is a directory. + test -d "$dest" && isdir=yes + if test "$isdir" = yes; then + destdir="$dest" + destname= + else + destdir=`$echo "X$dest" | $Xsed -e 's%/[^/]*$%%'` + test "X$destdir" = "X$dest" && destdir=. + destname=`$echo "X$dest" | $Xsed -e 's%^.*/%%'` + + # Not a directory, so check to see that there is only one file specified. + set dummy $files + if test "$#" -gt 2; then + $echo "$modename: \`$dest' is not a directory" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + fi + case $destdir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + for file in $files; do + case $file in + *.lo) ;; + *) + $echo "$modename: \`$destdir' must be an absolute directory name" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + ;; + esac + done + ;; + esac + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic="$magic" + + staticlibs= + future_libdirs= + current_libdirs= + for file in $files; do + + # Do each installation. + case $file in + *.$libext) + # Do the static libraries later. + staticlibs="$staticlibs $file" + ;; + + *.la) + # Check to see that this really is a libtool archive. + if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : + else + $echo "$modename: \`$file' is not a valid libtool archive" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + library_names= + old_library= + relink_command= + # If there is no directory component, then add one. + case $file in + */* | *\\*) . $file ;; + *) . ./$file ;; + esac + + # Add the libdir to current_libdirs if it is the destination. + if test "X$destdir" = "X$libdir"; then + case "$current_libdirs " in + *" $libdir "*) ;; + *) current_libdirs="$current_libdirs $libdir" ;; + esac + else + # Note the libdir as a future libdir. + case "$future_libdirs " in + *" $libdir "*) ;; + *) future_libdirs="$future_libdirs $libdir" ;; + esac + fi + + dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'`/ + test "X$dir" = "X$file/" && dir= + dir="$dir$objdir" + + if test -n "$relink_command"; then + # Determine the prefix the user has applied to our future dir. + inst_prefix_dir=`$echo "$destdir" | $SED "s%$libdir\$%%"` + + # Don't allow the user to place us outside of our expected + # location b/c this prevents finding dependent libraries that + # are installed to the same prefix. + # At present, this check doesn't affect windows .dll's that + # are installed into $libdir/../bin (currently, that works fine) + # but it's something to keep an eye on. + if test "$inst_prefix_dir" = "$destdir"; then + $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2 + exit $EXIT_FAILURE + fi + + if test -n "$inst_prefix_dir"; then + # Stick the inst_prefix_dir data into the link command. + relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + else + relink_command=`$echo "$relink_command" | $SED "s%@inst_prefix_dir@%%"` + fi + + $echo "$modename: warning: relinking \`$file'" 1>&2 + $show "$relink_command" + if $run eval "$relink_command"; then : + else + $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2 + exit $EXIT_FAILURE + fi + fi + + # See the names of the shared library. + set dummy $library_names + if test -n "$2"; then + realname="$2" + shift + shift + + srcname="$realname" + test -n "$relink_command" && srcname="$realname"T + + # Install the shared library and build the symlinks. + $show "$install_prog $dir/$srcname $destdir/$realname" + $run eval "$install_prog $dir/$srcname $destdir/$realname" || exit $? + if test -n "$stripme" && test -n "$striplib"; then + $show "$striplib $destdir/$realname" + $run eval "$striplib $destdir/$realname" || exit $? + fi + + if test "$#" -gt 0; then + # Delete the old symlinks, and create new ones. + # Try `ln -sf' first, because the `ln' binary might depend on + # the symlink we replace! Solaris /bin/ln does not understand -f, + # so we also need to try rm && ln -s. + for linkname + do + if test "$linkname" != "$realname"; then + $show "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })" + $run eval "(cd $destdir && { $LN_S -f $realname $linkname || { $rm $linkname && $LN_S $realname $linkname; }; })" + fi + done + fi + + # Do each command in the postinstall commands. + lib="$destdir/$realname" + cmds=$postinstall_cmds + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test "$mode" = relink; then + $run eval '(cd $output_objdir && $rm ${realname}T && $mv ${realname}U $realname)' + fi + + exit $lt_exit + } + done + IFS="$save_ifs" + fi + + # Install the pseudo-library for information purposes. + name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` + instname="$dir/$name"i + $show "$install_prog $instname $destdir/$name" + $run eval "$install_prog $instname $destdir/$name" || exit $? + + # Maybe install the static library, too. + test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library" + ;; + + *.lo) + # Install (i.e. copy) a libtool object. + + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" + else + destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'` + destfile="$destdir/$destfile" + fi + + # Deduce the name of the destination old-style object file. + case $destfile in + *.lo) + staticdest=`$echo "X$destfile" | $Xsed -e "$lo2o"` + ;; + *.$objext) + staticdest="$destfile" + destfile= + ;; + *) + $echo "$modename: cannot copy a libtool object to \`$destfile'" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + ;; + esac + + # Install the libtool object if requested. + if test -n "$destfile"; then + $show "$install_prog $file $destfile" + $run eval "$install_prog $file $destfile" || exit $? + fi + + # Install the old object if enabled. + if test "$build_old_libs" = yes; then + # Deduce the name of the old-style object file. + staticobj=`$echo "X$file" | $Xsed -e "$lo2o"` + + $show "$install_prog $staticobj $staticdest" + $run eval "$install_prog \$staticobj \$staticdest" || exit $? + fi + exit $EXIT_SUCCESS + ;; + + *) + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" + else + destfile=`$echo "X$file" | $Xsed -e 's%^.*/%%'` + destfile="$destdir/$destfile" + fi + + # If the file is missing, and there is a .exe on the end, strip it + # because it is most likely a libtool script we actually want to + # install + stripped_ext="" + case $file in + *.exe) + if test ! -f "$file"; then + file=`$echo $file|${SED} 's,.exe$,,'` + stripped_ext=".exe" + fi + ;; + esac + + # Do a test to see if this is really a libtool program. + case $host in + *cygwin*|*mingw*) + wrapper=`$echo $file | ${SED} -e 's,.exe$,,'` + ;; + *) + wrapper=$file + ;; + esac + if (${SED} -e '4q' $wrapper | grep "^# Generated by .*$PACKAGE")>/dev/null 2>&1; then + notinst_deplibs= + relink_command= + + # Note that it is not necessary on cygwin/mingw to append a dot to + # foo even if both foo and FILE.exe exist: automatic-append-.exe + # behavior happens only for exec(3), not for open(2)! Also, sourcing + # `FILE.' does not work on cygwin managed mounts. + # + # If there is no directory component, then add one. + case $wrapper in + */* | *\\*) . ${wrapper} ;; + *) . ./${wrapper} ;; + esac + + # Check the variables that should have been set. + if test -z "$notinst_deplibs"; then + $echo "$modename: invalid libtool wrapper script \`$wrapper'" 1>&2 + exit $EXIT_FAILURE + fi + + finalize=yes + for lib in $notinst_deplibs; do + # Check to see that each library is installed. + libdir= + if test -f "$lib"; then + # If there is no directory component, then add one. + case $lib in + */* | *\\*) . $lib ;; + *) . ./$lib ;; + esac + fi + libfile="$libdir/"`$echo "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test + if test -n "$libdir" && test ! -f "$libfile"; then + $echo "$modename: warning: \`$lib' has not been installed in \`$libdir'" 1>&2 + finalize=no + fi + done + + relink_command= + # Note that it is not necessary on cygwin/mingw to append a dot to + # foo even if both foo and FILE.exe exist: automatic-append-.exe + # behavior happens only for exec(3), not for open(2)! Also, sourcing + # `FILE.' does not work on cygwin managed mounts. + # + # If there is no directory component, then add one. + case $wrapper in + */* | *\\*) . ${wrapper} ;; + *) . ./${wrapper} ;; + esac + + outputname= + if test "$fast_install" = no && test -n "$relink_command"; then + if test "$finalize" = yes && test -z "$run"; then + tmpdir=`func_mktempdir` + file=`$echo "X$file$stripped_ext" | $Xsed -e 's%^.*/%%'` + outputname="$tmpdir/$file" + # Replace the output file specification. + relink_command=`$echo "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` + + $show "$relink_command" + if $run eval "$relink_command"; then : + else + $echo "$modename: error: relink \`$file' with the above command before installing it" 1>&2 + ${rm}r "$tmpdir" + continue + fi + file="$outputname" + else + $echo "$modename: warning: cannot relink \`$file'" 1>&2 + fi + else + # Install the binary that we compiled earlier. + file=`$echo "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"` + fi + fi + + # remove .exe since cygwin /usr/bin/install will append another + # one anyway + case $install_prog,$host in + */usr/bin/install*,*cygwin*) + case $file:$destfile in + *.exe:*.exe) + # this is ok + ;; + *.exe:*) + destfile=$destfile.exe + ;; + *:*.exe) + destfile=`$echo $destfile | ${SED} -e 's,.exe$,,'` + ;; + esac + ;; + esac + $show "$install_prog$stripme $file $destfile" + $run eval "$install_prog\$stripme \$file \$destfile" || exit $? + test -n "$outputname" && ${rm}r "$tmpdir" + ;; + esac + done + + for file in $staticlibs; do + name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` + + # Set up the ranlib parameters. + oldlib="$destdir/$name" + + $show "$install_prog $file $oldlib" + $run eval "$install_prog \$file \$oldlib" || exit $? + + if test -n "$stripme" && test -n "$old_striplib"; then + $show "$old_striplib $oldlib" + $run eval "$old_striplib $oldlib" || exit $? + fi + + # Do each command in the postinstall commands. + cmds=$old_postinstall_cmds + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" || exit $? + done + IFS="$save_ifs" + done + + if test -n "$future_libdirs"; then + $echo "$modename: warning: remember to run \`$progname --finish$future_libdirs'" 1>&2 + fi + + if test -n "$current_libdirs"; then + # Maybe just do a dry run. + test -n "$run" && current_libdirs=" -n$current_libdirs" + exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' + else + exit $EXIT_SUCCESS + fi + ;; + + # libtool finish mode + finish) + modename="$modename: finish" + libdirs="$nonopt" + admincmds= + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + for dir + do + libdirs="$libdirs $dir" + done + + for libdir in $libdirs; do + if test -n "$finish_cmds"; then + # Do each command in the finish commands. + cmds=$finish_cmds + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" || admincmds="$admincmds + $cmd" + done + IFS="$save_ifs" + fi + if test -n "$finish_eval"; then + # Do the single finish_eval. + eval cmds=\"$finish_eval\" + $run eval "$cmds" || admincmds="$admincmds + $cmds" + fi + done + fi + + # Exit here if they wanted silent mode. + test "$show" = : && exit $EXIT_SUCCESS + + $echo "X----------------------------------------------------------------------" | $Xsed + $echo "Libraries have been installed in:" + for libdir in $libdirs; do + $echo " $libdir" + done + $echo + $echo "If you ever happen to want to link against installed libraries" + $echo "in a given directory, LIBDIR, you must either use libtool, and" + $echo "specify the full pathname of the library, or use the \`-LLIBDIR'" + $echo "flag during linking and do at least one of the following:" + if test -n "$shlibpath_var"; then + $echo " - add LIBDIR to the \`$shlibpath_var' environment variable" + $echo " during execution" + fi + if test -n "$runpath_var"; then + $echo " - add LIBDIR to the \`$runpath_var' environment variable" + $echo " during linking" + fi + if test -n "$hardcode_libdir_flag_spec"; then + libdir=LIBDIR + eval flag=\"$hardcode_libdir_flag_spec\" + + $echo " - use the \`$flag' linker flag" + fi + if test -n "$admincmds"; then + $echo " - have your system administrator run these commands:$admincmds" + fi + if test -f /etc/ld.so.conf; then + $echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" + fi + $echo + $echo "See any operating system documentation about shared libraries for" + $echo "more information, such as the ld(1) and ld.so(8) manual pages." + $echo "X----------------------------------------------------------------------" | $Xsed + exit $EXIT_SUCCESS + ;; + + # libtool execute mode + execute) + modename="$modename: execute" + + # The first argument is the command name. + cmd="$nonopt" + if test -z "$cmd"; then + $echo "$modename: you must specify a COMMAND" 1>&2 + $echo "$help" + exit $EXIT_FAILURE + fi + + # Handle -dlopen flags immediately. + for file in $execute_dlfiles; do + if test ! -f "$file"; then + $echo "$modename: \`$file' is not a file" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + dir= + case $file in + *.la) + # Check to see that this really is a libtool archive. + if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then : + else + $echo "$modename: \`$lib' is not a valid libtool archive" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Read the libtool library. + dlname= + library_names= + + # If there is no directory component, then add one. + case $file in + */* | *\\*) . $file ;; + *) . ./$file ;; + esac + + # Skip this library if it cannot be dlopened. + if test -z "$dlname"; then + # Warn if it was a shared library. + test -n "$library_names" && $echo "$modename: warning: \`$file' was not linked with \`-export-dynamic'" + continue + fi + + dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` + test "X$dir" = "X$file" && dir=. + + if test -f "$dir/$objdir/$dlname"; then + dir="$dir/$objdir" + else + $echo "$modename: cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" 1>&2 + exit $EXIT_FAILURE + fi + ;; + + *.lo) + # Just add the directory containing the .lo file. + dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` + test "X$dir" = "X$file" && dir=. + ;; + + *) + $echo "$modename: warning \`-dlopen' is ignored for non-libtool libraries and objects" 1>&2 + continue + ;; + esac + + # Get the absolute pathname. + absdir=`cd "$dir" && pwd` + test -n "$absdir" && dir="$absdir" + + # Now add the directory to shlibpath_var. + if eval "test -z \"\$$shlibpath_var\""; then + eval "$shlibpath_var=\"\$dir\"" + else + eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" + fi + done + + # This variable tells wrapper scripts just to set shlibpath_var + # rather than running their programs. + libtool_execute_magic="$magic" + + # Check if any of the arguments is a wrapper script. + args= + for file + do + case $file in + -*) ;; + *) + # Do a test to see if this is really a libtool program. + if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then + # If there is no directory component, then add one. + case $file in + */* | *\\*) . $file ;; + *) . ./$file ;; + esac + + # Transform arg to wrapped name. + file="$progdir/$program" + fi + ;; + esac + # Quote arguments (to preserve shell metacharacters). + file=`$echo "X$file" | $Xsed -e "$sed_quote_subst"` + args="$args \"$file\"" + done + + if test -z "$run"; then + if test -n "$shlibpath_var"; then + # Export the shlibpath_var. + eval "export $shlibpath_var" + fi + + # Restore saved environment variables + if test "${save_LC_ALL+set}" = set; then + LC_ALL="$save_LC_ALL"; export LC_ALL + fi + if test "${save_LANG+set}" = set; then + LANG="$save_LANG"; export LANG + fi + + # Now prepare to actually exec the command. + exec_cmd="\$cmd$args" + else + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$echo \"\$shlibpath_var=\$$shlibpath_var\"" + $echo "export $shlibpath_var" + fi + $echo "$cmd$args" + exit $EXIT_SUCCESS + fi + ;; + + # libtool clean and uninstall mode + clean | uninstall) + modename="$modename: $mode" + rm="$nonopt" + files= + rmforce= + exit_status=0 + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic="$magic" + + for arg + do + case $arg in + -f) rm="$rm $arg"; rmforce=yes ;; + -*) rm="$rm $arg" ;; + *) files="$files $arg" ;; + esac + done + + if test -z "$rm"; then + $echo "$modename: you must specify an RM program" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + fi + + rmdirs= + + origobjdir="$objdir" + for file in $files; do + dir=`$echo "X$file" | $Xsed -e 's%/[^/]*$%%'` + if test "X$dir" = "X$file"; then + dir=. + objdir="$origobjdir" + else + objdir="$dir/$origobjdir" + fi + name=`$echo "X$file" | $Xsed -e 's%^.*/%%'` + test "$mode" = uninstall && objdir="$dir" + + # Remember objdir for removal later, being careful to avoid duplicates + if test "$mode" = clean; then + case " $rmdirs " in + *" $objdir "*) ;; + *) rmdirs="$rmdirs $objdir" ;; + esac + fi + + # Don't error if the file doesn't exist and rm -f was used. + if (test -L "$file") >/dev/null 2>&1 \ + || (test -h "$file") >/dev/null 2>&1 \ + || test -f "$file"; then + : + elif test -d "$file"; then + exit_status=1 + continue + elif test "$rmforce" = yes; then + continue + fi + + rmfiles="$file" + + case $name in + *.la) + # Possibly a libtool archive, so verify it. + if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then + . $dir/$name + + # Delete the libtool libraries and symlinks. + for n in $library_names; do + rmfiles="$rmfiles $objdir/$n" + done + test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library" + + case "$mode" in + clean) + case " $library_names " in + # " " in the beginning catches empty $dlname + *" $dlname "*) ;; + *) rmfiles="$rmfiles $objdir/$dlname" ;; + esac + test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i" + ;; + uninstall) + if test -n "$library_names"; then + # Do each command in the postuninstall commands. + cmds=$postuninstall_cmds + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" + if test "$?" -ne 0 && test "$rmforce" != yes; then + exit_status=1 + fi + done + IFS="$save_ifs" + fi + + if test -n "$old_library"; then + # Do each command in the old_postuninstall commands. + cmds=$old_postuninstall_cmds + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $show "$cmd" + $run eval "$cmd" + if test "$?" -ne 0 && test "$rmforce" != yes; then + exit_status=1 + fi + done + IFS="$save_ifs" + fi + # FIXME: should reinstall the best remaining shared library. + ;; + esac + fi + ;; + + *.lo) + # Possibly a libtool object, so verify it. + if (${SED} -e '2q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then + + # Read the .lo file + . $dir/$name + + # Add PIC object to the list of files to remove. + if test -n "$pic_object" \ + && test "$pic_object" != none; then + rmfiles="$rmfiles $dir/$pic_object" + fi + + # Add non-PIC object to the list of files to remove. + if test -n "$non_pic_object" \ + && test "$non_pic_object" != none; then + rmfiles="$rmfiles $dir/$non_pic_object" + fi + fi + ;; + + *) + if test "$mode" = clean ; then + noexename=$name + case $file in + *.exe) + file=`$echo $file|${SED} 's,.exe$,,'` + noexename=`$echo $name|${SED} 's,.exe$,,'` + # $file with .exe has already been added to rmfiles, + # add $file without .exe + rmfiles="$rmfiles $file" + ;; + esac + # Do a test to see if this is a libtool program. + if (${SED} -e '4q' $file | grep "^# Generated by .*$PACKAGE") >/dev/null 2>&1; then + relink_command= + . $dir/$noexename + + # note $name still contains .exe if it was in $file originally + # as does the version of $file that was added into $rmfiles + rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}" + if test "$fast_install" = yes && test -n "$relink_command"; then + rmfiles="$rmfiles $objdir/lt-$name" + fi + if test "X$noexename" != "X$name" ; then + rmfiles="$rmfiles $objdir/lt-${noexename}.c" + fi + fi + fi + ;; + esac + $show "$rm $rmfiles" + $run $rm $rmfiles || exit_status=1 + done + objdir="$origobjdir" + + # Try to remove the ${objdir}s in the directories where we deleted files + for dir in $rmdirs; do + if test -d "$dir"; then + $show "rmdir $dir" + $run rmdir $dir >/dev/null 2>&1 + fi + done + + exit $exit_status + ;; + + "") + $echo "$modename: you must specify a MODE" 1>&2 + $echo "$generic_help" 1>&2 + exit $EXIT_FAILURE + ;; + esac + + if test -z "$exec_cmd"; then + $echo "$modename: invalid operation mode \`$mode'" 1>&2 + $echo "$generic_help" 1>&2 + exit $EXIT_FAILURE + fi +fi # test -z "$show_help" + +if test -n "$exec_cmd"; then + eval exec $exec_cmd + exit $EXIT_FAILURE +fi + +# We need to display help for each of the modes. +case $mode in +"") $echo \ +"Usage: $modename [OPTION]... [MODE-ARG]... + +Provide generalized library-building support services. + + --config show all configuration variables + --debug enable verbose shell tracing +-n, --dry-run display commands without modifying any files + --features display basic configuration information and exit + --finish same as \`--mode=finish' + --help display this help message and exit + --mode=MODE use operation mode MODE [default=inferred from MODE-ARGS] + --quiet same as \`--silent' + --silent don't print informational messages + --tag=TAG use configuration variables from tag TAG + --version print version information + +MODE must be one of the following: + + clean remove files from the build directory + compile compile a source file into a libtool object + execute automatically set library path, then run a program + finish complete the installation of libtool libraries + install install libraries or executables + link create a library or an executable + uninstall remove libraries from an installed directory + +MODE-ARGS vary depending on the MODE. Try \`$modename --help --mode=MODE' for +a more detailed description of MODE. + +Report bugs to ." + exit $EXIT_SUCCESS + ;; + +clean) + $echo \ +"Usage: $modename [OPTION]... --mode=clean RM [RM-OPTION]... FILE... + +Remove files from the build directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. + +If FILE is a libtool library, object or program, all the files associated +with it are deleted. Otherwise, only FILE itself is deleted using RM." + ;; + +compile) + $echo \ +"Usage: $modename [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE + +Compile a source file into a libtool library object. + +This mode accepts the following additional options: + + -o OUTPUT-FILE set the output file name to OUTPUT-FILE + -prefer-pic try to building PIC objects only + -prefer-non-pic try to building non-PIC objects only + -static always build a \`.o' file suitable for static linking + +COMPILE-COMMAND is a command to be used in creating a \`standard' object file +from the given SOURCEFILE. + +The output file name is determined by removing the directory component from +SOURCEFILE, then substituting the C source code suffix \`.c' with the +library object suffix, \`.lo'." + ;; + +execute) + $echo \ +"Usage: $modename [OPTION]... --mode=execute COMMAND [ARGS]... + +Automatically set library path, then run a program. + +This mode accepts the following additional options: + + -dlopen FILE add the directory containing FILE to the library path + +This mode sets the library path environment variable according to \`-dlopen' +flags. + +If any of the ARGS are libtool executable wrappers, then they are translated +into their corresponding uninstalled binary, and any of their required library +directories are added to the library path. + +Then, COMMAND is executed, with ARGS as arguments." + ;; + +finish) + $echo \ +"Usage: $modename [OPTION]... --mode=finish [LIBDIR]... + +Complete the installation of libtool libraries. + +Each LIBDIR is a directory that contains libtool libraries. + +The commands that this mode executes may require superuser privileges. Use +the \`--dry-run' option if you just want to see what would be executed." + ;; + +install) + $echo \ +"Usage: $modename [OPTION]... --mode=install INSTALL-COMMAND... + +Install executables or libraries. + +INSTALL-COMMAND is the installation command. The first component should be +either the \`install' or \`cp' program. + +The rest of the components are interpreted as arguments to that command (only +BSD-compatible install options are recognized)." + ;; + +link) + $echo \ +"Usage: $modename [OPTION]... --mode=link LINK-COMMAND... + +Link object files or libraries together to form another library, or to +create an executable program. + +LINK-COMMAND is a command using the C compiler that you would use to create +a program from several object files. + +The following components of LINK-COMMAND are treated specially: + + -all-static do not do any dynamic linking at all + -avoid-version do not add a version suffix if possible + -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime + -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols + -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) + -export-symbols SYMFILE + try to export only the symbols listed in SYMFILE + -export-symbols-regex REGEX + try to export only the symbols matching REGEX + -LLIBDIR search LIBDIR for required installed libraries + -lNAME OUTPUT-FILE requires the installed library libNAME + -module build a library that can dlopened + -no-fast-install disable the fast-install mode + -no-install link a not-installable executable + -no-undefined declare that a library does not refer to external symbols + -o OUTPUT-FILE create OUTPUT-FILE from the specified objects + -objectlist FILE Use a list of object files found in FILE to specify objects + -precious-files-regex REGEX + don't remove output files matching REGEX + -release RELEASE specify package release information + -rpath LIBDIR the created library will eventually be installed in LIBDIR + -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries + -static do not do any dynamic linking of libtool libraries + -version-info CURRENT[:REVISION[:AGE]] + specify library version info [each variable defaults to 0] + +All other options (arguments beginning with \`-') are ignored. + +Every other argument is treated as a filename. Files ending in \`.la' are +treated as uninstalled libtool libraries, other files are standard or library +object files. + +If the OUTPUT-FILE ends in \`.la', then a libtool library is created, +only library objects (\`.lo' files) may be specified, and \`-rpath' is +required, except when creating a convenience library. + +If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created +using \`ar' and \`ranlib', or on Windows using \`lib'. + +If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file +is created, otherwise an executable program is created." + ;; + +uninstall) + $echo \ +"Usage: $modename [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... + +Remove libraries from an installation directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. + +If FILE is a libtool library, all the files associated with it are deleted. +Otherwise, only FILE itself is deleted using RM." + ;; + +*) + $echo "$modename: invalid operation mode \`$mode'" 1>&2 + $echo "$help" 1>&2 + exit $EXIT_FAILURE + ;; +esac + +$echo +$echo "Try \`$modename --help' for more information about other modes." + +exit $? + +# The TAGs below are defined such that we never get into a situation +# in which we disable both kinds of libraries. Given conflicting +# choices, we go for a static library, that is the most portable, +# since we can't tell whether shared libraries were disabled because +# the user asked for that or because the platform doesn't support +# them. This is particularly important on AIX, because we don't +# support having both static and shared libraries enabled at the same +# time on that platform, so we default to a shared-only configuration. +# If a disable-shared tag is given, we'll fallback to a static-only +# configuration. But we'll never go from static-only to shared-only. + +# ### BEGIN LIBTOOL TAG CONFIG: disable-shared +disable_libs=shared +# ### END LIBTOOL TAG CONFIG: disable-shared + +# ### BEGIN LIBTOOL TAG CONFIG: disable-static +disable_libs=static +# ### END LIBTOOL TAG CONFIG: disable-static + +# Local Variables: +# mode:shell-script +# sh-indentation:2 +# End: diff --git a/missing b/missing new file mode 100755 index 000000000..894e786e1 --- /dev/null +++ b/missing @@ -0,0 +1,360 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. + +scriptversion=2005-06-08.21 + +# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005 +# Free Software Foundation, Inc. +# Originally by Fran,cois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +run=: + +# In the cases where this matters, `missing' is being run in the +# srcdir already. +if test -f configure.ac; then + configure_ac=configure.ac +else + configure_ac=configure.in +fi + +msg="missing on your system" + +case "$1" in +--run) + # Try to run requested program, and just exit if it succeeds. + run= + shift + "$@" && exit 0 + # Exit code 63 means version mismatch. This often happens + # when the user try to use an ancient version of a tool on + # a file that requires a minimum version. In this case we + # we should proceed has if the program had been absent, or + # if --run hadn't been passed. + if test $? = 63; then + run=: + msg="probably too old" + fi + ;; + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + --run try to run the given command, and emulate it if it fails + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + automake touch all \`Makefile.in' files + bison create \`y.tab.[ch]', if possible, from existing .[ch] + flex create \`lex.yy.c', if possible, from existing .c + help2man touch the output file + lex create \`lex.yy.c', if possible, from existing .c + makeinfo touch the output file + tar try tar, gnutar, gtar, then tar without non-portable flags + yacc create \`y.tab.[ch]', if possible, from existing .[ch] + +Send bug reports to ." + exit $? + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing $scriptversion (GNU Automake)" + exit $? + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + +esac + +# Now exit if we have it, but it failed. Also exit now if we +# don't have it and --version was passed (most likely to detect +# the program). +case "$1" in + lex|yacc) + # Not GNU programs, they don't have --version. + ;; + + tar) + if test -n "$run"; then + echo 1>&2 "ERROR: \`tar' requires --run" + exit 1 + elif test "x$2" = "x--version" || test "x$2" = "x--help"; then + exit 1 + fi + ;; + + *) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + elif test "x$2" = "x--version" || test "x$2" = "x--help"; then + # Could not run --version or --help. This is probably someone + # running `$TOOL --version' or `$TOOL --help' to check whether + # $TOOL exists and not knowing $TOOL uses missing. + exit 1 + fi + ;; +esac + +# If it does not exist, or fails to run (possibly an outdated version), +# try to emulate it. +case "$1" in + aclocal*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`acinclude.m4' or \`${configure_ac}'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`${configure_ac}'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`acconfig.h' or \`${configure_ac}'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` + test -z "$files" && files="config.h" + touch_files= + for f in $files; do + case "$f" in + *:*) touch_files="$touch_files "`echo "$f" | + sed -e 's/^[^:]*://' -e 's/:.*//'`;; + *) touch_files="$touch_files $f.in";; + esac + done + touch $touch_files + ;; + + automake*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print | + sed 's/\.am$/.in/' | + while read f; do touch "$f"; done + ;; + + autom4te) + echo 1>&2 "\ +WARNING: \`$1' is needed, but is $msg. + You might have modified some files without having the + proper tools for further handling them. + You can get \`$1' as part of \`Autoconf' from any GNU + archive site." + + file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'` + test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'` + if test -f "$file"; then + touch $file + else + test -z "$file" || exec >$file + echo "#! /bin/sh" + echo "# Created by GNU Automake missing as a replacement of" + echo "# $ $@" + echo "exit 0" + chmod +x $file + exit 1 + fi + ;; + + bison|yacc) + echo 1>&2 "\ +WARNING: \`$1' $msg. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + rm -f y.tab.c y.tab.h + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.y) + SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.c + fi + SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" y.tab.h + fi + ;; + esac + fi + if [ ! -f y.tab.h ]; then + echo >y.tab.h + fi + if [ ! -f y.tab.c ]; then + echo 'main() { return 0; }' >y.tab.c + fi + ;; + + lex|flex) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a \`.l' file. You may need the \`Flex' package + in order for those modifications to take effect. You can get + \`Flex' from any GNU archive site." + rm -f lex.yy.c + if [ $# -ne 1 ]; then + eval LASTARG="\${$#}" + case "$LASTARG" in + *.l) + SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` + if [ -f "$SRCFILE" ]; then + cp "$SRCFILE" lex.yy.c + fi + ;; + esac + fi + if [ ! -f lex.yy.c ]; then + echo 'main() { return 0; }' >lex.yy.c + fi + ;; + + help2man) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a dependency of a manual page. You may need the + \`Help2man' package in order for those modifications to take + effect. You can get \`Help2man' from any GNU archive site." + + file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + if test -z "$file"; then + file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'` + fi + if [ -f "$file" ]; then + touch $file + else + test -z "$file" || exec >$file + echo ".ab help2man is required to generate this page" + exit 1 + fi + ;; + + makeinfo) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + # The file to touch is that specified with -o ... + file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + if test -z "$file"; then + # ... or it is the one specified with @setfilename ... + infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $infile` + # ... or it is derived from the source name (dir/f.texi becomes f.info) + test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info + fi + # If the file does not exist, the user really needs makeinfo; + # let's fail without touching anything. + test -f $file || exit 1 + touch $file + ;; + + tar) + shift + + # We have already tried tar in the generic part. + # Look for gnutar/gtar before invocation to avoid ugly error + # messages. + if (gnutar --version > /dev/null 2>&1); then + gnutar "$@" && exit 0 + fi + if (gtar --version > /dev/null 2>&1); then + gtar "$@" && exit 0 + fi + firstarg="$1" + if shift; then + case "$firstarg" in + *o*) + firstarg=`echo "$firstarg" | sed s/o//` + tar "$firstarg" "$@" && exit 0 + ;; + esac + case "$firstarg" in + *h*) + firstarg=`echo "$firstarg" | sed s/h//` + tar "$firstarg" "$@" && exit 0 + ;; + esac + fi + + echo 1>&2 "\ +WARNING: I can't seem to be able to run \`tar' with the given arguments. + You may want to install GNU tar or Free paxutils, or check the + command line arguments." + exit 1 + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and is $msg. + You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequisites for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/packaging/ipkg/conffiles b/packaging/ipkg/conffiles deleted file mode 100644 index ff0851c29..000000000 --- a/packaging/ipkg/conffiles +++ /dev/null @@ -1 +0,0 @@ -/etc/ipsec.conf diff --git a/packaging/ipkg/control-freeswan-module.dist b/packaging/ipkg/control-freeswan-module.dist deleted file mode 100644 index aec4091f1..000000000 --- a/packaging/ipkg/control-freeswan-module.dist +++ /dev/null @@ -1,8 +0,0 @@ -Package: freeswan-module -Priority: optional -Section: Communications -Version: VERSION -Architecture: ARCH -Maintainer: FreeS/WAN -Depends: freeswan -Description: FreeS/WAN ipsec.o binary module diff --git a/packaging/ipkg/control-freeswan.dist b/packaging/ipkg/control-freeswan.dist deleted file mode 100644 index 376647e6f..000000000 --- a/packaging/ipkg/control-freeswan.dist +++ /dev/null @@ -1,8 +0,0 @@ -Package: freeswan -Priority: optional -Section: Communications -Version: VERSION -Architecture: ARCH -Maintainer: FreeS/WAN -Depends: gawk libgmp -Description: FreeS/WAN daemons and userland tools diff --git a/packaging/ipkg/debian-binary b/packaging/ipkg/debian-binary deleted file mode 100644 index cd5ac039d..000000000 --- a/packaging/ipkg/debian-binary +++ /dev/null @@ -1 +0,0 @@ -2.0 diff --git a/packaging/ipkg/generate-ipkg b/packaging/ipkg/generate-ipkg deleted file mode 100755 index 5a288f34e..000000000 --- a/packaging/ipkg/generate-ipkg +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh - -# This script expects the following variables to be in the environment: -# DESTDIR -# FREESWANSRCDIR -# ARCH -# IPSECVERSION - -#set -e - -cd $DESTDIR -rm -f *.tar.gz - -mkdir -p $FREESWANSRCDIR/packaging/ipkg/ipkg -cp $FREESWANSRCDIR/packaging/ipkg/debian-binary . -cp $FREESWANSRCDIR/packaging/ipkg/conffiles . - -cat $FREESWANSRCDIR/packaging/ipkg/control-freeswan.dist | sed s/VERSION/$IPSECVERSION/ |sed s/ARCH/$ARCH/ > $FREESWANSRCDIR/packaging/ipkg/control-freeswan - -cp $FREESWANSRCDIR/packaging/ipkg/control-freeswan control - -tar -czf ./control.tar.gz ./conffiles ./control --owner=root --group=root - -tar -czf ./data.tar.gz ./* --owner=root --group=root --exclude=control.tar.gz --exclude=conffiles --exclude=control --exclude=debian-binary - -tar -czf $FREESWANSRCDIR/packaging/ipkg/ipkg/freeswan-utils-$IPSECVERSION.arm.ipk ./debian-binary ./control.tar.gz ./data.tar.gz --owner=root --group=root -mkdir -p $FREESWANSRCDIR/packaging/ipkg/kernel-module -cd $FREESWANSRCDIR/packaging/ipkg/kernel-module - -rm -f *.tar.gz -cp $FREESWANSRCDIR/packaging/ipkg/debian-binary . - -cat $FREESWANSRCDIR/packaging/ipkg/control-freeswan-module.dist | sed s/VERSION/$IPSECVERSION/ |sed s/ARCH/$ARCH/ > $FREESWANSRCDIR/packaging/ipkg/control-freeswan-module - -cp $FREESWANSRCDIR/packaging/ipkg/control-freeswan-module control - -tar czf ./control.tar.gz ./control --owner=root --group=root - -tar czf ./data.tar.gz * --owner=root --group=root --exclude=control.tar.gz --exclude=control --exclude=debian-binary - -tar czf $FREESWANSRCDIR/packaging/ipkg/ipkg/freeswan-module-$IPSECVERSION.arm.ipk ./debian-binary ./control.tar.gz ./data.tar.gz --owner=root --group=root -rm -rf $FREESWANSRCDIR/packaging/ipkg/ipkg/binaries/* -rm -rf $FREESWANSRCDIR/packaging/ipkg/ipkg/kernel-module/* diff --git a/packaging/linus/config-all.h b/packaging/linus/config-all.h deleted file mode 100644 index b34203372..000000000 --- a/packaging/linus/config-all.h +++ /dev/null @@ -1,62 +0,0 @@ -#ifndef _CONFIG_ALL_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-all.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_ALL_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - - -#endif /* _CONFIG_ALL_H */ diff --git a/packaging/makefiles/module.make b/packaging/makefiles/module.make deleted file mode 100644 index af6047362..000000000 --- a/packaging/makefiles/module.make +++ /dev/null @@ -1,5 +0,0 @@ -include ${FREESWANSRCDIR}/Makefile.inc - -KLIPS_TOP=${FREESWANSRCDIR}/linux -VPATH+=${KLIPSSRC} -include ${KLIPSSRC}/Makefile diff --git a/packaging/redhat/.cvsignore b/packaging/redhat/.cvsignore deleted file mode 100644 index 630b0ff36..000000000 --- a/packaging/redhat/.cvsignore +++ /dev/null @@ -1,12 +0,0 @@ -BUILD.athlon -BUILD.athlon-smp -BUILD.i386 -BUILD.i386-smp -BUILD.i586 -BUILD.i586-smp -BUILD.i586-up -BUILD.i686 -BUILD.i686-smp -rpms -rpm.spec -tmp.rpmbuild diff --git a/packaging/redhat/Makefile b/packaging/redhat/Makefile deleted file mode 100644 index 45f775734..000000000 --- a/packaging/redhat/Makefile +++ /dev/null @@ -1,100 +0,0 @@ -# FreeS/WAN RedHat RPM makefile -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=$(shell cd ../.. && pwd) -include ${FREESWANSRCDIR}/Makefile.inc -include ${FREESWANSRCDIR}/Makefile.ver - - -# temporary directory to be used when building RPMs, and where to put the -# resulting RPM tree -RPMKERNDIR := $(shell echo `pwd`/tmp.rpmkernel) -RPMTMPDIR=$(shell echo `pwd`/tmp.rpmbuild) -RPMDEST := $(shell echo `pwd`/rpms) - -# definitions from main Makefile that may be relevant - -KERNELKLIPS=$(KERNELSRC)/net/ipsec -KERNELCRYPTODES=$(KERNELSRC)/crypto/ciphers/des -KERNELLIBFREESWAN=$(KERNELSRC)/lib/libfreeswan -KERNELLIBZLIB=$(KERNELSRC)/lib/zlib -KERNELINCLUDE=$(KERNELSRC)/include - -MAKEUTILS=${FREESWANSRCDIR}/packaging/utils -ERRCHECK=${MAKEUTILS}/errcheck -KVUTIL=${MAKEUTILS}/kernelversion -KVSHORTUTIL=${MAKEUTILS}/kernelversion-short - - -clean: - rm -rf $(shell echo `pwd`/BUILD.*) - rm -rf ${RPMTMPDIR} - rm -rf ${RPMDEST} - rm -f $(shell echo `pwd`/rpm.spec) - -rpm: rpm_userland rpm_modules rpm.spec final_rpm - -# RPM-build userland install in temporary directory -rpm_userland: clean - mkdir -p $(RPMTMPDIR) - (cd ${FREESWANSRCDIR} && $(MAKE) programs install DESTDIR=$(RPMTMPDIR) && cd `pwd`) - for extras in README CHANGES ; do \ - cp -f $(FREESWANSRCDIR)/$$extras $(RPMTMPDIR)$(FINALEXAMPLECONFDIR)/ ; \ - done - -rpm_modules: - @if [ ! -d ${RH_KERNELSRC}/configs ]; then echo "Please fix RH_KERNELSRC in Makefile.inc (${RH_KERNELSRC})"; exit 1; fi - @KV=`${KVUTIL} $(RH_KERNELSRC)/Makefile | sed -e 's/custom//'` ; \ - MD=${RPMTMPDIR}/lib/modules/$$KV/kernel/net/ipsec; mkdir -p $$MD; \ - echo Installing into $$MD for $$KV; \ - rm -rf BUILD.*; \ - cat kernel-list.txt | while read kerneltype arch subarch; \ - do \ - mkdir -p BUILD.$$kerneltype; \ - if [ -z "$$subarch" ]; then subarch=$$arch; fi; \ - BUILDDIR=`pwd`/BUILD.$$kerneltype; \ - HERE=`pwd` ;\ - echo Building $$KV-$$kerneltype in $$BUILDDIR; \ - ${MAKE} -C ${FREESWANSRCDIR} MODBUILDDIR=$$BUILDDIR KERNELSRC=${RH_KERNELSRC} ARCH=$$arch SUBARCH=$$subarch MODULE_DEF_INCLUDE=$$HERE/config-$$kerneltype.h module;\ - cp $$BUILDDIR/ipsec.o $$MD/ipsec.o-$$kerneltype; \ - goo="`nm -ao $$BUILDDIR/ipsec.o | ${FREESWANSRCDIR}/programs/calcgoo/calcgoo`"; \ - (cd $$MD && ln -f ipsec.o-$$kerneltype $$goo); \ - done - -# build spec file for building RPMs -rpm.spec: rpm.in $(RH_KERNELSRC)/Makefile - KVORIG=`${KVUTIL} $(RH_KERNELSRC)/Makefile | sed -e 's/custom//'` ; \ - KV=`echo $$KVORIG | sed -e 's/-/_/g' ` ; \ - IPSECVERSIONFIXED=`echo ${IPSECVERSION} | sed -e 's/-/_/g'`; \ - echo KVORIG: $$KVORIG KV: $$KV IV: $$IPSECVERSIONFIXED; \ - sed -e "/@KERNELVERSION@/s;;$$KV;" \ - -e "/@KERNELVERSIONORIG@/s;;$$KVORIG;" \ - -e "/@IPSECVERSION@/s;;$$IPSECVERSIONFIXED;" \ - -e '/@PUBDIR@/s;;$(PUBDIR);' \ - -e '/@FINALBINDIR@/s;;$(FINALBINDIR);' \ - -e '/@FINALLIBDIR@/s;;$(FINALLIBDIR);' \ - -e '/@FINALCONFDDIR@/s;;$(FINALCONFDDIR);' \ - -e '/@FINALCONFDIR@/s;;$(FINALCONFDIR);' \ - -e '/@FINALEXAMPLECONFDIR@/s;;$(FINALEXAMPLECONFDIR);' \ - -e '/@MANTREE@/s;;$(MANTREE);' rpm.in > rpm.spec - -# build RPMs -final_rpm: rpm.spec - mkdir -p $(RPMDEST) - cd $(RPMDEST) ; mkdir -p SRPMS BUILD RPMS SPECS SOURCES - cd $(RPMDEST)/RPMS ; mkdir -p $(ARCH) noarch - $(RPMBUILD) -bb --define "buildroot $(RPMTMPDIR)" \ - --define "_topdir $(RPMDEST)" rpm.spec - # that has, incidentally, gotten rid of $(RPMTMPDIR) diff --git a/packaging/redhat/config-athlon-smp.h b/packaging/redhat/config-athlon-smp.h deleted file mode 100644 index 2aa764477..000000000 --- a/packaging/redhat/config-athlon-smp.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-athlon-smp.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_ATHLON_SMP_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#define __module__smp -#undef __module__up -#define __module__athlon -#define __module__athlon_smp - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_ATHLON_SMP_H_ */ - diff --git a/packaging/redhat/config-athlon.h b/packaging/redhat/config-athlon.h deleted file mode 100644 index f9d51fc01..000000000 --- a/packaging/redhat/config-athlon.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-athlon.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_ATHLON_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#undef __module__smp -#define __module__up -#define __module__athlon -#define __module__athlon_up - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_ATHLON_H_ */ - diff --git a/packaging/redhat/config-i386-smp.h b/packaging/redhat/config-i386-smp.h deleted file mode 100644 index 2971ef9e0..000000000 --- a/packaging/redhat/config-i386-smp.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-i386-smp.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_I386_SMP_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#undef __module__up -#define __module__smp -#define __module__i386 -#define __module__i386_smp - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_I386_SMP_H_ */ - diff --git a/packaging/redhat/config-i386.h b/packaging/redhat/config-i386.h deleted file mode 100644 index dd6cde171..000000000 --- a/packaging/redhat/config-i386.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-i386.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_I386_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#undef __module__smp -#define __module__up -#define __module__i386 -#define __module__i386_up - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_I386_H_ */ - diff --git a/packaging/redhat/config-i586-smp.h b/packaging/redhat/config-i586-smp.h deleted file mode 100644 index c56c55219..000000000 --- a/packaging/redhat/config-i586-smp.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-i586-smp.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_I586_SMP_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#undef __module__up -#define __module__smp -#define __module__i586 -#define __module__i586_smp - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_I586_H_ */ - diff --git a/packaging/redhat/config-i586-up.h b/packaging/redhat/config-i586-up.h deleted file mode 100644 index 54b64caf3..000000000 --- a/packaging/redhat/config-i586-up.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-i586-up.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_I586_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#undef __module__smp -#define __module__up -#define __module__i586 -#define __module__i586_up - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_I586_H_ */ - diff --git a/packaging/redhat/config-i586.h b/packaging/redhat/config-i586.h deleted file mode 100644 index 6877c9f92..000000000 --- a/packaging/redhat/config-i586.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-i586.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_I586_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#undef __module__smp -#define __module__up -#define __module__i586 -#define __module__i586_up - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_I586_H_ */ - diff --git a/packaging/redhat/config-i686-bigmem.h b/packaging/redhat/config-i686-bigmem.h deleted file mode 100644 index 4d870cbaf..000000000 --- a/packaging/redhat/config-i686-bigmem.h +++ /dev/null @@ -1,78 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-i686-bigmem.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_I686_BIGMEM_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#undef __module__up -#define __module__bigmem -#define __module__i686_bigmem - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_I686_BIGMEM_H_ */ - diff --git a/packaging/redhat/config-i686-smp.h b/packaging/redhat/config-i686-smp.h deleted file mode 100644 index 9abd7a7d1..000000000 --- a/packaging/redhat/config-i686-smp.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-i686-smp.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_I686_SMP_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#undef __module__up -#define __module__smp -#define __module__i686 -#define __module__i686_smp - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_I686_SMP_H_ */ - diff --git a/packaging/redhat/config-i686.h b/packaging/redhat/config-i686.h deleted file mode 100644 index 4e4d7b292..000000000 --- a/packaging/redhat/config-i686.h +++ /dev/null @@ -1,79 +0,0 @@ -#ifndef _CONFIG_RH_I586_H_ -/* - * Copyright (C) 2002 Michael Richardson - * - * This kernel module is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This kernel module is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - * - * RCSID $Id: config-i686.h,v 1.1 2004/03/15 20:35:27 as Exp $ - */ -#define _CONFIG_RH_I686_H_ /* seen it, no need to see it again */ - -#define CONFIG_IPSEC 1 - -#ifndef CONFIG_IPSEC_AH -#define CONFIG_IPSEC_AH 1 -#endif - -#ifndef CONFIG_IPSEC_DEBUG -#define CONFIG_IPSEC_DEBUG 1 -#endif - -#ifndef CONFIG_IPSEC_ESP -#define CONFIG_IPSEC_ESP 1 -#endif - -#ifndef CONFIG_IPSEC_IPCOMP -#define CONFIG_IPSEC_IPCOMP 1 -#endif - -#ifndef CONFIG_IPSEC_IPIP -#define CONFIG_IPSEC_IPIP 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_MD5 -#define CONFIG_IPSEC_AUTH_HMAC_MD5 1 -#endif - -#ifndef CONFIG_IPSEC_AUTH_HMAC_SHA1 -#define CONFIG_IPSEC_AUTH_HMAC_SHA1 1 -#endif - -#ifndef CONFIG_IPSEC_DYNDEV -#define CONFIG_IPSEC_DYNDEV 1 -#endif - -#ifndef CONFIG_IPSEC_ENC_3DES -#define CONFIG_IPSEC_ENC_3DES 1 -#endif - -#ifndef CONFIG_IPSEC_REGRESS -#define CONFIG_IPSEC_REGRESS 0 -#endif - -/* keep rhconfig.h from doing anything */ -#define __rh_config_h__ - -/* pick which arch we are supposed to be */ -#undef __module__smp -#define __module__up -#define __module__i686 -#define __module__i686_up - -#if defined(__module__smp) || defined(__module__BOOTsmp) || defined(__module__enterprise) || defined(__module__bigmem) -#define _ver_str(x) smp_ ## x -#else -#define _ver_str(x) x -#endif - -#define RED_HAT_LINUX_KERNEL 1 - -#endif /* _CONFIG_RH_I686_H_ */ - diff --git a/packaging/redhat/freeswan.spec b/packaging/redhat/freeswan.spec deleted file mode 100644 index 83b59fc8c..000000000 --- a/packaging/redhat/freeswan.spec +++ /dev/null @@ -1,176 +0,0 @@ -Summary: FreeS/WAN IPSEC implementation -Name: freeswan -Version: 2.04 -%define defkv %(rpm -q --qf='%{Version}-%{Release}\\n' kernel-source|tail -1) -# The default kernel version to build for is the latest of -# the installed kernel-source RPMs. -# This can be overridden by "--define 'kversion x.x.x-y.y.y'" -%{!?kversion: %{expand: %%define kversion %defkv}} -%define krelver %(echo %{kversion} | tr -s '-' '_') -# FreeS/WAN -pre/-rc nomenclature has to co-exist with hyphen paranoia -%define srcpkgver %(echo %{version} | tr -s '_' '-') -%define our_release 1fs -%define debug_package %{nil} -Release: %{our_release} -License: GPL -Url: http://www.freeswan.org/ -Source: freeswan-%{srcpkgver}.tar.gz -Group: System Environment/Daemons -BuildRoot: /var/tmp/%{name}-%{PACKAGE_VERSION}-root -%define __spec_install_post /usr/lib/rpm/brp-compress || : -BuildRequires: kernel-source = %{kversion} - -%package userland -Summary: FreeS/WAN IPSEC usermod tools -Group: System Environment/Daemons -Provides: ipsec-userland -Obsoletes: freeswan -Requires: ipsec-kernel -Release: %{our_release} - -%package doc -Summary: FreeS/WAN IPSEC full documentation -Group: System Environment/Daemons -Release: %{our_release} - -%package module -Summary: FreeS/Wan kernel module -Group: System Environment/Kernel -Release: %{krelver}_%{our_release} -Provides: ipsec-kernel -Requires: kernel = %{kversion} -# do not make the dependancy circular for now. -#Requires: ipsec-userland - -%description userland -FreeS/WAN is a free implementation of IPSEC & IKE for Linux. IPSEC is -the Internet Protocol Security and uses strong cryptography to provide -both authentication and encryption services. These services allow you -to build secure tunnels through untrusted networks. Everything passing -through the untrusted net is encrypted by the ipsec gateway machine and -decrypted by the gateway at the other end of the tunnel. The resulting -tunnel is a virtual private network or VPN. - -This package contains the daemons and userland tools for setting up -FreeS/WAN on a freeswan enabled kernel. - -%description module -This package contains only the ipsec module for the RedHat series of kernels. - -%description doc -This package contains extensive documentation of the FreeeS/WAN IPSEC -system. - -%description -A dummy package that installs userland and kernel pieces. - -%prep -%setup -q -n freeswan-%{srcpkgver} - -%build -%{__make} \ - USERCOMPILE="-g %{optflags}" \ - INC_USRLOCAL=%{_prefix} \ - MANTREE=%{_mandir} \ - INC_RCDEFAULT=%{_initrddir} \ - programs -FS=$(pwd) -mkdir -p BUILD.%{_target_cpu} -mkdir -p BUILD.%{_target_cpu}-smp - -cd packaging/redhat -for smp in -smp "" -do -%{__make} -C $FS MODBUILDDIR=$FS/BUILD.%{_target_cpu}$smp \ - FREESWANSRCDIR=$FS \ - KERNELSRC=/usr/src/linux-%{kversion} \ - ARCH=%{_arch} \ - SUBARCH=%{_arch} \ - MODULE_DEF_INCLUDE=$FS/packaging/redhat/config-%{_target_cpu}$smp.h \ - module -done - -%install -%{__make} \ - DESTDIR=%{buildroot} \ - INC_USRLOCAL=%{_prefix} \ - MANTREE=%{buildroot}%{_mandir} \ - INC_RCDEFAULT=%{_initrddir} \ - install -install -d -m700 %{buildroot}%{_localstatedir}/run/pluto -install -d %{buildroot}%{_sbindir} - -mkdir -p %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec -cp BUILD.%{_target_cpu}/ipsec.o \ - %{buildroot}/lib/modules/%{kversion}/kernel/net/ipsec - -mkdir -p %{buildroot}/lib/modules/%{kversion}smp/kernel/net/ipsec -cp BUILD.%{_target_cpu}-smp/ipsec.o \ - %{buildroot}/lib/modules/%{kversion}smp/kernel/net/ipsec - -%clean -rm -rf ${RPM_BUILD_ROOT} - -%files doc -%defattr(-,root,root) -%doc doc -%doc %{_defaultdocdir}/freeswan/ipsec.conf-sample - -%files userland -%defattr(-,root,root) -%doc BUGS CHANGES COPYING -%doc CREDITS INSTALL README -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.conf -%attr(0700,root,root) %dir %{_sysconfdir}/ipsec.d -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ipsec.d/policies/* -%config(noreplace) %{_initrddir}/ipsec -%{_libdir}/ipsec -%{_sbindir}/ipsec -%{_libexecdir}/ipsec -%doc %{_mandir}/*/* -%{_localstatedir}/run/pluto - -%files module -%defattr (-,root,root) -/lib/modules/%{kversion}/kernel/net/ipsec -/lib/modules/%{kversion}smp/kernel/net/ipsec - -%pre userland -%preun userland -if [ $1 = 0 ]; then - /sbin/service ipsec stop || : - /sbin/chkconfig --del ipsec -fi - -%postun userland -if [ $1 -ge 1 ] ; then - /sbin/service ipsec stop 2>&1 > /dev/null && /sbin/service ipsec start 2>&1 > /dev/null || : -fi - -%postun module -%post module - -%post userland -chkconfig --add ipsec - -%changelog -* Fri Aug 22 2003 Sam Sgro -- Juggling release/source package names to allow for - -pre/-rc releases to build. - -* Thu Aug 14 2003 Sam Sgro -- Reverting back to pre-x.509 version, cosmetic changes. - -* Tue May 20 2003 Charlie Brady 2.0.0-x509_1.3.2_2es -- Add "Obsoletes: freeswan" to userland RPM. - -* Fri May 16 2003 Charlie Brady 2.0.0-x509_1.3.2_1es -- Add version 1.3.2 of the x509 patch. -- Add missing /usr/libexec/ipsec dir and files. -- Minor tidy up of spec file. - -* Thu May 15 2003 Charlie Brady 2.0.0-1es -- Based on work by Paul Lahaie of Steamballoon, Michael - Richardson of freeS/WAN team and Tuomo Soini . -- Build freeswan RPMs from a single source RPM, for RedHat, but - should work on any RPM based system. diff --git a/packaging/redhat/kernel-list.txt b/packaging/redhat/kernel-list.txt deleted file mode 100644 index e24d827e1..000000000 --- a/packaging/redhat/kernel-list.txt +++ /dev/null @@ -1,9 +0,0 @@ -athlon-smp i386 i386 -athlon i386 i386 -i386-smp i386 i386 -i386 i386 i386 -i586-smp i386 i386 -i586 i386 i386 -i686-smp i386 i386 -i686-bigmem i386 i386 -i686 i386 i386 diff --git a/packaging/redhat/rpm.in b/packaging/redhat/rpm.in deleted file mode 100644 index 4ede8ebc5..000000000 --- a/packaging/redhat/rpm.in +++ /dev/null @@ -1,149 +0,0 @@ -# fairly minimal RPM spec file, does only packaging -# Based on work by Paul Lahaie of Steamballoon. -# This file is touched up by sed (in the Makefile) before it is actually used. -Summary: Kernel with FreeS/WAN -Name: freeswan -Version: @IPSECVERSION@_@KERNELVERSION@ -Release: 0 -Copyright: GPL -Source: freeswan-%{version}.tar.gz -Group: System Environment/Daemons -BuildRoot: /var/tmp/%{name}-%{PACKAGE_VERSION}-root -%define __spec_install_post /usr/lib/rpm/brp-compress || : -%define KernelVer @KERNELVERSIONORIG@ -Requires: ipsec-userland ipsec-kernel - -%package userland -Summary: Kernel with FreeS/WAN -Group: System Environment/Daemons -Provides: ipsec-userland -Requires: ipsec-kernel - -%package module -Summary: FreeS/Wan kernel module -Group: System Environment/Kernel -Provides: ipsec-kernel -# do not make the dependancy circular for now. -#Requires: ipsec-userland - -%description userland -This package contains the daemons and userland tools for setting up -FreeS/WAN on a freeswan enabled kernel. - -%description module -This package contains only the ipsec module for the RedHat series of kernels. - -%description -A dummy package that installs userland and kernel pieces. - -%prep - -%build - -%install - -%clean -rm -rf ${RPM_BUILD_ROOT} - -%files userland -%defattr(-,root,root) -@PUBDIR@/ipsec -@FINALBINDIR@/* -@FINALLIBDIR@/* -/etc/rc.d/init.d/ipsec - -%attr(0644,root,root) %config @FINALCONFDIR@/ipsec.conf -%attr(0644,root,root) %config @FINALCONFDDIR@/policies/clear -%attr(0644,root,root) %config @FINALCONFDDIR@/policies/private -%attr(0644,root,root) %config @FINALCONFDDIR@/policies/block -%attr(0644,root,root) %config @FINALCONFDDIR@/policies/private-or-clear -%attr(0644,root,root) %config @FINALCONFDDIR@/policies/clear-or-private - -%doc @MANTREE@/man3/* -%doc @MANTREE@/man5/* -%doc @MANTREE@/man8/* -%doc @FINALEXAMPLECONFDIR@/* - -%files module -%defattr (-,root,root) -/lib/modules/%{KernelVer}/kernel/net/ipsec - -%pre userland -if [ -f /etc/ipsec.conf ] -then - cp -f --backup=t /etc/ipsec.conf /etc/ipsec.conf.prerpm > /dev/null 2> /dev/null -fi - -%preun userland -sh /etc/rc.d/init.d/ipsec stop || exit 0 - -%postun module -# This is a kludge to handle the fact that ipsec.o is not deleted -# on plain jane RPM uninstall. -for i in /lib/modules/*@KERNELVERSIONORIG@* - do - mv -f --backup=t "$i"/kernel/net/ipsec/ipsec.o "$i"/kernel/net/ipsec/ipsec.o.rpmbak > /dev/null 2> /dev/null - done || exit 0 - -%post module -# Same RPM uninstall kludge. -for i in /lib/modules/*@KERNELVERSIONORIG@* - do - mv -f --backup=t "$i"/kernel/net/ipsec/ipsec.o "$i"/kernel/net/ipsec/ipsec.o.rpmbak > /dev/null 2> /dev/null - done -echo "do not forget to install the userland utilities" -exit 0 - -%post userland -chkconfig --add ipsec -echo "invoke \"service ipsec start\" or reboot to begin" - -%changelog -# -# $Log: rpm.in,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.6 2003/01/30 23:31:34 sam -# -# dhr contributed changes. still may need modification, but I'm committing -# before I leave. -# -# Revision 1.5 2003/01/14 22:03:44 sam -# include policy files in RPM. -# -# Revision 1.4 2003/01/04 07:38:11 build -# *** empty log message *** -# -# Revision 1.3 2002/12/12 05:45:41 sam -# new template file from 1.99 pulled up in part -# -# Revision 1.2.2.1 2002/12/07 23:47:22 sam -# merging in a few 1.99 rpm.in changes. -# -# Revision 1.2 2002/10/30 06:54:15 sam -# Updates to take into account lib vs libexec - so we don't miss files. -# -# Revision 1.1 2002/10/06 08:35:54 sam -# RPM template -# -# Revision 1.9 2002/06/16 21:53:49 mcr -# added missing clauses to userland section. -# -# Revision 1.8 2002/06/16 20:18:41 mcr -# 2.00 series RPM will have a "freeswan-userland" rather than -# a "freeswan-X" RPM. Among other things, it makes regexp easier -# to locate the different pieces. -# -# Revision 1.7 2002/06/11 23:10:53 mcr -# added dependancies from userland->kernel. -# cross-dependancies considered but cause too much user pain. -# -# Revision 1.6 2002/06/09 15:46:41 mcr -# move installed modules for make rpm to kernel versioned directory. -# -# Revision 1.5 2002/04/11 02:50:30 mcr -# added %post to make ipsec start, and %post to shut it down. -# added %changelog as well. -# -# diff --git a/packaging/utils/backup b/packaging/utils/backup deleted file mode 100755 index 0c860c280..000000000 --- a/packaging/utils/backup +++ /dev/null @@ -1,80 +0,0 @@ -#! /bin/sh -# make backup of FreeSwan repository -# -l local build only, do not transmit - -#scphost=freeswan@xs1.xs4all.nl -scphost=henry@adams.freeswan.org -scpdir=backup -pfile=~freeswan/etc/relpass -ppfile=~freeswan/etc/bpp - -PATH=/bin:/usr/bin -export PATH -umask 077 - -tmpdir=~freeswan/tmp -tarname=freeswan.tar - -. ~freeswan/setup - -cd $tmpdir -rm -f $tarname $tarname.gz -touch $tarname - -cd ~freeswan -tar -cf $tmpdir/$tarname `ls -a | - egrep -v '^(\.|\.\.|archive|\.nobak|\.ssh|\.ssh2|tmp)$'` - -cd $tmpdir -gzip -9 $tarname -ls -l $tarname.gz - -if test " $1" = " -l" -then - exit 0 -fi - -echo updating >notice - -date -expect -nN -c " - set scphost $scphost - set scpdir $scpdir - set pfile $pfile - set ppfile $ppfile - set tarname $tarname - "' - # canned procedure for scp copying - proc scp {from to} { - global p scphost scpdir - spawn scp2 -p -q $from $scphost:$scpdir/$to - set timeout -1 - expect { - "word:" { - set fname $pfile - # fall out - } - {":} { - set fname $ppfile - # fall out - } - eof { - puts "eofed!" - return - }} - sleep 3 - set f [open $fname r] - set p [read $f] - close $f - send "$p\r" - expect "\n" - expect eof - wait - } - - scp notice $tarname.gz - scp $tarname.gz $tarname.gz - # done' -date - -rm -f $tarname.gz diff --git a/packaging/utils/branch b/packaging/utils/branch deleted file mode 100755 index 2c13d4b6a..000000000 --- a/packaging/utils/branch +++ /dev/null @@ -1,70 +0,0 @@ -#! /bin/sh -# branch release - -PATH=/bin:/usr/bin ; export PATH -umask 022 - -. $HOME/freeswan-regress-env.sh - -case "$1" in -*.*) ;; -*) echo "Usage: $0 release [file...]" >&2 ; exit 2 ;; -esac - -rel="$1" -shift -tr="`echo $rel | tr '.' '_'`" -pre=PRE$tr -base=BASE$pre - -echo "generating key for branch" -SNAPPGP=$SNAPSHOTSIGDIR/$base -# Note: PGPPATH is limited to 50 characters. -PGPPATH=$SNAPPGP export PGPPATH -mkdir -p $PGPPATH -touch $PGPPATH/pgpdoc1.txt -touch $PGPPATH/pgpdoc2.txt - -if [ ! -f $PGPPATH/secring.pgp ] -then - echo "Please set userid to ''$PGPPATH" - pgp -kg - - echo -n "Please insert release key floppy for signature" - read ans - mount /mnt/build - PGPPATH=/mnt/build/freeswan export PGPPATH - - echo "Now signing key - please answer yes." - pgp $SNAPPGP/pubring.pgp - - echo Please put key in $SNAPPGP/signedkey.asc - pgp -kxa build+snap$tr@freeswan.org - - umount /mnt/build - -fi - -if [ ! -f snapshotsigs.pgp ] -then - PGPPATH=$SNAPPGP export PGPPATH - echo "Now importing key" - pgp $SNAPPGP/signedkey.asc - - cp $SNAPPGP/signedkey.asc snapshotsigs.pgp - cvs add snapshotsigs.pgp - cvs commit -m"Signing key for $rel" snapshotsigs.pgp -fi - -echo -n "PGP finished, now budding, press enter" -read ans - -echo "budding..." -rm -f Makefile.ver -cvs tag $opt -c $base $* -echo -echo "branching..." -cvs tag $opt -b -r $base $pre $* - - - diff --git a/packaging/utils/canrel b/packaging/utils/canrel deleted file mode 100755 index 567ce96a8..000000000 --- a/packaging/utils/canrel +++ /dev/null @@ -1,55 +0,0 @@ -#! /bin/sh -# canrel [-F] release -# -F means override previous run -# current versions in the repository are used -# must be run in a release-branch CVS working directory with current top/* - -PATH=/bin:/usr/bin ; export PATH -umask 022 - -. ~build/freeswan-regress-env.sh - -opt= -case "$1" in --F) opt=-F ; shift ;; -esac - -case "$#:$1" in -1:*.*) ;; -*) echo "Usage: $0 release" >&2 ; exit 2 ;; -esac - -rel="$1" -pretag="PRE`echo $rel | tr '.' '_'`" -rtag="R`echo $rel | tr '.' '_'`" - -sed '1s/xxx/'"$rel"'/' README >README.$$ -if cmp -s README README.$$ -then - : already current, for some reason - rm -f README.$$ -else - mv README.$$ README - cvs -Q commit -m "update for release $rel" README -fi -sed '/=.*/s//='"$rel"'/' Makefile.ver >mversion.$$ -if cmp -s Makefile.ver mversion.$$ -then - : already current, for some reason - rm -f mversion.$$ -else - mv mversion.$$ Makefile.ver - cvs -Q commit -m "update for release $rel" Makefile.ver -fi -sed '1s/xxx/'"$rel"'/' CHANGES >CHANGES.$$ -if cmp -s CHANGES CHANGES.$$ -then - : already current, for some reason - rm -f CHANGES.$$ -else - mv CHANGES.$$ CHANGES - cvs -Q commit -m "update for release $rel" CHANGES -fi -cd .. - -cvs rtag $opt -r $pretag $rtag all diff --git a/packaging/utils/disttools.pl b/packaging/utils/disttools.pl deleted file mode 100644 index 4ea8db61d..000000000 --- a/packaging/utils/disttools.pl +++ /dev/null @@ -1,357 +0,0 @@ -#!/usr/bin/perl - -# -# $Id: disttools.pl,v 1.1 2004/03/15 20:35:27 as Exp $ -# -# $Log: disttools.pl,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.13 2003/06/17 22:30:06 build -# adjusted userid to pick -# use key that is offline. -# -# Revision 1.12 2002/09/30 16:02:17 mcr -# added handling for date stamp. -# -# Revision 1.11 2002/08/30 01:30:25 mcr -# changed code to write maintain local copy of FTP site, -# and rsync things up when needed. -# -# Revision 1.10 2002/07/29 05:13:33 mcr -# append .gz to patch files before they are signed. -# -# Revision 1.9 2002/07/29 04:02:21 mcr -# removed errant ) from tar copy line. -# -# Revision 1.8 2002/07/29 03:57:59 mcr -# produce kernel patches as part of the snapshots, candidates -# and releases. -# -# Revision 1.7 2002/06/07 18:23:49 mcr -# adjusted sendfiles to use tar to copy rather than scp. -# mkcand now prints usage if you don't give it enough arguments. -# It also now updates the "CANDIDATE" symlink. -# mksnap properly quotes the wildcards in the -name for find. -# -# Revision 1.6 2002/06/03 03:10:58 mcr -# "upload" now takes argument to indicate name to -# install/upload for the symlink. -# -# Revision 1.5 2002/06/03 02:19:40 mcr -# fixed bug in datelettername() - y/sed was not applied to $let, -# but to $_. -# -# Revision 1.4 2002/06/03 02:14:16 mcr -# die statements are now numbered for easier backtracking. -# candidate checks are now done if $candidate arg=1: edit README -# and CHANGES file for mkcand. -# -# Revision 1.3 2002/05/30 23:24:22 mcr -# working "mksnap" and disttools.pl. -# -# Revision 1.2 2002/05/30 22:20:56 mcr -# initial debugging done. -# -# Revision 1.1 2002/05/30 21:24:00 mcr -# perl-ified mksnap. -# -# - -@supportedkernels=("2.0", "2.2", "2.4"); - -sub nicesystem { - if($debug) { - print STDERR "System: ",join(' ',@_)."\n"; - } - system(@_); - if($? == 0) { - return 1; - } else { - return 0; - } -} - -sub kpatchname { - local($pkgname, $ver)=@_; - local($name); - - $name = $pkgname.".k".$ver.".patch"; - return $name; -} - - -sub datelettername { - @MoY = ('jan','feb','mar','apr','may','jun', - 'jul','aug','sep','oct','nov','dec'); - - $letters="abcdefghjklmnpqrstuvwxyz"; - - ($sec, $min, $hour, $mday, $mon, $year) = gmtime(time); - - $let=substr($letters, $hour-1, 1); - if($min >= 30) { - $let =~ y/a-z/A-Z/; - } - - if($year < 1900) { - $year += 1900; - } - - $ver=sprintf("%04d%s%02d%s", $year, $MoY[$mon], $mday, $let); - $ver; -} - -sub snapname { - local($prefix)=@_; - $snapname=$prefix.&datelettername; - $snapname; -} - -sub suckvars { - $envvar=$ENV{'HOME'}."/freeswan-regress-env.sh"; - - if(-f $envvar) { - - open(SHVARS, $envvar) || die "001: Can not open $envvar: $!\n"; - while() { - chop; - next if (/^\#/); - - if(/(\S+)\=(\S+)/) { - $var=$1; - $value=$2; - - $ENV{$var}=$value; - } - } - close(SHVARS); - } -} - -sub defvar { - local($var,$value)=@_; - - if(!defined($ENV{$var})) { - $ENV{$var}=$value; - } -} - -sub defvars { - &defvar('BTMP', '/btmp'); - if($ENV{'DEBUGFREESWANDIST'}) { - $debug=$ENV{'DEBUGFREESWANDIST'}; - } -} - -sub setuppgp { - local($lastrel)=@_; - - $lastrel =~ y/\./\_/; - - $ENV{'PGPPATH'}=$ENV{'SNAPSHOTSIGDIR'}."/BASEPRE$lastrel"; - $ENV{'PGPNAME'}="build+snap".$lastrel."\@freeswan.org"; -} - -sub dopgpsig { - local($pkgname)=@_; - - local($tarfile); - $tarfile=$pkgname.".tar"; - - $userid=$ENV{'PGPNAME'}; - &nicesystem("pgp -sba $tarfile.gz -u $userid -o $tarfile.gz.sig") || die "002: PGP failed: $?\n"; - &nicesystem("chmod a+r $tarfile.gz.sig"); - - foreach $ver (@supportedkernels) { - $file=&kpatchname($pkgname,$ver).".gz"; - &nicesystem("pgp -sba $file -u $userid -o $file.sig") || die "002: PGP failed: $?\n"; - &nicesystem("chmod a+r $file.sig"); - } -} - - -# this function now does two things: -# 1) makes the tar file of old -# 2) makes the kernel patch file of new. -# - -sub makedisttarfile { - local($tmpdir, $pkgname, $vername, $dirname, $date, $relopt, $candidate)=@_; - local($file); - - &nicesystem("mkdir -p $tmpdir") || die "003: Can not mkdir $tmpdir\n"; - chdir($tmpdir) || die "004: makedisttarfile: Can not chdir to $tmpdir\n"; - - # nuke anything that was there before - &nicesystem("rm -rf $dirname"); - - if(defined($date) && $date ne '') { - $minusD="-D \"${date}\""; - } - - print "cvs -Q export $minusD ${relopt} -d ${dirname} freeswan\n"; - - &nicesystem("cvs -Q export $minusD ${relopt} -d ${dirname} freeswan") || die "005: CVS failed!\n"; - - chdir($dirname) || die "006: Can not chdir to $dirname\n"; - - open(VERSIONFILE, ">Makefile.ver") || die "007: failed to open Makefile.ver\n"; - print VERSIONFILE "IPSECVERSION=".$vername."\n"; - close(VERSIONFILE); - - if($candidate) { - open(README, "README") || die "008: Can not edit README: $!\n"; - $nreadme="README.$$"; - open(NREADME, ">$nreadme") || die "009: Can not write README: $!\n"; - $lines=1; - while() { - if($lines == 1) { - s/xxx/$vername/; - } -# if(/^---$/) { -# print STDERR "README not ready, run prepcand first\n"; -# die; -# } - $lines++; - print NREADME; - } - close(NREADME); - close(README); - unlink("README") || die "010: Can not remove README: $!\n"; - rename("$nreadme", "README") || die "011: Can not rename $nreadme to README: $!\n"; - - # now edit CHANGES file - open(CHANGES, "CHANGES") || die "012: Can not edit README: $!\n"; - $nchanges="CHANGES.$$"; - open(NCHANGES,">$nchanges") || die "013: Can not write README: $!\n"; - $lines=1; - while() { - if($lines == 1) { - if(/since last release/) { - die "CHANGES not ready, run prepcand first"; - } - s/xxx/$vername/; - } - $lines++; - print NCHANGES; - } - close(NCHANGES); - close(CHANGES); - unlink("CHANGES") || die "014: Can not remove CHANGES: $!\n"; - rename("$nchanges", "CHANGES") || die "015: Can not rename $nreadme to README: $!\n"; - } - - &nicesystem("make -f dtrmakefile -s snapready") || die "016: failed to make snapshot ready for distribution: $?\n"; - - chdir("..") || die "017: failed to go to parent dir: $!\n"; - - unlink("$pkgname.tar"); - unlink("$pkgname.tar.gz"); - unlink("$pkgname.tar.gz.md5"); - - &nicesystem("tar -cf $pkgname.tar $dirname") || die "018: Failed to tar file: $?\n"; - - # make the kernelpatch for each of 2.0, 2.2, and 2.4. - foreach $ver (@supportedkernels) { - $file=&kpatchname($pkgname,$ver); - &nicesystem("make -C $dirname kernelpatch$ver >$file"); - &nicesystem("gzip -9 $file"); - } - - &nicesystem("rm -rf $dirname") || warn "failed to cleanup $dirname\n"; - - &nicesystem("gzip -9 $pkgname.tar") || die "019: gzip died: $?\n"; - - &nicesystem("ls -l $pkgname.tar.gz"); - - &nicesystem("md5sum $pkgname.tar.gz >$pkgname.tar.gz.md5"); - &nicesystem("chmod a+r $pkgname.tar.gz"); -} - -sub sendfiles { - local(@thefiles)=@_; - - local($file, $localroot); - -if($ENV{'DEV_DIR'}) { $localroot=$ENV{'DEV_DIR'}; } else { $localroot=$ENV{'LOCAL_ARCHIVE'}; } - - foreach $file (@thefiles) { - $dir=$file; - if(!($dir =~ s,(.*)/([^/]*),\1,)) { - $dir="."; - } else { - $file=$2; - } - - &nicesystem("tar -C $dir -c -f - $file | tar -C ${localroot} -x -f -"); - } -} - - -sub remotecmd { - local($cmd)=@_; - - $distuser=$ENV{'DISTUSER'}; - $disthost=$ENV{'DISTHOST'}; - $distdir =$ENV{'DISTDIR'}; - $ssh =$ENV{'ssh'}; - - &nicesystem("$ssh -l $distuser $disthost '$cmd'"); -} - - -sub upload { - local($pkgname, $symlinkname)=@_; - - local($localroot); - -if($ENV{'DEV_DIR'}) { $localroot=$ENV{'DEV_DIR'}; } else { $localroot=$ENV{'LOCAL_ARCHIVE'}; } - - &sendfiles("$pkgname.tar.gz", - "$pkgname.tar.gz.sig", - "$pkgname.tar.gz.md5"); - - foreach $ver (@supportedkernels) { - $file=&kpatchname($pkgname,$ver).".gz"; - &sendfiles($file, "$file.sig"); - } - - if(defined($symlinkname)) { - &sendfiles($symlinkname.".tar.gz.md5"); - &nicesystem("cd $localroot && ln -f -s $pkgname.tar.gz $symlinkname.tar.gz && ln -f -s $pkgname.tar.gz.sig $symlinkname.tar.gz.sig"); - - foreach $ver (@supportedkernels) { - $file=&kpatchname($pkgname,$ver); - $newname=&kpatchname($symlinkname,$ver); - &nicesystem("cd $localroot && ln -f -s $file.gz $newname.gz && ln -f -s $file.gz.sig $newname.gz.sig"); - } - - } -} - -sub upsync { - - local($localroot, $distuser, $disthost, $distdir, $spoolhost, $spooluser); - local($masterhost, $masteruser, $masterdir); - - $localroot=$ENV{'LOCAL_ARCHIVE'}; - $distuser=$ENV{'DISTUSER'}; - $disthost=$ENV{'DISTHOST'}; - $distdir =$ENV{'DISTDIR'}; - $ssh =$ENV{'ssh'}; - $masterhost = $ENV{'MASTERHOST'}; - $masteruser = $ENV{'MASTERUSER'}; - $masterdir = $ENV{'MASTERDIR'}; - - # sync stuff to distribution site. - &nicesystem("rsync -e $ssh -r --delete -a -v -c $localroot/ $masteruser\@$masterhost:$masterdir/"); - - # sync stuff to xs4all site. - &nicesystem(print "rsync -e $ssh -r --delete -a -v -c $localroot/ $distuser\@$disthost:$distdir/"); - &nicesystem("rsync -e $ssh -r --delete -a -v -c $localroot/ $distuser\@$disthost:$distdir/"); - -} - -1; - diff --git a/packaging/utils/errcheck b/packaging/utils/errcheck deleted file mode 100755 index 1a1ab5037..000000000 --- a/packaging/utils/errcheck +++ /dev/null @@ -1,40 +0,0 @@ -#! /bin/sh -# internal utility for testing kernel make output for errors -# Copyright (C) 1998, 1999 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: errcheck,v 1.1 2004/03/15 20:35:27 as Exp $ - -# the errors.[och] stuff is for math emulation -# the HiSax nonsense is due to a Red Hat 5.2 botch -# RH7.2 "make dep" builds stuff in drivers/macintosh (!!) using -# Red Hat's 2.2.19 whines about function read_rx_long_length_errors in e100.c -# 2.4.18: 53c700.h:40:2: #error "Config.in must define either CONFIG_53C700_IO_MAPPED or CONFIG_53C700_MEM_MAPPED to use this scsi core." -oops="`sed -e 's/-Werror/-Weror/g' \ - -e '/errors*\.[och]/s/errors*\./eror./g' \ - -e '/scsi_error/s//scsi_eror/' \ - -e '/KBUILD_BASENAME=errors/s/errors/eror/g' \ - -e '/#error .HiSax: No cards configured/s/error/eror/' \ - -e '/#error . should never be used/s/error/eror/' \ - -e '/53c700.h:[0-9:]* #error "Config.in must define either CONFIG_53C700_IO_MAPPED or CONFIG_53C700_MEM_MAPPED to use this scsi core."/s/error/eror/' \ - -e '/^e100.c: In function/s/length_errors/length_erors/' $* | - egrep -i 'error|\*\*\*' | egrep -v ': warning:'`" -if test " $oops" != " " -then - echo - echo "***ERRORS DETECTED in $* (examine file for details):" - echo "$oops" - echo - exit 1 -else - exit 0 -fi diff --git a/packaging/utils/kernel.patch.gen.sh b/packaging/utils/kernel.patch.gen.sh deleted file mode 100644 index 0bc726dd1..000000000 --- a/packaging/utils/kernel.patch.gen.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -# -# RCSID $Id: kernel.patch.gen.sh,v 1.1 2004/03/15 20:35:27 as Exp $ - -patchdir=`pwd` -kernelsrc=/usr/src/linux -[ "$1~" = "~" ] || kernelsrc=$1 -cd $kernelsrc -# clean out destination file for all patch -#echo "">$patchdir/all - -# find files to patch and loop -for i in `find . -name '*.preipsec'` -do - -# strip off '.preipsec' suffix -j=${i%.preipsec} - -# strip off './' prefix -k=${j#\.\/} - -# single unified diff -#diff -u $i $j >>$patchdir/all - -# convert '/' in filename to '.' to avoid subdirectories -sed -e 's/\//\./g' << EOI > /tmp/t -$k -EOI -l=`cat /tmp/t` -rm -f /tmp/t - -# *with* path from source root -#echo do diff -u $i $j '>' $patchdir/$l -echo found $i -echo "RCSID \$Id: kernel.patch.gen.sh,v 1.1 2004/03/15 20:35:27 as Exp $" >$patchdir/$l -diff -u $i $j >>$patchdir/$l - -done - -# -# $Log: kernel.patch.gen.sh,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.6 2002/04/25 17:04:16 mcr -# resurrected kernel.patch.gen.sh -# -# Revision 1.4 1999/04/06 04:54:30 rgb -# Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes -# patch shell fixes. -# -# diff --git a/packaging/utils/kerneldiff b/packaging/utils/kerneldiff deleted file mode 100755 index 5cd4f73e2..000000000 --- a/packaging/utils/kerneldiff +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - -# wander through a FreeSWAN linux directory, comparing each file to -# a corresponding file in the argument $KERNELSRC directory, creating -# a diff that can be used to update the FreeSWAN source tree. -# -# This script is useful if you have used "make kernelpatch" to patch -# a kernel, and then had to edit the source code in the kernel tree. -# -# $Id: kerneldiff,v 1.1 2004/03/15 20:35:27 as Exp $ -# - -KERNELSRC=$1 -shift - -(cd linux && find . -type f -print) | grep -v CVS | egrep -v './Makefile' | while read file -do - base=`basename $file` - case $base in - .cvsignore) ;; - .*.o.flags) ;; - *.o) ;; - *~) ;; - *.$patchname.patch) ;; - *.patch) ;; - *.orig) ;; - *.rej) ;; - version.c);; - *) diff -u linux/$file $KERNELSRC/$file ;; - esac -done - -exit 0 - - diff --git a/packaging/utils/kernelpatch b/packaging/utils/kernelpatch deleted file mode 100755 index d2b8e86f1..000000000 --- a/packaging/utils/kernelpatch +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh - -# wander through a FreeSWAN linux directory, creating a patch file (to stdout) -# that will apply the code to a kernel source directory. -# -# $Id: kernelpatch,v 1.1 2004/03/15 20:35:27 as Exp $ -# - -KERN=$1 -shift - -case $KERN in - 2.0) patchname=fs2_0;; - 2.2) patchname=fs2_2;; - 2.4) patchname=fs2_4;; - 2.5) patchname=fs2_5;; - *) echo "Invalid kernel patch target: $KERN"; exit 1;; -esac - -# make sure that sort gets the right locale. -LANG=C export LANG -LC_ALL=C export LC_ALL - - -find linux -type f -print | grep -v CVS | egrep -v 'linux/Makefile' | sort | while read file -do - base=`basename $file` - case $base in - TAGS) ;; - tags) ;; - .cvsignore) ;; - .*.o.flags) ;; - .\#*);; - *.o) ;; - *~) ;; - tagsfile.mak) ;; - *.$patchname.patch) cat $file;; - *.patch) ;; - *) diff -u /dev/null $file;; - esac -done - -# -# finally, we have to produce a diff for linux/net/linux/Makefile.ver, -# a file which is generated at runtime, so there is nothing in CVS. -# -echo '--- /dev/null Fri May 10 13:59:54 2002' -echo '+++ linux/net/ipsec/Makefile.ver Sun Jul 28 22:10:40 2002' -echo '@@ -0,0 +1 @@' -echo -n '+' -grep IPSECVERSION Makefile.ver - -exit 0 - - diff --git a/packaging/utils/kernelversion b/packaging/utils/kernelversion deleted file mode 100755 index a021398af..000000000 --- a/packaging/utils/kernelversion +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh -# determine kernel version code, mostly for use in RPM building - -awk 'BEGIN { FS = " *= *" } - NF != 2 { next } - $1 == "VERSION" { maj = $2 } - $1 == "PATCHLEVEL" { mid = $2 } - $1 == "SUBLEVEL" { min = $2 } - $1 == "EXTRAVERSION" { ext = $2 } - END { print maj "." mid "." min ext }' $* diff --git a/packaging/utils/kernelversion-short b/packaging/utils/kernelversion-short deleted file mode 100755 index 677f7b4da..000000000 --- a/packaging/utils/kernelversion-short +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/sh -# determine kernel version code, mostly for use in RPM building - -awk 'BEGIN { FS = " *= *" } - NF != 2 { next } - $1 == "VERSION" { maj = $2 } - $1 == "PATCHLEVEL" { mid = $2 } - END { print maj "." mid }' $* diff --git a/packaging/utils/manlink b/packaging/utils/manlink deleted file mode 100755 index 84e6031b2..000000000 --- a/packaging/utils/manlink +++ /dev/null @@ -1,74 +0,0 @@ -#! /bin/sh -# -# $Id: manlink,v 1.1 2004/03/15 20:35:27 as Exp $ -# -# make list of alternate names for manpages - -PATH=/bin:/usr/bin ; export PATH -usage="$0 manpage ..." - -for m -do - bm=`basename $m` - if test ! -f $m - then - echo "$0: cannot find \`$m'" >&2 - exit 1 - fi - suf=$(expr $bm : '.*\([.][^.][^.]*\)$') - - # a .\"+ line rules - them=$(awk '/^\.\\"\+[ ]/ { for (i = 2; i <= NF; i++) print $i }' $m) - - # otherwise, try to intuit the list of names from the NAME section - if test " $them" = " " - then - them=$( awk '/^\.SH[ \t]+NAME/,/^\.SH[ \t]+[^N]/' $m | - egrep -v '^\.' | tr ' ,' ' ' | - sed -n '/ *\\*- *.*/s///p' | tr -s ' ' '\012' | - egrep -v '^ipsec$' ) - fi - - # do it - for f in $them - do - case $f in - ipsec*) ff="$f" ;; # ipsec.8, ipsec.conf.5, etc. - *) ff="ipsec_$f" ;; - esac - case $ff in - *.[1-8]) ;; - *) ff="$ff$suf" ;; - esac - #echo "Q: $bm FF: $ff" >&2 - if [ " $ff" != " $bm" ] && [ " $ff" != " ipsec_$bm" ] - then - echo $bm $ff - fi - done -done - -# -# $Log: manlink,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.8 2002/09/17 20:17:16 sam -# -# The "make doc" fix broke "make install" silently; some man page symlinks -# were being linked incorrectly. This resulted in files which passed the make -# install test but linked to nothing. -# -# Revision 1.7 2002/08/07 06:23:35 sam -# -# freeswan/packaging/utils/manlink -# -# Revision 1.6 2002/05/06 21:20:24 mcr -# manlink -n idea is a fail. It depended upon being able to -# read the man page at the installed location, which isn't going -# to work consistently. manlink now just generates a list of links -# that should be made, leaving the Makefile script to decide what -# to do with them. Further, it now processes the files found in the -# repository, rather than the ones installed. -# -# diff --git a/packaging/utils/maysnap b/packaging/utils/maysnap deleted file mode 100755 index 9685c1d20..000000000 --- a/packaging/utils/maysnap +++ /dev/null @@ -1,41 +0,0 @@ -#! /bin/sh -# consider making snapshot of FreeSwan code - -who=mcr -USER=build export USER - -. ~build/freeswan-regress-env.sh - -umask 022 - -cd ~build/WANTSNAP - -if test ! -f dosnap -then - exit 0 -fi - -set -x - -if test -f doingsnap -then - echo "snapshot already in progress" | mail -s "snapshot averted" $who - exit 0 -fi - -echo $$ >doingsnap -sort -u dosnap >/tmp/snap$$ -echo === >>/tmp/snap$$ -if ~build/bin/mksnap -S >>/tmp/snap$$ 2>&1 -then - #if ~build/bin/mksnap -r 1.97 -p pre1.98 >>/tmp/snap$$ 2>&1 - #then - rm -f dosnap - #fi -fi - -mail -s "snapshot report $reqd" $who doingtest -sort -u doingtest >/tmp/nightly$$ -echo === >>/tmp/test$$ -if ~build/bin/nightly.sh >>/tmp/snap$$ 2>&1 -then - rm -f doingtest - rm -f dotest -fi - -mail -s "nightly test report $reqd" $who CANDIDATE.tar.gz.md5") || die "failed to md5sum of CANDIDATE.tar.gz: $?\n"; - -&dopgpsig($pkgname); - -&nicesystem("pgp -kxa $ENV{'PGPNAME'} $pkgname.tar.gz.pgpkey && chmod +r $pkgname.tar.gz.pgpkey.asc"); - -if($transmit) { - system("date"); - - local($snapprefix); - - &upload($pkgname); - - if($symlink) { - &sendfiles("CANDIDATE.tar.gz.md5"); - - &remotecmd("cd ".$ENV{'DISTDIR'}." && ln -f -s $pkgname.tar.gz CANDIDATE.tar.gz && ln -f -s $tarname.gz.sig CANDIDATE.tar.gz.sig"); - - foreach $ver (@supportedkernels) { - &remotecmd("cd ".$ENV{'DISTDIR'}." && ln -f -s $pkgname$ver.patch.gz CAND.KERN$ver.gz && ln -f -s $tarname.gz.sig CAND.KERN$ver.gz.sig"); - } - } - - print "Cleaning up old candidates\n"; - - local($file, $localroot); - - $localroot=$ENV{'DEV_DIR'}; - &nicesystem("cd $localroot && find . -mtime +3 | grep 'freeswan-cand$snapprefix' | xargs rm"); - - &upsync; - - system("date"); -} - diff --git a/packaging/utils/mkrel b/packaging/utils/mkrel deleted file mode 100755 index 3182d9d06..000000000 --- a/packaging/utils/mkrel +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/perl -# mkcand m.nn -# package candidate, leaving it in tmp directory - -require($ENV{'HOME'}."/bin/disttools.pl"); - -&defvars; -&suckvars; - -umask(022); - -$localdir=$ENV{'HOME'}."/archive"; - -$tmpdir=$ENV{'BTMP'}."/".$ENV{'USER'}."/snapshots"; - -$transmit=1; -$snapprefix=""; -$tarinfix=""; -$date=""; -$lastrel=$ENV{'LASTREL'}; - -sub usage { - print STDERR "mkrel:\n"; - print STDERR "\t-l do not transmit\n"; - print STDERR "\t-p name set release name\n"; - print STDERR "\t-r rel set release branch\n"; -} - -while(@ARGV) { - $_=shift; - - if(/^-l/) { - $transmit=0; - - } elsif(/^-S/) { - $symlink=1; - - } elsif(/^-p/) { - $rel=shift; - $snapprefix="pre$rel-"; - - } elsif(/^-r/) { - $arg=shift; - ($lastrel=$arg) =~ y/\./\_/; - $relopt="-r PRE${lastrel}" - - } else { - &usage; - exit; - } -} - -if(!defined($relopt) || - !defined($rel)) { - &usage; - exit; -} - -$dirname="freeswan-".$rel; -$pkgname="freeswan-".$rel; -$tarname=$pkgname.".tar"; -$vername=$rel; - -&nicesystem("mkdir -p $tmpdir"); -print "BUILDING release $rel in $dirname\n"; -if($transmit) { - print "WILL TRANSMIT TO $ENV{'DISTHOST'}\n" -} else { - print "WILL NOT TRANSMIT\n"; -} - -$ENV{'PGPPATH'}="/mnt/build/freeswan"; -$ENV{'PGPNAME'}="build\@freeswan.org"; - -&makedisttarfile($tmpdir, $pkgname, $vername, $dirname, $date, $relopt, 1); - -print "Please insert release key floppy for signature"; -$ans=; -system("mount /mnt/build"); -&dopgpsig($pkgname); -system("umount /mnt/build"); - -if($transmit) { - print "Now transmitting to XS4all\n"; - print "Starting on: "; - system("date"); - - &upload($pkgname); - - &upsync; - - print "Finished on: "; - system("date"); -} - diff --git a/packaging/utils/mksnap b/packaging/utils/mksnap deleted file mode 100755 index 4f336fc7a..000000000 --- a/packaging/utils/mksnap +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/perl -# make snapshot of FreeSwan code -# -l local build only, do not transmit -# -p nn pre-nn version (where nn is a release like 1.00) -# -d ddd build as of date ddd (implies -l) - -require($ENV{'HOME'}."/bin/disttools.pl"); - -&defvars; -&suckvars; - -umask(022); - -$localdir=$ENV{'HOME'}."/archive"; -$ENV{'DEV_DIR'}=$localdir."/development"; - -if(!defined($ENV{'USER'})) { - $ENV{'USER'}="build"; -} - -$tmpdir=$ENV{'BTMP'}."/".$ENV{'USER'}."/snapshots"; - -$transmit=1; -$symlink=0; -$snapprefix=""; -$tarinfix=""; -$relopt=""; -$date="now"; -$lastrel=$ENV{'LASTREL'}; -$lastrel =~ y/\./\_/; - -while(@ARGV) { - $_=shift; - - if(/^-l/) { - $transmit=0; - - } elsif(/^-D/) { - $debug++; - - } elsif(/^-S/) { - $symlink=1; - - } elsif(/^-p/) { - $arg=shift; - $snapprefix="$arg-"; - - } elsif(/^-r/) { - $arg=shift; - ($lastrel=$arg) =~ y/\./\_/; - $relopt="-r PRE${lastrel}" - -# } elsif(/^-d/) { -# $arg=shift; -# $transmit=0; -# $date=$arg; - - } else { - print STDERR "mksnap:\n"; - print STDERR "\t-l do not transmit\n"; - print STDERR "\t-p stuff set snapshot prefix\n"; - print STDERR "\t-r rel set release branch\n"; - print STDERR "\t-d date set snapshot date\n"; - exit; - } -} - -$snapname=&snapname($snapprefix); - -#if($date ne "now") { -# $snapname="`echo $date | tr -d ' :'`" ;; -#} - -$dirname="freeswan-snap".$snapname; -$pkgname="snapshot-".$snapname; -$tarname=$pkgname.".tar"; - -&nicesystem("mkdir -p $tmpdir"); -print "BUILDING snapshot $dirname\n"; -if($transmit) { - print "WILL TRANSMIT TO $ENV{'DISTHOST'}\n" -} else { - print "WILL NOT TRANSMIT\n"; -} - -&setuppgp($lastrel); - -&makedisttarfile($tmpdir, $pkgname, "$lastrel_$snapname", $dirname, $date, $relopt, 0); - -unlink("snapshot.tar.gz"); -&nicesystem("ln -s $tarname.gz snapshot.tar.gz") || die "failed to symlink to snapshot.tar.gz: $?\n"; -&nicesystem("md5sum snapshot.tar.gz >snapshot.tar.gz.md5") || die "failed to md5sum of snapshot.tar.gz: $?\n"; - -&dopgpsig($pkgname); - -if($transmit) { - system("date"); - - &upload($pkgname, "snapshot"); - - print "Cleaning up old snapshots\n"; - - local($file, $localroot); - - $localroot=$ENV{'DEV_DIR'}; - - &nicesystem("cd $localroot && find . -name \"snapshot-*\" -print | grep -v $pkgname | xargs -r rm --"); - - &upsync; - - system("date"); -} - - diff --git a/packaging/utils/mvcand b/packaging/utils/mvcand deleted file mode 100755 index 6e29bc490..000000000 --- a/packaging/utils/mvcand +++ /dev/null @@ -1,62 +0,0 @@ -#! /bin/sh -# mvcand -# move packaged candidate to distribution site (password supplied manually) - -PATH=/bin:/usr/bin -export PATH -umask 022 - -. $HOME/freeswan-regress-env.sh - -localplace=~build/archive -site=freeswan@xs4.xs4all.nl -place=FTP -linkname=CANDIDATE.tar -ssh=/usr/bin/ssh -scp=/usr/bin/scp - -localonly= -remove=yes -for dummy -do - case "$1" in - -l) localonly=yes ;; - -k) remove= ;; - --) shift ; break ;; - -*) echo "$0: unknown option \'$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -case "$#" in -0) ;; -*) echo "Usage: $0" >&2 ; exit ;; -esac - -cd ~build/tmp -tarname=`ls | sed -n '/^freeswan-.*\.gz$/s/\.gz$//p' | tail -1` -echo "moving $tarname.gz" - -( - cd $localplace - rm -f freeswan-cand* $linkname.* - ln -s $tarname.gz $linkname.gz -) -cp -p $tarname.gz $tarname.gz.md5 $tarname.gz.sig CANDIDATE.tar.gz.md5 $localplace - -if test "$localonly" -then - exit 0 # leaving the original around -fi - -$ssh $site "cd $place ; rm -f freeswan-cand* $linkname.* ; - ln -s $tarname.gz $linkname.gz ; - ln -s $tarname.gz.sig $linkname.gz.sig" - -$scp -p $tarname.gz.md5 $tarname.gz.sig $tarname.gz CANDIDATE.tar.gz.md5 $site:$place - -if test "$remove" -then - rm -f $tarname.* -fi diff --git a/packaging/utils/mvrel b/packaging/utils/mvrel deleted file mode 100755 index 66b1180a8..000000000 --- a/packaging/utils/mvrel +++ /dev/null @@ -1,65 +0,0 @@ -#! /bin/sh -# mvrel major minor -# move packaged release to distribution site (password supplied manually) - -PATH=/bin:/usr/bin -export PATH -umask 022 - -. $HOME/freeswan-regress-env.sh - -localplace=~build/archive -site=freeswan@xs4.xs4all.nl -place=FTP -linkname=LATEST.tar -ssh=/usr/bin/ssh -scp=/usr/bin/scp - -localonly= -remove=yes -for dummy -do - case "$1" in - -l) localonly=yes ;; - -c) site=adams.freeswan.org ; place=/home/team ; scp=scp2 ; ssh=ssh2 ;; - -k) remove= ;; - --) shift ; break ;; - -*) echo "$0: unknown option \'$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -case "$#:$1" in -1:*.*) ;; -*) echo "Usage: $0 [-l] [-c] release" >&2 ; exit ;; -esac - -tarname=freeswan-$1.tar - -cd ~build/tmp -if test ! -r $tarname.gz -then - echo "$0: no $tarname.gz!" >&2 - exit 1 -fi - -rm -f $localplace/$tarname.* -cp -p $tarname.gz $tarname.gz.sig $localplace - -if test "$localonly" -then - exit 0 # leaving the original around -fi - -$ssh $site "cd $place ; rm -f $tarname.gz.sig $tarname.gz LATEST.* ; - rm -f CANDIDATE.* freeswan-cand* ; - mv freeswan-[0-9]* old ; - ln -s $tarname.gz LATEST.tar.gz ; - ln -s $tarname.gz.sig LATEST.tar.gz.sig" -$scp -p $tarname.gz.sig $tarname.gz $site:$place - -if test "$remove" -then - rm -f $tarname.* -fi diff --git a/packaging/utils/patcher b/packaging/utils/patcher deleted file mode 100755 index ba31bdd26..000000000 --- a/packaging/utils/patcher +++ /dev/null @@ -1,188 +0,0 @@ -#! /bin/sh -# smart patch applier -# Copyright (C) 1999, 2001 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# patcher [-v] [-c] targetdir target [ key patchfile ] ... -# In targetdir, patch target from patchfile unless it already contains -# key and it appears to have been patched with the same patch. (If the -# patch has changed, undo the old one and then put the new one in.) Save -# original as target.preipsec, and patched copy as target.wipsec, with -# patch md5sum stored as target.ipsecmd5. If the patch doesn't work, -# put the original back and save the patch attempt as target.mangled. -# If there are no key+patchfile pairs, undo any old patch and leave it -# at that. -# -v means verbose -# -c means do "patching" by appending rather than by using patch(1) -# -# RCSID $Id: patcher,v 1.1 2004/03/15 20:35:27 as Exp $ - -PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin -export PATH -umask 022 - -verbose= -modifier=patch -for dummy -do - case "$1" in - -v) verbose=yes ;; - -c) modifier=cat ;; - --) shift ; break ;; - -*) echo "$0: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done -if test $# -lt 2 -then - echo "Usage: $0 [-v] [-c] targetdir target [ key patchfile ] ..." >&2 - exit 2 -fi - -need() { - if test ! -f $1 - then - echo "$0: cannot find file \`$1'" >&2 - exit 1 - fi -} - -note() { - if test "$verbose" - then - echo "* $1" - fi -} - -dir="$1" -target="$2" -shift ; shift -it=$dir/$target -need $it - - - -patches= -if test ! -s $it.ipsecmd5 -then - # no records of patching... - while test $# -ge 2 - do - key="$1" - patchfile="$2" - shift ; shift - need $patchfile - - if egrep -q "$key" $it - then - # patched but no record of how - note "$it no longer needs patch $patchfile" - else - patches="$patches $patchfile" - fi - done -elif test ! -f $it.preipsec -o ! -f $it.wipsec -then - echo "$0: $it.preipsec or .wipsec is missing!" >&2 - exit 1 -else - # determine whether patches have changed - tmp=/tmp/patcher.$$ - >$tmp - while test $# -ge 2 - do - key="$1" - patchfile="$2" - shift ; shift - need $patchfile - md5sum $patchfile | awk '{print $1}' >>$tmp - - if egrep -q "$key" $it.preipsec - then - note "$it no longer needs patch $patchfile" - else - patches="$patches $patchfile" - fi - done - if cmp -s $tmp $it.ipsecmd5 - then - note "$it already fully patched" - rm -f $tmp - exit 0 - fi - rm -f $tmp - - # must undo old patch(es) - note "$it old patches must be undone, undoing them..." - if ! cmp -s $it $it.wipsec - then - note "$it has changed, cannot undo old patches!" - echo "$0: cannot unpatch $it, it has changed since patching" >&2 - exit 1 - fi - rm $it - mv $it.preipsec $it - rm $it.wipsec $it.ipsecmd5 -fi - -# if no necessary patches, we're done -if test " $patches" = " " -then - note "$it no longer needs patching" - exit 0 -fi - -# try to figure out patch options -if test " $modifier" = " patch" -then - if patch --help >/dev/null 2>/dev/null - then - # looks like a modern version - popts='-p1 -b' - else - # looks like an old one - popts='-p1' - fi -fi - -# do it ->$it.ipsecmd5 -for patchfile in $patches -do - note "applying $patchfile to $it..." - - # make local copy - this defeats hard and soft links - mv $it $it.preipsec || exit 0 - rm -f $it - cp -p $it.preipsec $it - - case "$modifier" in - patch) ( cd $dir ; patch $popts ) <$patchfile ;; - cat) cat $patchfile >>$it ;; - esac - status=$? - if test $status -ne 0 - then - note "$it patch failed, restoring original" - echo "$0: patch on $it failed!" >&2 - echo "$0: restoring original $it," >&2 - echo "$0: leaving patch attempt in $it.mangled" >&2 - mv $it $it.mangled - mv $it.preipsec $it - rm -f $it.ipsecmd5 - exit 1 - fi - rm -f $it.orig # some patch versions leave debris - md5sum $patchfile | awk '{print $1}' >>$it.ipsecmd5 -done -cp -p $it $it.wipsec diff --git a/packaging/utils/prepcand b/packaging/utils/prepcand deleted file mode 100755 index 31c382501..000000000 --- a/packaging/utils/prepcand +++ /dev/null @@ -1,33 +0,0 @@ -#! /bin/sh -# prepcand m.nn -# prepare candidate for building, must be done in top working dir - -PATH=/bin:/usr/bin -export PATH -umask 022 - -case "$#:$1" in -1:*.*) ;; -*) echo "Usage: $0 release" >&2 ; exit ;; -esac - -rel="$1" -tag="PRE`echo $rel | tr '.' '_'`" - -# update from snapshot form to candidate/release form, if necessary -if egrep -q -e '^---$' README -then - sed '1,/^---$/d' README | sed '1s/This is release xxx of Linux FreeS\/WAN/This is release '$rel' of Linux FreeS\/WAN/' > README.$$ - mv README.$$ README - cvs -Q commit -m "update for candidates of release $rel" README -fi - -if sed -n 1p CHANGES | egrep -q 'since last release' -then - sed '1s/since last release/in '$rel'/' CHANGES >CHANGES.$$ - mv CHANGES.$$ CHANGES - cvs -Q commit -m "update for candidates of release $rel" CHANGES -fi - -echo "IPSECVERSION=$rel" >Makefile.ver -cvs -Q commit -m "update for candidate of release $rel" Makefile diff --git a/packaging/utils/recan b/packaging/utils/recan deleted file mode 100755 index eaaf9436a..000000000 --- a/packaging/utils/recan +++ /dev/null @@ -1,17 +0,0 @@ -#! /bin/sh -# recan release -# run in a working directory to recan contents of same where necessary - -PATH=/bin:/usr/bin ; export PATH -umask 022 - -. ~freeswan/setup - -case $# in -0) echo "Usage: $0 release [file] ..." >&2 ; exit 2 ;; -esac - -tag="R`echo $1 | tr '.' '_'`" -shift - -cvs tag -F -D now $tag $* diff --git a/packaging/utils/setup b/packaging/utils/setup deleted file mode 100755 index 5d250bb37..000000000 --- a/packaging/utils/setup +++ /dev/null @@ -1,9 +0,0 @@ -# shell file setting up environment for freeswan CVS access -# This is here, rather than in .profiles, because Henry has local access -# and doesn't want to duplicate this stuff. - -PATH=$PATH:/sandel/bin export PATH -CVSROOT=/freeswan/MASTER -CVSUMASK=002 - -export CVSROOT CVSUMASK diff --git a/packaging/utils/sshenv b/packaging/utils/sshenv deleted file mode 100755 index 8075b9d09..000000000 --- a/packaging/utils/sshenv +++ /dev/null @@ -1,4 +0,0 @@ -# ssh environment file for freeswan CVS access -# user .ssh directories have links to this, so this info is in one place -CVSROOT=/home/freeswan/cvs -CVSUMASK=002 diff --git a/packaging/utils/tattle b/packaging/utils/tattle deleted file mode 100755 index 37d015b0f..000000000 --- a/packaging/utils/tattle +++ /dev/null @@ -1,33 +0,0 @@ -#! /bin/sh -# tattle [-f] subject address ... -# report a freeswan CVS change made by someone other than "owner" of files - -PATH=/bin:/usr/bin ; export PATH - -noself=yes # don't mail to person making change -case "$1" in --f) noself= ; shift ;; -esac - -msg="freeswan commit: $1" -shift - -them= -if test "$noself" -then - iam="`id -un`" - for who - do - if test " $who" != " $iam" - then - them="$them $who" - fi - done -else - them="$*" -fi - -if test " $them" != " " -then - mail -s "$msg" $them -fi diff --git a/packaging/utils/wantsnap b/packaging/utils/wantsnap deleted file mode 100755 index 74b4287da..000000000 --- a/packaging/utils/wantsnap +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/sh -umask 002 -id -un >>~build/WANTSNAP/dosnap diff --git a/packaging/utils/wanttest b/packaging/utils/wanttest deleted file mode 100755 index 9cbdde8d0..000000000 --- a/packaging/utils/wanttest +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh - -if [ -f ~build/WANTSNAP/doingtest ] -then - echo Test already in progress. - exit 1 -fi - -umask 002 -id -un >>~build/WANTSNAP/dotest diff --git a/programs/Makefile b/programs/Makefile deleted file mode 100644 index dbc03f416..000000000 --- a/programs/Makefile +++ /dev/null @@ -1,46 +0,0 @@ -# Makefile for the KLIPS interface utilities -# Copyright (C) 1998, 1999 Henry Spencer. -# Copyright (C) 1999, 2000, 2001 Richard Guy Briggs -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.9 2006/08/28 11:12:36 as Exp $ - -FREESWANSRCDIR=.. -include ${FREESWANSRCDIR}/Makefile.inc - -SUBDIRS=spi eroute spigrp tncfg klipsdebug pf_key proc pluto -SUBDIRS+=_confread _copyright _include _keycensor _plutoload _plutorun -SUBDIRS+=_realsetup _secretcensor _startklips _updown _updown_espmark -SUBDIRS+=auto barf ipsec look manual ranbits secrets starter -SUBDIRS+=rsasigkey send-pr setup showdefaults showhostkey calcgoo mailkey -SUBDIRS+=ikeping examples openac scepclient - -ifeq ($(USE_LWRES),true) -SUBDIRS+=lwdnsq -endif - -ifeq ($(USE_IPSECPOLICY),true) -SUBDIRS+=showpolicy -endif - -def: - @echo "Please read doc/intro.html or INSTALL before running make" - @false - -# programs - -cleanall distclean mostlyclean realclean install programs checkprograms check clean spotless install_file_list: - @for d in $(SUBDIRS) ; \ - do \ - (cd $$d && $(MAKE) FREESWANSRCDIR=$(FREESWANSRCDIR)/.. $@ ) || exit 1;\ - done; - diff --git a/programs/Makefile.program b/programs/Makefile.program deleted file mode 100644 index 14d2d8269..000000000 --- a/programs/Makefile.program +++ /dev/null @@ -1,154 +0,0 @@ - -include ${FREESWANSRCDIR}/Makefile.ver - -CFLAGS+=$(USERCOMPILE) -I${KLIPSINC} - -CFLAGS+= -Wall -#CFLAGS+= -Wconversion -#CFLAGS+= -Wmissing-prototypes -CFLAGS+= -Wpointer-arith -CFLAGS+= -Wcast-qual -#CFLAGS+= -Wmissing-declarations -CFLAGS+= -Wstrict-prototypes -#CFLAGS+= -pedantic -#CFLAGS+= -W -#CFLAGS+= -Wwrite-strings -CFLAGS+= -Wbad-function-cast - -# die if there are any warnings -ifndef WERROR -WERROR:= -Werror -endif - -#CFLAGS+= ${WERROR} - -ifeq ($(USE_NAT_TRAVERSAL),true) - CFLAGS+= -DNAT_TRAVERSAL -endif - -ifneq ($(LD_LIBRARY_PATH),) -LDFLAGS=-L$(LD_LIBRARY_PATH) -endif - -MANDIR8=$(MANTREE)/man8 -MANDIR5=$(MANTREE)/man5 - -ifndef PROGRAMDIR -PROGRAMDIR=${LIBEXECDIR} -endif - -ifndef MANPROGPREFIX -MANPROGPREFIX=ipsec_ -endif - -ifndef CONFDSUBDIR -CONFDSUBDIR=. -endif - -all: $(PROGRAM) - -programs: all - -ifneq ($(PROGRAM),check) -check: $(PROGRAM) -endif - - -ifneq ($(NOINSTALL),true) - -install:: $(PROGRAM) $(CONFFILES) $(EXTRA8MAN) $(EXTRA5MAN) $(EXTRA5PROC) $(LIBFILES) $(CONFDFILES) - @mkdir -p $(PROGRAMDIR) $(MANDIR8) $(MANDIR5) $(LIBDIR) $(CONFDIR) $(CONFDDIR) $(CONFDDIR)/$(CONFDSUBDIR) $(EXAMPLECONFDIR) - @if [ -n "$(PROGRAM)" ]; then $(INSTALL) $(INSTBINFLAGS) $(PROGRAM) $(PROGRAMDIR); fi - @$(foreach f, $(addsuffix .8, $(PROGRAM)), \ - $(INSTALL) $(INSTMANFLAGS) $f $(MANDIR8)/$(MANPROGPREFIX)$f || exit 1; \ - ) - @$(foreach f, $(EXTRA8MAN), \ - $(INSTALL) $(INSTMANFLAGS) $f $(MANDIR8)/ipsec_$f || exit 1; \ - ) - @$(foreach f, $(EXTRA5MAN), \ - $(INSTALL) $(INSTMANFLAGS) $f $(MANDIR5)/$f || exit 1 ;\ - ) - @$(foreach f, $(EXTRA5PROC), \ - $(INSTALL) $(INSTMANFLAGS) $f $(MANDIR5)/ipsec_$f || exit 1 ;\ - ) - @$(foreach f, $(LIBFILES), \ - $(INSTALL) $(INSTCONFFLAGS) $f $(LIBDIR)/$f || exit 1 ;\ - ) - @$(foreach f, $(CONFFILES), \ - if [ ! -f $(CONFDIR)/$f ]; then $(INSTALL) $(INSTCONFFLAGS) $f $(CONFDIR)/$f || exit 1; fi;\ - $(INSTALL) $(INSTCONFFLAGS) $f $(EXAMPLECONFDIR)/$f-sample || exit 1; \ - ) - @$(foreach f, $(CONFDFILES), \ - if [ ! -f $(CONFDDIR)/$(CONFDSUBDIR)/$f ]; then $(INSTALL) $(INSTCONFFLAGS) $f $(CONFDDIR)/$(CONFDSUBDIR)/$f || exit 1; fi;\ - ) - -install_file_list:: - @if [ -n "$(PROGRAM)" ]; then echo $(PROGRAMDIR)/$(PROGRAM); fi - @$(foreach f, $(addsuffix .8, $(PROGRAM)), \ - echo $(MANDIR8)/${MANPROGPREFIX}$f; \ - ) - @$(foreach f, $(EXTRA8MAN), \ - echo $(MANDIR8)/ipsec_$f; \ - ) - @$(foreach f, $(EXTRA5MAN), \ - echo $(MANDIR5)/$f;\ - ) - @$(foreach f, $(EXTRA5PROC), \ - echo $(MANDIR5)/ipsec_$f; \ - ) - @$(foreach f, $(LIBFILES), \ - echo $(LIBDIR)/$f;\ - ) - @$(foreach f, $(CONFFILES), \ - echo $(CONFDIR)/$f;\ - echo $(EXAMPLECONFDIR)/$f-sample;\ - ) - @$(foreach f, $(CONFDFILES), \ - echo $(CONFDDIR)/${CONFDSUBDIR}/$f;\ - ) - -endif - -# cancel the rule that compiles directly -%: %.c - -%: %.o $(OBJS) - $(CC) $(CFLAGS) -o $@ $@.o ${OBJS} $(LDFLAGS) $(LIBS) - -%: %.in ${FREESWANSRCDIR}/Makefile.inc ${FREESWANSRCDIR}/Makefile.ver - cat $< | sed -e "s/xxx/$(IPSECVERSION)/" \ - -e "s:@IPSEC_DIR@:$(FINALBINDIR):" \ - -e "s:@IPSEC_EXECDIR@:$(FINALLIBEXECDIR):" \ - -e "s:@IPSEC_SBINDIR@:$(FINALSBINDIR):" \ - -e "s:@IPSEC_LIBDIR@:$(FINALLIBDIR):" \ - -e "s:@FINALCONFDIR@:$(FINALCONFDIR):" \ - -e "s:@EXAMPLECONFDIR@:$(EXAMPLECONFDIR):" \ - -e "s:@FINALDOCDIR@:$(FINALDOCDIR):" \ - -e "s:@FINALEXAMPLECONFDIR@:$(FINALEXAMPLECONFDIR):" \ - -e "s:@MODULE_GOO_LIST@:$(MODULE_GOO_LIST):" \ - -e "s:@IPSEC_CONFS@:$(FINALCONFDIR):" \ - -e "s:@IPSEC_CONFDDIR@:$(FINALCONFDDIR):" \ - -e "s:@USE_IPROUTE2@:$(USE_IPROUTE2):" \ - -e "s:@IPSEC_FIREWALLTYPE@:$(IPSEC_FIREWALLTYPE):" \ - | cat >$@ - if [ -x $< ]; then chmod +x $@; fi - if [ "${PROGRAM}.in" = $< ]; then chmod +x $@; fi - -cleanall: clean - -distclean: clean - -mostlyclean: clean - -realclean: clean - -clean:: -ifneq ($(strip $(PROGRAM)),) - @if [ -r $(PROGRAM).in ]; then rm -f $(PROGRAM); fi - @if [ -r $(PROGRAM).c ]; then rm -f $(PROGRAM); fi - @if [ -n "$(OBJS)" ]; then rm -f $(PROGRAM); fi -endif - @rm -f *.o - -checkprograms: - diff --git a/programs/_confread/.cvsignore b/programs/_confread/.cvsignore deleted file mode 100644 index 405492384..000000000 --- a/programs/_confread/.cvsignore +++ /dev/null @@ -1,7 +0,0 @@ -_confread -ipsec.conf -block -clear -private -clear-or-private -private-or-clear diff --git a/programs/_confread/Makefile b/programs/_confread/Makefile deleted file mode 100644 index 1bdc9a3f0..000000000 --- a/programs/_confread/Makefile +++ /dev/null @@ -1,27 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.2 2004/03/31 19:23:00 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_confread -PROGRAMDIR=${LIBDIR} -EXTRA5MAN=ipsec.conf.5 -CONFFILES=ipsec.conf - -CONFDSUBDIR=policies -CONFDFILES=clear clear-or-private private-or-clear private block - -include ../Makefile.program diff --git a/programs/_confread/README.conf.V2 b/programs/_confread/README.conf.V2 deleted file mode 100644 index 244e245c5..000000000 --- a/programs/_confread/README.conf.V2 +++ /dev/null @@ -1,103 +0,0 @@ -Subject: [Design] changes to ipsec.conf -# RCSID $Id: README.conf.V2,v 1.1 2004/03/15 20:35:27 as Exp $ - -We are changing ipsec.conf for the 2.0 series of FreeS/WAN. - -OE is enabled by default. This is accomplished by automatically -defining a conn "OEself" UNLESS the sysadmin defines one with the same -name: - -conn OEself - # authby=rsasig # default - left=%defaultroute - leftrsasigkey=%dnsondemand # default - right=%opportunistic - rightrsasigkey=%dnsondemand # default - keyingtries=3 - ikelifetime=1h - keylife=1h # default - rekey=no - # disablearrivalcheck=no # default - auto=route - -This will only work if %defaultroute works. -The leftid will be the resulting IP address (won't work if -you haven't filled in the reverse DNS entry). -Unlike other conns, nothing in this implicit conn is changed by conn %default. - -We'd like a better name. A conn name starting with % cannot be -defined by the sysadmin, so that is out. Names that haven't grabbed -us: OEhost, OElocalhost, OEthishost, OEforself, OE4self. - -There is no requirement to have /etc/ipsec.conf. If you do, the first -significant line (non-blank, non-comment) must be (not indented): -version 2.0 -This signifies that the file was intended for FreeS/WAN version 2.0. - - -The following table shows most changes. "-" means that the option -doesn't exist. "Recent Boilerplate" shows the effect of the "conn -%default" in the automatically installed /etc/ipsec.conf (not -installed if you already had one). - -Option Old Default Recent Boilerplate New Default -====== =========== ================== =========== - -config setup: -interfaces "" %defaultroute %defaultroute -plutoload "" %search - [same as %search] -plutostart "" %search - [same as %search] -uniqueids no yes yes -rp_filter - - 0 -plutowait yes yes no -dump no no - [use dumpdir] -plutobackgroundload ignored ignored - -no_eroute_pass no no - [use packetdefault] - -conn %default: -keyingtries 3 0 %forever [0 means this] -disablearrivalcheck yes no no -authby secret rsasig rsasig -leftrsasigkey "" %dnsondemand %dnsondemand -rightrsasigkey "" %dnsondemand %dnsondemand -lifetime ==keylife ==keylife - [use keylife] -rekeystart ==rekeymargin ==rekeymargin - [use rekeymargin] -rekeytries ==keyingtries ==keyingtries - [use keyingtries] - -====== =========== ================== =========== -Option Old Default Recent Boilerplate New Default - - -The auto= mechanism has been extended to support manual conns. If you -specify auto=manual in a conn, an "ipsec manual" will be performed on -it at startup (ipsec setup start). - - -There is a new config setup option "rp_filter". It controls - /proc/sys/net/ipv4/conf/PHYS/rp_filter -for each PHYSical IP interface used by FreeS/WAN. Settings are: - %unchanged do not touch (but warn if wrong) - 0 set to 0; default; means: no filtering - 1 set to 1; means: loose filter - 2 set to 1; means: strict filter -0 is often necessary for FreeS/WAN to function. Some folks -want other settings. Shutting down FreeS/WAN does not restore -the original value. - -Currently ikelife defaults to 1 hour and keylife defaults to 8 hours. -There have been some rumblings that these are the wrong defaults, but -it isn't clear what would be best. Perhaps both should be closer. -Any thoughts of what these should be? Any Road Warrior or OE conn -should probably have carefully thought-out values explicitly -specified. The settings don't matter much for VPN connections. - -keyingtries=%forever is the new improved notation for keyingtries=0. -Eventually the 0 notation will be eliminated. - -Some options can now be set to %none to signify no setting. Otherwise -there would be no way for the user to override a default setting: - leftrsasigkey, rightrsasigkey [added in 1.98] - interfaces - -Hugh Redelmeier -hugh@mimosa.com voice: +1 416 482-8253 diff --git a/programs/_confread/_confread.8 b/programs/_confread/_confread.8 deleted file mode 100644 index 20d92a002..000000000 --- a/programs/_confread/_confread.8 +++ /dev/null @@ -1,28 +0,0 @@ -.TH _CONFREAD 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _confread.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _confread \- internal routing to parse config file -.SH DESCRIPTION -.I _confread -is an internal script used for parsing /etc/ipsec.conf into a canonical format. -.SH "SEE ALSO" -ipsec(8), ipsec_conf(8) -.SH HISTORY -Man page written for the Linux FreeS/WAN project -by Michael Richardson. Program written by Henry Spencer. -.\" -.\" $Log: _confread.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.3 2002/09/16 01:28:43 dhr -.\" -.\" typo -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" -.\" diff --git a/programs/_confread/_confread.in b/programs/_confread/_confread.in deleted file mode 100755 index 4561af9fe..000000000 --- a/programs/_confread/_confread.in +++ /dev/null @@ -1,520 +0,0 @@ -#!/bin/sh -# configuration-file reader utility -# Copyright (C) 1999-2002 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _confread.in,v 1.15 2006/04/20 04:42:12 as Exp $ -# -# Extract configuration info from /etc/ipsec.conf, repackage as assignments -# to shell variables or tab-delimited fields. Success or failure is reported -# inline, as extra data, due to the vagaries of shell backquote handling. -# In the absence of --varprefix, output is tab-separated fields, like: -# = sectionname -# : parameter value -# ! status (empty for success, else complaint) -# In the presence of (say) "--varprefix IPSEC", output is like: -# IPSEC_confreadsection="sectionname" -# IPSECparameter="value" -# IPSEC_confreadstatus="status" (same empty/complaint convention) -# -# The "--search parametername" option inverts the search: instead of -# yielding the parameters of the specified name(s), it yields the names -# of sections with parameter having (one of) the -# specified value(s). In this case, --varprefix output is a list of -# names in the _confreadnames variable. Search values with -# white space in them are currently not handled properly. -# -# Typical usage: -# eval `ipsec _confread --varprefix IPSEC --type config setup` -# if test " $IPSEC_confreadstatus" != " " -# then -# echo "$0: $IPSEC_confreadstatus -- aborting" 2>&1 -# exit 1 -# fi - -# absent default config file treated as empty -config=${IPSEC_CONFS-@FINALCONFDIR@}/ipsec.conf -if test ! -f "$config" ; then config=/dev/null ; fi - -include=yes -type=conn -fieldfmt=yes -prefix= -search= -export=0 -version= -optional=0 -me="ipsec _confread" - -for dummy -do - case "$1" in - --config) config="$2" ; shift ;; - --noinclude) include= ;; - --type) type="$2" ; shift ;; - --varprefix) fieldfmt= - prefix="$2" - shift ;; - --export) export=1 ;; - --search) search="$2" ; shift ;; - --version) echo "$me $IPSEC_VERSION" ; exit 0 ;; - --optional) optional=1 ;; - --) shift ; break ;; - -*) echo "$0: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -if test "$include" -then - ipsec _include --inband $config -else - cat $config -fi | -awk 'BEGIN { - type = "'"$type"'" - names = "'"$*"'" - prefix = "'"$prefix"'" - export = "'"$export"'" - optional = 0 + '"$optional"' - myid = "'"$IPSECmyid"'" - search = "'"$search"'" - searching = 0 - if (search != "") { - searching = 1 - searchpat = search "[ \t]*=[ \t]*" - } - fieldfmt = 0 - if ("'"$fieldfmt"'" == "yes") - fieldfmt = 1 - including = 0 - if ("'"$include"'" == "yes") - including = 1 - filename = "'"$config"'" - lineno = 0 - originalfilename = filename - if (fieldfmt) - bq = eq = "\"" - else - bq = eq = "\\\"" - failed = 0 - insection = 0 - wrongtype = 0 - indefault = 0 - outputting = 0 - sawnondefault = 0 - OFS = "\t" - o_status = "!" - o_parm = ":" - o_section = "=" - o_names = "%" - o_end = "." - n = split(names, na, " ") - if (n == 0) - fail("no section names supplied") - for (i = 1; i <= n; i++) { - if (na[i] in wanted) - fail("section " bq na[i] eq " requested more than once") - wanted[na[i]] = 1 - pending[na[i]] = 1 - if (!searching && na[i] !~ /^[a-zA-Z][a-zA-Z0-9._-]*$/) - fail("invalid section name " bq na[i] eq) - } - - good = "also alsoflip type auto authby _plutodevel" - left = " left leftsubnet leftnexthop leftfirewall lefthostaccess leftupdown" - akey = " keyexchange auth pfs keylife rekey rekeymargin rekeyfuzz" - akey = akey " dpdaction dpddelay dpdtimeout" - akey = akey " pfsgroup compress" - akey = akey " keyingtries ikelifetime disablearrivalcheck failureshunt ike" - mkey = " spibase spi esp espenckey espauthkey espreplay_window" - left = left " leftespenckey leftespauthkey leftahkey" - left = left " leftespspi leftahspi leftid leftrsasigkey leftrsasigkey2" - left = left " leftsendcert leftcert leftca leftsubnetwithin leftprotoport" - left = left " leftgroups leftsourceip" - mkey = mkey " ah ahkey ahreplay_window" - right = left - gsub(/left/, "right", right) - n = split(good left right akey mkey, g) - for (i = 1; i <= n; i++) - goodnames["conn:" g[i]] = 1 - - good = "also interfaces forwardcontrol myid" - good = good " syslog klipsdebug plutodebug plutoopts plutostderrlog" - good = good " plutorestartoncrash" - good = good " dumpdir manualstart pluto" - good = good " plutowait prepluto postpluto" - good = good " fragicmp hidetos rp_filter uniqueids" - good = good " overridemtu pkcs11module pkcs11keepstate pkcs11proxy" - good = good " nocrsend strictcrlpolicy crlcheckinterval cachecrls" - good = good " nat_traversal keep_alive force_keepalive" - good = good " disable_port_floating virtual_private" - - n = split(good, g) - for (i = 1; i <= n; i++) - goodnames["config:" g[i]] = 1 - - good = "auto cacert ldaphost ldapbase crluri crluri2 ocspuri" - good = good " strictcrlpolicy" - - n = split(good, g) - for (i = 1; i <= n; i++) - goodnames["ca:" g[i]] = 1 - - goodtypes["conn"] = 1 - goodtypes["config"] = 1 - goodtypes["ca"] = 1 - - badchars = "" - for (i = 1; i < 32; i++) - badchars = badchars sprintf("%c", i) - for (i = 127; i < 128+32; i++) - badchars = badchars sprintf("%c", i) - badchar = "[" badchars "]" - - # if searching, seen is set of sectionnames which match - # if not searching, seen is set of parameter names found - seen[""] = "" - defaults[""] = "" - usesdefault[""] = "" - orientation = 1 -} - - - -function output(code, v1, v2) { - if (code == o_parm) { - if (v2 == "") # suppress empty parameters - return - if (privatename(v1)) # and private ones - return - if (v2 ~ badchar) - fail("parameter value " bq v2 eq " contains unprintable character") - } - - if (fieldfmt) { - print code, v1, v2 - return - } - - if (code == o_status) { - v2 = v1 - v1 = "_confreadstatus" - } else if (code == o_section) { - v2 = v1 - v1 = "_confreadsection" - } else if (code == o_names) { - v2 = v1 - v1 = "_confreadnames" - } else if (code != o_parm) - return # currently no variable version of o_end - - print prefix v1 "=\"" v2 "\"" - if (export) - print "export " prefix v1 -} -function searchfound(sectionname, n, i, reflist) { - # a hit in x is a hit in everybody who refers to x too - n = split(refsto[sectionname], reflist, ";") - for (i = 1; i <= n; i++) - if (reflist[i] in seen) - fail("duplicated parameter " bq search eq) - else - seen[reflist[i]] = 1 - seen[sectionname] = 1 -} -function fail(msg) { - output(o_status, ("(" filename ", line " lineno ") " msg)) - failed = 1 - while ((getline junk) > 0) - continue - exit -} -function badname(n) { - if ((type ":" n) in goodnames) - return 0 - if (privatename(n)) - return 0 - return 1 -} -function privatename(n) { - if (n ~ /^[xX][-_]/) - return 1 - return 0 -} -function orient(n) { - if (orientation == -1) { - if (n ~ /left/) - gsub(/left/, "right", n) - else if (n ~ /right/) - gsub(/right/, "left", n) - } - return n -} -# in searching, referencing is transitive: xyz->from->to -function chainref(from, to, i, reflist, listnum) { - if (from in refsto) { - listnum = split(refsto[from], reflist, ";") - for (i = 1; i <= listnum; i++) - chainref(reflist[i], to) - } - if (to in refsto) - refsto[to] = refsto[to] ";" from - else - refsto[to] = from -} - -# start of rules - -{ - lineno++ - # lineno is now the number of this line - - # we must remember indentation because comment stripping loses it - exdented = $0 !~ /^[ \t]/ - sub(/^[ \t]+/, "") # get rid of leading white space - sub(/[ \t]+$/, "") # get rid of trailing white space -} -including && $0 ~ /^#[<>:]/ { - # _include control line - if ($1 ~ /^#[<>]$/) { - filename = $2 - lineno = $3 - 1 - } else if ($0 ~ /^#:/) { - msg = substr($0, 3) - gsub(/"/, "\\\"", msg) - fail(msg) - } - next -} -exdented { - # any non-leading-white-space line is a section end - ### but not the end of relevant stuff, might be also= sections later - ###if (insection && !indefault && !searching && outputting) - ### output(o_end) - insection = 0 - wrongtype = 0 - indefault = 0 - outputting = 0 -} -/[ \t]#/ { - # strip trailing comments including the leading whitespace - # tricky because we must respect quotes - q = 0 - for (i = 1; i <= NF; i++) { - if ($i ~ /^#/ && q % 2 == 0) { - NF = i - 1; - break - } - # using $i in gsub loses whitespace?!? - junk = $i - q += gsub(/"/, "&", junk) - } -} -$0 == "" || $0 ~ /^#/ { - # empty lines and comments are ignored - next -} -exdented && NF != 2 { - # bad section header - fail("section header " bq $0 eq " has wrong number of fields (" NF ")") -} -exdented && $1 == "version" { - version = $2 + 0 - if (version < 2.0 || 2.0 < version) - fail("we only support version 2.0 ipsec.conf files, not " bq version eq) - next -} -version == "" { - fail("we only support version 2 ipsec.conf files") -} -exdented && !($1 in goodtypes) { - # unknown section type - fail("section type " bq $1 eq " not recognized") -} -exdented && $1 != type { - # section header, but not of the type we want - insection = 1 - wrongtype = 1 - next -} -extented { - # type fits - wrongtype = 0 -} -exdented && $1 == "config" && $2 != "setup" { - fail("unknown config section " bq $2 eq) -} -exdented && $2 != "%default" { - # non-default section header of our type - sawnondefault = 1 -} -exdented && searching && $2 != "%default" { - # section header, during search - insection = 1 - sectionname = $2 - usesdefault[sectionname] = 1 # tentatively - next -} -exdented && !searching && $2 in wanted { - # one of our wanted section headers - if (!($2 in pending)) - fail("duplicate " type " section " bq $2 eq) - delete pending[$2] - tag = bq type " " $2 eq - outputting = 1 - insection = 1 - orientation = wanted[$2] - output(o_section, $2) - next -} -exdented && $2 == "%default" { - # relevant default section header - if (sawnondefault) - fail(bq $1 " %default" eq " sections must precede non-default ones") - tag = bq type " " $2 eq - indefault = 1 - next -} -exdented { - # section header, but not one we want - insection = 1 - next -} -!insection && !indefault { - # starts with white space but not in a section... oops - fail("parameter is not within a section") -} -!wrongtype && searching && $0 ~ searchpat { - # search found the right parameter name - match($0, searchpat) - rest = substr($0, RLENGTH+1) - if (rest ~ /^".*"$/) - rest = substr(rest, 2, length(rest)-2) - if (!indefault) { - if (!usesdefault[sectionname]) - fail("duplicated parameter " bq search eq) - usesdefault[sectionname] = 0 - } else if (search in defaults) - fail("duplicated parameter " bq search eq) - if (rest in wanted) { # a hit - if (indefault) - defaults[search] = rest - else - searchfound(sectionname) - } else { - # rather a kludge, but must check this somewhere - if (search == "auto" && rest !~ /^(add|route|start|ignore|manual)$/) - fail("illegal auto value " bq rest eq) - } - next -} -!searching && !outputting && !indefault { - # uninteresting line - next -} -$0 ~ /"/ && $0 !~ /^[^=]+=[ \t]*"[^"]*"$/ { - if (!searching) - fail("mismatched quotes in parameter value") - else - gsub(/"/, "", $0) -} -$0 !~ /^[a-zA-Z_][a-zA-Z0-9_-]*[ \t]*=/ { - if (searching) - next # just ignore it - fail("syntax error or illegal parameter name") -} -{ - sub(/[ \t]*=[ \t]*/, "=") # get rid of white space around = -} -$0 ~ /^(also|alsoflip)=/ { - v = orientation - if ($0 ~ /^alsoflip/) - v = -v; - if (indefault) - fail("%default section may not contain " bq "also" eq " or " bq "alsoflip" eq " parameter") - sub(/^(also|alsoflip)=/, "") - if ($0 !~ /^[a-zA-Z][a-zA-Z0-9._-]*$/) - fail("invalid section name " bq $0 eq) - if (!searching) { - if ($0 in wanted) - fail("section " bq $0 eq " requested more than once") - wanted[$0] = v - pending[$0] = 1 - } else - chainref(sectionname, $0) - next -} -!outputting && !indefault { - # uninteresting line even for a search - next -} -{ - equal = match($0, /[=]/) - name = substr($0, 1, equal-1) - if (badname(name)) - fail("unknown parameter name " bq name eq) - value = substr($0, equal+1) - if (value ~ /^"/) - value = substr(value, 2, length(value)-2) - else if (value ~ /[ \t]/) - fail("white space within non-quoted parameter " bq name eq) -} -indefault { - if (name in defaults) - fail("duplicated default parameter " bq name eq) - defaults[name] = value - next -} -{ - name = orient(name) - if (name in seen) - fail("duplicated parameter " bq name eq) - seen[name] = 1 - output(o_parm, name, value) -} -END { - if (failed) - exit 1 - - filename = originalfilename - unseen = "" - for (i in pending) - unseen = unseen " " i - if (!optional && !searching && unseen != "") - fail("did not find " type " section(s) " bq substr(unseen, 2) eq) - if (!searching) { - for (name in defaults) - if (!(name in seen)) - output(o_parm, name, defaults[name]) - } else { - if (defaults[search] in wanted) - for (name in usesdefault) - if (usesdefault[name]) - seen[name] = 1 - delete seen[""] - if (fieldfmt) - for (name in seen) - output(o_section, name) - else { - outlist = "" - for (name in seen) - if (outlist == "") - outlist = name - else - outlist = outlist " " name - output(o_names, outlist) - } - } - output(o_status, "") -}' diff --git a/programs/_confread/block.in b/programs/_confread/block.in deleted file mode 100644 index e3a4b2dd5..000000000 --- a/programs/_confread/block.in +++ /dev/null @@ -1,8 +0,0 @@ -# This file defines the set of CIDRs (network/mask-length) to which -# communication should never be allowed. -# -# See @FINALDOCDIR@/policygroups.html for details. -# -# $Id: block.in,v 1.1 2004/03/15 20:35:27 as Exp $ -# - diff --git a/programs/_confread/clear-or-private.in b/programs/_confread/clear-or-private.in deleted file mode 100644 index 800093d94..000000000 --- a/programs/_confread/clear-or-private.in +++ /dev/null @@ -1,8 +0,0 @@ -# This file defines the set of CIDRs (network/mask-length) to which -# we will communicate in the clear, or, if the other side initiates IPSEC, -# using encryption. This behaviour is also called "Opportunistic Responder". -# -# See @FINALDOCDIR@/policygroups.html for details. -# -# $Id: clear-or-private.in,v 1.1 2004/03/15 20:35:27 as Exp $ -# diff --git a/programs/_confread/clear.in b/programs/_confread/clear.in deleted file mode 100644 index 46e63388e..000000000 --- a/programs/_confread/clear.in +++ /dev/null @@ -1,7 +0,0 @@ -# This file defines the set of CIDRs (network/mask-length) to which -# communication should always be in the clear. -# -# See @FINALDOCDIR@/policygroups.html for details. -# -# $Id: clear.in,v 1.1 2004/03/15 20:35:27 as Exp $ -# diff --git a/programs/_confread/ipsec.conf.5 b/programs/_confread/ipsec.conf.5 deleted file mode 100644 index af6fae6bd..000000000 --- a/programs/_confread/ipsec.conf.5 +++ /dev/null @@ -1,1286 +0,0 @@ -.TH IPSEC.CONF 5 "20 Jan 2006" -.\" RCSID $Id: ipsec.conf.5,v 1.2 2006/01/22 15:33:46 as Exp $ -.SH NAME -ipsec.conf \- IPsec configuration and connections -.SH DESCRIPTION -The optional -.I ipsec.conf -file -specifies most configuration and control information for the -strongSwan IPsec subsystem. -(The major exception is secrets for authentication; -see -.IR ipsec.secrets (5).) -Its contents are not security-sensitive -.I unless -manual keying is being done for more than just testing, -in which case the encryption/authentication keys in the -descriptions for the manually-keyed connections are very sensitive -(and those connection descriptions -are probably best kept in a separate file, -via the include facility described below). -.PP -The file is a text file, consisting of one or more -.IR sections . -White space followed by -.B # -followed by anything to the end of the line -is a comment and is ignored, -as are empty lines which are not within a section. -.PP -A line which contains -.B include -and a file name, separated by white space, -is replaced by the contents of that file, -preceded and followed by empty lines. -If the file name is not a full pathname, -it is considered to be relative to the directory containing the -including file. -Such inclusions can be nested. -Only a single filename may be supplied, and it may not contain white space, -but it may include shell wildcards (see -.IR sh (1)); -for example: -.PP -.B include -.B "ipsec.*.conf" -.PP -The intention of the include facility is mostly to permit keeping -information on connections, or sets of connections, -separate from the main configuration file. -This permits such connection descriptions to be changed, -copied to the other security gateways involved, etc., -without having to constantly extract them from the configuration -file and then insert them back into it. -Note also the -.B also -parameter (described below) which permits splitting a single logical -section (e.g. a connection description) into several actual sections. -.PP -The first significant line of the file must specify the version -of this specification that it conforms to: -.PP -\fBversion 2\fP -.PP -A section -begins with a line of the form: -.PP -.I type -.I name -.PP -where -.I type -indicates what type of section follows, and -.I name -is an arbitrary name which distinguishes the section from others -of the same type. -(Names must start with a letter and may contain only -letters, digits, periods, underscores, and hyphens.) -All subsequent non-empty lines -which begin with white space are part of the section; -comments within a section must begin with white space too. -There may be only one section of a given type with a given name. -.PP -Lines within the section are generally of the form -.PP -\ \ \ \ \ \fIparameter\fB=\fIvalue\fR -.PP -(note the mandatory preceding white space). -There can be white space on either side of the -.BR = . -Parameter names follow the same syntax as section names, -and are specific to a section type. -Unless otherwise explicitly specified, -no parameter name may appear more than once in a section. -.PP -An empty -.I value -stands for the system default value (if any) of the parameter, -i.e. it is roughly equivalent to omitting the parameter line entirely. -A -.I value -may contain white space only if the entire -.I value -is enclosed in double quotes (\fB"\fR); -a -.I value -cannot itself contain a double quote, -nor may it be continued across more than one line. -.PP -Numeric values are specified to be either an ``integer'' -(a sequence of digits) or a ``decimal number'' -(sequence of digits optionally followed by `.' and another sequence of digits). -.PP -There is currently one parameter which is available in any type of -section: -.TP -.B also -the value is a section name; -the parameters of that section are appended to this section, -as if they had been written as part of it. -The specified section must exist, must follow the current one, -and must have the same section type. -(Nesting is permitted, -and there may be more than one -.B also -in a single section, -although it is forbidden to append the same section more than once.) -This allows, for example, keeping the encryption keys -for a connection in a separate file -from the rest of the description, by using both an -.B also -parameter and an -.B include -line. -.PP -Parameter names beginning with -.B x- -(or -.BR X- , -or -.BR x_ , -or -.BR X_ ) -are reserved for user extensions and will never be assigned meanings -by IPsec. -Parameters with such names must still observe the syntax rules -(limits on characters used in the name; -no white space in a non-quoted value; -no newlines or double quotes within the value). -All other as-yet-unused parameter names are reserved for future IPsec -improvements. -.PP -A section with name -.B %default -specifies defaults for sections of the same type. -For each parameter in it, -any section of that type which does not have a parameter of the same name -gets a copy of the one from the -.B %default -section. -There may be multiple -.B %default -sections of a given type, -but only one default may be supplied for any specific parameter name, -and all -.B %default -sections of a given type must precede all non-\c -.B %default -sections of that type. -.B %default -sections may not contain the -.B also -parameter. -.PP -Currently there are three types of sections: -a -.B config -section specifies general configuration information for IPsec, a -.B conn -section specifies an IPsec connection, while a -.B ca -section specifies special properties a certification authority. -.SH "CONN SECTIONS" -A -.B conn -section contains a -.IR "connection specification" , -defining a network connection to be made using IPsec. -The name given is arbitrary, and is used to identify the connection to -.IR ipsec_auto (8) -and -.IR ipsec_manual (8). -Here's a simple example: -.PP -.ne 10 -.nf -.ft B -.ta 1c -conn snt - left=10.11.11.1 - leftsubnet=10.0.1.0/24 - leftnexthop=172.16.55.66 - right=192.168.22.1 - rightsubnet=10.0.2.0/24 - rightnexthop=172.16.88.99 - keyingtries=%forever -.ft -.fi -.PP -A note on terminology... -In automatic keying, there are two kinds of communications going on: -transmission of user IP packets, and gateway-to-gateway negotiations for -keying, rekeying, and general control. -The data path (a set of ``IPsec SAs'') used for user packets is herein -referred to as the ``connection''; -the path used for negotiations (built with ``ISAKMP SAs'') is referred to as -the ``keying channel''. -.PP -To avoid trivial editing of the configuration file to suit it to each system -involved in a connection, -connection specifications are written in terms of -.I left -and -.I right -participants, -rather than in terms of local and remote. -Which participant is considered -.I left -or -.I right -is arbitrary; -IPsec figures out which one it is being run on based on internal information. -This permits using identical connection specifications on both ends. -There are cases where there is no symmetry; a good convention is to -use -.I left -for the local side and -.I right -for the remote side (the first letters are a good mnemonic). -.PP -Many of the parameters relate to one participant or the other; -only the ones for -.I left -are listed here, but every parameter whose name begins with -.B left -has a -.B right -counterpart, -whose description is the same but with -.B left -and -.B right -reversed. -.PP -Parameters are optional unless marked ``(required)''; -a parameter required for manual keying need not be included for -a connection which will use only automatic keying, and vice versa. -.SS "CONN PARAMETERS: GENERAL" -The following parameters are relevant to both automatic and manual keying. -Unless otherwise noted, -for a connection to work, -in general it is necessary for the two ends to agree exactly -on the values of these parameters. -.TP 14 -.B type -the type of the connection; currently the accepted values -are -.B tunnel -(the default) -signifying a host-to-host, host-to-subnet, or subnet-to-subnet tunnel; -.BR transport , -signifying host-to-host transport mode; -.BR passthrough , -signifying that no IPsec processing should be done at all; -.BR drop , -signifying that packets should be discarded; and -.BR reject , -signifying that packets should be discarded and a diagnostic ICMP returned. -.TP -.B left -(required) -the IP address of the left participant's public-network interface, -in any form accepted by -.IR ipsec_ttoaddr (3) -or one of several magic values. -If it is -.BR %defaultroute , -and -the -.B config -.B setup -section's, -.B interfaces -specification contains -.BR %defaultroute, -.B left -will be filled in automatically with the local address -of the default-route interface (as determined at IPsec startup time); -this also overrides any value supplied for -.BR leftnexthop . -(Either -.B left -or -.B right -may be -.BR %defaultroute , -but not both.) -The value -.B %any -signifies an address to be filled in (by automatic keying) during -negotiation. -The value -.B %opportunistic -signifies that both -.B left -and -.B leftnexthop -are to be filled in (by automatic keying) from DNS data for -.BR left 's -client. -The values -.B %group -and -.B %opportunisticgroup -makes this a policy group conn: one that will be instantiated -into a regular or opportunistic conn for each CIDR block listed in the -policy group file with the same name as the conn. -.TP -.B leftsubnet -private subnet behind the left participant, expressed as -\fInetwork\fB/\fInetmask\fR -(actually, any form acceptable to -.IR ipsec_ttosubnet (3)); -if omitted, essentially assumed to be \fIleft\fB/32\fR, -signifying that the left end of the connection goes to the left participant only -.TP -.B leftnexthop -next-hop gateway IP address for the left participant's connection -to the public network; -defaults to -.B %direct -(meaning -.IR right ). -If the value is to be overridden by the -.B left=%defaultroute -method (see above), -an explicit value must -.I not -be given. -If that method is not being used, -but -.B leftnexthop -is -.BR %defaultroute , -and -.B interfaces=%defaultroute -is used in the -.B config -.B setup -section, -the next-hop gateway address of the default-route interface -will be used. -The magic value -.B %direct -signifies a value to be filled in (by automatic keying) -with the peer's address. -Relevant only locally, other end need not agree on it. -.TP -.B leftupdown -what ``updown'' script to run to adjust routing and/or firewalling -when the status of the connection -changes (default -.BR "ipsec _updown" ). -May include positional parameters separated by white space -(although this requires enclosing the whole string in quotes); -including shell metacharacters is unwise. -See -.IR ipsec_pluto (8) -for details. -Relevant only locally, other end need not agree on it. -.TP -.B leftfirewall -whether the left participant is doing forwarding-firewalling -(including masquerading) for traffic from \fIleftsubnet\fR, -which should be turned off (for traffic to the other subnet) -once the connection is established; -acceptable values are -.B yes -and (the default) -.BR no . -May not be used in the same connection description with -.BR leftupdown . -Implemented as a parameter to the default -.I updown -script. -See notes below. -Relevant only locally, other end need not agree on it. -.PP -If one or both security gateways are doing forwarding firewalling -(possibly including masquerading), -and this is specified using the firewall parameters, -tunnels established with IPsec are exempted from it -so that packets can flow unchanged through the tunnels. -(This means that all subnets connected in this manner must have -distinct, non-overlapping subnet address blocks.) -This is done by the default -.I updown -script (see -.IR ipsec_pluto (8)). -.PP -The implementation of this makes certain assumptions about firewall setup, -notably the use of the old -.I ipfwadm -interface to the firewall. -In situations calling for more control, -it may be preferable for the user to supply his own -.I updown -script, -which makes the appropriate adjustments for his system. -.SS "CONN PARAMETERS: AUTOMATIC KEYING" -The following parameters are relevant only to automatic keying, -and are ignored in manual keying. -Unless otherwise noted, -for a connection to work, -in general it is necessary for the two ends to agree exactly -on the values of these parameters. -.TP 14 -.B auto -what operation, if any, should be done automatically at IPsec startup; -currently-accepted values are -.B add -(signifying an -.B ipsec auto -.BR \-\-add ), -.B route -(signifying that plus an -.B ipsec auto -.BR \-\-route ), -.B start -(signifying that plus an -.B ipsec auto -.BR \-\-up ), -.B manual -(signifying an -.B ipsec -.B manual -.BR \-\-up ), -and -.B ignore -(also the default) (signifying no automatic startup operation). -See the -.B config -.B setup -discussion below. -Relevant only locally, other end need not agree on it -(but in general, for an intended-to-be-permanent connection, -both ends should use -.B auto=start -to ensure that any reboot causes immediate renegotiation). -.TP -.B auth -whether authentication should be done as part of -ESP encryption, or separately using the AH protocol; -acceptable values are -.B esp -(the default) and -.BR ah . -.TP -.B authby -how the two security gateways should authenticate each other; -acceptable values are -.B secret -for shared secrets, -.B rsasig -for RSA digital signatures (the default), -.B secret|rsasig -for either, and -.B never -if negotiation is never to be attempted or accepted (useful for shunt-only conns). -Digital signatures are superior in every way to shared secrets. -.TP -.B compress -whether IPComp compression of content is proposed on the connection -(link-level compression does not work on encrypted data, -so to be effective, compression must be done \fIbefore\fR encryption); -acceptable values are -.B yes -and -.B no -(the default). -The two ends need not agree. -A value of -.B yes -causes IPsec to propose both compressed and uncompressed, -and prefer compressed. -A value of -.B no -prevents IPsec from proposing compression; -a proposal to compress will still be accepted. -.TP -.B disablearrivalcheck -whether KLIPS's normal tunnel-exit check -(that a packet emerging from a tunnel has plausible addresses in its header) -should be disabled; -acceptable values are -.B yes -and -.B no -(the default). -Tunnel-exit checks improve security and do not break any normal configuration. -Relevant only locally, other end need not agree on it. -.TP -.B dpdaction -controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where -R_U_THERE IKE notification messages are periodically sent in order to check the -liveliness of the IPsec peer. The default is.. -.B none -which disables the active sending of R_U_THERE notifications. -Nevertheless pluto will always send the DPD Vendor ID during connection set up -in order to signal the readiness to act passively as a responder if the peer -wants to use DPD. The values -.B clear -and -.B hold -both activate DPD. If no activity is detected, all connections with a dead peer -are stopped and unrouted ( -.B clear -) or put in the hold state ( -.B hold -). -.TP -.B dpddelay -defines the period time interval with which R_U_THERE messages are sent to the peer. -.TP -.B dpdtimeout -defines the timeout interval, after which all connections to a peer are deleted -in case of inactivity. -.TP -.B failureshunt -what to do with packets when negotiation fails. -The default is -.BR none : -no shunt; -.BR passthrough , -.BR drop , -and -.B reject -have the obvious meanings. -.TP -.B ikelifetime -how long the keying channel of a connection (buzzphrase: ``ISAKMP SA'') -should last before being renegotiated; -acceptable values as for -.B keyexchange -method of key exchange; -the default and currently the only accepted value is -.B ike -.TP -.B keylife -(default set by -.IR ipsec_pluto (8), -currently -.BR 3h , -maximum -.BR 24h ). -The two-ends-disagree case is similar to that of -.BR keylife . -.TP -.B keyingtries -how many attempts (a whole number or \fB%forever\fP) should be made to -negotiate a connection, or a replacement for one, before giving up -(default -.BR %forever ). -The value \fB%forever\fP -means ``never give up'' (obsolete: this can be written \fB0\fP). -Relevant only locally, other end need not agree on it. -.TP -.B keylife -how long a particular instance of a connection -(a set of encryption/authentication keys for user packets) should last, -from successful negotiation to expiry; -acceptable values are an integer optionally followed by -.BR s -(a time in seconds) -or a decimal number followed by -.BR m , -.BR h , -or -.B d -(a time -in minutes, hours, or days respectively) -(default -.BR 1h , -maximum -.BR 24h ). -Normally, the connection is renegotiated (via the keying channel) -before it expires. -The two ends need not exactly agree on -.BR keylife , -although if they do not, -there will be some clutter of superseded connections on the end -which thinks the lifetime is longer. -.TP -.B leftca -the distinguished name of a certificate authority which is required to -lie in the trust path going from the left participant's certificate up -to the root certification authority. -.TP -.B leftcert -the path to the left participant's X.509 certificate. The file can be coded either in -PEM or DER format. OpenPGP certificates are supported as well. -Both absolute paths or paths relative to -.B /etc/ipsec.d/certs -are accepted. By default -.B leftcert -sets -.B leftid -to the distinguished name of the certificate's subject and -.B leftca -to the distinguished name of the certificate's issuer. -The left participant's ID can be overriden by specifying a -.B leftid -value which must be certified by the certificate, though. -.TP -.B leftgroups -a comma separated list of group names. If the -.B leftgroups -parameter is present then the peer must be a member of at least one -of the groups defined by the parameter. Group membership must be certified -by a valid attribute certificate stored in \fI/etc/ipsec.d/acerts\fP thas has been -issued to the peer by a trusted Authorization Authority stored in -\fI/etc/ipsec.d/aacerts\fP. -.TP -.B leftid -how -the left participant -should be identified for authentication; -defaults to -.BR left . -Can be an IP address (in any -.IR ipsec_ttoaddr (3) -syntax) -or a fully-qualified domain name preceded by -.B @ -(which is used as a literal string and not resolved). -The magic value -.B %myid -stands for the current setting of \fImyid\fP. -This is set in \fBconfig setup\fP or by \fIipsec_whack\fP(8)), or, if not set, -it is the IP address in \fB%defaultroute\fP (if that is supported by a TXT record in its reverse domain), or otherwise -it is the system's hostname (if that is supported by a TXT record in its forward domain), or otherwise it is undefined. -.TP -.B leftrsasigkey -the left participant's -public key for RSA signature authentication, -in RFC 2537 format using -.IR ipsec_ttodata (3) -encoding. -The magic value -.B %none -means the same as not specifying a value (useful to override a default). -The value -.B %cert -(the default) -means that the key is extracted from a certificate. -The value -.B %dnsondemand -means the key is to be fetched from DNS at the time it is needed. -The value -.B %dnsonload -means the key is to be fetched from DNS at the time -the connection description is read from -.IR ipsec.conf ; -currently this will be treated as -.B %none -if -.B right=%any -or -.BR right=%opportunistic . -The value -.B %dns -is currently treated as -.B %dnsonload -but will change to -.B %dnsondemand -in the future. -The identity used for the left participant -must be a specific host, not -.B %any -or another magic value. -.B Caution: -if two connection descriptions -specify different public keys for the same -.BR leftid , -confusion and madness will ensue. -.TP -.B leftrsasigkey2 -if present, a second public key. -Either key can authenticate the signature, allowing for key rollover. -.TP -.B leftsourceip -.TP -.B leftsubnetwithin -.TP -.B pfs -whether Perfect Forward Secrecy of keys is desired on the connection's -keying channel -(with PFS, penetration of the key-exchange protocol -does not compromise keys negotiated earlier); -acceptable values are -.B yes -(the default) -and -.BR no . -.TP -.B rekey -whether a connection should be renegotiated when it is about to expire; -acceptable values are -.B yes -(the default) -and -.BR no . -The two ends need not agree, -but while a value of -.B no -prevents Pluto from requesting renegotiation, -it does not prevent responding to renegotiation requested from the other end, -so -.B no -will be largely ineffective unless both ends agree on it. -.TP -.B rekeyfuzz -maximum percentage by which -.B rekeymargin -should be randomly increased to randomize rekeying intervals -(important for hosts with many connections); -acceptable values are an integer, -which may exceed 100, -followed by a `%' -(default set by -.IR ipsec_pluto (8), -currently -.BR 100% ). -The value of -.BR rekeymargin , -after this random increase, -must not exceed -.BR keylife . -The value -.B 0% -will suppress time randomization. -Relevant only locally, other end need not agree on it. -.TP -.B rekeymargin -how long before connection expiry or keying-channel expiry -should attempts to -negotiate a replacement -begin; acceptable values as for -.B keylife -(default -.BR 9m ). -Relevant only locally, other end need not agree on it. -.SS "CONN PARAMETERS: MANUAL KEYING" -The following parameters are relevant only to manual keying, -and are ignored in automatic keying. -Unless otherwise noted, -for a connection to work, -in general it is necessary for the two ends to agree exactly -on the values of these parameters. -A manually-keyed -connection must specify at least one of AH or ESP. -.TP 14 -.B spi -(this or -.B spibase -required for manual keying) -the SPI number to be used for the connection (see -.IR ipsec_manual (8)); -must be of the form \fB0x\fIhex\fB\fR, -where -.I hex -is one or more hexadecimal digits -(note, it will generally be necessary to make -.I spi -at least -.B 0x100 -to be acceptable to KLIPS, -and use of SPIs in the range -.BR 0x100 - 0xfff -is recommended) -.TP 14 -.B spibase -(this or -.B spi -required for manual keying) -the base number for the SPIs to be used for the connection (see -.IR ipsec_manual (8)); -must be of the form \fB0x\fIhex\fB0\fR, -where -.I hex -is one or more hexadecimal digits -(note, it will generally be necessary to make -.I spibase -at least -.B 0x100 -for the resulting SPIs -to be acceptable to KLIPS, -and use of numbers in the range -.BR 0x100 - 0xff0 -is recommended) -.TP -.B esp -ESP encryption/authentication algorithm to be used -for the connection, e.g. -.B 3des-md5-96 -(must be suitable as a value of -.IR ipsec_spi (8)'s -.B \-\-esp -option); -default is not to use ESP -.TP -.B espenckey -ESP encryption key -(must be suitable as a value of -.IR ipsec_spi (8)'s -.B \-\-enckey -option) -(may be specified separately for each direction using -.B leftespenckey -(leftward SA) -and -.B rightespenckey -parameters) -.TP -.B espauthkey -ESP authentication key -(must be suitable as a value of -.IR ipsec_spi (8)'s -.B \-\-authkey -option) -(may be specified separately for each direction using -.B leftespauthkey -(leftward SA) -and -.B rightespauthkey -parameters) -.TP -.B espreplay_window -ESP replay-window setting, -an integer from -.B 0 -(the -.IR ipsec_manual -default, which turns off replay protection) to -.BR 64 ; -relevant only if ESP authentication is being used -.TP -.B leftespspi -SPI to be used for the leftward ESP SA, overriding -automatic assignment using -.B spi -or -.BR spibase ; -typically a hexadecimal number beginning with -.B 0x -.TP -.B ah -AH authentication algorithm to be used -for the connection, e.g. -.B hmac-md5-96 -(must be suitable as a value of -.IR ipsec_spi (8)'s -.B \-\-ah -option); -default is not to use AH -.TP -.B ahkey -(required if -.B ah -is present) AH authentication key -(must be suitable as a value of -.IR ipsec_spi (8)'s -.B \-\-authkey -option) -(may be specified separately for each direction using -.B leftahkey -(leftward SA) -and -.B rightahkey -parameters) -.TP -.B ahreplay_window -AH replay-window setting, -an integer from -.B 0 -(the -.I ipsec_manual -default, which turns off replay protection) to -.B 64 -.TP -.B leftahspi -SPI to be used for the leftward AH SA, overriding -automatic assignment using -.B spi -or -.BR spibase ; -typically a hexadecimal number beginning with -.B 0x -.SH "CA SECTIONS" -This are optional sections that can be used to assign special -parameters to a Certification Authority (CA). -.TP 10 -.B auto -currently can have either the value -.B ignore -or -.B add -. -.TP -.B cacert -defines a path to the CA certificate either relative to -\fI/etc/ipsec.d/cacerts\fP or as an absolute path. -.TP -.B crluri -defines a CRL distribution point (ldap, http, or file URI) -.TP -.B crluri2 -defines an alternative CRL distribution point (ldap, http, or file URI) -.TP -.B ldaphost -defines an ldap host. -.TP -.B ocspuri -defines an OCSP URI. -.SH "CONFIG SECTIONS" -At present, the only -.B config -section known to the IPsec software is the one named -.BR setup , -which contains information used when the software is being started -(see -.IR ipsec_setup (8)). -Here's an example: -.PP -.ne 8 -.nf -.ft B -.ta 1c -config setup - interfaces="ipsec0=eth1 ipsec1=ppp0" - klipsdebug=none - plutodebug=all - manualstart= -.ft -.fi -.PP -Parameters are optional unless marked ``(required)''. -The currently-accepted -.I parameter -names in a -.B config -.B setup -section are: -.TP 14 -.B myid -the identity to be used for -.BR %myid . -.B %myid -is used in the implicit policy group conns and can be used as -an identity in explicit conns. -If unspecified, -.B %myid -is set to the IP address in \fB%defaultroute\fP (if that is supported by a TXT record in its reverse domain), or otherwise -the system's hostname (if that is supported by a TXT record in its forward domain), or otherwise it is undefined. -An explicit value generally starts with ``\fB@\fP''. -.TP -.B interfaces -virtual and physical interfaces for IPsec to use: -a single -\fIvirtual\fB=\fIphysical\fR pair, a (quoted!) list of pairs separated -by white space, or -.BR %none . -One of the pairs may be written as -.BR %defaultroute , -which means: find the interface \fId\fR that the default route points to, -and then act as if the value was ``\fBipsec0=\fId\fR''. -.B %defaultroute -is the default; -.B %none -must be used to denote no interfaces. -If -.B %defaultroute -is used (implicitly or explicitly) -information about the default route and its interface is noted for -use by -.IR ipsec_manual (8) -and -.IR ipsec_auto (8).) -.TP -.B forwardcontrol -whether -.I setup -should turn IP forwarding on -(if it's not already on) as IPsec is started, -and turn it off again (if it was off) as IPsec is stopped; -acceptable values are -.B yes -and (the default) -.BR no . -For this to have full effect, forwarding must be -disabled before the hardware interfaces are brought -up (e.g., -.B "net.ipv4.ip_forward\ =\ 0" -in Red Hat 6.x -.IR /etc/sysctl.conf ), -because IPsec doesn't get control early enough to do that. -.TP -.B rp_filter -whether and how -.I setup -should adjust the reverse path filtering mechanism for the -physical devices to be used. -Values are \fB%unchanged\fP (to leave it alone) -or \fB0\fP, \fB1\fP, \fB2\fP (values to set it to). -\fI/proc/sys/net/ipv4/conf/PHYS/rp_filter\fP -is badly documented; it must be \fB0\fP in many cases -for ipsec to function. -The default value for the parameter is \fB0\fP. -.TP -.B syslog -the -.IR syslog (2) -``facility'' name and priority to use for -startup/shutdown log messages, -default -.BR daemon.error . -.TP -.B klipsdebug -how much KLIPS debugging output should be logged. -An empty value, -or the magic value -.BR none , -means no debugging output (the default). -The magic value -.B all -means full output. -Otherwise only the specified types of output -(a quoted list, names separated by white space) are enabled; -for details on available debugging types, see -.IR ipsec_klipsdebug (8). -.TP -.B plutodebug -how much Pluto debugging output should be logged. -An empty value, -or the magic value -.BR none , -means no debugging output (the default). -The magic value -.B all -means full output. -Otherwise only the specified types of output -(a quoted list, names without the -.B \-\-debug\- -prefix, -separated by white space) are enabled; -for details on available debugging types, see -.IR ipsec_pluto (8). -.TP -.B plutoopts -additional options to pass to pluto upon startup. See -.IR ipsec_pluto (8). -.TP -.B plutostderrlog -do not use syslog, but rather log to stderr, and direct stderr to the -argument file. -.TP -.B dumpdir -in what directory should things started by -.I setup -(notably the Pluto daemon) be allowed to -dump core? -The empty value (the default) means they are not -allowed to. -.TP -.B manualstart -which manually-keyed connections to set up at startup -(empty, a name, or a quoted list of names separated by white space); -see -.IR ipsec_manual (8). -Default is none. -.TP -.B pluto -whether to start Pluto or not; -Values are -.B yes -(the default) -or -.B no -(useful only in special circumstances). -.TP -.B plutowait -should Pluto wait for each -negotiation attempt that is part of startup to -finish before proceeding with the next? -Values are -.B yes -or -.BR no -(the default). -.TP -.B prepluto -shell command to run before starting Pluto -(e.g., to decrypt an encrypted copy of the -.I ipsec.secrets -file). -It's run in a very simple way; -complexities like I/O redirection are best hidden within a script. -Any output is redirected for logging, -so running interactive commands is difficult unless they use -.I /dev/tty -or equivalent for their interaction. -Default is none. -.TP -.B postpluto -shell command to run after starting Pluto -(e.g., to remove a decrypted copy of the -.I ipsec.secrets -file). -It's run in a very simple way; -complexities like I/O redirection are best hidden within a script. -Any output is redirected for logging, -so running interactive commands is difficult unless they use -.I /dev/tty -or equivalent for their interaction. -Default is none. -.TP -.B fragicmp -whether a tunnel's need to fragment a packet should be reported -back with an ICMP message, -in an attempt to make the sender lower his PMTU estimate; -acceptable values are -.B yes -(the default) -and -.BR no . -.TP -.B hidetos -whether a tunnel packet's TOS field should be set to -.B 0 -rather than copied from the user packet inside; -acceptable values are -.B yes -(the default) -and -.BR no . -.TP -.B uniqueids -whether a particular participant ID should be kept unique, -with any new (automatically keyed) -connection using an ID from a different IP address -deemed to replace all old ones using that ID; -acceptable values are -.B yes -(the default) -and -.BR no . -Participant IDs normally \fIare\fR unique, -so a new (automatically-keyed) connection using the same ID is -almost invariably intended to replace an old one. -.TP -.B overridemtu -value that the MTU of the ipsec\fIn\fR interface(s) should be set to, -overriding IPsec's (large) default. -This parameter is needed only in special situations. -.TP -.B nat_traversal -.TP -.B crlcheckinterval -.TP -.B strictcrlpolicy -.TP -.B pkcs11module -.TP -.B pkcs11keepstate - -.SH CHOOSING A CONNECTION -.PP -When choosing a connection to apply to an outbound packet caught with a -.BR %trap, -the system prefers the one with the most specific eroute that -includes the packet's source and destination IP addresses. -Source subnets are examined before destination subnets. -For initiating, only routed connections are considered. For responding, -unrouted but added connections are considered. -.PP -When choosing a connection to use to respond to a negotiation which -doesn't match an ordinary conn, an opportunistic connection -may be instantiated. Eventually, its instance will be /32 -> /32, but -for earlier stages of the negotiation, there will not be enough -information about the client subnets to complete the instantiation. -.SH FILES -.nf -/etc/ipsec.conf -/etc/ipsec.d/cacerts -/etc/ipsec.d/certs -/etc/ipsec.d/crls -/etc/ipsec.d/aacerts -/etc/ipsec.d/acerts - -.SH SEE ALSO -ipsec(8), ipsec_ttoaddr(8), ipsec_auto(8), ipsec_manual(8), ipsec_rsasigkey(8) -.SH HISTORY -Written for the FreeS/WAN project - -by Henry Spencer. Extended for the strongSwan project - -by Andreas Steffen. -.SH BUGS -.PP -When -.B type -or -.B failureshunt -is set to -.B drop -or -.BR reject, -strongSwan blocks outbound packets using eroutes, but assumes inbound -blocking is handled by the firewall. strongSwan offers firewall hooks -via an ``updown'' script. However, the default -.B ipsec _updown -provides no help in controlling a modern firewall. -.PP -Including attributes of the keying channel -(authentication methods, -.BR ikelifetime , -etc.) -as an attribute of a connection, -rather than of a participant pair, is dubious and incurs limitations. -.PP -.IR Ipsec_manual -is not nearly as generous about the syntax of subnets, -addresses, etc. as the usual strongSwan user interfaces. -Four-component dotted-decimal must be used for all addresses. -It -.I is -smart enough to translate bit-count netmasks to dotted-decimal form. -.PP -It would be good to have a line-continuation syntax, -especially for the very long lines involved in -RSA signature keys. -.PP -The ability to specify different identities, -.BR authby , -and public keys for different automatic-keyed connections -between the same participants is misleading; -this doesn't work dependably because the identity of the participants -is not known early enough. -This is especially awkward for the ``Road Warrior'' case, -where the remote IP address is specified as -.BR 0.0.0.0 , -and that is considered to be the ``participant'' for such connections. -.PP -In principle it might be necessary to control MTU on an -interface-by-interface basis, -rather than with the single global override that -.B overridemtu -provides. -.PP -A number of features which \fIcould\fR be implemented in -both manual and automatic keying -actually are not yet implemented for manual keying. -This is unlikely to be fixed any time soon. -.PP -If conns are to be added before DNS is available, -\fBleft=\fP\fIFQDN\fP, -\fBleftnextop=\fP\fIFQDN\fP, -and -.B leftrsasigkey=%dnsonload -will fail. -.IR ipsec_pluto (8) -does not actually use the public key for our side of a conn but it -isn't generally known at a add-time which side is ours (Road Warrior -and Opportunistic conns are currently exceptions). -.PP -The \fBmyid\fP option does not affect explicit \fB ipsec auto \-\-add\fP or \fBipsec auto \-\-replace\fP commands for implicit conns. diff --git a/programs/_confread/ipsec.conf.in b/programs/_confread/ipsec.conf.in deleted file mode 100644 index 296986459..000000000 --- a/programs/_confread/ipsec.conf.in +++ /dev/null @@ -1,44 +0,0 @@ -# /etc/ipsec.conf - strongSwan IPsec configuration file - -# RCSID $Id: ipsec.conf.in,v 1.7 2006/01/31 13:09:10 as Exp $ - -# Manual: ipsec.conf.5 -# Help: http://www.strongswan.org/docs/readme.htm - -version 2.0 # conforms to second version of ipsec.conf specification - -# basic configuration - -config setup - # Debug-logging controls: "none" for (almost) none, "all" for lots. - # plutodebug=all - # crlcheckinterval=600 - # strictcrlpolicy=yes - # cachecrls=yes - # nat_traversal=yes - -# Uncomment to activate Opportunistic Encryption (OE) -# include /etc/ipsec.d/examples/oe.conf - -# Add connections here. - -# Sample VPN connections - -#conn sample-self-signed -# left=%defaultroute -# leftsubnet=10.1.0.0/16 -# leftcert=selfCert.der -# leftsendcert=never -# right=192.168.0.2 -# rightsubnet=10.2.0.0/16 -# rightcert=peerCert.der -# auto=start - -#conn sample-with-ca-cert -# left=%defaultroute -# leftsubnet=10.1.0.0/16 -# leftcert=myCert.pem -# right=192.168.0.2 -# rightsubnet=10.2.0.0/16 -# rightid="C=CH, O=Linux strongSwan CN=peer name" -# auto=start diff --git a/programs/_confread/private-or-clear.in b/programs/_confread/private-or-clear.in deleted file mode 100644 index c66b1d29f..000000000 --- a/programs/_confread/private-or-clear.in +++ /dev/null @@ -1,14 +0,0 @@ -# This file defines the set of CIDRs (network/mask-length) to which -# communication should be private, if possible, but in the clear otherwise. -# -# If the target has a TXT (later IPSECKEY) record that specifies -# authentication material, we will require private (i.e. encrypted) -# communications. If no such record is found, communications will be -# in the clear. -# -# See @FINALDOCDIR@/policygroups.html for details. -# -# $Id: private-or-clear.in,v 1.1 2004/03/15 20:35:27 as Exp $ -# - -0.0.0.0/0 diff --git a/programs/_confread/private.in b/programs/_confread/private.in deleted file mode 100644 index 9d4bd6c67..000000000 --- a/programs/_confread/private.in +++ /dev/null @@ -1,6 +0,0 @@ -# This file defines the set of CIDRs (network/mask-length) to which -# communication should always be private (i.e. encrypted). -# See @FINALDOCDIR@/policygroups.html for details. -# -# $Id: private.in,v 1.1 2004/03/15 20:35:27 as Exp $ -# diff --git a/programs/_confread/randomize b/programs/_confread/randomize deleted file mode 100755 index 26d80a8f3..000000000 --- a/programs/_confread/randomize +++ /dev/null @@ -1,28 +0,0 @@ -#! /bin/sh -# internal utility for putting random keys into sample configuration file -# Copyright (C) 1998, 1999 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: randomize,v 1.1 2004/03/15 20:35:27 as Exp $ - -awk '/`[0-9]+`/ { - match($0, /`[0-9]+`/) - n = substr($0, RSTART+1, RLENGTH-2) - cmd = "./ranbits --quick " n - cmd | getline key - cmd | getline eof - close(cmd) - sub(/`[0-9]+`/, key, $0) - print - next -} -{ print }' $* diff --git a/programs/_copyright/.cvsignore b/programs/_copyright/.cvsignore deleted file mode 100644 index 23ebcb381..000000000 --- a/programs/_copyright/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -_copyright diff --git a/programs/_copyright/Makefile b/programs/_copyright/Makefile deleted file mode 100644 index 52c594b68..000000000 --- a/programs/_copyright/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_copyright -PROGRAMDIR=${LIBDIR} -LIBS=${FREESWANLIB} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.3 2002/08/02 16:01:07 mcr -# moved user visible programs to $PREFIX/libexec, while moving -# private files to $PREFIX/lib. -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/_copyright/_copyright.8 b/programs/_copyright/_copyright.8 deleted file mode 100644 index 87e4adc98..000000000 --- a/programs/_copyright/_copyright.8 +++ /dev/null @@ -1,32 +0,0 @@ -.TH _COPYRIGHT 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _copyright.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _copyright \- prints FreeSWAN copyright -.SH DESCRIPTION -.I _copyright -outputs the FreeSWAN copyright, and version numbers for "ipsec --copyright" -.SH "SEE ALSO" -ipsec(8) -.SH HISTORY -Man page written for the Linux FreeS/WAN project - -by Michael Richardson. Program written by Henry Spencer. -.\" -.\" $Log: _copyright.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" Revision 1.1 2002/04/26 01:21:43 mcr -.\" while tracking down a missing (not installed) /etc/ipsec.conf, -.\" MCR has decided that it is not okay for each program subdir to have -.\" some subset (determined with -f) of possible files. -.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -.\" Optional PROGRAM.5 files have been added to the makefiles. -.\" -.\" -.\" diff --git a/programs/_copyright/_copyright.c b/programs/_copyright/_copyright.c deleted file mode 100644 index 0fb360f40..000000000 --- a/programs/_copyright/_copyright.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * copyright reporter - * (just avoids having the info in more than one place in the source) - * Copyright (C) 2001 Henry Spencer. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - * - * RCSID $Id: _copyright.c,v 1.1 2004/03/15 20:35:27 as Exp $ - */ - -#include -#include -#include -#include -#include -#include -#include - -char usage[] = "Usage: ipsec _copyright"; -struct option opts[] = { - {"help", 0, NULL, 'h',}, - {"version", 0, NULL, 'v',}, - {0, 0, NULL, 0, }, -}; - -char me[] = "ipsec _copyright"; /* for messages */ - -int -main(int argc, char *argv[]) -{ - int opt; - extern int optind; - int errflg = 0; - const char *version = ipsec_version_code(); - const char **notice = ipsec_copyright_notice(); - const char **co; - - while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) - switch (opt) { - case 'h': /* help */ - printf("%s\n", usage); - exit(0); - break; - case 'v': /* version */ - printf("%s %s\n", me, version); - exit(0); - break; - case '?': - default: - errflg = 1; - break; - } - if (errflg || optind != argc) { - fprintf(stderr, "%s\n", usage); - exit(2); - } - - for (co = notice; *co != NULL; co++) - printf("%s\n", *co); - exit(0); -} diff --git a/programs/_include/.cvsignore b/programs/_include/.cvsignore deleted file mode 100644 index ab6204115..000000000 --- a/programs/_include/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -_include diff --git a/programs/_include/Makefile b/programs/_include/Makefile deleted file mode 100644 index 6b5f11682..000000000 --- a/programs/_include/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_include -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.3 2002/08/02 16:01:11 mcr -# moved user visible programs to $PREFIX/libexec, while moving -# private files to $PREFIX/lib. -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/_include/_include.8 b/programs/_include/_include.8 deleted file mode 100644 index 56ffa0723..000000000 --- a/programs/_include/_include.8 +++ /dev/null @@ -1,35 +0,0 @@ -.TH _INCLUDE 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _include.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _include \- internal script to process config files -.SH DESCRIPTION -.I _include -is used by -.I _confread -to process -.B include -directives in /etc/ipsec.conf. -.SH "SEE ALSO" -ipsec(8), ipsec__confread(8) -.SH HISTORY -Man page written for the Linux FreeS/WAN project -by Michael Richardson. Program written by Henry Spencer. -.\" -.\" $Log: _include.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" Revision 1.1 2002/04/26 01:21:43 mcr -.\" while tracking down a missing (not installed) /etc/ipsec.conf, -.\" MCR has decided that it is not okay for each program subdir to have -.\" some subset (determined with -f) of possible files. -.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -.\" Optional PROGRAM.5 files have been added to the makefiles. -.\" -.\" -.\" diff --git a/programs/_include/_include.in b/programs/_include/_include.in deleted file mode 100755 index 10a8a49e4..000000000 --- a/programs/_include/_include.in +++ /dev/null @@ -1,102 +0,0 @@ -#! /bin/sh -# implements nested file inclusion for control files, including wildcarding -# Copyright (C) 1998, 1999 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _include.in,v 1.2 2004/03/15 21:03:06 as Exp $ -# -# Output includes marker lines for file changes: -# "#< filename lineno" signals entry into that file -# "#> filename lineno" signals return to that file -# The lineno is the line number of the *next* line. -# -# Errors are reported with a "#:message" line rather than on stderr. -# -# Lines which look like marker and report lines are never passed through. - -IPSEC_NAME="strongSwan" - -usage="Usage: $0 file ..." -me="ipsec _include" - -for dummy -do - case "$1" in - --inband) ;; # back compatibility - --help) echo "$usage" ; exit 0 ;; - --version) echo "$me $IPSEC_VERSION" ; exit 0 ;; - --) shift ; break ;; - -*) echo "$0: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -case $# in -0) echo "$usage" >&2 ; exit 2 ;; -esac - -for f -do - if test ! -r "$f" - then - if test ! "$f" = "/etc/ipsec.conf" - then - echo "#:cannot open configuration file \'$f\'" - if test "$f" = "/etc/ipsec.secrets" - then - echo "#:Your secrets file will be created when you start $IPSEC_NAME for the first time." - fi - exit 1 - else - exit 1 - fi - fi -done - -awk 'BEGIN { - wasfile = "" -} -FNR == 1 { - print "" - print "#<", FILENAME, 1 - lineno = 0 - wasfile = FILENAME -} -{ - lineno++ - # lineno is now the number of this line -} -/^#[<>:]/ { - next -} -/^include[ \t]+/ { - orig = $0 - sub(/[ \t]+#.*$/, "") - if (NF != 2) { - msg = "(" FILENAME ", line " lineno ")" - msg = msg " include syntax error in \"" orig "\"" - print "#:" msg - exit 1 - } - newfile = $2 - if (newfile !~ /^\// && FILENAME ~ /\//) { - prefix = FILENAME - sub("[^/]+$", "", prefix) - newfile = prefix newfile - } - system("ipsec _include " newfile) - print "" - print "#>", FILENAME, lineno + 1 - next -} -{ print }' $* diff --git a/programs/_keycensor/.cvsignore b/programs/_keycensor/.cvsignore deleted file mode 100644 index 97d0bb2bf..000000000 --- a/programs/_keycensor/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -_keycensor diff --git a/programs/_keycensor/Makefile b/programs/_keycensor/Makefile deleted file mode 100644 index bc495328f..000000000 --- a/programs/_keycensor/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_keycensor -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.3 2002/08/02 16:01:15 mcr -# moved user visible programs to $PREFIX/libexec, while moving -# private files to $PREFIX/lib. -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/_keycensor/_keycensor.8 b/programs/_keycensor/_keycensor.8 deleted file mode 100644 index 89a97a9f9..000000000 --- a/programs/_keycensor/_keycensor.8 +++ /dev/null @@ -1,33 +0,0 @@ -.TH _KEYCENSOR 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _keycensor.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _keycensor \- internal routine to remove sensitive information -.SH DESCRIPTION -.I _keycensor -is used by -.B ipsec barf -to process the /etc/ipsec.secrets file, removing private key info. -.SH "SEE ALSO" -ipsec(8), ipsec_barf(8) -.SH HISTORY -Man page written for the Linux FreeS/WAN project -by Michael Richardson. Original program by Henry Spencer. -.\" -.\" $Log: _keycensor.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" Revision 1.1 2002/04/26 01:21:43 mcr -.\" while tracking down a missing (not installed) /etc/ipsec.conf, -.\" MCR has decided that it is not okay for each program subdir to have -.\" some subset (determined with -f) of possible files. -.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -.\" Optional PROGRAM.5 files have been added to the makefiles. -.\" -.\" -.\" diff --git a/programs/_keycensor/_keycensor.in b/programs/_keycensor/_keycensor.in deleted file mode 100755 index 7d6f257e5..000000000 --- a/programs/_keycensor/_keycensor.in +++ /dev/null @@ -1,52 +0,0 @@ -#! /bin/sh -# implements key censoring for barf -# Copyright (C) 1999, 2002 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _keycensor.in,v 1.1 2004/03/15 20:35:27 as Exp $ - -usage="Usage: $0 [file ...]" -me="ipsec _keycensor" - -for dummy -do - case "$1" in - --help) echo "$usage" ; exit 0 ;; - --version) echo "$me $IPSEC_VERSION" ; exit 0 ;; - --) shift ; break ;; - -*) echo "$0: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -awk ' /(sig|enc|auth)key[ \t]*=[ \t]*[^%]/ { - i = match($0, /key[ \t]*=[ \t]*/) - i += RLENGTH - cold = substr($0, 1, i-1) - hot = substr($0, i) - sub(/[ \t]+(#.*)?$/, "", hot) - q = "'"'"'" # single quote - if (hot ~ q) - cooled = "[cannot be condensed]" - else if (hot ~ /^0s/) - cooled = "[keyid " substr(hot, 3, 9) "]" - else { - run = "echo " q hot q " | md5sum" - run | getline - close(run) - cooled = "[sums to " substr($1, 1, 4) "...]" - } - print cold cooled - next - } - { print }' $* diff --git a/programs/_plutoload/.cvsignore b/programs/_plutoload/.cvsignore deleted file mode 100644 index cbcf7e699..000000000 --- a/programs/_plutoload/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -_plutoload diff --git a/programs/_plutoload/Makefile b/programs/_plutoload/Makefile deleted file mode 100644 index af9ffee18..000000000 --- a/programs/_plutoload/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_plutoload -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.3 2002/08/02 16:01:19 mcr -# moved user visible programs to $PREFIX/libexec, while moving -# private files to $PREFIX/lib. -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/_plutoload/_plutoload.8 b/programs/_plutoload/_plutoload.8 deleted file mode 100644 index ba421b6c3..000000000 --- a/programs/_plutoload/_plutoload.8 +++ /dev/null @@ -1,33 +0,0 @@ -.TH _PLUTOLOAD 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _plutoload.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _plutoload \- internal script to start pluto -.SH DESCRIPTION -.I _plutoload -is called by -.B _plutorun -to actually start the pluto executable. -.SH "SEE ALSO" -ipsec(8), ipsec_setup(8), ipsec__realsetup(8), ipsec__plutorun(8) -.SH HISTORY -Man page written for the Linux FreeS/WAN project -by Michael Richardson. Original program by Henry Spencer. -.\" -.\" $Log: _plutoload.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" Revision 1.1 2002/04/26 01:21:43 mcr -.\" while tracking down a missing (not installed) /etc/ipsec.conf, -.\" MCR has decided that it is not okay for each program subdir to have -.\" some subset (determined with -f) of possible files. -.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -.\" Optional PROGRAM.5 files have been added to the makefiles. -.\" -.\" -.\" diff --git a/programs/_plutoload/_plutoload.in b/programs/_plutoload/_plutoload.in deleted file mode 100755 index 73841197d..000000000 --- a/programs/_plutoload/_plutoload.in +++ /dev/null @@ -1,164 +0,0 @@ -#!/bin/sh -# Pluto database-loading script -# Copyright (C) 1998, 1999, 2001 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _plutoload.in,v 1.2 2004/03/31 16:15:10 as Exp $ -# -# exit status is 13 for protocol violation, that of Pluto otherwise - -me='ipsec _plutoload' # for messages - -for dummy -do - case "$1" in - --load) plutoload="$2" ; shift ;; - --start) plutostart="$2" ; shift ;; - --wait) plutowait="$2" ; shift ;; - --post) postpluto="$2" ; shift ;; - --) shift ; break ;; - -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -# load ca information -eval `ipsec _confread --varprefix PLUTO --type ca --search auto add start` -if test " $PLUTO_confreadstatus" != " " -then - echo "auto=add/start search: $PLUTO_confreadstatus" - echo "unable to determine what ca information to add -- adding none" - caload= -else - caload="$PLUTO_confreadnames" -fi - -# searches, if needed -# the way the searches were done ensures plutoload >= plutoroute >= plutostart - -# search for things to "ipsec auto --add": auto in "add" "route" "start" -eval `ipsec _confread --varprefix PLUTO --search auto add route start` -if test " $PLUTO_confreadstatus" != " " -then - echo "auto=add/route/start search: $PLUTO_confreadstatus" - echo "unable to determine what conns to add -- adding none" - plutoload= -else - plutoload="$PLUTO_confreadnames" -fi - -# search for things to "ipsec auto --route": auto in "route" "start" -eval `ipsec _confread --varprefix PLUTO --search auto route start` -if test " $PLUTO_confreadstatus" != " " -then - echo "auto=route/start search: $PLUTO_confreadstatus" - echo "unable to determine what conns to route -- routing none" - plutoroute= -else - plutoroute="$PLUTO_confreadnames" -fi - -# search for things to "ipsec auto --up": auto in "start" -eval `ipsec _confread --varprefix PLUTO --search auto start` -if test " $PLUTO_confreadstatus" != " " -then - echo "auto=start search: $PLUTO_confreadstatus" - echo "unable to determine what conns to start -- starting none" - plutostart= -else - plutostart="$PLUTO_confreadnames" -fi - -# await Pluto's readiness (not likely to be an issue, but...) -eofed=y -while read saying -do - case "$saying" in - 'Pluto initialized') eofed= ; break ;; # NOTE BREAK OUT - *) echo "pluto unexpectedly said \`$saying'" ;; - esac -done -if test "$eofed" -then - echo "pluto died unexpectedly!?!" - exit 13 -fi - -# ca database load -for tu in $caload -do - ipsec auto --type ca --add $tu || - echo "...could not add ca \"$tu\"" -done - -# conn database load -for tu in $plutoload -do - ipsec auto --add $tu || - echo "...could not add conn \"$tu\"" -done - -# enable listening -ipsec auto --ready - -# execute any post-startup cleanup -if test " $postpluto" != " " -then - $postpluto - st=$? - if test " $st" -ne 0 - then - echo "...postpluto command exited with status $st" - fi -fi - -# quickly establish routing -for tu in $plutoroute -do - ipsec auto --route $tu || - echo "...could not route conn \"$tu\"" -done - -# tunnel initiation, which may take a while -async= -if test " $plutowait" = " no" -then - async="--asynchronous" -fi -for tu in $plutostart -do - ipsec auto --up $async $tu || - echo "...could not start conn \"$tu\"" -done - -# report any further utterances, and watch for exit status -eofed=y -while read saying -do - case "$saying" in - exit) eofed= ; break ;; # NOTE BREAK OUT - *) echo "pluto unexpectedly says \`$saying'" ;; - esac -done -if test "$eofed" -then - echo "pluto died without exit status!?!" - exit 13 -fi -if read status -then - exit $status -else - echo "pluto yielded no exit status!?!" - exit 13 -fi diff --git a/programs/_plutorun/.cvsignore b/programs/_plutorun/.cvsignore deleted file mode 100644 index 13e0ae1a1..000000000 --- a/programs/_plutorun/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -_plutorun diff --git a/programs/_plutorun/Makefile b/programs/_plutorun/Makefile deleted file mode 100644 index b0928797c..000000000 --- a/programs/_plutorun/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_plutorun -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.3 2002/08/02 16:01:26 mcr -# moved user visible programs to $PREFIX/libexec, while moving -# private files to $PREFIX/lib. -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/_plutorun/_plutorun.8 b/programs/_plutorun/_plutorun.8 deleted file mode 100644 index 9de6927dc..000000000 --- a/programs/_plutorun/_plutorun.8 +++ /dev/null @@ -1,37 +0,0 @@ -.TH _PLUTORUN 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _plutorun.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _plutorun \- internal script to start pluto -.SH DESCRIPTION -.I _plutorun -is called by -.B _realsetup -to configure and bring up -.B ipsec_pluto(8). -It calls -.B _plutoload -to invoke pluto, and watches to makes sure that pluto is restarted if it fails. -.SH "SEE ALSO" -ipsec(8), ipsec_setup(8), ipsec__realsetup(8), ipsec__plutoload(8), ipsec_pluto(8). -.SH HISTORY -Man page written for the Linux FreeS/WAN project -by Michael Richardson. Original program written by Henry Spencer. -.\" -.\" $Log: _plutorun.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" Revision 1.1 2002/04/26 01:21:43 mcr -.\" while tracking down a missing (not installed) /etc/ipsec.conf, -.\" MCR has decided that it is not okay for each program subdir to have -.\" some subset (determined with -f) of possible files. -.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -.\" Optional PROGRAM.5 files have been added to the makefiles. -.\" -.\" -.\" diff --git a/programs/_plutorun/_plutorun.in b/programs/_plutorun/_plutorun.in deleted file mode 100755 index b02afeefb..000000000 --- a/programs/_plutorun/_plutorun.in +++ /dev/null @@ -1,281 +0,0 @@ -#!/bin/sh -# Pluto control daemon -# Copyright (C) 1998, 1999, 2001 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _plutorun.in,v 1.9 2005/10/16 13:28:15 as Exp $ - -me='ipsec _plutorun' # for messages - -info=/var/run/ipsec.info - -popts= -stderrlog= -plutorestartoncrash=true - -wherelog=daemon.error -pidfile=/var/run/pluto.pid -verb="Starting" -for dummy -do - case "$1" in - --re) verb="Restarting" ;; - --plutorestartoncrash) plutorestartoncrash="$2"; shift ;; - --debug) plutodebug="$2" ; shift ;; - --uniqueids) uniqueids="$2" ; shift ;; - --nat_traversal) nat_traversal="$2" ; shift ;; - --keep_alive) keep_alive="$2" ; shift ;; - --force_keepalive) force_keepalive="$2" ; shift ;; - --disable_port_floating) disable_port_floating="$2" ; shift ;; - --virtual_private) virtual_private="$2" ; shift ;; - --nocrsend) nocrsend="$2" ; shift ;; - --strictcrlpolicy) strictcrlpolicy="$2" ; shift ;; - --crlcheckinterval) crlcheckinterval="$2"; shift ;; - --cachecrls) cachecrls="$2" ; shift ;; - --pkcs11module) pkcs11module="$2"; shift ;; - --pkcs11keepstate) pkcs11keepstate="$2"; shift ;; - --pkcs11proxy) pkcs11proxy="$2"; shift ;; - --dump) dumpdir="$2" ; shift ;; - --opts) popts="$2" ; shift ;; - --stderrlog) stderrlog="$2" ; shift ;; - --wait) plutowait="$2" ; shift ;; - --pre) prepluto="$2" ; shift ;; - --post) postpluto="$2" ; shift ;; - --log) wherelog="$2" ; shift ;; - --pid) pidfile="$2" ; shift ;; - --) shift ; break ;; - -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -# initially we are in the foreground, with parent looking after logging - -# precautions -if test -f $pidfile -then - echo "pluto appears to be running already (\`$pidfile' exists), will not start another" - exit 1 -fi -if test ! -e /dev/urandom -then - echo "cannot start Pluto, system lacks \`/dev/urandom'!?!" - exit 1 -fi - -# sort out options -for d in $plutodebug -do - popts="$popts --debug-$d" -done -case "$uniqueids" in -yes) popts="$popts --uniqueids" ;; -no|'') ;; -*) echo "unknown uniqueids value (not yes/no) \`$IPSECuniqueids'" ;; -esac -case "$nocrsend" in -yes) popts="$popts --nocrsend" ;; -no|'') ;; -*) echo "unknown nocrsend value (not yes/no) \`$IPSECnocrsend'" ;; -esac -case "$strictcrlpolicy" in -yes) popts="$popts --strictcrlpolicy" ;; -no|'') ;; -*) echo "unknown strictcrlpolicy value (not yes/no) \`$IPSECstrictcrlpolicy'" ;; -esac -case "$cachecrls" in -yes) popts="$popts --cachecrls" ;; -no|'') ;; -*) echo "unknown cachecrls value (not yes/no) \`$IPSECcachecrls'" ;; -esac -case "$nat_traversal" in -yes) popts="$popts --nat_traversal" ;; -no|'') ;; -*) echo "unknown nat_traversal value (not yes/no) \`$IPSECnat_traversal'" ;; -esac -[ -n "$keep_alive" ] && popts="$popts --keep_alive $keep_alive" -case "$force_keepalive" in -yes) popts="$popts --force_keepalive" ;; -no|'') ;; -*) echo "unknown force_keepalive value (not yes/no) \`$IPSECforce_keepalive'" ;; -esac -case "$disable_port_floating" in -yes) popts="$popts --disable_port_floating" ;; -no|'') ;; -*) echo "unknown disable_port_floating (not yes/no) \`$disable_port_floating'" ;; -esac -case "$pkcs11keepstate" in -yes) popts="$popts --pkcs11keepstate" ;; -no|'') ;; -*) echo "unknown pkcs11keepstate value (not yes/no) \`$IPSECpkcs11keepstate'" ;; -esac -case "$pkcs11proxy" in -yes) popts="$popts --pkcs11proxy" ;; -no|'') ;; -*) echo "unknown pkcs11proxy value (not yes/no) \`$IPSECpkcs11proxy'" ;; -esac - -[ -n "$virtual_private" ] && popts="$popts --virtual_private $virtual_private" - -# add crl check interval -if test ${crlcheckinterval:-0} -gt 0 -then - popts="$popts --crlcheckinterval $crlcheckinterval" -fi - -if test -n "$pkcs11module" -then - popts="$popts --pkcs11module $pkcs11module" -fi - -if test -n "$stderrlog" -then - popts="$popts --stderrlog 2>>$stderrlog" - - if test -f $stderrlog - then - if test ! -w $stderrlog - then - echo Cannot write to \"$stderrlog\". - exit 1 - fi - else - if test ! -w "`dirname $stderrlog`" - then - echo Cannot write to directory to create \"$stderrlog\". - exit 1 - fi - fi - - echo "Plutorun started on "`date` >$stderrlog -fi - -# set up dump directory -if test " $dumpdir" = " " -then - ulimit -c 0 # preclude core dumps -elif test ! -d "$dumpdir" -then - echo "dumpdir \`$dumpdir' does not exist, ignored" - ulimit -c 0 # preclude core dumps -elif cd $dumpdir # put them where desired -then - ulimit -c unlimited # permit them -else - echo "cannot cd to dumpdir \`$dumpdir', ignored" - ulimit -c 0 # preclude them -fi - -# execute any preliminaries -if test " $prepluto" != " " -then - $prepluto - st=$? - if test " $st" -ne 0 - then - echo "...prepluto command exited with status $st" - fi -fi - -IPSEC_SECRETS=${IPSEC_CONFS}/ipsec.secrets -if test ! -f "${IPSEC_SECRETS}" -then - ( logger -p authpriv.info -t ipsec__plutorun No file ${IPSEC_SECRETS}, generating key. - ipsec scepclient --out pkcs1 --out cert-self --quiet - echo -e "# /etc/ipsec.secrets - strongSwan IPsec secrets file\n" > ${IPSEC_SECRETS} - chmod 600 ${IPSEC_SECRETS} - echo ": RSA myKey.der" >> ${IPSEC_SECRETS} - - # tell pluto to go re-read the file - ipsec auto --rereadsecrets - ) & -fi - -# -# make sure that the isakmp port is open! -# -if test -f /etc/sysconfig/ipchains -then - if egrep -q 500:500 /etc/sysconfig/ipchains - then - : - else - ipchains -I input 1 -p udp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 500:500 -j ACCEPT - # if it redhat, then save the rules again. - if [ -f /etc/redhat-release ] - then - sh /etc/rc.d/init.d/ipchains save - fi - fi -fi - -# spin off into the background, with our own logging -echo "$verb Pluto subsystem..." | logger -p authpriv.error -t ipsec__plutorun -execdir=${IPSEC_EXECDIR-@IPSEC_EXECDIR@} -libdir=${IPSEC_LIBDIR-@IPSEC_LIBDIR@} -until ( - if test -s $info - then - . $info - export defaultroutephys defaultroutevirt defaultrouteaddr defaultroutenexthop - fi - # eval allows $popts to contain redirection and other magic - eval $execdir/pluto --nofork --secretsfile "$IPSEC_SECRETS" --policygroupsdir "${IPSEC_CONFS}/ipsec.d/policies" $popts - status=$? - echo "exit" - echo $status - ) | $libdir/_plutoload --wait "$plutowait" --post "$postpluto" -do - status=$? - case "$status" in - 13) echo "internal failure in pluto scripts, impossible to carry on" - exit 1 - ;; - 10) echo "pluto apparently already running (?!?), giving up" - exit 1 - ;; - 137) echo "pluto killed by SIGKILL, terminating without restart or unlock" - exit 0 - ;; - 143) echo "pluto killed by SIGTERM, terminating without restart" - # pluto now does its own unlock for this - exit 0 - ;; - *) st=$status - if $plutorestartoncrash - then - : - else - exit 0 - fi - - if test $st -gt 128 - then - st="$st (signal `expr $st - 128`)" - fi - echo "!pluto failure!: exited with error status $st" - echo "restarting IPsec after pause..." - ( - sleep 10 - ipsec setup _autorestart - ) /dev/null 2>&1 & - exit 1 - ###sleep 10 - ###rm -rf $pidfile - #### and go around the loop again - ;; - esac -done &1 | - logger -s -p $wherelog -t ipsec__plutorun >/dev/null 2>/dev/null & - -exit 0 diff --git a/programs/_realsetup/.cvsignore b/programs/_realsetup/.cvsignore deleted file mode 100644 index 54941b8a3..000000000 --- a/programs/_realsetup/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -_realsetup diff --git a/programs/_realsetup/Makefile b/programs/_realsetup/Makefile deleted file mode 100644 index c339007e0..000000000 --- a/programs/_realsetup/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_realsetup -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.3 2002/08/02 16:01:34 mcr -# moved user visible programs to $PREFIX/libexec, while moving -# private files to $PREFIX/lib. -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/_realsetup/_realsetup.8 b/programs/_realsetup/_realsetup.8 deleted file mode 100644 index 51b647115..000000000 --- a/programs/_realsetup/_realsetup.8 +++ /dev/null @@ -1,36 +0,0 @@ -.TH _REALSETUP 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _realsetup.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _realsetup \- internal routine to start FreeS/WAN. -.SH DESCRIPTION -.I _realsetup -is called by the system init scripts to start the FreeS/WAN -system. It starts -.B KLIPS -(the kernel component) and -.B pluto -(the userspace keying component). -.SH "SEE ALSO" -ipsec(8), ipsec__klipsstart(8), ipsec__plutorun(8). -.SH HISTORY -Man page written for the Linux FreeS/WAN project -by Michael Richardson. Original program by Henry Spencer. -.\" -.\" $Log: _realsetup.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" Revision 1.1 2002/04/26 01:21:43 mcr -.\" while tracking down a missing (not installed) /etc/ipsec.conf, -.\" MCR has decided that it is not okay for each program subdir to have -.\" some subset (determined with -f) of possible files. -.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -.\" Optional PROGRAM.5 files have been added to the makefiles. -.\" -.\" -.\" diff --git a/programs/_realsetup/_realsetup.in b/programs/_realsetup/_realsetup.in deleted file mode 100755 index 91b6e98d3..000000000 --- a/programs/_realsetup/_realsetup.in +++ /dev/null @@ -1,456 +0,0 @@ -#!/bin/sh -# IPsec startup and shutdown command -# Copyright (C) 1998, 1999, 2001 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _realsetup.in,v 1.10 2005/09/25 21:30:52 as Exp $ - -IPSEC_NAME=strongSwan - -me='ipsec setup' # for messages - -# Misc. paths (some of this should perhaps be overrideable from ipsec.conf). -plutopid=/var/run/pluto.pid -subsyslock=/var/lock/subsys/ipsec -lock=/var/run/ipsec_setup.pid -info=/var/run/ipsec.info -sysflags=/proc/sys/net/ipsec -modules=/proc/modules -ipforward=/proc/sys/net/ipv4/ip_forward -ipsecversion=/proc/net/ipsec_version -kamepfkey=/proc/net/pfkey - -# make sure output of (e.g.) ifconfig is in English -unset LANG LANGUAGE LC_ALL LC_MESSAGES - -# check we were called properly -if test " $IPSEC_confreadsection" != " setup" -then - echo "$me: $0 must be called by ipsec_setup" >&2 - exit 1 -fi -# defaults for "config setup" items - -IPSECinterfaces=${IPSECinterfaces:-%defaultroute} - if test " $IPSECinterfaces" = " %none" ; then IPSECinterfaces= ; fi -# IPSECforwardcontrol "no" -# IPSECsyslog "daemon.error" -# IPSECklipsdebug "none" -# IPSECplutodebug "none" -# IPSECdumpdir "" (no dump) -# IPSECmanualstart "" -# IPSECpluto "yes" -IPSECplutowait=${IPSECplutowait:-no} -# IPSECprepluto "" -# IPSECpostpluto "" -# IPSECfragicmp "yes" -# IPSEChidetos "yes" -IPSECrp_filter=${IPSECrp_filter:-0} -IPSECuniqueids=${IPSECuniqueids:-yes} -IPSECcrlcheckinterval=${IPSECcrlcheckinterval:-0} -# IPSECpkcs11module "" -# IPSECoverridemtu "" - -# Shall we trace? -execute="true" -display="false" -for i in $IPSEC_setupflags -do - case "$i" in - "--showonly") execute="false" ; display=true ;; - "--show") display=true ;; - esac -done - -if $display -then - echo " " PATH="$PATH" -fi - -perform() { - if $display - then - echo " " "$*" - fi - - if $execute - then - eval "$*" - fi -} - -# function to set up manually-keyed connections -manualconns() { - if test " $IPSECmanualstart" != " " - then - for tu in $IPSECmanualstart - do - perform ipsec manual --up $tu - done - fi - - # search for things to "ipsec manual --up": auto == "manual" - eval `ipsec _confread --varprefix MANUALSTART --search auto manual` - if test " $MANUALSTART_confreadstatus" != " " - then - echo "auto=manual search: $MANUALSTART_confreadstatus" - echo "unable to determine what conns to manual --up; none done" - elif test " $MANUALSTART_confreadnames" != " " - then - for tu in $MANUALSTART_confreadnames - do - perform ipsec manual --up $tu - done - fi -} - -# for no-stdout logging: -LOGONLY="logger -p $IPSECsyslog -t ipsec_setup" - -# What an ugly string. -# Must be a string, not a function, because it is nested -# within another sequence (for plutorun). -# Luckily there are NO substitutions in it. -KILLKLIPS='ifl=` ifconfig | sed -n -e "/^ipsec/s/ .*//p" ` ; - test "X$ifl" != "X" && - for i in $ifl ; - do - ifconfig $i down ; - ipsec tncfg --detach --virtual $i ; - done ; - test -r /proc/net/ipsec_klipsdebug && ipsec klipsdebug --none ; - ipsec eroute --clear ; - ipsec spi --clear ; - for alg in aes serpent twofish blowfish sha2 ; - do - lsmod 2>&1 | grep "^ipsec_$alg" > /dev/null && rmmod ipsec_$alg ; - done ; - lsmod 2>&1 | grep "^ipsec" > /dev/null && rmmod ipsec' - -if test -f $kamepfkey -then - KILLKLIPS=' - if ip xfrm state > /dev/null 2>&1 ; - then - ip xfrm state flush ; - ip xfrm policy flush ; - elif type setkey > /dev/null 2>&1 ; - then - setkey -F ; - setkey -FP ; - fi' -fi - - - -# do it -case "$1" in - start|--start|_autostart) - # First, does it seem to be going already? - perform test ! -f $lock "||" "{" \ - echo "\"$IPSEC_NAME IPsec apparently already running, start aborted\"" ";" \ - exit 1 ";" \ - "}" - - # announcement - # (Warning, changes to this log message may affect barf.) - version="`ipsec --version | awk 'NR == 1 { print $(3) }' | sed -e 's/^U\(.*\)\/K(.*/\1/'`" - case "$1" in - start|--start) perform echo "\"Starting $IPSEC_NAME IPsec $version...\"" ;; - _autostart) perform echo "\"Restarting $IPSEC_NAME IPsec $version...\"" ;; - esac - - # preliminaries - perform rm -f $lock - - for f in /dev/random /dev/urandom - do - perform test -r $f "||" "{" \ - echo "\"...unable to start $IPSEC_NAME IPsec, no $f!\"" ";" \ - exit 1 ";" \ - "}" - done - - # the meaning of $$ at a different runtime is questionable! - perform echo '$$' ">" $lock - perform test -s $lock "||" "{" \ - echo "\"...unable to create $lock, aborting start!\"" ";" \ - rm -f $lock ";" \ - exit 1 ";" \ - "}" - - perform ">" $info - - # here we go - perform ipsec _startklips \ - --info $info \ - --debug "\"$IPSECklipsdebug\"" \ - --omtu "\"$IPSECoverridemtu\"" \ - --fragicmp "\"$IPSECfragicmp\"" \ - --hidetos "\"$IPSEChidetos\"" \ - --rpfilter "\"$IPSECrp_filter\"" \ - --log "\"$IPSECsyslog\"" \ - $IPSECinterfaces "||" \ - "{" rm -f $lock ";" exit 1 ";" "}" - - perform test -f $ipsecversion "||" \ - test -f $kamepfkey "||" "{" \ - echo "\"OOPS, should have aborted! Broken shell!\"" ";" \ - exit 1 ";" \ - "}" - - # misc pre-Pluto setup - - perform test -d `dirname $subsyslock` "&&" touch $subsyslock - - if test " $IPSECforwardcontrol" = " yes" - then - perform grep '"^0"' $ipforward ">" /dev/null "&&" "{" \ - echo "\"enabling IP forwarding:\"" "|" $LOGONLY ";" \ - echo "\"ipforwardingwas=$fw\"" ">>" $info ";" \ - echo 1 ">" $ipforward ";" \ - "}" - fi - manualconns - - plutorestartoncrash="" - case "$IPSECplutorestartoncrash" in - true|[yY]|yes|restart) plutorestartoncrash="--plutorestartoncrash true";; - false|[nN]|no|die) plutorestartoncrash="--plutorestartoncrash false" ;; - esac - - # Pluto - case "$1" in - start|--start) re= ;; - _autostart) re=--re ;; - esac - if test " $IPSECpluto" != " no" - then - perform ipsec _plutorun $re \ - --debug "\"$IPSECplutodebug\"" \ - --uniqueids "\"$IPSECuniqueids\"" \ - --nocrsend "\"$IPSECnocrsend\"" \ - --strictcrlpolicy "\"$IPSECstrictcrlpolicy\"" \ - --cachecrls "\"$IPSECcachecrls\"" \ - --nat_traversal "\"$IPSECnat_traversal\"" \ - --keep_alive "\"$IPSECkeep_alive\"" \ - --force_keepalive "\"$IPSECforce_keepalive\"" \ - --disable_port_floating "\"$IPSECdisable_port_floating\"" \ - --virtual_private "\"$IPSECvirtual_private\"" \ - --crlcheckinterval "\"$IPSECcrlcheckinterval\"" \ - --pkcs11module "\"$IPSECpkcs11module\"" \ - --pkcs11keepstate "\"$IPSECpkcs11keepstate\"" \ - --pkcs11proxy "\"$IPSECpkcs11proxy\"" \ - --dump "\"$IPSECdumpdir\"" \ - --opts "\"$IPSECplutoopts\"" \ - --stderrlog "\"$IPSECplutostderrlog\"" \ - --wait "\"$IPSECplutowait\"" \ - --pre "\"$IPSECprepluto\"" \ - --post "\"$IPSECpostpluto\"" \ - --log "\"$IPSECsyslog\"" $plutorestartoncrash \ - --pid "\"$plutopid\"" "||" "{" \ - $KILLKLIPS ";" \ - rm -f $lock ";" \ - exit 1 ";" \ - "}" - fi - - # done! - perform echo "\"...$IPSEC_NAME IPsec started\"" "|" $LOGONLY - ;; - - stop|--stop|_autostop) # _autostop is same as stop - # Shut things down. - perform echo "\"Stopping $IPSEC_NAME IPsec...\"" - perform \ - if test -r $lock ";" \ - then \ - status=0 ";" \ - . $info ";" \ - else \ - echo "\"stop ordered, but IPsec does not appear to be running!\"" ";" \ - echo "\"doing cleanup anyway...\"" ";" \ - status=1 ";" \ - fi - if test " $IPSECforwardcontrol" = " yes" - then - perform test "\"X\$ipforwardingwas\"" = "\"X0\"" "&&" "{" \ - echo "\"disabling IP forwarding:\"" "|" $LOGONLY ";" \ - echo 0 ">" $ipforward ";" \ - "}" - fi - - perform test -f $plutopid "&&" "{" \ - if ps -p '`' cat $plutopid '`' ">" /dev/null ";" \ - then \ - ipsec whack --shutdown "|" grep -v "^002" ";" \ - sleep 1 ";" \ - if test -s $plutopid ";" \ - then \ - echo "\"Attempt to shut Pluto down failed! Trying kill:\"" ";" \ - kill '`' cat $plutopid '`' ";" \ - sleep 5 ";" \ - fi ";" \ - else \ - echo "\"Removing orphaned $plutopid:\"" ";" \ - fi ";" \ - rm -f $plutopid ";" \ - "}" - - perform $KILLKLIPS - - perform test -d `dirname $subsyslock` "&&" rm -f $subsyslock - - perform rm -f $info $lock - perform echo "...$IPSEC_NAME IPsec stopped" "|" $LOGONLY - perform exit \$status - ;; - - status|--status) - if test " $IPSEC_setupflags" != " " - then - echo "$me $1 does not support $IPSEC_setupflags" - exit 1 - fi - - if test -f $info - then - hasinfo=yes - fi - - if test -f $lock - then - haslock=yes - fi - - if test -f $subsyslock - then - hassublock=yes - fi - - if test -s $plutopid - then - if ps -p `cat $plutopid` >/dev/null - then - plutokind=normal - elif ps -C pluto >/dev/null - then - plutokind=illicit - fi - elif ps -C pluto >/dev/null - then - plutokind=orphaned - else - plutokind=no - fi - - if test -r /proc/net/ipsec_eroute - then - if test " `wc -l &2 - exit 2 -esac - -exit 0 diff --git a/programs/_secretcensor/.cvsignore b/programs/_secretcensor/.cvsignore deleted file mode 100644 index 202d856fe..000000000 --- a/programs/_secretcensor/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -_secretcensor diff --git a/programs/_secretcensor/Makefile b/programs/_secretcensor/Makefile deleted file mode 100644 index 3df15286e..000000000 --- a/programs/_secretcensor/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_secretcensor -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.3 2002/08/02 16:01:38 mcr -# moved user visible programs to $PREFIX/libexec, while moving -# private files to $PREFIX/lib. -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/_secretcensor/_secretcensor.8 b/programs/_secretcensor/_secretcensor.8 deleted file mode 100644 index d502bbd37..000000000 --- a/programs/_secretcensor/_secretcensor.8 +++ /dev/null @@ -1,34 +0,0 @@ -.TH _SECRETCENSOR 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _secretcensor.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _secretcensor \- internal routing to sanitize files -.SH DESCRIPTION -.I _secretcensor -is called by -.B ipsec barf -to process the /etc/ipsec.secrets file to remove the private key components -from the file prior to revealing the contents. -.SH "SEE ALSO" -ipsec(8), ipsec_barf(8). -.SH HISTORY -Man page written for the Linux FreeS/WAN project -by Michael Richardson. Original program by Henry Spencer. -.\" -.\" $Log: _secretcensor.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" Revision 1.1 2002/04/26 01:21:43 mcr -.\" while tracking down a missing (not installed) /etc/ipsec.conf, -.\" MCR has decided that it is not okay for each program subdir to have -.\" some subset (determined with -f) of possible files. -.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -.\" Optional PROGRAM.5 files have been added to the makefiles. -.\" -.\" -.\" diff --git a/programs/_secretcensor/_secretcensor.in b/programs/_secretcensor/_secretcensor.in deleted file mode 100755 index 150c13cbc..000000000 --- a/programs/_secretcensor/_secretcensor.in +++ /dev/null @@ -1,75 +0,0 @@ -#! /bin/sh -# implements secret censoring for barf -# Copyright (C) 1999 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _secretcensor.in,v 1.1 2004/03/15 20:35:27 as Exp $ - -usage="Usage: $0 [file ...]" -me="ipsec _secretcensor" - -for dummy -do - case "$1" in - --help) echo "$usage" ; exit 0 ;; - --version) echo "$me $IPSEC_VERSION" ; exit 0 ;; - --) shift ; break ;; - -*) echo "$0: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -awk ' function cool(hot, q, cooled, run) { - # warning: may destroy input line! - q = "'"'"'" # single quote - if (hot ~ q) - return "[cannot be summed]" - if (hot ~ /^0s/) - return "[keyid " substr(hot, 3, 9) "]" - run = "echo " q hot q " | md5sum" - run | getline - close(run) - return "[sums to " substr($1, 1, 4) "...]" - } - /"/ { - i = match($0, /"[^"]+"/) - cold1 = substr($0, 1, i) - cold2 = substr($0, i+RLENGTH-1) - hot = substr($0, i+1, RLENGTH-2) - print cold1 cool(hot) cold2 - next - } - /#pubkey=/ { - i = match($0, /^.*#pubkey=/) - i += RLENGTH-1 - cold = substr($0, 1, i) - hot = substr($0, i+1) - print cold cool(hot) - next - } - /#IN KEY / { - i = match($0, /^.*[ \t][^ \t]/) - i += RLENGTH-2 - cold = substr($0, 1, i) - hot = substr($0, i+1) - print cold cool("0s" hot) - next - } - /^[ \t]+(Modulus|P[a-z]+Exponent|Prime[12]|Exponent[12]|Coefficient):/ { - i = match($0, /^[^:]*:[ \t]*/) - i += RLENGTH-1 - cold = substr($0, 1, i) - print cold "[...]" - next - } - { print }' $* diff --git a/programs/_startklips/.cvsignore b/programs/_startklips/.cvsignore deleted file mode 100644 index a206fe65f..000000000 --- a/programs/_startklips/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -_startklips diff --git a/programs/_startklips/Makefile b/programs/_startklips/Makefile deleted file mode 100644 index 9df701b0e..000000000 --- a/programs/_startklips/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_startklips -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.3 2002/08/02 16:01:42 mcr -# moved user visible programs to $PREFIX/libexec, while moving -# private files to $PREFIX/lib. -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/_startklips/_startklips.8 b/programs/_startklips/_startklips.8 deleted file mode 100644 index 066699085..000000000 --- a/programs/_startklips/_startklips.8 +++ /dev/null @@ -1,33 +0,0 @@ -.TH _STARTKLIPS 8 "25 Apr 2002" -.\" -.\" RCSID $Id: _startklips.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec _startklips \- internal script to bring up kernel components -.SH DESCRIPTION -.I _startklips -brings up the FreeS/WAN kernel component. This involves loading any -required modules, attaching and configuring the ipsecX pseudo-devices and -attaching the pseudo-devices to the physical devices. -.SH "SEE ALSO" -ipsec(8), ipsec_tncfg(8). -.SH HISTORY -Man page written for the Linux FreeS/WAN project -by Michael Richardson. Original program by Henry Spencer. -.\" -.\" $Log: _startklips.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.2 2002/04/29 22:39:31 mcr -.\" added basic man page for all internal commands. -.\" -.\" Revision 1.1 2002/04/26 01:21:43 mcr -.\" while tracking down a missing (not installed) /etc/ipsec.conf, -.\" MCR has decided that it is not okay for each program subdir to have -.\" some subset (determined with -f) of possible files. -.\" Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -.\" Optional PROGRAM.5 files have been added to the makefiles. -.\" -.\" -.\" diff --git a/programs/_startklips/_startklips.in b/programs/_startklips/_startklips.in deleted file mode 100755 index 7f85a94de..000000000 --- a/programs/_startklips/_startklips.in +++ /dev/null @@ -1,367 +0,0 @@ -#!/bin/sh -# KLIPS startup script -# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _startklips.in,v 1.6 2005/05/06 22:11:33 as Exp $ - -me='ipsec _startklips' # for messages - -# KLIPS-related paths -sysflags=/proc/sys/net/ipsec -modules=/proc/modules -# full rp_filter path is $rpfilter1/interface/$rpfilter2 -rpfilter1=/proc/sys/net/ipv4/conf -rpfilter2=rp_filter -# %unchanged or setting (0, 1, or 2) -rpfiltercontrol=0 -ipsecversion=/proc/net/ipsec_version -moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec -bareversion=`uname -r | sed -e 's/^\(2\.[0-9]\.[1-9][0-9]*-[1-9][0-9]*\(\.[0-9][0-9]*\)*\(\.x\)*\).*$/\1/'` -moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec -modulename=ipsec.o -klips=true -netkey=/proc/net/pfkey - -info=/dev/null -log=daemon.error -for dummy -do - case "$1" in - --log) log="$2" ; shift ;; - --info) info="$2" ; shift ;; - --debug) debug="$2" ; shift ;; - --omtu) omtu="$2" ; shift ;; - --fragicmp) fragicmp="$2" ; shift ;; - --hidetos) hidetos="$2" ; shift ;; - --rpfilter) rpfiltercontrol="$2" ; shift ;; - --) shift ; break ;; - -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - - - -# some shell functions, to clarify the actual code - -# set up a system flag based on a variable -# sysflag value shortname default flagname -sysflag() { - case "$1" in - '') v="$3" ;; - *) v="$1" ;; - esac - if test ! -f $sysflags/$4 - then - if test " $v" != " $3" - then - echo "cannot do $2=$v, $sysflags/$4 does not exist" - exit 1 - else - return # can't set, but it's the default anyway - fi - fi - case "$v" in - yes|no) ;; - *) echo "unknown (not yes/no) $2 value \`$1'" - exit 1 - ;; - esac - case "$v" in - yes) echo 1 >$sysflags/$4 ;; - no) echo 0 >$sysflags/$4 ;; - esac -} - -# set up a Klips interface -klipsinterface() { - # pull apart the interface spec - virt=`expr $1 : '\([^=]*\)=.*'` - phys=`expr $1 : '[^=]*=\(.*\)'` - case "$virt" in - ipsec[0-9]) ;; - *) echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;; - esac - - # figure out ifconfig for interface - addr= - eval `ifconfig $phys | - awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ { - gsub(/:/, " ", $0) - print "addr=" $3 - other = $5 - if ($4 == "Bcast") - print "type=broadcast" - else if ($4 == "P-t-P") - print "type=pointopoint" - else if (NF == 5) { - print "type=" - other = "" - } else - print "type=unknown" - print "otheraddr=" other - print "mask=" $NF - }'` - if test " $addr" = " " - then - echo "unable to determine address of \`$phys'" - exit 1 - fi - if test " $type" = " unknown" - then - echo "\`$phys' is of an unknown type" - exit 1 - fi - if test " $omtu" != " " - then - mtu="mtu $omtu" - else - mtu= - fi - echo "KLIPS $virt on $phys $addr/$mask $type $otheraddr $mtu" | logonly - - if $klips - then - # attach the interface and bring it up - ipsec tncfg --attach --virtual $virt --physical $phys - ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu - fi - - # if %defaultroute, note the facts - if test " $2" != " " - then - ( - echo "defaultroutephys=$phys" - echo "defaultroutevirt=$virt" - echo "defaultrouteaddr=$addr" - if test " $2" != " 0.0.0.0" - then - echo "defaultroutenexthop=$2" - fi - ) >>$info - else - echo '#dr: no default route' >>$info - fi - - # check for rp_filter trouble - checkif $phys # thought to be a problem only on phys -} - -# check an interface for problems -checkif() { - $klips || return 0 - rpf=$rpfilter1/$1/$rpfilter2 - if test -f $rpf - then - r="`cat $rpf`" - if test " $r" != " 0" - then - case "$r-$rpfiltercontrol" in - 0-%unchanged|0-0|1-1|2-2) - # happy state - ;; - *-%unchanged) - echo "WARNING: $1 has route filtering turned on; KLIPS may not work ($rpf is $r)" - ;; - [012]-[012]) - echo "WARNING: changing route filtering on $1 (changing $rpf from $r to $rpfiltercontrol)" - echo "$rpfiltercontrol" >$rpf - ;; - [012]-*) - echo "ERROR: unknown rpfilter setting: $rpfiltercontrol" - ;; - *) - echo "ERROR: unknown $rpf value $r" - ;; - esac - fi - fi -} - -# interfaces=%defaultroute: put ipsec0 on top of default route's interface -defaultinterface() { - phys=`netstat -nr | - awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'` - if test " $phys" = " " - then - echo "no default route, %defaultroute cannot cope!!!" - exit 1 - fi - if test `echo " $phys" | wc -l` -gt 1 - then - echo "multiple default routes, %defaultroute cannot cope!!!" - exit 1 - fi - next=`netstat -nr | - awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'` - klipsinterface "ipsec0=$phys" $next -} - -# log only to syslog, not to stdout/stderr -logonly() { - logger -p $log -t ipsec_setup -} - -# sort out which module is appropriate, changing it if necessary -setmodule() { - wantgoo="`ipsec calcgoo /proc/ksyms`" - module=$moduleplace/$modulename - if test -f $module - then - goo="`nm -ao $module | ipsec calcgoo`" - if test " $wantgoo" = " $goo" - then - return # looks right - fi - fi - if test -f $moduleinstplace/$wantgoo - then - echo "insmod failed, but found matching template module $wantgoo." - echo "Copying $moduleinstplace/$wantgoo to $module." - rm -f $module - mkdir -p $moduleplace - cp -p $moduleinstplace/$wantgoo $module - # "depmod -a" gets done by caller - fi -} - - - -# main line - -# load module if possible -if test ! -f $ipsecversion && test ! -f $netkey -then - # statically compiled KLIPS not found; try to load the module - insmod ipsec -fi - -if test ! -f $ipsecversion && test ! -f $netkey -then - modprobe -v af_key -fi - -if test -f $netkey -then - klips=false - if test -f $modules - then - modprobe -qv ah4 - modprobe -qv esp4 - modprobe -qv ipcomp - modprobe -qv xfrm4_tunnel - modprobe -qv xfrm_user - fi -fi - -if test ! -f $ipsecversion && $klips -then - if test -r $modules # kernel does have modules - then - setmodule - unset MODPATH MODULECONF # no user overrides! - depmod -a >/dev/null 2>&1 - modprobe -v ipsec - fi - if test ! -f $ipsecversion - then - echo "kernel appears to lack KLIPS" - exit 1 - fi -fi - -# load all compiled algo modules -if $klips -then - for alg in aes serpent twofish blowfish sha2 - do - if test -f $moduleinstplace/alg/ipsec_$alg.o - then - modprobe ipsec_$alg - fi - done -fi - -# figure out debugging flags -case "$debug" in -'') debug=none ;; -esac -if test -r /proc/net/ipsec_klipsdebug -then - echo "KLIPS debug \`$debug'" | logonly - case "$debug" in - none) ipsec klipsdebug --none ;; - all) ipsec klipsdebug --all ;; - *) ipsec klipsdebug --none - for d in $debug - do - ipsec klipsdebug --set $d - done - ;; - esac -elif $klips -then - if test " $debug" != " none" - then - echo "klipsdebug=\`$debug' ignored, KLIPS lacks debug facilities" - fi -fi - -# figure out misc. kernel config -if test -d $sysflags -then - sysflag "$fragicmp" "fragicmp" yes icmp - echo 1 >$sysflags/inbound_policy_check # no debate - sysflag no "no_eroute_pass" no no_eroute_pass # obsolete parm - sysflag no "opportunistic" no opportunistic # obsolete parm - sysflag "$hidetos" "hidetos" yes tos -elif $klips -then - echo "WARNING: cannot adjust KLIPS flags, no $sysflags directory!" - # carry on -fi - -if $klips; then - # clear tables out in case dregs have been left over - ipsec eroute --clear - ipsec spi --clear -elif test $netkey -then - if ip xfrm state > /dev/null 2>&1 - then - ip xfrm state flush - ip xfrm policy flush - elif type setkey > /dev/null 2>&1 - then - setkey -F - setkey -FP - else - echo "WARNING: cannot flush state/policy database -- \`$1'" | - logger -s -p $log -t ipsec_setup - fi -fi - -# figure out interfaces -for i -do - case "$i" in - ipsec*=?*) klipsinterface "$i" ;; - %defaultroute) defaultinterface ;; - *) echo "interface \`$i' not understood" - exit 1 - ;; - esac -done - -exit 0 diff --git a/programs/_updown/.cvsignore b/programs/_updown/.cvsignore deleted file mode 100644 index 81e2e4f86..000000000 --- a/programs/_updown/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -_updown -_updown.in diff --git a/programs/_updown/Makefile b/programs/_updown/Makefile deleted file mode 100644 index e0aaab488..000000000 --- a/programs/_updown/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.3 2006/04/17 06:48:49 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_updown -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program diff --git a/programs/_updown/_updown.8 b/programs/_updown/_updown.8 deleted file mode 100644 index 5107d3694..000000000 --- a/programs/_updown/_updown.8 +++ /dev/null @@ -1,19 +0,0 @@ -.TH _UPDOWN 8 "27 Apr 2006" -.\" -.\" RCSID $Id: _updown.8,v 1.2 2006/04/17 06:48:49 as Exp $ -.\" -.SH NAME -ipsec _updown \- route and firewall manipulation script -.SH SYNOPSIS -.I _updown -is invoked by pluto when it has brought up a new connection. This script -is used to insert the appropriate routing entries for IPsec operation. -It can also be used to insert and delete dynamic iptables firewall rules. -The interface to the script is documented in the pluto man page. -.SH "SEE ALSO" -ipsec(8), ipsec_pluto(8). -.SH HISTORY -Man page written for the Linux FreeS/WAN project -by Michael Richardson. Original program written by Henry Spencer. Extended -for the Linux strongSwan project by Andreas -Steffen. diff --git a/programs/_updown/_updown.in b/programs/_updown/_updown.in deleted file mode 100755 index 8db74f737..000000000 --- a/programs/_updown/_updown.in +++ /dev/null @@ -1,503 +0,0 @@ -#! /bin/sh -# iproute2 version, default updown script -# -# Copyright (C) 2003-2004 Nigel Meteringham -# Copyright (C) 2003-2004 Tuomo Soini -# Copyright (C) 2002-2004 Michael Richardson -# Copyright (C) 2005-2006 Andreas Steffen -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _updown.in,v 1.2 2006/04/17 15:06:29 as Exp $ - -# CAUTION: Installing a new version of strongSwan will install a new -# copy of this script, wiping out any custom changes you make. If -# you need changes, make a copy of this under another name, and customize -# that, and use the (left/right)updown parameters in ipsec.conf to make -# strongSwan use yours instead of this default one. - -# things that this script gets (from ipsec_pluto(8) man page) -# -# PLUTO_VERSION -# indicates what version of this interface is being -# used. This document describes version 1.1. This -# is upwardly compatible with version 1.0. -# -# PLUTO_VERB -# specifies the name of the operation to be performed -# (prepare-host, prepare-client, up-host, up-client, -# down-host, or down-client). If the address family -# for security gateway to security gateway communica­ -# tions is IPv6, then a suffix of -v6 is added to the -# verb. -# -# PLUTO_CONNECTION -# is the name of the connection for which we are -# routing. -# -# PLUTO_NEXT_HOP -# is the next hop to which packets bound for the peer -# must be sent. -# -# PLUTO_INTERFACE -# is the name of the ipsec interface to be used. -# -# PLUTO_REQID -# is the requid of the ESP policy -# -# PLUTO_ME -# is the IP address of our host. -# -# PLUTO_MY_ID -# is the ID of our host. -# -# PLUTO_MY_CLIENT -# is the IP address / count of our client subnet. If -# the client is just the host, this will be the -# host's own IP address / max (where max is 32 for -# IPv4 and 128 for IPv6). -# -# PLUTO_MY_CLIENT_NET -# is the IP address of our client net. If the client -# is just the host, this will be the host's own IP -# address. -# -# PLUTO_MY_CLIENT_MASK -# is the mask for our client net. If the client is -# just the host, this will be 255.255.255.255. -# -# PLUTO_MY_SOURCEIP -# if non-empty, then the source address for the route will be -# set to this IP address. -# -# PLUTO_MY_PROTOCOL -# is the IP protocol that will be transported. -# -# PLUTO_MY_PORT -# is the UDP/TCP port to which the IPsec SA is -# restricted on our side. -# -# PLUTO_PEER -# is the IP address of our peer. -# -# PLUTO_PEER_ID -# is the ID of our peer. -# -# PLUTO_PEER_CA -# is the CA which issued the cert of our peer. -# -# PLUTO_PEER_CLIENT -# is the IP address / count of the peer's client sub­ -# net. If the client is just the peer, this will be -# the peer's own IP address / max (where max is 32 -# for IPv4 and 128 for IPv6). -# -# PLUTO_PEER_CLIENT_NET -# is the IP address of the peer's client net. If the -# client is just the peer, this will be the peer's -# own IP address. -# -# PLUTO_PEER_CLIENT_MASK -# is the mask for the peer's client net. If the -# client is just the peer, this will be -# 255.255.255.255. -# -# PLUTO_PEER_PROTOCOL -# is the IP protocol that will be transported. -# -# PLUTO_PEER_PORT -# is the UDP/TCP port to which the IPsec SA is -# restricted on the peer side. -# - -# uncomment to log VPN connections -VPN_LOGGING=1 -# -# tag put in front of each log entry: -TAG=vpn -# -# syslog facility and priority used: -FAC_PRIO=local0.notice -# -# to create a special vpn logging file, put the following line into -# the syslog configuration file /etc/syslog.conf: -# -# local0.notice -/var/log/vpn -# - -# check interface version -case "$PLUTO_VERSION" in -1.[0|1]) # Older Pluto?!? Play it safe, script may be using new features. - echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2 - echo "$0: called by obsolete Pluto?" >&2 - exit 2 - ;; -1.*) ;; -*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2 - exit 2 - ;; -esac - -# check parameter(s) -case "$1:$*" in -':') # no parameters - ;; -iptables:iptables) # due to (left/right)firewall; for default script only - ;; -custom:*) # custom parameters (see above CAUTION comment) - ;; -*) echo "$0: unknown parameters \`$*'" >&2 - exit 2 - ;; -esac - -# utility functions for route manipulation -# Meddling with this stuff should not be necessary and requires great care. -uproute() { - doroute add - ip route flush cache -} -downroute() { - doroute delete - ip route flush cache -} - -addsource() { - st=0 - if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local - then - it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE" - oops="`eval $it 2>&1`" - st=$? - if test " $oops" = " " -a " $st" != " 0" - then - oops="silent error, exit status $st" - fi - if test " $oops" != " " -o " $st" != " 0" - then - echo "$0: addsource \`$it' failed ($oops)" >&2 - fi - fi - return $st -} - -doroute() { - st=0 - parms="$PLUTO_PEER_CLIENT" - - parms2= - if [ -n "$PLUTO_NEXT_HOP" ] - then - parms2="via $PLUTO_NEXT_HOP" - fi - parms2="$parms2 dev $PLUTO_INTERFACE" - - if [ -z "$PLUTO_MY_SOURCEIP" ] - then - if [ -f /etc/sysconfig/defaultsource ] - then - . /etc/sysconfig/defaultsource - fi - - if [ -f /etc/conf.d/defaultsource ] - then - . /etc/conf.d/defaultsource - fi - - if [ -n "$DEFAULTSOURCE" ] - then - PLUTO_MY_SOURCEIP=$DEFAULTSOURCE - fi - fi - - parms3= - if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" - then - addsource - parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}" - fi - - case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in - "0.0.0.0/0.0.0.0") - # opportunistic encryption work around - # need to provide route that eclipses default, without - # replacing it. - it="ip route $1 0.0.0.0/1 $parms2 $parms3 && - ip route $1 128.0.0.0/1 $parms2 $parms3" - ;; - *) it="ip route $1 $parms $parms2 $parms3" - ;; - esac - oops="`eval $it 2>&1`" - st=$? - if test " $oops" = " " -a " $st" != " 0" - then - oops="silent error, exit status $st" - fi - if test " $oops" != " " -o " $st" != " 0" - then - echo "$0: doroute \`$it' failed ($oops)" >&2 - fi - return $st -} - -# in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY -if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] -then - IPSEC_POLICY_IN="" - IPSEC_POLICY_OUT="" -else - IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID" - IPSEC_POLICY_IN="$IPSEC_POLICY --dir in" - IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out" -fi - -# are there port numbers? -if [ "$PLUTO_MY_PORT" != 0 ] -then - S_MY_PORT="--sport $PLUTO_MY_PORT" - D_MY_PORT="--dport $PLUTO_MY_PORT" -fi -if [ "$PLUTO_PEER_PORT" != 0 ] -then - S_PEER_PORT="--sport $PLUTO_PEER_PORT" - D_PEER_PORT="--dport $PLUTO_PEER_PORT" -fi - -# the big choice -case "$PLUTO_VERB:$1" in -prepare-host:*|prepare-client:*) - # delete possibly-existing route (preliminary to adding a route) - case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in - "0.0.0.0/0.0.0.0") - # need to provide route that eclipses default, without - # replacing it. - parms1="0.0.0.0/1" - parms2="128.0.0.0/1" - it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1" - oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`" - ;; - *) - parms="$PLUTO_PEER_CLIENT" - it="ip route delete $parms 2>&1" - oops="`ip route delete $parms 2>&1`" - ;; - esac - status="$?" - if test " $oops" = " " -a " $status" != " 0" - then - oops="silent error, exit status $status" - fi - case "$oops" in - *'RTNETLINK answers: No such process'*) - # This is what route (currently -- not documented!) gives - # for "could not find such a route". - oops= - status=0 - ;; - esac - if test " $oops" != " " -o " $status" != " 0" - then - echo "$0: \`$it' failed ($oops)" >&2 - fi - exit $status - ;; -route-host:*|route-client:*) - # connection to me or my client subnet being routed - uproute - ;; -unroute-host:*|unroute-client:*) - # connection to me or my client subnet being unrouted - downroute - ;; -up-host:) - # connection to me coming up - # If you are doing a custom version, firewall commands go here. - ;; -down-host:) - # connection to me going down - # If you are doing a custom version, firewall commands go here. - ;; -up-client:) - # connection to my client subnet coming up - # If you are doing a custom version, firewall commands go here. - ;; -down-client:) - # connection to my client subnet going down - # If you are doing a custom version, firewall commands go here. - ;; -up-host:iptables) - # connection to me, with (left/right)firewall=yes, coming up - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. - iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT - iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT - # - # log IPsec host connection setup - if [ $VPN_LOGGING ] - then - if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO \ - "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" - else - logger -t $TAG -p $FAC_PRIO \ - "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" - fi - fi - ;; -down-host:iptables) - # connection to me, with (left/right)firewall=yes, going down - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. - iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT - iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT - # - # log IPsec host connection teardown - if [ $VPN_LOGGING ] - then - if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO -- \ - "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" - else - logger -t $TAG -p $FAC_PRIO -- \ - "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" - fi - fi - ;; -up-client:iptables) - # connection to client subnet, with (left/right)firewall=yes, coming up - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. - if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] - then - iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ - $IPSEC_POLICY_OUT -j ACCEPT - iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ - $IPSEC_POLICY_IN -j ACCEPT - fi - # - # a virtual IP requires an INPUT and OUTPUT rule on the host - # or sometimes host access via the internal IP is needed - if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] - then - iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ - $IPSEC_POLICY_IN -j ACCEPT - iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ - $IPSEC_POLICY_OUT -j ACCEPT - fi - # - # log IPsec client connection setup - if [ $VPN_LOGGING ] - then - if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO \ - "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - else - logger -t $TAG -p $FAC_PRIO \ - "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - fi - fi - ;; -down-client:iptables) - # connection to client subnet, with (left/right)firewall=yes, going down - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. - if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] - then - iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ - $IPSEC_POLICY_OUT -j ACCEPT - iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ - $IPSEC_POLICY_IN -j ACCEPT - fi - # - # a virtual IP requires an INPUT and OUTPUT rule on the host - # or sometimes host access via the internal IP is needed - if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] - then - iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ - $IPSEC_POLICY_IN -j ACCEPT - iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT \ - $IPSEC_POLICY_OUT -j ACCEPT - fi - # - # log IPsec client connection teardown - if [ $VPN_LOGGING ] - then - if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO -- \ - "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - else - logger -t $TAG -p $FAC_PRIO -- \ - "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - fi - fi - ;; -# -# IPv6 -# -prepare-host-v6:*|prepare-client-v6:*) - ;; -route-host-v6:*|route-client-v6:*) - # connection to me or my client subnet being routed - #uproute_v6 - ;; -unroute-host-v6:*|unroute-client-v6:*) - # connection to me or my client subnet being unrouted - #downroute_v6 - ;; -up-host-v6:*) - # connection to me coming up - # If you are doing a custom version, firewall commands go here. - ;; -down-host-v6:*) - # connection to me going down - # If you are doing a custom version, firewall commands go here. - ;; -up-client-v6:) - # connection to my client subnet coming up - # If you are doing a custom version, firewall commands go here. - ;; -down-client-v6:) - # connection to my client subnet going down - # If you are doing a custom version, firewall commands go here. - ;; -*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 - exit 1 - ;; -esac diff --git a/programs/_updown_espmark/Makefile b/programs/_updown_espmark/Makefile deleted file mode 100644 index bd9cd38cb..000000000 --- a/programs/_updown_espmark/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2005/04/07 21:34:19 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=_updown_espmark -PROGRAMDIR=${LIBDIR} - -include ../Makefile.program diff --git a/programs/_updown_espmark/_updown_espmark.8 b/programs/_updown_espmark/_updown_espmark.8 deleted file mode 100644 index 91eaa5cb7..000000000 --- a/programs/_updown_espmark/_updown_espmark.8 +++ /dev/null @@ -1,18 +0,0 @@ -.TH _UPDOWN_ESPMARK 8 "7 Apr 2005" -.\" -.\" RCSID $Id: _updown_espmark.8,v 1.1 2005/04/07 21:34:19 as Exp $ -.\" -.SH NAME -ipsec _updown_espmark \- manages routes and firewall rules -.SH SYNOPSIS -.I _updown_espmark -is invoked by pluto when it has brought up a new connection. This script -is used to insert the appropriate routing and iptables firewall entries for -IPsec operation. The incoming ESP traffic must be marked by a static rule -in the mangle table. The default value for the mark is 50. -The interface to the script is documented in the pluto man page. -.SH "SEE ALSO" -ipsec(8), ipsec_pluto(8). -.SH HISTORY -Man page written for the Linux strongSwan project -by Andreas Steffen. Original program written by Henry Spencer. diff --git a/programs/_updown_espmark/_updown_espmark.in b/programs/_updown_espmark/_updown_espmark.in deleted file mode 100644 index 3627d470d..000000000 --- a/programs/_updown_espmark/_updown_espmark.in +++ /dev/null @@ -1,452 +0,0 @@ -#! /bin/sh -# iproute2 version, default updown script -# -# Copyright (C) 2003-2004 Nigel Meteringham -# Copyright (C) 2003-2004 Tuomo Soini -# Copyright (C) 2002-2004 Michael Richardson -# Copyright (C) 2005 Andreas Steffen -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: _updown_espmark.in,v 1.4 2005/09/14 14:33:05 as Exp $ - - - -# CAUTION: Installing a new version of strongSwan will install a new -# copy of this script, wiping out any custom changes you make. If -# you need changes, make a copy of this under another name, and customize -# that, and use the (left/right)updown parameters in ipsec.conf to make -# FreeS/WAN use yours instead of this default one. - -# things that this script gets (from ipsec_pluto(8) man page) -# -# -# PLUTO_VERSION -# indicates what version of this interface is being -# used. This document describes version 1.1. This -# is upwardly compatible with version 1.0. -# -# PLUTO_VERB -# specifies the name of the operation to be performed -# (prepare-host, prepare-client, up-host, up-client, -# down-host, or down-client). If the address family -# for security gateway to security gateway communica­ -# tions is IPv6, then a suffix of -v6 is added to the -# verb. -# -# PLUTO_CONNECTION -# is the name of the connection for which we are -# routing. -# -# PLUTO_NEXT_HOP -# is the next hop to which packets bound for the peer -# must be sent. -# -# PLUTO_INTERFACE -# is the name of the ipsec interface to be used. -# -# PLUTO_ME -# is the IP address of our host. -# -# PLUTO_MY_ID -# is the ID of our host. -# -# PLUTO_MY_CLIENT -# is the IP address / count of our client subnet. If -# the client is just the host, this will be the -# host's own IP address / max (where max is 32 for -# IPv4 and 128 for IPv6). -# -# PLUTO_MY_CLIENT_NET -# is the IP address of our client net. If the client -# is just the host, this will be the host's own IP -# address. -# -# PLUTO_MY_CLIENT_MASK -# is the mask for our client net. If the client is -# just the host, this will be 255.255.255.255. -# -# PLUTO_MY_SOURCEIP -# if non-empty, then the source address for the route will be -# set to this IP address. -# -# PLUTO_MY_PROTOCOL -# is the IP protocol that will be transported. -# -# PLUTO_MY_PORT -# is the UDP/TCP port to which the IPsec SA is -# restricted on our side. -# -# PLUTO_PEER -# is the IP address of our peer. -# -# PLUTO_PEER_ID -# is the ID of our peer. -# -# PLUTO_PEER_CA -# is the CA which issued the cert of our peer. -# -# PLUTO_PEER_CLIENT -# is the IP address / count of the peer's client sub­ -# net. If the client is just the peer, this will be -# the peer's own IP address / max (where max is 32 -# for IPv4 and 128 for IPv6). -# -# PLUTO_PEER_CLIENT_NET -# is the IP address of the peer's client net. If the -# client is just the peer, this will be the peer's -# own IP address. -# -# PLUTO_PEER_CLIENT_MASK -# is the mask for the peer's client net. If the -# client is just the peer, this will be -# 255.255.255.255. -# -# PLUTO_PEER_PROTOCOL -# is the IP protocol that will be transported. -# -# PLUTO_PEER_PORT -# is the UDP/TCP port to which the IPsec SA is -# restricted on the peer side. -# - -# logging of VPN connections -# -# tag put in front of each log entry: -TAG=vpn -# -# syslog facility and priority used: -FAC_PRIO=local0.notice -# -# to create a special vpn logging file, put the following line into -# the syslog configuration file /etc/syslog.conf: -# -# local0.notice -/var/log/vpn -# - -# check interface version -case "$PLUTO_VERSION" in -1.[0]) # Older Pluto?!? Play it safe, script may be using new features. - echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2 - echo "$0: called by obsolete Pluto?" >&2 - exit 2 - ;; -1.*) ;; -*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2 - exit 2 - ;; -esac - -# check parameter(s) -case "$1:$*" in -':') # no parameters - ;; -ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only - ;; -custom:*) # custom parameters (see above CAUTION comment) - ;; -*) echo "$0: unknown parameters \`$*'" >&2 - exit 2 - ;; -esac - -# utility functions for route manipulation -# Meddling with this stuff should not be necessary and requires great care. -uproute() { - doroute add - ip route flush cache -} -downroute() { - doroute delete - ip route flush cache -} - -addsource() { - st=0 - if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local - then - it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE" - oops="`eval $it 2>&1`" - st=$? - if test " $oops" = " " -a " $st" != " 0" - then - oops="silent error, exit status $st" - fi - if test " $oops" != " " -o " $st" != " 0" - then - echo "$0: addsource \`$it' failed ($oops)" >&2 - fi - fi - return $st -} - -doroute() { - st=0 - parms="$PLUTO_PEER_CLIENT" - - parms2= - if [ -n "$PLUTO_NEXT_HOP" ] - then - parms2="via $PLUTO_NEXT_HOP" - fi - parms2="$parms2 dev $PLUTO_INTERFACE" - - if [ -z "$PLUTO_MY_SOURCEIP" ] - then - if [ -f /etc/sysconfig/defaultsource ] - then - . /etc/sysconfig/defaultsource - fi - - if [ -f /etc/conf.d/defaultsource ] - then - . /etc/conf.d/defaultsource - fi - - if [ -n "$DEFAULTSOURCE" ] - then - PLUTO_MY_SOURCEIP=$DEFAULTSOURCE - fi - fi - - parms3= - if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" - then - addsource - parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}" - fi - - case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in - "0.0.0.0/0.0.0.0") - # opportunistic encryption work around - # need to provide route that eclipses default, without - # replacing it. - it="ip route $1 0.0.0.0/1 $parms2 $parms3 && - ip route $1 128.0.0.0/1 $parms2 $parms3" - ;; - *) it="ip route $1 $parms $parms2 $parms3" - ;; - esac - oops="`eval $it 2>&1`" - st=$? - if test " $oops" = " " -a " $st" != " 0" - then - oops="silent error, exit status $st" - fi - if test " $oops" != " " -o " $st" != " 0" - then - echo "$0: doroute \`$it' failed ($oops)" >&2 - fi - return $st -} - -# define ESP mark -ESP_MARK=50 - -# add the following static rule to the INPUT chain in the mangle table -# iptables -t mangle -A INPUT -p 50 -j MARK --set-mark 50 - -# NAT traversal via UDP encapsulation is supported with the rule -# iptables -t mangle -A INPUT -p udp --dport 4500 -j MARK --set-mark 50 - -# in the presence of KLIPS and ipsecN interfaces do not use ESP mark rules -if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] -then - CHECK_MARK="" -else - CHECK_MARK="-m mark --mark $ESP_MARK" -fi - -# are there port numbers? -if [ "$PLUTO_MY_PORT" != 0 ] -then - S_MY_PORT="--sport $PLUTO_MY_PORT" - D_MY_PORT="--dport $PLUTO_MY_PORT" -fi -if [ "$PLUTO_PEER_PORT" != 0 ] -then - S_PEER_PORT="--sport $PLUTO_PEER_PORT" - D_PEER_PORT="--dport $PLUTO_PEER_PORT" -fi - -# the big choice -case "$PLUTO_VERB:$1" in -prepare-host:*|prepare-client:*) - # delete possibly-existing route (preliminary to adding a route) - case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in - "0.0.0.0/0.0.0.0") - # need to provide route that eclipses default, without - # replacing it. - parms1="0.0.0.0/1" - parms2="128.0.0.0/1" - it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1" - oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`" - ;; - *) - parms="$PLUTO_PEER_CLIENT" - it="ip route delete $parms 2>&1" - oops="`ip route delete $parms 2>&1`" - ;; - esac - status="$?" - if test " $oops" = " " -a " $status" != " 0" - then - oops="silent error, exit status $status" - fi - case "$oops" in - *'RTNETLINK answers: No such process'*) - # This is what route (currently -- not documented!) gives - # for "could not find such a route". - oops= - status=0 - ;; - esac - if test " $oops" != " " -o " $status" != " 0" - then - echo "$0: \`$it' failed ($oops)" >&2 - fi - exit $status - ;; -route-host:*|route-client:*) - # connection to me or my client subnet being routed - uproute - ;; -unroute-host:*|unroute-client:*) - # connection to me or my client subnet being unrouted - downroute - ;; -up-host:*) - # connection to me coming up - # If you are doing a custom version, firewall commands go here. - iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_ME $D_MY_PORT $CHECK_MARK -j ACCEPT - iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_ME $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT - # - if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO \ - "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" - else - logger -t $TAG -p $FAC_PRIO \ - "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" - fi - ;; -down-host:*) - # connection to me going down - # If you are doing a custom version, firewall commands go here. - # connection to me going down - # If you are doing a custom version, firewall commands go here. - iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_ME $D_MY_PORT $CHECK_MARK -j ACCEPT - iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_ME $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT - # - if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO -- \ - "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" - else - logger -t $TAG -p $FAC_PRIO -- \ - "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" - fi - ;; -up-client:) - # connection to my client subnet coming up - # If you are doing a custom version, firewall commands go here. - iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT - iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ - $CHECK_MARK -j ACCEPT - # - if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO \ - "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - else - logger -t $TAG -p $FAC_PRIO \ - "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - fi - ;; -down-client:) - # connection to my client subnet going down - # If you are doing a custom version, firewall commands go here. - iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ - -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ - -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT - iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ - -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ - -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \ - $CHECK_MARK -j ACCEPT - # - if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] - then - logger -t $TAG -p $FAC_PRIO -- \ - "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - else - logger -t $TAG -p $FAC_PRIO -- \ - "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" - fi - ;; -up-client:ipfwadm) - # connection to client subnet, with (left/right)firewall=yes, coming up - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. - ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ - -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK - ;; -down-client:ipfwadm) - # connection to client subnet, with (left/right)firewall=yes, going down - # This is used only by the default updown script, not by your custom - # ones, so do not mess with it; see CAUTION comment up at top. - ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ - -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK - ;; -# -# IPv6 -# -prepare-host-v6:*|prepare-client-v6:*) - ;; -route-host-v6:*|route-client-v6:*) - # connection to me or my client subnet being routed - #uproute_v6 - ;; -unroute-host-v6:*|unroute-client-v6:*) - # connection to me or my client subnet being unrouted - #downroute_v6 - ;; -up-host-v6:*) - # connection to me coming up - # If you are doing a custom version, firewall commands go here. - ;; -down-host-v6:*) - # connection to me going down - # If you are doing a custom version, firewall commands go here. - ;; -up-client-v6:) - # connection to my client subnet coming up - # If you are doing a custom version, firewall commands go here. - ;; -down-client-v6:) - # connection to my client subnet going down - # If you are doing a custom version, firewall commands go here. - ;; -*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 - exit 1 - ;; -esac diff --git a/programs/auto/.cvsignore b/programs/auto/.cvsignore deleted file mode 100644 index 865faf10c..000000000 --- a/programs/auto/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -auto diff --git a/programs/auto/Makefile b/programs/auto/Makefile deleted file mode 100644 index 035dbf708..000000000 --- a/programs/auto/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.2 2006/02/10 11:28:38 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=auto - -include ../Makefile.program diff --git a/programs/auto/auto.8 b/programs/auto/auto.8 deleted file mode 100644 index 21b5fd11b..000000000 --- a/programs/auto/auto.8 +++ /dev/null @@ -1,481 +0,0 @@ -.TH IPSEC_AUTO 8 "17 December 2004" -.\" RCSID $Id: auto.8,v 1.6 2004/12/17 22:34:38 as Exp $ -.SH NAME -ipsec auto \- control automatically-keyed IPsec connections -.SH SYNOPSIS -.B ipsec -.B auto -[ -.B \-\-show -] [ -.B \-\-showonly -] [ -.B \-\-asynchronous -] -.br -\ \ \ [ -.B \-\-config -configfile -] [ -.B \-\-verbose -] [ -.B \-\-type conn -] -.br -\ \ \ operation -connection -.sp -.B ipsec -.B auto -[ -.B \-\-show -] [ -.B \-\-showonly -] -.br -\ \ \ [ -.B \-\-config -configfile -] [ -.B \-\-verbose -] -.B \-\-type ca -.br -\ \ \ operation -ca -.sp -.B ipsec -.B auto -[ -.B \-\-show -] [ -.B \-\-showonly -] operation -.SH DESCRIPTION -.I Auto -manipulates automatically-keyed strongSwan IPsec connections, -setting them up and shutting them down -based on the information in the IPsec configuration file. -In the normal usage, -.I connection -is the name of a connection specification in the configuration file; -.I ca -is the name of a Certification Authority (CA) specification in the configuration file; -.I operation -is -.BR \-\-add , -.BR \-\-delete , -.BR \-\-replace , -.BR \-\-up , -.BR \-\-down , -.BR \-\-route , -or -.BR \-\-unroute . -The -.BR \-\-status -and -.BR \-\-statusall -.I operations -may take a -.I connection -name. -The -.BR \-\-ready , -.BR \-\-rereadsecrets , -.BR \-\-rereadgroups , -.BR \-\-rereadcacerts , -.BR \-\-rereadaacerts , -.BR \-\-rereadocspcerts , -.BR \-\-rereadacerts , -.BR \-\-rereadcrls , -.BR \-\-rereadall , -.BR \-\-listalgs , -.BR \-\-listpubkeys , -.BR \-\-listcerts , -.BR \-\-listcacerts , -.BR \-\-listaacerts , -.BR \-\-listocspcerts , -.BR \-\-listacerts , -.BR \-\-listgroups , -.BR \-\-listcainfos , -.BR \-\-listcrls , -.BR \-\-listocsp , -.BR \-\-listcards , -.BR \-\-listall , -and -.BR \-\-purgeocsp -.I operations -do not take a connection name. -.I Auto -generates suitable -commands and feeds them to a shell for execution. -.PP -The -.B \-\-add -operation adds a connection or ca specification to the internal database -within -.IR pluto ; -it will fail if -.I pluto -already has a specification by that name. -The -.B \-\-delete -operation deletes a connection or ca specification from -.IR pluto 's -internal database (also tearing down any connections based on it); -it will fail if the specification does not exist. -The -.B \-\-replace -operation is equivalent to -.B \-\-delete -(if there is already a specification by the given name) -followed by -.BR \-\-add , -and is a convenience for updating -.IR pluto 's -internal specification to match an external one. -(Note that a -.B \-\-rereadsecrets -may also be needed.) -The -.B \-\-rereadgroups -operation causes any changes to the policy group files to take effect -(this is currently a synonym for -.BR \-\-ready , -but that may change). -None of the other operations alters the internal database. -.PP -The -.B \-\-up -operation asks -.I pluto -to establish a connection based on an entry in its internal database. -The -.B \-\-down -operation tells -.I pluto -to tear down such a connection. -.PP -Normally, -.I pluto -establishes a route to the destination specified for a connection as -part of the -.B \-\-up -operation. -However, the route and only the route can be established with the -.B \-\-route -operation. -Until and unless an actual connection is established, -this discards any packets sent there, -which may be preferable to having them sent elsewhere based on a more -general route (e.g., a default route). -.PP -Normally, -.IR pluto 's -route to a destination remains in place when a -.B \-\-down -operation is used to take the connection down -(or if connection setup, or later automatic rekeying, fails). -This permits establishing a new connection (perhaps using a -different specification; the route is altered as necessary) -without having a ``window'' in which packets might go elsewhere -based on a more general route. -Such a route can be removed using the -.B \-\-unroute -operation -(and is implicitly removed by -.BR \-\-delete ). -.PP -The -.B \-\-ready -operation tells -.I pluto -to listen for connection-setup requests from other hosts. -Doing an -.B \-\-up -operation before doing -.B \-\-ready -on both ends is futile and will not work, -although this is now automated as part of IPsec startup and -should not normally be an issue. -.PP -The -.B \-\-status -operation asks -.I pluto -for current connection status either for all connections -(no connection argument) or a for specified -.I connection -name. For more detailed information use -.B \-\-statusall -\. The output format is ad-hoc and likely to change. -.PP -The -.B \-\-rereadsecrets -operation tells -.I pluto -to re-read the -.I /etc/ipsec.secrets -secret-keys file, -which it normally reads only at startup time. -(This is currently a synonym for -.BR \-\-ready , -but that may change.) -.PP -The -.B \-\-rereadcacerts -operation reads all certificate files contained in the -.IR /etc/ipsec.d/cacerts -directory and adds them to -.IR pluto 's -list of Certification Authority (CA) certificates. -.PP -The -.B \-\-rereadaacerts -operation reads all certificate files contained in the -.IR /etc/ipsec.d/aacerts -directory and adds them to -.IR pluto 's -list of Authorization Authority (AA) certificates. -.PP -The -.B \-\-rereadocspcerts -operation reads all certificate files contained in the -.IR /etc/ipsec.d/ocspcerts -directory and adds them to -.IR pluto 's -list of OCSP signer certificates. -.PP -The -.B \-\-rereadacerts -operation reads all certificate files contained in the -.IR /etc/ipsec.d/acerts -directory and adds them to -.IR pluto 's -list of attribute certificates. -.PP -The -.B \-\-rereadcrls -operation reads all certificate revocation list (CRL) files -contained in the -.IR /etc/ipsec.d/crls -directory and adds them to -.IR pluto 's -list of CRLs. -.PP -The -.B \-\-rereadall -operation is equivalent to the execution of -.BR \-\-rereadsecrets , -.BR \-\-rereadcacerts , -.BR \-\-rereadaacerts , -.BR \-\-rereadocspcerts , -.BR \-\-rereadacerts , -and -.BR \-\-rereadcrls . -.PP -The -.B \-\-listalgs -operation lists all registed IKE encryption and hash algorithms, -that are available to -.IR pluto , -as well as the Diffie-Hellman (DH) groups. -.PP -The -.B \-\-listpubkeys -operation lists all RSA public keys either received from peers -via the IKE protocol embedded in authenticated certificate payloads -or loaded locally using the -.BR rightcert \ / -.BR leftcert -or -.BR rightrsasigkey \ / -.BR leftrsasigkey -parameters in -.IR ipsec.conf (5). -.PP -The -.B \-\-listcerts -operation lists all X.509 and OpenPGP certificates loaded locally using the -.BR rightcert -and -.BR leftcert -parameters in -.IR ipsec.conf (5). -.PP -The -.B \-\-listcacerts -operation lists all X.509 CA certificates either loaded locally from the -.IR /etc/ipsec.d/cacerts -directory or received in PKCS#7-wrapped certificate payloads via -the IKE protocol. -.PP -The -.B \-\-listaacerts -operation lists all X.509 AA certificates loaded locally from the -.IR /etc/ipsec.d/aacerts -directory. -.PP -The -.B \-\-listocspcerts -operation lists all OCSP signer certificates either loaded locally from the -.IR /etc/ipsec.d/ocspcerts -directory or received via the Online Certificate Status Protocol -from an OCSP server. -.PP -The -.B \-\-listacerts -operation lists all X.509 attribute certificates loaded locally from the -.IR /etc/ipsec.d/acerts -directory. -.PP -The -.B \-\-listgropus -operation lists all groups that are either used in connection definitions in -.IR ipsec.conf (5) -or are embedded in loaded X.509 attributes certificates. -.PP -The -.B \-\-listcainfos -operation lists the certification authority information specified in the ca -sections of -.IR ipsec.conf (5). -.PP -The -.B \-\-listcrls -operation lists all Certificate Revocation Lists (CRLs) either loaded -locally from the -.IR /etc/ipsec.d/crls -directory or fetched dynamically from an HTTP or LDAP server. -.PP -The -.B \-\-listocsp -operation lists the certicates status information fetched from -OCSP servers. -.PP -The -.B \-\-purgeocsp -operation deletes any cached certificate status information and pending -OCSP fetch requests. -.PP -The -.B \-\-listcards -operation lists information about attached smartcards or crypto tokens. -.PP -The -.B \-\-listall -operation is equivalent to the execution of -.BR \-\-listalgs , -.BR \-\-listpubkeys , -.BR \-\-listcerts , -.BR \-\-listcacerts , -.BR \-\-listaacerts , -.BR \-\-listocspcerts , -.BR \-\-listacerts , -.BR \-\-listgroups , -.BR \-\-listcainfos , -.BR \-\-listcrls , -.BR \-\-listocsp , -and -.BR \-\-listcards . -.PP -The -.B \-\-show -option turns on the -.B \-x -option of the shell used to execute the commands, -so each command is shown as it is executed. -.PP -The -.B \-\-showonly -option causes -.I auto -to show the commands it would run, on standard output, -and not run them. -.PP -The -.B \-\-asynchronous -option, applicable only to the -.B up -operation, -tells -.I pluto -to attempt to establish the connection, -but does not delay to report results. -This is especially useful to start multiple connections in parallel -when network links are slow. -.PP -The -.B \-\-verbose -option instructs -.I auto -to pass through all output from -.IR ipsec_whack (8), -including log output that is normally filtered out as uninteresting. -.PP -The -.B \-\-config -option specifies a non-standard location for the IPsec -configuration file (default -.IR /etc/ipsec.conf ). -.PP -See -.IR ipsec.conf (5) -for details of the configuration file. -Apart from the basic parameters which specify the endpoints and routing -of a connection (\fBleft\fR -and -.BR right , -plus possibly -.BR leftsubnet , -.BR leftnexthop , -.BR leftfirewall , -their -.B right -equivalents, -and perhaps -.BR type ), -an -.I auto -connection almost certainly needs a -.B keyingtries -parameter (since the -.B keyingtries -default is poorly chosen). -.SH FILES -.ta \w'/var/run/ipsec.info'u+4n -/etc/ipsec.conf default IPSEC configuration file -.br -/var/run/ipsec.info \fB%defaultroute\fR information -.SH SEE ALSO -ipsec.conf(5), ipsec(8), ipsec_pluto(8), ipsec_whack(8), ipsec_manual(8) -.SH HISTORY -Written for the FreeS/WAN project - -by Henry Spencer. -Extended for the strongSwan project - -by Andreas Steffen. -.SH BUGS -Although an -.B \-\-up -operation does connection setup on both ends, -.B \-\-down -tears only one end of the connection down -(although the orphaned end will eventually time out). -.PP -There is no support for -.B passthrough -connections. -.PP -A connection description which uses -.B %defaultroute -for one of its -.B nexthop -parameters but not the other may be falsely -rejected as erroneous in some circumstances. -.PP -The exit status of -.B \-\-showonly -does not always reflect errors discovered during processing of the request. -(This is fine for human inspection, but not so good for use in scripts.) diff --git a/programs/auto/auto.in b/programs/auto/auto.in deleted file mode 100755 index 05568f9b5..000000000 --- a/programs/auto/auto.in +++ /dev/null @@ -1,660 +0,0 @@ -#! /bin/sh -# user interface to automatic keying and Pluto in general -# Copyright (C) 1998, 1999, 2000 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: auto.in,v 1.17 2006/04/20 04:42:12 as Exp $ - -me='ipsec auto' -usage="Usage: - $me [--showonly] [--asynchronous] --up connectionname - $me [--showonly] [-- type conn|ca] --{add|delete|replace|down} name - $me [--showonly] --{route|unroute} connectionname - $me [--showonly] --ready - $me [--showonly] --{status|statusall} [connectionname] - $me [--showonly] --{rereadsecrets|rereadgroups} - $me [--showonly] --{rereadcacerts|rereadaacerts|rereadocspcerts} - $me [--showonly] --{rereadacerts|rereadcrls|rereadall} - $me [--showonly] [--utc] --{listalgs|listpubkeys|listcerts} - $me [--showonly] [--utc] --{listcacerts|listaacerts|listocspcerts} - $me [--showonly] [--utc] --{listacerts|listgroups|listcainfos} - $me [--showonly] [--utc] --{listcrls|listocsp|listcards|listall} - $me [--showonly] --purgeocsp - - other options: [--config ipsecconfigfile] [--verbose] [--show]" - -showonly= -config= -info=/var/run/ipsec.info -shopts= -noinclude= -async= -logfilter='$1 != "002"' -op= -argc= -utc= -type="conn" -name="--name" - -for dummy -do - case "$1" in - --help) echo "$usage" ; exit 0 ;; - --version) echo "$me $IPSEC_VERSION" ; exit 0 ;; - --show) shopts=-x ;; - --showonly) showonly=yes ;; - --utc) utc="$1" ;; - --config) config="--config $2" ; shift ;; - --noinclude) noinclude=--noinclude ;; - --asynchronous) async="--asynchronous" ;; - --verbose) logfilter='1' ;; - --type) type="$2" ; shift ;; - --up|--down|--add|--delete|--replace|--route|--unroute) - if test " $op" != " " - then - echo "$usage" >&2 - exit 2 - fi - op="$1" - argc=1 - if test "$type" = "ca" - then - name="--caname" - case "$op" in - --add|--delete|--replace) ;; - --*) echo "$op option not supported for --type ca"; - exit 3 ;; - esac - fi - ;; - --status|--statusall) - if test " $op" != " " - then - echo "$usage" >&2 - exit 2 - fi - op="$1" - argc=1 - if test $# -eq 1 - then - argc=0; name= - fi - ;; - --ready|--rereadsecrets|--rereadgroups|\ - --rereadcacerts|--rereadaacerts|--rereadocspcerts|\ - --rereadacerts|--rereadcrls|--rereadall|\ - --listalgs|--listpubkeys|--listcerts|\ - --listcacerts|--listaacerts|--listocspcerts|\ - --listacerts|--listgroups|--listcainfos|\ - --listcrls|--listocsp|--listcards|--listall|\ - --purgeocsp) - if test " $op" != " " - then - echo "$usage" >&2 - exit 2 - fi - op="$1" - argc=0 - ;; - --) shift ; break ;; - -*) echo "$me: unknown option \`$1'" >&2 ; exit 2 ;; - *) break ;; - esac - shift -done - -names= -case "$op" in ---*) if test " $argc" -ne $# - then - echo "$usage" >&2 - exit 2 - fi - names="$*" - ;; -*) echo "$usage" >&2 ; exit 2 ;; -esac - - -runit() { - if test "$showonly" - then - cat - else - ( - echo '(' - cat - echo ')' - echo 'echo = $?' - ) | sh $shopts | - awk "/^= / { exit \$2 } $logfilter { print }" - fi -} - -case "$op" in ---ready) echo "ipsec whack --listen" | runit ; exit ;; ---rereadsecrets) echo "ipsec whack --rereadsecrets" | runit ; exit ;; ---rereadgroups) echo "ipsec whack --listen" | runit ; exit ;; ---rereadcacerts) echo "ipsec whack --rereadcacerts" | runit ; exit ;; ---rereadaacerts) echo "ipsec whack --rereadaacerts" | runit ; exit ;; ---rereadocspcerts) echo "ipsec whack --rereadocspcerts" | runit ; exit ;; ---rereadacerts) echo "ipsec whack --rereadacerts" | runit ; exit ;; ---rereadcrls) echo "ipsec whack --rereadcrls" | runit ; exit ;; ---rereadall) echo "ipsec whack --rereadall" | runit ; exit ;; ---listalgs) echo "ipsec whack --listalgs" | runit ; exit ;; ---listpubkeys) echo "ipsec whack $utc --listpubkeys" | runit ; exit ;; ---listcerts) echo "ipsec whack $utc --listcerts" | runit ; exit ;; ---listcacerts) echo "ipsec whack $utc --listcacerts" | runit ; exit ;; ---listaacerts) echo "ipsec whack $utc --listaacerts" | runit ; exit ;; ---listocspcerts) echo "ipsec whack $utc --listocspcerts" | runit ; exit ;; ---listacerts) echo "ipsec whack $utc --listacerts" | runit ; exit ;; ---listgroups) echo "ipsec whack $utc --listgroups" | runit ; exit ;; ---listcainfos) echo "ipsec whack $utc --listcainfos" | runit ; exit ;; ---listcrls) echo "ipsec whack $utc --listcrls" | runit ; exit ;; ---listocsp) echo "ipsec whack $utc --listocsp" | runit ; exit ;; ---listcards) echo "ipsec whack $utc --listcards" | runit ; exit ;; ---listall) echo "ipsec whack $utc --listall" | runit ; exit ;; ---purgeocsp) echo "ipsec whack $utc --purgeocsp" | runit ; exit ;; ---up) echo "ipsec whack $async --name $names --initiate" | runit ; exit ;; ---down) echo "ipsec whack --name $names --terminate" | runit ; exit ;; ---delete) echo "ipsec whack $name $names --delete" | runit ; exit ;; ---route) echo "ipsec whack --name $names --route" | runit ; exit ;; ---unroute) echo "ipsec whack --name $names --unroute" | runit ; exit ;; ---status) echo "ipsec whack $name $names --status" | runit ; exit ;; ---statusall) echo "ipsec whack $name $names --statusall" | runit ; exit ;; -esac - -if test -s $info -then - . $info -fi - -ipsec _confread $config $noinclude --type $type $names | -awk -v section="$type" ' BEGIN { - FS = "\t" - op = "'"$op"'" - err = "cat >&2" - draddr = "'"$defaultrouteaddr"'" - drnexthop = "'"$defaultroutenexthop"'" - failed = 0 - s[""] = "" - init() - print "PATH=\"'"$PATH"'\"" - print "export PATH" - flip["left"] = "right" - flip["right"] = "left" - } - function init(n) { - for (n in s) - delete s[n] - name = "" - seensome = 0 - } - $1 == ":" { - s[$2] = $3 - seensome = 1 - next - } - $1 == "!" { - if ($2 != "") - fail($2) - next - } - $1 == "=" { - if (name == "") - name = $2 - next - } - $1 == "." { - if (section == "ca") - output_ca() - else - output() - init() - next - } - { - fail("internal error, unknown type code " v($1)) - } - function fail(m) { - print "ipsec_auto: fatal error in " v(name) ": " m |err - failed = 1 - exit - } - function yesno(k) { - if ((k in s) && s[k] != "yes" && s[k] != "no") - fail("parameter " v(k) " must be \"yes\" or \"no\"") - } - function setdefault(k, val) { - if (!(k in s)) - s[k] = val - } - function was(new, old) { - if (!(new in s) && (old in s)) - s[new] = s[old] - } - function need(k) { - if (!(k in s)) - fail("connection has no " v(k) " parameter specified") - if (s[k] == "") - fail("parameter " v(k) " value must be non-empty") - } - function integer(k) { - if (!(k in s)) - return - if (s[k] !~ /^[0-9]+$/) - fail("parameter " v(k) " value must be integer") - } - function duration(k, n, t) { - if (!(k in s)) - return - t = s[k] - n = substr(t, 1, length(t)-1) - if (t ~ /^[0-9]+$/) - s[k] = t - else if (t ~ /^[0-9]+s$/) - s[k] = n - else if (t ~ /^[0-9]+(\.[0-9]+)?m$/) - s[k] = int(n*60) - else if (t ~ /^[0-9]+(\.[0-9]+)?h$/) - s[k] = int(n*3600) - else if (t ~ /^[0-9]+(\.[0-9]+)?d$/) - s[k] = int(n*3600*24) - else - fail("parameter " v(k) " not valid time, must be nnn[smhd]") - } - function nexthopset(dir, val, k) { - k = dir "nexthop" - if (k in s) - fail("non-default value of " k " is being overridden") - if (val != "") - s[k] = val - else if (k in s) - delete s[k] - } - function id(dir, k) { - k = dir "id" - if (!(k in s)) - k = dir - return s[k] - } - function whackkey(dir, which, flag, rk, n) { - if (id(dir) == "%opportunistic") - return - rk = s[dir which] - if (rk == "%dnsondemand") - { - kod="--dnskeyondemand" - return - } - if (rk == "" || rk == "%none" || rk == "%cert" || rk == "0x00") - return - n = "\"\\\"" name "\\\" " dir which"\"" - if (rk == "%dns" || rk == "%dnsonload") - { - if (id(flip[dir]) == "%opportunistic" || s[flip[dir]] == "%any") - return - print "ipsec whack --label", n, flag, - "--keyid", q(id(dir)), "\\" - } - else - { - print "ipsec whack --label", n, flag, - "--keyid", q(id(dir)), - "--pubkeyrsa", q(rk), "\\" - } - print "\t|| exit $?" - } - function q(str) { # quoting for shell - return "\"" str "\"" - } - function qs(k) { # utility abbreviation for q(s[k]) - return q(s[k]) - } - function v(str) { # quoting for human viewing - return "\"" str "\"" - } - function output() { - if (!seensome) - fail("internal error, output called inappropriately") - - setdefault("type", "tunnel") - type_flags = "" - t = s["type"] - if (t == "tunnel") { - # do NOT default subnets to side/32, despite what - # the docs say... - type_flags = "--tunnel" - } else if (t == "transport") { - if ("leftsubnet" in s) - fail("type=transport incompatible with leftsubnet") - if ("rightsubnet" in s) - fail("type=transport incompatible with rightsubnet") - type_flags = "" - } else if (t == "passthrough") { - type_flags = "--pass" - } else if (t == "drop") { - type_flags = "--drop" - } else if (t == "reject") { - type_flags = "--reject" - } else - fail("unknown type " v(t)) - - setdefault("failureshunt", "none") - t = s["failureshunt"] - if (t == "passthrough") - type_flags = type_flags " --failpass"; - else if (t == "drop") - type_flags = type_flags " --faildrop"; - else if (t == "reject") - type_flags = type_flags " --failreject"; - else if (t != "none") - fail("unknown failureshunt value " v(t)) - - need("left") - need("right") - if (s["left"] == "%defaultroute") { - if (s["right"] == "%defaultroute") - fail("left and right cannot both be %defaultroute") - if (draddr == "") - fail("%defaultroute requested but not known") - s["left"] = draddr - nexthopset("left", drnexthop) - } else if (s["right"] == "%defaultroute") { - if (draddr == "") - fail("%defaultroute requested but not known") - s["right"] = draddr - nexthopset("right", drnexthop) - } - - setdefault("keyexchange", "ike") - if (s["keyexchange"] != "ike") - fail("only know how to do keyexchange=ike") - setdefault("auth", "esp") - if (("auth" in s) && s["auth"] != "esp" && s["auth"] != "ah") - fail("only know how to do auth=esp or auth=ah") - yesno("pfs") - - setdefault("pfs", "yes") - duration("dpddelay") - duration("dpdtimeout") - if ("dpdaction" in s) - { - setdefault("dpddelay",30) - setdefault("dpdtimeout",120) - } - yesno("compress") - setdefault("compress", "no") - setdefault("keylife", "1h") - duration("keylife") - yesno("rekey") - setdefault("rekey", "yes") - setdefault("rekeymargin", "9m") - duration("rekeymargin") - setdefault("keyingtries", "%forever") - if (s["keyingtries"] == "%forever") - s["keyingtries"] = 0 - integer("keyingtries") - if ("rekeyfuzz" in s) { - if (s["rekeyfuzz"] !~ /%$/) - fail("rekeyfuzz must be nnn%") - r = s["rekeyfuzz"] - s["rekeyfuzz"] = substr(r, 1, length(r)-1) - integer("rekeyfuzz") - } - duration("ikelifetime") - setdefault("disablearrivalcheck", "no") - - setdefault("leftsendcert", "always") - setdefault("rightsendcert", "always") - - setdefault("leftnexthop", "%direct") - setdefault("rightnexthop", "%direct") - if (s["leftnexthop"] == s["left"]) - fail("left and leftnexthop must not be the same") - if (s["rightnexthop"] == s["right"]) - fail("right and rightnexthop must not be the same") - if (s["leftnexthop"] == "%defaultroute") { - if (drnexthop == "") - fail("%defaultroute requested but not known") - s["leftnexthop"] = drnexthop - } - if (s["rightnexthop"] == "%defaultroute") { - if (drnexthop == "") - fail("%defaultroute requested but not known") - s["rightnexthop"] = drnexthop - } - - if ("leftfirewall" in s && "leftupdown" in s) - fail("cannot have both leftfirewall and leftupdown") - if ("rightfirewall" in s && "rightupdown" in s) - fail("cannot have both rightfirewall and rightupdown") - setdefault("leftupdown", "ipsec _updown") - setdefault("rightupdown", "ipsec _updown") - setdefault("lefthostaccess", "no") - setdefault("righthostaccess", "no") - yesno("lefthostaccess") - yesno("righthostaccess") - lha = "" - if (s["lefthostaccess"] == "yes") - lha = "--hostaccess" - rha = "" - if (s["righthostaccess"] == "yes") - rha = "--hostaccess" - setdefault("leftfirewall", "no") - setdefault("rightfirewall", "no") - yesno("leftfirewall") - yesno("rightfirewall") - if (s["leftfirewall"] == "yes") - s["leftupdown"] = s["leftupdown"] " iptables" - if (s["rightfirewall"] == "yes") - s["rightupdown"] = s["rightupdown"] " iptables" - - setdefault("authby", "rsasig") - t = s["authby"] - if (t == "rsasig" || t == "secret|rsasig" || t == "rsasig|secret") { - authtype = "--rsasig" - type_flags = "--encrypt " type_flags - if (!("leftcert" in s)) { - setdefault("leftrsasigkey", "%cert") - if (id("left") == "%any" && - !(s["leftrsasigkey"] == "%cert" || - s["leftrsasigkey"] == "0x00") ) - fail("ID " v(id("left")) " cannot have RSA key") - } - if (!("rightcert" in s)) { - setdefault("rightrsasigkey", "%cert") - if (id("right") == "%any" && - !(s["rightrsasigkey"] == "%cert" || - s["rightrsasigkey"] == "0x00") ) - fail("ID " v(id("right")) " cannot have RSA key") - } - if (t != "rsasig") - authtype = authtype " --psk" - } else if (t == "secret") { - authtype = "--psk" - type_flags = "--encrypt " type_flags - } else if (t == "never") { - authtype = "" - } else { - fail("unknown authby value " v(t)) - } - - settings = type_flags - setdefault("ike", "3des-sha,3des-md5") - if (s["ike"] != "") - settings = settings " --ike " qs("ike") - setdefault("esp", "3des") - if (s["esp"] != "") - settings = settings " --esp " qs("esp") - if (s["auth"] == "ah") - settings = settings " --authenticate" - if (s["pfs"] == "yes") { - settings = settings " --pfs" - if (s["pfsgroup"] != "") - settings = settings " --pfsgroup " qs("pfsgroup") - } - - if (s["dpdaction"]) - settings = settings " --dpdaction " qs("dpdaction") - if (s["dpddelay"]) - settings = settings " --dpddelay " qs("dpddelay") - if (s["dpdtimeout"]) - settings = settings " --dpdtimeout " qs("dpdtimeout") - - if (s["compress"] == "yes") - settings = settings " --compress" - if (op == "--replace") - settings = settings " --delete" - if ("ikelifetime" in s) - settings = settings " --ikelifetime " qs("ikelifetime") - if (s["disablearrivalcheck"] == "yes") - settings = settings " --disablearrivalcheck" - settings = settings " " authtype - - lc = "" - rc = "" - if ("leftsubnet" in s) - lc = "--client " qs("leftsubnet") - if ("rightsubnet" in s) - rc = "--client " qs("rightsubnet") - if ("leftsubnetwithin" in s) - lc = lc " --clientwithin " qs("leftsubnetwithin") - if ("rightsubnetwithin" in s) - rc = rc " --clientwithin " qs("rightsubnetwithin") - lp = "" - rp = "" - if ("leftprotoport" in s) - lp = "--clientprotoport " qs("leftprotoport") - if ("rightprotoport" in s) - rp = "--clientprotoport " qs("rightprotoport") - lud = "--updown " qs("leftupdown") - rud = "--updown " qs("rightupdown") - - lid = "" - if ("leftid" in s) - lid = "--id " qs("leftid") - rid = "" - if ("rightid" in s) - rid = "--id " qs("rightid") - lsip = "" - if ("leftsourceip" in s) - lsip = "--srcip " qs("leftsourceip") - rsip = "" - if ("rightsourceip" in s) - rsip = "--srcip " qs("rightsourceip") - lscert = "" - if ("leftsendcert" in s) - lscert = "--sendcert " qs("leftsendcert") - rscert = "" - if ("rightsendcert" in s) - rscert = "--sendcert " qs("rightsendcert") - lcert = "" - if ("leftcert" in s) - lcert = "--cert " qs("leftcert") - rcert = "" - if ("rightcert" in s) - rcert = "--cert " qs("rightcert") - lca = "" - if ("leftca" in s) - lca = "--ca " qs("leftca") - rca = "" - if ("rightca" in s) - rca = "--ca " qs("rightca") - lgr = "" - if ("leftgroups" in s) - lgr = "--groups " qs("leftgroups") - rgr = "" - if ("rightgroups" in s) - rgr = "--groups " qs("rightgroups") - fuzz = "" - if ("rekeyfuzz" in s) - fuzz = "--rekeyfuzz " qs("rekeyfuzz") - rk = "" - if (s["rekey"] == "no") - rk = "--dontrekey" - pd = "" - if ("_plutodevel" in s) - pd = "--plutodevel " s["_plutodevel"] # not qs() - - lkod = "" - rkod = "" - if (authtype != "--psk") { - kod = "" - whackkey("left", "rsasigkey", "") - whackkey("left", "rsasigkey2", "--addkey") - lkod = kod - kod = "" - whackkey("right", "rsasigkey", "") - whackkey("right", "rsasigkey2", "--addkey") - rkod = kod - } - print "ipsec whack --name", name, settings, "\\" - print "\t--host", qs("left"), lc, lp, "--nexthop", - qs("leftnexthop"), lud, lha, lid, lkod, lscert, lcert, lca, lsip, lgr, "\\" - print "\t--to", "--host", qs("right"), rc, rp, "--nexthop", - qs("rightnexthop"), rud, rha, rid, rkod, rscert, rcert, rca, rsip, rgr, "\\" - print "\t--ipseclifetime", qs("keylife"), - "--rekeymargin", qs("rekeymargin"), "\\" - print "\t--keyingtries", qs("keyingtries"), fuzz, rk, pd, "\\" - print "\t|| exit $?" - } - function output_ca() { - if (!seensome) - fail("internal error, output called inappropriately") - settings = "" - if (op == "--replace") - settings = "--delete" - cacert = "" - if ("cacert" in s) - cacert = "--cacert " qs("cacert") - ldaphost = "" - if ("ldaphost" in s) - ldaphost = "--ldaphost " qs("ldaphost") - ldapbase = "" - if ("ldapbase" in s) - ldapbase = "--ldapbase " qs("ldapbase") - crluri = "" - if ("crluri" in s) - crluri = "--crluri " qs("crluri") - crluri2 = "" - if ("crluri2" in s) - crluri2 = "--crluri2 " qs("crluri2") - ocspuri = "" - if ("ocspuri" in s) - ocspuri = "--ocspuri " qs("ocspuri") - yesno("strictcrlpolicy") - setdefault("strictcrlpolicy", "no") - if (s["strictcrlpolicy"] == "yes") - settings = settings " --strictcrlpolicy" - yesno("cachecrls") - setdefault("cachecrls", "no") - if (s["cachecrls"] == "yes") - settings = settings " --cachecrls" - - print "ipsec whack --caname", name, settings, cacert, ldaphost, ldapbase, - crluri, crluri2, ocspuri, "\\" - print "\t|| exit $?" - } - END { - if (failed) { - print "# fatal error discovered, force failure using \"false\" command" - print "false" - exit 1 # just on general principles - } - if (seensome) { - if (section == "ca") - output_ca() - else - output() - } - }' | runit diff --git a/programs/barf/.cvsignore b/programs/barf/.cvsignore deleted file mode 100644 index bca77a6ee..000000000 --- a/programs/barf/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -barf diff --git a/programs/barf/Makefile b/programs/barf/Makefile deleted file mode 100644 index 6a20d4ee2..000000000 --- a/programs/barf/Makefile +++ /dev/null @@ -1,38 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=barf - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.2 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# - diff --git a/programs/barf/barf.8 b/programs/barf/barf.8 deleted file mode 100644 index e692a4e5f..000000000 --- a/programs/barf/barf.8 +++ /dev/null @@ -1,84 +0,0 @@ -.TH IPSEC_BARF 8 "17 March 2002" -.\" RCSID $Id: barf.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.SH NAME -ipsec barf \- spew out collected IPsec debugging information -.SH SYNOPSIS -.B ipsec -.B barf -[ -.B \-\-short -] -.sp -.SH DESCRIPTION -.I Barf -outputs (on standard output) a collection of debugging information -(contents of files, selections from logs, etc.) -related to the IPsec encryption/authentication system. -It is primarily a convenience for remote debugging, -a single command which packages up (and labels) all information -that might be relevant to diagnosing a problem in IPsec. -.PP -.PP -The -.B \-\-short -option limits the length of -the log portion of -.IR barf 's -output, which can otherwise be extremely voluminous -if debug logging is turned on. -.PP -.I Barf -censors its output, -replacing keys -and secrets with brief checksums to avoid revealing sensitive information. -.PP -Beware that the output of both commands is aimed at humans, -not programs, -and the output format is subject to change without warning. -.PP -.I Barf -has to figure out which files in -.I /var/log -contain the IPsec log messages. -It looks for KLIPS and general log messages first in -.IR messages -and -.IR syslog , -and for Pluto messages first in -.IR secure , -.IR auth.log , -and -.IR debug . -In both cases, -if it does not find what it is looking for in one of those ``likely'' places, -it will resort to a brute-force search of most (non-compressed) files in -.IR /var/log . -.SH FILES -.nf -/proc/net/* -/var/log/* -/etc/ipsec.conf -/etc/ipsec.secrets -.fi -.SH HISTORY -Written for the Linux FreeS/WAN project - -by Henry Spencer. -.SH BUGS -.I Barf -uses heuristics to try to pick relevant material out of the logs, -and relevant messages -which are not labelled with any of the tags that -.I barf -looks for will be lost. -We think we've eliminated the last such case, but one never knows... -.PP -Finding -.I updown -scripts (so they can be included in output) is, in general, difficult. -.I Barf -uses a very simple heuristic that is easily fooled. -.PP -The brute-force search for the right log files can get expensive on -systems with a lot of clutter in -.IR /var/log . diff --git a/programs/barf/barf.in b/programs/barf/barf.in deleted file mode 100755 index 99cc3546c..000000000 --- a/programs/barf/barf.in +++ /dev/null @@ -1,296 +0,0 @@ -#! /bin/sh -# dump assorted information of use in debugging -# Copyright (C) 1998, 1999 Henry Spencer. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: barf.in,v 1.4 2004/09/23 21:08:23 as Exp $ - -IPSEC_NAME="strongSwan" - -KERNSRC=${KERNSRC-/usr/src/linux} -LOGS=${LOGS-/var/log} -CONFS=${IPSEC_CONFS-/etc} -CONFDDIR=${IPSEC_CONFDDIR-/etc/ipsec.d} -me="ipsec barf" - -# kludge to produce no barf output mentioning policygroups if none are present. -# This will not catch ".file" policygroups. -PREPOLICIES=${CONFDDIR}/policies -if [ `ls $PREPOLICIES 2> /dev/null | wc -l` -ne 0 ] -then - POLICIES=$PREPOLICIES -fi - -# message patterns that start relevant parts of logs -fstart="Starting $IPSEC_NAME" -pstart='Starting Pluto subsystem' - -case "$1" in ---help) echo "Usage: ipsec barf" ; exit 0 ;; ---version) echo "$me $IPSEC_VERSION" ; exit 0 ;; -esac - -# make sure output is in English -unset LANG LANGUAGE LC_ALL LC_MESSAGES - -# log-location guesser, results in $findlog_file and $findlog_startline -# Fine point: startline is the *last* line containing "string", or -# failing that, the *first* line containing "fallbackstring". -findlog() { # findlog string fallbackstring possiblefile ... - s="$1" - shift - t="$1" - shift - # try the suggested files first - for f in $* - do - if test -r $LOGS/$f -a -f $LOGS/$f && egrep -q "$s" $LOGS/$f - then - # aha, this one has it - findlog_file=$LOGS/$f - findlog_startline=`egrep -n "$s" $LOGS/$f | - sed -n '$s/:.*//p'` - return 0 - fi - done - for f in $* - do - if test -r $LOGS/$f -a -f $LOGS/$f && egrep -q "$t" $LOGS/$f - then - # aha, this one has it - findlog_file=$LOGS/$f - findlog_startline=`egrep -n "$t" $LOGS/$f | - sed -n '1s/:.*//p'` - return 0 - fi - done - # nope, resort to a search, newest first, of uncompressed logs - for f in `ls -t $LOGS | egrep -v '^mail' | egrep -v '\.(gz|Z)$'` - do - if test -r $LOGS/$f -a ! -d $LOGS/$f && egrep -q "$s" $LOGS/$f - then - # found it - findlog_file=$LOGS/$f - findlog_startline=`egrep -n "$s" $LOGS/$f | - sed -n '$s/:.*//p'` - return 0 - fi - done - for f in `ls -t $LOGS | egrep -v '^mail' | egrep -v '\.(gz|Z)$'` - do - if test -r $LOGS/$f -a -f $LOGS/$f && egrep -q "$t" $LOGS/$f - then - # found it - findlog_file=$LOGS/$f - findlog_startline=`egrep -n "$t" $LOGS/$f | - sed -n '1s/:.*//p'` - return 0 - fi - done -# echo "$0: unable to find $LOGS/$1 or local equivalent" >&2 - findlog_file=/dev/null - findlog_startline=1 # arbitrary -} - -# try to guess where logs are -findlog "$fstart" "klips" messages syslog -if test " $findlog_file" = " /dev/null" -then -echo "Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run $IPSEC_NAME for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration." -fi -klog=$findlog_file -kline=$findlog_startline - -findlog "$pstart" "Pluto" secure auth.log debug -if test " $findlog_file" = " /dev/null" -then -echo "Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run $IPSEC_NAME for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration." -fi -plog=$findlog_file -pline=$findlog_startline - -# /lib/modules examiner -modulegoo() { - set +x - for d in `ls /lib/modules` - do - if test -d /lib/modules/$d - then - f=/lib/modules/$d/$1 - if test -f $f - then - nm -g $f | egrep "$2" - else - echo - fi | sed "s;^;$d: ;" - fi - done - set -x -} - -# advanced shell deviousness to get dividers into output -_________________________() { - $2 # something to do nothing and not echo anything -} - -exec 2>&1 # stderr on stdout, so errors go into main output - -hostname ; date -set -x -_________________________ version -ipsec --version -_________________________ proc/version -cat /proc/version -_________________________ proc/net/ipsec_eroute -sort -sg +3 /proc/net/ipsec_eroute || cat /proc/net/ipsec_eroute -_________________________ netstat-rn -netstat -nr -_________________________ proc/net/ipsec_spi -cat /proc/net/ipsec_spi -_________________________ proc/net/ipsec_spigrp -cat /proc/net/ipsec_spigrp -_________________________ proc/net/ipsec_tncfg -cat /proc/net/ipsec_tncfg -_________________________ proc/net/pf_key -cat /proc/net/pf_key -_________________________ proc/net/pf_key-star -( cd /proc/net && egrep '^' pf_key_* ) -_________________________ proc/sys/net/ipsec-star -( cd /proc/sys/net/ipsec && egrep '^' * ) -_________________________ ipsec/statusall -ipsec auto --statusall -_________________________ ifconfig-a -ifconfig -a -_________________________ mii-tool -if [ -x /sbin/mii-tool ] -then - /sbin/mii-tool -v -elif [ -x /usr/sbin/mii-tool ] -then - /usr/sbin/mii-tool -v -else - mii-tool -v -fi -_________________________ ipsec/directory -ipsec --directory -_________________________ hostname/fqdn -hostname --fqdn -_________________________ hostname/ipaddress -hostname --ip-address -_________________________ uptime -uptime -_________________________ ps -# -i ppid picks up the header -ps alxwf | egrep -i 'ppid|pluto|ipsec|klips' -_________________________ ipsec/showdefaults -ipsec showdefaults -_________________________ ipsec/conf -ipsec _include $CONFS/ipsec.conf | ipsec _keycensor -_________________________ ipsec/secrets -ipsec _include $CONFS/ipsec.secrets | ipsec _secretcensor -_________________________ ipsec/listall -ipsec auto --listall -if [ $POLICIES ] -then - for policy in $POLICIES/*; do base=`basename $policy`; - _________________________ ipsec/policies/$base - cat $policy - done -fi -_________________________ ipsec/ls-libdir -ls -l ${IPSEC_LIBDIR-/usr/local/lib/ipsec} -_________________________ ipsec/ls-execdir -ls -l ${IPSEC_EXECDIR-/usr/local/libexec/ipsec} -_________________________ ipsec/updowns -for f in `ls ${IPSEC_EXECDIR-/usr/local/libexec/ipsec} | egrep updown` -do - cat ${IPSEC_EXECDIR-/usr/local/libexec/ipsec}/$f -done -_________________________ proc/net/dev -cat /proc/net/dev -_________________________ proc/net/route -cat /proc/net/route -_________________________ proc/sys/net/ipv4/ip_forward -cat /proc/sys/net/ipv4/ip_forward -_________________________ proc/sys/net/ipv4/conf/star-rp_filter -( cd /proc/sys/net/ipv4/conf && egrep '^' */rp_filter ) -_________________________ uname-a -uname -a -_________________________ redhat-release -if test -r /etc/redhat-release -then - cat /etc/redhat-release -fi -_________________________ proc/net/ipsec_version -cat /proc/net/ipsec_version -_________________________ iptables/list -iptables -L -v -n -_________________________ ipchains/list -ipchains -L -v -n -_________________________ ipfwadm/forward -ipfwadm -F -l -n -e -_________________________ ipfwadm/input -ipfwadm -I -l -n -e -_________________________ ipfwadm/output -ipfwadm -O -l -n -e -_________________________ iptables/nat -iptables -t nat -L -v -n -_________________________ ipchains/masq -ipchains -M -L -v -n -_________________________ ipfwadm/masq -ipfwadm -M -l -n -e -_________________________ iptables/mangle -iptables -t mangle -L -v -n -_________________________ proc/modules -cat /proc/modules -_________________________ proc/meminfo -cat /proc/meminfo -_________________________ dev/ipsec-ls -ls -l /dev/ipsec* -_________________________ proc/net/ipsec-ls -ls -l /proc/net/ipsec_* -_________________________ usr/src/linux/.config -if test -f $KERNSRC/.config -then - egrep 'IP|NETLINK' $KERNSRC/.config -fi -_________________________ etc/syslog.conf -cat /etc/syslog.conf -_________________________ etc/resolv.conf -cat /etc/resolv.conf -_________________________ lib/modules-ls -ls -ltr /lib/modules -_________________________ proc/ksyms-netif_rx -egrep netif_rx /proc/ksyms -_________________________ lib/modules-netif_rx -modulegoo kernel/net/ipv4/ipip.o netif_rx -_________________________ kern.debug -if test -f $LOGS/kern.debug -then - tail -100 $LOGS/kern.debug -fi -_________________________ klog -sed -n $kline,'$'p $klog | - egrep -i 'ipsec|klips|pluto' | - case "$1" in - --short) tail -500 ;; - *) cat ;; - esac -_________________________ plog -sed -n $pline,'$'p $plog | - egrep -i 'pluto' | - case "$1" in - --short) tail -500 ;; - *) cat ;; - esac -_________________________ date -date diff --git a/programs/calcgoo/.cvsignore b/programs/calcgoo/.cvsignore deleted file mode 100644 index b4aa748b7..000000000 --- a/programs/calcgoo/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -calcgoo diff --git a/programs/calcgoo/Makefile b/programs/calcgoo/Makefile deleted file mode 100644 index 8e3cae9ea..000000000 --- a/programs/calcgoo/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -# Makefile for miscelaneous programs -# Copyright (C) 2002 Michael Richardson -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM=calcgoo - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.1 2002/06/10 04:27:25 mcr -# calcgoo program processes kernel symbol list and generates a -# composite value by xor'ing the programmed symbol. -# -# Revision 1.1 2002/06/10 00:19:44 mcr -# rename "ipsec check" to "ipsec verify" -# -# Revision 1.1 2002/06/08 17:01:25 mcr -# added new program "ipsec check" to do rudamentary testing -# on a newly installed system to see if it is OE ready. -# -# -# - diff --git a/programs/calcgoo/calcgoo.8 b/programs/calcgoo/calcgoo.8 deleted file mode 100644 index ceb576e41..000000000 --- a/programs/calcgoo/calcgoo.8 +++ /dev/null @@ -1,31 +0,0 @@ -.TH IPSEC_CALCGOO 8 "8 June 2002" -.\" RCSID $Id: calcgoo.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.SH NAME -ipsec calcgoo \- calculate hex value for matching modules and kernels -.SH SYNOPSIS -.B ipsec -.B calcgoo -.SH DESCRIPTION -.I calcgoo -accepts the output of -.B nm -ao -or -.B /proc/ksyms -and extracts a release dependant list of symbols from it. The symbols -are processed to extract the values assigned during the MODVERSIONS -process. This process makes sure that Linux modules are only loaded -on matching kernels. -.P -This routine is used to find an appropriate module to match the currently -running kernel by _startklips. -.SH FILES -.nf -/proc/ksyms -.fi -.SH "SEE ALSO" -ipsec__startklips(8), genksyms(8) -.SH HISTORY -Written for the Linux FreeS/WAN project - -by Michael Richardson. -.SH BUGS diff --git a/programs/calcgoo/calcgoo.in b/programs/calcgoo/calcgoo.in deleted file mode 100644 index 0d383d173..000000000 --- a/programs/calcgoo/calcgoo.in +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/perl - -$MODULE_GOO_LIST="@MODULE_GOO_LIST@"; - -@goo = split(/\s+/,$MODULE_GOO_LIST); - -$sep="("; -$goore=" "; - -#print "GOO: ",join('|',@goo),"\n"; - -foreach $sym (@goo) { - $goore=${goore}.${sep}.${sym}; - $sep="|"; -} -$goore=${goore}.")_R(smp_){0,1}([0-9A-F]{8})"; - -#print "GOORE: $goore\n"; - -while(<>) { - chomp; - if(/$goore/io) { - $sym=$1; - $goosym=$3; - $bingoo=hex($goosym); - if($2 eq "smp_") { - $bingoo++; - } - #print STDERR "Processing $goosym (from $_)\n"; - $bingoo{$sym}=$bingoo; - } -} -$wholegoo=0; -foreach $sym (keys %bingoo) { - $wholegoo=$wholegoo ^ $bingoo{$sym}; -} -print sprintf("%08x", $wholegoo)."\n"; - -# Local variables:: -# mode: perl -# End variables:: - - diff --git a/programs/eroute/.cvsignore b/programs/eroute/.cvsignore deleted file mode 100644 index 133c4b456..000000000 --- a/programs/eroute/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -eroute diff --git a/programs/eroute/Makefile b/programs/eroute/Makefile deleted file mode 100644 index 6d8f68033..000000000 --- a/programs/eroute/Makefile +++ /dev/null @@ -1,52 +0,0 @@ -# Makefile for the KLIPS interface utilities -# Copyright (C) 1998, 1999 Henry Spencer. -# Copyright (C) 1999, 2000, 2001 Richard Guy Briggs -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 2 of the License, or (at your -# option) any later version. See . -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# for more details. -# -# RCSID $Id: Makefile,v 1.1 2004/03/15 20:35:27 as Exp $ - -FREESWANSRCDIR=../.. -include ${FREESWANSRCDIR}/Makefile.inc - -PROGRAM:=eroute -EXTRA5PROC=eroute.5 - -LIBS:=${FREESWANLIB} - -include ../Makefile.program - -# -# $Log: Makefile,v $ -# Revision 1.1 2004/03/15 20:35:27 as -# added files from freeswan-2.04-x509-1.5.3 -# -# Revision 1.4 2002/06/03 20:25:31 mcr -# man page for files actually existant in /proc/net changed back to -# ipsec_foo via new EXTRA5PROC process. -# -# Revision 1.3 2002/06/02 22:02:14 mcr -# changed TOPDIR->FREESWANSRCDIR in all Makefiles. -# (note that linux/net/ipsec/Makefile uses TOPDIR because this is the -# kernel sense.) -# -# Revision 1.2 2002/04/26 01:21:26 mcr -# while tracking down a missing (not installed) /etc/ipsec.conf, -# MCR has decided that it is not okay for each program subdir to have -# some subset (determined with -f) of possible files. -# Each subdir that defines $PROGRAM, MUST have a PROGRAM.8 file as well as a PROGRAM file. -# Optional PROGRAM.5 files have been added to the makefiles. -# -# Revision 1.1 2002/04/24 07:55:32 mcr -# #include patches and Makefiles for post-reorg compilation. -# -# -# diff --git a/programs/eroute/eroute.5 b/programs/eroute/eroute.5 deleted file mode 100644 index 52b3f4d25..000000000 --- a/programs/eroute/eroute.5 +++ /dev/null @@ -1,272 +0,0 @@ -.TH IPSEC_EROUTE 5 "20 Sep 2001" -.\" -.\" RCSID $Id: eroute.5,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec_eroute \- list of existing eroutes -.SH SYNOPSIS -.B ipsec -.B eroute -.PP -.B cat -.B /proc/net/ipsec_eroute -.SH DESCRIPTION -.I /proc/net/ipsec_eroute -lists the IPSEC extended routing tables, -which control what (if any) processing is applied -to non-encrypted packets arriving for IPSEC processing and forwarding. -At this point it is a read-only file. -.PP -A table entry consists of: -.IP + 3 -packet count, -.IP + -source address with mask and source port (0 if all ports or not applicable) -.IP + -a '->' separator for visual and automated parsing between src and dst -.IP + -destination address with mask and destination port (0 if all ports or -not applicable) -.IP + -a '=>' separator for visual and automated parsing between selection -criteria and SAID to use -.IP + -SAID (Security Association IDentifier), comprised of: -.IP + 6 -protocol -(\fIproto\fR), -.IP + -address family -(\fIaf\fR), -where '.' stands for IPv4 and ':' for IPv6 -.IP + -Security Parameters Index -(\fISPI\fR), -.IP + -effective destination -(\fIedst\fR), -where the packet should be forwarded after processing -(normally the other security gateway) -together indicate which Security Association should be used to process -the packet, -.IP + 3 -a ':' separating the SAID from the transport protocol (0 if all protocols) -.IP + -source identity text string with no whitespace, in parens, -.IP + -destination identity text string with no whitespace, in parens -.PP -Addresses are written as IPv4 dotted quads or IPv6 coloned hex, -protocol is one of "ah", "esp", "comp" or "tun" -and -SPIs are prefixed hexadecimal numbers where the prefix '.' is for IPv4 and the prefix ':' is for IPv6 -. -.PP -SAIDs are written as "protoafSPI@edst". There are also 5 -"magic" SAIDs which have special meaning: -.IP + 3 -.B %drop -means that matches are to be dropped -.IP + -.B %reject -means that matches are to be dropped and an ICMP returned, if -possible to inform -.IP + -.B %trap -means that matches are to trigger an ACQUIRE message to the Key -Management daemon(s) and a hold eroute will be put in place to -prevent subsequent packets also triggering ACQUIRE messages. -.IP + -.B %hold -means that matches are to stored until the eroute is replaced or -until that eroute gets reaped -.IP + -.B %pass -means that matches are to allowed to pass without IPSEC processing -.br -.ne 5 -.SH EXAMPLES -.LP -.B "1867 172.31.252.0/24:0 -> 0.0.0.0/0:0 => tun0x130@192.168.43.1:0 " -.br -.B " () ()" -.LP -means that 1,867 packets have been sent to an -.BR eroute -that has been set up to protect traffic between the subnet -.BR 172.31.252.0 -with a subnet mask of -.BR 24 -bits and the default address/mask represented by an address of -.BR 0.0.0.0 -with a subnet mask of -.BR 0 -bits using the local machine as a security gateway on this end of the -tunnel and the machine -.BR 192.168.43.1 -on the other end of the tunnel with a Security Association IDentifier of -.BR tun0x130@192.168.43.1 -which means that it is a tunnel mode connection (4, IPPROTO_IPIP) with a -Security Parameters Index of -.BR 130 -in hexadecimal with no identies defined for either end. -.LP -.B "746 192.168.2.110/32:0 -> 192.168.2.120/32:25 => esp0x130@192.168.2.120:6 " -.br -.B " () ()" -.LP -means that 746 packets have been sent to an -.BR eroute -that has been set up to protect traffic sent from any port on the host -.BR 192.168.2.110 -to the SMTP (TCP, port 25) port on the host -.BR 192.168.2.120 -with a Security Association IDentifier of -.BR tun0x130@192.168.2.120 -which means that it is a transport mode connection with a -Security Parameters Index of -.BR 130 -in hexadecimal with no identies defined for either end. -.LP -.B 125 3049:1::/64 -> 0:0/0 => tun:130@3058:4::5 () () -.LP -means that 125 packets have been sent to an -.BR eroute -that has been set up to protect traffic between the subnet -.BR 3049:1:: -with a subnet mask of -.BR 64 -bits and the default address/mask represented by an address of -.BR 0:0 -with a subnet mask of -.BR 0 -bits using the local machine as a security gateway on this end of the -tunnel and the machine -.BR 3058:4::5 -on the other end of the tunnel with a Security Association IDentifier of -.BR tun:130@3058:4::5 -which means that it is a tunnel mode connection with a -Security Parameters Index of -.BR 130 -in hexadecimal with no identies defined for either end. -.LP -.B 42 192.168.6.0/24:0 -> 192.168.7.0/24:0 => %passthrough -.LP -means that 42 packets have been sent to an -.BR eroute -that has been set up to pass the traffic from the subnet -.BR 192.168.6.0 -with a subnet mask of -.BR 24 -bits and to subnet -.BR 192.168.7.0 -with a subnet mask of -.BR 24 -bits without any IPSEC processing with no identies defined for either end. -.LP -.B 2112 192.168.8.55/32:0 -> 192.168.9.47/24:0 => %hold (east) () -.LP -means that 2112 packets have been sent to an -.BR eroute -that has been set up to hold the traffic from the host -.BR 192.168.8.55 -and to host -.BR 192.168.9.47 -until a key exchange from a Key Management daemon -succeeds and puts in an SA or fails and puts in a pass -or drop eroute depending on the default configuration with the local client -defined as "east" and no identy defined for the remote end. -.LP -.B "2001 192.168.2.110/32:0 -> 192.168.2.120/32:0 => " -.br -.B " esp0xe6de@192.168.2.120:0 () ()" -.LP -means that 2001 packets have been sent to an -.BR eroute -that has been set up to protect traffic between the host -.BR 192.168.2.110 -and the host -.BR 192.168.2.120 -using -.BR 192.168.2.110 -as a security gateway on this end of the -connection and the machine -.BR 192.168.2.120 -on the other end of the connection with a Security Association IDentifier of -.BR esp0xe6de@192.168.2.120 -which means that it is a transport mode connection with a Security -Parameters Index of -.BR e6de -in hexadecimal using Encapsuation Security Payload protocol (50, -IPPROTO_ESP) with no identies defined for either end. -.LP -.B "1984 3049:1::110/128 -> 3049:1::120/128 => " -.br -.B " ah:f5ed@3049:1::120 () ()" -.LP -means that 1984 packets have been sent to an -.BR eroute -that has been set up to authenticate traffic between the host -.BR 3049:1::110 -and the host -.BR 3049:1::120 -using -.BR 3049:1::110 -as a security gateway on this end of the -connection and the machine -.BR 3049:1::120 -on the other end of the connection with a Security Association IDentifier of -.BR ah:f5ed@3049:1::120 -which means that it is a transport mode connection with a Security -Parameters Index of -.BR f5ed -in hexadecimal using Authentication Header protocol (51, -IPPROTO_AH) with no identies defined for either end. -.SH FILES -/proc/net/ipsec_eroute, /usr/local/bin/ipsec -.SH "SEE ALSO" -ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_spi(5), -ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_eroute(8), ipsec_version(5), -ipsec_pf_key(5) -.SH HISTORY -Written for the Linux FreeS/WAN project - -by Richard Guy Briggs. -.\" -.\" $Log: eroute.5,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.9 2002/04/24 07:35:38 mcr -.\" Moved from ./klips/utils/eroute.5,v -.\" -.\" Revision 1.8 2001/09/20 15:33:13 rgb -.\" PF_KEYv2 ident extension output documentation. -.\" -.\" Revision 1.7 2001/05/29 05:15:31 rgb -.\" Added packet count field at beginning of line. -.\" -.\" Revision 1.6 2001/02/26 19:58:32 rgb -.\" Put SAID elements in order they appear in SAID. -.\" Implement magic SAs %drop, %reject, %trap, %hold, %pass as part -.\" of the new SPD and to support opportunistic. -.\" -.\" Revision 1.5 2000/09/17 18:56:48 rgb -.\" Added IPCOMP support. -.\" -.\" Revision 1.4 2000/09/13 15:54:31 rgb -.\" Added Gerhard's ipv6 updates. -.\" -.\" Revision 1.3 2000/06/30 18:21:55 rgb -.\" Update SEE ALSO sections to include ipsec_version(5) and ipsec_pf_key(5) -.\" and correct FILES sections to no longer refer to /dev/ipsec which has -.\" been removed since PF_KEY does not use it. -.\" -.\" Revision 1.2 2000/06/28 12:44:11 henry -.\" format touchup -.\" -.\" Revision 1.1 2000/06/28 05:43:00 rgb -.\" Added manpages for all 5 klips utils. -.\" -.\" -.\" diff --git a/programs/eroute/eroute.8 b/programs/eroute/eroute.8 deleted file mode 100644 index d9449632b..000000000 --- a/programs/eroute/eroute.8 +++ /dev/null @@ -1,354 +0,0 @@ -.TH IPSEC_EROUTE 8 "21 Jun 2000" -.\" -.\" RCSID $Id: eroute.8,v 1.1 2004/03/15 20:35:27 as Exp $ -.\" -.SH NAME -ipsec eroute \- manipulate IPSEC extended routing tables -.SH SYNOPSIS -.B ipsec -.B eroute -.PP -.B ipsec -.B eroute -.B \-\-add -.B \-\-eraf (inet | inet6) -.B \-\-src -src/srcmaskbits|srcmask -.B \-\-dst -dst/dstmaskbits|dstmask -[ -.B \-\-transport\-proto -transport-protocol -] -[ -.B \-\-src\-port -source-port -] -[ -.B \-\-dst\-port -dest-port -] - -.PP -.B ipsec -.B eroute -.B \-\-replace -.B \-\-eraf (inet | inet6) -.B \-\-src -src/srcmaskbits|srcmask -.B \-\-dst -dst/dstmaskbits|dstmask -[ -.B \-\-transport\-proto -transport-protocol -] -[ -.B \-\-src\-port -source-port -] -[ -.B \-\-dst\-port -dest-port -] - -.PP -.B ipsec -.B eroute -.B \-\-del -.B \-\-eraf (inet | inet6) -.B \-\-src -src/srcmaskbits|srcmask -.B \-\-dst -dst/dstmaskbits|dstmask -[ -.B \-\-transport\-proto -transport-protocol -] -[ -.B \-\-src\-port -source-port -] -[ -.B \-\-dst\-port -dest-port -] -.PP -.B ipsec -.B eroute -.B \-\-clear -.PP -.B ipsec -.B eroute -.B \-\-help -.PP -.B ipsec -.B eroute -.B \-\-version -.PP -Where is -.B \-\-af -(inet | inet6) -.B \-\-edst -edst -.B \-\-spi -spi -.B \-\-proto -proto -OR -.B \-\-said -said -OR -.B \-\-said -.B (%passthrough | %passthrough4 | %passthrough6 | %drop | %reject | %trap | %hold | %pass ) -.SH DESCRIPTION -.I Eroute -manages the IPSEC extended routing tables, -which control what (if any) processing is applied -to non-encrypted packets arriving for IPSEC processing and forwarding. -The form with no additional arguments lists the contents of -/proc/net/ipsec_eroute. -The -.B \-\-add -form adds a table entry, the -.B \-\-replace -form replaces a table entry, while the -.B \-\-del -form deletes one. The -.B \-\-clear -form deletes the entire table. -.PP -A table entry consists of: -.IP + 3 -source and destination addresses, -with masks, source and destination ports and protocol -for selection of packets. The source and destination ports are only -legal if the transport protocol is -.BR TCP -or -.BR UDP. -A port can be specified as either decimal, hexadecimal (leading 0x), -octal (leading 0) or a name listed in the first column of /etc/services. -A transport protocol can be specified as either decimal, hexadecimal -(leading 0x), octal (leading 0) or a name listed in the first column -of /etc/protocols. If a transport protocol or port is not specified -then it defaults to 0 which means all protocols or all ports -respectively. -.IP + -Security Association IDentifier, comprised of: -.IP + 6 -protocol -(\fIproto\fR), indicating (together with the -effective destination and the security parameters index) -which Security Association should be used to process the packet -.IP + -address family -(\fIaf\fR), -.IP + -Security Parameters Index -(\fIspi\fR), indicating (together with the -effective destination and protocol) -which Security Association should be used to process the packet -(must be larger than or equal to 0x100) -.IP + -effective destination -(\fIedst\fR), -where the packet should be forwarded after processing -(normally the other security gateway) -.IP + 3 -OR -.IP + 6 -SAID -(\fIsaid\fR), indicating -which Security Association should be used to process the packet -.PP -Addresses are written as IPv4 dotted quads or IPv6 coloned hex, -protocol is one of "ah", "esp", "comp" or "tun" and SPIs are -prefixed hexadecimal numbers where '.' represents IPv4 and ':' -stands for IPv6. -.PP -SAIDs are written as "protoafSPI@address". There are also 5 -"magic" SAIDs which have special meaning: -.IP + 3 -.B %drop -means that matches are to be dropped -.IP + -.B %reject -means that matches are to be dropped and an ICMP returned, if -possible to inform -.IP + -.B %trap -means that matches are to trigger an ACQUIRE message to the Key -Management daemon(s) and a hold eroute will be put in place to -prevent subsequent packets also triggering ACQUIRE messages. -.IP + -.B %hold -means that matches are to stored until the eroute is replaced or -until that eroute gets reaped -.IP + -.B %pass -means that matches are to allowed to pass without IPSEC processing -.PP -The format of /proc/net/ipsec_eroute is listed in ipsec_eroute(5). -.br -.ne 5 -.SH EXAMPLES -.LP -.B "ipsec eroute \-\-add \-\-eraf inet \-\-src 192.168.0.1/32 \e" -.br -.B " \-\-dst 192.168.2.0/24 \-\-af inet \-\-edst 192.168.0.2 \e" -.br -.B " \-\-spi 0x135 \-\-proto tun" -.LP -sets up an -.BR eroute -on a Security Gateway to protect traffic between the host -.BR 192.168.0.1 -and the subnet -.BR 192.168.2.0 -with -.BR 24 -bits of subnet mask via Security Gateway -.BR 192.168.0.2 -using the Security Association with address -.BR 192.168.0.2 , -Security Parameters Index -.BR 0x135 -and protocol -.BR tun -(50, IPPROTO_ESP). -.LP -.B "ipsec eroute \-\-add \-\-eraf inet6 \-\-src 3049:1::1/128 \e" -.br -.B " \-\-dst 3049:2::/64 \-\-af inet6 \-\-edst 3049:1::2 \e" -.br -.B " \-\-spi 0x145 \-\-proto tun" -.LP -sets up an -.BR eroute -on a Security Gateway to protect traffic between the host -.BR 3049:1::1 -and the subnet -.BR 3049:2:: -with -.BR 64 -bits of subnet mask via Security Gateway -.BR 3049:1::2 -using the Security Association with address -.BR 3049:1::2 , -Security Parameters Index -.BR 0x145 -and protocol -.BR tun -(50, IPPROTO_ESP). -.LP -.B "ipsec eroute \-\-replace \-\-eraf inet \-\-src company.com/24 \e" -.br -.B " \-\-dst ftp.ngo.org/32 \-\-said tun.135@gw.ngo.org" -.LP -replaces an -.BR eroute -on a Security Gateway to protect traffic between the subnet -.BR company.com -with -.BR 24 -bits of subnet mask and the host -.BR ftp.ngo.org -via Security Gateway -.BR gw.ngo.org -using the Security Association with Security Association ID -.BR tun0x135@gw.ngo.org -.LP -.B "ipsec eroute \-\-del \-\-eraf inet \-\-src company.com/24 \e" -.br -.B " \-\-dst www.ietf.org/32 \-\-said %passthrough4" -.LP -deletes an -.BR eroute -on a Security Gateway that allowed traffic between the subnet -.BR company.com -with -.BR 24 -bits of subnet mask and the host -.BR www.ietf.org -to pass in the clear, unprocessed. -.LP -.B "ipsec eroute \-\-add \-\-eraf inet \-\-src company.com/24 \e" -.br -.B " \-\-dst mail.ngo.org/32 \-\-transport-proto 6 \e" -.br -.B " \-\-dst\-port 110 \-\-said tun.135@mail.ngo.org" -.LP -sets up an -.BR eroute -on on a Security Gateway to protect only TCP traffic on port 110 -(pop3) between the subnet -.BR company.com -with -.BR 24 -bits of subnet mask and the host -.BR ftp.ngo.org -via Security Gateway -.BR mail.ngo.org -using the Security Association with Security Association ID -.BR tun0x135@mail.ngo.org. -Note that any other traffic bound for -.BR mail.ngo.org -that is routed via the ipsec device will be dropped. If you wish to -allow other traffic to pass through then you must add a %pass rule. -For example the following rule when combined with the above will -ensure that POP3 messages read from -.BR mail.ngo.org -will be encrypted but all other traffic to/from -.BR mail.ngo.org -will be in clear text. -.LP -.B "ipsec eroute \-\-add \-\-eraf inet \-\-src company.com/24 \e" -.br -.B " \-\-dst mail.ngo.org/32 \-\-said %pass" -.br -.LP -.SH FILES -/proc/net/ipsec_eroute, /usr/local/bin/ipsec -.SH "SEE ALSO" -ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_spi(8), -ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_eroute(5) -.SH HISTORY -Written for the Linux FreeS/WAN project - -by Richard Guy Briggs. -.\" -.\" $Log: eroute.8,v $ -.\" Revision 1.1 2004/03/15 20:35:27 as -.\" added files from freeswan-2.04-x509-1.5.3 -.\" -.\" Revision 1.25 2002/04/24 07:35:38 mcr -.\" Moved from ./klips/utils/eroute.8,v -.\" -.\" Revision 1.24 2001/02/26 19:58:49 rgb -.\" Added a comment on the restriction of spi > 0x100. -.\" Implement magic SAs %drop, %reject, %trap, %hold, %pass as part -.\" of the new SPD and to support opportunistic. -.\" -.\" Revision 1.23 2000/09/17 18:56:48 rgb -.\" Added IPCOMP support. -.\" -.\" Revision 1.22 2000/09/13 15:54:31 rgb -.\" Added Gerhard's ipv6 updates. -.\" -.\" Revision 1.21 2000/06/30 18:21:55 rgb -.\" Update SEE ALSO sections to include ipsec_version(5) and ipsec_pf_key(5) -.\" and correct FILES sections to no longer refer to /dev/ipsec which has -.\" been removed since PF_KEY does not use it. -.\" -.\" Revision 1.20 2000/06/21 16:54:57 rgb -.\" Added 'no additional args' text for listing contents of -.\" /proc/net/ipsec_* files. -.\" -.\" Revision 1.19 1999/07/19 18:47:24 henry -.\" fix slightly-misformed comments -.\" -.\" Revision 1.18 1999/04/06 04:54:37 rgb -.\" Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes -.\" patch shell fixes. -.\" -.\" diff --git a/programs/eroute/eroute.c b/programs/eroute/eroute.c deleted file mode 100644 index d1b2bff0a..000000000 --- a/programs/eroute/eroute.c +++ /dev/null @@ -1,1044 +0,0 @@ -/* - * manipulate eroutes - * Copyright (C) 1996 John Ioannidis. - * Copyright (C) 1997, 1998, 1999, 2000, 2001 Richard Guy Briggs. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -char eroute_c_version[] = "RCSID $Id: eroute.c,v 1.3 2005/02/24 20:03:46 as Exp $"; - - -#include -#include /* new */ -#include -#include -#include /* system(), strtoul() */ - -#include -#include -#include -#include -#include -#include - - -#include -#include -#if 0 -#include /* CONFIG_IPSEC_PFKEYv2 */ -#endif -/* permanently turn it on since netlink support has been disabled */ - -#include -#include -#include - -#include "freeswan/radij.h" -#include "freeswan/ipsec_encap.h" - -#include -#include - -char *program_name; -char me[] = "ipsec eroute"; -extern char *optarg; -extern int optind, opterr, optopt; -char *eroute_af_opt, *said_af_opt, *edst_opt, *spi_opt, *proto_opt, *said_opt, *dst_opt, *src_opt; -char *transport_proto_opt, *src_port_opt, *dst_port_opt; -int action_type = 0; - -int pfkey_sock; -fd_set pfkey_socks; -uint32_t pfkey_seq = 0; - -#define EMT_IFADDR 1 /* set enc if addr */ -#define EMT_SETSPI 2 /* Set SPI properties */ -#define EMT_DELSPI 3 /* Delete an SPI */ -#define EMT_GRPSPIS 4 /* Group SPIs (output order) */ -#define EMT_SETEROUTE 5 /* set an extended route */ -#define EMT_DELEROUTE 6 /* del an extended route */ -#define EMT_TESTROUTE 7 /* try to find route, print to console */ -#define EMT_SETDEBUG 8 /* set debug level if active */ -#define EMT_UNGRPSPIS 9 /* UnGroup SPIs (output order) */ -#define EMT_CLREROUTE 10 /* clear the extended route table */ -#define EMT_CLRSPIS 11 /* clear the spi table */ -#define EMT_REPLACEROUTE 12 /* set an extended route */ -#define EMT_GETDEBUG 13 /* get debug level if active */ -#define EMT_INEROUTE 14 /* set incoming policy for IPIP on a chain */ - -static void -add_port(int af, ip_address * addr, short port) -{ - switch (af) - { - case AF_INET: - addr->u.v4.sin_port = port; - break; - case AF_INET6: - addr->u.v6.sin6_port = port; - break; - } -} - -static void -usage(char* arg) -{ - fprintf(stdout, "usage: %s --{add,addin,replace} --eraf --src /| --dst /| [ --transport-proto ] [ --src-port ] [ --dst-port ] \n", arg); - fprintf(stdout, " where is '--af --edst --spi --proto '\n"); - fprintf(stdout, " OR '--said '\n"); - fprintf(stdout, " OR '--said <%%passthrough | %%passthrough4 | %%passthrough6 | %%drop | %%reject | %%trap | %%hold | %%pass>'.\n"); - fprintf(stdout, " %s --del --eraf --src /| --dst /| [ --transport-proto ] [ --src-port ] [ --dst-port ]\n", arg); - fprintf(stdout, " %s --clear\n", arg); - fprintf(stdout, " %s --help\n", arg); - fprintf(stdout, " %s --version\n", arg); - fprintf(stdout, " %s\n", arg); - fprintf(stdout, " [ --debug ] is optional to any %s command.\n", arg); - fprintf(stdout, " [ --label