hipmod-sleep-beet-and-interfamily-all-in-one.patch

HIP：Host Identity Protocol

+                if (unlikely(optlen)) {
+                        struct ip_beet_phdr *ph;
+                
+                        BUG_ON(optlen < 0);
+                
+                        ph = (struct ip_beet_phdr *)skb->h.raw;
+                        ph->padlen = 4 - (optlen & 4);
+                        ph->hdrlen = (optlen + ph->padlen + sizeof(*ph)) / 8;
+                        ph->nexthdr = iphv4->protocol;
+                        top_iphv4->protocol = IPPROTO_BEETPH;
+                        top_iphv4->ihl = sizeof(struct iphdr) / 4;
+                }
+                
+                protocol = top_iphv4->protocol;
+
+                if (unlikely(optlen))
+                        protocol = top_iphv4->protocol;
+                else
+                        protocol = iphv4->protocol;
+                
+                if (skb_headroom(skb) <=  2*delta){
+                        if (pskb_expand_head(skb, delta,0, GFP_ATOMIC))
+                                return 0;
+                }
+                
+                skb->nh.raw = skb_push(skb, delta);
+
+                top_iphv6 = skb->nh.ipv6h;
+                skb->h.ipv6h = top_iphv6 + 1;
+                /* DS disclosed */
+                top_iphv6->version = 6;
+                top_iphv6->priority = 0;
+                top_iphv6->flow_lbl[0] = 0;
+                top_iphv6->flow_lbl[1] = 0;
+                top_iphv6->flow_lbl[2] = 0;
+                dsfield = ipv6_get_dsfield(top_iphv6);
+                dsfield = INET_ECN_encapsulate(dsfield, dsfield);
+                flags = x->props.flags;
+                if (flags & XFRM_STATE_NOECN)
+                        dsfield &= ~INET_ECN_MASK;
+                ipv6_change_dsfield(top_iphv6, 0, dsfield);
+
+                top_iphv6->nexthdr = protocol;
+                top_iphv6->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT);
+                top_iphv6->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
+                ipv6_addr_copy(&top_iphv6->saddr,(struct in6_addr *)&x->props.saddr);
+                ipv6_addr_copy(&top_iphv6->daddr, (struct in6_addr *)&x->id.daddr);
+                skb->nh.raw = &top_iphv6->nexthdr;
+
+	} else
+		BUG_ON(1);
+
+	return 0;
+}
+
+
+
+/* jk: move this to beet module! */
+static int xfrm6_beet_input(struct xfrm_state *x, struct sk_buff *skb)
+{  
+        struct ip_beet_phdr *ph = (struct ip_beet_phdr*)(skb->h.raw);
+        int size = (x->sel.family == AF_INET) ? sizeof(struct iphdr) : sizeof(struct ipv6hdr);
+        int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);
+        __u8 proto = skb->nh.ipv6h->nexthdr, hops = skb->nh.ipv6h->hop_limit;
+        __u8 ph_nexthdr = 0;
+        int phlen = 0;
+        int optlen = 0;
+        int err = -EINVAL;
+
+        if (x->sel.family == AF_INET) {
+                /* Inner = IPv4, therefore the IPhdr must be shrunk */
+                /* Inner = 4, Outer = 6 */
+                if (unlikely(proto == IPPROTO_BEETPH)) {
+                        if (!pskb_may_pull(skb, sizeof(*ph)))
+                                goto out;
+                        phlen = ph->hdrlen * 8;
+                        optlen = phlen - ph->padlen - sizeof(*ph);
+
+                        if (optlen < 0 || optlen & 3 || optlen > 250)
+                                goto out;
+                        if (!pskb_may_pull(skb, phlen))
+                                goto out;
+
+                        proto = ph_nexthdr = ph->nexthdr;
+                }
+                skb->nh.raw += delta;
+        }
+
+        if (skb_cloned(skb) &&
+            pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+                goto out;
+
+        skb_push(skb, size);
+        memmove(skb->data, skb->nh.raw, size);
+        skb->nh.raw = skb->data;
+
+        skb->mac.raw = memmove(skb->data - skb->mac_len,
+                               skb->mac.raw, skb->mac_len);
+        if (unlikely(phlen)) {
+                skb_pull(skb, phlen - optlen);
+                skb->nh.raw = skb->data;
+        }
+
+        if (x->sel.family == AF_INET6) {
+                struct ipv6hdr *ip6h = skb->nh.ipv6h;
+
+                ip6h->payload_len = htons(skb->len - size);
+                ipv6_addr_copy(&ip6h->daddr, (struct in6_addr *) &x->sel.daddr.a6);
+                ipv6_addr_copy(&ip6h->saddr, (struct in6_addr *) &x->sel.saddr.a6);
+
+        } else if (x->sel.family == AF_INET) {
+
+                struct iphdr *iph = skb->nh.iph;
+
+                iph->ihl = (sizeof(*iph) + optlen) / 4;
+                iph->version = 4;
+                iph->tos = 0;
+                iph->id = 0;
+                iph->frag_off = 0;
+                iph->ttl = hops;
+                iph->protocol = proto;
+                iph->daddr = x->sel.daddr.a4;
+                iph->saddr = x->sel.saddr.a4;
+                iph->tot_len = htons(skb->len);
+                ip_send_check(iph);
+                skb->protocol = htons(ETH_P_IP);
+                if (unlikely(!optlen)) {
+                        skb->h.raw = skb->nh.raw;
+                }
+                dst_release(skb->dst);
+                skb->dst = NULL;
+        } else
+                BUG_ON(1);
+
+        err = 0;
+
+ out:
+        return err;
+}
+
+
 static struct xfrm_mode xfrm6_tunnel_mode = {
 	.input = xfrm6_tunnel_input,
 	.output = xfrm6_tunnel_output,
@@ -102,8 +306,20 @@
 	.encap = XFRM_MODE_TUNNEL,
 };
 
+/* jk: move this to beet module! */
+static struct xfrm_mode xfrm6_beet_mode = {
+	.input = xfrm6_beet_input,
+	.output = xfrm6_beet_output,
+	.owner = THIS_MODULE,
+	.encap = XFRM_MODE_BEET,
+};
+
 static int __init xfrm6_tunnel_init(void)
 {
+  
+  /* jk: move this to beet module! */
+  xfrm_register_mode(&xfrm6_beet_mode, AF_INET6);
+
 	return xfrm_register_mode(&xfrm6_tunnel_mode, AF_INET6);
 }
 
@@ -111,6 +327,9 @@
 {
 	int err;
 
+	/* jk: move this to beet module! */
+	err = xfrm_unregister_mode(&xfrm6_beet_mode, AF_INET6);
+
 	err = xfrm_unregister_mode(&xfrm6_tunnel_mode, AF_INET6);
 	BUG_ON(err);
 }
diff -urN  a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
--- a/net/ipv6/ipcomp6.c 2007-05-25 12:21:11.000000000 +0300
+++ b/net/ipv6/ipcomp6.c 2007-05-25 12:21:11.000000000 +0300
@@ -416,8 +416,10 @@
 		goto out;
 
 	x->props.header_len = 0;
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct ipv6hdr);
+	else if (x->props.mode == XFRM_MODE_BEET)
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
 	
 	mutex_lock(&ipcomp6_resource_mutex);
 	if (!ipcomp6_alloc_scratches())
@@ -428,7 +430,7 @@
 		goto error;
 	mutex_unlock(&ipcomp6_resource_mutex);
 
-	if (x->props.mode) {
+	if (x->props.mode == XFRM_MODE_TUNNEL) {
 		err = ipcomp6_tunnel_attach(x);
 		if (err)
 			goto error_tunnel;
diff -urN  a/net/ipv6/esp6.c b/net/ipv6/esp6.c
--- a/net/ipv6/esp6.c 2007-05-25 12:21:11.000000000 +0300
+++ b/net/ipv6/esp6.c 2007-05-25 12:21:11.000000000 +0300
@@ -344,8 +344,10 @@
 	if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
 		goto error;
 	x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
-	if (x->props.mode)
+	if (x->props.mode == XFRM_MODE_TUNNEL)
 		x->props.header_len += sizeof(struct ipv6hdr);
+	else if (x->props.mode == XFRM_MODE_BEET)
+		x->props.header_len += IPV4_BEET_PHMAXLEN;
 	x->data = esp;
 	return 0;
 
diff -urN  a/net/ipv6/icmp.c b/net/ipv6/icmp.c
--- a/net/ipv6/icmp.c 2007-05-25 12:21:11.000000000 +0300
+++ b/net/ipv6/icmp.c 2007-05-25 12:21:11.000000000 +0300
@@ -64,6 +64,7 @@
 #include <net/ip6_route.h>
 #include <net/addrconf.h>
 #include <net/icmp.h>
+#include <linux/xfrm.h>
 
 #include <asm/uaccess.h>
 #include <asm/system.h>
@@ -389,7 +390,7 @@
 		goto out_dst_release;
 	}
 
-	if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
+	if ((err = xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_SLEEP)) < 0)
 		goto out;
 
 	if (ipv6_addr_is_multicast(&fl.fl6_dst))
diff -urN  a/net/key/af_key.c b/net/key/af_key.c
--- a/net/key/af_key.c 2007-05-25 12:21:11.000000000 +0300
+++ b/net/key/af_key.c 2007-05-25 12:21:11.000000000 +0300
@@ -1166,7 +1166,8 @@
 		/* Nobody uses this, but we try. */
 		x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
 		x->sel.prefixlen_s = addr->sadb_address_prefixlen;
-	}
+	} else
+		x->sel.family = x->props.family; /* Conservative */
 
 	if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
 		struct sadb_x_nat_t_type* n_type;
@@ -1763,14 +1764,13 @@
 		if (!t->reqid && !(t->reqid = gen_reqid()))
 			return -ENOBUFS;
 	}
-
-	/* addresses present only in tunnel mode */
-	if (t->mode) {
-		switch (xp->family) {
+/* addresses present in any mode */
+	{
+		struct sockaddr *sa;
+		sa = (struct sockaddr *)(rq+1);
+		switch(sa->sa_family) {
 		case AF_INET:
-			sin = (void*)(rq+1);
-			if (sin->sin_family != AF_INET)
-				return -EINVAL;
+			sin = (struct sockaddr_in *)sa;
 			t->saddr.a4 = sin->sin_addr.s_addr;
 			sin++;
 			if (sin->sin_family != AF_INET)
@@ -1779,9 +1779,7 @@
 			break;
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 		case AF_INET6:
-			sin6 = (void *)(rq+1);
-			if (sin6->sin6_family != AF_INET6)
-				return -EINVAL;
+			sin6 = (struct sockaddr_in6 *)sa;
 			memcpy(t->saddr.a6, &sin6->sin6_addr, sizeof(struct in6_addr));
 			sin6++;
 			if (sin6->sin6_family != AF_INET6)
@@ -1792,6 +1790,7 @@
 		default:
 			return -EINVAL;
 		}
+		t->outer_family = sa->sa_family;
 	}
 	/* No way to set this via kame pfkey */
 	t->aalgos = t->ealgos = t->calgos = ~0;
diff -urN  a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
--- a/net/xfrm/xfrm_user.c 2007-05-25 12:21:11.000000000 +0300
+++ b/net/xfrm/xfrm_user.c 2007-05-25 12:21:11.000000000 +0300
@@ -173,8 +173,9 @@
 
 	err = -EINVAL;
 	switch (p->mode) {
-	case 0:
-	case 1:
+	case XFRM_MODE_TRANSPORT:
+	case XFRM_MODE_TUNNEL:
+	case XFRM_MODE_BEET:
 		break;
 
 	default:
@@ -763,6 +764,7 @@
 		t->aalgos = ut->aalgos;
 		t->ealgos = ut->ealgos;
 		t->calgos = ut->calgos;
+		t->outer_family = ut->family;
 	}
 }
 
diff -urN  a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
--- a/net/xfrm/xfrm_policy.c 2007-05-25 12:21:11.000000000 +0300
+++ b/net/xfrm/xfrm_policy.c 2007-05-25 12:21:11.000000000 +0300
@@ -782,6 +782,7 @@
 		if (tmpl->mode) {
 			remote = &tmpl->id.daddr;
 			local = &tmpl->saddr;
+			family = tmpl->outer_family;
 		}
 
 		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);
diff -urN  a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
--- a/net/xfrm/xfrm_state.c 2007-05-25 12:21:11.000000000 +0300
+++ b/net/xfrm/xfrm_state.c 2007-05-25 12:21:11.000000000 +0300
@@ -366,7 +366,7 @@
 			      selector.
 			 */
 			if (x->km.state == XFRM_STATE_VALID) {
-				if (!xfrm_selector_match(&x->sel, fl, family) ||
+				if (!xfrm_selector_match(&x->sel, fl, x->sel.family) ||
 				    !xfrm_sec_ctx_match(pol->security, x->security))
 					continue;
 				if (!best ||
@@ -378,7 +378,7 @@
 				acquire_in_progress = 1;
 			} else if (x->km.state == XFRM_STATE_ERROR ||
 				   x->km.state == XFRM_STATE_EXPIRED) {
- 				if (xfrm_selector_match(&x->sel, fl, family) &&
+ 				if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
 				    xfrm_sec_ctx_match(pol->security, x->security))
 					error = -ESRCH;
 			}
diff -urN  a/include/net/xfrm.h b/include/net/xfrm.h
--- a/include/net/xfrm.h 2007-05-25 12:21:11.000000000 +0300
+++ b/include/net/xfrm.h 2007-05-25 12:21:11.000000000 +0300
@@ -226,7 +226,7 @@
 extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
 extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c);
 extern void km_state_notify(struct xfrm_state *x, struct km_event *c);
-#define XFRM_ACQ_EXPIRES	30
+#define XFRM_ACQ_EXPIRES	3
 
 struct xfrm_tmpl;
 extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
@@ -297,6 +297,10 @@
 /* Source address of tunnel. Ignored, if it is not a tunnel. */
 	xfrm_address_t		saddr;
 
+/* family of the outer addresses. The family may differ from
+   the one in selector */
+	unsigned short		outer_family;
+
 	__u32			reqid;
 
 /* Mode: transport/tunnel */
diff -urN  a/include/linux/xfrm.h b/include/linux/xfrm.h
--- a/include/linux/xfrm.h 2007-05-25 12:21:11.000000000 +0300
+++ b/include/linux/xfrm.h 2007-05-25 12:21:11.000000000 +0300
@@ -43,6 +43,12 @@
 #define XFRM_SC_ALG_RESERVED 0
 #define XFRM_SC_ALG_SELINUX 1
 
+/* Transport layer flag  passed to xfrm_lookup. If set, the userspace
+   process sleeps in a waitqueue until key management daemon has 
+   finished setting up security associations. This workaround exists 
+   until we have queues for outgoing IPsec packets. */
+#define XFRM_LOOKUP_SLEEP (!in_atomic() && !in_softirq())
+
 /* Selector, used as selector both on policy rules (SPD) and SAs. */
 
 struct xfrm_selector
@@ -118,9 +124,13 @@
 	XFRM_SHARE_UNIQUE	/* Use once */
 };
 
-#define XFRM_MODE_TRANSPORT 0
-#define XFRM_MODE_TUNNEL 1
-#define XFRM_MODE_MAX 2
+enum
+{
+	XFRM_MODE_TRANSPORT = 0,
+	XFRM_MODE_TUNNEL,
+	XFRM_MODE_BEET,
+	XFRM_MODE_MAX
+};
 
 /* Netlink configuration messages.  */
 enum {
diff -urN  a/include/linux/ipsec.h b/include/linux/ipsec.h
--- a/include/linux/ipsec.h 2007-05-25 12:21:12.000000000 +0300
+++ b/include/linux/ipsec.h 2007-05-25 12:21:12.000000000 +0300
@@ -12,7 +12,8 @@
 enum {
 	IPSEC_MODE_ANY		= 0,	/* We do not support this for SA */
 	IPSEC_MODE_TRANSPORT	= 1,
-	IPSEC_MODE_TUNNEL	= 2
+	IPSEC_MODE_TUNNEL	= 2,
+	IPSEC_MODE_BEET         = 3
 };
 
 enum {
diff -urN  a/include/linux/net.h b/include/linux/net.h
--- a/include/linux/net.h 2007-05-25 12:21:12.000000000 +0300
+++ b/include/linux/net.h 2007-05-25 12:21:12.000000000 +0300
@@ -24,7 +24,7 @@
 struct poll_table_struct;
 struct inode;
 
-#define NPROTO		32		/* should be enough for now..	*/
+#define NPROTO		33		/* should be enough for now..	*/
 
 #define SYS_SOCKET	1		/* sys_socket(2)		*/
 #define SYS_BIND	2		/* sys_bind(2)			*/
diff -urN  a/include/linux/in.h b/include/linux/in.h
--- a/include/linux/in.h 2007-05-25 12:21:12.000000000 +0300
+++ b/include/linux/in.h 2007-05-25 12:21:12.000000000 +0300
@@ -40,6 +40,7 @@
 
   IPPROTO_ESP = 50,            /* Encapsulation Security Payload protocol */
   IPPROTO_AH = 51,             /* Authentication Header protocol       */
+  IPPROTO_BEETPH = 94,		/* IP option pseudo header for BEET */
   IPPROTO_PIM    = 103,		/* Protocol Independent Multicast	*/
 
   IPPROTO_COMP   = 108,                /* Compression Header protocol */
diff -urN  a/include/linux/ip.h b/include/linux/ip.h
--- a/include/linux/ip.h 2007-05-25 12:21:12.000000000 +0300
+++ b/include/linux/ip.h 2007-05-25 12:21:12.000000000 +0300
@@ -79,6 +79,8 @@
 #define	IPOPT_TS_TSANDADDR	1		/* timestamps and addresses */
 #define	IPOPT_TS_PRESPEC	3		/* specified modules only */
 
+#define IPV4_BEET_PHMAXLEN 8
+
 struct iphdr {
 #if defined(__LITTLE_ENDIAN_BITFIELD)
 	__u8	ihl:4,
@@ -122,4 +124,11 @@
 	__u16 cpi;
 };
 
+struct ip_beet_phdr {
+	__u8 nexthdr;
+	__u8 hdrlen;
+	__u8 padlen;
+	__u8 reserved;
+};
+
 #endif	/* _LINUX_IP_H */